Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
1651	2024-08-04 14:01	123.exe ff886c6dfffaf1abafb52e93b7a69249 UPX PE File PE32 VirusTotal Malware suspicious privilege Windows utilities WriteConsoleW Windows DNS		1		5.2	M	33	ZeroCERT

1652	2024-08-04 13:58	XClient.exe 9fe64529733d8081d761fe73bd8bd050 Malicious Library Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key				4.0	M	62	ZeroCERT

1653	2024-08-04 13:56	345.exe 35a8e22dd6eafbae106923d23eecded3 UPX PE File PE64 VirusTotal Malware				2.6	M	45	ZeroCERT

1654	2024-08-04 13:56	update.exe e79580a75196a17aef6f7240ea67e954 njRAT backdoor Generic Malware Malicious Library Antivirus UPX PE File MSOffice File PE32 CAB OS Name Check OS Processor Check DLL VirusTotal Malware PDB suspicious privilege Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Windows ComputerName Remote Code Execution DNS Cryptographic key		1		6.6	M	21	ZeroCERT

1655	2024-08-04 13:52	nut.exe 232e7b89f4be6cbc0c706f8520b1c647 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself				2.0	M	61	ZeroCERT

1656	2024-08-04 13:50	select.exe d0e834aed727fe49a51b071c680a282c Downloader PE File PE32 MZP Format VirusTotal Malware AutoRuns Check memory Windows Trojan				4.2	M	70	ZeroCERT

1657	2024-08-04 13:48	ss.exe 61584ce40b3b4c6f5b9ac4fb4f8f0ec9 Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself DNS		1		3.6	M	61	ZeroCERT

1658	2024-08-04 13:46	china.exe a95e09168ff4b517c1ffa385206543b5 Malicious Library ASPack PE File PE32 CAB MZP Format DLL VirusTotal Malware Check memory Checks debugger unpack itself AppData folder				2.4	M	13	ZeroCERT

1659	2024-08-04 13:43	uh.ee.uh.ee.uhuheee.doc 5b88a1a2c13384068ece808b50699d86 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	2	1	6.0	M	38	ZeroCERT

