| 466 |
2020-07-03 18:50
|
https://download.nullsoft.com/... 966437f4d89ae4e72e637e3f2e92a45f
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut Creates executable files ICMP traffic exploit crash unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk sandbox evasion Firewall state off VM Disk Size Check human activity check installed browsers check Ransomware Interception Windows Exploit Browser ComputerName DNS crashed |
12
http://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe
http://client.winamp.com/update?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
http://client.winamp.com/update/latest-version.php?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&lang=en-US
http://client.winamp.com/update?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&lang=en-US
http://client.winamp.com/update/client_session.php?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
http://cert.int-x3.letsencrypt.org/
https://cert.int-x3.letsencrypt.org/
https://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe
https://client.winamp.com/update/latest-version.php?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&lang=en-US
https://client.winamp.com/update/client_session.php?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
https://client.winamp.com/update?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&lang=en-US
https://client.winamp.com/update?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
|
13
watson.microsoft.com(52.184.220.162)
cert.int-x3.letsencrypt.org(104.74.211.103)
www.google.com(216.58.197.228)
download.nullsoft.com(5.39.58.66)
client.winamp.com(31.12.71.55)
104.74.211.103
119.207.64.19
172.217.26.4
23.212.13.232
23.67.53.9
31.12.71.55
5.39.58.66
52.184.220.162
|
|
|
15.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 467 |
2020-07-03 18:52
|
https://cdn.netspotapp.com/dow...
Code Injection unpack itself Windows utilities Windows |
|
2
cdn.netspotapp.com(89.187.187.19)
185.180.13.17
|
|
|
1.8 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 468 |
2020-07-03 18:54
|
http://www.hootech.com/mp3_to_...
Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
4
http://www.hootech.com/mp3_to_swf_converter/mp32swf_converter.exe1
http://www.hootech.com/mp3_to_swf_converter/mp32swf_converter.exe
https://www.hootech.com/mp3_to_swf_converter/mp32swf_converter.exe1
https://www.hootech.com/mp3_to_swf_converter/mp32swf_converter.exe
|
7
watson.microsoft.com(51.143.111.81)
www.hootech.com(107.191.125.184)
107.191.125.184
119.207.64.19
23.212.13.232
23.67.53.9
51.143.111.81
|
|
|
5.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 469 |
2020-07-03 18:59
|
https://download.nullsoft.com/... d41d8cd98f00b204e9800998ecf8427e
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut Creates executable files ICMP traffic exploit crash unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk sandbox evasion Firewall state off VM Disk Size Check installed browsers check Interception Windows Exploit Browser ComputerName DNS crashed |
12
http://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe
http://client.winamp.com/update?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&lang=en-US
http://client.winamp.com/update/client_session.php?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
http://cert.int-x3.letsencrypt.org/
http://client.winamp.com/update/latest-version.php?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&lang=en-US
http://client.winamp.com/update?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
https://cert.int-x3.letsencrypt.org/
https://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe
https://client.winamp.com/update/latest-version.php?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&lang=en-US
https://client.winamp.com/update/client_session.php?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
https://client.winamp.com/update?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&lang=en-US
https://client.winamp.com/update?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
|
13
watson.microsoft.com(51.143.111.81)
cert.int-x3.letsencrypt.org(104.74.251.44)
www.google.com(172.217.174.100)
download.nullsoft.com(5.39.58.66)
client.winamp.com(31.12.71.55)
104.74.251.44
119.207.64.19
172.217.26.4
23.212.13.232
23.67.53.9
31.12.71.55
5.39.58.66
52.158.209.219
|
|
|
14.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 470 |
2020-07-03 19:22
|
http://kungwsdycommunicationta... ef5b1613d89bd6ff80bd9edc299df446
VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Ransomware Windows Exploit DNS DDNS crashed |
2
http://kungwsdycommunicationtariffsuplier30mgh.duckdns.org/kungdoc/winlog.exe
https://kungwsdycommunicationtariffsuplier30mgh.duckdns.org/kungdoc/winlog.exe
|
7
watson.microsoft.com(52.184.220.162)
kungwsdycommunicationtariffsuplier30mgh.duckdns.org(103.140.251.213)
103.140.251.213
