| 1 |
2025-04-22 12:08
|
 cabalmain.exe 3ab22c4c2d852cc201f5844db0e0a301
EnigmaProtector Downloader PE File PE32 VirusTotal Malware |
|
|
|
|
2.2 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2 |
2025-04-21 13:51
|
 update.exe cb8cb16aa24029b84a3c40b2d61e3eb0
Gen1 Emotet Generic Malware EnigmaProtector Malicious Library .NET framework(MSIL) UPX Downloader PE File .NET EXE PE32 JPEG Format DLL OS Processor Check CAB PE64 VirusTotal Malware PDB Malicious Traffic AppData folder Ransomware Windows DNS |
359
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/agentshop_location.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/warning.efx
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a06r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/axpap_axp.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/warning_r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Heil_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/mb_kill.efx
http://45.91.133.59/client/Data/Aanguage/Thai/Font/12.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a11r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/pet_equip.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/pettraining_slot.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_pro_lose_r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/warning_r2.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/nation_choice01.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/tab_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/war_pro_win.efx
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemequip_holding.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/03.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/guild_invite.jpg
http://45.91.133.59/updates/Guild/1_4.gld
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemopt_target.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/overloadmastery_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/12r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_cap_lose_r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/stellar_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/hurryup.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/essencerune_requirement.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/hurryup_r2.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/mb_waiting_G.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/11.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/essencerune_equip.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/combostart.efx
http://45.91.133.59/client/Data/Aanguage/Thai/help.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Skill_Enhanced_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/ChallengeMissionMsg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/01.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/balloon_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/21r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemkind_equip.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Awaken_auramode_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemtake_inven.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/chat_cmd.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/battlebasic_basic.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/blendedrune_basic.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/char_auto.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/huuryup_loop.efx
http://45.91.133.59/client/Data/Aanguage/Thai/language.dec
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a13r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/13.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/gps_icon.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/combo_continue.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/extract_result.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/mercenary_basic.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/dungeon_arena.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/mb_victory.efx
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemlook_restore.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a03.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Collection_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_pro_win.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/war_pro_lose.efx
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/dungeon_info.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemequip_Rclick.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/partyleave_dungeon.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a02.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/15.efx
http://45.91.133.59/updates/Guild/1_9.gld
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/move.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/pvp_guild.jpg
http://45.91.133.59/client/cabalmainen.exe
http://45.91.133.59/client/Data/Aanguage/Thai/iptdict.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/pvp_bteam_win.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/klog.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/mb_death_r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/CC_O.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_raedy_y.ebs
http://45.91.133.59/updates/Guild/1_3.gld
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/chat_enter.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/menu_basicmenu.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/chat_btn.jpg
