File name:

2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer

Full analysis: https://app.any.run/tasks/8146ae59-288a-444f-a24b-8915f52a8db9
Verdict: Malicious activity
Threats:

A backdoor is a type of cybersecurity threat that allows attackers to secretly compromise a system and conduct malicious activities, such as stealing data and modifying files. Backdoors can be difficult to detect, as they often use legitimate system applications to evade defense mechanisms. Threat actors often utilize special malware, such as PlugX, to establish backdoors on target devices.

Malware Trends Tracker     >>>
Analysis date: May 27, 2025, 08:41:42
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
xred
backdoor
auto-reg
delphi
dyndns
snake
keylogger
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
MD5:

E4D362A48555E9B2A1D1B74EE13EA600

SHA1:

4251191336B7BD83BDDCB00DAC68EA1319025804

SHA256:

DC2BBD36C2E0C4D80F65DA0912C67C6E99FD4F9C57350AC88C3BDF208C8ADD2D

SSDEEP:

49152:m3HzLnqOaNMCFJ6kPvO1cg0i7QKBO7q8j7sG:Er7ayGJ6kHOS9KBO7qvG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • XRED mutex has been found

      • 2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe (PID: 1628)
      • Synaptics.exe (PID: 6372)
      • Synaptics.exe (PID: 4120)

    • Changes the autorun value in the registry

      • 2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe (PID: 1628)

    • XRED has been detected (YARA)

      • Synaptics.exe (PID: 6372)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • 2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe (PID: 1628)
      • ._cache_2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe (PID: 4488)
      • Synaptics.exe (PID: 6372)

    • Executable content was dropped or overwritten

      • 2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe (PID: 1628)

    • There is functionality for communication over UDP network (YARA)

      • Synaptics.exe (PID: 6372)

    • There is functionality for taking screenshot (YARA)

      • Synaptics.exe (PID: 6372)

    • There is functionality for communication dyndns network (YARA)

      • Synaptics.exe (PID: 6372)

  • INFO

    • The sample compiled with english language support

      • 2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe (PID: 1628)

    • Checks supported languages

      • 2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe (PID: 1628)
      • ._cache_2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe (PID: 4488)
      • Synaptics.exe (PID: 6372)
      • Synaptics.exe (PID: 4120)

    • The sample compiled with turkish language support

      • 2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe (PID: 1628)

    • Process checks computer location settings

      • 2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe (PID: 1628)

    • Reads the computer name

      • 2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe (PID: 1628)
      • ._cache_2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe (PID: 4488)
      • Synaptics.exe (PID: 6372)
      • Synaptics.exe (PID: 4120)

    • Creates files in the program directory

      • 2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe (PID: 1628)
      • Synaptics.exe (PID: 6372)

    • Launch of the file from Registry key

      • 2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe (PID: 1628)

    • Checks proxy server information

      • ._cache_2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe (PID: 4488)
      • Synaptics.exe (PID: 6372)
      • slui.exe (PID: 644)

    • Reads the machine GUID from the registry

      • ._cache_2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe (PID: 4488)
      • Synaptics.exe (PID: 6372)

    • Reads the software policy settings

      • ._cache_2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe (PID: 4488)
      • Synaptics.exe (PID: 6372)
      • slui.exe (PID: 644)

    • Manual execution by a user

      • Synaptics.exe (PID: 4120)

    • Compiled with Borland Delphi (YARA)

      • Synaptics.exe (PID: 6372)
      • ._cache_2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe (PID: 4488)
      • slui.exe (PID: 644)

    • Create files in a temporary directory

      • Synaptics.exe (PID: 6372)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (57.2)
.exe | Win32 Executable (generic) (18.2)
.exe | Win16/32 Executable Delphi generic (8.3)
.exe | Generic Win/DOS Executable (8)
.exe | DOS Executable Generic (8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 629760
InitializedDataSize: 320512
UninitializedDataSize: -
EntryPoint: 0x9ab80
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.4
ProductVersionNumber: 1.0.0.4
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Turkish
CharacterSet: Windows, Turkish
CompanyName: CRACK BY RETRIX
FileDescription: SS CRACK RETRIX
FileVersion: 1.1.1.1
InternalName: -
LegalCopyright: -
LegalTrademarks: -
OriginalFileName: -
ProductName: SS CRACK RETRIX
ProductVersion: 1.0.0.0
Comments: Modified by an unpaid evaluation copy of Resource Tuner 2. http://www.heaventools.com
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
126
Monitored processes
6
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #XRED 2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe ._cache_2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe #XRED synaptics.exe svchost.exe #XRED synaptics.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
644C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1628"C:\Users\admin\Desktop\2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe" C:\Users\admin\Desktop\2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe
explorer.exe
User:
admin
Company:
CRACK BY RETRIX
Integrity Level:
MEDIUM
Description:
SS CRACK RETRIX
Exit code:
0
Version:
1.1.1.1
Modules
Images
c:\users\admin\desktop\2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
4120C:\ProgramData\Synaptics\Synaptics.exeC:\ProgramData\Synaptics\Synaptics.exe
explorer.exe
User:
admin
Company:
CRACK BY RETRIX
Integrity Level:
MEDIUM
Description:
SS CRACK RETRIX
Exit code:
0
Version:
1.1.1.1
Modules
Images
c:\programdata\synaptics\synaptics.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
4488"C:\Users\admin\Desktop\._cache_2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe" C:\Users\admin\Desktop\._cache_2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe
2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe
User:
admin
Company:
Zoom Communications, Inc.
Integrity Level:
MEDIUM
Description:
Zoom Opener
Version:
6,3,0,63
Modules
Images
c:\users\admin\desktop\._cache_2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
6372"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateC:\ProgramData\Synaptics\Synaptics.exe
2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe
User:
admin
Company:
CRACK BY RETRIX
Integrity Level:
HIGH
Description:
SS CRACK RETRIX
Version:
1.1.1.1
Modules
Images
c:\programdata\synaptics\synaptics.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
11 208
Read events
11 199
Write events
9
Delete events
0

