Loading ...

Play interactive tourEdit tour

Analysis Report Mario Deluxe InstaII.exe

Overview

General Information

Sample Name:Mario Deluxe InstaII.exe
Analysis ID:344779
MD5:f316fa6263a9ccc6c99984a4b55f6384
SHA1:fc2da9c0625d517a1d6b16ecf3948de1de4ba1ec
SHA256:385878ab41b52271d0360cbb92e2a7d2f662b010c189d4dad913abf2bc0d49ad

Most interesting Screenshot:

Errors
  • Corrupt sample or wrongly selected analyzer. Details: Access is denied.
  • Corrupt sample or wrongly selected analyzer. Details: Access is denied.

Detection

Score:16
Range:0 - 100
Whitelisted:false
Confidence:0%

Signatures

Found Tor onion address
Abnormal high CPU Usage
Contains capabilities to detect virtual machines
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
Sample searches for specific file, try point organization specific fake files to the analysis machine
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis



Startup

  • System is w10x64
  • Mario Deluxe InstaII.exe (PID: 5728 cmdline: 'C:\Users\user\Desktop\Mario Deluxe InstaII.exe' -install MD5: F316FA6263A9CCC6C99984A4B55F6384)
    • Mario Deluxe InstaII.tmp (PID: 2540 cmdline: 'C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp' /SL5='$E021E,30541068,861184,C:\Users\user\Desktop\Mario Deluxe InstaII.exe' -install MD5: 83FC883CAAF182C20D7472508A0826D2)
      • Mario Deluxe InstaII.exe (PID: 2292 cmdline: 'C:\Users\user\Desktop\Mario Deluxe InstaII.exe' /SILENT MD5: F316FA6263A9CCC6C99984A4B55F6384)
        • Mario Deluxe InstaII.tmp (PID: 3216 cmdline: 'C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp' /SL5='$40372,30541068,861184,C:\Users\user\Desktop\Mario Deluxe InstaII.exe' /SILENT MD5: 83FC883CAAF182C20D7472508A0826D2)
          • namang.exe (PID: 6608 cmdline: C:\Users\user\AppData\Local\Namang\namang.exe MD5: 55CDDB0D895741E9E0CF8ACE2619015D)
          • download.exe (PID: 7008 cmdline: C:\Users\user\AppData\Local\Namang\download.exe MD5: 56E17751A0F1F506EE7CA9F35BD77738)
  • Mario Deluxe InstaII.exe (PID: 5312 cmdline: 'C:\Users\user\Desktop\Mario Deluxe InstaII.exe' /install MD5: F316FA6263A9CCC6C99984A4B55F6384)
  • Mario Deluxe InstaII.exe (PID: 5312 cmdline: 'C:\Users\user\Desktop\Mario Deluxe InstaII.exe' /load MD5: F316FA6263A9CCC6C99984A4B55F6384)
  • namang.exe (PID: 6464 cmdline: C:\Users\user\AppData\Local\Update\namang.exe MD5: 55CDDB0D895741E9E0CF8ACE2619015D)
  • namang.exe (PID: 5508 cmdline: C:\Users\user\AppData\Local\Packages\Update\namang.exe MD5: 55CDDB0D895741E9E0CF8ACE2619015D)
  • namang.exe (PID: 7072 cmdline: C:\Users\user\AppData\Local\Google\Update\namang.exe MD5: 55CDDB0D895741E9E0CF8ACE2619015D)
  • namang.exe (PID: 7060 cmdline: C:\Users\user\AppData\Local\Mozilla\Update\namang.exe MD5: 55CDDB0D895741E9E0CF8ACE2619015D)
  • namang.exe (PID: 204 cmdline: C:\Users\user\AppData\Local\Microsoft\Update\namang.exe MD5: 55CDDB0D895741E9E0CF8ACE2619015D)
  • namang.exe (PID: 6440 cmdline: C:\Users\user\AppData\Local\Mozilla\Update\namang.exe MD5: 55CDDB0D895741E9E0CF8ACE2619015D)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----

