Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9796	2023-10-07 14:57	asca1ex123111.exe afeaa39b474fbc97ab20f75b90b340c1 Malicious Library PE File PE32 VirusTotal Malware					1.6	M	39	ZeroCERT

9797	2023-10-07 14:54	toolspub2.exe dde202b7adaadf9c8d422216dc3ebec7 Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware Code Injection Checks debugger buffers extracted unpack itself Remote Code Execution					6.6	M	38	ZeroCERT

9798	2023-10-07 14:54	shedremko2.1.exe b80d6d5161b4f047ebb9f903822e2cd2 NSIS Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns Check memory Creates executable files unpack itself AppData folder Windows DNS DDNS		2	1		6.8	M	44	ZeroCERT

9799	2023-10-07 14:52	IOI0OIOoioi0ooooi00IOIOoi0OoI0... 7284a3e9895de3839eeef2bf59e595ee MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed	2 Keyword trend analysis	4	2		4.2	M	35	ZeroCERT

9800	2023-10-07 14:52	ioi0OIOoi0IOIOIoi0OIOIioI0IOio... 432af76c6e1aaf2f1848808a1ccb3f8b MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	4	2		4.2	M	33	ZeroCERT

9801	2023-10-07 14:50	UFG.txt.exe a413cbf395fa31f26a7f234248248a8e AgentTesla Malicious Library UPX PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Check memory Checks debugger unpack itself Check virtual network interfaces Windows Browser Email ComputerName Cryptographic key Software crashed		2			6.8		56	ZeroCERT

9802	2023-10-07 14:50	build5555.exe 82eecea4083e39c33733428c2d845b15 Malicious Library UPX Malicious Packer Socket Http API ScreenShot Code injection Internet API AntiDebug AntiVM PE File PE64 OS Processor Check VirusTotal Malware Code Injection buffers extracted Creates executable files DNS		1			9.8	M	40	ZeroCERT

9803	2023-10-07 14:50	UXO.txt.exe 00b28f548f14de4f53abd6651bf78b98 Malicious Library UPX Malicious Packer PE File PE32 .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	5	5		7.4		42	ZeroCERT

9804	2023-10-07 14:48	ZBzdymFh.bat 44fbd58c401a7786da2e8b6a6291379e Suspicious_Script_Bin Downloader Malicious Library Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 ZIP For VirusTotal Malware Code Injection Check memory Creates executable files unpack itself AppData folder malicious URLs WriteConsoleW crashed					4.8	M	36	ZeroCERT

9805	2023-10-07 14:48	x.x.x.x.doc 15c5d883802631d122728961cb66c596 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed	2 Keyword trend analysis	4	2		4.2	M	34	ZeroCERT

9806	2023-10-07 14:47	UFX.txt.exe 66d2a9ccb1c8fc3c130ee3941e8c97dd Malicious Library UPX Malicious Packer PE File PE32 .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName Software crashed					4.4		50	ZeroCERT

9807	2023-10-07 14:45	DgKW9Ycr.bat 17787170abd9adf8dcdfcfefdeea0194 Suspicious_Script_Bin Downloader Malicious Library Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P persistence AntiDebug AntiVM PE File PE32 ZIP For VirusTotal Malware Code Injection Check memory Creates executable files unpack itself AppData folder malicious URLs WriteConsoleW human activity check crashed					5.0	M	27	ZeroCERT

9808	2023-10-06 19:15	zip.7z 9de1f996f53b99da8ad9bcb3f8e3f120 PrivateLoader Escalate priviledges PWS KeyLogger AntiDebug AntiVM RedLine Malware download Dridex Malware Microsoft Telegram suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files ICMP traffic unpack itself suspicious TLD IP Check PrivateLoader Tofsee Stealer Windows Discord RisePro Trojan DNS Downloader	50 Keyword trend analysis Info http://script.google.com/macros/s/AKfycbxu6XZln0F2VKs8FMpn924RlKozFV5XZApwvto57voh-zMdTnkCnYo38kxDLRAyW0hb/exec?xfgnxfgn&stream=2&ip=175.208.134.152&slots=1000¶m=empty http://5.42.64.10/api/files/software/s2.exe - rule_id: 36798 http://zexeq.com/test2/get.php?pid=CD20CF071BA7C05D5F5E6CAF42496E78&first=true - rule_id: 