Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9061	2023-10-07 14:48	ZBzdymFh.bat 44fbd58c401a7786da2e8b6a6291379e Suspicious_Script_Bin Downloader Malicious Library Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 ZIP For VirusTotal Malware Code Injection Check memory Creates executable files unpack itself AppData folder malicious URLs WriteConsoleW crashed					4.8	M	36	ZeroCERT

9062	2023-10-07 14:48	x.x.x.x.doc 15c5d883802631d122728961cb66c596 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed	2 Keyword trend analysis	4	2		4.2	M	34	ZeroCERT

9063	2023-10-07 14:47	UFX.txt.exe 66d2a9ccb1c8fc3c130ee3941e8c97dd Malicious Library UPX Malicious Packer PE File PE32 .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName Software crashed					4.4		50	ZeroCERT

9064	2023-10-07 14:45	DgKW9Ycr.bat 17787170abd9adf8dcdfcfefdeea0194 Suspicious_Script_Bin Downloader Malicious Library Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P persistence AntiDebug AntiVM PE File PE32 ZIP For VirusTotal Malware Code Injection Check memory Creates executable files unpack itself AppData folder malicious URLs WriteConsoleW human activity check crashed					5.0	M	27	ZeroCERT

9065	2023-10-06 19:15	zip.7z 9de1f996f53b99da8ad9bcb3f8e3f120 PrivateLoader Escalate priviledges PWS KeyLogger AntiDebug AntiVM RedLine Malware download Dridex Malware Microsoft Telegram suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files ICMP traffic unpack itself suspicious TLD IP Check PrivateLoader Tofsee Stealer Windows Discord RisePro Trojan DNS Downloader	50 Keyword trend analysis Info http://script.google.com/macros/s/AKfycbxu6XZln0F2VKs8FMpn924RlKozFV5XZApwvto57voh-zMdTnkCnYo38kxDLRAyW0hb/exec?xfgnxfgn&stream=2&ip=175.208.134.152&slots=1000¶m=empty http://5.42.64.10/api/files/software/s2.exe - rule_id: 36798 http://zexeq.com/test2/get.php?pid=CD20CF071BA7C05D5F5E6CAF42496E78&first=true - rule_id: 27911 http://colisumy.com/dl/build2.exe - rule_id: 31026 http://45.9.74.80/super.exe - rule_id: 36063 http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://194.169.175.232/autorun.exe - rule_id: 36817 http://45.15.156.229/api/firegate.php - rule_id: 36052 http://zexeq.com/files/1/build3.exe - rule_id: 27913 http://171.22.28.226/download/WWW14_64.exe - rule_id: 36907 http://94.142.138.113/api/tracemap.php - rule_id: 28877 http://5.42.64.10/ip.php - rule_id: 36799 http://193.42.32.118/api/firegate.php - rule_id: 36458 http://230926170958727.kmj.xne26.cfd/f/fikim0926727.exe - rule_id: 36902 http://193.42.32.118/api/tracemap.php - rule_id: 36180 http://78.47.27.247/b4fc4cd2d76417bf461814b9d989fcdb http://94.142.138.113/api/firegate.php - rule_id: 36152 http://193.42.32.118/api/firecom.php - rule_id: 36700 http://apps.identrust.com/roots/dstrootcax3.p7c http://www.maxmind.com/geoip/v2.1/city/me http://5.42.64.10/api/files/client/s24 - rule_id: 36798 http://78.47.27.247/archieve.zip http://5.42.64.10/api/files/client/s21 - rule_id: 36798 http://5.42.64.10/api/files/client/s23 - rule_id: 36798 http://5.42.64.10/api/files/client/s22 - rule_id: 36798 https://db-ip.com/demo/home.php?s=175.208.134.152 https://script.googleusercontent.com/macros/echo?user_content_key=L8KUs1rDf-0IxQaOsq4CEpa7DDTmpmXtfNxjubxYqEQM4p4Z4FWvLgPEWYS54LjtIqEZBEGVtnrPKA7Hm9CoK7E1dT35ZNduOJmA1Yb3SEsKFZqtv3DaNYcMrmhZHmUMWojr9NvTBuBLhyHCd5hHa_kSw3KJAyZKK3RTU5bpIFQ10ckTyHVSt1vTS5MZ6zqvS4V0cmy1dEEXVXg5zXDjcYCeAylu8DyVhn7i0fteRV_StcynBwb4deQK9NYe9nyjGugVZE-wIMyy0t00odE9g2WAxU2P290mztxgOvWCrwUlG84sMvwcnjz6TyhbZb4SC3Ow0v_3PNk&lib=MAg_X_j8YJSR0PZgL-LNb21v93CYKtC0D https://sun6-23.userapi.com/c235031/u52355237/docs/d13/73bbf3ecac7f/RisePro.bmp?extra=gmXlCsZiYpjnowLP1swWjhY13jlPrTv5pHnTY-UPWWq67yIxI8gpzQyCDAgcSMxg3HmEWDVFcv4uizvvHUpLyvaeP6yJ4WcGChVcA4r9lEKFycqfPVgpvV17uloL6pKJuj6CmFdFwkq5t3jX https://vk.com/doc52355237_666614921?hash=mcgvNSqLTxZlPytCXZGqWTE2UxkIsNsWwhJHKMUGNwP&dl=81n92g6ZKnuIdZcRjbJMbEnGbmv0a8p1IKQCT30gQB8&api=1&no_preview=1#risetest https://canonicate.pw/setup294.exe https://sun6-22.userapi.com/c237031/u52355237/docs/d49/4c3217c05748/66.bmp?extra=Md8eQEgzLGuOlPoQc55hANOV4S0t3MVk5Mq7j2oL9oMgKsIqX8p_L-eYo8Z0ACwN52xGrArbvIMXatBttmTHoFb8gQidHkcg5mbrFvML_A_l6nshcASkR0cVT8nCToj3Cb-0JteqFOHTxI1H