Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1	2023-10-11 07:57	sihost.exe 8d91ce7f3a66bcfda11e488cc34c698f Formbook UPX .NET framework(MSIL) ScreenShot PWS AntiDebug AntiVM PE File PE32 .NET EXE OS Processor C FormBook Malware download VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key	20 Keyword trend analysis Info http://www.onlyleona.com/kniu/ - rule_id: 36720 http://www.palatepursuits.cfd/kniu/ - rule_id: 36726 http://www.onlyleona.com/kniu/?WwaYeLk_=eul8o7FRTpzZYv+GqkkzOpE5tEZO7cuUa8jf7YGp4uFOB2eW2y1ALY7ycZgKlFf7jddzg63rMJOPKD43r6dZxMpJnJONv2M7MFgI8Mw=&154=h0P9RQvD - rule_id: 36720 http://www.xxkxcfkujyeft.xyz/kniu/ - rule_id: 36719 http://www.xxkxcfkujyeft.xyz/kniu/?WwaYeLk_=i0HwDxosD6vP35vKxXt8TqB5hgt09UAmGu6yXsGJ7KHeDbKCAxtr8kYkpXafqSJ5CWKS4JQhNIcZa2fBS8/HEz0POFGF5EDYOp/zgDU=&154=h0P9RQvD - rule_id: 36719 http://www.flyingfoxnb.com/kniu/?WwaYeLk_=2khzscf+uoNd4qXDJMvMlsCGRf74adwr4dCZmsSaM5bi7vY8OWwGY+oUQIQbfdmtzbAFku/2CGFb1XO6VHKJWfD6Hx+uzWgInko6T2A=&154=h0P9RQvD - rule_id: 36725 http://www.palatepursuits.cfd/kniu/?WwaYeLk_=hbIoOV/dmdXO2xpIn07o59QoAXcFh8OwL7wE3CCbwPL4DaTNKf4A6Fx93MICWs67Kq9ozN+vd0WYpt+cGdGxDSTpWz7Z0RqHqaDgDUU=&154=h0P9RQvD - rule_id: 36726 http://www.flyingfoxnb.com/kniu/ - rule_id: 36725 http://www.tsygy.com/kniu/?WwaYeLk_=bJ36cMi4kupHJe0Hctq9gMewB+uvjmGDqwrfSqfgcqRhOtXAC1zMZIlHhDCyIhSJCFAYjWOLktx1yjWN3ai585tt7uX+B1FmFo0jbF0=&154=h0P9RQvD - rule_id: 36721 http://www.theartboxslidell.com/kniu/ - rule_id: 36718 http://www.frefire.top/kniu/ - rule_id: 36723 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3390000.zip http://www.prosourcegraniteinc.com/kniu/ - rule_id: 36717 http://www.theartboxslidell.com/kniu/?WwaYeLk_=pbzwZ3uv6ZLNK9kOZcORaqCkpmWHCySL5KPRtIvuGjYxhe5HL3eyc57X4ozDsIqy99XGgcN1QrQuWuftpLGszPSRgY0zgb673Mjl5VE=&154=h0P9RQvD - rule_id: 36718 http://23.95.106.3/350/122/Ekcflzifpij.mp3 http://www.poultry-symposium.com/kniu/?WwaYeLk_=40XX9Ytbs/otsI+0yUtAogrXy8SgXZWV889z9rydVcgoc+JCy8vgR1icdWU6u94Njq5xrtv7NQnpOX1iusCyLYuLxlHkdapdsh1Ymak=&154=h0P9RQvD - rule_id: 36722 http://www.frefire.top/kniu/?WwaYeLk_=w8rKBuSUIg6smCThP+RZr8URK2cMAOxRwdqHG6Uo67OOMeio1zBa/jWrwyXT3+M/9aqTr1N41d9bzE5WN9beyeWExgAtk5mD8L1zbeQ=&154=h0P9RQvD - rule_id: 36723 http://www.poultry-symposium.com/kniu/ - rule_id: 36722 http://www.tsygy.com/kniu/ - rule_id: 36721 http://www.prosourcegraniteinc.com/kniu/?WwaYeLk_=9xFgCh3s8l/k2B8O7aAt9yPceR5ZLMimGcu4Dy10KR8z2IhjbkPtetaY6rVQOSuqKBOJhR+SeENFOh5XwKmANMDhEFCrb4byHJuvuWU=&154=h0P9RQvD - rule_id: 36717	24 Info www.palatepursuits.cfd(104.21.21.57) - mailcious www.onlyleona.com(104.21.13.143) - mailcious www.pengeloladata.click() - mailcious