232c571f63f3d5f912d4b826b950090d11df00f85d97393d623bc80552645e49

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 21:56 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14154a5fc3b7019dd3ef06c003d4d7b3.exe
Size

227KB
MD5

14154a5fc3b7019dd3ef06c003d4d7b3
SHA1

92b3749ba47c497055ca5243814d4a05eb5b9dac
SHA256

232c571f63f3d5f912d4b826b950090d11df00f85d97393d623bc80552645e49
SHA512

a0bc1da22ee0be292ba9a47bd5ae7f0374f00d9ee2884de061c08525bc4003361ee5197ca69c851cdce24457ba4ee94477e1fbe0507cfd4ba2fc263a3d1bee3c
SSDEEP

6144:kp4wdZ3t4A6M2kwp+E4tEZw7BkJgSoS3VFd:kp4wj3t9B7wp+1+w7NSoS3t

Score

7^/10

upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\Control Panel\International\Geo\Nation	14154a5fc3b7019dd3ef06c003d4d7b3.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2588-0-0x0000000000180000-0x000000000021E000-memory.dmp	upx
behavioral2/memory/2588-105-0x0000000000180000-0x000000000021E000-memory.dmp	upx
behavioral2/memory/2140-112-0x0000000000180000-0x000000000021E000-memory.dmp	upx

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\PROGRA~2\Zona\utils.jar	14154A~1.EXE
File created	C:\PROGRA~2\Zona\License_ru.rtf	14154A~1.EXE
File created	C:\PROGRA~2\Zona\License_uk.rtf	14154A~1.EXE
File created	C:\PROGRA~2\Zona\License_en.rtf	14154A~1.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2588 wrote to memory of 1740	2588	14154a5fc3b7019dd3ef06c003d4d7b3.exe	93
PID 2588 wrote to memory of 1740	2588	14154a5fc3b7019dd3ef06c003d4d7b3.exe	93
PID 2588 wrote to memory of 1740	2588	14154a5fc3b7019dd3ef06c003d4d7b3.exe	93
PID 2588 wrote to memory of 2140	2588	14154a5fc3b7019dd3ef06c003d4d7b3.exe	96
PID 2588 wrote to memory of 2140	2588	14154a5fc3b7019dd3ef06c003d4d7b3.exe	96
PID 2588 wrote to memory of 2140	2588	14154a5fc3b7019dd3ef06c003d4d7b3.exe	96

C:\Users\Admin\AppData\Local\Temp\14154a5fc3b7019dd3ef06c003d4d7b3.exe
"C:\Users\Admin\AppData\Local\Temp\14154a5fc3b7019dd3ef06c003d4d7b3.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2588
- C:\Windows\SysWOW64\cscript.exe
  cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
  2⤵
  PID:1740
- C:\Users\Admin\AppData\Local\Temp\14154A~1.EXE
  "C:\Users\Admin\AppData\Local\Temp\14154A~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
  2⤵
  - Drops file in Program Files directory
  PID:2140

Network

DNS

stat.miniload.org

14154a5fc3b7019dd3ef06c003d4d7b3.exe

Remote address:

8.8.8.8:53

Request

stat.miniload.org

IN A

Response
DNS

stat.miniload.org

14154a5fc3b7019dd3ef06c003d4d7b3.exe

Remote address:

8.8.8.8:53

Request

stat.miniload.org

IN A
DNS

19.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.177.190.20.in-addr.arpa

IN PTR

Response
DNS

19.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.177.190.20.in-addr.arpa

IN PTR
DNS

asset0.torrentino.com

14154a5fc3b7019dd3ef06c003d4d7b3.exe

Remote address:

8.8.8.8:53

Request

asset0.torrentino.com

IN A

Response

asset0.torrentino.com

IN A

13.248.169.48

asset0.torrentino.com

IN A

76.223.54.146
DNS

asset0.torrentino.com

14154a5fc3b7019dd3ef06c003d4d7b3.exe

Remote address:

8.8.8.8:53

Request

asset0.torrentino.com

IN A
DNS

asset0.torrentino.com

14154a5fc3b7019dd3ef06c003d4d7b3.exe

Remote address:

8.8.8.8:53

Request

asset0.torrentino.com

IN A
DNS

0.204.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.204.248.87.in-addr.arpa