https://api.myip.com/ https://vk.com/doc52355237_666590785?hash=N9XtNiMroCgPfI0zEbYcHPGlKJBrPpbgER5008wKXgo&dl=iXMzcCAwAL4mYrLUL1WiJZkinj4A8dUzVBRZ9BP5y50&api=1&no_preview=1#redcl https://neuralshit.net/de23c80b17fd061a388b791d44b53133/7725eaa6592c80f8124e769b4e8a07f7.exe https://vk.com/doc52355237_666294895?hash=MrFrxQ1QY2cQxZMJSWB2ifsnzfn6OL4Lra0UjlNVtcg&dl=KQd3ouCijKMpS3N5SuzYWBo56zMPCFtaA3gtOmd22rc&api=1&no_preview=1 https://sso.passport.yandex.ru/push?uuid=ae03ef72-00d8-4bf0-95e7-2adf274c6da2&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue https://dzen.ru/?yredirect=true https://vk.com/doc52355237_666586594?hash=KW7IbIZ7tmBJH0wG2dYyLQaNt8WD8FYrf1vp2ZdUsZg&dl=pOjzjpwFnDOIJueQO9TQfsaai7iwjVToI4s7cZ7eqks&api=1&no_preview=1#1 https://steamcommunity.com/profiles/76561199557479327 https://script.google.com/macros/s/AKfycbxu6XZln0F2VKs8FMpn924RlKozFV5XZApwvto57voh-zMdTnkCnYo38kxDLRAyW0hb/exec?xfgnxfgn&stream=2&ip=175.208.134.152&slots=1000¶m=empty https://vk.com/doc52355237_666507428?hash=2uHHBsd637ELYzCc9kndmkrUdA72UYNEDayDJQpqLzT&dl=D6ajMB07kruzP2IXhjebY4apDN454ViEX7btbSffzho&api=1&no_preview=1#test22 https://sun6-21.userapi.com/c909228/u52355237/docs/d44/80744560c58d/RisePro_0_7_8d3TUvJJlkW1iIngb5qf_vmp.bmp?extra=Kk6yLQHn--N5FompiT-IH0ifi01IFPYP7q2QQzo0bJalEmOgQtvgf1zOtvbiiYBNSbHP-VAvDjqF79IIcuZTgAjYUUAfAB-3LyKUeyXFYvfpnWmV4UpmP5Ic1AyRMimEqEetIhCY8DkVLOFJ https://sun6-23.userapi.com/c237031/u52355237/docs/d40/13239ef116f6/crypted.bmp?extra=jf3Id-iBwCJuvxr_KRXy5iVBKvlBt9haNJnwFGhMhOGggvJmKTwuqVbRSPa3SInEVwMOySNlTCqJhf3WldOoR-8sHm1LapRTJDK_pGi_CPACwLEQXtJNeXxIsyq6aPqaHF78MEMsh43llNUi https://sun6-23.userapi.com/c237231/u52355237/docs/d20/a8c8e356a397/test21.bmp?extra=Tjw0Zjy3je3HMZXeKdEeufMcQUFV6Kmbq55-H6joKLRFzQtDRuF2VhtBI3HjFl4CSoL9kMSlXGIpQpmPdA112UYjtUJm9oEc6SZw2CzG8VK9ffvrZ5Ne4lXUeTqzct0FEcciUIElKxuvn4fK https://vk.com/doc52355237_666326545?hash=syS3a4VzeA6ooPqV2bDmzdZcRY1zZZVZSwKomUizgpH&dl=9YVv5GINa4fsl9tfR95IZk8DoZOa4nbjbaLRAcxuMog&api=1&no_preview=1 https://sun6-21.userapi.com/c237231/u52355237/docs/d22/84c17767b8f5/2.bmp?extra=7GGUqehS9cUw4D_UVlnB-WQh96d-uDWVI9rWh5wEXCeBm0fdDYnLC_zieZY4sPcEWwLMlYJVF6StZc55T2RYsn9F-Ukgh9zqn8ob0nvmE6-oS-hUZ8a-1KX2SINgfeEiVIsNlQPFV_oevlI3 https://vk.com/doc52355237_666599954?hash=Ke0Vjy4wKSLLxQozgUIZIwbp7FUtx2g2p6dpZCPIz4w&dl=bAWjUoWQU7Q3yZO1dsgL8W1vYS7neHPYrNA6TsTwqPk&api=1&no_preview=1#fr https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://vk.com/doc52355237_666326536?hash=rjXXx4NTWZOjPDm1rBOZV0MNZKJKSPIncZVbfM7fUgs&dl=Xla71nPCOIeJASWCr6aET2SrexVgHh8tOBiaI24D3yw&api=1&no_preview=1#rise https://sun6-20.userapi.com/c235031/u52355237/docs/d13/0aeb7c514923/PL_Client.bmp?extra=zEYLOhDaQqXBo8LHo45R7nwioXoRej0oNRyEVJGCrqajrvSvMw0tliZUIWtDiJ7aOfgdBozitFTgy__8OMIvxe4kKI1wRLO-Ex-HxkH2YWqrhTpszc1R-VBrI5-Kmqhg_zVTt6CoGc2U5-Af	88 Info script.googleusercontent.com(172.217.161.225) neuralshit.net(104.21.6.10) - malware db-ip.com(104.26.5.15) t.me(149.154.167.99) - mailcious canonicate.pw(104.21.35.128) ipinfo.io(34.117.59.81) sun6-23.userapi.com(95.142.206.3) script.google.com(142.250.206.238) - compromised yandex.ru(5.255.255.77) wahaaudit.ps(213.6.54.58) - malware dzen.ru(62.217.160.2) api.2ip.ua(162.0.218.244) steamcommunity.com(104.76.78.101) - mailcious iplogger.org(148.251.234.83) - mailcious twitter.com(104.244.42.65) telegram.org(149.154.167.99) cdn.discordapp.com(162.159.133.233) - malware sun6-20.userapi.com(95.142.206.0) - mailcious api.db-ip.com(172.67.75.166) 230926170958727.kmj.xne26.cfd(94.156.35.76) - malware sun6-21.userapi.com(95.142.206.1) - mailcious sso.passport.yandex.ru(213.180.204.24) 230404015907217.ism.wity21.info() enfantfoundation.com(108.179.232.106) - malware iplogger.com(148.251.234.93) - mailcious ekovel.ro(89.42.13.207) zexeq.com(95.158.162.200) - malware isaiahbenjamin.top(85.143.221.30) - malware octocrabs.com(104.21.21.189) - mailcious aidandylan.top(85.143.221.30) - malware retailtechnologynews.com() colisumy.com(187.156.64.85) - malware iplis.ru(148.251.234.93) - mailcious