General
-
Target
226b7b506870441f3a2bfdce077edbbad4334b5bee2e5fffde263078a169f59a
-
Size
601KB
-
Sample
220521-a5p9zsecgp
-
MD5
4169436f6d3ee5739476c9201bb64b7f
-
SHA1
d439932ac331329a6f84202729fb75dc5670f4a4
-
SHA256
226b7b506870441f3a2bfdce077edbbad4334b5bee2e5fffde263078a169f59a
-
SHA512
8991508c5ec9ea269f719b1e9495534a4123bf7ac62e94e7d2cab281bf4e63c68fc4b2679a771a04481afefe8c2717e5ebbbb738295eb0c45a40edc891273a06
Score
10/10
Malware Config
Extracted
Path
C:\Users\Admin\AppData\Local\79FE0CC911\Log.txt
Family
masslogger
Ransom Note
<|| v2.4.0.0 ||>
User Name: Admin
IP: 154.61.71.51
Location: United States
Windows OS: Microsoft Windows 7 Ultimate 64bit
Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV
CPU: Intel Core Processor (Broadwell)
GPU: Standard VGA Graphics Adapter
AV: NA
Screen Resolution: 1280x720
Current Time: 5/21/2022 1:05:03 AM
MassLogger Started: 5/21/2022 1:04:47 AM
Interval: 1 hour
MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
MassLogger Melt: false
MassLogger Exit after delivery: false
As Administrator: True
Processes:
<|| WD Exclusion ||>
Disabled
<|| Binder ||>
Disabled
<|| Downloader ||>
Disabled
<|| Window Searcher ||>
Disabled
<|| Bot Killer ||>
Disabled
<|| Search And Upload ||>
Disabled
<|| Telegram Desktop ||>
Not Installed
<|| Pidgin ||>
Not Installed
<|| FileZilla ||>
Not Installed
<|| Discord Tokken ||>
Not Installed
<|| NordVPN ||>
Not Installed
<|| Outlook ||>
Not Installed
<|| FoxMail ||>
Not Installed
<|| Thunderbird ||>
Not Installed
<|| FireFox ||>
Not Found
<|| QQ Browser ||>
Not Installed
<|| Chromium Recovery ||>
Not Installed or Not Found
<|| Keylogger And Clipboard ||>
Disabled
Extracted
Path
C:\Users\Admin\AppData\Local\79FE0CC911\Log.txt
Family
masslogger
Ransom Note
<|| v2.4.0.0 ||>
User Name: Admin
IP: 154.61.71.51
Location: United States
Windows OS: Microsoft Windows 7 Ultimate 64bit
Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV
CPU: Intel Core Processor (Broadwell)
GPU: Standard VGA Graphics Adapter
AV: NA
Screen Resolution: 1280x720
Current Time: 5/21/2022 1:05:18 AM
MassLogger Started: 5/21/2022 1:05:00 AM
Interval: 1 hour
MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
MassLogger Melt: false
MassLogger Exit after delivery: false
As Administrator: True
Processes:
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
<|| WD Exclusion ||>
Disabled
<|| Binder ||>
Disabled
<|| Downloader ||>
Disabled
<|| Window Searcher ||>
Disabled
<|| Bot Killer ||>
Disabled
<|| Search And Upload ||>
Disabled
<|| Telegram Desktop ||>
Not Installed
<|| Pidgin ||>
Not Installed
<|| FileZilla ||>
Not Installed
<|| Discord Tokken ||>
Not Installed
<|| NordVPN ||>
Not Installed
<|| Outlook ||>
Not Installed
<|| FoxMail ||>
Not Installed
<|| Thunderbird ||>
Not Installed
<|| FireFox ||>
Not Found
<|| QQ Browser ||>
Not Installed
<|| Chromium Recovery ||>
Not Installed or Not Found
<|| Keylogger And Clipboard ||>
Disabled
Extracted
Path
C:\Users\Admin\AppData\Local\79FE0CC911\Log.txt
Family
masslogger
Ransom Note
<|| v2.4.0.0 ||>
User Name: Admin
IP: 154.61.71.51
Location: United States
Windows OS: Microsoft Windows 7 Ultimate 64bit
Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV
CPU: Intel Core Processor (Broadwell)
GPU: Standard VGA Graphics Adapter
AV: NA
Screen Resolution: 1280x720
Current Time: 5/21/2022 1:05:35 AM
MassLogger Started: 5/21/2022 1:05:17 AM
