466 |
2020-07-03 18:50
|
https://download.nullsoft.com/... 966437f4d89ae4e72e637e3f2e92a45f VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut Creates executable files ICMP traffic exploit crash unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk sandbox evasion Firewall state off VM Disk Size Check human activity check installed browsers check Ransomware Interception Windows Exploit Browser ComputerName DNS crashed |
12
http://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe http://client.winamp.com/update?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US http://client.winamp.com/update/latest-version.php?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&lang=en-US http://client.winamp.com/update?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&lang=en-US http://client.winamp.com/update/client_session.php?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US http://cert.int-x3.letsencrypt.org/ https://cert.int-x3.letsencrypt.org/ https://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe https://client.winamp.com/update/latest-version.php?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&lang=en-US https://client.winamp.com/update/client_session.php?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US https://client.winamp.com/update?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&lang=en-US https://client.winamp.com/update?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
|
13
watson.microsoft.com(52.184.220.162) cert.int-x3.letsencrypt.org(104.74.211.103) www.google.com(216.58.197.228) download.nullsoft.com(5.39.58.66) client.winamp.com(31.12.71.55) 104.74.211.103 119.207.64.19 172.217.26.4 23.212.13.232 23.67.53.9 31.12.71.55 5.39.58.66 52.184.220.162
|
|
|
15.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
467 |
2020-07-03 18:52
|
https://cdn.netspotapp.com/dow... Code Injection unpack itself Windows utilities Windows |
|
2
cdn.netspotapp.com(89.187.187.19) 185.180.13.17
|
|
|
1.8 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
468 |
2020-07-03 18:54
|
http://www.hootech.com/mp3_to_... Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
4
http://www.hootech.com/mp3_to_swf_converter/mp32swf_converter.exe1 http://www.hootech.com/mp3_to_swf_converter/mp32swf_converter.exe https://www.hootech.com/mp3_to_swf_converter/mp32swf_converter.exe1 https://www.hootech.com/mp3_to_swf_converter/mp32swf_converter.exe
|
7
watson.microsoft.com(51.143.111.81) www.hootech.com(107.191.125.184) 107.191.125.184 119.207.64.19 23.212.13.232 23.67.53.9 51.143.111.81
|
|
|
5.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
469 |
2020-07-03 18:59
|
https://download.nullsoft.com/... d41d8cd98f00b204e9800998ecf8427e VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut Creates executable files ICMP traffic exploit crash unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk sandbox evasion Firewall state off VM Disk Size Check installed browsers check Interception Windows Exploit Browser ComputerName DNS crashed |
12
http://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe http://client.winamp.com/update?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&lang=en-US http://client.winamp.com/update/client_session.php?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US http://cert.int-x3.letsencrypt.org/ http://client.winamp.com/update/latest-version.php?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&lang=en-US http://client.winamp.com/update?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US https://cert.int-x3.letsencrypt.org/ https://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe https://client.winamp.com/update/latest-version.php?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&lang=en-US https://client.winamp.com/update/client_session.php?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US https://client.winamp.com/update?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&lang=en-US https://client.winamp.com/update?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
|
13
watson.microsoft.com(51.143.111.81) cert.int-x3.letsencrypt.org(104.74.251.44) www.google.com(172.217.174.100) download.nullsoft.com(5.39.58.66) client.winamp.com(31.12.71.55) 104.74.251.44 119.207.64.19 172.217.26.4 23.212.13.232 23.67.53.9 31.12.71.55 5.39.58.66 52.158.209.219
|
|
|
14.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
470 |
2020-07-03 19:22
|
http://kungwsdycommunicationta... ef5b1613d89bd6ff80bd9edc299df446 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Ransomware Windows Exploit DNS DDNS crashed |
2
http://kungwsdycommunicationtariffsuplier30mgh.duckdns.org/kungdoc/winlog.exe https://kungwsdycommunicationtariffsuplier30mgh.duckdns.org/kungdoc/winlog.exe
|
7
watson.microsoft.com(52.184.220.162) kungwsdycommunicationtariffsuplier30mgh.duckdns.org(103.140.251.213) 103.140.251.213 119.207.64.19 23.212.13.232 23.67.53.9 52.158.209.219
