Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
7171	2021-04-13 07:43	https://www.websii.org/ 4d37d041156239b1c144576d90d31196 Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed		2		3.8			ZeroCERT

7172	2021-04-13 09:05	winlog.exe 2c64897aa30694cc768f5ea375157932 VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself AppData folder	1 Keyword trend analysis			4.0	M	43	ZeroCERT

7173	2021-04-13 09:05	svchost.exe 7abd2b01e05d9e9b2eca7281d1c7270c Azorult .NET framework Antivirus AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious process Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis			10.4		10	ZeroCERT

7174	2021-04-13 09:06	vbn.exe 48421b088e267cfe8bcecfd5adfdf477 Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed				9.0	M	28	ZeroCERT

7175	2021-04-13 09:08	oregs-0.exe 127ae40009368fb03554057f1bf860a0 Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed				11.4		17	ZeroCERT

7176	2021-04-13 09:08	xles-0.exe 396071cf13f858e6677a6655a2d173bb Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key				7.2		17	ZeroCERT

7177	2021-04-13 09:10	5uwl_cqfirm2code090407.rar f0857d74be2810cd443101e4e2cb9eea VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself DNS				2.8		14	ZeroCERT

7178	2021-04-13 09:10	xles.exe 6a6f860db6a64c09af20eea7444fe628 Azorult .NET framework Antivirus AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key				8.0		9	ZeroCERT

7179	2021-04-13 09:12	winlog.exe 2c64897aa30694cc768f5ea375157932 VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself AppData folder DNS				4.6	M	43	ZeroCERT

7180	2021-04-13 09:15	oregs.exe 2a39c7e2a2d9ed686e08dd32483f5ed4 Azorult .NET framework Antivirus AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed				11.2		8	ZeroCERT

7181	2021-04-13 09:15	tk.exe b23af6c6f1a909df7d67de1e4c2aaa8c Antivirus Browser Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check human activity check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key crashed		1		12.6		28	ZeroCERT

7182	2021-04-13 09:19	vbc.exe 688a80f956364e2d3937b973c41cfbb6 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Checks debugger buffers extracted ICMP traffic unpack itself Remote Code Execution DNS	22 Keyword trend analysis Info http://www.buyeverythingforbaby.com/nnmd/?9rq=ubi4+Pcpe5Ar+4Jek7aF79/+gi3GiunqWbDqm/5cKY51CC3oh7TAhiurYFYoh5USfo3eOT/h&OtxhT2=wZR8DbLPAxEHbr http://www.raison-sociale.com/nnmd/ http://www.likehowto.com/nnmd/?9rq=vRs6n4JRqe7Dt1ePX7b+YJv/yKqWGc/3Y/UBZKRypASveBlD9HGJWm4G1cXUL/JYAaDcAVpU&OtxhT2=wZR8DbLPAxEHbr - rule_id: 628 http://www.krphp.com/nnmd/?9rq=PjB4lvTlAKGYAKn+VSQZPpVCBgwlvzjythr7BfvIej7nd7TDf0ugYZ/oqO22EBbm4ji9UIJN&OtxhT2=wZR8DbLPAxEHbr http://www.elticrecruit.com/nnmd/?9rq=kngYRuVfLuuPny+4CliufAMPT2DrkHQGtZ529sxu6AZ+mjDb8TOV5Kb0i+tB46tvYkYEaNVD&OtxhT2=wZR8DbLPAxEHbr - rule_id: 633 http://www.gujaratmba.com/nnmd/?9rq=jbWwWnjt2fcw4sTPwkTTgKQsQCJDA9NuaUgkL4WeQHKWMPBCQlGqgB/Udc+7oCkc2k0at6cZ&OtxhT2=wZR8DbLPAxEHbr http://www.ufa2345.com/nnmd/ http://www.valid8.network/nnmd/ http://www.scott-re.online/nnmd/ - rule_id: 630 http://www.likehowto.com/nnmd/ - rule_id: 628 http://www.ufa2345.com/nnmd/?9rq=yfw2M87HGp1q9j5w2tOxvPCGM4BQpJS5ADPSvETU0AeQ1mwLyedYVruDCTm82rBipcZzI418&OtxhT2=wZR8DbLPAxEHbr http://www.yetbor.com/nnmd/ http://www.buyeverythingforbaby.com/nnmd/ http://www.elticrecruit.com/nnmd/ - rule_id: 633 http://www.suns-brothers.com/nnmd/?9rq=63wAYXMAzZTyFdbPgeduTMtZQGbVrU0zhbRFEm9YjPWC1DQzp3NhpDeeRLu3xGp5GtFJL6GJ&OtxhT2=wZR8DbLPAxEHbr - rule_id: 775 http://www.valid8.network/nnmd/?9rq=CGq8FpRO0AiTL86OI7qyWUGcdnK3uFmp3WOqNHKk+zAOrlhHiWtpg/dTztC/+VOwDx9e6LJ8&OtxhT2=wZR8DbLPAxEHbr http://www.krphp.com/nnmd/ http://www.suns-brothers.com/nnmd/ - rule_id: 775 http://www.raison-sociale.com/nnmd/?9rq=P1LpRENdnqb1fbOGyNga4nCXTVuCGTreTbOaFjWN+nixYx/3vSvBuhMK5uJ9XJmSyj6SVpMN&OtxhT2=wZR8DbLPAxEHbr http://www.scott-re.online/nnmd/?9rq=YoDjfv9GFAPxmC/m/YrXEnPJINgN/ZGcUJt6czxWwkNRV1BAm2Kb0tXyCx+SX/c+MMPjJ8db&OtxhT2=wZR8DbLPAxEHbr - rule_id: 630 http://www.gujaratmba.com/nnmd/ http://www.yetbor.com/nnmd/?9rq=yFTKtd1luZIo7wvqEcSXbkRM0Fu9DXTErvPZ/33h4h9ltL5T5vX0h6V8ouFS6Gain5PLz56o&OtxhT2=wZR8DbLPAxEHbr	26 Info www.buyeverythingforbaby.com(34.102.136.180) www.topmejoresproductos.com(209.99.40.222) www.ufa2345.com(172.67.203.156) www.scott-re.online(34.102.136.180) www.krphp.com(51.79.19.142) www.suns-brothers.com(153.127.214.150) www.valid8.network(182.50.132.242) www.gujaratmba.com(45.196.105.175) www.az-pcp.com() www.yetbor.com(8.210.22.196) www.raison-sociale.com(164.132.235.17) www.vt999app.net() www.likehowto.com(203.76.236.103) www.xpddwrfj.icu() - mailcious www.elticrecruit.com(216.239.36.21) 216.239.34.21 - mailcious 153.127.214.150 - mailcious 209.99.40.222 - mailcious 164.132.235.17 - phishing 34.102.136.180 - mailcious 45.196.105.175 104.21.69.35 182.50.132.242 - mailcious 51.79.19.142 8.210.22.196 203.76.236.103 - mailcious	8	9.4	M	28	ZeroCERT