IN PTR

Response

0.204.248.87.in-addr.arpa

IN PTR

https-87-248-204-0lhrllnwnet
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=64d2f3dde19f4c6998fda147d045ea27&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=64d2f3dde19f4c6998fda147d045ea27&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0B023CCFBECB6A12155E2F3DBFEC6BD7; domain=.bing.com; expires=Sat, 18-Jan-2025 20:26:51 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FE621B3208D546AC88AF7E394C3FC529 Ref B: LON04EDGE0622 Ref C: 2023-12-25T20:26:51Z
date: Mon, 25 Dec 2023 20:26:51 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=64d2f3dde19f4c6998fda147d045ea27&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=64d2f3dde19f4c6998fda147d045ea27&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0B023CCFBECB6A12155E2F3DBFEC6BD7

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=B6eTt_ttHAJ8DvPrtdS8eJDA7-v2mgtEZyZP3Z4ZUZw; domain=.bing.com; expires=Sat, 18-Jan-2025 20:26:51 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0570D7E39A5447D0BAEF584278A09284 Ref B: LON04EDGE0622 Ref C: 2023-12-25T20:26:51Z
date: Mon, 25 Dec 2023 20:26:51 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=64d2f3dde19f4c6998fda147d045ea27&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=64d2f3dde19f4c6998fda147d045ea27&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0B023CCFBECB6A12155E2F3DBFEC6BD7; MSPTC=B6eTt_ttHAJ8DvPrtdS8eJDA7-v2mgtEZyZP3Z4ZUZw

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 80DCADCECEFB444997367A2FE36D63AB Ref B: LON04EDGE0622 Ref C: 2023-12-25T20:26:53Z
date: Mon, 25 Dec 2023 20:26:52 GMT
DNS

dl2.appzona.net

14154a5fc3b7019dd3ef06c003d4d7b3.exe

Remote address:

8.8.8.8:53

Request

dl2.appzona.net

IN A

Response

dl2.appzona.net

IN A

46.254.18.90
GET

http://dl2.appzona.net/dl/jre_latest.exe

14154a5fc3b7019dd3ef06c003d4d7b3.exe

Remote address:

46.254.18.90:80

Request

GET /dl/jre_latest.exe HTTP/1.1
User-Agent: httpget
Host: dl2.appzona.net
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 404 Not Found

Server: nginx/1.20.2
Date: Mon, 25 Dec 2023 20:26:51 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive
GET

http://dl2.appzona.net/dl/jre_packed.exe

14154a5fc3b7019dd3ef06c003d4d7b3.exe

Remote address:

46.254.18.90:80

Request

GET /dl/jre_packed.exe HTTP/1.1
User-Agent: httpget
Host: dl2.appzona.net
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 404 Not Found

Server: nginx/1.20.2
Date: Mon, 25 Dec 2023 20:27:07 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR

Response
DNS

90.18.254.46.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.18.254.46.in-addr.arpa

IN PTR

Response

90.18.254.46.in-addr.arpa

IN PTR

hosted-byIHCru
GET

http://asset0.torrentino.com/tvshows/covers/000/004/052/thumb.jpg

14154a5fc3b7019dd3ef06c003d4d7b3.exe

Remote address:

13.248.169.48:80

Request

GET /tvshows/covers/000/004/052/thumb.jpg HTTP/1.1
User-Agent: httpget
Host: asset0.torrentino.com
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: openresty
Date: Mon, 25 Dec 2023 20:26:51 GMT
Content-Type: text/html
Content-Length: 12976
Last-Modified: Wed, 13 Dec 2023 20:27:43 GMT
Connection: keep-alive
ETag: "657a13bf-32b0"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_MgswUSqSQhzeVCehT1NsVcNUhTNRaJ+h4SsjhqMtmB1bFZ9gYKBasyLNnrz6a0+K8AQMCAsPvjXpOAyoGIMIlg
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
Set-Cookie: country=RO;Path=/;Max-Age=86400;
Set-Cookie: city="";Path=/;Max-Age=86400;
Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
Accept-Ranges: bytes
DNS

48.169.248.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.169.248.13.in-addr.arpa

IN PTR

Response

48.169.248.13.in-addr.arpa

IN PTR

a904c694c05102f30awsglobalacceleratorcom
DNS

stat.miniload.org

14154a5fc3b7019dd3ef06c003d4d7b3.exe

Remote address:

8.8.8.8:53

Request

stat.miniload.org

IN A

Response
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR
DNS

stat.miniload.org

14154a5fc3b7019dd3ef06c003d4d7b3.exe

Remote address:

8.8.8.8:53

Request

stat.miniload.org

IN A

Response
DNS

195.233.44.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.233.44.23.in-addr.arpa

IN PTR

Response

195.233.44.23.in-addr.arpa

IN PTR

a23-44-233-195deploystaticakamaitechnologiescom
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301425_1VRGL6P12DBLOL6XY&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301425_1VRGL6P12DBLOL6XY&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 317587
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 12A804DC1C9A48168F06E3BCAB37C0EC Ref B: LON04EDGE1219 Ref C: 2023-12-25T20:27:30Z
date: Mon, 25 Dec 2023 20:27:30 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301197_13N2PI9RULA3OK907&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301197_13N2PI9RULA3OK907&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 347909
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 21A6A05245E745E0BDFA9E809C54AEFF Ref B: LON04EDGE1219 Ref C: 2023-12-25T20:27:30Z
date: Mon, 25 Dec 2023 20:27:30 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301468_1K7Q0DK1RQ5AV6436&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301468_1K7Q0DK1RQ5AV6436&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 183080
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8382F720B00A46C586281EFED274E5E1 Ref B: LON04EDGE1219 Ref C: 2023-12-25T20:27:30Z
date: Mon, 25 Dec 2023 20:27:30 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301035_1FUDWJ8GFFIFDV49E&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301035_1FUDWJ8GFFIFDV49E&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 593186
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ED1774FDF921411D82CE2A34BE1B1289 Ref B: LON04EDGE1219 Ref C: 2023-12-25T20:27:30Z
date: Mon, 25 Dec 2023 20:27:30 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300992_1OQJAKUFY0EQY29DG&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300992_1OQJAKUFY0EQY29DG&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 594776
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 62A94C56AC444F1B90578A48B0A5B2CB Ref B: LON04EDGE1219 Ref C: 2023-12-25T20:27:30Z
date: Mon, 25 Dec 2023 20:27:30 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301606_1T3TGU025891179QA&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301606_1T3TGU025891179QA&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 200904
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FC9CE104D9B841E49FE45A9270B868FB Ref B: LON04EDGE1219 Ref C: 2023-12-25T20:27:32Z
date: Mon, 25 Dec 2023 20:27:31 GMT
DNS

75.118.77.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.118.77.104.in-addr.arpa

IN PTR

Response

75.118.77.104.in-addr.arpa

IN PTR

a104-77-118-75deploystaticakamaitechnologiescom
DNS

183.1.37.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.1.37.23.in-addr.arpa

IN PTR

Response

183.1.37.23.in-addr.arpa

IN PTR

a23-37-1-183deploystaticakamaitechnologiescom
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR

Response
DNS

209.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.179.17.96.in-addr.arpa

IN PTR

Response

209.179.17.96.in-addr.arpa

IN PTR

a96-17-179-209deploystaticakamaitechnologiescom
DNS

176.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

176.179.17.96.in-addr.arpa

IN PTR

Response

176.179.17.96.in-addr.arpa

IN PTR

a96-17-179-176deploystaticakamaitechnologiescom
DNS

65.139.73.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.139.73.23.in-addr.arpa

IN PTR

Response

65.139.73.23.in-addr.arpa

IN PTR

a23-73-139-65deploystaticakamaitechnologiescom
DNS

23.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.236.111.52.in-addr.arpa

IN PTR

Response
DNS

106.27.33.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.27.33.23.in-addr.arpa

IN PTR

Response

106.27.33.23.in-addr.arpa

IN PTR

a23-33-27-106deploystaticakamaitechnologiescom
DNS

16.234.44.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.234.44.23.in-addr.arpa

IN PTR

Response

16.234.44.23.in-addr.arpa

IN PTR

a23-44-234-16deploystaticakamaitechnologiescom
DNS

153.141.79.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

153.141.79.40.in-addr.arpa

IN PTR

Response
DNS

153.141.79.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

153.141.79.40.in-addr.arpa

IN PTR
DNS

203.254.1.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

203.254.1.23.in-addr.arpa

IN PTR

Response

203.254.1.23.in-addr.arpa

IN PTR

a23-1-254-203deploystaticakamaitechnologiescom
DNS

203.254.1.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

203.254.1.23.in-addr.arpa

IN PTR

204.79.197.200:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=64d2f3dde19f4c6998fda147d045ea27&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid=

tls, http2

2.7kB
9.6kB
26
18

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=64d2f3dde19f4c6998fda147d045ea27&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=64d2f3dde19f4c6998fda147d045ea27&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=64d2f3dde19f4c6998fda147d045ea27&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid=

