Threat Feed
https://161-35-72-148.cprapid.com/dpd/update.php?hkkg83ax6k9695fswr0p
2026-04-26T11:01:54.988
malicious
URL
Close
https://161-35-72-148.cprapid.com/dpd/update.php?hkkg83ax6k9695fswr0p
malicious
SHA256:
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
2/5
Page is served from a service commonly used for temporary hosting
1/5
Logon form detected via Computer Vision
1/5
Resource is loaded from a service commonly used for temporary hosting
1/5
Page uses exact favicon of a popular online service
1/5
Page secured via a Domain Validated SSL certificate
Phishing
3NrLHZbW0rbb0Riq.exe
2026-04-26T11:01:46.320
malicious
Windows Exe (x86-32)
Close
3NrLHZbW0rbb0Riq.exe
malicious
SHA256:
c1307b6552f49149edaeba50fc282fee96bce85985847fc8280c3f92206968e3
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Modifies Windows Defender configuration
2/5
Schedules task
2/5
Creates an unusually large number of processes
1/5
Modifies application directory
1/5
Creates process with hidden window
1/5
Content matched by YARA rules
1/5
Query OS Information
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Modifies operating system directory
1/5
Enables process privileges
1/5
Creates mutex
1/5
Enumerates running processes
1/5
Executes dropped PE file
Backdoor
P3qDXM42HG9mQ4NR.dll
2026-04-26T11:00:20.029
malicious
Windows DLL (x86-32)
Close
P3qDXM42HG9mQ4NR.dll
malicious
SHA256:
40ea54492f021711bce1474b8e890db03525689623d29e770caef07454c56428
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Masks file extension
4/5
Loads a dropped DLL into a system binary
2/5
Delays execution
1/5
Modifies operating system directory
1/5
Creates process with hidden window
1/5
Resolves API functions dynamically
Qy56ocEWY8NOfeqX.exe
2026-04-26T10:59:53.673
malicious
Windows Exe (x86-32)
Close
Qy56ocEWY8NOfeqX.exe
malicious
SHA256:
9c7d70f38cebebaaa26e8b061057e3d338d9c826cd366c69beff3226fb1dc9d8
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Deletes user files
4/5
Loads a dropped DLL into a system binary
4/5
Rename system utilities
3/5
Office macro uses a file I/O function
3/5
Performs DNS request for known DDNS domain
2/5
Searches for sensitive remote access configuration data
2/5
Creates an unusually large number of processes
2/5
Office macro uses a suspicious function
2/5
Delays execution
2/5
Executes dropped PE masquerading Filename
2/5
Deletes file after execution
2/5
Sets up server that accepts incoming connections
2/5
Office macro uses a network function
2/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive password manager data
2/5
Office macro uses an execute function
1/5
Timestamp manipulation
1/5
Drops PE masquerading Filename
1/5
Enumerates running processes
1/5
Installs system service
1/5
Creates mutex
1/5
Installs system startup script or application
1/5
Tries to detect debugger
1/5
Creates process with hidden window
1/5
Enables process privileges
1/5
Reads mouse position
1/5
Checks Internet connection
1/5
Monitors mouse movements and clicks
1/5
Modifies operating system directory
1/5
Performs DNS request
1/5
Downloads file
1/5
Resolves API functions dynamically
1/5
Contains suspicious Office macro
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Executes dropped PE file
Backdoor
Wiper
file.exe
2026-04-26T09:30:53.247
malicious
Windows Exe (x86-64)
Close
file.exe
malicious
SHA256:
d401cfe9de20d46c8cc86aafa2448aa38c94c1911aa7f27d7ca2d84a88f09685
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Malicious content matched by YARA rules
5/5
Tries to read cached credentials of various applications
5/5
Combination of other detections shows configuration discovery
3/5
Tries to detect the presence of antivirus software
3/5
Modifies native system functions
3/5
Takes screenshot
2/5
Collects hardware properties
2/5
Searches for sensitive application data
2/5
Searches for sensitive browser data
2/5
Searches for sensitive mail data
2/5
Reads sensitive mail data
2/5
Reads sensitive browser data
2/5
Reads network adapter information
2/5
Queries OS info via WMI
2/5
Sets up server that accepts incoming connections
2/5
Suspicious content matched by YARA rules
1/5
Connects to remote host
1/5
Downloads file
1/5
Query OS Information
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Creates mutex
1/5
Enables process privileges
1/5
Resolves API functions dynamically
1/5
Possibly does reconnaissance
1/5
Uses encryption API
1/5
Enumerates running processes
1/5
Accesses volumes directly
Spyware
Backdoor