| 48646 |
2020-07-10 18:30
|
http://185.172.110.217/robx/re...
VirusTotal Malware Code Injection unpack itself Windows utilities malicious URLs Windows DNS |
1
https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201
|
3
clients2.google.com(172.217.24.142)
172.217.24.142
185.172.110.217
|
|
|
5.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48647 |
2020-07-10 12:59
|
http://abass.ir/bigmanx/dutyx.... d7aa2e5f3f9246c25844c9e8d6d709f9
VirusTotal Malware |
|
|
|
|
0.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48648 |
2020-07-10 12:25
|
http://abass.ir/bigmanx/dutyx.... d7aa2e5f3f9246c25844c9e8d6d709f9
VirusTotal Malware Code Injection Creates executable files unpack itself Windows utilities Windows |
1
http://abass.ir/bigmanx/dutyx.exe
|
2
abass.ir(194.180.224.87)
194.180.224.87
|
|
|
3.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48649 |
2020-07-10 12:23
|
http://75.127.1.203/ubb.exe 45c06eab307690b796dd9c1a3c7f8eb6
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Windows Exploit DNS crashed |
2
http://75.127.1.203/ubb.exe
https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201
|
3
clients2.google.com(172.217.24.142)
172.217.24.142
75.127.1.203
|
|
|
11.8 |
M |
33 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48650 |
2020-07-10 12:23
|
http://sagc.be/svc.exe 05e4aeecf11a890bfc365ccce931065b
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
1
|
2
sagc.be(92.48.206.34)
92.48.206.34
|
|
|
4.0 |
M |
22 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48651 |
2020-07-10 12:20
|
http://excelofficeonline.com/P... 3b5cc52ebfb46933d7665cf6125d9b72
VirusTotal Malware suspicious privilege Code Injection buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities sandbox evasion Windows Exploit Browser crashed |
2
http://excelofficeonline.com/PO.exe
https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201
|
4
clients2.google.com(172.217.24.142)
excelofficeonline.com(146.0.74.194)
146.0.74.194
216.58.220.110
|
|
|
8.8 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48652 |
2020-07-10 12:19
|
http://fileexchangeserviceform... e1204f68e985164c7c87828095f5bcb6
Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting exploit crash unpack itself Windows utilities suspicious process AppData folder malicious URLs installed browsers check Windows Exploit Browser Email ComputerName DNS DDNS Software crashed |
3
http://195.69.140.147/.op/cr.php/vms5lZmxPBbEN
http://fileexchangeserviceformicrosoftsecurity.duckdns.org/window/svchost.exe
http://195.69.140.147/.op/cr.php/vms5lZmxPBbEN
https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201
|
5
clients2.google.com(172.217.24.142)
fileexchangeserviceformicrosoftsecurity.duckdns.org(149.202.29.104)
149.202.29.104
195.69.140.147
216.58.220.110
|
|
|
14.2 |
M |
21 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48653 |
2020-07-09 17:03
|
http://91.198.220.225/microsof... 489f36c666847f46e05370a3ec37566f
VirusTotal Malware Code Injection Malicious Traffic Creates executable files unpack itself Windows utilities Windows DNS |
1
http://91.198.220.225/microsoft.msi
|
1
|
|
|
4.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48654 |
2020-07-09 17:02
|
http://veyron.ir/gregx/frankx.... 87712606fb9aaef0299a5ec915de4544
VirusTotal Malware Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
1
http://veyron.ir/gregx/frankx.exe
|
3
veyron.ir(185.123.101.144)
185.123.101.144
194.180.224.87
|
|
|
4.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48655 |
2020-07-09 16:55
|
Opencapture v7.0 Setup.exe c534ef899cd8782854db5409ac807e97
Check memory Checks debugger Creates executable files unpack itself AppData folder malicious URLs |
|
|
|
|
3.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48656 |
2020-07-09 16:52
|
http://91.198.220.225/microsof... 489f36c666847f46e05370a3ec37566f
VirusTotal Malware Code Injection Malicious Traffic Creates executable files unpack itself Windows utilities Windows DNS |
1
http://91.198.220.225/microsoft.msi
|
1
|
|
|
4.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48657 |
2020-07-09 16:50
|
http://veyron.ir/gregx/frankx.... 87712606fb9aaef0299a5ec915de4544
VirusTotal Malware Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
1
http://veyron.ir/gregx/frankx.exe
|
3
veyron.ir(194.180.224.87)
185.123.101.144
194.180.224.87
|
|
|
5.0 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48658 |
2020-07-09 16:46
|
http://veyron.ir/gregx/frankx.... 87712606fb9aaef0299a5ec915de4544
VirusTotal Malware Code Injection buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs sandbox evasion Windows Exploit crashed |
2
http://veyron.ir/gregx/frankx.exe
https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201
|
5
veyron.ir(185.123.101.144)
clients2.google.com(216.58.197.142)
172.217.24.142
185.123.101.144
194.180.224.87
|
|
|
9.6 |
M |
49 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48659 |
2020-07-09 16:27
|
https://download.nullsoft.com/... 3017f921a6c42a267842cc8bae9384c1
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk sandbox evasion Firewall state off VM Disk Size Check human activity check installed browsers check Ransomware Interception Windows Browser ComputerName keylogger |
7
http://client.winamp.com/update?v=5.8&ID=B0A79D08FC568C489FB2A592112702F3&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
http://client.winamp.com/update/latest-version.php?v=5.8&ID=B0A79D08FC568C489FB2A592112702F3&lang=en-US
http://client.winamp.com/update?v=5.8&ID=B0A79D08FC568C489FB2A592112702F3&lang=en-US
http://client.winamp.com/update/client_session.php?v=5.8&ID=B0A79D08FC568C489FB2A592112702F3&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
http://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe
https://download.nullsoft.com/winamp/client/winamp58_3660_beta_full_en-us.exe
https://download.nullsoft.com/winamp/misc/winamp58_3660_beta_full_en-us.exe
|
6
download.nullsoft.com(5.39.58.66)
client.winamp.com(31.12.71.55)
www.google.com(172.217.174.100)
172.217.25.4
31.12.71.55
5.39.58.66
|
|
|
13.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48660 |
2020-07-09 14:56
|
https://download.nullsoft.com/... 3017f921a6c42a267842cc8bae9384c1
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk sandbox evasion Firewall state off VM Disk Size Check human activity check installed browsers check Ransomware Interception Windows Exploit Browser ComputerName DNS crashed |
8
http://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe
http://client.winamp.com/update/client_session.php?v=5.8&ID=A4C0D7D472FC75498DFB638750585334&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
http://client.winamp.com/update?v=5.8&ID=A4C0D7D472FC75498DFB638750585334&lang=en-US
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://client.winamp.com/update/latest-version.php?v=5.8&ID=A4C0D7D472FC75498DFB638750585334&lang=en-US
http://client.winamp.com/update?v=5.8&ID=A4C0D7D472FC75498DFB638750585334&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
https://download.nullsoft.com/winamp/client/winamp58_3660_beta_full_en-us.exe
https://download.nullsoft.com/winamp/misc/winamp58_3660_beta_full_en-us.exe
|
9
download.nullsoft.com(5.39.58.66)
client.winamp.com(31.12.71.55)
ie9cvlist.ie.microsoft.com(117.18.232.200)
www.google.com(172.217.175.36)
125.209.222.142
117.18.232.200
172.217.31.228
31.12.71.55
5.39.58.66
|
|
|
15.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|