sun6-22.userapi.com(95.142.206.2) www.maxmind.com(104.18.145.235) vk.com(87.240.132.78) - mailcious api.myip.com(104.26.8.59) 89.42.13.207 148.251.234.93 - mailcious 194.169.175.128 - mailcious 162.159.133.233 - malware 104.18.145.235 194.169.175.123 162.0.218.244 87.240.129.133 - mailcious 62.217.160.2 179.43.158.2 5.255.255.70 142.250.66.97 23.67.53.27 149.154.167.99 - mailcious 193.42.32.118 - mailcious 172.67.75.166 172.67.75.163 51.255.152.132 45.9.74.80 - malware 108.179.232.106 - mailcious 93.186.225.194 - mailcious 171.22.28.226 - malware 34.117.59.81 172.67.221.49 148.251.234.83 104.26.8.59 85.143.221.30 - malware 172.67.134.35 - malware 211.53.230.67 - malware 78.47.27.247 190.141.134.150 185.225.74.144 - malware 194.169.175.232 - malware 176.123.9.142 - mailcious 94.142.138.113 - mailcious 77.91.68.249 - malware 213.6.54.58 - malware 104.26.4.15 104.21.35.128 - mailcious 104.21.21.189 95.142.206.1 - mailcious 95.142.206.0 - mailcious 95.142.206.3 45.15.156.229 - mailcious 104.244.42.129 - suspicious 142.250.204.78 213.180.204.24 104.76.78.101 - mailcious 95.142.206.2 5.42.64.10 - malware 171.22.28.213 - malware	44 Info ET DNS Query to a .top domain - Likely Hostile SURICATA Applayer Mismatch protocol both directions SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET DNS Query to a .pw domain - Likely Hostile ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a *.top domain ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET HUNTING Suspicious services.exe in URI ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SURICATA TLS invalid record type SURICATA TLS invalid record/traffic ET INFO TLS Handshake Failure ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration) ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity) ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET INFO Packed Executable Download ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Potential Dridex.Maldoc Minimal Executable Request ET MALWARE Win32/Vodkagats Loader Requesting Payload ET INFO Observed Telegram Domain (t .me in TLS SNI) ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) ET MALWARE Single char EXE direct download likely trojan (multiple families) ET INFO Dotted Quad Host ZIP Request SURICATA Applayer Wrong direction first Data	20 Info http://5.42.64.10/api/files/ http://zexeq.com/test2/get.php http://colisumy.com/dl/build2.exe http://45.9.74.80/super.exe http://45.15.156.229/api/tracemap.php http://194.169.175.232/autorun.exe http://45.15.156.229/api/firegate.php http://zexeq.com/files/1/build3.exe http://171.22.28.226/download/WWW14_64.exe http://94.142.138.113/api/tracemap.php http://5.42.64.10/ip.php http://193.42.32.118/api/firegate.php http://230926170958727.kmj.xne26.cfd/f/fikim0926727.exe http://193.42.32.118/api/tracemap.php http://94.142.138.113/api/firegate.php http://193.42.32.118/api/firecom.php http://5.42.64.10/api/files/ http://5.42.64.10/api/files/ http://5.42.64.10/api/files/ http://5.42.64.10/api/files/	7.0	M		ZeroCERT

9066	2023-10-06 18:40	Cerber.exe 8b3d0bc69064a0155a205a4202417330 Malicious Library UPX Admin Tool (Sysinternals etc ...) PE File PE32 Malware download VirusTotal Malware MachineGuid Check memory buffers extracted WMI Creates shortcut ICMP traffic unpack itself Windows utilities AntiVM_Disk WriteConsoleW Firewall state off VM Disk Size Check Ransomware Windows ComputerName Remote Code Execution DNS		1088 Info 178.33.163.104 178.33.162.59 178.33.163.102 178.33.163.217 178.33.163.101 178.33.163.39 178.33.163.100 178.33.163.91 178.33.159.1 178.33.161.138 178.33.161.139 178.33.163.206 178.33.163.207 178.33.163.200 178.33.163.201 178.33.162.48 178.33.162.49 178.33.161.130 178.33.161.131 178.33.161.132 178.33.161.133 178.33.161.134 178.33.161.135 178.33.161.136 178.33.161.137 178.33.162.78 178.33.161.71 178.33.162.136 178.33.161.36 178.33.161.37 178.33.161.34 178.33.161.35 178.33.161.32 178.33.161.33 178.33.161.30 178.33.161.31 178.33.163.187 178.33.163.226 178.33.163.156 178.33.161.38 178.33.161.39 178.33.160.44 178.33.160.45 178.33.160.46 178.33.160.47 178.33.160.40 178.33.160.41 178.33.160.42 