49321 |
2020-07-01 15:45
|
https://cdn1.estsecurity.com/s... f809c38f0febca37c04811e2dc51ff8e Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
6
cdn1.estsecurity.com(52.85.230.125) watson.microsoft.com(52.184.220.162) ie9cvlist.ie.microsoft.com(117.18.232.200) 117.18.232.200 52.158.209.219 52.85.230.83
|
|
|
4.6 |
M |
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49322 |
2020-07-01 15:37
|
https://cdn1.estsecurity.com/s... f809c38f0febca37c04811e2dc51ff8e Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
6
cdn1.estsecurity.com(52.85.230.29) watson.microsoft.com(52.158.209.219) ie9cvlist.ie.microsoft.com(117.18.232.200) 117.18.232.200 52.184.220.162 52.85.230.29
|
|
|
4.6 |
M |
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49323 |
2020-07-01 15:30
|
5900785.exe 2dc4302c0d1cc5a95896b77ac1783437 VirusTotal Malware PDB |
|
|
|
|
1.6 |
M |
11 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49324 |
2020-07-01 14:48
|
5900785.exe 2dc4302c0d1cc5a95896b77ac1783437 VirusTotal Malware PDB |
|
|
|
|
1.6 |
M |
11 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49325 |
2020-07-01 14:08
|
5900785.exe 2dc4302c0d1cc5a95896b77ac1783437 VirusTotal Malware PDB |
|
|
|
|
1.6 |
M |
11 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49326 |
2020-07-01 13:45
|
3e9f05acde528ea5fd7ca9d0c2af0e... b726f090cc523eaa9861ca0c9a748493 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check human activity check installed browsers check Ransomware Windows Browser Email ComputerName DNS |
40
http://gadem.ug/ds1.exe http://ademg.ug/mozglue.dll http://ademg.ug/freebl3.dll http://gadem.ug/rac2.exe http://ademg.ug/sqlite3.dll http://gadem.ug/ac.exe http://gadem.ug/nw.exe http://ademg.ug/softokn3.dll http://34.105.129.68/gate/libs.zip http://34.105.129.68/file_handler/file.php?hash=339ef2194750aadd17698ac9eda7ba8d3337fb39&js=8126c7c5f8600067e2fee43b9f24c665ebbe680b&callback=http://34.105.129.68/gate http://gadem.ug/ds2.exe http://ademg.ug/vcruntime140.dll http://ademg.ug/ http://34.105.129.68/gate/sqlite3.dll http://ademg.ug/msvcp140.dll http://ademg.ug/main.php http://34.105.129.68/gate/libs.zip http://34.105.129.68/gate/libs.zip http://gadem.ug/az2.exe http://ademg.ug/nss3.dll http://34.105.129.68/gate/log.php http://barcla.ug/index.php https://gadem.ug/az2.exe https://ademg.ug/softokn3.dll https://ademg.ug/sqlite3.dll https://ademg.ug/freebl3.dll https://ademg.ug/mozglue.dll https://ademg.ug/msvcp140.dll https://ademg.ug/nss3.dll https://ademg.ug/vcruntime140.dll https://ademg.ug/main.php https://ademg.ug/ https://gadem.ug/rac2.exe https://barcla.ug/index.php https://34.105.129.68/gate/log.php https://34.105.129.68/gate/sqlite3.dll https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/file_handler/file.php?hash=339ef2194750aadd17698ac9eda7ba8d3337fb39&js=8126c7c5f8600067e2fee43b9f24c665ebbe680b&callback=http://34.105.129.68/gate https://gadem.ug/nw.exe https://gadem.ug/ac.exe https://gadem.ug/ds1.exe https://gadem.ug/ds2.exe
|
7
gadem.ug(217.8.117.45) telete.in(195.201.225.248) barcla.ug(217.8.117.45) ademg.ug(217.8.117.45) 195.201.225.248 217.8.117.45 34.105.129.68
|
|
|
23.8 |
M |
44 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49327 |
2020-07-01 11:38
|
asdfg.exe b726f090cc523eaa9861ca0c9a748493 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check Windows Browser Email ComputerName |
20
