Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
11596	2021-08-20 17:36	n33.exe d1ce5b7ddf8d49a2554281ffe4e14270 AgentTesla(IN) RAT Generic Malware Malicious Library Malicious Packer PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed				5.8		41	ZeroCERT

11597	2021-08-20 17:36	wdqdwq.dll 93d00a52720b98570ad54a8ae5c2411a RAT Generic Malware Malicious Packer PE File .NET DLL DLL PE32 VirusTotal Malware				0.6		16	ZeroCERT

11598	2021-08-21 04:18	DCRatBuild.exe 8b9163cd83793b088066e54dfd74c62f Gen2 RAT Gen1 Generic Malware Malicious Library Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File OS AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder AntiVM_Disk suspicious TLD WriteConsoleW IP Check VM Disk Size Check Tofsee Windows ComputerName Remote Code Execution crashed keylogger	2 Keyword trend analysis Info http://cq58782.tmweb.ru/toauthwindows.php?tONjm8E74hYgcHuHBKw7wOMcR5SfI=IMKnnpZ23TgX91vNWXOm7uEfHfB&SqpizDZLWzeFsJRdaZOVrDj5=f3YIofInok&n7h6cj1g=J4ydlErQqDPGuRTJADrUWbDjE0d2&fa3036a5fecf852c355e0f2473333069=iJWM4cDO5Q2Y1UjMkZmNxUmZwUTZkNDM0UTYkVWYxIDOlZDZ4EDOhNDM1gzNwQzM5AjN1gDN&27db3b6f029f67ff228920ab3ac1e781=gZlVmYmFTOxU2N5EmMhZTZ0IDOihjY1ITY3gTO2ATOhRGOjNzY1UWN&5d9fca7c5f45565f194c0589cda03d83=d1nIxcDOxImMlNGNiJWMwcDZzIzYwMWYzIjNxEzYzcjMlZTOyY2NlRWO1IiOiETMlZjY3gjYmJTN5QjN5MGMzUGN3IWMkBTOjFDO4czNiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOiE2N4QGO4MjY2QjZ0UTMllTNkZ2N5QGM3YjYzQWO3QjNis3W http://cq58782.tmweb.ru/toauthwindows.php?tONjm8E74hYgcHuHBKw7wOMcR5SfI=IMKnnpZ23TgX91vNWXOm7uEfHfB&SqpizDZLWzeFsJRdaZOVrDj5=f3YIofInok&n7h6cj1g=J4ydlErQqDPGuRTJADrUWbDjE0d2&7097c1305bf626a29b306f28c3eb5a37=73d6e7d5c4f05e2c08f40d4996142654&27db3b6f029f67ff228920ab3ac1e781=QNjhTO4Q2NiJWMjRWO1IjYwIjM5ADNzQWMiVWNxUjNxIzMmJmY3QGO&tONjm8E74hYgcHuHBKw7wOMcR5SfI=IMKnnpZ23TgX91vNWXOm7uEfHfB&SqpizDZLWzeFsJRdaZOVrDj5=f3YIofInok&n7h6cj1g=J4ydlErQqDPGuRTJADrUWbDjE0d2	4	3	13.0			guest