Compliance:

barindex
Uses 32bit PE filesShow sources
Source: Mario Deluxe InstaII.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED
Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
Source: Mario Deluxe InstaII.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Binary contains paths to debug symbolsShow sources
Source: Binary string: class pdb.Pdb(completekey='tab', stdin=None, stdout=None, skip=None, nosigint=False, readrc=True) source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source: Binary string: Changed in version 3.2: ".pdbrc" can now contain commands that source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source: Binary string: Initial commands are read from .pdbrc files in your home directory source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source: Binary string: .pdbr0 source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp
Source: Binary string: comctl32v582.pdb source: namang.exe, 00000012.00000003.567864406.0000000009A67000.00000004.00000001.sdmp
Source: Binary string: ~/.pdbrcz source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source: Binary string: ucrtbase.pdb source: namang.exe, 00000012.00000003.462720942.00000000099C2000.00000004.00000001.sdmp
Source: Binary string: Raises an auditing event "pdb.Pdb" with no arguments. source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source: Binary string: in the ".pdbrc" file): source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source: Binary string: commands as if given in a ".pdbrc" file, see Debugger Commands. source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source: Binary string: If a file ".pdbrc" exists in the user source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source: Binary string: .pdbrc) source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source: Binary string: import pdb; pdb.Pdb(skip=['django.*']).set_trace() source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source: Binary string: placed in the .pdbrc file): source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\pyexpat.pdb source: namang.exe, 00000012.00000003.567864406.0000000009A67000.00000004.00000001.sdmp
Source: Binary string: ucrtbase.pdbUGP source: namang.exe, 00000012.00000003.462720942.00000000099C2000.00000004.00000001.sdmp
Source: Binary string: -c are executed after commands from .pdbrc files. source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source: Binary string: will load .pdbrc files from the filesystem. source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source: Binary string: If a file ".pdbrc" exists in your home directory or in the current source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source: Binary string: comctl32v582.pdbGCTL source: namang.exe, 00000012.00000003.567864406.0000000009A67000.00000004.00000001.sdmp
Source: Binary string: pdb.Pdbr source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exeCode function: 0_2_0040AEF4 FindFirstFileW,FindClose,0_2_0040AEF4
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exeCode function: 0_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,0_2_0040A928
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmpCode function: 1_2_0040C86C FindFirstFileW,FindClose,1_2_0040C86C
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmpCode function: 1_2_005F790C FindFirstFileW,GetLastError,1_2_005F790C
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmpCode function: 1_2_0040C2A0 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,1_2_0040C2A0
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmpCode function: 1_2_00650754 FindFirstFileW,SetFileAttributesW,FindNextFileW,FindClose,1_2_00650754
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exeCode function: 2_2_0040AEF4 FindFirstFileW,FindClose,2_2_0040AEF4
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exeCode function: 2_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,2_2_0040A928
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exeCode function: 3_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,3_2_0040A928
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exeCode function: 3_2_0040AEF4 FindFirstFileW,FindClose,3_2_0040AEF4
Source: C:\Users\user\AppData\Local\Namang\namang.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exeFile opened: C:\Users\user\AppData\Local\Namang\Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exeFile opened: C:\Users\user\AppData\Local\Namang\tcl\encoding\Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exeFile opened: C:\Users\user\AppData\Local\Namang\tcl\Jump to behavior

Networking:

