| 1996 |
2025-02-19 11:33
|
 mtyihjksfda.exe eb12e94f260c4e66eb2dbc74bc44bb84
PE File PE32 unpack itself ComputerName crashed |
|
|
|
|
1.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1997 |
2025-02-19 11:33
|
 1358.exe a060b37c0ef63cafec92efde7fc6eeb9
Generic Malware Malicious Library .NET framework(MSIL) UPX ScreenShot Escalate priviledges Code injection AntiDebug AntiVM PE File PE32 OS Processor Check .NET EXE PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Windows utilities suspicious process WriteConsoleW Windows RCE DNS |
|
1
|
|
|
8.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1998 |
2025-02-19 11:31
|
 coddee.exe 3226cbb0e99af57d6574e04c76364877
PE File PE64 Check memory Checks debugger unpack itself Check virtual network interfaces DNS |
|
1
|
|
|
2.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1999 |
2025-02-19 11:31
|
 ik.exe 40a3b67a99299a4f0f3a352b4f7739c9
Generic Malware Malicious Library UPX PE File PE32 DLL Browser Info Stealer Phishing buffers extracted Creates executable files unpack itself AppData folder suspicious TLD Browser DNS |
15
http://www.blissfuljo.life/p8fe/
http://www.bjogo.top/0ekp/?Rmyfu=pV4l2sJ5SKTfO2UKe3vpYQms7oDV9Z1ZTd//bSk12oBNtulDh+GDNLKspI2ybbM6Ulb9MujLBOrC2bz5gPibbXkxWVg5NcqV4sd6rfkPD23v8QrCPt85paxIo96ZJG6eSxv1+xA=&3K=dJI58bJxQ
http://www.zkderby.xyz/bqyq/
http://www.rds845.shop/h0nr/
http://www.82765.ltd/59d5/
http://www.birbacher.online/os5r/?Rmyfu=231uHx8vc2OXjfRp9MqGfmAfw0ORoc0FHs1yPQI+Y8FHV11jaHQ2ftygF7Z20+LhG+hwvpvPffWcTqqpG/gNLui17mhEo7YUi96xAksmd+3++erClo3DLaj5tFD9ebrkUZzk9Dk=&3K=dJI58bJxQ
http://www.031234103.xyz/6gd2/
http://www.birbacher.online/os5r/
http://www.sqlite.org/2019/sqlite-dll-win32-x86-3280000.zip
http://www.82765.ltd/59d5/?Rmyfu=qiWz9HwqJLKnYi7JlC6qkRM9oNVOe4dAvB5Yj2dX6M9d0oXA3FTQuLckJRO7ZlKIhJbHCMmlfOuDN9YpFc7H3lclNb/Uy7Zdu1Mg4MyeDmJL6C9SantxWX3ypDcfwQ2eRaZ57U8=&3K=dJI58bJxQ
http://www.blissfuljo.life/p8fe/?Rmyfu=nweR1c0XBtkzZggi0v3dr9kB4xCEwoCGMBQNH/aYwX8LuhjLbL5HUgqXwTet0aQ44oxYgp72GiDpetq5GT3VFYsxr5RBWjhs308QLFo3+dsZTQkp8hunF2AzxzIui5HbDfaQI0w=&3K=dJI58bJxQ
http://www.rds845.shop/h0nr/?Rmyfu=5SMA7S/38P4RaRgCp3VO1tw2rROs9wah4HH5Q6yYr3Nu4ZqcK75SUzG8TXPdlVkL75Uc/7uyt+ZBxF8Sx8kUuaqQBEx7a3bwhtWi8pbBN6KWtUApBidRHQ/G3KkasTH6o4wmaSg=&3K=dJI58bJxQ
http://www.bjogo.top/0ekp/
http://www.031234103.xyz/6gd2/?Rmyfu=eDwP/8dm6CwnhXuB5IJF6tcmrP8qMyRusivP8vJ/CAl0CGhAGK7mzvA4v30eghRxdOMQU1afgYEQdjgAooUx1K4I/phOYtNowfmzMvro50gabBLkO4mInrSdt2aBNeYGRLrQQ4U=&3K=dJI58bJxQ
http://www.zkderby.xyz/bqyq/?Rmyfu=Z6W2Due/iFNSY6roA058AuqdLgygAHlj29B3DLhDfw5gzakQrGCVCfu5pLO3yHC2Q5prfxENXL60nad/MKUoC8UQrxa2M0+WRd3DYf4bgsYWClNewfklrWL3J7GXJ+tZq73l4I4=&3K=dJI58bJxQ
|
15
www.82765.ltd() -
www.bjogo.top() -
www.031234103.xyz() -
www.blissfuljo.life() -
www.zkderby.xyz() -
www.rds845.shop() -
www.birbacher.online() -
156.224.194.237 -
144.76.229.203 -
