Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Sept. 14, 2023, 7:13 p.m. | Sept. 14, 2023, 7:16 p.m. |
-
-
-
zglacgebdr.exe "C:\Users\test22\AppData\Local\Temp\zglacgebdr.exe"
2192
-
-
-
-
firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
2728
-
IP Address | Status | Action |
---|---|---|
103.147.154.191 | Active | Moloch |
154.195.192.150 | Active | Moloch |
164.124.101.2 | Active | Moloch |
202.124.241.178 | Active | Moloch |
203.161.62.123 | Active | Moloch |
204.11.56.48 | Active | Moloch |
204.93.224.69 | Active | Moloch |
216.40.34.41 | Active | Moloch |
43.129.73.215 | Active | Moloch |
45.33.6.223 | Active | Moloch |
74.208.236.47 | Active | Moloch |
8.217.92.5 | Active | Moloch |
Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
request | POST http://www.sportsstump.com/nni2/ |
request | GET http://www.sportsstump.com/nni2/?wVaFz=l2UoVUXo95P1GT/RE8xPTifpnRTZjyM1/g+kOsSpuHT2u5208My7uqCCHUYfdsUOJgRZsnP2d1M1kh4S5YE8X1HKDXPv2YawtJW+M8k=&rFpf=v5EZSg1b |
request | GET http://www.sqlite.org/2020/sqlite-dll-win32-x86-3320000.zip |
request | GET http://www.sqlite.org/2016/sqlite-dll-win32-x86-3110000.zip |
request | GET http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip |
request | GET http://www.sqlite.org/2016/sqlite-dll-win32-x86-3100000.zip |
request | POST http://www.qbiclesapp.com/nni2/ |
request | GET http://www.qbiclesapp.com/nni2/?wVaFz=89LDaTsiZkWzd6gBV/21YNss+loVkFgZyXtDk/To0g48YA4bmacR/nAcvw/iGyK9pGJZNFi3c6NMdTKl/KVE0RS2UouuZLpiOCgaIhw=&rFpf=v5EZSg1b |
request | POST http://www.zacoin.xyz/nni2/ |
request | GET http://www.zacoin.xyz/nni2/?wVaFz=sEFiLqOedu/Wr2Ot5yMkULrI82x+CMUFE+lSd++47bIhnRj+aidEbvZf0eRfm3yE4+S9M7OB3uE7pHgmNV2F4X8ZbIt6yxM4AAqD9XQ=&rFpf=v5EZSg1b |
request | POST http://www.weddingkikywahyu.cloud/nni2/ |
request | GET http://www.weddingkikywahyu.cloud/nni2/?wVaFz=9NQOr4MgaB3QZsh67axLq221v81JL3P8NGpuGwYrar4dBnQ5QwJrSGL/Mo/1JjKIu/3sZn42wzGuDzn79426Sxt+w4mPhUJbed/wsfk=&rFpf=v5EZSg1b |
request | POST http://www.ourservicesx.com/nni2/ |
request | GET http://www.ourservicesx.com/nni2/?wVaFz=Vmxsufmpf7lWWHKJQxTcHNQ9FvHyTKCO2xLDeRSHdLkcaQSVI8GmcShxskGRFwjBPY+wXGC2XVe+XqNqvykXbiRBWrk84BVZWlKRCkc=&rFpf=v5EZSg1b |
request | GET http://www.perros.click/nni2/?wVaFz=CgGaY7AKLHjcZH/QkZFeNrmZ2j1K6An8c91X6ul2a3GMUcgHLmQMb4EPAJw1rkiyfFhz/DclXPrQiX2q8+M1ovriq2Knf9L4oCSoy7A=&rFpf=v5EZSg1b |
request | POST http://www.uoymtum.top/nni2/ |
request | GET http://www.uoymtum.top/nni2/?wVaFz=6hwNmoFD3gu2karW4UjxJLXra3L5nvtyfkuGMYXP45p47zdK12BMBVJx6mGUcuj8/so2luMFngoRGONVzhxB2cGubbnSElaRbnuC+fk=&rFpf=v5EZSg1b |
request | POST http://www.a2slhfz002.cfd/nni2/ |
request | GET http://www.a2slhfz002.cfd/nni2/?wVaFz=PSvA3LudvCkxGNFtf3im+GyDEtekXWx/rZxXbXG+gtP+N/ZqV1fm1RPMxr3lo74SJu+WpKrZHbvbK5KUKLhiLDXSos/z69KiZj9df6U=&rFpf=v5EZSg1b |