http://45.91.133.59/client/cabalmain.exe
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemlook_basic.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/honor_medal_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/11.efx
http://45.91.133.59/client/Data/Aanguage/Thai/Font/14.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/costume_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/war_cap_lose.efx
http://45.91.133.59/client/Data/Aanguage/Thai/extra_obj_msg.enc
http://45.91.133.59/client/VC_redist.x64.exe
http://45.91.133.59/client/Data/Aanguage/Thai/npcshop_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/extract_basic.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_called.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/partyinvite_02.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/pvp_ateam_win_r.ebs
http://45.91.133.59/client/dxwebsetup.exe
http://45.91.133.59/client/Data/Aanguage/Thai/Font/09r.ebs
http://45.91.133.59/client/natives_x64.dll
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a14r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemopt_2.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemup_auto.jpg
http://45.91.133.59/updates/Guild/test.txt
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a12r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/nation_blacktransmuter.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/03r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/blendedrune_apply.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_raedy_a.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/char_C.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/BaseChar.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a21r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/petup_etc.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/CS_S.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/craft_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/mb_death.efx
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/war_ready.efx
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/NPCstore_control02.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/04.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/gpa_nationwarp.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemup_use.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/mb_waiting.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/10.ebs
http://45.91.133.59/client/_start.bat
http://45.91.133.59/client/VC_redist.x86.exe
http://45.91.133.59/client/D3DX9_43.dll
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/partyleave_leave.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/cont3_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/dungeon_QD.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/pvp_ateam_win.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/CC_M.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/12.efx
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a10r.ebs
http://45.91.133.59/updates/Guild/1_21.gld
http://45.91.133.59/client/Data/Aanguage/Thai/Font/mb_waiting_pointr.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/tewordbreak.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/war_called.efx
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemlook_item.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/11r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_start_t.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/ui.dts
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a02r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a11.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/dungeon_DX.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/drop_list_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/nation_othernation.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/honor_take.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/16_01.efx
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/gps_difficulty.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/combo.efx
http://45.91.133.59/client/Data/Aanguage/Thai/caz_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/04r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/02.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/mb_victory_r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a08r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/hurryup.efx
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_cap_win.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a01.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/forcewing_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/Nsmith_requirement.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/dungeon_arenago.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/buddy_block.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/hurryup_loop.efx
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a07.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a01r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/mb_kill.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/NPCstore_control03.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a21.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/petup_lvup.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/mb_waiting.efx
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/war_ready_on.efx
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/03.efx