barindex
Found Tor onion addressShow sources
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebookcorewwwi.onion/video.php?v=274175099429670
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttps://www.facebookcorewwwi.onion/video.php?v=274175099429670aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttp://www.onionstudios.com/videos/hannibal-charges-forward-stops-for-a-cocktail-2937
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttp://www.onionstudios.com/videos/hannibal-charges-forward-stops-for-a-cocktail-2937amd5u5a118d466d62b5cd03647cf2c593977fainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttp://www.onionstudios.com/embed?id=2855&autoplay=true
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttp://www.onionstudios.com/embed?id=2855&autoplay=trueaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttp://www.onionstudios.com/video/6139.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttp://www.onionstudios.com/video/6139.jsonaonly_matchingta_TESTSastaticmethoda_extract_urluOnionStudiosIE._extract_urla_real_extractuOnionStudiosIE._real_extracta__orig_bases__uyoutube_dl\extractor\onionstudios.pyu<module youtube_dl.extractor.onionstudios>TT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: a_VALID_URLuhttps://www.facebook.com/login.php?next=http%3A%2F%2Ffacebook.com%2Fhome.php&login_attempt=1uhttps://www.facebook.com/checkpoint/?next=http%3A%2F%2Ffacebook.com%2Fhome.php&_fb_noscript=1afacebooka_NETRC_MACHINEaIE_NAMEuMozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36uhttps://www.facebook.com/video/video.php?v=%suhttps://www.facebook.com/video/tahoe/async/%s/?chain=true&isvideo=true&payloadtype=primaryD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: Vaupload_dateu20160223auploaderuBarack Obamauhttps://www.facebook.com/cnn/videos/10155529876156509/amd5u9571fae53d4165bbbadb17a94651dcdcainfo_dictu10155529876156509aextamp4uShe survived the holocaust equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: ]Zaupload_dateu20180116uhttps://www.youtube.com/shared?ci=1nEzmT-M4fUD equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: a_match_ida_download_webpagea_html_search_regexu<iframe id="player_iframe"[^>]+src="([^"]+)"uiframe pathacompat_urlparseaurljoinuDownloading iframea_search_regexuwww.youtube.com/embed/(.{11})uyoutube ida_typeaurl_transparentadisplay_idaurluhttps://youtube.com/watch?v=%sa__doc__a__file__a__spec__aoriginahas_locationa__cached__aunicode_literalslacommonT equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: acourseSlugafieldswqaslugsuaupdateavideoSlugaresolutionu_%su %dpuhttps://www.linkedin.com/learning-api/detailedCoursesa_download_jsonuDownloading%s JSON metadataaheadersuCsrf-Tokena_get_cookiesaJSESSIONIDavalueaqueryaelementslagetT equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: adefaultuhttps://www.linkedin.com/uas/login-submitagroupaurla_hidden_inputsasession_keyasession_passworduLogging inadataaurlencode_postdatau<span[^>]+class="error"[^>]*>\s*(.+?)\s*</span>aerrorD equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aiduhome-alone-games-jontronaextamp4atitleuHome Alone Games - JonTron - NormalBootsadescriptionuJon is late for Christmas. Typical. Thanks to: Paul Ritchey for Co-Writing/Filming: http://www.youtube.com/user/ContinueShow Michael Azzi for Christmas Intro Animation: http://michafrar.tumblr.com/ Jerrod Waters for Christmas Intro Music: http://www.youtube.com/user/xXJerryTerryXx Casey Ormond for equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aiduhttp://www.hellointernet.fm/podcast?format=rssadescriptionuCGP Grey and Brady Haran talk about YouTube, life, work, whatever.atitleuHello Internetaplaylist_mincountldD equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: amediauhttp://search.yahoo.com/mrss/aclearleapuhttp://www.clearleap.com/namespace/clearleap/1.0/L equals www.yahoo.com (Yahoo)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: ametaclassa__prepare__aLinkedInLearningBaseIEa__getitem__u%s.