27911 http://colisumy.com/dl/build2.exe - rule_id: 31026 http://45.9.74.80/super.exe - rule_id: 36063 http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://194.169.175.232/autorun.exe - rule_id: 36817 http://45.15.156.229/api/firegate.php - rule_id: 36052 http://zexeq.com/files/1/build3.exe - rule_id: 27913 http://171.22.28.226/download/WWW14_64.exe - rule_id: 36907 http://94.142.138.113/api/tracemap.php - rule_id: 28877 http://5.42.64.10/ip.php - rule_id: 36799 http://193.42.32.118/api/firegate.php - rule_id: 36458 http://230926170958727.kmj.xne26.cfd/f/fikim0926727.exe - rule_id: 36902 http://193.42.32.118/api/tracemap.php - rule_id: 36180 http://78.47.27.247/b4fc4cd2d76417bf461814b9d989fcdb http://94.142.138.113/api/firegate.php - rule_id: 36152 http://193.42.32.118/api/firecom.php - rule_id: 36700 http://apps.identrust.com/roots/dstrootcax3.p7c http://www.maxmind.com/geoip/v2.1/city/me http://5.42.64.10/api/files/client/s24 - rule_id: 36798 http://78.47.27.247/archieve.zip http://5.42.64.10/api/files/client/s21 - rule_id: 36798 http://5.42.64.10/api/files/client/s23 - rule_id: 36798 http://5.42.64.10/api/files/client/s22 - rule_id: 36798 https://db-ip.com/demo/home.php?s=175.208.134.152 https://script.googleusercontent.com/macros/echo?user_content_key=L8KUs1rDf-0IxQaOsq4CEpa7DDTmpmXtfNxjubxYqEQM4p4Z4FWvLgPEWYS54LjtIqEZBEGVtnrPKA7Hm9CoK7E1dT35ZNduOJmA1Yb3SEsKFZqtv3DaNYcMrmhZHmUMWojr9NvTBuBLhyHCd5hHa_kSw3KJAyZKK3RTU5bpIFQ10ckTyHVSt1vTS5MZ6zqvS4V0cmy1dEEXVXg5zXDjcYCeAylu8DyVhn7i0fteRV_StcynBwb4deQK9NYe9nyjGugVZE-wIMyy0t00odE9g2WAxU2P290mztxgOvWCrwUlG84sMvwcnjz6TyhbZb4SC3Ow0v_3PNk&lib=MAg_X_j8YJSR0PZgL-LNb21v93CYKtC0D https://sun6-23.userapi.com/c235031/u52355237/docs/d13/73bbf3ecac7f/RisePro.bmp?extra=gmXlCsZiYpjnowLP1swWjhY13jlPrTv5pHnTY-UPWWq67yIxI8gpzQyCDAgcSMxg3HmEWDVFcv4uizvvHUpLyvaeP6yJ4WcGChVcA4r9lEKFycqfPVgpvV17uloL6pKJuj6CmFdFwkq5t3jX https://vk.com/doc52355237_666614921?hash=mcgvNSqLTxZlPytCXZGqWTE2UxkIsNsWwhJHKMUGNwP&dl=81n92g6ZKnuIdZcRjbJMbEnGbmv0a8p1IKQCT30gQB8&api=1&no_preview=1#risetest https://canonicate.pw/setup294.exe https://sun6-22.userapi.com/c237031/u52355237/docs/d49/4c3217c05748/66.bmp?extra=Md8eQEgzLGuOlPoQc55hANOV4S0t3MVk5Mq7j2oL9oMgKsIqX8p_L-eYo8Z0ACwN52xGrArbvIMXatBttmTHoFb8gQidHkcg5mbrFvML_A_l6nshcASkR0cVT8nCToj3Cb-0JteqFOHTxI1H https://api.myip.com/ https://vk.com/doc52355237_666590785?hash=N9XtNiMroCgPfI0zEbYcHPGlKJBrPpbgER5008wKXgo&dl=iXMzcCAwAL4mYrLUL1WiJZkinj4A8dUzVBRZ9BP5y50&api=1&no_preview=1#redcl https://neuralshit.net/de23c80b17fd061a388b791d44b53133/7725eaa6592c80f8124e769b4e8a07f7.exe https://vk.com/doc52355237_666294895?hash=MrFrxQ1QY2cQxZMJSWB2ifsnzfn6OL4Lra0UjlNVtcg&dl=KQd3ouCijKMpS3N5SuzYWBo56zMPCFtaA3gtOmd22rc&api=1&no_preview=1 https://sso.passport.yandex.ru/push?uuid=ae03ef72-00d8-4bf0-95e7-2adf274c6da2&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue https://dzen.ru/?yredirect=true https://vk.com/doc52355237_666586594?hash=KW7IbIZ7tmBJH0wG2dYyLQaNt8WD8FYrf1vp2ZdUsZg&dl=pOjzjpwFnDOIJueQO9TQfsaai7iwjVToI4s7cZ7eqks&api=1&no_preview=1#1 https://steamcommunity.com/profiles/76561199557479327 https://script.google.com/macros/s/AKfycbxu6XZln0F2VKs8FMpn924RlKozFV5XZApwvto57voh-zMdTnkCnYo38kxDLRAyW0hb/exec?xfgnxfgn&stream=2&ip=175.208.134.152&slots=1000¶m=empty https://vk.com/doc52355237_666507428?hash=2uHHBsd637ELYzCc9kndmkrUdA72UYNEDayDJQpqLzT&dl=D6ajMB07kruzP2IXhjebY4apDN454ViEX7btbSffzho&api=1&no_preview=1#test22 https://sun6-21.userapi.com/c909228/u52355237/docs/d44/80744560c58d/RisePro_0_7_8d3TUvJJlkW1iIngb5qf_vmp.bmp?extra=Kk6yLQHn--N5FompiT-IH0ifi01IFPYP7q2QQzo0bJalEmOgQtvgf1zOtvbiiYBNSbHP-VAvDjqF79IIcuZTgAjYUUAfAB-3LyKUeyXFYvfpnWmV4UpmP5Ic1AyRMimEqEetIhCY8DkVLOFJ https://sun6-23.userapi.com/c237031/u52355237/docs/d40/13239ef116f6/crypted.bmp?extra=jf3Id-iBwCJuvxr_KRXy5iVBKvlBt9haNJnwFGhMhOGggvJmKTwuqVbRSPa3SInEVwMOySNlTCqJhf3WldOoR-8sHm1LapRTJDK_pGi_CPACwLEQXtJNeXxIsyq6aPqaHF78MEMsh43llNUi https://sun6-23.userapi.com/c237231/u52355237/docs/d20/a8c8e356a397/test21.bmp?extra=Tjw0Zjy3je3HMZXeKdEeufMcQUFV6Kmbq55-H6joKLRFzQtDRuF2VhtBI3HjFl4CSoL9kMSlXGIpQpmPdA112UYjtUJm9oEc6SZw2CzG8VK9ffvrZ5Ne4lXUeTqzct0FEcciUIElKxuvn4fK https://vk.com/doc52355237_666326545?hash=syS3a4VzeA6ooPqV2bDmzdZcRY1zZZVZSwKomUizgpH&dl=9YVv5GINa4fsl9tfR95IZk8DoZOa4nbjbaLRAcxuMog&api=1&no_preview=1 https://sun6-21.userapi.com/c237231/u52355237/docs/d22/84c17767b8f5/2.bmp?extra=7GGUqehS9cUw4D_UVlnB-WQh96d-uDWVI9rWh5wEXCeBm0fdDYnLC_zieZY4sPcEWwLMlYJVF6StZc55T2RYsn9F-Ukgh9zqn8ob0nvmE6-oS-hUZ8a-1KX2SINgfeEiVIsNlQPFV_oevlI3 https://vk.com/doc52355237_666599954?hash=Ke0Vjy4wKSLLxQozgUIZIwbp7FUtx2g2p6dpZCPIz4w&dl=bAWjUoWQU7Q3yZO1dsgL8W1vYS7neHPYrNA6TsTwqPk&api=1&no_preview=1#fr https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://vk.com/doc52355237_666326536?hash=rjXXx4NTWZOjPDm1rBOZV0MNZKJKSPIncZVbfM7fUgs&dl=Xla71nPCOIeJASWCr6aET2SrexVgHh8tOBiaI24D3yw&api=1&no_preview=1#rise https://sun6-20.userapi.com/c235031/u52355237/docs/d13/0aeb7c514923/PL_Client.bmp?extra=zEYLOhDaQqXBo8LHo45R7nwioXoRej0oNRyEVJGCrqajrvSvMw0tliZUIWtDiJ7aOfgdBozitFTgy__8OMIvxe4kKI1wRLO-Ex-HxkH2YWqrhTpszc1R-VBrI5-Kmqhg_zVTt6CoGc2U5-Af	88 Info script.googleusercontent.com(172.217.161.225) neuralshit.net(104.21.6.10) - malware db-ip.com(104.26.5.15) t.me(149.154.167.99) - mailcious canonicate.pw(104.21.35.128) ipinfo.io(34.117.59.81) sun6-23.userapi.com(95.142.206.3) script.google.com(142.250.206.238) - compromised yandex.ru(5.255.255.77) wahaaudit.ps(213.6.54.58) - malware dzen.ru(62.217.160.2) api.2ip.ua(162.0.218.244) steamcommunity.com(104.76.78.101) - mailcious iplogger.org(148.251.234.83) - mailcious twitter.com(104.244.42.65) telegram.org(149.154.167.99) cdn.discordapp.com(162.159.133.233) - malware sun6-20.userapi.com(95.142.206.0) - mailcious api.db-ip.com(172.67.75.166) 230926170958727.kmj.xne26.cfd(94.156.35.76) - malware sun6-21.userapi.com(95.142.206.1) - mailcious sso.passport.yandex.ru(213.180.204.24) 230404015907217.ism.wity21.info() enfantfoundation.com(108.179.232.106) - malware iplogger.com(148.251.234.93) - mailcious ekovel.ro(89.42.13.207) zexeq.com(95.158.162.200) - malware isaiahbenjamin.top(85.143.221.30) - malware octocrabs.com(104.21.21.189) - mailcious aidandylan.top(85.143.221.30) - malware retailtechnologynews.com() colisumy.com(187.156.64.85) - malware iplis.ru(148.251.234.93) - mailcious sun6-22.userapi.com(95.142.206.2) www.maxmind.com(104.18.145.235) vk.com(87.240.132.78) - mailcious api.myip.com(104.26.8.59) 89.42.13.207 148.251.234.93 - mailcious 194.169.175.128 - mailcious 162.159.133.233 - malware 104.18.145.235 194.169.175.123 162.0.218.244 87.240.129.133 - mailcious 62.217.160.2 179.43.158.2 5.255.255.70 142.250.66.97 23.67.53.27 149.154.167.99 - mailcious 193.42.32.118 - mailcious 172.67.75.166 172.67.75.163 51.255.152.132 45.9.74.80 - malware 108.179.232.106 - mailcious 93.186.225.194 - mailcious 171.22.28.226 - malware 34.117.59.81 172.67.221.49 148.251.234.83 104.26.8.59 85.143.221.30 - malware 172.67.134.35 - malware 211.53.230.67 - malware 78.47.27.247 190.141.134.150 185.225.74.144 - malware 194.169.175.232 - malware 176.123.9.142 - mailcious 94.142.138.113 - mailcious 77.91.68.249 - malware 213.6.54.58 - malware 104.26.4.15 104.21.35.128 - mailcious 104.21.21.189 95.142.206.1 - mailcious 95.142.206.0 - mailcious 95.142.206.3 45.15.156.229 - mailcious 104.244.42.129 - suspicious 142.250.204.78 213.180.204.24 104.76.78.101 - mailcious 95.142.206.2 5.42.64.10 - malware 171.22.28.213 - malware	