http://ademg.ug/msvcp140.dll http://ademg.ug/main.php http://ademg.ug/sqlite3.dll http://ademg.ug/nss3.dll http://ademg.ug/ http://ademg.ug/vcruntime140.dll http://ademg.ug/mozglue.dll http://ademg.ug/softokn3.dll http://ademg.ug/freebl3.dll http://gadem.ug/az2.exe https://gadem.ug/az2.exe https://ademg.ug/softokn3.dll https://ademg.ug/sqlite3.dll https://ademg.ug/freebl3.dll https://ademg.ug/mozglue.dll https://ademg.ug/msvcp140.dll https://ademg.ug/nss3.dll https://ademg.ug/vcruntime140.dll https://ademg.ug/main.php https://ademg.ug/
|
3
gadem.ug(217.8.117.45) ademg.ug(217.8.117.45) 217.8.117.45
|
|
|
18.4 |
M |
44 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49328 |
2020-07-01 11:20
|
3e9f05acde528ea5fd7ca9d0c2af0e... b726f090cc523eaa9861ca0c9a748493 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check human activity check installed browsers check Ransomware Windows Browser Email ComputerName DNS |
40
http://gadem.ug/ds1.exe http://ademg.ug/mozglue.dll http://ademg.ug/freebl3.dll http://gadem.ug/rac2.exe http://ademg.ug/sqlite3.dll http://gadem.ug/ac.exe http://gadem.ug/nw.exe http://ademg.ug/softokn3.dll http://34.105.129.68/gate/libs.zip http://34.105.129.68/file_handler/file.php?hash=339ef2194750aadd17698ac9eda7ba8d3337fb39&js=8126c7c5f8600067e2fee43b9f24c665ebbe680b&callback=http://34.105.129.68/gate http://gadem.ug/ds2.exe http://ademg.ug/vcruntime140.dll http://ademg.ug/ http://34.105.129.68/gate/sqlite3.dll http://ademg.ug/msvcp140.dll http://ademg.ug/main.php http://34.105.129.68/gate/libs.zip http://34.105.129.68/gate/libs.zip http://gadem.ug/az2.exe http://ademg.ug/nss3.dll http://34.105.129.68/gate/log.php http://barcla.ug/index.php https://gadem.ug/az2.exe https://ademg.ug/softokn3.dll https://ademg.ug/sqlite3.dll https://ademg.ug/freebl3.dll https://ademg.ug/mozglue.dll https://ademg.ug/msvcp140.dll https://ademg.ug/nss3.dll https://ademg.ug/vcruntime140.dll https://ademg.ug/main.php https://ademg.ug/ https://gadem.ug/rac2.exe https://barcla.ug/index.php https://34.105.129.68/gate/log.php https://34.105.129.68/gate/sqlite3.dll https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/file_handler/file.php?hash=339ef2194750aadd17698ac9eda7ba8d3337fb39&js=8126c7c5f8600067e2fee43b9f24c665ebbe680b&callback=http://34.105.129.68/gate https://gadem.ug/nw.exe https://gadem.ug/ac.exe https://gadem.ug/ds1.exe https://gadem.ug/ds2.exe
|
7
gadem.ug(217.8.117.45) telete.in(195.201.225.248) barcla.ug(217.8.117.45) ademg.ug(217.8.117.45) 195.201.225.248 217.8.117.45 34.105.129.68
|
|
|
23.8 |
M |
44 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49329 |
2020-07-01 11:08
|
3e9f05acde528ea5fd7ca9d0c2af0e... b726f090cc523eaa9861ca0c9a748493 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check human activity check installed browsers check Ransomware Windows Browser Email ComputerName DNS |
40
http://gadem.ug/ds1.exe http://ademg.ug/mozglue.dll http://ademg.ug/freebl3.dll http://gadem.ug/rac2.exe http://ademg.ug/sqlite3.dll http://gadem.ug/ac.exe http://gadem.ug/nw.exe http://ademg.ug/softokn3.dll http://34.105.129.68/gate/libs.zip http://34.105.129.68/file_handler/file.php?hash=339ef2194750aadd17698ac9eda7ba8d3337fb39&js=8126c7c5f8600067e2fee43b9f24c665ebbe680b&callback=http://34.105.129.68/gate http://gadem.ug/ds2.exe http://ademg.ug/vcruntime140.dll http://ademg.ug/ http://34.105.129.68/gate/sqlite3.dll http://ademg.ug/msvcp140.dll http://ademg.ug/main.php http://34.105.129.68/gate/libs.zip http://34.105.129.68/gate/libs.zip http://gadem.ug/az2.exe http://ademg.ug/nss3.dll http://34.105.129.68/gate/log.php http://barcla.ug/index.php https://gadem.ug/az2.exe https://ademg.ug/softokn3.dll https://ademg.ug/sqlite3.dll