119.207.64.19
23.212.13.232
23.67.53.9
52.158.209.219
|
|
|
11.4 |
M |
25 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 471 |
2020-07-03 23:46
|
http://opencapture.net/update/... 542e9435e2c84a5444850fa441595e14
Code Injection unpack itself Windows utilities malicious URLs Windows DNS |
2
http://opencapture.net/update/homepage.php?mode=i
https://opencapture.net/update/homepage.php?mode=i
|
7
amanda.ttnrd.com(54.152.245.247)
opencapture.net(72.52.179.174)
119.207.64.19
23.212.13.232
23.67.53.9
3.90.125.85
72.52.179.174
|
|
|
3.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 472 |
2020-07-04 09:38
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware |
|
|
|
|
0.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 473 |
2020-07-04 09:54
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware |
|
|
|
|
0.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 474 |
2020-07-04 10:08
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Windows Exploit DNS crashed |
4
http://raymondjaon.ug/rac2.exe
http://www.bing.com/favicon.ico
https://raymondjaon.ug/rac2.exe
https://www.bing.com/favicon.ico
|
5
watson.microsoft.com(51.143.111.81)
raymondjaon.ug(217.8.117.45)
204.79.197.200
217.8.117.45
52.158.209.219
|
|
|
6.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 475 |
2020-07-04 10:18
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
4
http://raymondjaon.ug/rac2.exe
http://www.bing.com/favicon.ico
https://raymondjaon.ug/rac2.exe
https://www.bing.com/favicon.ico
|
5
watson.microsoft.com(52.158.209.219)
raymondjaon.ug(217.8.117.45)
204.79.197.200
217.8.117.45
51.143.111.81
|
|
|
5.8 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 476 |
2020-07-04 10:23
|
rac2.exe 944e549ba4db11ea3f94a2873ffbe693
VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs Ransomware Windows Email ComputerName DNS |
20
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
http://34.65.10.107/gate/libs.zip
http://raymondjaon.ug/ac.exe
http://apps.identrust.com/roots/dstrootcax3.p7c
http://raymondjaon.ug/ds2.exe
http://raymondjaon.ug/rc.exe
http://34.65.10.107/gate/libs.zip
http://34.65.10.107/gate/log.php
http://34.65.10.107/file_handler/file.php?hash=472b8711bfdb0fd6dc22761973653afc48de03f4&js=9c9b7a27e53f7d53178457a3dc3868ce0e30d2b2&callback=http://34.65.10.107/gate
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
http://34.65.10.107/gate/sqlite3.dll
http://raymondjaon.ug/ds1.exe
http://34.65.10.107/gate/libs.zip
http://34.65.10.107/gate/libs.zip
http://34.65.10.107/gate/libs.zip
https://apps.identrust.com/roots/dstrootcax3.p7c
https://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
https://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
https://34.65.10.107/gate/log.php
https://34.65.10.107/gate/sqlite3.dll
https://34.65.10.107/gate/libs.zip
https://34.65.10.107/gate/libs.zip
https://34.65.10.107/gate/libs.zip
https://34.65.10.107/gate/libs.zip
https://34.65.10.107/gate/libs.zip
https://34.65.10.107/file_handler/file.php?hash=472b8711bfdb0fd6dc22761973653afc48de03f4&js=9c9b7a27e53f7d53178457a3dc3868ce0e30d2b2&callback=http://34.65.10.107/gate
https://raymondjaon.ug/rc.exe
https://raymondjaon.ug/ac.exe
https://raymondjaon.ug/ds1.exe
https://raymondjaon.ug/ds2.exe
|
9
telete.in(195.201.225.248)
apps.identrust.com(192.35.177.64)
raymondjaon.ug(217.8.117.45)
www.download.windowsupdate.com(23.67.53.27)
192.35.177.64
195.201.225.248
217.8.117.45
23.67.53.32
34.65.10.107
|
|
|
17.2 |
M |
35 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 477 |
2020-07-04 11:49
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware |
|
|
|
|
0.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 478 |
2020-07-04 12:23
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware |
|
|
|
|
0.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 479 |
2020-07-04 12:24
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware |
|
|
|
|
0.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 480 |
2020-07-04 12:26
|
http://raymondjaon.ug/rac2.exe 944e549ba4db11ea3f94a2873ffbe693
VirusTotal Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities Check virtual network interfaces AppData folder malicious URLs Windows Exploit DNS crashed |
8
http://apps.identrust.com/roots/dstrootcax3.p7c
http://raymondjaon.ug/rac2.exe
http://34.65.10.107/gate/log.php
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
https://raymondjaon.ug/rac2.exe
https://apps.identrust.com/roots/dstrootcax3.p7c
https://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
https://34.65.10.107/gate/log.php
|
9
raymondjaon.ug(217.8.117.45)
apps.identrust.com(192.35.177.64)
www.download.windowsupdate.com(119.207.64.11)
telete.in(195.201.225.248)
119.207.64.8
192.35.177.64
195.201.225.248
217.8.117.45
34.65.10.107
|
|
|
12.4 |
M |
35 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|