44 Info ET DNS Query to a .top domain - Likely Hostile SURICATA Applayer Mismatch protocol both directions SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET DNS Query to a .pw domain - Likely Hostile ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a *.top domain ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET HUNTING Suspicious services.exe in URI ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SURICATA TLS invalid record type SURICATA TLS invalid record/traffic ET INFO TLS Handshake Failure ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration) ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity) ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET INFO Packed Executable Download ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Potential Dridex.Maldoc Minimal Executable Request ET MALWARE Win32/Vodkagats Loader Requesting Payload ET INFO Observed Telegram Domain (t .me in TLS SNI) ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) ET MALWARE Single char EXE direct download likely trojan (multiple families) ET INFO Dotted Quad Host ZIP Request SURICATA Applayer Wrong direction first Data	20 Info http://5.42.64.10/api/files/ http://zexeq.com/test2/get.php http://colisumy.com/dl/build2.exe http://45.9.74.80/super.exe http://45.15.156.229/api/tracemap.php http://194.169.175.232/autorun.exe http://45.15.156.229/api/firegate.php http://zexeq.com/files/1/build3.exe http://171.22.28.226/download/WWW14_64.exe http://94.142.138.113/api/tracemap.php http://5.42.64.10/ip.php http://193.42.32.118/api/firegate.php http://230926170958727.kmj.xne26.cfd/f/fikim0926727.exe http://193.42.32.118/api/tracemap.php http://94.142.138.113/api/firegate.php http://193.42.32.118/api/firecom.php http://5.42.64.10/api/files/ http://5.42.64.10/api/files/ http://5.42.64.10/api/files/ http://5.42.64.10/api/files/	7.0	M		ZeroCERT

9809	2023-10-06 18:40	Cerber.exe 8b3d0bc69064a0155a205a4202417330 Malicious Library UPX Admin Tool (Sysinternals etc ...) PE File PE32 Malware download VirusTotal Malware MachineGuid Check memory buffers extracted WMI Creates shortcut ICMP traffic unpack itself Windows utilities AntiVM_Disk WriteConsoleW Firewall state off VM Disk Size Check Ransomware Windows ComputerName Remote Code Execution DNS		1088 Info 178.33.163.104 178.33.162.59 178.33.163.102 178.33.163.217 178.33.163.101 178.33.163.39 178.33.163.100 178.33.163.91 178.33.159.1 178.33.161.138 178.33.161.139 178.33.163.206 178.33.163.207 178.33.163.200 178.33.163.201 178.33.162.48 178.33.162.49 178.33.161.130 178.33.161.131 178.33.161.132 178.33.161.133 178.33.161.134 178.33.161.135 178.33.161.136 178.33.161.137 178.33.162.78 178.33.161.71 178.33.162.136 178.33.161.36 178.33.161.37 178.33.161.34 178.33.161.35 178.33.161.32 178.33.161.33 178.33.161.30 178.33.161.31 178.33.163.187 178.33.163.226 178.33.163.156 178.33.161.38 178.33.161.39 178.33.160.44 178.33.160.45 178.33.160.46 178.33.160.47 178.33.160.40 178.33.160.41 178.33.160.42 178.33.160.43 178.33.163.150 178.33.162.58 178.33.160.48 178.33.160.49 178.33.163.151 178.33.162.138 178.33.163.89 178.33.163.152 178.33.163.85 178.33.163.227 178.33.163.87 178.33.163.153 178.33.163.81 178.33.163.80 178.33.163.83 178.33.163.82 178.33.160.171 178.33.160.170 178.33.160.173 178.33.160.172 178.33.160.175 178.33.160.174 178.33.160.177 178.33.160.176 178.33.160.179 178.33.160.178 178.33.163.254 178.33.163.175 178.33.163.158 178.33.163.97 178.33.163.159 178.33.161.89 178.33.161.88 178.33.162.237 178.33.161.83 178.33.161.82 178.33.161.81 178.33.161.80 178.33.161.87 178.33.161.86 178.33.161.85 178.33.161.84 178.33.161.220 178.33.161.221 178.33.161.222 178.33.161.223 178.33.161.224 178.33.161.225 178.33.161.226 178.33.161.227 