| 10126 |
2023-09-26 11:30
|
 6e883bbb4501d4f4fa1d2c0cdeadea... 6e883bbb4501d4f4fa1d2c0cdeadea81
njRAT backdoor PE File PE32 .NET EXE Malware download njRAT VirusTotal Malware DNS |
|
1
|
1
ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
|
|
1.8 |
|
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10127 |
2023-09-26 11:27
|
 rc 11d10cfdac2a8c8dd30f80d6a2dad667
PE File DLL PE64 |
|
|
|
|
|
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10128 |
2023-09-26 11:27
|
 tuu d933dc430f8feadf74902c4719033886
PE File DLL PE64 |
|
|
|
|
|
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10129 |
2023-09-26 11:27
|
 ib dd77c8ada4a2591da5b34ff8b496f298
PE File DLL PE64 |
|
|
|
|
|
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10130 |
2023-09-26 11:27
|
 te 0c55abf72ac32c1f4364d2beacbc4eb6
PE File DLL PE64 |
|
|
|
|
|
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10131 |
2023-09-26 11:26
|
 te 65132d1687d9039302697713f6a7d649
PE File DLL PE64 |
|
|
|
|
|
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10132 |
2023-09-26 11:26
|
 ni e23d0b061c80c22c7d232b6a8e43fa77
PE File DLL PE64 |
|
|
|
|
|
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10133 |
2023-09-26 11:22
|
 Judicial Procedure_virustotal.... c3c5f236a1422c9717850d3fd8a9b741
PDF |
|
|
|
|
|
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10134 |
2023-09-26 11:20
|
 Spam Email.pdf 9ecae84fa2e4c60610a9e4f20a1f02ce
PDF |
|
|
|
|
|
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10135 |
2023-09-26 09:30
|
Yl.lnk.lnk 7726e0d4ce453fc9542d1356e9c18e0e
Generic Malware AntiDebug AntiVM GIF Format Lnk Format VirusTotal Malware Code Injection Malicious Traffic Creates shortcut unpack itself suspicious process WriteConsoleW DNS |
1
http://45.32.222.253/ymtpR/Yl
|
1
|
2
ET POLICY curl User-Agent Outbound
ET HUNTING curl User-Agent to Dotted Quad
|
|
4.2 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10136 |
2023-09-26 09:28
|
5vy.lnk.lnk 86b6cf70293cde65ebf86dce611acd51
Generic Malware AntiDebug AntiVM GIF Format Lnk Format VirusTotal Malware Code Injection Malicious Traffic Creates shortcut unpack itself suspicious process WriteConsoleW DNS |
1
http://88.119.175.245/WNJD1/5vy
|
1
|
2
ET POLICY curl User-Agent Outbound
ET HUNTING curl User-Agent to Dotted Quad
|
|
4.2 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10137 |
2023-09-26 09:23
|
 Jv.xll f7a95d9853bbf73d695908480fa3ace2
PE File DLL PE64 |
|
|
|
|
|
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10138 |
2023-09-26 07:31
|
 setup.exe c5d41d92dac11a02d31cc73c5f450fa5
Malicious Library PE File PE32 VirusTotal Malware WMI Creates executable files RWX flags setting Checks Bios anti-virtualization ComputerName |
|
|
|
|
4.0 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10139 |
2023-09-25 18:38
|
 saddsd.exe e9bbf60a02ceb5cbb6b712c1f0d18f2b
Generic Malware Anti_VM AntiDebug AntiVM PE File PE32 icon Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Checks Bios Detects VMWare Check virtual network interfaces WriteConsoleW VMware anti-virtualization installed browsers check Windows Browser Firmware Cryptographic key crashed |
|
|
|
|
14.6 |