__prepare__() must return a mapping, not %sa__name__u<metaclass>uyoutube_dl.extractor.linkedina__module__a__qualname__alinkedina_NETRC_MACHINEuhttps://www.linkedin.com/uas/login?trk=learningT equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: anoteuVideo with DASH manifestaurluhttps://www.facebook.com/video.php?v=957955867617029amd5ab2c28d528273b323abe5c6ab59f0f030ainfo_dictD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: anoteuswf params escapedaurluhttps://www.facebook.com/barackobama/posts/10153664894881749amd5u97ba073838964d12c70566e0085c2b91ainfo_dictD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: asluga_typeaurl_transparentuhttps://www.linkedin.com/learning/%s/%sachapterachapter_numberachapter_idaie_keyaplaylist_resultT equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttp://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CCUQtwIwAA&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DcmQHVoWB5FY&ei=F-sNU-LLCaXk4QT52ICQBQ&usg=AFQjCNEw4hL29zgOohLXvpJ-Bdh2bils1Q&bvm=bv.61965928,d.bGEainfo_dictD equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttps://cdn.embedly.com/widgets/media.html?src=http%3A%2F%2Fwww.youtube.com%2Fembed%2Fvideoseries%3Flist%3DUUGLim4T2loE5rwCMdpCIPVg&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DSU4fj_aEMVw%26list%3DUUGLim4T2loE5rwCMdpCIPVg&image=http%3A%2F%2Fi.ytimg.com%2Fvi%2FSU4fj_aEMVw%2Fhqdefault.jpg&key=8ee8a2e6a8cc47aab1a5ee67f9a178e0&type=text%2Fhtml&schema=youtube&autoplay=1aonly_matchingta_TESTSa_real_extractuEmbedlyIE._real_extracta__orig_bases__uyoutube_dl\extractor\embedly.pyu<module youtube_dl.extractor.embedly>TT equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttps://www.facebook.com/ChristyClarkForBC/videos/vb.22819070941/10153870694020942/?type=2&theateraonly_matchingtD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttps://www.facebook.com/LaGuiaDelVaron/posts/1072691702860471ainfo_dictD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttps://www.facebook.com/WatchESLOne/videos/359649331226507/ainfo_dictD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttps://www.facebook.com/amogood/videos/1618742068337349/?fref=nfaonly_matchingtD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttps://www.facebook.com/groups/1024490957622648/permalink/1396382447100162/ainfo_dictD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttps://www.facebook.com/groups/164828000315060/permalink/764967300301124/aonly_matchingtD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttps://www.facebook.com/l.php?u=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DpO8h3EaFRdo&h=TAQHsoToz&enc=AZN16h-b6o4Zq9pZkCCdOLNKMN96BbGMNtcFwHSaazus4JHT_MFYkAA-WARTX2kvsCIdlAIyHZjl6d33ILIJU7Jzwk_K3mcenAXoAzBNoZDI_Q7EXGDJnIhrGkLXo_LJ_pAa2Jzbx17UHMd3jAs--6j2zaeto5w9RTn8T_1kKg3fdC5WPX9Dbb18vzH7YFX0eSJmoa6SP114rvlkw6pkS1-T&s=1ainfo_dictD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttps://www.facebook.com/l.php?u=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DpO8h3EaFRdo&h=TAQHsoToz&enc=AZN16h-b6o4Zq9pZkCCdOLNKMN96BbGMNtcFwHSaazus4JHT_MFYkAA-WARTX2kvsCIdlAIyHZjl6d33ILIJU7Jzwk_K3mcenAXoAzBNoZDI_Q7EXGDJnIhrGkLXo_LJ_pAa2Jzbx17UHMd3jAs--6j2zaeto5w9RTn8T_1kKg3fdC5WPX9Dbb18vzH7YFX0eSJmoa6SP114rvlkw6pkS1-T&s=1ainfo_dictD equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttps://www.facebook.com/maxlayn/posts/10153807558977570amd5u037b1fa7f3c2d02b7a0d7bc16031ecc6ainfo_dictD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttps://www.facebook.com/onlycleverentertainment/videos/1947995502095005/aonly_matchingtD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttps://www.facebook.com/plugins/video.php?href=https%3A%2F%2Fwww.facebook.com%2Fvideo.php%3Fv%3D10204634152394104aonly_matchingtD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttps://www.facebook.com/plugins/video.php?href=https://www.facebook.com/gov.sg/videos/10154383743583686/&show_text=0&width=560aonly_matchingtuFacebookPluginsVideoIE._real_extractuyoutube_dl\extractor\facebook.pyT equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttps://www.facebook.com/video.php?v=10204634152394104aonly_matchingtD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttps://www.facebook.com/video.php?v=274175099429670ainfo_dictD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttps://www.facebook.com/video.php?v=637842556329505&fref=nfamd5u6a40d33c0eccbb1af76cf0485a052659ainfo_dictD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttps://www.facebook.com/yaroslav.korpan/videos/1417995061575415/ainfo_dictD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttps://www.linkedin.com/learning/programming-foundations-fundamentals/welcome?autoplay=trueamd5aa1d74422ff0d5e66a792deb996693167ainfo_dictD equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: aurluhttps://www.linkedin.com/learning/programming-foundations-fundamentalsainfo_dictD equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://www.youtube.com/Kiamet/ equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://www.youtube.com/Kiamet/auploaderaJonTronaupload_dateu20140125aparamsD equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://www.youtube.com/watch?v=BaW_jenozKc equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://www.youtube.com/watch?v=BaW_jenozKcaonly_matchingtuUnicodeBOMIE._real_extractuyoutube_dl\extractor\commonmistakes.pyu<module youtube_dl.extractor.commonmistakes>TT equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: tuFacebookIE._extract_from_urla_real_extractuFacebookIE._real_extracta__orig_bases__aFacebookPluginsVideoIEuhttps?://(?:[\w-]+\.)