7183	2021-04-13 09:19	1604Quas.exe 273f5e4f66fd1e84a6aff459299a09dd AsyncRAT backdoor VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself DNS				3.8		47	ZeroCERT

7184	2021-04-13 09:19	p33.exe 29389832e538957dc769cf709f80144a Gen2 Gen1 Browser Info Stealer VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Interception Windows Browser ComputerName DNS crashed		14 Info 55BE681FC6760236.com() BDC347C728B2D94D.com() 61d53b5a4bc1ab86.com() 61D53B5A4BC1AB86.com() 55be681fc6760236.com() 9ED2FEEA30C3CC5D.com() bdc347c728b2d94d.com() 9ed2feea30c3cc5d.com() C431A802FF4A46B5.com() c431a802ff4a46b5.com() back19e64ea00d6ecfe1.io() 84B5A35D6E5335EF.com() 84b5a35d6e5335ef.com() 101.99.91.200		8.8		52	ZeroCERT

7185	2021-04-13 09:23	................................. e70135cdb555ce99adee7df642813dcb VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed	29 Keyword trend analysis Info http://www.vinegret.com/nnmd/ http://www.acernoxsas.com/nnmd/?uZi0=RIRhBHcBnpQFpzVEdm9Qn3YrBBK1OZbcUKpQDD4XzYml+x0kk9G8REWbCSESFdmiGdYULLFI&Vnt4_=GTd0sn7PSL8x7PP http://www.ueoxx.com/nnmd/ http://www.vinegret.com/nnmd/?uZi0=vSTcV67Wsym0gjaMHw+BLsLDF404VwtlM2ZL2+kS2oryP3sG0sNRMddYy5XCOzyR+w1r1rN4&Vnt4_=GTd0sn7PSL8x7PP http://www.sorelaxedmassage.com/nnmd/?uZi0=ZSH2noI6NHAHn9QA8EACxsTwqFhF5NYts9vBJBihuNtX6Je+hj0P0cQ5PSooL6U0A47HLjeU&Vnt4_=GTd0sn7PSL8x7PP http://23.95.122.25/h/vbc.exe http://www.7985699.com/nnmd/ - rule_id: 631 http://www.vr-club.site/nnmd/ - rule_id: 627 http://www.valid8.network/nnmd/?uZi0=CGq8FpRO0AiTL86OI7qyWUGcdnK3uFmp3WOqNHKk+zAOrlhHiWtpg/dTztC/+VOwDx9e6LJ8&Vnt4_=GTd0sn7PSL8x7PP http://www.vr-club.site/nnmd/?uZi0=PWz62rtZjeojhOkFcCqBVXu8rEu/adWxBjkYhVKdUPhCPZNYbrsWWb643PkmL53QhEqlNSfQ&Vnt4_=GTd0sn7PSL8x7PP - rule_id: 627 http://www.elpis-catering.com/nnmd/?uZi0=0Ts1VGxpsMxFhohnYcmQwyVTyV70cpoMLj6MACjr+zVW8ucMOFGWLmSRW6U63/nNCvV4KGuc&Vnt4_=GTd0sn7PSL8x7PP http://www.acernoxsas.com/nnmd/ http://www.valid8.network/nnmd/ http://www.scott-re.online/nnmd/ - rule_id: 630 http://www.vegrebel.com/nnmd/ - rule_id: 780 http://www.elticrecruit.com/nnmd/ - rule_id: 633 http://www.ikoyisland.net/nnmd/?uZi0=R5rKQMUlrwVeLoW0iVXTqsebTRUUATzeWiADp6t7RLnxNxiFJigPNlV+Rw7wnrX+JJ9AzRNR&Vnt4_=GTd0sn7PSL8x7PP http://www.scott-re.online/nnmd/?uZi0=YoDjfv9GFAPxmC/m/YrXEnPJINgN/ZGcUJt6czxWwkNRV1BAm2Kb0tXyCx+SX/c+MMPjJ8db&Vnt4_=GTd0sn7PSL8x7PP - rule_id: 630 http://www.7985699.com/nnmd/?uZi0=5eMcWOIRhRBDg7AFbH6T6n9ePY1bhRzkU2oAA9D0h2F0eFvVxskwV2U654U3C4UMb8hOzpd5&Vnt4_=GTd0sn7PSL8x7PP - rule_id: 631 http://www.xn--v1bmo9dufsb.com/nnmd/?uZi0=cDaDwtSEh/5bc2FeeSIiUcUr+mpY/3xbz64LVgZ45maSnMiNTbYqd99xhwdI+uHxijdOlda1&Vnt4_=GTd0sn7PSL8x7PP http://www.vegrebel.com/nnmd/?uZi0=iedGY0/jFY2caMs7ufAPjCijJp09b4Pnd9J45dLvz29YUuAPrQ24EB7QdiStDbxe7UevWaqL&Vnt4_=GTd0sn7PSL8x7PP - rule_id: 780 http://www.ikoyisland.net/nnmd/ http://www.elpis-catering.com/nnmd/ http://www.ueoxx.com/nnmd/?uZi0=tRQiX2tnIcR1+0C/rREkw+oZ8fYp7zrYt8/OoSFyZqkjizznZx3g6RXGoToit+qONbwCpa2o&Vnt4_=GTd0sn7PSL8x7PP http://www.ekolucky.com/nnmd/ http://www.ekolucky.com/nnmd/?uZi0=2ELq5eNBSeN+85ZFfjQj/2xpbhe81hF7Lx3GgMrXOl3ZzRDKfjz/x0EKuhMKdwtM2WWmtAp6&Vnt4_=GTd0sn7PSL8x7PP http://www.xn--v1bmo9dufsb.com/nnmd/ http://www.elticrecruit.com/nnmd/?uZi0=kngYRuVfLuuPny+4CliufAMPT2DrkHQGtZ529sxu6AZ+mjDb8TOV5Kb0i+tB46tvYkYEaNVD&Vnt4_=GTd0sn7PSL8x7PP - rule_id: 633 http://www.sorelaxedmassage.com/nnmd/	30 Info www.vr-club.site(163.44.185.224) www.7985699.com(45.142.156.44) www.scott-re.online(34.102.136.180) www.xn--v1bmo9dufsb.com(184.168.131.241) www.sorelaxedmassage.com(103.72.145.203) www.valid8.network(182.50.132.242) www.ueoxx.com(52.15.160.167) www.vinegret.com(104.21.89.165) www.ekolucky.com(213.32.10.111) www.ikoyisland.net(107.161.23.204) www.elticrecruit.com(216.239.34.21) www.vegrebel.com(50.87.195.61) www.elpis-catering.com(67.225.129.56) www.clonegrandma.com() www.acernoxsas.com(104.21.63.177) 163.44.185.224 - mailcious 23.95.122.25 188.164.131.200 - mailcious 184.168.131.241 - mailcious 103.72.145.203 213.32.10.111 - malware 34.102.136.180 - mailcious 50.87.195.61 - mailcious 45.142.156.44 - mailcious 67.225.129.56 - phishing 104.21.89.165 104.21.63.177 3.13.255.157 216.239.36.21 - phishing 182.50.132.242 - mailcious	10 Info http://www.7985699.com/nnmd/ http://www.vr-club.site/nnmd/ http://www.vr-club.site/nnmd/ http://www.scott-re.online/nnmd/ http://www.vegrebel.com/nnmd/ http://www.elticrecruit.com/nnmd/ http://www.scott-re.online/nnmd/ http://www.7985699.com/nnmd/ http://www.vegrebel.com/nnmd/ http://www.elticrecruit.com/nnmd/	4.4	M	23	ZeroCERT