www.xxkxcfkujyeft.xyz(216.240.130.67) - mailcious www.siteapp.fun() - mailcious www.theartboxslidell.com(199.59.243.225) - mailcious www.8956kjw1.com(103.71.154.243) www.tsygy.com(23.104.137.185) - mailcious www.frefire.top(67.223.117.37) - mailcious www.poultry-symposium.com(85.128.134.237) - mailcious www.flyingfoxnb.com(216.40.34.41) - mailcious www.prosourcegraniteinc.com(216.239.36.21) - mailcious 216.239.38.21 - phishing 23.104.137.185 - mailcious 23.95.106.3 - mailcious 67.223.117.37 - mailcious 199.59.243.225 172.67.196.133 - mailcious 216.40.34.41 - mailcious 216.240.130.67 - mailcious 104.21.13.143 103.71.154.243 45.33.6.223 85.128.134.237 - mailcious	11 Info ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SURICATA HTTP unable to match response to request ET DNS Query to a .top domain - Likely Hostile ET INFO HTTP Request to a .top domain ET MALWARE FormBook CnC Checkin (GET) ET HUNTING Request to .TOP Domain with Minimal Headers ET HUNTING Request to .XYZ Domain with Minimal Headers	18 Info http://www.onlyleona.com/kniu/ http://www.palatepursuits.cfd/kniu/ http://www.onlyleona.com/kniu/ http://www.xxkxcfkujyeft.xyz/kniu/ http://www.xxkxcfkujyeft.xyz/kniu/ http://www.flyingfoxnb.com/kniu/ http://www.palatepursuits.cfd/kniu/ http://www.flyingfoxnb.com/kniu/ http://www.tsygy.com/kniu/ http://www.theartboxslidell.com/kniu/ http://www.frefire.top/kniu/ http://www.prosourcegraniteinc.com/kniu/ http://www.theartboxslidell.com/kniu/ http://www.poultry-symposium.com/kniu/ http://www.frefire.top/kniu/ http://www.poultry-symposium.com/kniu/ http://www.tsygy.com/kniu/ http://www.prosourcegraniteinc.com/kniu/	11.4	M	40	ZeroCERT

2	2023-10-08 10:45	Lopbf.exe 5399d7a2060eca17c4c1648fd6b09505 UPX .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check VirusTotal Malware Buffer PE Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	1	1		6.4		50	ZeroCERT

3	2023-10-06 17:49	Tugksta.exe 1f4795e3a6a434601ec37a38ffc99ff5 Formbook UPX .NET framework(MSIL) AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check FormBook Malware download VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key	17 Keyword trend analysis Info http://www.onlyleona.com/kniu/ - rule_id: 36720 http://www.frefire.top/kniu/?mc=w8rKBuSUIg6smCThP+RZr8URK2cMAOxRwdqHG6Uo67OOMeio1zBa/jWrwyXT3+M/9aqTr1N41d9bzE5WN9beyeWExgAtk5mD8L1zbeQ=&1E=_Z4Fpo3srXsvqpV - rule_id: 36723 http://www.tsygy.com/kniu/?mc=bJ36cMi4kupHJe0Hctq9gMewB+uvjmGDqwrfSqfgcqRhOtXAC1zMZIlHhDCyIhSJCFAYjWOLktx1yjWN3ai585tt7uX+B1FmFo0jbF0=&1E=_Z4Fpo3srXsvqpV - rule_id: 36721 