?facebook\.com/plugins/video\.php\?.*?\bhref=(?P<id>https.+)uhttps://www.facebook.com/plugins/video.php?href=https%3A%2F%2Fwww.facebook.com%2Fgov.sg%2Fvideos%2F10154383743583686%2F&show_text=0&width=560u5954e92cdfe51fe5782ae9bda7058a07D equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: u%Y%m%duhttp://www.youtube.com/watch?v=ayoutube_idaplaylistunerdcubed.co.uk feedaidunerdcubed-feedaentriesa__doc__a__file__a__spec__aoriginahas_locationa__cached__aunicode_literalslacommonT equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uInvalid URL: %r . Call youtube-dl like this: youtube-dl -v "https://www.youtube.com/watch?v=BaW_jenozKc" equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uJon is late for Christmas. Typical. Thanks to: Paul Ritchey for Co-Writing/Filming: http://www.youtube.com/user/ContinueShow Michael Azzi for Christmas Intro Animation: http://michafrar.tumblr.com/ Jerrod Waters for Christmas Intro Music: http://www.youtube.com/user/xXJerryTerryXx Casey Ormond for equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uRetrieving disclaimerareamatcha_VALID_URLagroupsutoo many values to unpack (expected 2)u^(\w{2})-(.*)$aytaurl_resultuhttp://www.youtube.com/watch?v=%saYoutubeacbutheplatform:%saThePlatformaCookieuuser=%s; acompat_urllib_parseaquoteajsonadumpsD equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uThe url doesn't specify the protocol, trying with httpuhttp://aauto_warningu^(?:url|URL)$aExtractorErroruInvalid URL: %r . Call youtube-dl like this: youtube-dl -v "https://www.youtube.com/watch?v=BaW_jenozKc" D equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttp://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CCUQtwIwAA&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DcmQHVoWB5FY&ei=F-sNU-LLCaXk4QT52ICQBQ&usg=AFQjCNEw4hL29zgOohLXvpJ-Bdh2bils1Q&bvm=bv.61965928,d.bGE equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttp://www.youtube.com/watch?v= equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttp://www.youtube.com/watch?v=%s equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://cdn.embedly.com/widgets/media.html?src=http%3A%2F%2Fwww.youtube.com%2Fembed%2Fvideoseries%3Flist%3DUUGLim4T2loE5rwCMdpCIPVg&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DSU4fj_aEMVw%26list%3DUUGLim4T2loE5rwCMdpCIPVg&image=http%3A%2F%2Fi.ytimg.com%2Fvi%2FSU4fj_aEMVw%2Fhqdefault.jpg&key=8ee8a2e6a8cc47aab1a5ee67f9a178e0&type=text%2Fhtml&schema=youtube&autoplay=1 equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/ChristyClarkForBC/videos/vb.22819070941/10153870694020942/?type=2&theater equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/LaGuiaDelVaron/posts/1072691702860471 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/WatchESLOne/videos/359649331226507/ equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/amogood/videos/1618742068337349/?fref=nf equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/barackobama/posts/10153664894881749 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/checkpoint/?next=http%3A%2F%2Ffacebook.com%2Fhome.php&_fb_noscript=1 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/cnn/videos/10155529876156509/ equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/groups/1024490957622648/permalink/1396382447100162/ equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/groups/164828000315060/permalink/764967300301124/ equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/l.php?u=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DpO8h3EaFRdo&h=TAQHsoToz&enc=AZN16h-b6o4Zq9pZkCCdOLNKMN96BbGMNtcFwHSaazus4JHT_MFYkAA-WARTX2kvsCIdlAIyHZjl6d33ILIJU7Jzwk_K3mcenAXoAzBNoZDI_Q7EXGDJnIhrGkLXo_LJ_pAa2Jzbx17UHMd3jAs--6j2zaeto5w9RTn8T_1kKg3fdC5WPX9Dbb18vzH7YFX0eSJmoa6SP114rvlkw6pkS1-T&s=1 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/l.php?u=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DpO8h3EaFRdo&h=TAQHsoToz&enc=AZN16h-b6o4Zq9pZkCCdOLNKMN96BbGMNtcFwHSaazus4JHT_MFYkAA-WARTX2kvsCIdlAIyHZjl6d33ILIJU7Jzwk_K3mcenAXoAzBNoZDI_Q7EXGDJnIhrGkLXo_LJ_pAa2Jzbx17UHMd3jAs--6j2zaeto5w9RTn8T_1kKg3fdC5WPX9Dbb18vzH7YFX0eSJmoa6SP114rvlkw6pkS1-T&s=1 equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/login.php?next=http%3A%2F%2Ffacebook.com%2Fhome.php&login_attempt=1 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/maxlayn/posts/10153807558977570 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/onlycleverentertainment/videos/1947995502095005/ equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/plugins/video.php?href=https%3A%2F%2Fwww.facebook.com%2Fgov.sg%2Fvideos%2F10154383743583686%2F&show_text=0&width=560 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/plugins/video.php?href=https%3A%2F%2Fwww.facebook.com%2Fvideo.php%3Fv%3D10204634152394104 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/plugins/video.php?href=https://www.facebook.com/gov.sg/videos/10154383743583686/&show_text=0&width=560 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/video.php?v=10204634152394104 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/video.php?v=274175099429670 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/video.php?v=637842556329505&fref=nf equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/video.php?v=957955867617029 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/video/tahoe/async/%s/?chain=true&isvideo=true&payloadtype=primary equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/video/video.php?v=%s equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.facebook.com/yaroslav.korpan/videos/1417995061575415/ equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.linkedin.com/learning-api/detailedCourses equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.linkedin.com/learning/%s/%s equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.linkedin.com/learning/programming-foundations-fundamentals equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.linkedin.com/learning/programming-foundations-fundamentals/welcome?autoplay=true equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.linkedin.com/uas/login-submit equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.linkedin.com/uas/login?trk=learning equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uhttps://www.youtube.com/shared?ci=1nEzmT-M4fU equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: uwww.youtube.com/embed/(.{11}) equals www.youtube.com (Youtube)
Source: unknownDNS traffic detected: queries for: scookie.notrespone.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://%s/avideo_rootuhttp://s3-2u.digitallyspeaking.com/afindallT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://%s/data/video.endLevel.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://%s/data/video.endLevel.jsonaqueryaurlKeya_get_videos_infoaplayeraida_download_webpagea_search
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://%s/v/feed/video/%s.js?template=fox
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://%s/v/feed/video/%s.js?template=foxaida_match_ida_download_webpagea_html_search_regexudata-vid
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmpString found in binary or memory: http://.css
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmpString found in binary or memory: http://.jpg
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://115.231.74.139/m1.music.126.net
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://124.40.233.182/m1.music.126.net
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://192.99.219.222:82/presstv
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://192.99.219.222:82/presstvL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://203.130.59.9/m1.music.126.net
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://5-tv.ru/angel/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://5-tv.ru/angel/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://5-tv.ru/films/1507502/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://5-tv.ru/films/1507502/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://5-tv.ru/news/96814/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://5-tv.ru/news/96814/amd5abbff554ad415ecf5416a2f48c22d9283ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://5-tv.ru/programs/broadcast/508713/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://5-tv.ru/programs/broadcast/508713/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://5-tv.ru/video/1021729/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://5-tv.ru/video/1021729/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://5pillarsuk.com/2017/06/07/tariq-ramadan-disagrees-with-pr-exercise-by-imams-refusing-funeral-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://8tracks.com/sets/%s/next?player=sm&mix_id=%s&format=jsonh&track_id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://8tracks.com/sets/%s/next?player=sm&mix_id=%s&format=jsonh&track_id=%sa_typeaplaylistaentriesa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://8tracks.com/sets/%s/play?player=sm&mix_id=%s&format=jsonh
