Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
3571
2025-01-22 17:29
21_Chapter_13.xhtml
583b6bb73e0eff88a237d464e8ebbd30
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.4
guest
3572
2025-01-22 17:29
20_Chapter_12.xhtml
268c626c272ef0b211de5831e025a467
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
DNS
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.2
guest
3573
2025-01-22 17:28
8-5S.ps1
692b4ac8c82c82a93c43f19f503a0677
Generic Malware
Antivirus
unpack itself
WriteConsoleW
Windows
DNS
Cryptographic key
1
Info
×
185.49.126.140
1.4
M
ZeroCERT
3574
2025-01-22 17:27
18_Chapter_10.xhtml
b3cc051b55f245144d5c3a078c232f68
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
DNS
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.2
guest
3575
2025-01-22 17:26
Rechnung.exe
6c6915f22c0057a75c2ceb11f780d60f
njRAT
backdoor
Generic Malware
Malicious Library
Antivirus
UPX
PE File
MSOffice File
CAB
PE32
OS Name Check
OS Processor Check
DLL
VirusTotal
Malware
PDB
suspicious privilege
Check memory
Checks debugger
Creates executable files
unpack itself
AppData folder
AntiVM_Disk
VM Disk Size Check
Windows
ComputerName
RCE
Cryptographic key
2
Info
×
adminxyzhosting.com(185.49.126.140)
185.49.126.140
5.0
M
24
ZeroCERT
3576
2025-01-22 17:26
19_Chapter_11.xhtml
012c6b98b718c073c9d97274a9e557d0
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Windows
Exploit
crashed
2.8
guest
3577
2025-01-22 17:26
17_Chapter_09.xhtml
9c671725f7d7b5db5c0907bbb7e5838f
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
DNS
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.2
guest
3578
2025-01-22 17:24
16_Chapter_08.xhtml
7c679c296e9549f3eed6dd224038d169
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
4.0
guest
3579
2025-01-22 17:24
Rechnung.exe
6c6915f22c0057a75c2ceb11f780d60f
njRAT
backdoor
Generic Malware
Malicious Library
Antivirus
UPX
PE File
MSOffice File
CAB
PE32
OS Name Check
OS Processor Check
DLL
VirusTotal
Malware
PDB
suspicious privilege
Check memory
Checks debugger
Creates executable files
unpack itself
AppData folder
AntiVM_Disk
VM Disk Size Check
Windows
ComputerName
RCE
Cryptographic key
crashed
2
Info
×
adminxyzhosting.com(185.49.126.140)
185.49.126.140
5.2
M
24
ZeroCERT
3580
2025-01-22 17:23
15_Chapter_07.xhtml
5c96124b3a80d91289cb30e541a266a6
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
DNS
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
4.2
guest
3581
2025-01-22 17:22
14_Chapter_06.xhtml
de7984576a3d50f31ee16e7ac85c542f
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
DNS
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.2
guest
3582
2025-01-22 17:21
jij.exe
170766dd706bef08f2d36bb530ea2ac6
Malicious Library
Malicious Packer
PE File
.NET EXE
PE32
VirusTotal
Malware
AutoRuns
MachineGuid
Check memory
Checks debugger
unpack itself
Windows
ComputerName
DNS
DDNS
1
Info
×
mim.no-ip.net()
1
Info
×
ET INFO DYNAMIC_DNS Query to a Suspicious no-ip Domain
5.4
M
64
ZeroCERT
3583
2025-01-22 17:21
13_Chapter_05.xhtml
112d5830e15142abdb1e9fc57b249345
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
DNS
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
4.2
guest
3584
2025-01-22 17:19
12_Chapter_04.xhtml
7bd515e30dc7f317cbd55a53c2712fc5
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
DNS
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.2
guest
3585
2025-01-22 17:19
Telegram.exe
8977c554e151a36aa2f53207eb822fb4
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
PDB
unpack itself
1.8
M
28
ZeroCERT
First
Previous
231
232
233
234
235
236
237
238
239
240
Next
Last
Total : 53,690cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