178.33.160.43 178.33.163.150 178.33.162.58 178.33.160.48 178.33.160.49 178.33.163.151 178.33.162.138 178.33.163.89 178.33.163.152 178.33.163.85 178.33.163.227 178.33.163.87 178.33.163.153 178.33.163.81 178.33.163.80 178.33.163.83 178.33.163.82 178.33.160.171 178.33.160.170 178.33.160.173 178.33.160.172 178.33.160.175 178.33.160.174 178.33.160.177 178.33.160.176 178.33.160.179 178.33.160.178 178.33.163.254 178.33.163.175 178.33.163.158 178.33.163.97 178.33.163.159 178.33.161.89 178.33.161.88 178.33.162.237 178.33.161.83 178.33.161.82 178.33.161.81 178.33.161.80 178.33.161.87 178.33.161.86 178.33.161.85 178.33.161.84 178.33.161.220 178.33.161.221 178.33.161.222 178.33.161.223 178.33.161.224 178.33.161.225 178.33.161.226 178.33.161.227 178.33.161.228 178.33.161.229 178.33.163.6 178.33.163.7 178.33.163.0 178.33.163.1 178.33.162.155 178.33.162.154 178.33.162.157 178.33.162.156 178.33.162.151 178.33.162.150 178.33.162.153 178.33.162.152 178.33.162.91 178.33.162.90 178.33.162.93 178.33.162.92 178.33.162.159 178.33.162.158 178.33.162.97 178.33.162.96 178.33.163.154 178.33.161.202 178.33.163.182 178.33.161.203 178.33.163.218 178.33.163.202 178.33.162.72 178.33.163.203 178.33.163.2 178.33.163.155 178.33.162.46 178.33.163.221 178.33.162.47 178.33.162.44 178.33.162.45 178.33.163.38 178.33.161.92 178.33.163.34 178.33.162.42 178.33.163.36 178.33.161.93 178.33.163.30 178.33.163.220 178.33.163.32 178.33.162.33 178.33.162.182 178.33.163.59 178.33.161.178 178.33.161.179 178.33.161.174 178.33.161.175 178.33.161.176 178.33.161.177 178.33.161.170 178.33.161.171 178.33.161.172 178.33.161.173 178.33.163.28 178.33.162.51 178.33.161.98 178.33.163.157 178.33.161.99 178.33.160.250 178.33.160.251 178.33.160.252 178.33.160.253 178.33.160.254 178.33.160.255 178.33.163.53 178.33.163.50 178.33.162.11 178.33.163.51 178.33.163.136 178.33.162.10 178.33.162.13 178.33.162.12 178.33.162.15 178.33.163.55 178.33.162.14 178.33.161.6 178.33.161.7 178.33.161.4 178.33.161.5 178.33.161.2 178.33.161.3 178.33.161.0 178.33.161.1 178.33.163.77 178.33.163.255 178.33.162.16 178.33.162.181 178.33.162.180 178.33.161.8 178.33.161.9 178.33.160.97 178.33.160.96 178.33.160.95 178.33.160.94 178.33.160.93 178.33.160.92 178.33.160.91 178.33.160.90 178.33.162.186 178.33.163.8 178.33.163.9 178.33.160.99 178.33.160.98 178.33.159.31 178.33.159.30 178.33.163.103 178.33.162.184 178.33.163.186 178.33.162.185 178.33.163.185 178.33.159.3 178.33.159.9 178.33.159.8 178.33.160.79 178.33.160.78 178.33.159.2 178.33.160.75 178.33.160.74 178.33.160.77 178.33.160.76 178.33.160.71 178.33.160.70 178.33.159.5 178.33.160.72 178.33.159.0 178.33.163.181 178.33.161.254 178.33.162.187 178.33.159.7 178.33.163.146 178.33.163.180 178.33.159.6 178.33.160.108 178.33.160.109 178.33.161.78 178.33.161.79 178.33.160.73 178.33.163.95 178.33.160.100 178.33.160.101 178.33.160.102 178.33.159.4 178.33.160.104 178.33.160.105 178.33.160.106 178.33.160.107 178.33.163.234 178.33.163.5 178.33.162.28 178.33.163.189 178.33.163.133 178.33.163.253 178.33.163.119 178.33.162.29 178.33.163.130 178.33.163.70 178.33.163.71 178.33.163.72 178.33.163.73 178.33.163.74 178.33.163.75 178.33.163.76 178.33.163.204 178.33.163.78 178.33.163.79 178.33.163.188 178.33.163.86 178.33.162.88 178.33.162.89 178.33.163.131 178.33.160.214 178.33.160.215 178.33.160.216 178.33.160.217 178.33.160.210 178.33.160.211 178.33.160.212 178.33.160.213 178.33.160.218 178.33.160.219 178.33.162.101 178.33.162.119 178.33.162.118 178.33.162.83 178.33.162.111 178.33.162.110 178.33.162.113 178.33.162.112 178.33.162.115 178.33.162.114 178.33.162.117 178.33.162.116 178.33.161.62 178.33.163.92 178.33.162.82 178.33.161.61 178.33.161.73 178.33.161.70 178.33.163.111 178.33.163.237 178.33.161.127 178.33.161.126 178.33.161.125 178.33.160.103 178.33.161.123 178.33.161.122 178.33.161.121 178.33.161.120 178.33.162.73 178.33.161.76 178.33.162.71 178.33.162.70 178.33.162.77 178.33.162.76 178.33.161.129 178.33.161.128 178.33.163.232 178.33.162.238 178.33.161.74 178.33.163.84 178.33.162.234 178.33.162.235 178.33.162.236 178.33.161.75 178.33.162.230 178.33.162.231 178.33.162.232 178.33.162.233 178.33.163.35 