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://8tracks.com/sets/%s/play?player=sm&mix_id=%s&format=jsonhaapi_jsonanext_urlanoteuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://8tracks.com/ytdl/youtube-dl-test-tracks-a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://8tracks.com/ytdl/youtube-dl-test-tracks-aainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://90tv.ir/video/95719/%D8%B4%D8%A7%DB%8C%D8%B9%D8%A7%D8%AA-%D9%86%D9%82%D9%84-%D9%88-%D8%A7%D9%
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://91porn.com/view_video.php?viewkey=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://91porn.com/view_video.php?viewkey=%su
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://91porn.com/view_video.php?viewkey=7e42283b4f5ab36da134
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://91porn.com/view_video.php?viewkey=7e42283b4f5ab36da134amd5u7fcdb5349354f40d41689bd0fa8db05aai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://9gag.com/tv/embed/a5Dmvl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://9gag.com/tv/embed/a5Dmvlaonly_matchingta_TESTSD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://9gag.com/tv/p/Kk2X5/people-are-awesome-2013-is-absolutely-awesome
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://9gag.com/tv/p/Kk2X5/people-are-awesome-2013-is-absolutely-awesomeainfo_dictakXzwOKyGlSAaextam
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://9gag.com/tv/p/KklwM
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://9gag.com/tv/p/KklwMaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://9gag.com/tv/p/aKolP3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://9gag.com/tv/p/aKolP3aaKolP3uThis
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://9gag.tv/p/Kk2X5
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://9gag.tv/p/Kk2X5aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://a_extract_m3u8_formatsu/playlist.m3u8amp4am3u8_nativeD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://abc.go.com/shows/designated-survivor/video/most-recent/VDKA3807643
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://abc.go.com/shows/designated-survivor/video/most-recent/VDKA3807643ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://abc.go.com/shows/the-catch/episode-guide/season-01/10-the-wedding
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://abc.go.com/shows/the-catch/episode-guide/season-01/10-the-weddingaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://abc.go.com/shows/world-news-tonight/episode-guide/2017-02/17-021717-intense-stand-off-between
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://achievementhunter.roosterteeth.com/episode/off-topic-the-achievement-hunter-podcast-2016-i-di
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://admin.mangomolo.com/analytics/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://admin.mangomolo.com/analytics/%sadurationaint_or_noneT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://admin.mangomolo.com/analytics/index.php/customers/embed/index?
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://admin.mangomolo.com/analytics/index.php/customers/embed/video?
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://admin.mangomolo.com/analytics/index.php/plus/getchanneldetails?channel_id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://admin.mangomolo.com/analytics/index.php/plus/season_info?id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://admin.mangomolo.com/analytics/index.php/plus/season_info?id=%suhttp://admin.mangomolo.com/ana
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://admin.mangomolo.com/analytics/index.php/plus/show
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://admin.mangomolo.com/analytics/index.php/plus/video?id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://admin.mangomolo.com/analytics/index.php/plus/video?id=%sD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://adultswim.com/videos/%s/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://adultswim.com/videos/%s/%sT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://adultswim.com/videos/rick-and-morty/pilot
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://adultswim.com/videos/rick-and-morty/pilotainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://afbbs.afreecatv.com:8080/api/video/get_video_info.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://afbbs.afreecatv.com:8080/api/video/get_video_info.phpuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://afbbs.afreecatv.com:8080/app/read_ucc_bbs.cgi?nStationNo=16711924&nTitleNo=36153164&szBjId=da
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://ai-radio.org:8000/radio.opus
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://ai-radio.org:8000/radio.opusainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://anderetijden.nl/programma/1/Andere-Tijden/aflevering/676/Duitse-soldaten-over-de-Slag-bij-Arn