https://ademg.ug/freebl3.dll https://ademg.ug/mozglue.dll https://ademg.ug/msvcp140.dll https://ademg.ug/nss3.dll https://ademg.ug/vcruntime140.dll https://ademg.ug/main.php https://ademg.ug/ https://gadem.ug/rac2.exe https://barcla.ug/index.php https://34.105.129.68/gate/log.php https://34.105.129.68/gate/sqlite3.dll https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/file_handler/file.php?hash=339ef2194750aadd17698ac9eda7ba8d3337fb39&js=8126c7c5f8600067e2fee43b9f24c665ebbe680b&callback=http://34.105.129.68/gate https://gadem.ug/nw.exe https://gadem.ug/ac.exe https://gadem.ug/ds1.exe https://gadem.ug/ds2.exe
|
7
gadem.ug(217.8.117.45) telete.in(195.201.225.248) barcla.ug(217.8.117.45) ademg.ug(217.8.117.45) 195.201.225.248 217.8.117.45 34.105.129.68
|
|
|
23.8 |
M |
44 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49330 |
2020-07-01 11:07
|
3e9f05acde528ea5fd7ca9d0c2af0e... b726f090cc523eaa9861ca0c9a748493 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check human activity check installed browsers check Ransomware Windows Browser Email ComputerName DNS |
40
http://gadem.ug/ds1.exe http://ademg.ug/mozglue.dll http://ademg.ug/freebl3.dll http://gadem.ug/rac2.exe http://ademg.ug/sqlite3.dll http://gadem.ug/ac.exe http://gadem.ug/nw.exe http://ademg.ug/softokn3.dll http://34.105.129.68/gate/libs.zip http://34.105.129.68/file_handler/file.php?hash=339ef2194750aadd17698ac9eda7ba8d3337fb39&js=8126c7c5f8600067e2fee43b9f24c665ebbe680b&callback=http://34.105.129.68/gate http://gadem.ug/ds2.exe http://ademg.ug/vcruntime140.dll http://ademg.ug/ http://34.105.129.68/gate/sqlite3.dll http://ademg.ug/msvcp140.dll http://ademg.ug/main.php http://34.105.129.68/gate/libs.zip http://34.105.129.68/gate/libs.zip http://gadem.ug/az2.exe http://ademg.ug/nss3.dll http://34.105.129.68/gate/log.php http://barcla.ug/index.php https://gadem.ug/az2.exe https://ademg.ug/softokn3.dll https://ademg.ug/sqlite3.dll https://ademg.ug/freebl3.dll https://ademg.ug/mozglue.dll https://ademg.ug/msvcp140.dll https://ademg.ug/nss3.dll https://ademg.ug/vcruntime140.dll https://ademg.ug/main.php https://ademg.ug/ https://gadem.ug/rac2.exe https://barcla.ug/index.php https://34.105.129.68/gate/log.php https://34.105.129.68/gate/sqlite3.dll https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/file_handler/file.php?hash=339ef2194750aadd17698ac9eda7ba8d3337fb39&js=8126c7c5f8600067e2fee43b9f24c665ebbe680b&callback=http://34.105.129.68/gate https://gadem.ug/nw.exe https://gadem.ug/ac.exe https://gadem.ug/ds1.exe https://gadem.ug/ds2.exe
|
7
gadem.ug(217.8.117.45) telete.in(195.201.225.248) barcla.ug(217.8.117.45) ademg.ug(217.8.117.45) 195.201.225.248 217.8.117.45 34.105.129.68
|
|
|
23.8 |
M |
44 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49331 |
2020-07-01 10:51
|
3e9f05acde528ea5fd7ca9d0c2af0e... b726f090cc523eaa9861ca0c9a748493 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check human activity check installed browsers check Ransomware Windows Browser Email ComputerName DNS |
40