178.33.163.3 178.33.163.67 178.33.161.54 178.33.160.31 178.33.160.30 178.33.160.33 178.33.160.32 178.33.160.35 178.33.160.34 178.33.160.37 178.33.160.36 178.33.160.39 178.33.160.38 178.33.163.110 178.33.160.148 178.33.160.149 178.33.163.109 178.33.163.108 178.33.160.144 178.33.160.145 178.33.160.146 178.33.160.147 178.33.160.140 178.33.160.141 178.33.160.142 178.33.160.143 178.33.163.113 178.33.163.114 178.33.163.115 178.33.163.116 178.33.161.65 178.33.161.248 178.33.163.117 178.33.161.94 178.33.161.95 178.33.161.96 178.33.161.97 178.33.161.90 178.33.161.91 178.33.161.239 178.33.161.238 178.33.161.237 178.33.161.236 178.33.161.235 178.33.161.234 178.33.161.233 178.33.161.232 178.33.161.231 178.33.161.230 178.33.163.93 178.33.163.230 178.33.161.64 178.33.163.138 178.33.163.112 178.33.163.236 178.33.161.60 178.33.162.22 178.33.162.160 178.33.162.161 178.33.162.162 178.33.162.163 178.33.162.164 178.33.162.165 178.33.162.166 178.33.162.167 178.33.162.168 178.33.162.169 178.33.162.80 178.33.162.81 - mailcious 178.33.162.86 178.33.162.87 178.33.162.84 178.33.162.85 178.33.163.250 178.33.162.23 178.33.163.240 178.33.163.66 178.33.163.105 178.33.163.241 178.33.163.139 178.33.163.245 178.33.163.49 178.33.163.48 178.33.163.210 178.33.163.238 178.33.163.41 178.33.163.40 178.33.163.225 178.33.163.42 178.33.163.45 178.33.163.44 178.33.163.47 178.33.163.46 178.33.161.169 178.33.161.168 178.33.162.39 178.33.161.118 178.33.161.163 178.33.161.162 178.33.161.161 178.33.161.160 178.33.161.167 178.33.161.166 178.33.161.165 178.33.161.164 178.33.162.60 178.33.160.249 178.33.160.248 178.33.160.247 178.33.160.246 178.33.160.245 178.33.160.244 178.33.160.243 178.33.160.242 178.33.160.241 178.33.160.240 178.33.160.3 178.33.161.119 178.33.162.26 178.33.160.2 178.33.163.90 178.33.160.1 178.33.160.0 178.33.160.7 178.33.163.209 178.33.160.6 178.33.162.27 178.33.161.103 178.33.163.205 178.33.161.102 178.33.163.134 178.33.160.180 178.33.160.181 178.33.160.182 178.33.160.183 178.33.160.184 178.33.160.185 178.33.160.186 178.33.160.187 178.33.161.116 178.33.161.117 178.33.161.114 178.33.161.115 178.33.161.112 178.33.161.113 178.33.161.110 178.33.161.111 178.33.160.80 178.33.160.81 178.33.160.82 178.33.160.83 178.33.160.84 178.33.160.85 178.33.160.86 178.33.160.87 178.33.160.88 178.33.160.89 178.33.163.43 178.33.159.22 178.33.159.23 178.33.159.20 178.33.159.21 178.33.159.26 178.33.159.27 178.33.159.24 178.33.159.25 178.33.159.28 178.33.159.29 178.33.162.43 178.33.162.67 178.33.163.208 178.33.160.68 178.33.160.69 178.33.160.66 178.33.160.67 178.33.160.64 178.33.160.65 178.33.160.62 178.33.160.63 178.33.160.60 178.33.160.61 178.33.162.62 178.33.162.40 178.33.162.19 178.33.160.117 178.33.160.116 178.33.160.115 178.33.160.114 178.33.160.113 178.33.160.112 178.33.160.111 178.33.160.110 178.33.162.6 178.33.160.119 178.33.160.118 178.33.163.198 178.33.163.199 178.33.162.41 178.33.162.18 178.33.162.37 178.33.162.36 178.33.162.35 178.33.163.194 178.33.161.206 178.33.161.207 178.33.161.204 178.33.161.205 178.33.158.18 178.33.158.19 178.33.161.200 178.33.161.201 178.33.158.14 178.33.158.15 178.33.158.16 178.33.158.17 178.33.158.10 178.33.158.11 178.33.158.12 178.33.158.13 178.33.163.184 178.33.163.135 178.33.162.31 178.33.162.30 178.33.162.34 178.33.163.137 178.33.163.195 178.33.160.203 178.33.160.202 178.33.160.201 178.33.160.200 178.33.160.207 178.33.160.206 178.33.160.205 178.33.160.204 178.33.163.219 178.33.160.209 178.33.160.208 178.33.162.124 178.33.162.125 178.33.162.126 178.33.162.127 178.33.162.120 178.33.162.121 178.33.162.122 178.33.162.123 178.33.163.58 178.33.162.128 178.33.162.129 178.33.161.197 178.33.162.99 178.33.161.47 178.33.162.98 178.33.162.254 178.33.162.255 178.33.162.252 178.33.162.253 178.33.162.250 178.33.162.251 178.33.163.16 178.33.163.17 178.33.163.14 178.33.163.15 178.33.163.12 178.33.163.13 178.33.163.10 178.33.163.11 178.33.163.18 178.33.163.19 178.33.161.152 178.33.161.153 178.33.161.150 178.33.161.151 178.33.161.156 178.33.161.157 178.33.161.154 178.33.161.155 178.33.161.158 178.33.161.159 178.33.162.68 178.33.162.69 178.33.162.229 178.33.162.228 178.33.162.223 