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://antiserver.kuwo.cn/anti.s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://antiserver.kuwo.cn/anti.sanoteuDownload
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api-app.espn.com/v1/video/clips/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api-app.espn.com/v1/video/clips/%savideoslaheadlineT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api-embed.webservices.francetelevisions.fr/key/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api-embed.webservices.francetelevisions.fr/key/%saDailymotionIEa_extract_urlsaplaylist_result
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api-live.dumpert.nl/mobile_api/json/info/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api-live.dumpert.nl/mobile_api/json/info/T
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.bleacherreport.com/api/v1/articles/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.bleacherreport.com/api/v1/articles/%saarticleagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.channel.livestream.com/2.0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.channel.livestream.com/2.0uls:viewsCountT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.contents.watchabc.go.com/vp2/ws/contents/3000/videos/%s/001/-1/%s/-1/%s/-1/-1.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.contents.watchabc.go.com/vp2/ws/contents/3000/videos/%s/001/-1/%s/-1/%s/-1/-1.jsonavideoa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.globovideos.com/videos/%s/playlist
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.globovideos.com/videos/%s/playlistavideoslT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.khanacademy.org/api/v1/topic/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.khanacademy.org/api/v1/topic/uDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.khanacademy.org/api/v1/videos/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.khanacademy.org/api/v1/videos/uDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.letitbit.net/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.letitbit.net/a_API_URLatVL0gjqo5a_API_KEYL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.letvcloud.com/gpc.php?
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.letvcloud.com/gpc.php?acompat_urllib_parse_urlencodeuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.netzkino.de.simplecache.net/capi-2.0a/categories/%s.json?d=www
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.netzkino.de.simplecache.net/capi-2.0a/categories/%s.json?d=wwwa_download_jsonapostsacusto
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.new.livestream.com/accounts/1570303/events/1585861/videos/4719370.smil
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.new.livestream.com/accounts/1570303/events/1585861/videos/4719370.smilainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.nowness.com/api/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.npr.org/query
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.npr.org/queryaqueryaidafieldsuaudio
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.video.mail.ru/videos/%s.json?new=1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://api.video.mail.ru/videos/%s.json?new=1uDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://apis.ign.com/video/v3/videos/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://apis.ign.com/video/v3/videos/%su
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://app.pluralsight.com/training/player?author=scott-allen&name=angularjs-get-started-m1-introduc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://app.video.baidu.com/%s/?worktype=adnative%s&id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://app.video.baidu.com/%s/?worktype=adnative%s&id=%sareamatcha_VALID_URLagroupsutoo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://archive.org/details/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://archive.org/details/D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://archive.org/details/XD300-23_68HighlightsAResearchCntAugHumanIntellect
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://archive.org/details/XD300-23_68HighlightsAResearchCntAugHumanIntellectamd5u8af1d4cf447933ed3c
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://archive.org/embed/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://archive.org/embed/XD300-23_68HighlightsAResearchCntAugHumanIntellect
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmpString found in binary or memory: http://archive.org/embed/XD300-23_68HighlightsAResearchCntAugHumanIntellectaonly_mat