SHA-256 File SHA 256 Detection mfeann.exe 07bbd8a80b5377723b13dbb40a01ca44cbc203369f5e5652a25b448e27ca108c LockDown.DLL 70b23166a098af857c88d855577cc211f5037d29806de5b5b90b3bb49e5fc8dc Backdoor.Win64.COBEACON.OSLJBR c0000012.log c6c68110edf6a92f2e382e245e00c2a39d5a775625c3f0220888361fb69a6eb8 Backdoor.Win64.COBEACON.OSLJBR.enc Node.exe 415aa95ff565bae998496cb532817626ea537b1c85f2492eef858feaf30e0c84 Trojan.Win32.SHELLOAD.BG update.exe 0112e3b20872760dda5f658f6b546c85f126e803e27f0577b294f335ffa5a298 VMwareXferlog.exe 935e10f5169397a67f4c36bffbc3ba46c3957b7521edd3fa83bd975157b79bd8 glib-2.0.DLL b0fb6c7eecbf711b2c503d7f8f3cf949404e2dd256b621c8cf1f3a2bdfb54301 Trojan.Win64.SHELLOAD.F UnLockApps.exe 6697bca184802626b00a4d33e6468d823d5119329083511ef2a0154f0a7458c3 Backdoor.Win64.COBEACON.YXCFVZ LockDown.DLL(Dropped via UnLockApps.exe) 301bd06fd596301aef97bf24cbedd09e4f4ac46780297cb82e255680cd853212 TROJ_GEN.R002H01FM22 --------------------------------------------- URL and IP Address 45[.]32.108.54:80 hxxp://45[.]32[.]108[.]54:443/LockDown[.]DLL hxxp://45.32.108.54:443/c0000012.log hxxp://45.61.139.38/VMwareXferlogs.exe hxxp://45.61.139.38/glib-2.0.DLL