|
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10140 |
2023-09-25 18:15
|
passw1234.7z 4a757eead2734a30ba2a1dfd95c3ca7f
PrivateLoader Stealc Escalate priviledges PWS KeyLogger AntiDebug AntiVM RedLine Malware download Dridex Malware c&c Microsoft Telegram suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files ICMP traffic unpack itself suspicious TLD IP Check PrivateLoader Tofsee Stealc Stealer Windows Discord RisePro Trojan DNS Downloader |
57
http://hugersi.com/dl/6523.exe - rule_id: 32660
http://171.22.28.208/download/WWW14_64.exe - rule_id: 36692
http://ji.alie3ksgbb.com/m/esgla2i5.exe - rule_id: 36693
http://zexeq.com/test2/get.php?pid=CD20CF071BA7C05D5F5E6CAF42496E78&first=true - rule_id: 27911
http://168.119.168.251/5c0b4a12d6c03dd98ed431d3eded2169
http://christopherantonio.top/calc2.exe - rule_id: 36694
http://45.15.156.229/api/firegate.php - rule_id: 36052
http://colisumy.com/dl/build2.exe - rule_id: 31026
http://45.9.74.80/super.exe - rule_id: 36063
http://45.15.156.229/api/tracemap.php - rule_id: 33783
http://fc.ftimedica.com/netTime.exe - rule_id: 36695
http://168.119.168.251/data.zip
http://zexeq.com/files/1/build3.exe - rule_id: 27913
http://94.142.138.113/api/tracemap.php - rule_id: 28877
http://193.42.32.118/api/firegate.php - rule_id: 36458
http://bryanzachary.top/e9c345fc99a4e67e.php - rule_id: 36633
http://45.9.74.80/harbar.exe - rule_id: 36698
http://168.119.168.251/
http://193.42.32.118/api/tracemap.php - rule_id: 36180
http://171.22.28.208/download/Services.exe - rule_id: 36699
http://94.142.138.113/api/firegate.php - rule_id: 36152
http://193.42.32.118/api/firecom.php - rule_id: 36700
http://apps.identrust.com/roots/dstrootcax3.p7c
http://www.maxmind.com/geoip/v2.1/city/me
https://sun6-22.userapi.com/c909518/u52355237/docs/d51/adbcd4335d91/d22.bmp?extra=I9Zc-eSFjb7aniypOgKiQRv4636nhweyUT9QKpOFw7kimiw2amz8iPNPZCEGzYVz6BHk9DaB7QwiNnx_cQT_AzlsGCHoLunNSLxa9_vpSu9ggyaoAmjzXznq9mGQpqfYDNGbSYXtHaL7QCGa
https://sun6-20.userapi.com/c909628/u52355237/docs/d26/3173b23b4e4e/setup.bmp?extra=VVPCXTaaKAzMHZJC5rnpXH1YWnS7xAjFbRWDFPhm2AawSriV5gL_VHTHjYu16umoAOyuhw9lfHxMhxZynVMHsCNR9XHh9CTYfxNkSlfIIRPfs9BOiSpW3GtLlh-7U7fJ7HlYYrTDJreTQaQz
https://db-ip.com/demo/home.php?s=175.208.134.152
https://vk.com/doc52355237_666080029?hash=iTgT5jRzVMuMfOipzzdh910Z1eVS2zyNCF1bGoAh0jD&dl=CRGRTXz6mennztuXX6PP2YdwrEitcpcqd8JYyhjt3gs&api=1&no_preview=1#acotr
https://sun6-21.userapi.com/c909328/u52355237/docs/d26/505533e1a303/Bot_Clien.bmp?extra=JRdCEMD1afNdUe2eq1tHKSkWAMPzvkV15kDEjPRy0M4SufT2M90zqE9lbWESswe3EttFy0FBJiL6OgfwMoan2s_07uHL7-8fISw2lgvZ8Jsi-psDZZ0gzfdbD12jr1p-dYl6K4_2enKRNDMw
https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/3844DBB920174967BE7AA4A2C20430FA2/ntkrnlmp.pdb
https://sun6-22.userapi.com/c909228/u52355237/docs/d20/209e889de692/asca1ex.bmp?extra=Y3tHdAvxzFOEpXvEASstlcPFyrUQZW0W1S9R5_nGZbND-ilqrFXOLQgCfGmCdD7wSdYCMGcRr-3h-eKElnZc4tIkiU7j_yF0UAxYdmm6sjjed2R_PSOE7lPSyMomaQjuZFXlwLs7j8TYv40p
https://vk.com/doc52355237_666136580?hash=J0ZSTJENbiReaX4ZPq5xWfmYW8FoV0xrQipVUC8lOoP&dl=kqjwZYr82vmrlMe5ySJIAnl5X3Qhnzh8T4p6Ejv1b3o&api=1&no_preview=1#utube