11599	2021-08-21 04:26	DCRatBuild.exe 8b9163cd83793b088066e54dfd74c62f Gen2 RAT Gen1 Generic Malware Malicious Library Malicious Packer AntiDebug AntiVM PE File OS Processor Check PE32 .NET EXE AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces AppData folder AntiVM_Disk WriteConsoleW IP Check VM Disk Size Check Tofsee Windows ComputerName Remote Code Execution crashed keylogger	4 Keyword trend analysis Info http://cq58782.tmweb.ru/toauthwindows.php?lGZe8AcjODuUQz3iQSiLZmAWQr=1AMKHlt6LWjGq9s&x30cyCB=K3&fa3036a5fecf852c355e0f2473333069=iJWM4cDO5Q2Y1UjMkZmNxUmZwUTZkNDM0UTYkVWYxIDOlZDZ4EDOhNDM1gzNwQzM5ADM5QTM&27db3b6f029f67ff228920ab3ac1e781=gZlVmYmFTOxU2N5EmMhZTZ0IDOihjY1ITY3gTO2ATOhRGOjNzY1UWN&5d9fca7c5f45565f194c0589cda03d83=d1nIwQTZ0YTO1EGZjZTY2QWO0YDZzMmZ2MjYjlTYzI2NhZzNldDO1IWYlJiOiETMlZjY3gjYmJTN5QjN5MGMzUGN3IWMkBTOjFDO4czNiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOiE2N4QGO4MjY2QjZ0UTMllTNkZ2N5QGM3YjYzQWO3QjNis3W&87ce4deba4c91d1a3908423b6b690904=QX9JiI6IyNzQ2M0IDZ4YmZwIGO4MDZhZzNihjMjdjYlRTN0QjZhJCLiADNlRjN5UTYkNmNhZDZ5QjNkNzYmZzMiNWOhNjY3EmN3U2N4UjYhVmI6ISMxUmNidDOiZmM1kDN2kzYwMTZ0cjYxQGM5MWM4gzN3ICLiUDMmVjM3QTNwcTZlVDOjRjMjRTZwcjMmBjNzYWNmNGNmJTY3QGOycjI6ISY3gDZ4gzMiZDNmRTNxUWO1QmZ3kDZwcjNiNDZ5cDN2Iyes0nIRZWaJhlWuZUbihWMFlEdG12YulTbjFlSp9UajNjYrVzVhhlUxElQKNETptGbJZTSpJGcxckWC5EWhl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMlWSp9UajVVUVp0QMlWUYF2QCNkTyEUaUxkQDJGa1IjYw50MjxmWyIWeCZUSzEUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ZHRWMGJjW1xmMjpHbXJmd4cVY1hTbaVHbHNGc5kHT20ESjBjUIFWavpWSsFzRahmVtNWa3lWSzZ1MixmTxwEasJzYCpUaPlWVtJmdwhlW0x2Rkl2dplkMnRVT6FkaJZTSDJGaSNzY2JkbJNXSTJmdOdlWzZ1RWdWRXpVe5IzUnllaONTU6VlQKl2TpNWbjZnSDxUaRR0TzsmaMJTSU10cBpmTyUlaMNTTqlkNJlXW2hXbJNXSpVFTKl2TptmbjBTNXRmdO1WSzl0QiFTOXpFVKl2TpRjMiBHZXpVeKNETpd3VkZnVyUVavpWS1IFWhpmSDxUaBRlT4RzQOpXRqxENBpWT1VleOhXSp9UaBhVYpNnbPlGOtpVdsV0YKp0QMlWSq1EMOhlWwoUaPlWVXJGa1s2Ys5EWWl2dplERCZFT5lERWRlVFZVavpWSsFzVZ9kTFVVa3lWS4RzQOVXUqlkNJl2YspFbjxmWuNGbOxWSzlUallEZF1EN0kWTnFURJZlQxE1ZBRUTwcGVMFzaHlEcwUkVvVVbjZnTFlEcJZ0SzZ1RkVHbrlkNJNlW0ZUbUZlQxEVa3lWSDJ0QNdGMDl0dTl1NSlHN2ATYKdzZwwEb0pGcuJna3QXcENVUIplRJF0ULdzYHp1Np9maJxWMXl1TWZUVIp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczMkNDNyQGOmZGMihDOzQWY2cjY4IzY3IWZ0UDN0YWYiwiIyUDM4ImYhZDNiFDNlFjNygjN1gTO1YmYlJmZiNTMwY2MmRmNzADOhJiOiETMlZjY3gjYmJTN5QjN5MGMzUGN3IWMkBTOjFDO4czNiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOiE2N4QGO4MjY2QjZ0UTMllTNkZ2N5QGM3YjYzQWO3QjNis3W http://cq58782.tmweb.ru/toauthwindows.php?lGZe8AcjODuUQz3iQSiLZmAWQr=1AMKHlt6LWjGq9s&x30cyCB=K3&fa3036a5fecf852c355e0f2473333069=iJWM4cDO5Q2Y1UjMkZmNxUmZwUTZkNDM0UTYkVWYxIDOlZDZ4EDOhNDM1gzNwQzM5ADM5QTM&27db3b6f029f67ff228920ab3ac1e781=gZlVmYmFTOxU2N5EmMhZTZ0IDOihjY1ITY3gTO2ATOhRGOjNzY1UWN&5d9fca7c5f45565f194c0589cda03d83=d1nIxcDOxImMlNGNiJWMwcDZzIzYwMWYzIjNxEzYzcjMlZTOyY2NlRWO1IiOiETMlZjY3gjYmJTN5QjN5MGMzUGN3IWMkBTOjFDO4czNiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOiE2N4QGO4MjY2QjZ0UTMllTNkZ2N5QGM3YjYzQWO3QjNis3W http://cq58782.tmweb.ru/toauthwindows.php?lGZe8AcjODuUQz3iQSiLZmAWQr=1AMKHlt6LWjGq9s&x30cyCB=K3&7097c1305bf626a29b306f28c3eb5a37=73d6e7d5c4f05e2c08f40d4996142654&27db3b6f029f67ff228920ab3ac1e781=QNjhTO4Q2NiJWMjRWO1IjYwIjM5ADNzQWMiVWNxUjNxIzMmJmY3QGO&lGZe8AcjODuUQz3iQSiLZmAWQr=1AMKHlt6LWjGq9s&x30cyCB=K3 https://ipinfo.io/json	4	3	12.6			guest