178.33.161.228 178.33.161.229 178.33.163.6 178.33.163.7 178.33.163.0 178.33.163.1 178.33.162.155 178.33.162.154 178.33.162.157 178.33.162.156 178.33.162.151 178.33.162.150 178.33.162.153 178.33.162.152 178.33.162.91 178.33.162.90 178.33.162.93 178.33.162.92 178.33.162.159 178.33.162.158 178.33.162.97 178.33.162.96 178.33.163.154 178.33.161.202 178.33.163.182 178.33.161.203 178.33.163.218 178.33.163.202 178.33.162.72 178.33.163.203 178.33.163.2 178.33.163.155 178.33.162.46 178.33.163.221 178.33.162.47 178.33.162.44 178.33.162.45 178.33.163.38 178.33.161.92 178.33.163.34 178.33.162.42 178.33.163.36 178.33.161.93 178.33.163.30 178.33.163.220 178.33.163.32 178.33.162.33 178.33.162.182 178.33.163.59 178.33.161.178 178.33.161.179 178.33.161.174 178.33.161.175 178.33.161.176 178.33.161.177 178.33.161.170 178.33.161.171 178.33.161.172 178.33.161.173 178.33.163.28 178.33.162.51 178.33.161.98 178.33.163.157 178.33.161.99 178.33.160.250 178.33.160.251 178.33.160.252 178.33.160.253 178.33.160.254 178.33.160.255 178.33.163.53 178.33.163.50 178.33.162.11 178.33.163.51 178.33.163.136 178.33.162.10 178.33.162.13 178.33.162.12 178.33.162.15 178.33.163.55 178.33.162.14 178.33.161.6 178.33.161.7 178.33.161.4 178.33.161.5 178.33.161.2 178.33.161.3 178.33.161.0 178.33.161.1 178.33.163.77 178.33.163.255 178.33.162.16 178.33.162.181 178.33.162.180 178.33.161.8 178.33.161.9 178.33.160.97 178.33.160.96 178.33.160.95 178.33.160.94 178.33.160.93 178.33.160.92 178.33.160.91 178.33.160.90 178.33.162.186 178.33.163.8 178.33.163.9 178.33.160.99 178.33.160.98 178.33.159.31 178.33.159.30 178.33.163.103 178.33.162.184 178.33.163.186 178.33.162.185 178.33.163.185 178.33.159.3 178.33.159.9 178.33.159.8 178.33.160.79 178.33.160.78 178.33.159.2 178.33.160.75 178.33.160.74 178.33.160.77 178.33.160.76 178.33.160.71 178.33.160.70 178.33.159.5 178.33.160.72 178.33.159.0 178.33.163.181 178.33.161.254 178.33.162.187 178.33.159.7 178.33.163.146 178.33.163.180 178.33.159.6 178.33.160.108 178.33.160.109 178.33.161.78 178.33.161.79 178.33.160.73 178.33.163.95 178.33.160.100 178.33.160.101 178.33.160.102 178.33.159.4 178.33.160.104 178.33.160.105 178.33.160.106 178.33.160.107 178.33.163.234 178.33.163.5 178.33.162.28 178.33.163.189 178.33.163.133 178.33.163.253 178.33.163.119 178.33.162.29 178.33.163.130 178.33.163.70 178.33.163.71 178.33.163.72 178.33.163.73 178.33.163.74 178.33.163.75 178.33.163.76 178.33.163.204 178.33.163.78 178.33.163.79 178.33.163.188 178.33.163.86 178.33.162.88 178.33.162.89 178.33.163.131 178.33.160.214 178.33.160.215 178.33.160.216 178.33.160.217 178.33.160.210 178.33.160.211 178.33.160.212 178.33.160.213 178.33.160.218 178.33.160.219 178.33.162.101 178.33.162.119 178.33.162.118 178.33.162.83 178.33.162.111 178.33.162.110 178.33.162.113 178.33.162.112 178.33.162.115 178.33.162.114 178.33.162.117 178.33.162.116 178.33.161.62 178.33.163.92 178.33.162.82 178.33.161.61 178.33.161.73 178.33.161.70 178.33.163.111 178.33.163.237 178.33.161.127 178.33.161.126 178.33.161.125 178.33.160.103 178.33.161.123 178.33.161.122 178.33.161.121 178.33.161.120 178.33.162.73 178.33.161.76 178.33.162.71 178.33.162.70 178.33.162.77 178.33.162.76 178.33.161.129 178.33.161.128 178.33.163.232 178.33.162.238 178.33.161.74 178.33.163.84 178.33.162.234 178.33.162.235 178.33.162.236 178.33.161.75 178.33.162.230 178.33.162.231 178.33.162.232 178.33.162.233 178.33.163.35 178.33.163.3 178.33.163.67 178.33.161.54 178.33.160.31 178.33.160.30 178.33.160.33 178.33.160.32 178.33.160.35 178.33.160.34 178.33.160.37 178.33.160.36 178.33.160.39 178.33.160.38 178.33.163.110 178.33.160.148 178.33.160.149 178.33.163.109 178.33.163.108 178.33.160.144 178.33.160.145 178.33.160.146 178.33.160.147 178.33.160.140 178.33.160.141 178.33.160.142 