Interval: 1 hour
MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
MassLogger Melt: false
MassLogger Exit after delivery: false
As Administrator: True
Processes:
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
<|| WD Exclusion ||>
Disabled
<|| Binder ||>
Disabled
<|| Downloader ||>
Disabled
<|| Window Searcher ||>
Disabled
<|| Bot Killer ||>
Disabled
<|| Search And Upload ||>
Disabled
<|| Telegram Desktop ||>
Not Installed
<|| Pidgin ||>
Not Installed
<|| FileZilla ||>
Not Installed
<|| Discord Tokken ||>
Not Installed
<|| NordVPN ||>
Not Installed
<|| Outlook ||>
Not Installed
<|| FoxMail ||>
Not Installed
<|| Thunderbird ||>
Not Installed
<|| FireFox ||>
Not Found
<|| QQ Browser ||>
Not Installed
<|| Chromium Recovery ||>
Not Installed or Not Found
<|| Keylogger And Clipboard ||>
Disabled
Extracted
Path
C:\Users\Admin\AppData\Local\79FE0CC911\Log.txt
Family
masslogger
Ransom Note
<|| v2.4.0.0 ||>
User Name: Admin
IP: 154.61.71.51
Location: United States
Windows OS: Microsoft Windows 7 Ultimate 64bit
Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV
CPU: Intel Core Processor (Broadwell)
GPU: Standard VGA Graphics Adapter
AV: NA
Screen Resolution: 1280x720
Current Time: 5/21/2022 1:05:35 AM
MassLogger Started: 5/21/2022 1:05:18 AM
Interval: 1 hour
MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
MassLogger Melt: false
MassLogger Exit after delivery: false
As Administrator: True
Processes:
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
<|| WD Exclusion ||>
Disabled
<|| Binder ||>
Disabled
<|| Downloader ||>
Disabled
<|| Window Searcher ||>
Disabled
<|| Bot Killer ||>
Disabled
<|| Search And Upload ||>
Disabled
<|| Telegram Desktop ||>
Not Installed
<|| Pidgin ||>
Not Installed
<|| FileZilla ||>
Not Installed
<|| Discord Tokken ||>
Not Installed
<|| NordVPN ||>
Not Installed
<|| Outlook ||>
Not Installed
<|| FoxMail ||>
Not Installed
<|| Thunderbird ||>
Not Installed
<|| FireFox ||>
Not Found
<|| QQ Browser ||>
Not Installed
<|| Chromium Recovery ||>
Not Installed or Not Found
<|| Keylogger And Clipboard ||>
Disabled
Extracted
Path
C:\Users\Admin\AppData\Local\79FE0CC911\Log.txt
Family
masslogger
Ransom Note
<|| v2.4.0.0 ||>
User Name: Admin
IP: 154.61.71.51
Location: United States
Windows OS: Microsoft Windows 7 Ultimate 64bit
Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV
CPU: Intel Core Processor (Broadwell)
GPU: Standard VGA Graphics Adapter
AV: NA
Screen Resolution: 1280x720
Current Time: 5/21/2022 1:05:35 AM
MassLogger Started: 5/21/2022 1:05:24 AM
Interval: 1 hour
MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
MassLogger Melt: false
MassLogger Exit after delivery: false
As Administrator: True
Processes:
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
<|| WD Exclusion ||>
Disabled
<|| Binder ||>
Disabled
<|| Downloader ||>
Disabled
<|| Window Searcher ||>
Disabled
<|| Bot Killer ||>
Disabled
<|| Search And Upload ||>
Disabled
<|| Telegram Desktop ||>
Not Installed
<|| Pidgin ||>
Not Installed
<|| FileZilla ||>
Not Installed
<|| Discord Tokken ||>
Not Installed
<|| NordVPN ||>
Not Installed
<|| Outlook ||>
Not Installed
<|| FoxMail ||>
Not Installed
<|| Thunderbird ||>
Not Installed
<|| FireFox ||>
Not Found
<|| QQ Browser ||>
Not Installed
<|| Chromium Recovery ||>
Not Installed or Not Found
<|| Keylogger And Clipboard ||>
Disabled
Extracted
Path