request | POST http://www.secondwindwhisky.com/nni2/ |
request | GET http://www.secondwindwhisky.com/nni2/?wVaFz=iKfRW1ciXt50TglUdGfeOsRj4BDIH2Q5WnzwQWJpewrGhKsSH8s9ZX9/ReZgFTHgc1oUzYXB4Woca1suDXsEYfgrcX9xxz1qvJ3wN9A=&rFpf=v5EZSg1b |
request | POST http://www.ssongg10317.cfd/nni2/ |
request | GET http://www.ssongg10317.cfd/nni2/?wVaFz=ZhBTXwYBEkQY8Pa3tyDPGuCcpBILLjftdAAA3Aemihk9RwTdGCtr0bJSRWWnaiHnvNXnRueg102nb1PHjszQEedxfXplu99+XBKTN5c=&rFpf=v5EZSg1b |
request | POST http://www.scweiwei.fun/nni2/ |
request | GET http://www.scweiwei.fun/nni2/?wVaFz=llEYww2d3nZRJACIEPqGszpestC9fn29o7B3rbQDSq7MpQ7pmzNhgfKHy9IMAn0ze6ynChqTu+whvvhz2OQiiYNX/EdtT8Vy8qfPt/U=&rFpf=v5EZSg1b |
request | POST http://www.sportsstump.com/nni2/ |
request | POST http://www.qbiclesapp.com/nni2/ |
request | POST http://www.zacoin.xyz/nni2/ |
request | POST http://www.weddingkikywahyu.cloud/nni2/ |
request | POST http://www.ourservicesx.com/nni2/ |
request | POST http://www.uoymtum.top/nni2/ |
request | POST http://www.a2slhfz002.cfd/nni2/ |
request | POST http://www.secondwindwhisky.com/nni2/ |
request | POST http://www.ssongg10317.cfd/nni2/ |
request | POST http://www.scweiwei.fun/nni2/ |
domain | www.uoymtum.top | description | Generic top level domain TLD |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ |
file | C:\Users\test22\AppData\Local\Temp\zglacgebdr.exe |
file | C:\Users\test22\AppData\Local\Temp\zglacgebdr.exe |
file | C:\Users\test22\AppData\Local\Temp\zglacgebdr.exe |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Generic.4!c |
DrWeb | Trojan.Inject4.61039 |
MicroWorld-eScan | Gen:Variant.Jaik.176195 |
FireEye | Generic.mg.03e76b7a2245db6a |
McAfee | Artemis!03E76B7A2245 |
Cylance | unsafe |
Sangfor | Suspicious.Win32.Save.ins |
Cybereason | malicious.26cb8c |
Arcabit | Trojan.Jaik.D2B043 |
BitDefenderTheta | Gen:NN.ZexaF.36662.kuW@aWB!Cmci |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 100) |
APEX | Malicious |
Kaspersky | UDS:Trojan.Win32.Strab.gen |
BitDefender | Gen:Variant.Jaik.176195 |
Avast | Win32:TrojanX-gen [Trj] |
Emsisoft | Gen:Variant.Jaik.176195 (B) |
McAfee-GW-Edition | BehavesLike.Win32.RealProtect.fc |
Trapmine | malicious.moderate.ml.score |
Sophos | Mal/Generic-S |
Ikarus | Trojan.Win32.Injector |
Gridinsoft | Ransom.Win32.Sabsik.sa |
Microsoft | Trojan:Win32/FormBook.AFB!MTB |
ZoneAlarm | UDS:DangerousObject.Multi.Generic |
GData | Gen:Variant.Jaik.176195 |
Detected | |
AhnLab-V3 | Trojan/Win.Generic.R585815 |
MAX | malware (ai score=84) |
Malwarebytes | Generic.Malware/Suspicious |
Panda | Trj/GdSda.A |
Rising | Trojan.Generic@AI.92 (RDML:79WrWMkV0f23MW4W/y94Yg) |
SentinelOne | Static AI - Suspicious PE |
Fortinet | NSIS/Injector.ETGJ!tr |
AVG | Win32:TrojanX-gen [Trj] |
DeepInstinct | MALICIOUS |
CrowdStrike | win/malicious_confidence_100% (W) |