178.33.162.222 178.33.162.221 178.33.162.220 178.33.162.227 178.33.162.226 178.33.162.225 178.33.162.224 178.33.163.183 178.33.162.95 178.33.163.132 178.33.162.94 178.33.160.22 178.33.160.23 178.33.160.20 178.33.160.21 178.33.160.26 178.33.160.27 178.33.160.24 178.33.160.25 178.33.160.28 178.33.160.29 178.33.161.63 178.33.160.159 178.33.160.158 178.33.160.153 178.33.160.152 178.33.160.151 178.33.160.150 178.33.160.157 178.33.160.156 178.33.160.155 178.33.160.154 178.33.161.67 178.33.163.211 178.33.161.66 178.33.163.252 178.33.161.77 178.33.163.173 178.33.163.215 178.33.162.50 178.33.158.6 178.33.158.7 178.33.158.4 178.33.158.5 178.33.158.2 178.33.158.3 178.33.158.0 178.33.158.1 178.33.161.242 178.33.161.243 178.33.161.240 178.33.161.241 178.33.161.246 178.33.161.247 178.33.158.8 178.33.158.9 178.33.161.50 178.33.161.51 178.33.161.52 178.33.163.148 178.33.161.53 178.33.161.18 178.33.161.19 178.33.160.128 178.33.160.129 178.33.160.126 178.33.160.127 178.33.160.124 178.33.160.125 178.33.161.10 178.33.161.11 178.33.160.120 178.33.160.121 178.33.161.56 178.33.161.57 178.33.163.178 178.33.163.174 178.33.163.179 178.33.161.40 178.33.163.118 178.33.163.235 178.33.163.231 178.33.163.4 178.33.162.64 178.33.163.128 178.33.158.25 178.33.158.24 178.33.158.27 178.33.158.26 178.33.158.21 178.33.158.20 178.33.158.23 178.33.158.22 178.33.158.29 178.33.158.28 178.33.162.212 178.33.162.213 178.33.162.210 178.33.162.211 178.33.162.216 178.33.162.217 178.33.162.214 178.33.162.215 178.33.163.52 178.33.162.65 178.33.162.218 178.33.162.219 - mailcious 178.33.163.56 178.33.163.57 178.33.163.54 178.33.163.177 178.33.161.196 178.33.161.13 178.33.161.194 178.33.161.195 178.33.161.192 178.33.161.193 178.33.161.190 178.33.161.191 178.33.162.20 178.33.162.21 178.33.162.188 178.33.162.189 178.33.162.24 178.33.162.25 178.33.161.198 178.33.161.199 178.33.163.233 178.33.160.238 178.33.160.239 178.33.162.55 178.33.162.66 178.33.160.232 178.33.160.233 178.33.160.230 178.33.160.231 178.33.160.236 178.33.160.237 178.33.160.234 178.33.160.235 178.33.162.179 178.33.162.178 178.33.162.177 178.33.162.176 178.33.162.175 178.33.162.174 178.33.162.173 178.33.162.172 178.33.162.171 178.33.162.170 178.33.163.143 178.33.162.54 178.33.162.32 178.33.163.142 178.33.163.141 178.33.163.140 178.33.160.199 178.33.160.198 178.33.160.197 178.33.160.196 178.33.160.195 178.33.160.194 178.33.160.193 178.33.160.192 178.33.160.191 178.33.160.190 178.33.163.239 178.33.162.57 178.33.160.9 178.33.160.8 178.33.161.109 178.33.161.108 178.33.161.105 178.33.161.104 178.33.161.107 178.33.161.106 178.33.161.101 178.33.161.100 178.33.160.5 178.33.160.4 178.33.162.9 178.33.160.188 178.33.160.189 178.33.162.1 178.33.162.0 178.33.162.3 178.33.162.2 178.33.162.5 178.33.162.4 178.33.162.7 178.33.162.56 178.33.161.25 178.33.161.24 178.33.161.27 178.33.161.26 178.33.161.21 178.33.161.20 178.33.161.23 - mailcious 178.33.161.22 178.33.163.190 178.33.163.191 178.33.163.192 178.33.163.193 178.33.161.29 178.33.161.28 178.33.163.196 178.33.163.197 178.33.160.59 - mailcious 178.33.160.58 178.33.163.224 178.33.160.53 178.33.160.52 178.33.160.51 178.33.160.50 178.33.160.57 178.33.160.56 178.33.160.55 178.33.160.54 178.33.162.38 178.33.160.162 178.33.160.163 178.33.160.160 178.33.160.161 178.33.160.166 178.33.160.167 178.33.160.164 178.33.160.165 178.33.161.58 178.33.161.59 178.33.160.168 178.33.160.169 178.33.163.129 178.33.162.63 178.33.161.12 178.33.163.37 178.33.163.212 178.33.162.79 178.33.163.31 178.33.162.61 178.33.161.124 178.33.163.251 178.33.162.53 178.33.163.33 178.33.163.216 178.33.161.215 178.33.161.214 178.33.161.217 178.33.161.216 178.33.161.211 178.33.161.210 178.33.161.213 178.33.161.212 178.33.163.214 178.33.161.219 178.33.161.218 178.33.161.249 178.33.159.19 178.33.159.18 178.33.159.17 178.33.159.16 178.33.159.15 178.33.159.14 178.33.159.13 178.33.159.12 178.33.159.11 178.33.159.10 178.33.162.146 - mailcious 178.33.162.147 178.33.162.144 178.33.162.145 178.33.162.142 178.33.162.143 178.33.162.140 178.33.162.141 178.33.163.88 178.33.163.65 178.33.162.148 178.33.162.149 178.33.163.64 178.33.162.75 178.33.163.63 