49291 |
2020-07-02 18:46
|
http://raymondjaon.ug/rac2.exe 944e549ba4db11ea3f94a2873ffbe693 VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files exploit crash unpack itself Windows utilities Collect installed applications Detects VirtualBox Check virtual network interfaces suspicious process AppData folder malicious URLs Ransomware Windows Exploit Email ComputerName DNS crashed |
24
http://raymondjaon.ug/ds2.exe http://34.65.10.107/gate/libs.zip http://34.65.10.107/file_handler/file.php?hash=46e8b4948c35fc18a2120efbb6eefd9b7eef42fd&js=3b3dcecff16c3e70426d9bc792009964539e11da&callback=http://34.65.10.107/gate http://34.65.10.107/gate/libs.zip http://apps.identrust.com/roots/dstrootcax3.p7c http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt http://34.65.10.107/gate/libs.zip http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab http://raymondjaon.ug/ds1.exe http://raymondjaon.ug/rc.exe http://34.65.10.107/gate/libs.zip http://34.65.10.107/gate/log.php http://raymondjaon.ug/rac2.exe http://34.65.10.107/gate/sqlite3.dll http://raymondjaon.ug/ac.exe http://34.65.10.107/gate/libs.zip https://raymondjaon.ug/rac2.exe https://apps.identrust.com/roots/dstrootcax3.p7c https://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt https://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab https://34.65.10.107/gate/log.php https://34.65.10.107/gate/sqlite3.dll https://34.65.10.107/gate/libs.zip https://34.65.10.107/gate/libs.zip https://34.65.10.107/gate/libs.zip https://34.65.10.107/gate/libs.zip https://34.65.10.107/gate/libs.zip https://34.65.10.107/file_handler/file.php?hash=46e8b4948c35fc18a2120efbb6eefd9b7eef42fd&js=3b3dcecff16c3e70426d9bc792009964539e11da&callback=http://34.65.10.107/gate https://raymondjaon.ug/rc.exe https://raymondjaon.ug/ac.exe https://raymondjaon.ug/ds1.exe https://raymondjaon.ug/ds2.exe
|
11
telete.in(195.201.225.248) raymondjaon.ug(217.8.117.45) www.download.windowsupdate.com(23.76.153.42) www.microsoft.com(23.212.13.232) apps.identrust.com(192.35.177.64) 192.35.177.64 195.201.225.248 217.8.117.45 23.212.13.232 23.76.153.42 34.65.10.107
|
|
|
19.2 |
M |
12 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49292 |
2020-07-02 18:43
|
http://mrgeek.pk/wndll.exe 4e0966f48e6fe2451eae96f7696dcab9 VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://mrgeek.pk/wndll.exe https://mrgeek.pk/wndll.exe
|
2
mrgeek.pk(5.189.181.83) 5.189.181.83
|
|
|
5.8 |
M |
44 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49293 |
2020-07-02 18:42
|
http://mrgeek.pk/wndll.exe 4e0966f48e6fe2451eae96f7696dcab9 VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://mrgeek.pk/wndll.exe https://mrgeek.pk/wndll.exe
|
2
mrgeek.pk(5.189.181.83) 5.189.181.83
|
|
|
5.8 |
M |
44 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49294 |
2020-07-02 18:40
|
http://mrgeek.pk/wndll.exe 4e0966f48e6fe2451eae96f7696dcab9 VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://mrgeek.pk/wndll.exe https://mrgeek.pk/wndll.exe
|
2
mrgeek.pk(5.189.181.83) 5.189.181.83
|
|
|
5.8 |
M |
44 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49295 |
2020-07-02 18:39
|
http://mrgeek.pk/wndll.exe VirusTotal Malware |
|
|
|
|
0.6 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49296 |
2020-07-02 18:33
|
rac2.exe 944e549ba4db11ea3f94a2873ffbe693 VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Detects VirtualBox Check virtual network interfaces suspicious process AppData folder malicious URLs Ransomware Windows Email ComputerName DNS |
22