76.223.54.146 -
148.72.247.70 -
103.42.144.142 -
162.0.225.218 -
217.160.0.24 -
45.33.6.223 -
|
5
ET INFO HTTP Request to Suspicious *.life Domain
ET DNS Query to a *.top domain - Likely Hostile
ET INFO HTTP Request to a *.top domain
ET HUNTING HTTP POST to XYZ TLD Containing Pass - Possible Phishing
ET INFO Observed DNS Query to .life TLD
|
|
4.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2000 |
2025-02-19 11:29
|
 beacon_x64.exe 77bc5d5c49245b9f88fe6bded397108f
Malicious Library PE File PE64 RWX flags setting unpack itself ComputerName DNS |
|
1
|
|
|
4.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2001 |
2025-02-19 11:29
|
 laserrrrrrrr.ps1 c1a6a13984d7ff91ce8cacc203ad8f99
Formbook Hide_EXE Generic Malware UPX Malicious Library Malicious Packer Confuser .NET Antivirus AntiDebug AntiVM PE File DLL PE32 .NET EXE Browser Info Stealer powershell Buffer PE Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself powershell.exe wrote AppData folder suspicious TLD Browser DNS |
28
http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip
http://www.autonomousrich.xyz/qejj/?U_SFASt=PpgyVvjpBOBybA0SVZi2yvrKre7t887Q7x0KObR0TUF97L5S0+m/kHRYUzTxXAh7Q0WsryaKFlqGhgO6Q/rlmTpzTWQR9SMMEvug4s0M8fRyHCcYi6UU4gQRLfrko3xiwb3FHcs=&67l0=In7T_NX
http://www.l63339.xyz/vhr7/?U_SFASt=iaSfD1StI7hDT4qLO8uUiRMZCfzOjk7n7gYmLjmbAGxKTACTDmsojAseBTws2ae3nsJ7oX723eTW3ctEzpxpoAGWw5lYsZyjnFbtqE7RDBWvF3wnDTau3wgNIBcGnVL27k7EtEM=&67l0=In7T_NX - rule_id: 43949
http://www.l63339.xyz/vhr7/?U_SFASt=iaSfD1StI7hDT4qLO8uUiRMZCfzOjk7n7gYmLjmbAGxKTACTDmsojAseBTws2ae3nsJ7oX723eTW3ctEzpxpoAGWw5lYsZyjnFbtqE7RDBWvF3wnDTau3wgNIBcGnVL27k7EtEM=&67l0=In7T_NX
http://www.tumbetgirislinki.fit/k566/ - rule_id: 43950
http://www.tumbetgirislinki.fit/k566/
http://www.kjuw.party/e0jv/?U_SFASt=T5a+nPXa7vHYgORbmIzRnsYJn/5yKJpyja1Bw4L97U3J4ftOxLqNjjmK0MbXg0R7zOiA8ZTqxO8XWXqYcYfBl6po+rPbfzDYogoaVOnbbhZcGmBPmnt3DMj2ULUXFIgoaMg3MTM=&67l0=In7T_NX - rule_id: 43957
http://www.kjuw.party/e0jv/?U_SFASt=T5a+nPXa7vHYgORbmIzRnsYJn/5yKJpyja1Bw4L97U3J4ftOxLqNjjmK0MbXg0R7zOiA8ZTqxO8XWXqYcYfBl6po+rPbfzDYogoaVOnbbhZcGmBPmnt3DMj2ULUXFIgoaMg3MTM=&67l0=In7T_NX
http://www.lucynoel6465.shop/jgkl/ - rule_id: 43951
http://www.lucynoel6465.shop/jgkl/
http://www.partflix.net/djyl/
http://www.lucynoel6465.shop/jgkl/?U_SFASt=hI+cEEoDMRK5HtHm9IZKcVLqeO4rH3Lo+nuR9x41ri89hVkyLZ4bcwu1mex5brSMZV4GWavlrf0/NsblmXI4eKNzhD3LBC/4pVsqqx1rwhcrHMghz/r2elc8myKvxM7B12e/f+g=&67l0=In7T_NX - rule_id: 43951
http://www.lucynoel6465.shop/jgkl/?U_SFASt=hI+cEEoDMRK5HtHm9IZKcVLqeO4rH3Lo+nuR9x41ri89hVkyLZ4bcwu1mex5brSMZV4GWavlrf0/NsblmXI4eKNzhD3LBC/4pVsqqx1rwhcrHMghz/r2elc8myKvxM7B12e/f+g=&67l0=In7T_NX
http://www.sqlite.org/2019/sqlite-dll-win32-x86-3300000.zip
http://www.autonomousrich.xyz/qejj/
http://www.seasay.xyz/c9ts/
http://www.l63339.xyz/vhr7/ - rule_id: 43949
http://www.l63339.xyz/vhr7/