HTTP Response

204
46.254.18.90:80

http://dl2.appzona.net/dl/jre_packed.exe

http

14154a5fc3b7019dd3ef06c003d4d7b3.exe

618 B
868 B
8
6

HTTP Request

GET http://dl2.appzona.net/dl/jre_latest.exe

HTTP Response

404

HTTP Request

GET http://dl2.appzona.net/dl/jre_packed.exe

HTTP Response

404
13.248.169.48:80

http://asset0.torrentino.com/tvshows/covers/000/004/052/thumb.jpg

http

14154a5fc3b7019dd3ef06c003d4d7b3.exe

987 B
14.5kB
18
17

HTTP Request

GET http://asset0.torrentino.com/tvshows/covers/000/004/052/thumb.jpg

HTTP Response

200
52.142.223.178:80

260 B
5
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.5kB
8.7kB
18
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.5kB
8.7kB
18
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.5kB
8.7kB
18
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.5kB
8.7kB
18
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301606_1T3TGU025891179QA&pid=21.2&w=1080&h=1920&c=4

tls, http2

80.6kB
2.3MB
1710
1703

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301425_1VRGL6P12DBLOL6XY&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301197_13N2PI9RULA3OK907&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301468_1K7Q0DK1RQ5AV6436&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301035_1FUDWJ8GFFIFDV49E&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300992_1OQJAKUFY0EQY29DG&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301606_1T3TGU025891179QA&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

8.8.8.8:53

stat.miniload.org

dns

14154a5fc3b7019dd3ef06c003d4d7b3.exe

126 B
145 B
2
1

DNS Request

stat.miniload.org

DNS Request

stat.miniload.org
8.8.8.8:53

19.177.190.20.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

19.177.190.20.in-addr.arpa

DNS Request

19.177.190.20.in-addr.arpa
8.8.8.8:53

asset0.torrentino.com

dns

14154a5fc3b7019dd3ef06c003d4d7b3.exe

201 B
99 B
3
1

DNS Request

asset0.torrentino.com

DNS Request

asset0.torrentino.com

DNS Request

asset0.torrentino.com

DNS Response

13.248.169.48

76.223.54.146
8.8.8.8:53

0.204.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.204.248.87.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
158 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

dl2.appzona.net

dns

14154a5fc3b7019dd3ef06c003d4d7b3.exe

61 B
77 B
1
1

DNS Request

dl2.appzona.net

DNS Response

46.254.18.90
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

59.128.231.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

59.128.231.4.in-addr.arpa
8.8.8.8:53

90.18.254.46.in-addr.arpa

dns

71 B
101 B
1
1

DNS Request

90.18.254.46.in-addr.arpa
8.8.8.8:53

48.169.248.13.in-addr.arpa

dns

72 B
128 B
1
1

DNS Request

48.169.248.13.in-addr.arpa
8.8.8.8:53

stat.miniload.org

dns

14154a5fc3b7019dd3ef06c003d4d7b3.exe

63 B
145 B
1
1

DNS Request

stat.miniload.org
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

146 B
147 B
2
1

DNS Request

103.169.127.40.in-addr.arpa

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

stat.miniload.org

dns

14154a5fc3b7019dd3ef06c003d4d7b3.exe

63 B
145 B
1
1

DNS Request

stat.miniload.org
8.8.8.8:53

195.233.44.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

195.233.44.23.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
173 B
2
1

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

75.118.77.104.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

75.118.77.104.in-addr.arpa
8.8.8.8:53

183.1.37.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

183.1.37.23.in-addr.arpa
8.8.8.8:53

119.110.54.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

119.110.54.20.in-addr.arpa
8.8.8.8:53

209.179.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

209.179.17.96.in-addr.arpa
8.8.8.8:53

176.179.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

176.179.17.96.in-addr.arpa
8.8.8.8:53

65.139.73.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

65.139.73.23.in-addr.arpa
8.8.8.8:53

23.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

23.236.111.52.in-addr.arpa
8.8.8.8:53

106.27.33.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

106.27.33.23.in-addr.arpa
8.8.8.8:53

16.234.44.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

16.234.44.23.in-addr.arpa
8.8.8.8:53

153.141.79.40.in-addr.arpa

dns

144 B
146 B
2
1

DNS Request

153.141.79.40.in-addr.arpa

DNS Request

153.141.79.40.in-addr.arpa
8.8.8.8:53

203.254.1.23.in-addr.arpa

dns

142 B
135 B
2
1

DNS Request

203.254.1.23.in-addr.arpa

DNS Request

203.254.1.23.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
7KB

MD5
72240d64dd50b1136312c16454844575

SHA1
0d9756c4cdd65ba2036c119e0b7fd4053db06d40

SHA256
a8456f207aecb1746f0a89e8d7182d1df673b5e42321192794cffb372fea30e5

SHA512
2b96107b9c80b17c31f07fc0313d81d04ee6932c5d821e343e130023dbe0bf366379e40273cc60bab13d34e4e5558285af61924e38a0ae76c25d3ebb9136ccf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
131f0149694ccdf95ea053eacccbb652