11600	2021-08-21 04:28	DCRatBuild.exe 8b9163cd83793b088066e54dfd74c62f Gen2 RAT Gen1 Generic Malware Malicious Library Malicious Packer AntiDebug AntiVM PE File OS Processor Check PE32 .NET EXE AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces AppData folder AntiVM_Disk WriteConsoleW IP Check VM Disk Size Check Tofsee Windows ComputerName Remote Code Execution crashed keylogger	4 Keyword trend analysis Info http://cq58782.tmweb.ru/toauthwindows.php?6GnBPT9qoRmr=6FJXxKxTz2isrA9x1DfgQ9q&appdPVgKVqYJ6=8enC&NFTiT=2xNGLa7Yw6HeTDdWXWAmz1vFB2O2dSH&fa3036a5fecf852c355e0f2473333069=iJWM4cDO5Q2Y1UjMkZmNxUmZwUTZkNDM0UTYkVWYxIDOlZDZ4EDOhNDM1gzNwQzM5ADOxcDO&27db3b6f029f67ff228920ab3ac1e781=gZlVmYmFTOxU2N5EmMhZTZ0IDOihjY1ITY3gTO2ATOhRGOjNzY1UWN&5d9fca7c5f45565f194c0589cda03d83=d1nIwQTZ0YTO1EGZjZTY2QWO0YDZzMmZ2MjYjlTYzI2NhZzNldDO1IWYlJiOiETMlZjY3gjYmJTN5QjN5MGMzUGN3IWMkBTOjFDO4czNiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOiE2N4QGO4MjY2QjZ0UTMllTNkZ2N5QGM3YjYzQWO3QjNis3W&87ce4deba4c91d1a3908423b6b690904=QX9JiI6IyNzQ2M0IDZ4YmZwIGO4MDZhZzNihjMjdjYlRTN0QjZhJCLiADNlRjN5UTYkNmNhZDZ5QjNkNzYmZzMiNWOhNjY3EmN3U2N4UjYhVmI6ISMxUmNidDOiZmM1kDN2kzYwMTZ0cjYxQGM5MWM4gzN3ICLiUDMmVjM3QTNwcTZlVDOjRjMjRTZwcjMmBjNzYWNmNGNmJTY3QGOycjI6ISY3gDZ4gzMiZDNmRTNxUWO1QmZ3kDZwcjNiNDZ5cDN2Iyes0nIRZWaJhlWuZUbihWMFlEdG12YulTbjFlSp9UajNjYrVzVhhlUxElQKNETptGbJZTSpJGcxckWC5EWhl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMlWSp9UajVVUVp0QMlWUYF2QCNkTyEUaUxkQDJGa1IjYw50MjxmWyIWeCZUSzEUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ZHRWMGJjW1xmMjpHbXJmd4cVY1hTbaVHbHNGc5kHT20ESjBjUIFWavpWSsFzRahmVtNWa3lWSzZ1MixmTxwEasJzYCpUaPlWVtJmdwhlW0x2Rkl2dplkMnRVT6FkaJZTSDJGaSNzY2JkbJNXSTJmdOdlWzZ1RWdWRXpVe5IzUnllaONTU6VlQKl2TpNWbjZnSDxUaRR0TzsmaMJTSU10cBpmTyUlaMNTTqlkNJlXW2hXbJNXSpVFTKl2TptmbjBTNXRmdO1WSzl0QiFTOXpFVKl2TpRjMiBHZXpVeKNETpd3VkZnVyUVavpWS1IFWhpmSDxUaBRlT4RzQOpXRqxENBpWT1VleOhXSp9UaBhVYpNnbPlGOtpVdsV0YKp0QMlWSq1EMOhlWwoUaPlWVXJGa1s2Ys5EWWl2dplERCZFT5lERWRlVFZVavpWSsFzVZ9kTFVVa3lWS4RzQOVXUqlkNJl2YspFbjxmWuNGbOxWSzlUallEZF1EN0kWTnFURJZlQxE1ZBRUTwcGVMFzaHlEcwUkVvVVbjZnTFlEcJZ0SzZ1RkVHbrlkNJNlW0ZUbUZlQxEVa3lWSDJ0QNdGMDl0dTl1NSlHN2ATYKdzZwwEb0pGcuJna3QXcENVUIplRJF0ULdzYHp1Np9maJxWMXl1TWZUVIp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczMkNDNyQGOmZGMihDOzQWY2cjY4IzY3IWZ0UDN0YWYiwiIyUDM4ImYhZDNiFDNlFjNygjN1gTO1YmYlJmZiNTMwY2MmRmNzADOhJiOiETMlZjY3gjYmJTN5QjN5MGMzUGN3IWMkBTOjFDO4czNiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOiE2N4QGO4MjY2QjZ0UTMllTNkZ2N5QGM3YjYzQWO3QjNis3W http://cq58782.tmweb.ru/toauthwindows.php?6GnBPT9qoRmr=6FJXxKxTz2isrA9x1DfgQ9q&appdPVgKVqYJ6=8enC&NFTiT=2xNGLa7Yw6HeTDdWXWAmz1vFB2O2dSH&fa3036a5fecf852c355e0f2473333069=iJWM4cDO5Q2Y1UjMkZmNxUmZwUTZkNDM0UTYkVWYxIDOlZDZ4EDOhNDM1gzNwQzM5ADOxcDO&27db3b6f029f67ff228920ab3ac1e781=gZlVmYmFTOxU2N5EmMhZTZ0IDOihjY1ITY3gTO2ATOhRGOjNzY1UWN&5d9fca7c5f45565f194c0589cda03d83=d1nIxcDOxImMlNGNiJWMwcDZzIzYwMWYzIjNxEzYzcjMlZTOyY2NlRWO1IiOiETMlZjY3gjYmJTN5QjN5MGMzUGN3IWMkBTOjFDO4czNiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOiE2N4QGO4MjY2QjZ0UTMllTNkZ2N5QGM3YjYzQWO3QjNis3W http://cq58782.tmweb.ru/toauthwindows.php?6GnBPT9qoRmr=6FJXxKxTz2isrA9x1DfgQ9q&appdPVgKVqYJ6=8enC&NFTiT=2xNGLa7Yw6HeTDdWXWAmz1vFB2O2dSH&7097c1305bf626a29b306f28c3eb5a37=73d6e7d5c4f05e2c08f40d4996142654&27db3b6f029f67ff228920ab3ac1e781=QNjhTO4Q2NiJWMjRWO1IjYwIjM5ADNzQWMiVWNxUjNxIzMmJmY3QGO&6GnBPT9qoRmr=6FJXxKxTz2isrA9x1DfgQ9q&appdPVgKVqYJ6=8enC&NFTiT=2xNGLa7Yw6HeTDdWXWAmz1vFB2O2dSH https://ipinfo.io/json	4	3	12.2			guest

