Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
3391
2024-06-07 23:46
oa-importcert.cmd
4d3f949bda6999f920d5338e785f75f2
Generic Malware
Downloader
task schedule
Antivirus
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
SMTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
Hijack Network
AntiDebug
AntiVM
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
malicious URLs
WriteConsoleW
Windows
ComputerName
Cryptographic key
5.0
guest
3392
2024-06-07 23:39
OpenAudit-nmap-NetzScan.cmd
62678f71bb1fb7f0803191f69ed73acc
task schedule
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
AntiDebug
AntiVM
WriteConsoleW
0.6
guest
3393
2024-06-07 23:38
makecert2.cmd
dc399dc9986b37e8e48fc2a61f9cfcac
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
Hijack Network
AntiDebug
AntiVM
Windows utilities
WriteConsoleW
Windows
1.0
guest
3394
2024-06-07 23:33
oa-importcert.cmd
4d3f949bda6999f920d5338e785f75f2
Generic Malware
Downloader
task schedule
Antivirus
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
Hijack Network
SMTP
persistence
AntiDebug
AntiVM
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
malicious URLs
WriteConsoleW
Windows
ComputerName
Cryptographic key
5.0
guest
3395
2024-06-07 23:30
apache_uninstallservice-win10....
9c1c5aa0b87f0183713f5904656a1ef8
task schedule
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
AntiDebug
AntiVM
Windows utilities
WriteConsoleW
Windows
1.0
guest
3396
2024-06-07 23:29
makecert2.cmd
dc399dc9986b37e8e48fc2a61f9cfcac
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
Hijack Network
AntiDebug
AntiVM
Windows utilities
WriteConsoleW
Windows
1.0
guest
3397
2024-06-07 23:22
apache_uninstallservice-win10....
9c1c5aa0b87f0183713f5904656a1ef8
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
AntiDebug
AntiVM
Windows utilities
WriteConsoleW
Windows
1.0
guest
3398
2024-06-07 23:22
apache_installservice-win10.cm...
5c308e4bc6c970a6b3fa3db951b6ac1e
task schedule
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
Hijack Network
AntiDebug
AntiVM
Windows utilities
WriteConsoleW
Windows
1.0
guest
3399
2024-06-07 23:22
apache_installservice-win10.cm...
5c308e4bc6c970a6b3fa3db951b6ac1e
Downloader
task schedule
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
Hijack Network
AntiDebug
AntiVM
Windows utilities
WriteConsoleW
Windows
1.0
guest
3400
2024-06-07 17:59
wpd.jpg.exe
1bfe19a314dd31d6adda302f177c3b7c
Gen1
Generic Malware
task schedule
Downloader
UPX
Malicious Library
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiD
Malware
SMB
Traffic Potential Scan
suspicious privilege
Malicious Traffic
Check memory
buffers extracted
WMI
Creates executable files
RWX flags setting
unpack itself
Windows utilities
suspicious process
AppData folder
malicious URLs
WriteConsoleW
Ransomware
Windows
ComputerName
Remote Code Execution
DNS
crashed
6
Keyword trend analysis
×
Info
×
http://104.37.187.182/xpxmr.txt
http://104.37.187.182/wpdmd5.txt
http://104.37.187.182/ok/wpd.html
http://104.37.187.182/wpdtest.txt
http://104.37.187.182/shellver.txt
http://104.37.187.182/ver.txt
2
Info
×
139.5.177.32
104.37.187.182
2
Info
×
ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection
ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection
11.6
guest
3401
2024-06-07 17:58
wpd.jpg.exe
1bfe19a314dd31d6adda302f177c3b7c
Gen1
Generic Malware
Downloader
task schedule
UPX
Malicious Library
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
Hijack Network
persistence
AntiD
Malware
SMB
Traffic Potential Scan
suspicious privilege
Malicious Traffic
Check memory
buffers extracted
WMI
Creates executable files
unpack itself
Windows utilities
suspicious process
AppData folder
malicious URLs
WriteConsoleW
Windows
ComputerName
Remote Code Execution
DNS
crashed
6
Keyword trend analysis
×
Info
×
http://104.37.187.182/xpxmr.txt
http://104.37.187.182/wpdmd5.txt
http://104.37.187.182/ok/wpd.html
http://104.37.187.182/wpdtest.txt
http://104.37.187.182/shellver.txt
http://104.37.187.182/ver.txt
2
Info
×
139.5.177.32
104.37.187.182
2
Info
×
ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection
ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection
10.6
guest
3402
2024-06-07 17:58
wpd.jpg.exe
1bfe19a314dd31d6adda302f177c3b7c
Gen1
Generic Malware
Downloader
task schedule
UPX
Malicious Library
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
Hijack Network
persistence
AntiD
Malware
SMB
Traffic Potential Scan
suspicious privilege
Malicious Traffic
Check memory
buffers extracted
WMI
Creates executable files
RWX flags setting
unpack itself
Windows utilities
suspicious process
AppData folder
malicious URLs
WriteConsoleW
Windows
ComputerName
Remote Code Execution
DNS
crashed
6
Keyword trend analysis
×
Info
×
http://104.37.187.182/xpxmr.txt
http://104.37.187.182/wpdmd5.txt
http://104.37.187.182/ok/wpd.html
http://104.37.187.182/wpdtest.txt
http://104.37.187.182/shellver.txt
http://104.37.187.182/ver.txt
2
Info
×
139.5.177.32
104.37.187.182
2
Info
×
ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection
ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection
11.0
46
guest
3403
2024-06-07 17:53
csrs.exe
ed43f6043f51fba6b2a8a4062256154d
Gen1
Generic Malware
Downloader
Malicious Library
UPX
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
PE File
PE32
OS P
Creates executable files
unpack itself
AppData folder
malicious URLs
WriteConsoleW
3.4
guest
3404
2024-06-07 17:52
csrs.exe
ed43f6043f51fba6b2a8a4062256154d
Gen1
Generic Malware
Downloader
Malicious Library
UPX
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
persistence
AntiDebug
AntiVM
PE File
PE32
OS P
Creates executable files
unpack itself
AppData folder
malicious URLs
WriteConsoleW
3.4
51
guest
3405
2024-06-07 17:52
csrs.exe
ed43f6043f51fba6b2a8a4062256154d
Gen1
Generic Malware
Downloader
Malicious Library
UPX
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
persistence
AntiDebug
AntiVM
PE File
PE32
OS P
Creates executable files
unpack itself
AppData folder
malicious URLs
WriteConsoleW
3.4
guest
First
Previous
221
222
223
224
225
226
227
228
229
230
Next
Last
Total : 48,320cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword