| 48811 |
2020-07-04 09:54
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware |
|
|
|
|
0.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48812 |
2020-07-04 09:38
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware |
|
|
|
|
0.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48813 |
2020-07-03 23:46
|
http://opencapture.net/update/... 542e9435e2c84a5444850fa441595e14
Code Injection unpack itself Windows utilities malicious URLs Windows DNS |
2
http://opencapture.net/update/homepage.php?mode=i
https://opencapture.net/update/homepage.php?mode=i
|
7
amanda.ttnrd.com(54.152.245.247)
opencapture.net(72.52.179.174)
119.207.64.19
23.212.13.232
23.67.53.9
3.90.125.85
72.52.179.174
|
|
|
3.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48814 |
2020-07-03 19:22
|
http://kungwsdycommunicationta... ef5b1613d89bd6ff80bd9edc299df446
VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Ransomware Windows Exploit DNS DDNS crashed |
2
http://kungwsdycommunicationtariffsuplier30mgh.duckdns.org/kungdoc/winlog.exe
https://kungwsdycommunicationtariffsuplier30mgh.duckdns.org/kungdoc/winlog.exe
|
7
watson.microsoft.com(52.184.220.162)
kungwsdycommunicationtariffsuplier30mgh.duckdns.org(103.140.251.213)
103.140.251.213
119.207.64.19
23.212.13.232
23.67.53.9
52.158.209.219
|
|
|
11.4 |
M |
25 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48815 |
2020-07-03 18:59
|
https://download.nullsoft.com/... d41d8cd98f00b204e9800998ecf8427e
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut Creates executable files ICMP traffic exploit crash unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk sandbox evasion Firewall state off VM Disk Size Check installed browsers check Interception Windows Exploit Browser ComputerName DNS crashed |
12
http://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe
http://client.winamp.com/update?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&lang=en-US
http://client.winamp.com/update/client_session.php?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
http://cert.int-x3.letsencrypt.org/
http://client.winamp.com/update/latest-version.php?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&lang=en-US
http://client.winamp.com/update?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
https://cert.int-x3.letsencrypt.org/
https://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe
https://client.winamp.com/update/latest-version.php?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&lang=en-US
https://client.winamp.com/update/client_session.php?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
https://client.winamp.com/update?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&lang=en-US
https://client.winamp.com/update?v=5.8&ID=C959B70E2925664FA2CAB195FA327FFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
|
13
watson.microsoft.com(51.143.111.81)
cert.int-x3.letsencrypt.org(104.74.251.44)
www.google.com(172.217.174.100)
download.nullsoft.com(5.39.58.66)
client.winamp.com(31.12.71.55)
104.74.251.44
119.207.64.19
172.217.26.4
23.212.13.232
23.67.53.9
31.12.71.55
5.39.58.66
52.158.209.219
|
|
|
14.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48816 |
2020-07-03 18:54
|
http://www.hootech.com/mp3_to_...
Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
4
http://www.hootech.com/mp3_to_swf_converter/mp32swf_converter.exe1
http://www.hootech.com/mp3_to_swf_converter/mp32swf_converter.exe
https://www.hootech.com/mp3_to_swf_converter/mp32swf_converter.exe1
https://www.hootech.com/mp3_to_swf_converter/mp32swf_converter.exe
|
7
watson.microsoft.com(51.143.111.81)
www.hootech.com(107.191.125.184)
107.191.125.184
119.207.64.19
23.212.13.232
23.67.53.9
51.143.111.81
|
|
|
5.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48817 |
2020-07-03 18:52
|
https://cdn.netspotapp.com/dow...