|
|
|
11.4 |
M |
25 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
471 |
2020-07-03 23:46
|
http://opencapture.net/update/... 542e9435e2c84a5444850fa441595e14 Code Injection unpack itself Windows utilities malicious URLs Windows DNS |
2
http://opencapture.net/update/homepage.php?mode=i https://opencapture.net/update/homepage.php?mode=i
|
7
amanda.ttnrd.com(54.152.245.247) opencapture.net(72.52.179.174) 119.207.64.19 23.212.13.232 23.67.53.9 3.90.125.85 72.52.179.174
|
|
|
3.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
472 |
2020-07-04 09:38
|
http://raymondjaon.ug/rac2.exe VirusTotal Malware |
|
|
|
|
0.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
473 |
2020-07-04 09:54
|
http://raymondjaon.ug/rac2.exe VirusTotal Malware |
|
|
|
|
0.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
474 |
2020-07-04 10:08
|
http://raymondjaon.ug/rac2.exe VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Windows Exploit DNS crashed |
4
http://raymondjaon.ug/rac2.exe http://www.bing.com/favicon.ico https://raymondjaon.ug/rac2.exe https://www.bing.com/favicon.ico
|
5
watson.microsoft.com(51.143.111.81) raymondjaon.ug(217.8.117.45) 204.79.197.200 217.8.117.45 52.158.209.219
|
|
|
6.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
475 |
2020-07-04 10:18
|
http://raymondjaon.ug/rac2.exe VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
4
http://raymondjaon.ug/rac2.exe http://www.bing.com/favicon.ico https://raymondjaon.ug/rac2.exe https://www.bing.com/favicon.ico
|
5
watson.microsoft.com(52.158.209.219) raymondjaon.ug(217.8.117.45) 204.79.197.200 217.8.117.45 51.143.111.81
|
|
|
5.8 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
476 |
2020-07-04 10:23
|
rac2.exe 944e549ba4db11ea3f94a2873ffbe693 VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs Ransomware Windows Email ComputerName DNS |
20
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab http://34.65.10.107/gate/libs.zip http://raymondjaon.ug/ac.exe http://apps.identrust.com/roots/dstrootcax3.p7c http://raymondjaon.ug/ds2.exe http://raymondjaon.ug/rc.exe http://34.65.10.107/gate/libs.zip http://34.65.10.107/gate/log.php http://34.65.10.107/file_handler/file.php?hash=472b8711bfdb0fd6dc22761973653afc48de03f4&js=9c9b7a27e53f7d53178457a3dc3868ce0e30d2b2&callback=http://34.65.10.107/gate http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab http://34.65.10.107/gate/sqlite3.dll http://raymondjaon.ug/ds1.exe http://34.65.10.107/gate/libs.zip http://34.65.10.107/gate/libs.zip http://34.65.10.107/gate/libs.zip https://apps.identrust.com/roots/dstrootcax3.p7c https://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab https://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab https://34.65.10.107/gate/log.php https://34.65.10.107/gate/sqlite3.dll https://34.65.10.107/gate/libs.zip https://34.65.10.107/gate/libs.zip https://34.65.10.107/gate/libs.zip https://34.65.10.107/gate/libs.zip https://34.65.10.107/gate/libs.zip https://34.65.10.107/file_handler/file.php?hash=472b8711bfdb0fd6dc22761973653afc48de03f4&js=9c9b7a27e53f7d53178457a3dc3868ce0e30d2b2&callback=http://34.65.10.107/gate https://raymondjaon.ug/rc.exe https://raymondjaon.ug/ac.exe https://raymondjaon.ug/ds1.exe https://raymondjaon.ug/ds2.exe
|
9
telete.in(195.201.225.248) apps.identrust.com(192.35.177.64) raymondjaon.ug(217.8.117.45) www.download.windowsupdate.com(23.67.53.27) 192.35.177.64 195.201.225.248 217.8.117.45 23.67.53.32 34.65.10.107
|
|
|
17.2 |
M |
35 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
477 |
2020-07-04 11:49
|
http://raymondjaon.ug/rac2.exe VirusTotal Malware |
|
|
|
|
0.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
478 |
2020-07-04 12:23
|
http://raymondjaon.ug/rac2.exe VirusTotal Malware |
|
|
|
|
0.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
479 |
2020-07-04 12:24
|
http://raymondjaon.ug/rac2.exe VirusTotal Malware |
|
|
|
|
0.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
480 |
2020-07-04 12:26
|
http://raymondjaon.ug/rac2.exe 944e549ba4db11ea3f94a2873ffbe693 VirusTotal Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities Check virtual network interfaces AppData folder malicious URLs Windows Exploit DNS crashed |
8
http://apps.identrust.com/roots/dstrootcax3.p7c http://raymondjaon.ug/rac2.exe http://34.65.10.107/gate/log.php http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab https://raymondjaon.ug/rac2.exe https://apps.identrust.com/roots/dstrootcax3.p7c https://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab https://34.65.10.107/gate/log.php
|
9
raymondjaon.ug(217.8.117.45) apps.identrust.com(192.35.177.64) www.download.windowsupdate.com(119.207.64.11) telete.in(195.201.225.248) 119.207.64.8 192.35.177.64 195.201.225.248 217.8.117.45 34.65.10.107
|
|
|
12.4 |
M |
35 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|