11601	2021-08-21 04:29	DCRatBuild.exe 8b9163cd83793b088066e54dfd74c62f Gen2 RAT Gen1 Generic Malware Malicious Library Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File OS AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW IP Check VM Disk Size Check Tofsee Windows ComputerName Remote Code Execution crashed keylogger	3 Keyword trend analysis Info http://cq58782.tmweb.ru/toauthwindows.php?JL2L5tBWjPnGs3XTcD6uKG68l9j9Dk8=jd7jBYa4EX9b4TcqyURj&kzCP4k5KBT9RBgP5yRDnCqwGf=Sh2&fa3036a5fecf852c355e0f2473333069=iJWM4cDO5Q2Y1UjMkZmNxUmZwUTZkNDM0UTYkVWYxIDOlZDZ4EDOhNDM1gzNwQzM5YzN0kTM&27db3b6f029f67ff228920ab3ac1e781=gZlVmYmFTOxU2N5EmMhZTZ0IDOihjY1ITY3gTO2ATOhRGOjNzY1UWN&5d9fca7c5f45565f194c0589cda03d83=d1nIxcDOxImMlNGNiJWMwcDZzIzYwMWYzIjNxEzYzcjMlZTOyY2NlRWO1IiOiETMlZjY3gjYmJTN5QjN5MGMzUGN3IWMkBTOjFDO4czNiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOiE2N4QGO4MjY2QjZ0UTMllTNkZ2N5QGM3YjYzQWO3QjNis3W http://cq58782.tmweb.ru/toauthwindows.php?JL2L5tBWjPnGs3XTcD6uKG68l9j9Dk8=jd7jBYa4EX9b4TcqyURj&kzCP4k5KBT9RBgP5yRDnCqwGf=Sh2&7097c1305bf626a29b306f28c3eb5a37=73d6e7d5c4f05e2c08f40d4996142654&27db3b6f029f67ff228920ab3ac1e781=QNjhTO4Q2NiJWMjRWO1IjYwIjM5ADNzQWMiVWNxUjNxIzMmJmY3QGO&JL2L5tBWjPnGs3XTcD6uKG68l9j9Dk8=jd7jBYa4EX9b4TcqyURj&kzCP4k5KBT9RBgP5yRDnCqwGf=Sh2 https://ipinfo.io/json	4	3	11.4			guest