http://www.topitch.top/goj6/ - rule_id: 43958
http://www.topitch.top/goj6/
http://www.partflix.net/djyl/?U_SFASt=x4UYXwVOLjDEdQDSN4yID8sjKcLRjYZuXBbMFKiZ0gPoO4cAuWUlUabLU4j6ldOhDBKNlpcPNJlKLH49k78i4i+oEuF5+HgjB9TsADfOjimoYc7CmuuhR+qQN28W67NMblj9mVM=&67l0=In7T_NX
http://www.seasay.xyz/c9ts/?U_SFASt=b2h4705j/BXuiRKuPHFbUdEbqJe1MinMqHSZnAN25/qy/QtrNwJSy3eXSyjtHz4ya5noZxgPZS6U32Ne2lAqUHs60/bVHWYZj4bOBMkEbIDR1pSG2NViohqBC3T6QIxJ3DEBtzU=&67l0=In7T_NX
http://www.tumbetgirislinki.fit/k566/?U_SFASt=RARW43WNMKajmHobr0h+FYOVnPeo69WXvXreCHJ6fEp5jkldk9mcfHn6UnU82+9OdsowyVV8wlYPh4e4mYqP64YSjghMuBr0WoXV5avhz1caW9rj8asJcaLGlYzIq2qtHDCYWJw=&67l0=In7T_NX - rule_id: 43950
http://www.tumbetgirislinki.fit/k566/?U_SFASt=RARW43WNMKajmHobr0h+FYOVnPeo69WXvXreCHJ6fEp5jkldk9mcfHn6UnU82+9OdsowyVV8wlYPh4e4mYqP64YSjghMuBr0WoXV5avhz1caW9rj8asJcaLGlYzIq2qtHDCYWJw=&67l0=In7T_NX
http://www.kjuw.party/e0jv/ - rule_id: 43957
http://www.kjuw.party/e0jv/
http://www.topitch.top/goj6/?U_SFASt=90Ns8gSHVfuKmwMvqoBDvov0x0TuRSc4CHvhiyRIaCFX9JzO3hXkGdLkIxbX7QQ8WI53tEhNGahKOUZIphRSegDcYcrC0WhrrPS45v/w4f2SjHeENV+PjA2DCpp4ca+uy9lGHYA=&67l0=In7T_NX - rule_id: 43958
http://www.topitch.top/goj6/?U_SFASt=90Ns8gSHVfuKmwMvqoBDvov0x0TuRSc4CHvhiyRIaCFX9JzO3hXkGdLkIxbX7QQ8WI53tEhNGahKOUZIphRSegDcYcrC0WhrrPS45v/w4f2SjHeENV+PjA2DCpp4ca+uy9lGHYA=&67l0=In7T_NX
|
16
www.partflix.net() -
www.topitch.top() -
www.lucynoel6465.shop() -
www.seasay.xyz() -
www.l63339.xyz() -
www.kjuw.party() -
www.tumbetgirislinki.fit() -
www.autonomousrich.xyz() -
45.33.6.223 -
13.248.169.48 -
76.76.21.61 -
134.122.135.48 -
162.218.30.235 -
162.0.231.203 -
104.21.16.1 -
103.106.67.112 -
|
4
ET INFO HTTP Request to Suspicious *.fit Domain
ET INFO Observed DNS Query to .fit TLD
ET INFO HTTP Request to a *.top domain
ET DNS Query to a *.top domain - Likely Hostile
|
10
http://www.l63339.xyz/vhr7/
http://www.tumbetgirislinki.fit/k566/
http://www.kjuw.party/e0jv/
http://www.lucynoel6465.shop/jgkl/
http://www.lucynoel6465.shop/jgkl/
http://www.l63339.xyz/vhr7/
http://www.topitch.top/goj6/
http://www.tumbetgirislinki.fit/k566/
http://www.kjuw.party/e0jv/
http://www.topitch.top/goj6/
|
12.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2002 |
2025-02-19 11:27
|
 ksdrgewt.exe c86d74db513409a3dc9ac700bd4a33b2
PE File PE32 unpack itself ComputerName crashed |
|
|
|
|
1.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2003 |
2025-02-19 11:26
|
 emgg.ps1 d3b7a6cbb1106c831806fa680b1dad50
Hide_EXE Generic Malware Confuser .NET Antivirus PE File PE64 powershell MachineGuid Check memory Checks debugger Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces DNS |
|
1
|
|
|
5.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2004 |
2025-02-19 11:25
|
 bea.exe e3a004b573f3b6a8e32a6cf74e63c9d2
Malicious Library PE File PE64 RWX flags setting unpack itself ComputerName DNS |
|
1
|
|
|