http://raymondjaon.ug/ds2.exe http://34.65.10.107/gate/libs.zip http://34.65.10.107/gate/libs.zip http://34.65.10.107/gate/libs.zip http://apps.identrust.com/roots/dstrootcax3.p7c http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab http://34.65.10.107/gate/libs.zip http://34.65.10.107/file_handler/file.php?hash=7986c99d14c8c5b6ed92bc197749452132e62ed0&js=b530e4ad29af1d04f7920f02d215be31ef15dcf4&callback=http://34.65.10.107/gate http://raymondjaon.ug/rc.exe http://34.65.10.107/gate/libs.zip http://34.65.10.107/gate/log.php http://raymondjaon.ug/ac.exe http://34.65.10.107/gate/sqlite3.dll http://raymondjaon.ug/ds1.exe https://apps.identrust.com/roots/dstrootcax3.p7c https://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt https://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab https://34.65.10.107/gate/log.php https://34.65.10.107/gate/sqlite3.dll https://34.65.10.107/gate/libs.zip https://34.65.10.107/gate/libs.zip https://34.65.10.107/gate/libs.zip https://34.65.10.107/gate/libs.zip https://34.65.10.107/gate/libs.zip https://34.65.10.107/file_handler/file.php?hash=7986c99d14c8c5b6ed92bc197749452132e62ed0&js=b530e4ad29af1d04f7920f02d215be31ef15dcf4&callback=http://34.65.10.107/gate https://raymondjaon.ug/rc.exe https://raymondjaon.ug/ac.exe https://raymondjaon.ug/ds1.exe https://raymondjaon.ug/ds2.exe
|
11
apps.identrust.com(192.35.177.64) telete.in(195.201.225.248) raymondjaon.ug(217.8.117.45) www.download.windowsupdate.com(23.76.153.50) www.microsoft.com(23.212.13.232) 192.35.177.64 195.201.225.248 217.8.117.45 23.212.13.232 23.76.153.50 34.65.10.107
|
|
|
17.4 |
M |
12 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49297 |
2020-07-02 18:29
|
rac2.exe 944e549ba4db11ea3f94a2873ffbe693 VirusTotal Malware |
|
|
|
|
1.0 |
|
12 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49298 |
2020-07-02 18:27
|
http://180.214.238.5/receipt/i... 72fdaf8592e4085a8cfb05aeb0092f4e VirusTotal Malware Code Injection Malicious Traffic exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed |
2
http://180.214.238.5/receipt/invoice_452122.doc https://180.214.238.5/receipt/invoice_452122.doc
|
1
|
|
|
5.8 |
M |
24 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49299 |
2020-07-02 18:25
|
http://raymondjaon.ug/rac2.exe 944e549ba4db11ea3f94a2873ffbe693 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Windows Exploit crashed |
2
http://raymondjaon.ug/rac2.exe https://raymondjaon.ug/rac2.exe
|
2
raymondjaon.ug(217.8.117.45) 217.8.117.45
|
|
|
9.4 |
M |
12 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49300 |
2020-07-02 18:23
|
http://mrgeek.pk/wndll.exe 4e0966f48e6fe2451eae96f7696dcab9 VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://mrgeek.pk/wndll.exe https://mrgeek.pk/wndll.exe
|
2
mrgeek.pk(5.189.181.83) 5.189.181.83
|
|
|
5.8 |
M |
44 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49301 |
2020-07-02 17:05
|
http://mrgeek.pk/wndll.exe VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://mrgeek.pk/wndll.exe https://mrgeek.pk/wndll.exe
|
4
mrgeek.pk(5.189.181.83) watson.microsoft.com(51.143.111.81) 5.189.181.83 52.158.209.219
|
|
|
5.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49302 |
2020-07-02 17:00
|
http://mrgeek.pk/wndll.exe VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://mrgeek.pk/wndll.exe https://mrgeek.pk/wndll.exe
|
4
mrgeek.pk(5.189.181.83) watson.microsoft.com(52.158.209.219) 5.189.181.83 51.143.111.81
|
|
|
5.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49303 |
2020-07-02 16:54
|
http://mrgeek.pk/wndll.exe VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://mrgeek.pk/wndll.exe https://mrgeek.pk/wndll.exe
|
4
watson.microsoft.com(52.184.220.162) mrgeek.pk(5.189.181.83) 5.189.181.83 52.184.220.162
|
|
|
5.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49304 |
2020-07-02 16:48
|
http://mrgeek.pk/wndll.exe VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://mrgeek.pk/wndll.exe https://mrgeek.pk/wndll.exe
|
4
watson.microsoft.com(51.143.111.81) mrgeek.pk(5.189.181.83) 5.189.181.83 51.143.111.81
|
|
|
5.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49305 |
2020-07-02 16:35
|
views.txt 30fe9d1a333a0a4906bebf2f993980e6 malicious URLs |
|
|
|
|
0.8 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|