1660	2024-08-04 13:42	jf.exe d161e13cf0731d0b55ad38d6a38cdc21 CoinMiner Generic Malware Downloader UPX Malicious Library Confuser .NET Malicious Packer Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence F VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW IP Check Tofsee Interception Windows ComputerName Amazon Alibaba DNS	4 Keyword trend analysis	150 Info cm.bilibili.com(164.52.47.54) 7b42f7424e8c39d30019cf95ef41ef02.rdt.tfogc.com(175.4.55.179) ss0.baidu.com(185.10.104.109) vd6.l.qq.com(129.226.107.33) game.kde.qq.com(129.226.103.24) pcupd.com(139.196.217.38) hector.baidu.com(39.156.68.81) passport-plugin.hao184.com(61.170.80.232) accounts.google.com(64.233.188.84) search.sogoucdn.com(43.159.81.60) clientservices.googleapis.com(142.250.198.3) s3m6.mdvdns.com(104.192.108.23) m4.publicimg.browser.qq.com(43.152.15.45) dhrest.2345.com(180.163.196.140) t12.baidu.com(111.225.213.36) s3m6.fenxi.com(61.170.81.233) web.50bangzh.com(180.101.190.124) iwan.video.qq.com(124.156.190.80) eclick.baidu.com(111.206.208.190) i.news.qq.com(38.60.181.105) bd-js1.2345.com(112.25.90.131) data.ab.qq.com(43.154.254.142) dgss0.bdstatic.com(45.113.192.82) ckmap.mediav.com(180.163.247.134) www.baidu.com(119.63.197.139) www.2345.com(163.181.22.236) pcbrowser.dd.qq.com(111.3.90.95) daohang.qq.com(43.154.240.84) xy117x158x188x37xy.mcdn.bilivideo.cn(117.158.188.37) vfiles.gtimg.cn(211.152.132.216) data.bilibili.com(164.52.0.98) s1.mdvdns.com(112.65.69.52) ca8ac9a6f86c4d42a7e731d17aa125db.rdt.tfogc.com(113.141.160.228) dss2.bdstatic.com(185.10.104.109) gss0.bdstatic.com(45.113.192.82) pbaccess.video.qq.com(43.155.124.103) www.google.com(142.250.76.132) oth.str.beacon.qq.com(14.22.9.180) d9bfba694e0c428248140c78286d3793.rdt.tfogc.com(58.19.46.75) code.bdstatic.com(103.235.45.242) tv.puui.qpic.cn(38.60.181.35) r3---sn-j5o7dn7e.gvt1-cn.com(113.108.239.196) www-cdn.2345cdn.net(180.163.207.108) dhrest-static.2345.com(180.163.147.217) newtab.browser.qq.com(43.135.106.42) pb.sogou.com(36.155.166.212) 183ac55a26eb8ed3211e476f89a40d34.rdt.tfogc.com(111.4.66.14) static.res.qq.com(36.250.242.247) kde.qq.com(129.226.103.169) content-autofill.googleapis.com(142.250.206.202) hmcdn.baidu.com(124.239.243.48) checkip.amazonaws.com(52.221.143.66) b33fca1920f4832d8e3dfbf4c7432b50.rdt.tfogc.com(113.141.160.48) snowflake.qq.com(43.129.2.170) sofire.bdstatic.com(60.190.116.48) adsmind.gdtimg.com(211.152.132.216) api.bilibili.com(164.52.44.50) pss.bdstatic.com(103.235.45.242) apd-ugcvlive.apdcdn.tc.qq.com(211.152.132.216) st.tencent-cloud.com(211.152.132.216) hm.baidu.com(111.45.3.198) - mailcious 9d215ea2cab88371652c1ef094554b8f.rdt.tfogc.com(183.214.144.2) ss1.baidu.com(185.10.104.109) f7.baidu.com(103.235.45.243) xy120x209x212x19xy.mcdn.bilivideo.cn(120.209.212.19) zj-cn-live-comet.chat.bilibili.com(47.103.12.10) cdn.nfa.qq.com(42.177.83.82) b60ec859c86b068d2351ce983cebdb01.rdt.tfogc.com(175.4.55.182) as1.m.hao123.com(42.81.8.130) publiclog.zhiyan.tencent-cloud.net(121.14.77.149) p0.qhimg.com(54.192.175.113) imgcdn.toutiaoyule.com(111.47.229.228) bdb4e1d1d90392c080815d268dfe7f87.rdt.tfogc.com(183.214.52.52) pcwup.imtt.qq.com(14.22.9.100) b0218760c889395ec69a3305b7ab05fa.rdt.tfogc.com(183.214.52.58) pos.baidu.com(103.235.46.94) sapi-wzdh.2345.com(47.102.123.53) optimizationguide-pa.googleapis.com(172.217.161.234) otheve.beacon.qq.com(129.226.106.210) 