Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
1	2021-09-28 13:52	vals.exe 2bdad3a733da88708d81f34aa5702776 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				12.6	M	44	ZeroCERT

2	2021-09-23 17:13	vbc.exe 1c3047465bb31dd2ac45101680301992 PWS .NET framework Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself ComputerName	9 Keyword trend analysis Info http://www.talkingpoint.tours/arup/?o2=2Bor36X4yMIxjbsNw9nIp5JqVEJ42O++igCdDW+bLrYPiTD/F7oXSRDD+M1zQEcm+TanyebS&wR=BDKh2baXl4PtG http://www.mezonpezon.com/arup/ http://www.cupecoysuites.com/arup/ http://www.gzwqpsyj.com/arup/ http://www.cupecoysuites.com/arup/?o2=RwnhE8KYKqsc5MSZ6w7FRLZ4FQLQ/7KQra0CoHItoXR0D3A2SypYSixvdgQRpZ3QFM6Mzxlq&wR=BDKh2baXl4PtG http://www.royaltortoisecookieco.online/arup/?o2=xicXbxHz/T/GJ6xhDm1KxNKS1jpnVDDPGy0hKxh11bForUynj74u7eHQ98aodg6MscVdd2su&wR=BDKh2baXl4PtG http://www.talkingpoint.tours/arup/ http://www.mezonpezon.com/arup/?o2=UNxFnBumKBpgK3E6newINllmoiRNFeGsN9mFY9q/k3SwkriE4cKly4sUG2g85kP3rxM+0vbe&wR=BDKh2baXl4PtG http://www.royaltortoisecookieco.online/arup/	12 Info www.talkingpoint.tours(192.0.78.24) www.penhal.com() www.cupecoysuites.com(34.102.136.180) www.royaltortoisecookieco.online(209.17.116.163) www.gzwqpsyj.com(209.141.38.71) www.xn--2kr800ab2z.group() www.mezonpezon.com(185.4.31.82) 209.17.116.163 34.102.136.180 - mailcious 192.0.78.24 - mailcious 107.161.23.204 185.4.31.82 - malware	1	9.4		26	ZeroCERT

3	2021-09-23 09:08	vbc.exe a4906a4f5ece9910c5d49e2cfea35ee3 PWS .NET framework Generic Malware PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself ComputerName				5.6	M	15	ZeroCERT

4	2021-09-23 08:56	atlaszx.exe 88bb493f91d20d39a8bb13cb98a9a037 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed				8.8	M	22	ZeroCERT

5	2021-09-23 08:44	obizx.exe 9e3d48d47e6370c4cd6ca03ef3c58cd5 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed				9.8	M	23	ZeroCERT

6	2021-09-23 08:43	vbc.exe 7a23da05dfbd236cb33b6d7a2a1f262d PWS .NET framework Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself ComputerName	8 Keyword trend analysis Info http://www.bebo.xyz/n90q/?nH=Dro1KrF0gyNlcbSU541z19qzrfyzXKuAHParq6y5Eexi213YrSW+4q3W+dE4BNn0Eap4e/tW&GF=6l8lMtkXCnqDR4j http://www.createreleaserepeat.com/n90q/?nH=SsuzvQ6HV6taaD+W8X3ly66BXMf4dXdtK5LrBFfasaPP85NssPTn5/qtxMT4ZatflkGo0SY1&GF=6l8lMtkXCnqDR4j http://www.lamarfish.com/n90q/?nH=oLp1INRQcYlCIwnKN0Njm6Xoc+cRt/X9prI3xjM3Ww6ORPuYc4D5wUV8peSbJSvq5hgWAqN2&GF=6l8lMtkXCnqDR4j http://www.centrounac.com/n90q/?nH=4AF0SqrcHbMbXHT29t0gKs+41/yAIXWaLUNVn/nIRBk+MAbhn5ZCt0buIkQBoGEu5wc0Q/41&GF=6l8lMtkXCnqDR4j http://www.mammutphilippines.com/n90q/?nH=GiWrvS//gQ2q/hIV6Zy/o5YW6c6VukN0OH9ROBeGDhiEQY+72LoQ1NiOAxiqbd0Y0wIFk2Ut&GF=6l8lMtkXCnqDR4j http://www.ord9route.art/n90q/?nH=m4pl3ok5EqTqfLMyT/hFtIlAKU9zniQdbH9l3O+ovtt51rXL7aP0rtbmfw7iHYfUW+rGLckW&GF=6l8lMtkXCnqDR4j http://www.adorotudoisso.club/n90q/?nH=+AznKtSaeUwG4Xhx64dkxKeTbLa++kdbf8CsCGDIfyM3i3hWyBe26u1HjGAigACJ/I2g9jsl&GF=6l8lMtkXCnqDR4j http://www.nnvv942.com/n90q/?nH=8fnm1kg073ztZrdYEgPG88qlh15erAvqUZr4iV0Eq8UimOtZmlwKxqbhgxKQuef6PrzJkwXT&GF=6l8lMtkXCnqDR4j	17 Info www.nnvv942.com(199.241.1.183) www.kjslink.com() www.adorotudoisso.club(208.113.216.170) www.bebo.xyz(86.105.245.69) www.ord9route.art(202.165.66.108) www.createreleaserepeat.com(75.126.100.9) www.centrounac.com(34.98.99.30) www.lamarfish.com(204.11.56.48) www.mammutphilippines.com(199.59.242.153) 75.126.100.9 86.105.245.69 - mailcious 199.59.242.153 - mailcious 199.241.1.183 202.165.66.108 204.11.56.48 - phishing 208.113.216.170 34.98.99.30 - phishing	3	8.8	M	22	ZeroCERT

7	2021-09-23 08:35	.winlogon.exe a6b0ff3aaa1b4989b5814c6c179679dd PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed				9.8		27	ZeroCERT