Modification events

(PID) Process:(4488) ._cache_2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(4488) ._cache_2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(4488) ._cache_2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1628) 2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A7803901000060B81DB4E48ED2119906E49FADC173CAAC000000
(PID) Process:(1628) 2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(1628) 2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:SS CRACK RETRIX
Value:
C:\ProgramData\Synaptics\Synaptics.exe
(PID) Process:(6372) Synaptics.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6372) Synaptics.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6372) Synaptics.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
4
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
16282025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exeC:\ProgramData\Synaptics\Synaptics.exeexecutable
MD5:E4D362A48555E9B2A1D1B74EE13EA600
SHA256:DC2BBD36C2E0C4D80F65DA0912C67C6E99FD4F9C57350AC88C3BDF208C8ADD2D
6372Synaptics.exeC:\Users\admin\AppData\Local\Temp\AetvhXE.inihtml
MD5:3D94EE4E532AC4C57C807AA8513D3711
SHA256:8B16F905563ADEA34BC912DE093D5F9DA9FE3DC0DFA79DB49135D9E7C050C882
16282025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exeC:\ProgramData\Synaptics\RCXC749.tmpexecutable
MD5:7119AECBADA6B8D52C24BFF2084EEE38
SHA256:76C68C3DB494F7AC3BD0EDB9920C01B869D4F999E6C719E616CE2FF58AAFB379
16282025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exeC:\Users\admin\Desktop\._cache_2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exeexecutable
MD5:84928D50CA36826F9190E141AA8F2CFB
SHA256:1ED09BAE10F2216D76D9F3E914D04952C186CB1B23A19574F92D0D014A9F4F05
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
31
TCP/UDP connections
47
DNS requests
19
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
POST
200
170.114.78.80:443
https://zoom.us/conf/launch
unknown
whitelisted
GET
304
4.175.87.197:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
6372
Synaptics.exe
GET
200
69.42.215.252:80
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
unknown
whitelisted
GET
200
4.175.87.197:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
compressed
23.9 Kb
whitelisted
5576
SIHClient.exe
GET
200
2.20.245.137:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
20.242.39.171:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
5576
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
5576
SIHClient.exe
GET
200
2.20.245.137:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
5576
SIHClient.exe
GET
200
2.20.245.137:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
5576
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
4488
._cache_2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer.exe
170.114.52.2:443
zoom.us
US
whitelisted
6372
Synaptics.exe
69.42.215.252:80
freedns.afraid.org
AWKNET
US
whitelisted
2196
svchost.exe
224.0.0.252:5355
whitelisted
2196
svchost.exe
224.0.0.251:5353
unknown
5576
SIHClient.exe
4.175.87.197:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5576
SIHClient.exe
2.20.245.137:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
google.com
  • 142.250.181.238
whitelisted
client.wns.windows.com
  • 172.211.123.248
  • 172.211.123.249
whitelisted
zoom.us
  • 170.114.52.2
whitelisted
xred.mooo.com
whitelisted
freedns.afraid.org
  • 69.42.215.252
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted
crl.microsoft.com
  • 2.20.245.137
  • 2.20.245.139
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.95.31.18
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Potentially Bad Traffic
ET DYN_DNS DYNAMIC_DNS Query to Abused Domain *.mooo.com
A Network Trojan was detected
ET HUNTING Suspicious User-Agent Containing .exe
A Network Trojan was detected
ET MALWARE Snake Keylogger Payload Request (GET)
A Network Trojan was detected
ET HUNTING Suspicious User-Agent Containing .exe
A Network Trojan was detected
ET HUNTING Suspicious User-Agent Containing .exe
A Network Trojan was detected
ET HUNTING Suspicious User-Agent Containing .exe
A Network Trojan was detected
ET HUNTING Suspicious User-Agent Containing .exe
A Network Trojan was detected
ET HUNTING Suspicious User-Agent Containing .exe
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2025-05-27_e4d362a48555e9b2a1d1b74ee13ea600_black-basta_darkgate_elex_gcleaner_hijackloader_luca-stealer