178.33.160.143 178.33.163.113 178.33.163.114 178.33.163.115 178.33.163.116 178.33.161.65 178.33.161.248 178.33.163.117 178.33.161.94 178.33.161.95 178.33.161.96 178.33.161.97 178.33.161.90 178.33.161.91 178.33.161.239 178.33.161.238 178.33.161.237 178.33.161.236 178.33.161.235 178.33.161.234 178.33.161.233 178.33.161.232 178.33.161.231 178.33.161.230 178.33.163.93 178.33.163.230 178.33.161.64 178.33.163.138 178.33.163.112 178.33.163.236 178.33.161.60 178.33.162.22 178.33.162.160 178.33.162.161 178.33.162.162 178.33.162.163 178.33.162.164 178.33.162.165 178.33.162.166 178.33.162.167 178.33.162.168 178.33.162.169 178.33.162.80 178.33.162.81 - mailcious 178.33.162.86 178.33.162.87 178.33.162.84 178.33.162.85 178.33.163.250 178.33.162.23 178.33.163.240 178.33.163.66 178.33.163.105 178.33.163.241 178.33.163.139 178.33.163.245 178.33.163.49 178.33.163.48 178.33.163.210 178.33.163.238 178.33.163.41 178.33.163.40 178.33.163.225 178.33.163.42 178.33.163.45 178.33.163.44 178.33.163.47 178.33.163.46 178.33.161.169 178.33.161.168 178.33.162.39 178.33.161.118 178.33.161.163 178.33.161.162 178.33.161.161 178.33.161.160 178.33.161.167 178.33.161.166 178.33.161.165 178.33.161.164 178.33.162.60 178.33.160.249 178.33.160.248 178.33.160.247 178.33.160.246 178.33.160.245 178.33.160.244 178.33.160.243 178.33.160.242 178.33.160.241 178.33.160.240 178.33.160.3 178.33.161.119 178.33.162.26 178.33.160.2 178.33.163.90 178.33.160.1 178.33.160.0 178.33.160.7 178.33.163.209 178.33.160.6 178.33.162.27 178.33.161.103 178.33.163.205 178.33.161.102 178.33.163.134 178.33.160.180 178.33.160.181 178.33.160.182 178.33.160.183 178.33.160.184 178.33.160.185 178.33.160.186 178.33.160.187 178.33.161.116 178.33.161.117 178.33.161.114 178.33.161.115 178.33.161.112 178.33.161.113 178.33.161.110 178.33.161.111 178.33.160.80 178.33.160.81 178.33.160.82 178.33.160.83 178.33.160.84 178.33.160.85 178.33.160.86 178.33.160.87 178.33.160.88 178.33.160.89 178.33.163.43 178.33.159.22 178.33.159.23 178.33.159.20 178.33.159.21 178.33.159.26 178.33.159.27 178.33.159.24 178.33.159.25 178.33.159.28 178.33.159.29 178.33.162.43 178.33.162.67 178.33.163.208 178.33.160.68 178.33.160.69 178.33.160.66 178.33.160.67 178.33.160.64 178.33.160.65 178.33.160.62 178.33.160.63 178.33.160.60 178.33.160.61 178.33.162.62 178.33.162.40 178.33.162.19 178.33.160.117 178.33.160.116 178.33.160.115 178.33.160.114 178.33.160.113 178.33.160.112 178.33.160.111 178.33.160.110 178.33.162.6 178.33.160.119 178.33.160.118 178.33.163.198 178.33.163.199 178.33.162.41 178.33.162.18 178.33.162.37 178.33.162.36 178.33.162.35 178.33.163.194 178.33.161.206 178.33.161.207 178.33.161.204 178.33.161.205 178.33.158.18 178.33.158.19 178.33.161.200 178.33.161.201 178.33.158.14 178.33.158.15 178.33.158.16 178.33.158.17 178.33.158.10 178.33.158.11 178.33.158.12 178.33.158.13 178.33.163.184 178.33.163.135 178.33.162.31 178.33.162.30 178.33.162.34 178.33.163.137 178.33.163.195 178.33.160.203 178.33.160.202 178.33.160.201 178.33.160.200 178.33.160.207 178.33.160.206 178.33.160.205 178.33.160.204 178.33.163.219 178.33.160.209 178.33.160.208 178.33.162.124 178.33.162.125 178.33.162.126 178.33.162.127 178.33.162.120 178.33.162.121 178.33.162.122 178.33.162.123 178.33.163.58 178.33.162.128 178.33.162.129 178.33.161.197 178.33.162.99 178.33.161.47 178.33.162.98 178.33.162.254 178.33.162.255 178.33.162.252 178.33.162.253 178.33.162.250 178.33.162.251 178.33.163.16 178.33.163.17 178.33.163.14 178.33.163.15 178.33.163.12 178.33.163.13 178.33.163.10 178.33.163.11 178.33.163.18 178.33.163.19 178.33.161.152 178.33.161.153 178.33.161.150 178.33.161.151 178.33.161.156 178.33.161.157 178.33.161.154 178.33.161.155 178.33.161.158 178.33.161.159 178.33.162.68 178.33.162.69 178.33.162.229 