SHA-256 Hash Detection name File name 4bcef200fb69f976240e7bc43ab3783dc195eac8b350e610ed2942a78c2ba568 Trojan.X97M.QAKBOT.YXBKIZ keep-39492709.xls 4cf403ac9297eeda584e8f3789bebbdc615a021de9f69c32113a7d0817ff3ddb good.good 784047cef1ef8150e31a64f23fbb4db0b286117103e076382ff20832db039c0a TrojanSpy.Win32.QAKBOT.YMBJS grand-153928705.xls 8163c4746d970efe150d30919298de7be67365c935a35bc2107569fba7a33407 Trojan.XF.DLOADR.AL miss-2003805568.xls 89281a47a404bfae5b61348fb57757dfe6890239ea0a41de46f18422383db092 Trojan.Win32.SQUIRRELWAFFLE.B Test2.test b80bf513afcf562570431d9fb5e33189a9b654ab5cef1a9bf71e0cc0f0580655 Trojan.Win32.SQUIRRELWAFFLE.B Test1.test cd770e4c6ba54ec00cf038aa50b838758b8c4162ca53d1ee1198789e3cbc310a Trojan.Win32.SQUIRRELWAFFLE.B test.test --------------------------------------------- Domain aayomsolutions.co.in/etiste/quasnam[]-4966787 aparnashealthfoundation.aayom.com/quasisuscipit/totamet-4966787 --------------------------------------------- URL hxxps://headlinepost.net/3AkrPbRj/x.html hxxps://dongarza.com/gJW5ma382Z/x.html hxxps://taketuitions.com/dTEOdMByori/j.html hxxps://constructorachg.cl/eFSLb6eV/j.html,; hxxps://oel.tg/MSOFjh0EXRR8/j.html hxxps://imprimija.com.br/BIt2Zlm3/y5.html hxxp://stunningmax.com/JR3xNs7W7Wm1/y1.html hxxps: //decinfo.com.br/s4hfZyv7NFEM/y9.html hxxps: //omoaye.com.br/Z0U7Ivtd04b/r.html hxxps://mcdreamconcept.ng/9jFVONntA9x/r.html hxxps://agoryum.com/lPLd50ViH4X9/r.html hxxps://arancal.com/HgLCgCS3m/be.html hxxps://iperdesk.com/JWqj8R2nt/be.html hxxps://grandthum.co.in/9Z6DH5h5g/be.html --------------------------------------------- IP Address hxxp://24.229.150.54:995/t4 108.179.193.34 69.192.185.238 108.179.192.18 23.111.163.242 --------------------------------------------- Host Indicator C:\Datop\ C:\Datop\test.test C:\Datop\test1.test C:\Datop\test2.test C:\Datop\good.good C:\Datop\good1.good C:\Datop\good2.good %windir%\system32\Tasks\aocrimn Scheduled task: aocrimn /tr regsvr32.exe -s "%WorkingDir%\test.test.dll" /SC ONCE /Z /ST 06:25 /ET