11602	2021-08-21 04:32	BloxCrusher.exe 6cb860d4ba58d8c248ca0a749bca63f4 RAT Generic Malware Malicious Packer Antivirus PE File PE64 VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	4	1	9.4		46	guest

11603	2021-08-21 04:48	executor.exe f9599f29d02ff110f5145a0140927c58 RAT BitCoin Generic Malware Malicious Packer AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	2	11.0			guest

11604	2021-08-21 04:54	FAKE BTC SENDER zip.exe 3a7da416e0ed02e02fa874f3ae09e9a2 RAT PWS .NET framework Formbook North Korea Generic Malware WinRAR Malicious Library Malicious Packer PE File OS Processor Check PE32 .NET DLL DLL .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Collect installed applications Check virtual network interfaces AppData folder installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	2	10.2		29	guest

11605	2021-08-21 07:09	secur.exe 697eb5426e9006fac2ae1354277991f1 RAT Generic Malware Malicious Packer PE File OS Processor Check .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege MachineGuid Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces AntiVM_Disk IP Check VM Disk Size Check Tofsee Windows ComputerName keylogger	3 Keyword trend analysis Info http://cq58782.tmweb.ru/toauthwindows.php?9xQxSh=p14AevUM68i60cEMbB&7097c1305bf626a29b306f28c3eb5a37=73d6e7d5c4f05e2c08f40d4996142654&27db3b6f029f67ff228920ab3ac1e781=QNjhTO4Q2NiJWMjRWO1IjYwIjM5ADNzQWMiVWNxUjNxIzMmJmY3QGO&9xQxSh=p14AevUM68i60cEMbB http://cq58782.tmweb.ru/toauthwindows.php?9xQxSh=p14AevUM68i60cEMbB&fa3036a5fecf852c355e0f2473333069=iJWM4cDO5Q2Y1UjMkZmNxUmZwUTZkNDM0UTYkVWYxIDOlZDZ4EDOhNDM1gzNwQzM5gTOwMjM&27db3b6f029f67ff228920ab3ac1e781=gZlVmYmFTOxU2N5EmMhZTZ0IDOihjY1ITY3gTO2ATOhRGOjNzY1UWN&5d9fca7c5f45565f194c0589cda03d83=d1nIxcDOxImMlNGNiJWMwcDZzIzYwMWYzIjNxEzYzcjMlZTOyY2NlRWO1IiOiETMlZjY3gjYmJTN5QjN5MGMzUGN3IWMkBTOjFDO4czNiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOiE2N4QGO4MjY2QjZ0UTMllTNkZ2N5QGM3YjYzQWO3QjNis3W https://ipinfo.io/json	4	3	7.4		33	guest