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/battlebasic_auto.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a06.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/14r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemopt_take.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_start.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/dungeon_entry.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/00.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemuse_inven.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/seteffect_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_called_r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/mb_defeat.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/missionbattle_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemtake.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/02r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/achievement_msg.enc
http://45.91.133.59/client/libogg.dll
http://45.91.133.59/client/Data/Aanguage/Thai/Font/06.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a05r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/mb_victory.ebs
http://45.91.133.59/client/d3dx9_30.dll
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/etcup_enhancer.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/mercenary_ui.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/EventPass_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_raedy_d.ebs
http://45.91.133.59/client/byPassWinD.bat
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a00r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/act_select.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/axpap_ap.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/honor_advantage.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/CS_H.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/angle_zoom.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/mb_waiting_point.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_raedy.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/bascismith_up.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/agentshop_search.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/mb_defeat.efx
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a12.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemkind_itemlv.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_start_s.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/NPCstore_control01.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/script_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemuse_qslot.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/hurryup_r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_start_a.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/agentshop_favorite.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/13r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/CS_A.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/language.enc
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/etcup_slotext01.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/mb_waiting_A.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_raedy_e.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemup_upcore.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemopt_fail.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/UI/Icon/Loading.dds
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a00.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/09.efx
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/04.efx
http://45.91.133.59/client/Data/Aanguage/Thai/pvpbattle_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a03r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemlook_duration.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/01r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/war_cap_win.efx
http://45.91.133.59/client/Data/Aanguage/Thai/Font/CS_C.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/war_start.efx
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/buddy_add.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemup_fail.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_pro_lose.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/02.efx
http://45.91.133.59/client/Data/Aanguage/Thai/Font/08r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/gps_m.jpg
http://45.91.133.59/updates/Guild/1_18.gld
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemequip_unable.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/00r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/06r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/mb_waiting_w.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/CC_B.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a08.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/01.efx
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/nation_choice02.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/angle_key_new.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/cont2_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/pvp_bteam_win_r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/menu_chrmenu.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a13.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/dungeon_MD.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/06.efx
http://45.91.133.59/client/Data/Aanguage/Thai/Font/07.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/gps_warp.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/cabal_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/basicsmith_transmuter.jpg