178.33.162.228 178.33.162.223 178.33.162.222 178.33.162.221 178.33.162.220 178.33.162.227 178.33.162.226 178.33.162.225 178.33.162.224 178.33.163.183 178.33.162.95 178.33.163.132 178.33.162.94 178.33.160.22 178.33.160.23 178.33.160.20 178.33.160.21 178.33.160.26 178.33.160.27 178.33.160.24 178.33.160.25 178.33.160.28 178.33.160.29 178.33.161.63 178.33.160.159 178.33.160.158 178.33.160.153 178.33.160.152 178.33.160.151 178.33.160.150 178.33.160.157 178.33.160.156 178.33.160.155 178.33.160.154 178.33.161.67 178.33.163.211 178.33.161.66 178.33.163.252 178.33.161.77 178.33.163.173 178.33.163.215 178.33.162.50 178.33.158.6 178.33.158.7 178.33.158.4 178.33.158.5 178.33.158.2 178.33.158.3 178.33.158.0 178.33.158.1 178.33.161.242 178.33.161.243 178.33.161.240 178.33.161.241 178.33.161.246 178.33.161.247 178.33.158.8 178.33.158.9 178.33.161.50 178.33.161.51 178.33.161.52 178.33.163.148 178.33.161.53 178.33.161.18 178.33.161.19 178.33.160.128 178.33.160.129 178.33.160.126 178.33.160.127 178.33.160.124 178.33.160.125 178.33.161.10 178.33.161.11 178.33.160.120 178.33.160.121 178.33.161.56 178.33.161.57 178.33.163.178 178.33.163.174 178.33.163.179 178.33.161.40 178.33.163.118 178.33.163.235 178.33.163.231 178.33.163.4 178.33.162.64 178.33.163.128 178.33.158.25 178.33.158.24 178.33.158.27 178.33.158.26 178.33.158.21 178.33.158.20 178.33.158.23 178.33.158.22 178.33.158.29 178.33.158.28 178.33.162.212 178.33.162.213 178.33.162.210 178.33.162.211 178.33.162.216 178.33.162.217 178.33.162.214 178.33.162.215 178.33.163.52 178.33.162.65 178.33.162.218 178.33.162.219 - mailcious 178.33.163.56 178.33.163.57 178.33.163.54 178.33.163.177 178.33.161.196 178.33.161.13 178.33.161.194 178.33.161.195 178.33.161.192 178.33.161.193 178.33.161.190 178.33.161.191 178.33.162.20 178.33.162.21 178.33.162.188 178.33.162.189 178.33.162.24 178.33.162.25 178.33.161.198 178.33.161.199 178.33.163.233 178.33.160.238 178.33.160.239 178.33.162.55 178.33.162.66 178.33.160.232 178.33.160.233 178.33.160.230 178.33.160.231 178.33.160.236 178.33.160.237 178.33.160.234 178.33.160.235 178.33.162.179 178.33.162.178 178.33.162.177 178.33.162.176 178.33.162.175 178.33.162.174 178.33.162.173 178.33.162.172 178.33.162.171 178.33.162.170 178.33.163.143 178.33.162.54 178.33.162.32 178.33.163.142 178.33.163.141 178.33.163.140 178.33.160.199 178.33.160.198 178.33.160.197 178.33.160.196 178.33.160.195 178.33.160.194 178.33.160.193 178.33.160.192 178.33.160.191 178.33.160.190 178.33.163.239 178.33.162.57 178.33.160.9 178.33.160.8 178.33.161.109 178.33.161.108 178.33.161.105 178.33.161.104 178.33.161.107 178.33.161.106 178.33.161.101 178.33.161.100 178.33.160.5 178.33.160.4 178.33.162.9 178.33.160.188 178.33.160.189 178.33.162.1 178.33.162.0 178.33.162.3 178.33.162.2 178.33.162.5 178.33.162.4 178.33.162.7 178.33.162.56 178.33.161.25 178.33.161.24 178.33.161.27 178.33.161.26 178.33.161.21 178.33.161.20 178.33.161.23 - mailcious 178.33.161.22 178.33.163.190 178.33.163.191 178.33.163.192 178.33.163.193 178.33.161.29 178.33.161.28 178.33.163.196 178.33.163.197 178.33.160.59 - mailcious 178.33.160.58 178.33.163.224 178.33.160.53 178.33.160.52 178.33.160.51 178.33.160.50 178.33.160.57 178.33.160.56 178.33.160.55 178.33.160.54 178.33.162.38 178.33.160.162 178.33.160.163 178.33.160.160 178.33.160.161 178.33.160.166 178.33.160.167 178.33.160.164 178.33.160.165 178.33.161.58 178.33.161.59 178.33.160.168 178.33.160.169 178.33.163.129 178.33.162.63 178.33.161.12 178.33.163.37 178.33.163.212 178.33.162.79 178.33.163.31 178.33.162.61 178.33.161.124 178.33.163.251 178.33.162.53 178.33.163.33 178.33.163.216 178.33.161.215 178.33.161.214 178.33.161.217 178.33.161.216 178.33.161.211 178.33.161.210 178.33.161.213 178.33.161.212 178.33.163.214 