4.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2005 |
2025-02-19 11:24
|
 artifact_x64_test2.exe b1e8cabf1133b394028a2ab19df8c80a
Malicious Library PE File PE64 RWX flags setting DNS crashed |
|
1
|
1
SURICATA Applayer Wrong direction first Data
|
|
1.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2006 |
2025-02-19 11:22
|
 beacon.exe c5d8217bd1a44f9ef1966ca00c91f85a
Malicious Library PE File PE64 RWX flags setting unpack itself ComputerName DNS |
|
1
|
|
|
4.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2007 |
2025-02-19 11:22
|
 monthdragon.exe 3987c20fe280784090e2d464dd8bb61a
ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 Code Injection Check memory Checks debugger buffers extracted unpack itself crashed |
|
|
|
|
6.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2008 |
2025-02-19 11:10
|
setup8812.msi 40b91f7289d9e797d4318581af642ad8
Generic Malware Malicious Library MSOffice File CAB OS Processor Check suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName |
2
http://kuueskmwqmwoocuq.xyz:443/api/client_hello - rule_id: 43990
http://kuueskmwqmwoocuq.xyz:443/api/client_hello
|
2
kuueskmwqmwoocuq.xyz() -
31.192.232.4 -
|
|
1
http://kuueskmwqmwoocuq.xyz:443/api/client_hello
|
2.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2009 |
2025-02-19 11:07
|
 TASLoginBase.dll edc0784c522abc4891d9bedac02e0a1c
Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check Checks debugger unpack itself crashed |
|
|
|
|
1.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2010 |
2025-02-19 11:07
|
 cabal.exe c0b915db483249fbb011d4c73d0dbf1f
Emotet Generic Malware Malicious Library .NET framework(MSIL) UPX Downloader Anti_VM PE File .NET EXE PE32 DLL OS Processor Check .NET DLL MSOffice File CAB Malware Buffer PE PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Check virtual network interfaces AppData folder Ransomware Windows Update DNS Cryptographic key |
116
http://168.138.162.78/output0//client/update.exe
http://168.138.162.78/output0/client/Guild/1_140.gld
http://168.138.162.78/output0/client/Data/change_shape.enc
http://168.138.162.78/output0/client/Data/Language/English/cabal_msg.enc
http://168.138.162.78/output0/client/Data/UI/Icon/force010.dds
http://168.138.162.78/output0/client/Guild/1_246.gld
http://168.138.162.78/output0/client/Guild/1_231.gld
http://168.138.162.78/output0/client/Data/Language/English/caz_msg.enc
http://168.138.162.78/output0/client/Guild/1_38.gld
http://168.138.162.78/output0/client/Data/Language/English/achievement_msg.enc
http://168.138.162.78/output0/client/Guild/1_186.gld
http://168.138.162.78/output0/client/Data/quest.enc
http://168.138.162.78/output0/client/Guild/1_51.gld
http://168.138.162.78/output0/client/Guild/1_167.gld
http://168.138.162.78/output0/client/Guild/1_22.gld
http://168.138.162.78/output0/client/Guild/1_258.gld
http://168.138.162.78/output0/client/Guild/1_252.gld