6252cfceac8fd2546906f4522c07fff2.rdt.tfogc.com(219.144.77.71) jx.cdn.qhstatic.com(104.192.108.192) vr.gdt.qq.com(43.159.118.117) mbd.baidu.com(103.235.47.212) dhps.2345.com(180.163.203.99) s3m4.fenxi.com(175.6.254.74) passport.baidu.com(45.113.194.250) index-api.2345.com(180.101.190.124) www-stream.2345cdn.net(163.181.22.205) 6ad41852c351bbdf31590130781c1f5c.rdt.tfogc.com(175.153.180.110) v.gdt.qq.com(43.159.118.117) 0a0a389bc8b2293cdc7b734e9cf84e2f.rdt.tfogc.com(113.141.160.198) www.sogou.com(119.28.109.132) v.qq.com(23.7.212.166) rpt.gdt.qq.com(43.159.118.117) quickstart.imtt.qq.com(129.226.103.233) sc0.hao123img.com(58.254.180.65) lupic.cdn.bcebos.com(60.188.66.35) ipsad.l.qq.com(43.129.2.69) www.bilibili.com(164.52.44.50) daohang.browser.qq.com(43.154.240.84) 256c3d9bfaf9b50b26a3007eed50f82a.rdt.tfogc.com(111.4.66.8) hw-v2-web-player-tracker.biliapi.net(101.91.136.148) mc.minibai.com(118.24.85.16) live.bilibili.com(164.52.47.54) live-s3m.mediav.com(111.174.12.100) sfp.safe.baidu.com(36.110.219.204) www.591888.vip(38.147.189.238) ltscsy.qq.com(116.162.208.149) 430df5a0d910a183ce55ba9aa34a065f.rdt.tfogc.com(111.4.66.17) www.hao123.com(103.235.46.98) hotlist.imtt.qq.com(43.154.240.245) puui.qpic.cn(23.210.247.59) dns.google(8.8.4.4) b.bdstatic.com(117.68.52.48) ssxd.mediav.com(112.65.69.51) 35d956a39c11b2a14f588d401b8eb2ea.rdt.tfogc.com(183.95.181.108) api.live.bilibili.com(164.52.47.54) h.trace.qq.com(129.226.102.234) cpro.baidustatic.com(220.169.152.38) aegis.qq.com(43.137.221.145) www.hao774.com(61.170.79.225) 3924a2b0e8a2c4ef0b5b941a5d29f50f.rdt.tfogc.com(183.214.52.49) max-l.mediav.com(180.163.247.134) www.aliyunpay.shop(118.178.125.54) wup.imtt.qq.com(43.154.240.161) 46accc8a55ff111839e2072af218a509.rdt.tfogc.com(183.214.144.4) arms-retcode.aliyuncs.com(47.96.83.41) beacon.cdn.qq.com(211.152.132.208) wn.pos.baidu.com(182.61.200.11) qbuniplugin.html5.qq.com(43.135.106.117) topnews.imtt.qq.com(101.32.212.153) novel.html5.qq.com(129.226.107.80) webrtcpunch.video.qq.com(119.147.179.227) config.ab.qq.com(43.159.234.88) i2.hdslb.com(122.10.154.135) trpcpb.imtt.qq.com(129.226.107.205) cn-sccd-cu-01-09.bilivideo.com(101.206.209.10) sofire.baidu.com(36.110.192.107) hectorstatic.baidu.com(113.142.207.38) 118.24.85.16 47.96.87.99 38.147.189.238 124.223.105.161 47.97.204.105 139.196.217.38 - malware 118.178.125.54 116.62.214.53 47.98.133.194 60.12.184.62 18.138.132.100	5 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Dotted Quad Host ZIP Request ET INFO Observed External IP Lookup Domain (checkip .amazonaws .com) in TLS SNI ET INFO External IP Lookup Domain in DNS Lookup (checkip .amazonaws .com) ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)	15.4	M	47	ZeroCERT

1661	2024-08-04 13:41	JX2goame.exe 288f1d023c0446d190a28e5f1899667c EnigmaProtector UPX PE File PE32 VirusTotal Malware unpack itself Windows ComputerName crashed				4.2	M	42	ZeroCERT

1662	2024-08-04 13:39	win.exe 67b035c3aac011e498d0e6685fde0c16 UPX PE File PE64 VirusTotal Malware suspicious privilege Windows utilities WriteConsoleW Windows DNS		1		4.2	M	42	ZeroCERT

1663	2024-08-04 13:37	fremoney.pdf.lnk 815e6eb6a474f4fcde376762c0e69c37 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis			4.2		11	ZeroCERT

1664	2024-08-04 13:37	mimispool.dll 7185df3dbaa4049c26fe2d6962528577 Generic Malware Malicious Library UPX PE File DLL PE64 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself crashed				2.2	M	44	ZeroCERT

1665	2024-08-04 13:36	DR_Mod_200_2023.PDF.lnk 0d6f8a03885e85f384584cb2416f859e Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Interception Windows ComputerName Cryptographic key	1 Keyword trend analysis	1		7.2		34	ZeroCERT