http://www.prosourcegraniteinc.com/kniu/?mc=9xFgCh3s8l/k2B8O7aAt9yPceR5ZLMimGcu4Dy10KR8z2IhjbkPtetaY6rVQOSuqKBOJhR+SeENFOh5XwKmANMDhEFCrb4byHJuvuWU=&1E=_Z4Fpo3srXsvqpV - rule_id: 36717 http://www.sqlite.org/2018/sqlite-dll-win32-x86-3250000.zip http://www.poultry-symposium.com/kniu/?mc=40XX9Ytbs/otsI+0yUtAogrXy8SgXZWV889z9rydVcgoc+JCy8vgR1icdWU6u94Njq5xrtv7NQnpOX1iusCyLYuLxlHkdapdsh1Ymak=&1E=_Z4Fpo3srXsvqpV - rule_id: 36722 http://www.poultry-symposium.com/kniu/ - rule_id: 36722 http://www.xxkxcfkujyeft.xyz/kniu/ - rule_id: 36719 http://www.theartboxslidell.com/kniu/ - rule_id: 36718 http://www.frefire.top/kniu/ - rule_id: 36723 http://23.95.106.3/250/process.exe http://www.prosourcegraniteinc.com/kniu/ - rule_id: 36717 http://www.theartboxslidell.com/kniu/?mc=pbzwZ3uv6ZLNK9kOZcORaqCkpmWHCySL5KPRtIvuGjYxhe5HL3eyc57X4ozDsIqy99XGgcN1QrQuWuftpLGszPSRgY0zgb673Mjl5VE=&1E=_Z4Fpo3srXsvqpV - rule_id: 36718 http://www.xxkxcfkujyeft.xyz/kniu/?mc=i0HwDxosD6vP35vKxXt8TqB5hgt09UAmGu6yXsGJ7KHeDbKCAxtr8kYkpXafqSJ5CWKS4JQhNIcZa2fBS8/HEz0POFGF5EDYOp/zgDU=&1E=_Z4Fpo3srXsvqpV - rule_id: 36719 http://23.95.106.3/250/Aqjjqk.wav http://www.tsygy.com/kniu/ - rule_id: 36721 http://www.onlyleona.com/kniu/?mc=eul8o7FRTpzZYv+GqkkzOpE5tEZO7cuUa8jf7YGp4uFOB2eW2y1ALY7ycZgKlFf7jddzg63rMJOPKD43r6dZxMpJnJONv2M7MFgI8Mw=&1E=_Z4Fpo3srXsvqpV - rule_id: 36720	20 Info www.onlyleona.com(172.67.132.228) - mailcious www.prosourcegraniteinc.com(216.239.36.21) - mailcious www.pengeloladata.click() - mailcious www.xxkxcfkujyeft.xyz(216.240.130.67) - mailcious www.frefire.top(67.223.117.37) - mailcious www.8956kjw1.com(103.71.154.243) www.tsygy.com(23.104.137.185) - mailcious www.theartboxslidell.com(199.59.243.225) - mailcious www.poultry-symposium.com(85.128.134.237) - mailcious www.siteapp.fun() - mailcious 85.128.134.237 - mailcious 216.239.34.21 - mailcious 23.104.137.185 - mailcious 23.95.106.3 - mailcious 199.59.243.225 67.223.117.37 - mailcious 216.240.130.67 - mailcious 103.71.154.243 45.33.6.223 172.67.132.228 - mailcious	12 Info ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE FormBook CnC Checkin (POST) M2 ET DNS Query to a .top domain - Likely Hostile ET INFO HTTP Request to a .top domain SURICATA HTTP unable to match response to request ET MALWARE FormBook CnC Checkin (GET) ET HUNTING Request to .XYZ Domain with Minimal Headers ET HUNTING Request to .TOP Domain with Minimal Headers	14 Info http://www.onlyleona.com/kniu/ http://www.frefire.top/kniu/ http://www.tsygy.com/kniu/ http://www.prosourcegraniteinc.com/kniu/ http://www.poultry-symposium.com/kniu/ http://www.poultry-symposium.com/kniu/ http://www.xxkxcfkujyeft.xyz/kniu/ http://www.theartboxslidell.com/kniu/ http://www.frefire.top/kniu/ http://www.prosourcegraniteinc.com/kniu/ http://www.theartboxslidell.com/kniu/ http://www.xxkxcfkujyeft.xyz/kniu/ http://www.tsygy.com/kniu/ http://www.onlyleona.com/kniu/	11.2	M	35	ZeroCERT