Code Injection unpack itself Windows utilities Windows |
|
2
cdn.netspotapp.com(89.187.187.19)
185.180.13.17
|
|
|
1.8 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48818 |
2020-07-03 18:50
|
https://download.nullsoft.com/... 966437f4d89ae4e72e637e3f2e92a45f
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut Creates executable files ICMP traffic exploit crash unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk sandbox evasion Firewall state off VM Disk Size Check human activity check installed browsers check Ransomware Interception Windows Exploit Browser ComputerName DNS crashed |
12
http://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe
http://client.winamp.com/update?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
http://client.winamp.com/update/latest-version.php?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&lang=en-US
http://client.winamp.com/update?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&lang=en-US
http://client.winamp.com/update/client_session.php?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
http://cert.int-x3.letsencrypt.org/
https://cert.int-x3.letsencrypt.org/
https://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe
https://client.winamp.com/update/latest-version.php?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&lang=en-US
https://client.winamp.com/update/client_session.php?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
https://client.winamp.com/update?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&lang=en-US
https://client.winamp.com/update?v=5.8&ID=C959B70E2925754FA2CAB195FA326CFC&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
|
13
watson.microsoft.com(52.184.220.162)
cert.int-x3.letsencrypt.org(104.74.211.103)
www.google.com(216.58.197.228)
download.nullsoft.com(5.39.58.66)
client.winamp.com(31.12.71.55)
104.74.211.103
119.207.64.19
172.217.26.4
23.212.13.232
23.67.53.9
31.12.71.55
5.39.58.66
52.184.220.162
|
|
|
15.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48819 |
2020-07-03 18:45
|
http://raymondjaon.ug/rac2.exe
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
2
http://raymondjaon.ug/rac2.exe
https://raymondjaon.ug/rac2.exe
|
7
watson.microsoft.com(51.143.111.81)
raymondjaon.ug(217.8.117.45)
119.207.64.19
217.8.117.45
23.212.13.232
23.67.53.9
52.158.209.219
|
|
|
5.8 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48820 |
2020-07-03 18:43
|
http://chinese2wsdyonly6ywalka... c4b03b75e2ccbe4e6b791d004fb91fe7
VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Ransomware Windows Exploit DNS DDNS crashed |
2
http://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
https://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
|
7
watson.microsoft.com(52.158.209.219)
chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org(103.140.251.164)
103.140.251.164
119.207.64.19
23.212.13.232
23.67.53.9
51.143.111.81
|
|
|
11.4 |
M |
16 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48821 |
2020-07-03 18:42
|
http://chinese2wsdyonly6ywalka... c4b03b75e2ccbe4e6b791d004fb91fe7
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS DDNS crashed |
2
http://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
https://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
|
7
watson.microsoft.com(52.158.209.219)
chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org(103.140.251.164)
103.140.251.164
119.207.64.19
23.212.13.232
23.67.53.9
51.143.111.81
|
|
|
6.0 |
M |
16 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48822 |
2020-07-03 18:40
|
http://chinese2wsdyonly6ywalka...
VirusTotal Malware DNS DDNS |
2
http://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
https://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
|
2
chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org(103.140.251.164)
103.140.251.164
|
|
|
1.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48823 |
2020-07-03 18:37
|
http://chinese2wsdyonly6ywalka... c4b03b75e2ccbe4e6b791d004fb91fe7
VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder Ransomware Windows Exploit DNS DDNS crashed |
2
http://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
https://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
|
7
watson.microsoft.com(51.143.111.81)
chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org(103.140.251.164)
103.140.251.164
119.207.64.19
23.212.13.232
23.67.53.9
52.158.209.219
|
|
|
11.0 |
M |
16 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48824 |
2020-07-03 18:33
|
http://chinese2wsdyonly6ywalka... c4b03b75e2ccbe4e6b791d004fb91fe7
VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Ransomware Windows Exploit DNS DDNS crashed |
2
http://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
https://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
|
7
watson.microsoft.com(51.143.111.81)
chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org(103.140.251.164)
103.140.251.164
119.207.64.19
23.212.13.232
23.67.53.9
52.184.220.162
|
|
|
11.4 |
M |
16 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48825 |
2020-07-03 18:30
|
http://chinese2wsdyonly6ywalka...
VirusTotal Malware DNS DDNS |
2
http://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
https://chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org/chnsfrnd2/winlog.exe
|
2
chinese2wsdyonly6ywalkaloneinlifeaomg.duckdns.org(103.140.251.164)
103.140.251.164
|
|
|
1.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|