http://45.91.133.59/client/natives_x86.dll
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/combo_basic.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/CS_I.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a05.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/char_lvup.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/keymap_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/tip.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/mb_defeat_r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_start_r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/pvp_try.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a04r.ebs
http://45.91.133.59//resources.xml
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/option.jpg
http://45.91.133.59/client/fmodex.dll
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/blendedrune_del.jpg
http://45.91.133.59/client/libvorbis.dll
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/etcup_bike.jpg
http://45.91.133.59/updates/Guild/1_2.gld
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/guild_lvup.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/05.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a09.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/bossarena_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/CS_R.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a14.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/mb_kill_r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a04.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_raedy_r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/21.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/warning.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemopt_requirement.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a10.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/mb_waiting_I.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/guild_requirement.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/09.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/huuryup.efx
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a09r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Myth_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/dummy.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/mb_waiting_N.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/battlemode_1.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/21.efx
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/battlemode_2.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/angle.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/10r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/LoginUi.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/warning_loop.efx
http://45.91.133.59/client/Data/Aanguage/Thai/Font/CC_C.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/script.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/05.efx
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/combo_use01.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/CS_T.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/a07r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemlook_tooltip.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/CS_M.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/guild_warehouse.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/partyoption.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_cap_lose.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/cont_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/partyinvite_01.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/agentshop_info.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemup_target.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/act_Lclick.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/pvp_bteam_win.efx
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/combo_use02.jpg
http://45.91.133.59/updates/Guild/1_1.gld
http://45.91.133.59/client/Data/Aanguage/Thai/Font/mb_waiting_T.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/blendedrune_equip.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/cabal_msg.dec
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/etcup_slotext02.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/MissionFestival_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/Font/05r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_start_mark.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/auramode.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/07.efx
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/Nsmith_register.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/essencerune_del.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/agentshop_average.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemkind_use.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/mb_death.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/meritsystem_msg.enc
http://45.91.133.59/client/cabalmainth.exe
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_pro_win_r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/07r.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/pvp_ateam_win.efx
http://45.91.133.59/client/Data/Aanguage/Thai/Font/CS_B.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/pet_basic.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/10.efx
