| 47701 |
2020-07-03 18:50
|
https://download.nullsoft.com/... 966437f4d89ae4e72e637e3f2e92a45f
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut Creates executable files ICMP traffic exploit crash unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk sandbox evasion Firewall state off VM Disk Size Check human activity check installed browsers check Ransomware Interception Windows Exploit Browser ComputerName DNS crashed |
12
http://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe
http://client.winamp.com/update?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
http://client.winamp.com/update/latest-version.php?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&lang=en-US
http://client.winamp.com/update?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&lang=en-US
http://client.winamp.com/update/client_session.php?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
http://cert.int-x3.letsencrypt.org/
https://cert.int-x3.letsencrypt.org/
https://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe
https://client.winamp.com/update/latest-version.php?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&lang=en-US
https://client.winamp.com/update/client_session.php?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
https://client.winamp.com/update?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&lang=en-US
https://client.winamp.com/update?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
|
13
watson.microsoft.com(52.184.220.162)
cert.int-x3.letsencrypt.org(104.74.211.103)
www.google.com(216.58.197.228)
download.nullsoft.com(5.39.58.66)
client.winamp.com(31.12.71.55)
104.74.211.103
119.207.64.19
172.217.26.4
23.212.13.232
23.67.53.9
31.12.71.55
5.39.58.66
52.184.220.162
|
|
|
15.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47702 |
2020-07-03 18:45
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
2
http://raymondjaon.ug/rac2.exe
https://raymondjaon.ug/rac2.exe
|
7
watson.microsoft.com(51.143.111.81)
raymondjaon.ug(217.8.117.45)
119.207.64.19
217.8.117.45
23.212.13.232
23.67.53.9
52.158.209.219
|
|
|
5.8 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47703 |
2020-07-03 18:43
|
http://chinese2wsdyonly6ywalka... c4b03b75e2ccbe4e6b791d004fb91fe7
VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Ransomware Windows Exploit DNS DDNS crashed |
2
http://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
https://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
|
7
watson.microsoft.com(52.158.209.219)
chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org(103.140.251.164)
103.140.251.164
119.207.64.19
23.212.13.232
23.67.53.9
51.143.111.81
|
|
|
11.4 |
M |
16 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47704 |
2020-07-03 18:42
|
http://chinese2wsdyonly6ywalka... c4b03b75e2ccbe4e6b791d004fb91fe7
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS DDNS crashed |
2
http://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
https://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
|
7
watson.microsoft.com(52.158.209.219)
chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org(103.140.251.164)
103.140.251.164
119.207.64.19
23.212.13.232
23.67.53.9
51.143.111.81
|
|
|
6.0 |
M |
16 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47705 |
2020-07-03 18:40
|
http://chinese2wsdyonly6ywalka...
VirusTotal Malware DNS DDNS |
2
http://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
https://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
|
2
chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org(103.140.251.164)
103.140.251.164
|
|
|
1.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47706 |
2020-07-03 18:37
|
http://chinese2wsdyonly6ywalka... c4b03b75e2ccbe4e6b791d004fb91fe7
VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder Ransomware Windows Exploit DNS DDNS crashed |
2
http://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
https://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
|
7
watson.microsoft.com(51.143.111.81)
chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org(103.140.251.164)
103.140.251.164
119.207.64.19
23.212.13.232
23.67.53.9
52.158.209.219
|
|
|
11.0 |
M |
16 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47707 |
2020-07-03 18:33
|
http://chinese2wsdyonly6ywalka... c4b03b75e2ccbe4e6b791d004fb91fe7
VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Ransomware Windows Exploit DNS DDNS crashed |
2
http://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
https://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
|
7
watson.microsoft.com(51.143.111.81)
chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org(103.140.251.164)
103.140.251.164
119.207.64.19
23.212.13.232
23.67.53.9
52.184.220.162
|
|
|
11.4 |
M |
16 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47708 |
2020-07-03 18:30
|
http://chinese2wsdyonly6ywalka...
VirusTotal Malware DNS DDNS |
2
http://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
https://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
|
2
chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org(103.140.251.164)
103.140.251.164
|
|
|
1.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47709 |
2020-07-03 18:29
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware |
2
http://raymondjaon.ug/rac2.exe
https://raymondjaon.ug/rac2.exe
|
2
raymondjaon.ug(217.8.117.45)
217.8.117.45
|
|
|
1.0 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47710 |
2020-07-03 18:27
|
http://gadcoafrica.com/wordpre...
VirusTotal Malware |
2
http://gadcoafrica.com/wordpress/includes/images/h4.exe
https://gadcoafrica.com/wordpress/includes/images/h4.exe
|
2
gadcoafrica.com(68.171.212.63)
68.171.212.63
|
|
|
1.0 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47711 |
2020-07-03 18:19
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://raymondjaon.ug/rac2.exe
https://raymondjaon.ug/rac2.exe
|
4
raymondjaon.ug(217.8.117.45)
watson.microsoft.com(52.184.220.162)
217.8.117.45
52.184.220.162
|
|
|
5.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47712 |
2020-07-03 18:03
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities Windows Exploit crashed |
2
http://raymondjaon.ug/rac2.exe
https://raymondjaon.ug/rac2.exe
|
4
raymondjaon.ug(217.8.117.45)
watson.microsoft.com(51.143.111.81)
217.8.117.45
51.143.111.81
|
|
|
3.4 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47713 |
2020-07-03 17:52
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities Windows Exploit crashed |
2
http://raymondjaon.ug/rac2.exe
https://raymondjaon.ug/rac2.exe
|
4
watson.microsoft.com(52.184.220.162)
raymondjaon.ug(217.8.117.45)
217.8.117.45
51.143.111.81
|
|
|
4.4 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47714 |
2020-07-03 17:47
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
2
http://raymondjaon.ug/rac2.exe
https://raymondjaon.ug/rac2.exe
|
7
watson.microsoft.com(52.158.209.219)
raymondjaon.ug(217.8.117.45)
119.207.64.19
217.8.117.45
23.212.13.232
23.67.53.9
52.184.220.162
|
|
|
5.8 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47715 |
2020-07-03 17:46
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
2
http://raymondjaon.ug/rac2.exe
https://raymondjaon.ug/rac2.exe
|
7
watson.microsoft.com(51.143.111.81)
raymondjaon.ug(217.8.117.45)
119.207.64.19
217.8.117.45
23.212.13.232
23.67.53.9
52.184.220.162
|
|
|
5.8 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|