4	2023-09-30 13:17	Wtwvjbwnht.exe ea462e6077aa3e3c7573dd51206c7e4e Formbook UPX .NET framework(MSIL) AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs suspicious TLD Windows DNS Cryptographic key	23 Keyword trend analysis Info http://www.onlyleona.com/kniu/ - rule_id: 36720 http://192.3.179.157/690/TiWorkers.exe http://192.3.179.157/zw/Zlonloydc.dat http://www.xxkxcfkujyeft.xyz/kniu/ - rule_id: 36719 http://www.siteapp.fun/kniu/ - rule_id: 36724 http://www.prosourcegraniteinc.com/kniu/ - rule_id: 36717 http://www.poultry-symposium.com/kniu/?-z0gsLA=40XX9Ytbs/otsI+0yUtAogrXy8SgXZWV889z9rydVcgoc+JCy8vgR1icdWU6u94Njq5xrtv7NQnpOX1iusCyLYuLxlHkdapdsh1Ymak=&ue-_=0C5fuT6rcako - rule_id: 36722 http://www.poultry-symposium.com/kniu/ - rule_id: 36722 http://www.theartboxslidell.com/kniu/ - rule_id: 36718 http://www.onlyleona.com/kniu/?-z0gsLA=eul8o7FRTpzZYv+GqkkzOpE5tEZO7cuUa8jf7YGp4uFOB2eW2y1ALY7ycZgKlFf7jddzg63rMJOPKD43r6dZxMpJnJONv2M7MFgI8Mw=&ue-_=0C5fuT6rcako - rule_id: 36720 http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip http://www.tsygy.com/kniu/ - rule_id: 36721 http://www.flyingfoxnb.com/kniu/?-z0gsLA=2khzscf+uoNd4qXDJMvMlsCGRf74adwr4dCZmsSaM5bi7vY8OWwGY+oUQIQbfdmtzbAFku/2CGFb1XO6VHKJWfD6Hx+uzWgInko6T2A=&ue-_=0C5fuT6rcako - rule_id: 36725 http://www.tsygy.com/kniu/?-z0gsLA=bJ36cMi4kupHJe0Hctq9gMewB+uvjmGDqwrfSqfgcqRhOtXAC1zMZIlHhDCyIhSJCFAYjWOLktx1yjWN3ai585tt7uX+B1FmFo0jbF0=&ue-_=0C5fuT6rcako - rule_id: 36721 http://www.xxkxcfkujyeft.xyz/kniu/?-z0gsLA=i0HwDxosD6vP35vKxXt8TqB5hgt09UAmGu6yXsGJ7KHeDbKCAxtr8kYkpXafqSJ5CWKS4JQhNIcZa2fBS8/HEz0POFGF5EDYOp/zgDU=&ue-_=0C5fuT6rcako - rule_id: 36719 http://www.sqlite.org/2016/sqlite-dll-win32-x86-3110000.zip http://www.flyingfoxnb.com/kniu/ - rule_id: 36725 http://www.prosourcegraniteinc.com/kniu/?-z0gsLA=9xFgCh3s8l/k2B8O7aAt9yPceR5ZLMimGcu4Dy10KR8z2IhjbkPtetaY6rVQOSuqKBOJhR+SeENFOh5XwKmANMDhEFCrb4byHJuvuWU=&ue-_=0C5fuT6rcako - rule_id: 36717 http://www.palatepursuits.cfd/kniu/ - rule_id: 36726 http://www.siteapp.fun/kniu/?-z0gsLA=6sBKYXqHQWHKIO2IG+2EqtcAj7thqVpOenJ3Aw9YNEL5O7rEWmoX1sx8Xe3NA3a7pLf2GEiO8AkwTW2yzvekojaHRlDYosZEDLTR5OQ=&ue-_=0C5fuT6rcako - rule_id: 36724 http://www.theartboxslidell.com/kniu/?-z0gsLA=pbzwZ3uv6ZLNK9kOZcORaqCkpmWHCySL5KPRtIvuGjYxhe5HL3eyc57X4ozDsIqy99XGgcN1QrQuWuftpLGszPSRgY0zgb673Mjl5VE=&ue-_=0C5fuT6rcako - rule_id: 36718 http://www.frefire.top/kniu/ - rule_id: 36723 http://www.frefire.top/kniu/?