178.33.162.74 178.33.163.172 178.33.162.204 178.33.162.191 178.33.163.61 178.33.163.60 178.33.162.133 178.33.162.132 178.33.162.131 178.33.162.130 178.33.162.137 178.33.161.244 178.33.162.135 178.33.162.134 178.33.162.139 178.33.161.245 178.33.162.239 178.33.162.190 178.33.162.249 178.33.162.248 178.33.162.245 178.33.162.244 178.33.162.247 178.33.162.246 178.33.162.241 178.33.162.240 178.33.162.243 178.33.162.242 178.33.163.23 178.33.163.22 178.33.163.21 178.33.163.20 178.33.163.27 178.33.163.26 178.33.163.25 178.33.163.125 178.33.163.170 178.33.163.29 178.33.163.147 178.33.161.141 178.33.161.140 178.33.161.143 178.33.161.142 178.33.161.145 178.33.161.144 178.33.161.147 178.33.161.146 178.33.161.149 178.33.161.148 178.33.162.193 178.33.162.192 178.33.163.124 178.33.163.171 178.33.162.195 178.33.162.194 178.33.162.197 178.33.160.19 178.33.160.18 178.33.160.17 178.33.160.16 178.33.160.15 178.33.160.14 178.33.160.13 178.33.160.12 178.33.160.11 178.33.160.10 178.33.163.127 178.33.163.176 178.33.163.62 178.33.163.145 178.33.162.52 178.33.163.228 178.33.163.169 178.33.163.168 178.33.163.161 178.33.163.160 178.33.163.163 178.33.163.162 178.33.163.165 178.33.163.164 178.33.163.167 178.33.163.166 178.33.163.222 178.33.163.126 178.33.163.242 178.33.163.243 178.33.163.244 178.33.163.144 178.33.163.246 178.33.163.247 178.33.163.248 178.33.163.249 178.33.163.229 178.33.163.96 178.33.163.121 178.33.161.14 178.33.161.15 178.33.161.251 178.33.161.250 178.33.161.253 178.33.161.252 178.33.161.255 178.33.161.16 178.33.163.99 178.33.161.17 178.33.162.8 178.33.160.122 178.33.163.120 178.33.163.24 178.33.160.123 178.33.161.69 178.33.161.68 178.33.160.139 178.33.160.138 178.33.162.196 178.33.160.135 178.33.160.134 178.33.160.137 178.33.160.136 178.33.160.131 178.33.160.130 178.33.160.133 178.33.160.132 178.33.162.183 178.33.163.94 178.33.163.123 178.33.163.223 178.33.163.149 178.33.163.213 178.33.162.17 178.33.161.209 178.33.161.55 178.33.161.46 178.33.163.122 178.33.161.45 178.33.161.44 178.33.158.30 178.33.158.31 178.33.161.43 178.33.161.42 178.33.162.201 178.33.162.200 178.33.162.203 178.33.162.202 178.33.162.205 178.33.161.41 178.33.162.207 178.33.162.206 178.33.162.209 178.33.162.208 178.33.161.208 178.33.163.69 178.33.163.68 178.33.161.185 178.33.161.184 178.33.161.187 178.33.161.186 178.33.161.181 178.33.161.180 178.33.161.183 178.33.161.182 178.33.162.199 178.33.162.198 178.33.161.189 178.33.161.188 178.33.160.229 178.33.160.228 178.33.161.72 178.33.163.98 178.33.160.221 178.33.160.220 178.33.160.223 178.33.160.222 178.33.160.225 178.33.160.224 178.33.160.227 178.33.160.226 178.33.163.107 178.33.162.108 178.33.162.109 178.33.161.49 178.33.163.106 178.33.162.102 178.33.162.103 178.33.162.100 178.33.161.48 178.33.162.106 178.33.162.107 178.33.162.104 178.33.162.105	1		7.8		57	guest

9067	2023-10-06 18:23	zinda.exe 3141032e3b1e4f3ee0d0a1fe68ccc6e8 Emotet Gen1 Malicious Library UPX Confuser .NET AntiDebug AntiVM PE File PE32 .NET EXE DLL MZP Format PE64 OS Processor Check CHM Format DllRegisterServer dll VirusTotal Cryptocurrency Miner Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces AppData folder WriteConsoleW Tofsee Windows ComputerName DNS crashed CoinMiner		7	6 Info ET INFO TLS Handshake Failure ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)		11.2	M	45	ZeroCERT

9068	2023-10-06 17:53	putty.exe 9872c3c580e8bd1a22cd4698e73e3f9a Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					1.6	M	30	ZeroCERT

9069	2023-10-06 17:51	get4.exe ff7517e244f6545e7936becd68aa0578 PE File PE64 VirusTotal Malware Check memory					1.6	M	11	ZeroCERT

