SHA256									Detection name
=======================================================================================================
554d9ddd6fd1ccb15d7686c8badb8653323c71884c7f20efb19b56324ff34fc1 	Trojan.Win32.SMOKELOADER.D
2e33c2010f95cbda8bf0817f1b5c69b51c860c536064182b67261f695f54e1d5 	Trojan.Win32.DOWNLOADER.BZ
84ab6c3e1f2dc98cf4d5b8b739237570416bb82e2edaf078e9868663553c5412 	Trojan.Win32.DOWNLOADER.BZ
54678013c8741db3340960e54ba93001c27619ead5cf5cc2eafd4c0fcf797ae6 	TROJ_FRS.VSNTAV25
62eb856a5f646c2883a3982f15c3eb877641f9e69783383ce8a73c688eccd543 	Trojan.WSF.SMOKELOADER.AA
cd123c288f623878218be31125000441bb8c5447375af67bc3c1d27d16eb5f8c 	Trojan.JS.SMOKELOADER.B
8ee225bdd38cf6fd014a16beb9e33a0650147a9b7ea2104afe2f47c01bd1db0b 	Trojan.Win32.FRS.VSNW1BJ24
a059d671d950abee93ef78a170d58a3839c2a465914ab3bd5411e39c89ae55a2 	TrojanSpy.Win32.STEALC.SMFRA
b3df042c5286fa91a4555e105038364bc66bfe7fdfe3769eb26b96e0ffe6096b 	Trojan.Win32.FRS.VSNW1BJ24
915b73a57aaf759fbd5352d79656e1b697545e6c9d953ab05aacf61ed4f6e397 	TrojanSpy.Win32.STEALC.SMFRA
d6d722ae73ddff1ad7c468feca882b159a2a6e267df8b219482b514cdab74c21 	TROJ_FRS.0NA103JP24
fdfbdd42944c9e3b9697a8d8375e4e5cfd45c86941aa3f8f6dd0d08607b73144 	TrojanSpy.Win32.STEALC.SMFRA
5c7d582ba61ac95fb0d330ecc05feeb4853ac1de1f5a6fd12df6491dd0b7ea34 	Trojan.WSF.SMOKELOADER.AA
888f68917f9250a0936fd66ea46b6c510d0f6a0ca351ee62774dd14268fe5420 	Trojan.Win32.DOWNLOADER.BZ

URLs
=======================================================================================================
•	file[://]185[.]156[.]72[.]78/MyFolder/invoce[.]zip
•	hxxp[://]alfacentarusmulticopter[.]ru/index[.]php
•	hxxp[://]johnfabiconinteraption[.]ru/index[.]php
•	hxxp[://]storeagroculturnaya[.]ru/index[.]php
•	hxxp[://]alfacentarusmulticopter[.]ru/index[.]php
•	hxxp[://]storeagroculturnaya[.]ru/index[.]php
•	hxxp[://]johnfabiconinteraption[.]ru/index[.]php
•	hxxp[://]alfacentarusmulticopter[.]ru/index[.]php
•	hxxp[://]unicalads[.]ru/index[.]php hxxp[://]lazaretmed[.]pw/index[.]php
•	hxxp[://]technoads[.]pw/index[.]php hxxp[://]oncomnigos[.]online/index[.]php
•	hxxp[://]185[.]156[.]72[.]78/MyFolder/pay[.]zip
•	hxxp[://]southlander[.]ru/dklfhgjdfhgjd78khdgfjgh/akt[.]bat
•	hxxp[://]goodmastersportunicum[.]ru/load/svc[.]exe hxxp[://]ukr
•	netfilediscdownloadapplication[.]ru/file/download/6852365456384563846538458
•	5863874653786587365934/AKT_PAX_26_09_2024p[.]rarhxxps[://]ukr
•	netfilediscdownloadapplication[.]ru/file/download/6852365456384563846538458
•	5863874653786587365934/AKT_PAX_26_09_2024p[.]rar

Domains
=======================================================================================================
•	alfacentarusmulticopter[.]ru
•	johnfabiconinteraption[.]ru
•	storeagroculturnaya[.]ru
•	alfacentarusmulticopter[.]ru
•	storeagroculturnaya[.]ru
•	johnfabiconinteraption[.]ru
•	alfacentarusmulticopter[.]ru
•	unicalads[.]ru
•	lazaretmed[.]pw
•	technoads[.]pw
•	oncomnigos[.]online
•	southlander[.]ru
•	goodmastersportunicum[.]ru
•	ukr-netfilediscdownloadapplication[.]ru

IPv4
=======================================================================================================
•	185[.]156[.]72[.]78