-z0gsLA=w8rKBuSUIg6smCThP+RZr8URK2cMAOxRwdqHG6Uo67OOMeio1zBa/jWrwyXT3+M/9aqTr1N41d9bzE5WN9beyeWExgAtk5mD8L1zbeQ=&ue-_=0C5fuT6rcako - rule_id: 36723	25 Info www.palatepursuits.cfd(104.21.21.57) - mailcious www.onlyleona.com(104.21.13.143) - mailcious www.prosourcegraniteinc.com(216.239.34.21) - mailcious www.pengeloladata.click() - mailcious www.xxkxcfkujyeft.xyz(216.240.130.67) - mailcious www.theartboxslidell.com(199.59.243.224) - mailcious www.8956kjw1.com(103.71.154.243) www.frefire.top(67.223.117.37) - mailcious www.tsygy.com(23.104.137.185) - mailcious www.poultry-symposium.com(85.128.134.237) - mailcious www.flyingfoxnb.com(216.40.34.41) - mailcious www.siteapp.fun(23.82.12.37) - mailcious 85.128.134.237 - mailcious 81.171.28.43 23.104.137.185 - mailcious 216.239.32.21 - mailcious 199.59.243.224 - mailcious 172.67.196.133 - mailcious 216.40.34.41 - mailcious 216.240.130.67 - mailcious 192.3.179.157 - mailcious 103.71.154.243 45.33.6.223 172.67.132.228 - mailcious 67.223.117.37 - mailcious	11 Info SURICATA HTTP unable to match response to request ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO HTTP Request to a .top domain ET DNS Query to a .top domain - Likely Hostile ET MALWARE FormBook CnC Checkin (GET) ET HUNTING Request to .TOP Domain with Minimal Headers ET HUNTING Request to .XYZ Domain with Minimal Headers	19 Info http://www.onlyleona.com/kniu/ http://www.xxkxcfkujyeft.xyz/kniu/ http://www.siteapp.fun/kniu/ http://www.prosourcegraniteinc.com/kniu/ http://www.poultry-symposium.com/kniu/ http://www.poultry-symposium.com/kniu/ http://www.theartboxslidell.com/kniu/ http://www.onlyleona.com/kniu/ http://www.tsygy.com/kniu/ http://www.flyingfoxnb.com/kniu/ http://www.tsygy.com/kniu/ http://www.xxkxcfkujyeft.xyz/kniu/ http://www.flyingfoxnb.com/kniu/ http://www.prosourcegraniteinc.com/kniu/ http://www.palatepursuits.cfd/kniu/ http://www.siteapp.fun/kniu/ http://www.theartboxslidell.com/kniu/ http://www.frefire.top/kniu/ http://www.frefire.top/kniu/	13.2	M	52	ZeroCERT

5	2023-09-20 18:04	Rzcjkedka.exe cd47b64e420b472464001891ff312ff6 AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key	21 Keyword trend analysis Info http://www.onlyleona.com/kniu/ http://www.tsygy.com/kniu/?j1=bJ36cMi4kupHJe0Hctq9gMewB+uvjmGDqwrfSqfgcqRhOtXAC1zMZIlHhDCyIhSJCFAYjWOLktx1yjWN3ai585tt7uX+B1FmFo0jbF0=&meUIyw=UGh-NJxfZ0 http://www.onlyleona.com/kniu/?j1=eul8o7FRTpzZYv+GqkkzOpE5tEZO7cuUa8jf7YGp4uFOB2eW2y1ALY7ycZgKlFf7jddzg63rMJOPKD43r6dZxMpJnJONv2M7MFgI8Mw=&meUIyw=UGh-NJxfZ0 http://www.prosourcegraniteinc.com/kniu/ http://www.xxkxcfkujyeft.xyz/kniu/ http://www.poultry-symposium.com/kniu/?j1=40XX9Ytbs/otsI+0yUtAogrXy8SgXZWV889z9rydVcgoc+JCy8vgR1icdWU6u94Njq5xrtv7NQnpOX1iusCyLYuLxlHkdapdsh1Ymak=&meUIyw=UGh-NJxfZ0 http://www.frefire.top/kniu/?j1=w8rKBuSUIg6smCThP+RZr8URK2cMAOxRwdqHG6Uo67OOMeio1zBa/jWrwyXT3+M/9aqTr1N41d9bzE5WN9beyeWExgAtk5mD8L1zbeQ=&meUIyw=UGh-NJxfZ0 http://www.poultry-symposium.com/kniu/ http://192.3.179.157/zs/Pkzvwkppdn.mp4 http://www.flyingfoxnb.com/kniu/ http://www.flyingfoxnb.com/kniu/?j1=2khzscf+uoNd4qXDJMvMlsCGRf74adwr4dCZmsSaM5bi7vY8OWwGY+oUQIQbfdmtzbAFku/2CGFb1XO6VHKJWfD6Hx+uzWgInko6T2A=&meUIyw=UGh-NJxfZ0 http://www.theartboxslidell.com/kniu/ http://www.sqlite.org/2020/sqlite-dll-win32-x86-3330000.zip http://www.frefire.top/kniu/ http://www.siteapp.fun/kniu/ http://www.prosourcegraniteinc.com/kniu/?j1=9xFgCh3s8l/k2B8O7aAt9yPceR5ZLMimGcu4Dy10KR8z2IhjbkPtetaY6rVQOSuqKBOJhR+SeENFOh5XwKmANMDhEFCrb4byHJuvuWU=&meUIyw=UGh-NJxfZ0 http://www.xxkxcfkujyeft.xyz/kniu/?j1=i0HwDxosD6vP35vKxXt8TqB5hgt09UAmGu6yXsGJ7KHeDbKCAxtr8kYkpXafqSJ5CWKS4JQhNIcZa2fBS8/HEz0POFGF5EDYOp/zgDU=&meUIyw=UGh-NJxfZ0 http://www.theartboxslidell.com/kniu/?j1=pbzwZ3uv6ZLNK9kOZcORaqCkpmWHCySL5KPRtIvuGjYxhe5HL3eyc57X4ozDsIqy99XGgcN1QrQuWuftpLGszPSRgY0zgb673Mjl5VE=&meUIyw=UGh-NJxfZ0 http://www.tsygy.com/kniu/ http://www.siteapp.fun/kniu/?j1=6sBKYXqHQWHKIO2IG+2EqtcAj7thqVpOenJ3Aw9YNEL5O7rEWmoX1sx8Xe3NA3a7pLf2GEiO8AkwTW2yzvekojaHRlDYosZEDLTR5OQ=&meUIyw=UGh-NJxfZ0 http://192.3.179.157/112/TiWorker.exe	23 Info www.onlyleona.com(104.21.13.143) www.prosourcegraniteinc.com(216.239.36.21) www.pengeloladata.click() www.xxkxcfkujyeft.xyz(216.240.130.67) www.theartboxslidell.com(199.59.243.224) www.8956kjw1.com(103.71.154.244) www.frefire.top(67.223.117.37) www.tsygy.com(23.104.137.185) - mailcious www.poultry-symposium.com(85.128.134.237) www.flyingfoxnb.com(216.40.34.41) www.siteapp.fun(23.82.12.35) 216.239.38.21 - phishing 81.171.28.43 23.104.137.185 - mailcious 199.59.243.224 - mailcious 67.223.117.37 216.40.34.41 - mailcious 216.240.130.67 - mailcious 192.3.179.157 - mailcious 103.71.154.244 45.33.6.223 172.67.132.228 85.128.134.237	11 Info ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SURICATA HTTP unable to match response to request ET INFO HTTP Request to a .top domain ET DNS Query to a .top domain - Likely Hostile ET MALWARE FormBook CnC Checkin (GET) ET HUNTING Request to .XYZ Domain with Minimal Headers ET HUNTING Request to .TOP Domain with Minimal Headers		10.8	M	17	ZeroCERT

6	2023-05-24 19:38	IE_CACHES.exe 0b7de5ae22b768e277f8d6be97291ce0 Generic Malware UPX Malicious Library Malicious Packer PE File PE32 OS Processor Check DLL PE64 PNG Format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder					2.8	M	27	ZeroCERT