http://168.138.162.78/output0/client/Guild/1_27.gld
http://168.138.162.78/output0/client/Guild/1_3.gld
http://168.138.162.78/output0/client/Data/item.enc
http://168.138.162.78/output0/client/Guild/1_92.gld
http://168.138.162.78/output0/client/Guild/1_28.gld
http://168.138.162.78/output0/client/Guild/1_202.gld
http://168.138.162.78/output0/client/Guild/1_50.gld
http://168.138.162.78/output0/client/Guild/1_70.gld
http://168.138.162.78/output0/client/Guild/1_6.gld
http://168.138.162.78/output0/client/Guild/1_199.gld
http://168.138.162.78/output0/client/Guild/1_208.gld
http://168.138.162.78/output0/client/Guild/1_8.gld
http://168.138.162.78/output0/client/Guild/1_42.gld
http://168.138.162.78/output0/client/Guild/1_1.gld
http://168.138.162.78/output0/client/Data/market.enc
http://168.138.162.78/output0/client/Data/caz.enc
http://168.138.162.78/output0/client/Guild/1_30.gld
http://168.138.162.78/output0/client/Data/UI/Icon/skill265.dds
http://168.138.162.78/output0/client/Guild/1_149.gld
http://168.138.162.78/output0//client/7z.dll
http://168.138.162.78/output0/client/Data/Language/English/klog.enc
http://168.138.162.78/output0/client/Data/Language/English/extra_obj_msg.enc
http://168.138.162.78/output0/client/Data/Language/English/script_msg.enc
http://168.138.162.78/output0/client/custom.dll
http://168.138.162.78/output0/client/cabalmain.exe
http://168.138.162.78/output0//client/System.Windows.Interactivity.dll
http://168.138.162.78/output0/client/Data/Language/English/help.enc
http://168.138.162.78/output0/client/Guild/1_166.gld
http://168.138.162.78/output0/client/Guild/1_31.gld
http://168.138.162.78/output0/client/Guild/1_43.gld
http://168.138.162.78/output0/client/Guild/1_135.gld
http://168.138.162.78/output0/client/Guild/1_99.gld
http://168.138.162.78/output0/client/Data/Language/English/script.enc
http://168.138.162.78/output0/client/Data/mapinfo.enc
http://168.138.162.78/output0/client/Guild/1_143.gld
http://168.138.162.78/output0/client/Guild/1_102.gld
http://168.138.162.78/output0/client/Guild/1_55.gld
http://168.138.162.78/output0/client/Data/cont2.enc
http://168.138.162.78/output0/client/Data/global.enc
http://168.138.162.78/output0//client/SevenZipSharp.dll
http://168.138.162.78/output0/client/Guild/1_16.gld
http://168.138.162.78/output0/client/Data/assistant.enc
http://168.138.162.78/output0/client/Data/mob.enc
http://168.138.162.78/output0/client/Guild/1_2.gld
http://168.138.162.78/output0/client/Data/data.enc
http://168.138.162.78/output0/client/Guild/1_103.gld
http://168.138.162.78/output0/client/Data/UI/Icon/skill266.dds
http://168.138.162.78/output0/client/Data/Language/English/tip.enc
http://168.138.162.78/output0/client/Guild/1_19.gld
http://168.138.162.78/output0/client/Guild/1_62.gld
http://168.138.162.78/output0/client/Guild/1_15.gld