9070	2023-10-06 17:49	Tugksta.exe 1f4795e3a6a434601ec37a38ffc99ff5 Formbook UPX .NET framework(MSIL) AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check FormBook Malware download VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key	17 Keyword trend analysis Info http://www.onlyleona.com/kniu/ - rule_id: 36720 http://www.frefire.top/kniu/?mc=w8rKBuSUIg6smCThP+RZr8URK2cMAOxRwdqHG6Uo67OOMeio1zBa/jWrwyXT3+M/9aqTr1N41d9bzE5WN9beyeWExgAtk5mD8L1zbeQ=&1E=_Z4Fpo3srXsvqpV - rule_id: 36723 http://www.tsygy.com/kniu/?mc=bJ36cMi4kupHJe0Hctq9gMewB+uvjmGDqwrfSqfgcqRhOtXAC1zMZIlHhDCyIhSJCFAYjWOLktx1yjWN3ai585tt7uX+B1FmFo0jbF0=&1E=_Z4Fpo3srXsvqpV - rule_id: 36721 http://www.prosourcegraniteinc.com/kniu/?mc=9xFgCh3s8l/k2B8O7aAt9yPceR5ZLMimGcu4Dy10KR8z2IhjbkPtetaY6rVQOSuqKBOJhR+SeENFOh5XwKmANMDhEFCrb4byHJuvuWU=&1E=_Z4Fpo3srXsvqpV - rule_id: 36717 http://www.sqlite.org/2018/sqlite-dll-win32-x86-3250000.zip http://www.poultry-symposium.com/kniu/?mc=40XX9Ytbs/otsI+0yUtAogrXy8SgXZWV889z9rydVcgoc+JCy8vgR1icdWU6u94Njq5xrtv7NQnpOX1iusCyLYuLxlHkdapdsh1Ymak=&1E=_Z4Fpo3srXsvqpV - rule_id: 36722 http://www.poultry-symposium.com/kniu/ - rule_id: 36722 http://www.xxkxcfkujyeft.xyz/kniu/ - rule_id: 36719 http://www.theartboxslidell.com/kniu/ - rule_id: 36718 http://www.frefire.top/kniu/ - rule_id: 36723 http://23.95.106.3/250/process.exe http://www.prosourcegraniteinc.com/kniu/ - rule_id: 36717 http://www.theartboxslidell.com/kniu/?mc=pbzwZ3uv6ZLNK9kOZcORaqCkpmWHCySL5KPRtIvuGjYxhe5HL3eyc57X4ozDsIqy99XGgcN1QrQuWuftpLGszPSRgY0zgb673Mjl5VE=&1E=_Z4Fpo3srXsvqpV - rule_id: 36718 http://www.xxkxcfkujyeft.xyz/kniu/?mc=i0HwDxosD6vP35vKxXt8TqB5hgt09UAmGu6yXsGJ7KHeDbKCAxtr8kYkpXafqSJ5CWKS4JQhNIcZa2fBS8/HEz0POFGF5EDYOp/zgDU=&1E=_Z4Fpo3srXsvqpV - rule_id: 36719 http://23.95.106.3/250/Aqjjqk.wav http://www.tsygy.com/kniu/ - rule_id: 36721 http://www.onlyleona.com/kniu/?mc=eul8o7FRTpzZYv+GqkkzOpE5tEZO7cuUa8jf7YGp4uFOB2eW2y1ALY7ycZgKlFf7jddzg63rMJOPKD43r6dZxMpJnJONv2M7MFgI8Mw=&1E=_Z4Fpo3srXsvqpV - rule_id: 36720	20 Info www.onlyleona.com(172.67.132.228) - mailcious www.prosourcegraniteinc.com(216.239.36.21) - mailcious www.pengeloladata.click() - mailcious www.xxkxcfkujyeft.xyz(216.240.130.67) - mailcious www.frefire.top(67.223.117.37) - mailcious www.8956kjw1.com(103.71.154.243) www.tsygy.com(23.104.137.185) - mailcious www.theartboxslidell.com(199.59.243.225) - mailcious www.poultry-symposium.com(85.128.134.237) - mailcious www.siteapp.fun() - mailcious 85.128.134.237 - mailcious 216.239.34.21 - mailcious 23.104.137.185 - mailcious 23.95.106.3 - mailcious 199.59.243.225 67.223.117.37 - mailcious 216.240.130.67 - mailcious 103.71.154.243 45.33.6.223 172.67.132.228 - mailcious	12 Info ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE FormBook CnC Checkin (POST) M2 ET DNS Query to a .top domain - Likely Hostile ET INFO HTTP Request to a .top domain SURICATA HTTP unable to match response to request ET MALWARE FormBook CnC Checkin (GET) ET HUNTING Request to .XYZ Domain with Minimal Headers ET HUNTING Request to .TOP Domain with Minimal Headers	14 Info http://www.onlyleona.com/kniu/ http://www.frefire.top/kniu/ http://www.tsygy.com/kniu/ http://www.prosourcegraniteinc.com/kniu/ http://www.poultry-symposium.com/kniu/ http://www.poultry-symposium.com/kniu/ http://www.xxkxcfkujyeft.xyz/kniu/ http://www.theartboxslidell.com/kniu/ http://www.frefire.top/kniu/ http://www.prosourcegraniteinc.com/kniu/ http://www.theartboxslidell.com/kniu/ http://www.xxkxcfkujyeft.xyz/kniu/ http://www.tsygy.com/kniu/ http://www.onlyleona.com/kniu/	11.2	M	35	ZeroCERT

9071	2023-10-06 17:49	HTMLc.exe ac1e4067e159504a3bfc2c12b1221d10 LokiBot PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed		2	4		10.6	M	42	ZeroCERT

9072	2023-10-06 17:47	fotha0925877.exe 65ef2eef1ccf3146b44010406a235cb7 Gen1 Emotet Generic Malware Malicious Library UPX Malicious Packer PE File PE32 CAB OS Processor Check DLL PE64 Lnk Format GIF Format VirusTotal Malware AutoRuns PDB Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization VM Disk Size Check Windows ComputerName Remote Code Execution crashed		3			8.8	M	24	ZeroCERT

9073	2023-10-06 17:44	Akh.exe ea7e83d83566d5aeceef44caf31cc59d PE File PE64 VirusTotal Malware Check memory					1.6	M	11	ZeroCERT

9074	2023-10-06 14:45	doser.exe 4b30467bb8a0c1f50d0705febb02c35d Malicious Library UPX Malicious Packer PE File PE64 OS Processor Check VirusTotal Malware unpack itself crashed					1.8		18	ZeroCERT

9075	2023-10-06 14:09	okilo.txt.exe f2d429cdb651892f83759f28ae6b939c Malicious Library UPX Malicious Packer PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName Software crashed					3.2			ZeroCERT