C:\Users\Admin\AppData\Local\79FE0CC911\Log.txt
Family
masslogger
Ransom Note
<|| v2.4.0.0 ||>
User Name: Admin
IP: 127.0.0.1
Location: United States
Windows OS: Microsoft Windows 7 Ultimate 64bit
Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV
CPU: Intel Core Processor (Broadwell)
GPU: Standard VGA Graphics Adapter
AV: NA
Screen Resolution: 1280x720
Current Time: 5/21/2022 1:05:35 AM
MassLogger Started: 5/21/2022 1:05:08 AM
Interval: 1 hour
MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
MassLogger Melt: false
MassLogger Exit after delivery: false
As Administrator: True
Processes:
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
<|| WD Exclusion ||>
Disabled
<|| Binder ||>
Disabled
<|| Downloader ||>
Disabled
<|| Window Searcher ||>
Disabled
<|| Bot Killer ||>
Disabled
<|| Search And Upload ||>
Disabled
<|| Telegram Desktop ||>
Not Installed
<|| Pidgin ||>
Not Installed
<|| FileZilla ||>
Not Installed
<|| Discord Tokken ||>
Not Installed
<|| NordVPN ||>
Not Installed
<|| Outlook ||>
Not Installed
<|| FoxMail ||>
Not Installed
<|| Thunderbird ||>
Not Installed
<|| FireFox ||>
Not Found
<|| QQ Browser ||>
Not Installed
<|| Chromium Recovery ||>
Not Installed or Not Found
<|| Keylogger And Clipboard ||>
Disabled
Extracted
Path
C:\Users\Admin\AppData\Local\79FE0CC911\Log.txt
Family
masslogger
Ransom Note
<|| v2.4.0.0 ||>
User Name: Admin
IP: 154.61.71.51
Location: United States
Windows OS: Microsoft Windows 7 Ultimate 64bit
Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV
CPU: Intel Core Processor (Broadwell)
GPU: Standard VGA Graphics Adapter
AV: NA
Screen Resolution: 1280x720
Current Time: 5/21/2022 1:05:44 AM
MassLogger Started: 5/21/2022 1:05:29 AM
Interval: 1 hour
MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
MassLogger Melt: false
MassLogger Exit after delivery: false
As Administrator: True
Processes:
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
<|| WD Exclusion ||>
Disabled
<|| Binder ||>
Disabled
<|| Downloader ||>
Disabled
<|| Window Searcher ||>
Disabled
<|| Bot Killer ||>
Disabled
<|| Search And Upload ||>
Disabled
<|| Telegram Desktop ||>
Not Installed
<|| Pidgin ||>
Not Installed
<|| FileZilla ||>
Not Installed
<|| Discord Tokken ||>
Not Installed
<|| NordVPN ||>
Not Installed
<|| Outlook ||>
Not Installed
<|| FoxMail ||>
Not Installed
<|| Thunderbird ||>
Not Installed
<|| FireFox ||>
Not Found
<|| QQ Browser ||>
Not Installed
<|| Chromium Recovery ||>
Not Installed or Not Found
<|| Keylogger And Clipboard ||>
Disabled
Extracted
Path
C:\Users\Admin\AppData\Local\79FE0CC911\Log.txt
Family
masslogger
Ransom Note
<|| v2.4.0.0 ||>
User Name: Admin
IP: 154.61.71.51
Location: United States
Windows OS: Microsoft Windows 7 Ultimate 64bit
Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV
CPU: Intel Core Processor (Broadwell)
GPU: Standard VGA Graphics Adapter
AV: NA
Screen Resolution: 1280x720
Current Time: 5/21/2022 1:06:09 AM
MassLogger Started: 5/21/2022 1:05:38 AM
Interval: 1 hour
MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
MassLogger Melt: false
MassLogger Exit after delivery: false
As Administrator: True
Processes:
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
<|| WD Exclusion ||>
Disabled
<|| Binder ||>
Disabled
<|| Downloader ||>
Disabled
<|| Window Searcher ||>
Disabled
<|| Bot Killer ||>
Disabled
<|| Search And Upload ||>
Disabled
<|| Telegram Desktop ||>
Not Installed