https://vsblobprodscussu5shard58.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/98A14A45856422D571CDEA18737E156B89D4C85FE7A2C03E353274FC83996DE200.blob?sv=2019-07-07&sr=b&si=1&sig=9uU3hAcIImpB%2FyOM1RYeQAPmMF5nVaTTMSzoMMepXyY%3D&spr=https&se=2023-09-26T09%3A35%3A48Z&rscl=x-e2eid-d4e1fe69-3af64970-a728748c-c9623b63-session-7139f5f0-a7b24e70-996ecbe3-744f6c2c
https://api.ip.sb/ip
https://preconcert.pw/setup294.exe - rule_id: 36162
https://vk.com/doc52355237_665981002?hash=5dlf3DheCq3ZynwxfclKIYSMaBUrqVsiNEQbz1ZBeez&dl=qhGcA2zWn1OHnSTesbATZlb3MbAcGMzKaqeVHxmyiH8&api=1&no_preview=1#rise
https://sun6-23.userapi.com/c235131/u52355237/docs/d25/4b77b3faf410/crypted.bmp?extra=pLE6g0sVj5JzSBjFx8m0PCdIi2mz30mXNfbSsZf9HKk0VIHCoqiKcGBDgi2RzV4Jds8sDjVanxDVFZ9gF4M3zB-npb6kbrVSWsfbKhYCL8SRbYR--u3kEeU4AiH6X8-WCXcvlrkIAaRSAyrm
https://api.myip.com/
https://sun6-22.userapi.com/c909218/u52355237/docs/d17/930f6551e240/red.bmp?extra=xpErrkZKyuhqhXmlpWGPYaOkV8KZk6uf2bZssDtVOaX07u-jnXlDzv7eQ9GgRp9jAKadofx0Aeym6WdKQVyqryj-ZhCNJEn0eT40XbVRZjtBfc5ULd-vAzbPnMW0pxdanSM8aNUihsyhOr2b
https://msdl.microsoft.com/download/symbols/index2.txt
https://vk.com/doc52355237_666116297?hash=lkXB46dcuKnkqGORfsFX2uL9WMbBX0UD71NmU7WScHL&dl=7YSPaysZzeHccUchdso6vzlhfWpyPGmhyN2t8dJd6n0&api=1&no_preview=1#1
https://msdl.microsoft.com/download/symbols/winload_prod.pdb/768283CA443847FB8822F9DB1F36ECC51/winload_prod.pdb
https://cdn.discordapp.com/attachments/1041078464591188050/1153365784878387221/saddsd.exe
https://dzen.ru/?yredirect=true
https://vsblobprodscussu5shard10.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/3361580E1DAA2301EF4C62D105FB67166BD89EA03FCDE3C800EACFAF71EE01C200.blob?sv=2019-07-07&sr=b&si=1&sig=jC%2FHchUGnoKnU%2F7Npr4bk0dZ3HPncEmJsdp3usAJOn0%3D&spr=https&se=2023-09-26T09%3A12%3A03Z&rscl=x-e2eid-e3031299-e353446c-bc6e4fc6-5ba8d6ce-session-cc5d13a5-463b4458-90a3ae06-41a13aa1
https://steamcommunity.com/profiles/76561199553369541
https://sun6-20.userapi.com/c240331/u52355237/docs/d58/c399ba8d11ad/GoodJOB_anketa.bmp?extra=RdKlzPD-Tnc08TwIXUdpKhcJsVLF_czyQ7deLMXMZCuYsEn1hsNWwunUZllu4Y3s8XrVQr_RxVeK9Mix6bp1dEklNqx1x55vXRxuwY-W0dazgHige4BWFMNMsNYicyz81h8L4TvM4NA6te2l
https://sun6-21.userapi.com/c909628/u52355237/docs/d56/defde5a29b85/RisePro_0_7_8d3TUvJJlkW1iIngb5qf_vmp.bmp?extra=NLpT1E-ZXvEFBDSUkHGwYeAn3gufe8JRwAvvU3jpPTPHDkn3Lz0EVO2efphrJLAfrEcqcbeeA_vHPpFV5lLGRZGHx-hm6MmAOrZPB0NpBYG4F35GQNq4otRfdvJxn1jZBJmULgiLE0v7Hk1m
https://vk.com/doc52355237_666108395?hash=jawOiYjXlHzPa18QU35xZPZzBykkkdDodQ7clEr5tKc&dl=p4xlxA2NNutBGc4VBe6MR2ujxECosZT0MnzX27IuYrL&api=1&no_preview=1#1ss
https://sun6-23.userapi.com/c240331/u52355237/docs/d18/eb9207621794/PL_Client.bmp?extra=WCp76kj9ADZ52pgXZrxmINBn800eDzXuEyMTNu2TTZuW3RQud9kFeoOvcj05sKd4wAv5ZUQOTZea23LsMRB9EsiN4I9XiHzR-y4hcz1C_cGJZO6t2w-t4FEeFGXY6cQA_9Mkwu3cNH-lLgAP
https://vk.com/doc52355237_666121482?hash=X7tYzzwdbYpoS3dmjILbhm0NM5SnR8w3HGGZg0cxP38&dl=0lfx33sT3g4TXZpfUQvZAsiUf6cD0lndtNWZ1RI4aC8&api=1&no_preview=1#maff
https://sso.passport.yandex.ru/push?uuid=9917910e-fa55-45f9-ae62-b11c46ebc15c&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue
https://sun6-21.userapi.com/c909518/u52355237/docs/d51/0f66b27eb25f/test22009.bmp?extra=NAVrHi9JKZutyNsJXGGmO9lYfVsk3c8KKwtn3c-jFfhm7LrHxTsETt8lwMMt9o0aMrTXLT8vB9ZgNp5Hq2kYs6aIoTtSbaHezLZKM183aDcqjU-YVj6-fD3rYys3vU6zSKS9bUAdpz7lJULa
https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self
https://neuralshit.net/0c481f030a905c2be1d7c0eb6af97e6a/7725eaa6592c80f8124e769b4e8a07f7.exe
https://sun6-23.userapi.com/c909518/u52355237/docs/d47/9a58548d2219/328dj2afg.bmp?extra=P64PHSwDyVag1P8zJe1CsvJSpZzkgl0vFOicryxY6m4H0Tz8jezzPOu0pctLVqeIZYcMRW0IHtuaVjDPRSlT5REafSnK2XRDsiRf7R-EzcRQ1pwDNRALhrrffOLuhi0fyYOcjUQQcezyATjV
https://octocrabs.com/7725eaa6592c80f8124e769b4e8a07f7.exe - rule_id: 36716
|
104
neuralshit.net(104.21.6.10) - malware
db-ip.com(104.26.4.15)
t.me(149.154.167.99) - mailcious
ipinfo.io(34.117.59.81)
wahaaudit.ps(213.6.54.58) - malware
sun6-23.userapi.com(95.142.206.3)
mastertryprice.com(172.67.212.103)
dzen.ru(62.217.160.2)
preconcert.pw(172.67.197.101) - malware
api.2ip.ua(162.0.217.254)
steamcommunity.com(104.75.41.21) - mailcious
iplogger.org(148.251.234.83) - mailcious
z.nnnaajjjgc.com(156.236.72.121) - malware
twitter.com(104.244.42.65)
msdl.microsoft.com(204.79.197.219)
telegram.org(149.154.167.99)
cdn.discordapp.com(162.159.130.233) - malware
christopherantonio.top(46.173.215.72) - malware
api.db-ip.com(104.26.5.15)
sun6-21.userapi.com(95.142.206.1) - mailcious
sso.passport.yandex.ru(213.180.204.24)
230404015907217.ism.wity21.info()
yandex.ru(77.88.55.88)
vsblobprodscussu5shard58.blob.core.windows.net(20.150.79.68)
api.ip.sb(172.67.75.172)
sun6-20.userapi.com(95.142.206.0) - mailcious
ji.alie3ksgbb.com(172.67.200.102) - mailcious
iplogger.com(148.251.234.93) - mailcious
zexeq.com(37.34.248.24) - malware
octocrabs.com(104.21.21.189) - mailcious
vsblobprodscussu5shard10.blob.core.windows.net(20.150.79.68)
colisumy.com(210.182.29.70) - malware
ce29437f-e56b-4507-97fe-18e71b8df8a3.uuid.окрф.рф()
bryanzachary.top(46.173.215.72) - mailcious
iplis.ru(148.251.234.93) - mailcious
hugersi.com(91.215.85.147) - malware
server9.xn--j1ahhq.xn--p1ai(185.82.216.48)
sun6-22.userapi.com(95.142.206.2)
www.maxmind.com(104.18.145.235)
vk.com(93.186.225.194) - mailcious
stun.sipgate.net(69.194.172.73)
api.myip.com(172.67.75.163)
fc.ftimedica.com(45.130.231.6) - malware
146.59.10.173
194.169.175.128 - mailcious
104.18.145.235
182.162.106.33 - malware
93.186.225.194 - mailcious
172.67.197.101
45.130.231.6 - malware
148.251.234.93 - mailcious
204.79.197.219
91.215.85.147 - malware
20.150.70.36
104.244.42.1 - suspicious
62.217.160.2
208.67.104.60 - mailcious
5.255.255.70
172.67.200.102
149.154.167.99 - mailcious
193.42.32.118 - mailcious
172.67.75.166
213.6.54.58 - malware
172.67.75.163
37.34.248.24 - malware
171.22.28.208 - malware
23.67.53.17
172.67.212.103
46.173.215.72 - mailcious
171.22.28.222 - malware
20.150.79.68
162.0.217.254
172.67.200.10 - mailcious
148.251.234.83
104.26.8.59
104.21.6.10 - malware
104.21.90.117 - malware
213.180.204.24
104.75.41.21 - mailcious
194.55.224.41 - malware
77.232.38.234 - mailcious
34.117.59.81
45.9.74.80 - malware
194.169.175.232 - malware
176.123.9.142 - mailcious
69.194.172.73
94.142.138.113 - mailcious
168.119.168.251