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/itemopt_basic.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/DungeonBossKill_msg.enc
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/agentshop_register.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/08.efx
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/pettraining_howto.jpg
http://45.91.133.59/client/Data/Aanguage/Thai/Font/fefx/16_02.efx
http://45.91.133.59/client/Data/Aanguage/Thai/Font/08.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/FieldBossRaid_msg.enc
http://45.91.133.59/updates/Guild/1_6.gld
http://45.91.133.59/client/Data/Aanguage/Thai/UI/Help/angle_key.jpg
http://45.91.133.59/client/cabal.exe
http://45.91.133.59/client/Data/Aanguage/Thai/Font/CS_O.ebs
http://45.91.133.59/client/Data/Aanguage/Thai/Font/war_cap_win_r.ebs
|
3
185.215.113.41 - malware
185.215.113.59 - mailcious
45.91.133.59 - mailcious
|
6
ET DROP Spamhaus DROP Listed Traffic Inbound group 32
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO Dotted Quad Host DLL Request
|
|
5.0 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3 |
2025-04-21 10:05
|
 cabal.exe 5a4140990e7ee3c3b9d1f356bab2b7c0
EnigmaProtector Generic Malware Malicious Library .NET framework(MSIL) UPX Downloader PE File .NET EXE PE32 VirusTotal Malware Buffer PE PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder Tofsee Ransomware Windows Cryptographic key |
17
https://www.achaplus.com/client/cabalmainth.exe
https://www.achaplus.com/client/byPassWinD.bat
https://www.achaplus.com/updates/Guild/1_2.gld
https://www.achaplus.com/updates/Guild/1_12.gld
https://www.achaplus.com/updates/Guild/1_3.gld
https://www.achaplus.com/client/cabalmainen.exe
https://www.achaplus.com/updates/Guild/1_21.gld
https://www.achaplus.com/updates/Guild/1_1.gld
https://www.achaplus.com/client/update.exe
https://www.achaplus.com/updates/Guild/1_6.gld
https://www.achaplus.com/resources.xml
https://www.achaplus.com/updates/Guild/1_9.gld
https://www.achaplus.com/client/cabalmain.exe
https://www.achaplus.com/updates/Guild/1_18.gld
https://www.achaplus.com/updates/Guild/test.txt
https://www.achaplus.com/updates/Guild/1_4.gld
https://www.achaplus.com//resources.xml
|
3
www.achaplus.com(172.67.205.75) - malware
download.priston.com.br(167.114.29.92)
104.21.37.72
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.0 |
|
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4 |
2025-02-20 12:26
|
 cabalmain.exe b66b3067ed8dc4b46efc17cf619a7626
Gen1 Themida Generic Malware EnigmaProtector Malicious Library Malicious Packer Antivirus Downloader UPX Anti_VM PE File ftp DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware |
|
|
|
|
2.0 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5 |
2025-02-19 11:07
|
 cabal.exe c0b915db483249fbb011d4c73d0dbf1f
Emotet Generic Malware Malicious Library .NET framework(MSIL) UPX Downloader Anti_VM PE File .NET EXE PE32 DLL OS Processor Check .NET DLL MSOffice File CAB Malware Buffer PE PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Check virtual network interfaces AppData folder Ransomware Windows Update DNS Cryptographic key |
116
http://168.138.162.78/output0//client/update.exe
http://168.138.162.78/output0/client/Guild/1_140.gld
http://168.138.162.78/output0/client/Data/change_shape.enc
http://168.138.162.78/output0/client/Data/Language/English/cabal_msg.enc
http://168.138.162.78/output0/client/Data/UI/Icon/force010.dds
http://168.138.162.78/output0/client/Guild/1_246.gld
http://168.138.162.78/output0/client/Guild/1_231.gld
http://168.138.162.78/output0/client/Data/Language/English/caz_msg.enc
http://168.138.162.78/output0/client/Guild/1_38.gld
http://168.138.162.78/output0/client/Data/Language/English/achievement_msg.enc
http://168.138.162.78/output0/client/Guild/1_186.gld
http://168.138.162.78/output0/client/Data/quest.enc
http://168.138.162.78/output0/client/Guild/1_51.gld
http://168.138.162.78/output0/client/Guild/1_167.gld
http://168.138.162.78/output0/client/Guild/1_22.gld
http://168.138.162.78/output0/client/Guild/1_258.gld
http://168.138.162.78/output0/client/Guild/1_252.gld
http://168.138.162.78/output0/client/Guild/1_27.gld
http://168.138.162.78/output0/client/Guild/1_3.gld
http://168.138.162.78/output0/client/Data/item.enc
http://168.138.162.78/output0/client/Guild/1_92.gld
http://168.138.162.78/output0/client/Guild/1_28.gld
http://168.138.162.78/output0/client/Guild/1_202.gld
http://168.138.162.78/output0/client/Guild/1_50.gld
http://168.138.162.78/output0/client/Guild/1_70.gld
http://168.138.162.78/output0/client/Guild/1_6.gld
http://168.138.162.78/output0/client/Guild/1_199.gld
http://168.138.162.78/output0/client/Guild/1_208.gld
http://168.138.162.78/output0/client/Guild/1_8.gld
http://168.138.162.78/output0/client/Guild/1_42.gld
http://168.138.162.78/output0/client/Guild/1_1.gld
http://168.138.162.78/output0/client/Data/market.enc
http://168.138.162.78/output0/client/Data/caz.enc
http://168.138.162.78/output0/client/Guild/1_30.gld
http://168.138.162.78/output0/client/Data/UI/Icon/skill265.dds
http://168.138.162.78/output0/client/Guild/1_149.gld
http://168.138.162.78/output0//client/7z.dll
http://168.138.162.78/output0/client/Data/Language/English/klog.enc
http://168.138.162.78/output0/client/Data/Language/English/extra_obj_msg.enc
http://168.138.162.78/output0/client/Data/Language/English/script_msg.enc
http://168.138.162.78/output0/client/custom.dll
http://168.138.162.78/output0/client/cabalmain.exe
http://168.138.162.78/output0//client/System.Windows.Interactivity.dll