11606	2021-08-21 08:47	International Crimean Platform... a35fcbf7ef40676341460277bdba9926 VirusTotal Malware MachineGuid Check memory RWX flags setting unpack itself AntiVM_Disk VM Disk Size Check Tofsee GameoverP2P Zeus ComputerName Trojan Banking		2	2	4.8		3	ZeroCERT

11607	2021-08-21 08:52	QuickAssist.exe 8b7048c86ae28962e664fd49c4d13d12 RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key				1.8		28	ZeroCERT

11608	2021-08-21 08:53	htown.exe 6452a476398bc73e815078a0342425f6 Ave Maria WARZONE RAT NPKI Malicious Library Malicious Packer PE File OS Processor Check PE32 Browser Info Stealer VirusTotal Email Client Info Stealer Malware MachineGuid Code Injection Check memory buffers extracted WMI unpack itself suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Browser Email ComputerName Remote Code Execution crashed		2		8.2		59	ZeroCERT

11609	2021-08-21 08:55	c.exe c8557268007f20f9ed1f206b85d30a99 RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows DNS Cryptographic key		1		3.6	M	26	ZeroCERT

11610	2021-08-21 08:56	moses.exe 898d523f4a9d9fffd9333d49654803c6 Formbook PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic unpack itself	14 Keyword trend analysis Info http://www.dentistvote.com/niot/ http://www.horybirds.com/niot/ http://www.christinebielinskioakum.com/niot/?EZg8YT=8Erx/Pc/dKXGJqCR/fVQob1lVthziOUfxIExhnTMwUgrVWq61s9nXxjCfX2ArPjqXkG5ber4&4h=vTxdD0QhNNIlnHj http://www.millions2u.xyz/niot/?EZg8YT=x7onmmk4moo0dwm6GepTw/hRhNOXOumvyDpHkzExf0PILRMqQUKCKClVa3EGDCAAUCNKNN0n&4h=vTxdD0QhNNIlnHj http://www.horybirds.com/niot/?EZg8YT=sTRGF0m3vZVYVXvBBVpSy9+7INWZheyV7moYb57IjyrAQ1KUYadWyz+JQ1Wx6KhA89RD1iWU&4h=vTxdD0QhNNIlnHj http://www.christinebielinskioakum.com/niot/ http://www.sltplanner.com/niot/ http://www.daisypaperstudio.com/niot/ http://www.millions2u.xyz/niot/ http://www.jeffersoncourt.com/niot/ http://www.sltplanner.com/niot/?EZg8YT=CHIl7F+iwDwdHHLGCbSqvc+7/RPRIBmq22/1KlQ9oiCPkiAiZA825lpLu6M+8TxNDeP1nwQz&4h=vTxdD0QhNNIlnHj http://www.dentistvote.com/niot/?EZg8YT=jrhXwekt1uZgIMy5XFDz6YTE2tJwEqJHFObLWmZYXeCuZRGp8gpZdEmoZ/g7M9lEypdrMo/5&4h=vTxdD0QhNNIlnHj http://www.jeffersoncourt.com/niot/?EZg8YT=73amjutN5l/NU+I9VJ25xldrWjEhXan7NNHwjtn+OP5kyd9JaWuS+5nd7lXxlljk+gxxoO74&4h=vTxdD0QhNNIlnHj http://www.daisypaperstudio.com/niot/?EZg8YT=uwtrKq8YBK9lfTMqPS8FSpH3yfrnRKt6ZEHafWQjC7n5Lpfd3+s4xwwVYpz/7rJ13SVK1MzX&4h=vTxdD0QhNNIlnHj	17 Info www.jeffersoncourt.com(13.248.216.40) www.dentistvote.com(104.21.90.76) www.pimvuk.com() www.horybirds.com(156.245.96.155) www.brandygbco.space(91.215.152.214) - mailcious www.sltplanner.com(95.142.10.213) www.daisypaperstudio.com(184.168.131.241) www.millions2u.xyz(99.83.154.118) www.christinebielinskioakum.com(34.102.136.180) 91.215.152.214 - mailcious 172.67.153.205 184.168.131.241 - mailcious 156.245.96.155 34.102.136.180 - mailcious 99.83.154.118 - mailcious 95.142.10.213 13.248.216.40 - mailcious	2	4.6	M	50	ZeroCERT