| 47761 |
2020-07-02 18:46
|
http://raymondjaon.ug/rac2.exe 944e549ba4db11ea3f94a2873ffbe693
VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files exploit crash unpack itself Windows utilities Collect installed applications Detects VirtualBox Check virtual network interfaces suspicious process AppData folder malicious URLs Ransomware Windows Exploit Email ComputerName DNS crashed |
24
http://raymondjaon.ug/ds2.exe
http://34.65.10.107/gate/libs.zip
http://34.65.10.107/file_handler/file.php?hash=46e8b4948c35fc18a2120efbb6eefd9b7eef42fd&js=3b3dcecff16c3e70426d9bc792009964539e11da&callback=http://34.65.10.107/gate
http://34.65.10.107/gate/libs.zip
http://apps.identrust.com/roots/dstrootcax3.p7c
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
http://34.65.10.107/gate/libs.zip
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
http://raymondjaon.ug/ds1.exe
http://raymondjaon.ug/rc.exe
http://34.65.10.107/gate/libs.zip
http://34.65.10.107/gate/log.php
http://raymondjaon.ug/rac2.exe
http://34.65.10.107/gate/sqlite3.dll
http://raymondjaon.ug/ac.exe
http://34.65.10.107/gate/libs.zip
https://raymondjaon.ug/rac2.exe
https://apps.identrust.com/roots/dstrootcax3.p7c
https://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
https://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
https://34.65.10.107/gate/log.php
https://34.65.10.107/gate/sqlite3.dll
https://34.65.10.107/gate/libs.zip
https://34.65.10.107/gate/libs.zip
https://34.65.10.107/gate/libs.zip
https://34.65.10.107/gate/libs.zip
https://34.65.10.107/gate/libs.zip
https://34.65.10.107/file_handler/file.php?hash=46e8b4948c35fc18a2120efbb6eefd9b7eef42fd&js=3b3dcecff16c3e70426d9bc792009964539e11da&callback=http://34.65.10.107/gate
https://raymondjaon.ug/rc.exe
https://raymondjaon.ug/ac.exe
https://raymondjaon.ug/ds1.exe
https://raymondjaon.ug/ds2.exe
|
11
telete.in(195.201.225.248)
raymondjaon.ug(217.8.117.45)
www.download.windowsupdate.com(23.76.153.42)
www.microsoft.com(23.212.13.232)
apps.identrust.com(192.35.177.64)
192.35.177.64
195.201.225.248
217.8.117.45
23.212.13.232
23.76.153.42
34.65.10.107
|
|
|
19.2 |
M |
12 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47762 |
2020-07-02 18:43
|
http://mrgeek.pk/wndll.exe 4e0966f48e6fe2451eae96f7696dcab9
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://mrgeek.pk/wndll.exe
https://mrgeek.pk/wndll.exe
|
2
mrgeek.pk(5.189.181.83)
5.189.181.83
|
|
|
5.8 |
M |
44 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47763 |
2020-07-02 18:42
|
http://mrgeek.pk/wndll.exe 4e0966f48e6fe2451eae96f7696dcab9
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://mrgeek.pk/wndll.exe
https://mrgeek.pk/wndll.exe
|
2
mrgeek.pk(5.189.181.83)
5.189.181.83
|
|
|
5.8 |
M |
44 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47764 |
2020-07-02 18:40
|
http://mrgeek.pk/wndll.exe 4e0966f48e6fe2451eae96f7696dcab9
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://mrgeek.pk/wndll.exe
https://mrgeek.pk/wndll.exe
|
2
mrgeek.pk(5.189.181.83)
5.189.181.83
|
|
|
5.8 |
M |
44 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47765 |
2020-07-02 18:39
|
http://mrgeek.pk/wndll.exe
VirusTotal Malware |
|
|
|
|
0.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47766 |
2020-07-02 18:33
|
rac2.exe 944e549ba4db11ea3f94a2873ffbe693
VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Detects VirtualBox Check virtual network interfaces suspicious process AppData folder malicious URLs Ransomware Windows Email ComputerName DNS |
22
http://raymondjaon.ug/ds2.exe
http://34.65.10.107/gate/libs.zip
http://34.65.10.107/gate/libs.zip
http://34.65.10.107/gate/libs.zip
http://apps.identrust.com/roots/dstrootcax3.p7c
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
http://34.65.10.107/gate/libs.zip
http://34.65.10.107/file_handler/file.php?hash=7986c99d14c8c5b6ed92bc197749452132e62ed0&js=b530e4ad29af1d04f7920f02d215be31ef15dcf4&callback=http://34.65.10.107/gate