http://gadem.ug/ds1.exe http://ademg.ug/mozglue.dll http://ademg.ug/freebl3.dll http://gadem.ug/rac2.exe http://ademg.ug/sqlite3.dll http://gadem.ug/ac.exe http://gadem.ug/nw.exe http://ademg.ug/softokn3.dll http://34.105.129.68/gate/libs.zip http://34.105.129.68/file_handler/file.php?hash=339ef2194750aadd17698ac9eda7ba8d3337fb39&js=8126c7c5f8600067e2fee43b9f24c665ebbe680b&callback=http://34.105.129.68/gate http://gadem.ug/ds2.exe http://ademg.ug/vcruntime140.dll http://ademg.ug/ http://34.105.129.68/gate/sqlite3.dll http://ademg.ug/msvcp140.dll http://ademg.ug/main.php http://34.105.129.68/gate/libs.zip http://34.105.129.68/gate/libs.zip http://gadem.ug/az2.exe http://ademg.ug/nss3.dll http://34.105.129.68/gate/log.php http://barcla.ug/index.php https://gadem.ug/az2.exe https://ademg.ug/softokn3.dll https://ademg.ug/sqlite3.dll https://ademg.ug/freebl3.dll https://ademg.ug/mozglue.dll https://ademg.ug/msvcp140.dll https://ademg.ug/nss3.dll https://ademg.ug/vcruntime140.dll https://ademg.ug/main.php https://ademg.ug/ https://gadem.ug/rac2.exe https://barcla.ug/index.php https://34.105.129.68/gate/log.php https://34.105.129.68/gate/sqlite3.dll https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/file_handler/file.php?hash=339ef2194750aadd17698ac9eda7ba8d3337fb39&js=8126c7c5f8600067e2fee43b9f24c665ebbe680b&callback=http://34.105.129.68/gate https://gadem.ug/nw.exe https://gadem.ug/ac.exe https://gadem.ug/ds1.exe https://gadem.ug/ds2.exe
|
7
gadem.ug(217.8.117.45) telete.in(195.201.225.248) barcla.ug(217.8.117.45) ademg.ug(217.8.117.45) 195.201.225.248 217.8.117.45 34.105.129.68
|
|
|
23.8 |
M |
44 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49332 |
2020-07-01 10:49
|
3e9f05acde528ea5fd7ca9d0c2af0e... b726f090cc523eaa9861ca0c9a748493 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check human activity check installed browsers check Ransomware Windows Browser Email ComputerName DNS |
40
http://gadem.ug/ds1.exe http://ademg.ug/mozglue.dll http://ademg.ug/freebl3.dll http://gadem.ug/rac2.exe http://ademg.ug/sqlite3.dll http://gadem.ug/ac.exe http://gadem.ug/nw.exe http://ademg.ug/softokn3.dll http://34.105.129.68/gate/libs.zip http://34.105.129.68/file_handler/file.php?hash=339ef2194750aadd17698ac9eda7ba8d3337fb39&js=8126c7c5f8600067e2fee43b9f24c665ebbe680b&callback=http://34.105.129.68/gate http://gadem.ug/ds2.exe http://ademg.ug/vcruntime140.dll http://ademg.ug/ http://34.105.129.68/gate/sqlite3.dll http://ademg.ug/msvcp140.dll http://ademg.ug/main.php http://34.105.129.68/gate/libs.zip http://34.105.129.68/gate/libs.zip http://gadem.ug/az2.exe http://ademg.ug/nss3.dll http://34.105.129.68/gate/log.php http://barcla.ug/index.php https://gadem.ug/az2.exe https://ademg.ug/softokn3.dll https://ademg.ug/sqlite3.dll https://ademg.ug/freebl3.dll https://ademg.ug/mozglue.dll https://ademg.ug/msvcp140.dll https://ademg.ug/nss3.dll https://ademg.ug/vcruntime140.dll https://ademg.ug/main.php https://ademg.ug/ https://gadem.ug/rac2.exe https://barcla.ug/index.php https://34.105.129.68/gate/log.php https://34.105.129.68/gate/sqlite3.dll https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/file_handler/file.php?hash=339ef2194750aadd17698ac9eda7ba8d3337fb39&js=8126c7c5f8600067e2fee43b9f24c665ebbe680b&callback=http://34.105.129.68/gate https://gadem.ug/nw.exe https://gadem.ug/ac.exe https://gadem.ug/ds1.exe https://gadem.ug/ds2.exe
|
7
gadem.ug(217.8.117.45) telete.in(195.201.225.248) barcla.ug(217.8.117.45) ademg.ug(217.8.117.45) 195.201.225.248 217.8.117.45 34.105.129.68
|
|
|
23.8 |
M |
44 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49333 |
2020-07-01 10:20
|
views.txt 30fe9d1a333a0a4906bebf2f993980e6 malicious URLs |
|
|
|
|
0.8 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49334 |
2020-07-01 10:13
|
views.txt 30fe9d1a333a0a4906bebf2f993980e6 malicious URLs |
|
|
|
|
0.8 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49335 |
2020-07-01 09:36
|
views.txt 30fe9d1a333a0a4906bebf2f993980e6 malicious URLs |
|
|
|
|
0.8 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|