http://168.138.162.78/output0/client/Data/Language/English/help.enc
http://168.138.162.78/output0/client/Guild/1_166.gld
http://168.138.162.78/output0/client/Guild/1_31.gld
http://168.138.162.78/output0/client/Guild/1_43.gld
http://168.138.162.78/output0/client/Guild/1_135.gld
http://168.138.162.78/output0/client/Guild/1_99.gld
http://168.138.162.78/output0/client/Data/Language/English/script.enc
http://168.138.162.78/output0/client/Data/mapinfo.enc
http://168.138.162.78/output0/client/Guild/1_143.gld
http://168.138.162.78/output0/client/Guild/1_102.gld
http://168.138.162.78/output0/client/Guild/1_55.gld
http://168.138.162.78/output0/client/Data/cont2.enc
http://168.138.162.78/output0/client/Data/global.enc
http://168.138.162.78/output0//client/SevenZipSharp.dll
http://168.138.162.78/output0/client/Guild/1_16.gld
http://168.138.162.78/output0/client/Data/assistant.enc
http://168.138.162.78/output0/client/Data/mob.enc
http://168.138.162.78/output0/client/Guild/1_2.gld
http://168.138.162.78/output0/client/Data/data.enc
http://168.138.162.78/output0/client/Guild/1_103.gld
http://168.138.162.78/output0/client/Data/UI/Icon/skill266.dds
http://168.138.162.78/output0/client/Data/Language/English/tip.enc
http://168.138.162.78/output0/client/Guild/1_19.gld
http://168.138.162.78/output0/client/Guild/1_62.gld
http://168.138.162.78/output0/client/Guild/1_15.gld
http://168.138.162.78/output0/client/Data/achievement.enc
http://168.138.162.78/output0/client/Data/UI/Icon/skill264.dds
http://168.138.162.78/output0/client/Data/extra_obj.enc
http://168.138.162.78/output0/client/Guild/1_18.gld
http://168.138.162.78/output0/client/Data/Language/English/cont2_msg.enc
http://168.138.162.78/output0/client/Guild/1_232.gld
http://168.138.162.78/output0/client/Guild/1_40.gld
http://168.138.162.78/output0/client/Guild/1_192.gld
http://168.138.162.78/output0/client/Guild/1_253.gld
http://168.138.162.78/output0/client/Guild/1_91.gld
http://168.138.162.78/output0/client/Guild/1_26.gld
http://168.138.162.78/output0/client/Data/destroy.enc
http://168.138.162.78/output0/client/Guild/1_230.gld
http://168.138.162.78/output0/client/Guild/1_66.gld
http://168.138.162.78/output0/client/Guild/1_104.gld
http://168.138.162.78/output0/client/Data/Map/world_01.mcl
http://168.138.162.78/output0/client/Data/Language/English/msg.enc
http://168.138.162.78/output0/client/Guild/1_5.gld
http://168.138.162.78/output0//resources0.xml
http://168.138.162.78/output0/client/Data/cont.enc
http://168.138.162.78/output0/client/Data/smob.enc
http://168.138.162.78/output0/client/Guild/1_193.gld
http://168.138.162.78/output0/client/Guild/1_17.gld
http://168.138.162.78/output0/client/Guild/1_106.gld
http://168.138.162.78/output0/client/Guild/1_105.gld
http://168.138.162.78/output0/updates/update_1.7z
http://168.138.162.78/output0/client/Guild/1_260.gld
http://168.138.162.78/output0/client/Guild/1_257.gld
http://168.138.162.78/output0/client/Guild/1_218.gld
http://168.138.162.78/output0/client/Guild/1_12.gld
http://168.138.162.78/output0/client/Data/keymap.enc
http://168.138.162.78/output0/client/Guild/1_32.gld
http://168.138.162.78/output0/client/Guild/1_125.gld
http://168.138.162.78/output0/client/Guild/1_37.gld
http://168.138.162.78/output0/client/Guild/1_23.gld
http://168.138.162.78/output0/client/Data/Language/English/keymap_msg.enc
http://168.138.162.78/output0/client/Guild/1_25.gld
http://168.138.162.78/output0/client/Guild/1_24.gld
http://168.138.162.78/output0/client/Guild/1_219.gld
http://168.138.162.78/output0/client/Guild/1_227.gld
http://168.138.162.78/output0/client/Data/ability.enc
http://168.138.162.78/output0/client/Guild/1_14.gld
http://168.138.162.78/output0/client/Guild/1_184.gld
http://168.138.162.78/output0/client/Guild/1_145.gld
http://168.138.162.78/output0/client/Data/maze.enc
http://168.138.162.78/output0/client/Data/cabal.enc
http://168.138.162.78/output0/client/Guild/1_136.gld
http://168.138.162.78/output0/client/Data/Language/English/cont_msg.enc
|
2
s4.gtsystems.hu() -
168.138.162.78 -
|
7
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO Dotted Quad Host DLL Request
ET INFO Packed Executable Download
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
9.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6 |
2025-02-19 11:02
|
 update.exe d4318770944feebcb959c1318304be0f
Generic Malware Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 Malware PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Check virtual network interfaces AppData folder Windows Update DNS Cryptographic key |
3
http://168.138.162.78/output0/client/cabal.exe
http://168.138.162.78/output0/updates/update_1.7z
http://168.138.162.78/output0//resources0.xml
|
2
s4.gtsystems.hu() -
168.138.162.78 -
|
4
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
6.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7 |
2025-02-18 17:54
|
 cabal.exe c70277566ea794b1017c1c2c635799da
Emotet Generic Malware Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 DLL OS Processor Check .NET DLL MSOffice File CAB VirusTotal Malware Buffer PE PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder Ransomware Windows Update DNS Cryptographic key |
67
http://168.138.162.78/output/client/Data/Language/English/help.enc
http://168.138.162.78/output/client/Data/extra_obj.enc
http://168.138.162.78/output/client/Data/data.enc
http://168.138.162.78/output/client/Data/FX/SRC/ebm/skull_13_keep_r2.ebm
http://168.138.162.78/output/client/Data/cont2.enc
http://168.138.162.78/output/client/Data/Language/English/cont_msg.enc
