47701 |
2020-07-03 18:50
|
https://download.nullsoft.com/... 966437f4d89ae4e72e637e3f2e92a45f VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut Creates executable files ICMP traffic exploit crash unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk sandbox evasion Firewall state off VM Disk Size Check human activity check installed browsers check Ransomware Interception Windows Exploit Browser ComputerName DNS crashed |
12
http://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe http://client.winamp.com/update?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US http://client.winamp.com/update/latest-version.php?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&lang=en-US http://client.winamp.com/update?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&lang=en-US http://client.winamp.com/update/client_session.php?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US http://cert.int-x3.letsencrypt.org/ https://cert.int-x3.letsencrypt.org/ https://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe https://client.winamp.com/update/latest-version.php?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&lang=en-US https://client.winamp.com/update/client_session.php?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US https://client.winamp.com/update?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&lang=en-US https://client.winamp.com/update?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
|
13
watson.microsoft.com(52.184.220.162) cert.int-x3.letsencrypt.org(104.74.211.103) www.google.com(216.58.197.228) download.nullsoft.com(5.39.58.66) client.winamp.com(31.12.71.55) 104.74.211.103 119.207.64.19 172.217.26.4 23.212.13.232 23.67.53.9 31.12.71.55 5.39.58.66 52.184.220.162
|
|
|
15.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47702 |
2020-07-03 18:45
|
http://raymondjaon.ug/rac2.exe VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
2
http://raymondjaon.ug/rac2.exe https://raymondjaon.ug/rac2.exe
|
7
watson.microsoft.com(51.143.111.81) raymondjaon.ug(217.8.117.45) 119.207.64.19 217.8.117.45 23.212.13.232 23.67.53.9 52.158.209.219
|
|
|
5.8 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47703 |
2020-07-03 18:43
|
http://chinese2wsdyonly6ywalka... c4b03b75e2ccbe4e6b791d004fb91fe7 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Ransomware Windows Exploit DNS DDNS crashed |
2
http://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe https://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
|
7
watson.microsoft.com(52.158.209.219) chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org(103.140.251.164) 103.140.251.164 119.207.64.19 23.212.13.232 23.67.53.9 51.143.111.81
|
|
|
11.4 |
M |
16 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47704 |
2020-07-03 18:42
|
http://chinese2wsdyonly6ywalka... c4b03b75e2ccbe4e6b791d004fb91fe7 VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS DDNS crashed |
2
http://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe https://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
|
7
watson.microsoft.com(52.158.209.219) chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org(103.140.251.164) 103.140.251.164 119.207.64.19 23.212.13.232 23.67.53.9 51.143.111.81
|
|
|
6.0 |
M |
16 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47705 |
2020-07-03 18:40
|
http://chinese2wsdyonly6ywalka... VirusTotal Malware DNS DDNS |
2
http://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe https://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
|
2
chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org(103.140.251.164) 103.140.251.164
|
|
|
1.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47706 |
2020-07-03 18:37
|
http://chinese2wsdyonly6ywalka... c4b03b75e2ccbe4e6b791d004fb91fe7 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder Ransomware Windows Exploit DNS DDNS crashed |
2
http://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe https://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
|
7
watson.microsoft.com(51.143.111.81) chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org(103.140.251.164) 103.140.251.164 119.207.64.19 23.212.13.232 23.67.53.9 52.158.209.219
|
|
|
11.0 |
M |
16 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47707 |
2020-07-03 18:33
|
http://chinese2wsdyonly6ywalka... c4b03b75e2ccbe4e6b791d004fb91fe7 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Ransomware Windows Exploit DNS DDNS crashed |
2
http://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe https://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
|
7
watson.microsoft.com(51.143.111.81) chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org(103.140.251.164) 103.140.251.164 119.207.64.19 23.212.13.232 23.67.53.9 52.184.220.162
|
|
|
11.4 |
M |
16 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47708 |
2020-07-03 18:30
|
http://chinese2wsdyonly6ywalka... VirusTotal Malware DNS DDNS |
2
http://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe https://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
|
2
chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org(103.140.251.164) 103.140.251.164
|
|
|
1.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47709 |
2020-07-03 18:29
|
http://raymondjaon.ug/rac2.exe VirusTotal Malware |
2
http://raymondjaon.ug/rac2.exe https://raymondjaon.ug/rac2.exe
|
2
raymondjaon.ug(217.8.117.45) 217.8.117.45
|
|
|
1.0 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47710 |
2020-07-03 18:27
|
http://gadcoafrica.com/wordpre... VirusTotal Malware |
2
http://gadcoafrica.com/wordpress/includes/images/h4.exe https://gadcoafrica.com/wordpress/includes/images/h4.exe
|
2
gadcoafrica.com(68.171.212.63) 68.171.212.63
|
|
|
1.0 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47711 |
2020-07-03 18:19
|
http://raymondjaon.ug/rac2.exe VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://raymondjaon.ug/rac2.exe https://raymondjaon.ug/rac2.exe
|
4
raymondjaon.ug(217.8.117.45) watson.microsoft.com(52.184.220.162) 217.8.117.45 52.184.220.162
|
|
|
5.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47712 |
2020-07-03 18:03
|
http://raymondjaon.ug/rac2.exe VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities Windows Exploit crashed |
2
http://raymondjaon.ug/rac2.exe https://raymondjaon.ug/rac2.exe
|
4
raymondjaon.ug(217.8.117.45) watson.microsoft.com(51.143.111.81) 217.8.117.45 51.143.111.81
|
|
|
3.4 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47713 |
2020-07-03 17:52
|
http://raymondjaon.ug/rac2.exe VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities Windows Exploit crashed |
2
http://raymondjaon.ug/rac2.exe https://raymondjaon.ug/rac2.exe
|
4
watson.microsoft.com(52.184.220.162) raymondjaon.ug(217.8.117.45) 217.8.117.45 51.143.111.81
|
|
|
4.4 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47714 |
2020-07-03 17:47
|
http://raymondjaon.ug/rac2.exe VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
2
http://raymondjaon.ug/rac2.exe https://raymondjaon.ug/rac2.exe
|
7
watson.microsoft.com(52.158.209.219) raymondjaon.ug(217.8.117.45) 119.207.64.19 217.8.117.45 23.212.13.232 23.67.53.9 52.184.220.162
|
|
|
5.8 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47715 |
2020-07-03 17:46
|
http://raymondjaon.ug/rac2.exe VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
2
http://raymondjaon.ug/rac2.exe https://raymondjaon.ug/rac2.exe
|
7
watson.microsoft.com(51.143.111.81) raymondjaon.ug(217.8.117.45) 119.207.64.19 217.8.117.45 23.212.13.232 23.67.53.9 52.184.220.162
|
|
|
5.8 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|