<|| Pidgin ||>
Not Installed
<|| FileZilla ||>
Not Installed
<|| Discord Tokken ||>
Not Installed
<|| NordVPN ||>
Not Installed
<|| Outlook ||>
Not Installed
<|| FoxMail ||>
Not Installed
<|| Thunderbird ||>
Not Installed
<|| FireFox ||>
Not Found
<|| QQ Browser ||>
Not Installed
<|| Chromium Recovery ||>
Not Installed or Not Found
<|| Keylogger And Clipboard ||>
Disabled
Extracted
Path
C:\Users\Admin\AppData\Local\79FE0CC911\Log.txt
Family
masslogger
Ransom Note
<|| v2.4.0.0 ||>
User Name: Admin
IP: 154.61.71.51
Location: United States
Windows OS: Microsoft Windows 7 Ultimate 64bit
Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV
CPU: Intel Core Processor (Broadwell)
GPU: Standard VGA Graphics Adapter
AV: NA
Screen Resolution: 1280x720
Current Time: 5/21/2022 1:06:09 AM
MassLogger Started: 5/21/2022 1:05:34 AM
Interval: 1 hour
MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
MassLogger Melt: false
MassLogger Exit after delivery: false
As Administrator: True
Processes:
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
<|| WD Exclusion ||>
Disabled
<|| Binder ||>
Disabled
<|| Downloader ||>
Disabled
<|| Window Searcher ||>
Disabled
<|| Bot Killer ||>
Disabled
<|| Search And Upload ||>
Disabled
<|| Telegram Desktop ||>
Not Installed
<|| Pidgin ||>
Not Installed
<|| FileZilla ||>
Not Installed
<|| Discord Tokken ||>
Not Installed
<|| NordVPN ||>
Not Installed
<|| Outlook ||>
Not Installed
<|| FoxMail ||>
Not Installed
<|| Thunderbird ||>
Not Installed
<|| FireFox ||>
Not Found
<|| QQ Browser ||>
Not Installed
<|| Chromium Recovery ||>
Not Installed or Not Found
<|| Keylogger And Clipboard ||>
Disabled
Extracted
Path
C:\Users\Admin\AppData\Local\79FE0CC911\Log.txt
Family
masslogger
Ransom Note
<|| v2.4.0.0 ||>
User Name: Admin
IP: 154.61.71.51
Location: United States
Windows OS: Microsoft Windows 7 Ultimate 64bit
Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV
CPU: Intel Core Processor (Broadwell)
GPU: Standard VGA Graphics Adapter
AV: NA
Screen Resolution: 1280x720
Current Time: 5/21/2022 1:06:12 AM
MassLogger Started: 5/21/2022 1:05:37 AM
Interval: 1 hour
MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
MassLogger Melt: false
MassLogger Exit after delivery: false
As Administrator: True
Processes:
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
Name:WerFault, Title:Microsoft .NET Assembly Registration Utility
<|| WD Exclusion ||>
Disabled
<|| Binder ||>
Disabled
<|| Downloader ||>
Disabled
<|| Window Searcher ||>
Disabled
<|| Bot Killer ||>
Disabled
<|| Search And Upload ||>
Disabled
<|| Telegram Desktop ||>
Not Installed
<|| Pidgin ||>
Not Installed
<|| FileZilla ||>
Not Installed
<|| Discord Tokken ||>
Not Installed
<|| NordVPN ||>
Not Installed
<|| Outlook ||>
Not Installed
<|| FoxMail ||>
Not Installed
<|| Thunderbird ||>
Not Installed
<|| FireFox ||>
Not Found
<|| QQ Browser ||>
Not Installed
<|| Chromium Recovery ||>
Not Installed or Not Found
<|| Keylogger And Clipboard ||>
Disabled
Targets
-
-
Target
New_Order08042020.exe
-
Size
865KB
-
MD5
421f7936cf9984792c119c3602f2ac17
-
SHA1
8eca265739fce957205846992fee1abac60b4d56
-
SHA256
878e1a1b65cc05eb728bf4ce85b7ad87576bbc9c8465d1348c71cef4e8c098f2
-
SHA512
eab256280853a804a369acb75d9e43253eea65f2f05d30e098ab8c2fb5f27064977979b4fd0ab0a79119539b1306bb9e0efc6d2561504a01ef6c6227833b2a5e
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-