http://raymondjaon.ug/rc.exe
http://34.65.10.107/gate/libs.zip
http://34.65.10.107/gate/log.php
http://raymondjaon.ug/ac.exe
http://34.65.10.107/gate/sqlite3.dll
http://raymondjaon.ug/ds1.exe
https://apps.identrust.com/roots/dstrootcax3.p7c
https://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
https://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
https://34.65.10.107/gate/log.php
https://34.65.10.107/gate/sqlite3.dll
https://34.65.10.107/gate/libs.zip
https://34.65.10.107/gate/libs.zip
https://34.65.10.107/gate/libs.zip
https://34.65.10.107/gate/libs.zip
https://34.65.10.107/gate/libs.zip
https://34.65.10.107/file_handler/file.php?hash=7986c99d14c8c5b6ed92bc197749452132e62ed0&js=b530e4ad29af1d04f7920f02d215be31ef15dcf4&callback=http://34.65.10.107/gate
https://raymondjaon.ug/rc.exe
https://raymondjaon.ug/ac.exe
https://raymondjaon.ug/ds1.exe
https://raymondjaon.ug/ds2.exe
|
11
apps.identrust.com(192.35.177.64)
telete.in(195.201.225.248)
raymondjaon.ug(217.8.117.45)
www.download.windowsupdate.com(23.76.153.50)
www.microsoft.com(23.212.13.232)
192.35.177.64
195.201.225.248
217.8.117.45
23.212.13.232
23.76.153.50
34.65.10.107
|
|
|
17.4 |
M |
12 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47767 |
2020-07-02 18:29
|
rac2.exe 944e549ba4db11ea3f94a2873ffbe693
VirusTotal Malware |
|
|
|
|
1.0 |
|
12 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47768 |
2020-07-02 18:27
|
http://180.214.238.5/receipt/i... 72fdaf8592e4085a8cfb05aeb0092f4e
VirusTotal Malware Code Injection Malicious Traffic exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed |
2
http://180.214.238.5/receipt/invoice_452122.doc
https://180.214.238.5/receipt/invoice_452122.doc
|
1
|
|
|
5.8 |
M |
24 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47769 |
2020-07-02 18:25
|
http://raymondjaon.ug/rac2.exe 944e549ba4db11ea3f94a2873ffbe693
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Windows Exploit crashed |
2
http://raymondjaon.ug/rac2.exe
https://raymondjaon.ug/rac2.exe
|
2
raymondjaon.ug(217.8.117.45)
217.8.117.45
|
|
|
9.4 |
M |
12 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47770 |
2020-07-02 18:23
|
http://mrgeek.pk/wndll.exe 4e0966f48e6fe2451eae96f7696dcab9
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://mrgeek.pk/wndll.exe
https://mrgeek.pk/wndll.exe
|
2
mrgeek.pk(5.189.181.83)
5.189.181.83
|
|
|
5.8 |
M |
44 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47771 |
2020-07-02 17:05
|
http://mrgeek.pk/wndll.exe
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://mrgeek.pk/wndll.exe
https://mrgeek.pk/wndll.exe
|
4
mrgeek.pk(5.189.181.83)
watson.microsoft.com(51.143.111.81)
5.189.181.83
52.158.209.219
|
|
|
5.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47772 |
2020-07-02 17:00
|
http://mrgeek.pk/wndll.exe
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://mrgeek.pk/wndll.exe
https://mrgeek.pk/wndll.exe
|
4
mrgeek.pk(5.189.181.83)
watson.microsoft.com(52.158.209.219)
5.189.181.83
51.143.111.81
|
|
|
5.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47773 |
2020-07-02 16:54
|
http://mrgeek.pk/wndll.exe
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://mrgeek.pk/wndll.exe
https://mrgeek.pk/wndll.exe
|
4
watson.microsoft.com(52.184.220.162)
mrgeek.pk(5.189.181.83)
5.189.181.83
52.184.220.162
|
|
|
5.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47774 |
2020-07-02 16:48
|
http://mrgeek.pk/wndll.exe
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://mrgeek.pk/wndll.exe
https://mrgeek.pk/wndll.exe
|
4
watson.microsoft.com(51.143.111.81)
mrgeek.pk(5.189.181.83)
5.189.181.83
51.143.111.81
|
|
|
5.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47775 |
2020-07-02 16:35
|
views.txt 30fe9d1a333a0a4906bebf2f993980e6
malicious URLs |
|
|
|
|
0.8 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|