178.33.161.219 178.33.161.218 178.33.161.249 178.33.159.19 178.33.159.18 178.33.159.17 178.33.159.16 178.33.159.15 178.33.159.14 178.33.159.13 178.33.159.12 178.33.159.11 178.33.159.10 178.33.162.146 - mailcious 178.33.162.147 178.33.162.144 178.33.162.145 178.33.162.142 178.33.162.143 178.33.162.140 178.33.162.141 178.33.163.88 178.33.163.65 178.33.162.148 178.33.162.149 178.33.163.64 178.33.162.75 178.33.163.63 178.33.162.74 178.33.163.172 178.33.162.204 178.33.162.191 178.33.163.61 178.33.163.60 178.33.162.133 178.33.162.132 178.33.162.131 178.33.162.130 178.33.162.137 178.33.161.244 178.33.162.135 178.33.162.134 178.33.162.139 178.33.161.245 178.33.162.239 178.33.162.190 178.33.162.249 178.33.162.248 178.33.162.245 178.33.162.244 178.33.162.247 178.33.162.246 178.33.162.241 178.33.162.240 178.33.162.243 178.33.162.242 178.33.163.23 178.33.163.22 178.33.163.21 178.33.163.20 178.33.163.27 178.33.163.26 178.33.163.25 178.33.163.125 178.33.163.170 178.33.163.29 178.33.163.147 178.33.161.141 178.33.161.140 178.33.161.143 178.33.161.142 178.33.161.145 178.33.161.144 178.33.161.147 178.33.161.146 178.33.161.149 178.33.161.148 178.33.162.193 178.33.162.192 178.33.163.124 178.33.163.171 178.33.162.195 178.33.162.194 178.33.162.197 178.33.160.19 178.33.160.18 178.33.160.17 178.33.160.16 178.33.160.15 178.33.160.14 178.33.160.13 178.33.160.12 178.33.160.11 178.33.160.10 178.33.163.127 178.33.163.176 178.33.163.62 178.33.163.145 178.33.162.52 178.33.163.228 178.33.163.169 178.33.163.168 178.33.163.161 178.33.163.160 178.33.163.163 178.33.163.162 178.33.163.165 178.33.163.164 178.33.163.167 178.33.163.166 178.33.163.222 178.33.163.126 178.33.163.242 178.33.163.243 178.33.163.244 178.33.163.144 178.33.163.246 178.33.163.247 178.33.163.248 178.33.163.249 178.33.163.229 178.33.163.96 178.33.163.121 178.33.161.14 178.33.161.15 178.33.161.251 178.33.161.250 178.33.161.253 178.33.161.252 178.33.161.255 178.33.161.16 178.33.163.99 178.33.161.17 178.33.162.8 178.33.160.122 178.33.163.120 178.33.163.24 178.33.160.123 178.33.161.69 178.33.161.68 178.33.160.139 178.33.160.138 178.33.162.196 178.33.160.135 178.33.160.134 178.33.160.137 178.33.160.136 178.33.160.131 178.33.160.130 178.33.160.133 178.33.160.132 178.33.162.183 178.33.163.94 178.33.163.123 178.33.163.223 178.33.163.149 178.33.163.213 178.33.162.17 178.33.161.209 178.33.161.55 178.33.161.46 178.33.163.122 178.33.161.45 178.33.161.44 178.33.158.30 178.33.158.31 178.33.161.43 178.33.161.42 178.33.162.201 178.33.162.200 178.33.162.203 178.33.162.202 178.33.162.205 178.33.161.41 178.33.162.207 178.33.162.206 178.33.162.209 178.33.162.208 178.33.161.208 178.33.163.69 178.33.163.68 178.33.161.185 178.33.161.184 178.33.161.187 178.33.161.186 178.33.161.181 178.33.161.180 178.33.161.183 178.33.161.182 178.33.162.199 178.33.162.198 178.33.161.189 178.33.161.188 178.33.160.229 178.33.160.228 178.33.161.72 178.33.163.98 178.33.160.221 178.33.160.220 178.33.160.223 178.33.160.222 178.33.160.225 178.33.160.224 178.33.160.227 178.33.160.226 178.33.163.107 178.33.162.108 178.33.162.109 178.33.161.49 178.33.163.106 178.33.162.102 178.33.162.103 178.33.162.100 178.33.161.48 178.33.162.106 178.33.162.107 178.33.162.104 178.33.162.105	1		7.8		57	guest

9810	2023-10-06 18:23	zinda.exe 3141032e3b1e4f3ee0d0a1fe68ccc6e8 Emotet Gen1 Malicious Library UPX Confuser .NET AntiDebug AntiVM PE File PE32 .NET EXE DLL MZP Format PE64 OS Processor Check CHM Format DllRegisterServer dll VirusTotal Cryptocurrency Miner Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces AppData folder WriteConsoleW Tofsee Windows ComputerName DNS crashed CoinMiner		7	6 Info ET INFO TLS Handshake Failure ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)		11.2	M	45	ZeroCERT