http://168.138.162.78/output/client/Data/UI/Theme1/ui_texture0.dds
http://168.138.162.78/output//client/update.exe
http://168.138.162.78/output/client/Data/Sound/BGM/Gilas-Cabal.ogg
http://168.138.162.78/output/client/Data/Language/English/script_msg.enc
http://168.138.162.78/output/client/Data/help.enc
http://168.138.162.78/output/client/Data/ability.enc
http://168.138.162.78/output/client/Data/smob.enc
http://168.138.162.78/output/client/Data/UI/Theme1/ui_texture10.dds
http://168.138.162.78/output/client/Data/Item/arms/Skull_13_keep.EBM
http://168.138.162.78/output/client/Data/UI/Icon/craft127.dds
http://168.138.162.78/output/client/Data/Object/Character/man8.ech
http://168.138.162.78/output/client/Data/Map/world_01.mcl
http://168.138.162.78/output/client/Data/cont.enc
http://168.138.162.78/output/client/Data/item.enc
http://168.138.162.78/output/client/Data/mob.enc
http://168.138.162.78/output/client/Data/Language/English/cabal_msg.enc
http://168.138.162.78/output/client/Data/FX/EFX/buff/mbuff_keep__888.efx
http://168.138.162.78/output/client/Data/Language/English/klog.enc
http://168.138.162.78/output/client/Data/Language/English/achievement_msg.enc
http://168.138.162.78/output/client/Data/UI/Icon/craft121.dds
http://168.138.162.78/output/client/Data/keymap.enc
http://168.138.162.78/output/updates/update_1.7z
http://168.138.162.78/output/client/Data/UI/Icon/craft122.dds
http://168.138.162.78/output/client/Data/achievement.enc
http://168.138.162.78/output/client/Data/quest.enc
http://168.138.162.78/output/client/Data/FX/EFX/Arms/skull_13_keep_15.efx
http://168.138.162.78/output//client/SevenZipSharp.dll
http://168.138.162.78/output/client/Data/Language/English/cont2_msg.enc
http://168.138.162.78/output/client/Data/cabal.enc
http://168.138.162.78/output/client/Data/caz.enc
http://168.138.162.78/output//client/7z.dll
http://168.138.162.78/output/client/Data/Item/bike/bike_46.ebm
http://168.138.162.78/output/client/Data/Language/English/script.enc
http://168.138.162.78/output/client/Data/FX/SRC/ebm/skull_13_keep_r.ebm
http://168.138.162.78/output/client/Data/Language/English/extra_obj_msg.enc
http://168.138.162.78/output/client/Data/Language/English/keymap_msg.enc
http://168.138.162.78/output/client/Data/destroy.enc
http://168.138.162.78/output/client/Data/title.enc
http://168.138.162.78/output/client/Data/Language/English/caz_msg.enc
http://168.138.162.78/output/client/Data/Language/English/tip.enc
http://168.138.162.78/output/client/Data/mobex.enc
http://168.138.162.78/output/client/Data/global.enc
http://168.138.162.78/output//resources.xml
http://168.138.162.78/output/client/Data/mapinfo.enc
http://168.138.162.78/output/client/Data/UI/Icon/craft123.dds
http://168.138.162.78/output/client/Data/assistant.enc
http://168.138.162.78/output/client/Data/UI/Icon/craft128.dds
http://168.138.162.78/output/client/custom.dll
http://168.138.162.78/output/client/Data/market.enc
http://168.138.162.78/output/client/Data/FX/EFX/Arms/skull_13_keep.efx
http://168.138.162.78/output/client/Data/msg.enc
http://168.138.162.78/output/client/Data/Language/English/msg.enc
http://168.138.162.78/output/client/Data/FX/SRC/ebm/skull_13_keep_r3.ebm
http://168.138.162.78/output/client/Data/change_shape.enc
http://168.138.162.78/output//client/System.Windows.Interactivity.dll
http://168.138.162.78/output/client/Data/maze.enc
http://168.138.162.78/output/client/Data/usersetting.dat
http://168.138.162.78/output/client/Data/Language/English/language.enc
http://168.138.162.78/output/client/Data/klog.enc
http://168.138.162.78/output/client/Data/Sound/BGM/cabal_bgm.ini
http://168.138.162.78/output/client/Data/UI/Theme1/ui_texture1.dds
|
2
s4.gtsystems.hu(185.6.188.137)
168.138.162.78 - malware
|
7
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO Dotted Quad Host DLL Request
ET INFO Packed Executable Download
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
9.8 |
M |
47 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8 |
2024-10-16 15:41
|
 update.exe 1be00ea3f590967b51f53e357a789fc6
Generic Malware Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 PNG Format JPEG Format VirusTotal Malware PDB suspicious privilege Malicious Traffic Check memory Checks debugger ICMP traffic RWX flags setting unpack itself Check virtual network interfaces Interception Windows DNS Cryptographic key |
2
http://217.15.164.94/update//web/kmnkNIANBDUIbudbnIA.php?t=2024-10-16%20??%2011:56:28
http://217.15.164.94/update//resources.xml
|
2
s4.gtsystems.hu(185.6.188.137)
217.15.164.94 - malware
|
|
|
7.4 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9 |
2024-10-16 11:17
|
 cabal.exe 39632518958d27b69b07f56c735d10a9
Generic Malware Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 PNG Format JPEG Format VirusTotal Malware Buffer PE PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Check virtual network interfaces AppData folder Interception Windows DNS Cryptographic key |
6
http://217.15.164.94/update//client/update.exe
http://217.15.164.94/update//client/System.Windows.Interactivity.dll
http://217.15.164.94/update//resources.xml
http://217.15.164.94/update//web/kmnkNIANBDUIbudbnIA.php?t=2024-10-16%20??%206:26:14
http://217.15.164.94/update//client/SevenZipSharp.dll
http://217.15.164.94/update//client/7z.dll
|
3
s4.gtsystems.hu(185.6.188.137)
178.156.131.83
217.15.164.94 - malware
|
5
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO Dotted Quad Host DLL Request
|
|
8.8 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|