185.225.73.32 - mailcious
104.26.9.59
156.236.72.121 - mailcious
45.15.156.229 - mailcious
172.67.75.172 - mailcious
162.159.129.233 - malware
104.26.4.15
87.240.137.164 - mailcious
95.142.206.3
95.142.206.2
211.119.84.111 - malware
95.142.206.0 - mailcious
185.82.216.48
31.41.244.27 - mailcious
77.91.68.239 - malware
95.142.206.1 - mailcious
|
50
SURICATA Applayer Mismatch protocol both directions
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com)
ET DNS Query to a *.pw domain - Likely Hostile
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING Suspicious services.exe in URI
ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
ET INFO HTTP Request to a *.top domain
ET DNS Query to a *.top domain - Likely Hostile
ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET)
ET DROP Spamhaus DROP Listed Traffic Inbound group 7
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE Single char EXE direct download likely trojan (multiple families)
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET INFO Packed Executable Download
ET HUNTING Possible EXE Download From Suspicious TLD
ET INFO TLS Handshake Failure
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity)
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound)
ET MALWARE Redline Stealer Activity (Response)
ET POLICY IP Check Domain (iplogger .org in DNS Lookup)
ET POLICY IP Check Domain (iplogger .org in TLS SNI)
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET DROP Spamhaus DROP Listed Traffic Inbound group 1
ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration)
ET POLICY External IP Address Lookup DNS Query (2ip .ua)
ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response)
ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in
ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer)
ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
ET MALWARE Win32/Vodkagats Loader Requesting Payload
ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)
ET INFO External IP Lookup Domain (iplogger .com in DNS lookup)
ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key
ET MALWARE Win32/Filecoder.STOP Variant Public Key Download
ET INFO Observed Telegram Domain (t .me in TLS SNI)
ET INFO Dotted Quad Host ZIP Request
ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
|
21
http://hugersi.com/dl/6523.exe
http://171.22.28.208/download/WWW14_64.exe
http://ji.alie3ksgbb.com/m/esgla2i5.exe
http://zexeq.com/test2/get.php
http://christopherantonio.top/calc2.exe
http://45.15.156.229/api/firegate.php
http://colisumy.com/dl/build2.exe
http://45.9.74.80/super.exe
http://45.15.156.229/api/tracemap.php
http://fc.ftimedica.com/netTime.exe
http://zexeq.com/files/1/build3.exe
http://94.142.138.113/api/tracemap.php
http://193.42.32.118/api/firegate.php
http://bryanzachary.top/e9c345fc99a4e67e.php
http://45.9.74.80/harbar.exe
http://193.42.32.118/api/tracemap.php
http://171.22.28.208/download/Services.exe
http://94.142.138.113/api/firegate.php
http://193.42.32.118/api/firecom.php
https://preconcert.pw/setup294.exe
https://octocrabs.com/7725eaa6592c80f8124e769b4e8a07f7.exe
|
6.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|