http://168.138.162.78/output0/client/Data/achievement.enc
http://168.138.162.78/output0/client/Data/UI/Icon/skill264.dds
http://168.138.162.78/output0/client/Data/extra_obj.enc
http://168.138.162.78/output0/client/Guild/1_18.gld
http://168.138.162.78/output0/client/Data/Language/English/cont2_msg.enc
http://168.138.162.78/output0/client/Guild/1_232.gld
http://168.138.162.78/output0/client/Guild/1_40.gld
http://168.138.162.78/output0/client/Guild/1_192.gld
http://168.138.162.78/output0/client/Guild/1_253.gld
http://168.138.162.78/output0/client/Guild/1_91.gld
http://168.138.162.78/output0/client/Guild/1_26.gld
http://168.138.162.78/output0/client/Data/destroy.enc
http://168.138.162.78/output0/client/Guild/1_230.gld
http://168.138.162.78/output0/client/Guild/1_66.gld
http://168.138.162.78/output0/client/Guild/1_104.gld
http://168.138.162.78/output0/client/Data/Map/world_01.mcl
http://168.138.162.78/output0/client/Data/Language/English/msg.enc
http://168.138.162.78/output0/client/Guild/1_5.gld
http://168.138.162.78/output0//resources0.xml
http://168.138.162.78/output0/client/Data/cont.enc
http://168.138.162.78/output0/client/Data/smob.enc
http://168.138.162.78/output0/client/Guild/1_193.gld
http://168.138.162.78/output0/client/Guild/1_17.gld
http://168.138.162.78/output0/client/Guild/1_106.gld
http://168.138.162.78/output0/client/Guild/1_105.gld
http://168.138.162.78/output0/updates/update_1.7z
http://168.138.162.78/output0/client/Guild/1_260.gld
http://168.138.162.78/output0/client/Guild/1_257.gld
http://168.138.162.78/output0/client/Guild/1_218.gld
http://168.138.162.78/output0/client/Guild/1_12.gld
http://168.138.162.78/output0/client/Data/keymap.enc
http://168.138.162.78/output0/client/Guild/1_32.gld
http://168.138.162.78/output0/client/Guild/1_125.gld
http://168.138.162.78/output0/client/Guild/1_37.gld
http://168.138.162.78/output0/client/Guild/1_23.gld
http://168.138.162.78/output0/client/Data/Language/English/keymap_msg.enc
http://168.138.162.78/output0/client/Guild/1_25.gld
http://168.138.162.78/output0/client/Guild/1_24.gld
http://168.138.162.78/output0/client/Guild/1_219.gld
http://168.138.162.78/output0/client/Guild/1_227.gld
http://168.138.162.78/output0/client/Data/ability.enc
http://168.138.162.78/output0/client/Guild/1_14.gld
http://168.138.162.78/output0/client/Guild/1_184.gld
http://168.138.162.78/output0/client/Guild/1_145.gld
http://168.138.162.78/output0/client/Data/maze.enc
http://168.138.162.78/output0/client/Data/cabal.enc
http://168.138.162.78/output0/client/Guild/1_136.gld
http://168.138.162.78/output0/client/Data/Language/English/cont_msg.enc
|
2
s4.gtsystems.hu() -
168.138.162.78 -
|
7
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO Dotted Quad Host DLL Request
ET INFO Packed Executable Download
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
9.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|