SHA1
b62dd22fc2196a791546acdc37e62e9eda0b70cf

SHA256
0425d8ae3b0898b0d8c6d7057aaea423fc0ccf4b6e83561b9f959ab4e5420b85

SHA512
0c14bd39ef665cf095e6ef3e9b3a79a1fed91c8987a6276c084855a7156cf8a98de7e09cc0f10f9bf8680a2555ac0f87bc2cad9f1117eff4489574b8d52d2c2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
04bac92392cc52d2e461b13553b5f5c6

SHA1
afce90b7143c3763bc99137866760071ad8dee59

SHA256
27c6b7d832f6d5fa309517fa07fb7c2c41365880de3928c0622d72b1202f03d4

SHA512
15ae3c0d920ee3aea06e42a8a4453e844b70b5948c7defbf30ec7599645fa0b61467d2f1e90c3977becb95349fee8eb9b2a9493f6754f799f00ea1499d87738d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
10KB

MD5
b8edc3d1356d8c40b6f9349e00242894

SHA1
eb9638b0680ae74541dad14543305259a1c4dbe9

SHA256
58618f580cd4b970b75d5019c2f044ca07d2e83019b4dce0bea9a00821eac0a0

SHA512
c532894041883567b971e0091a0e0290c2c79a37b0a7d2328fdaf44e1b433ec51d991b16b23cf82f2bd73c83add044a969b9f11240fca5dfacd7cb2249f842ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
9334d434e48d2839547f850a42ad520b

SHA1
68afb5f23ee9229f6bac7b7a64c53a00e60d53ea

SHA256
a52ee4711140b853301d566da2abc23d1eed475ad55f979ee62b64925a6ba83e

SHA512
d47e99f9fe39dadde5f686ccae4f6457bb77e62ed03058fcf1f9b97056a6e7b52c66a493ece69ecd9ab184b3076a95c11db8be6e081ac4f6daca525ab0bd724d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
1KB

MD5
f3e8e6fc9ac2eb4c0ed1f99577350178

SHA1
0ce533930c007ef141bd781dd6a09447bd6192f0

SHA256
94613dde511951c89fb06361fee3638fcb35ef3a8883a6bb99c04871919dc5c5

SHA512
41280940601aeb8904312866e12c9b2ef16625602583083a799eadb5564a3d9a1c859fb91639f1c37b404b128e698fe635f2b4958503e1d431ce7f429fae2426

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
13KB

MD5
94e23dcb6f3a52c6a7b4ff6871a774e1

SHA1
0efc6725fd763e242b02d72f90faff9ca9bf1d3e

SHA256
fc1cf2dd6772189fe5cc3f817965205403faed744fafe4da202210c5339950f2

SHA512
89ab051a5aebb5e09f296034c09e86ed3829ba666b1f2b51f486bfac0ee169b9381aec41469de4c154e770bd07ddb7dedb45291ed0206b172d92a4a1d212bb29

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
14KB

MD5
3a1dc490376257bcbc0a74a80af6ebeb

SHA1
15a60c29098f2e817d03f2925a77ff42ce1181d8

SHA256
8594c90baadb6ea845ccee7f8bfa9c0eb3838dcdeaac6d4b26831280b553e1d2

SHA512
0061c094162251f1622d12982d5c04646390442d7f128c87bd079fd1650a5d0b3f224b0d7f28b0e5f70bd45b24382cb02950261bf6df34082d48ead1b654bc84

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
e7a0ed14764f0108237aec9d57fd6f0f

SHA1
d874c7fcccfdd1d93c0656520af56691c010152b

SHA256
e831a0b8a8adb205982d3d0b637b59c1203abf02a6b20a1b6a2cbf855a0bc68c

SHA512
9c2a6f97eb46a339e62eb49b1d55943e712e770ac84cebf9e25b3670e38d2819507131d0cbc8a40818870180d8f64a10fab45071c5cbbd5f4c344cd1e2d36cd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
88642ed86bb57db31b00dfcd01d7607a

SHA1
c09dc8363ecbce09ebfb3941875fde7542a1e372

SHA256
9c595af3714331ca92680b68ba7f8ff457d14b2b32d061c2b13227f2d40fd023

SHA512
4d12538c4b42985daa7441db2caf7419b72b2223709a03cc9a1726af4f3af400367563fd3c6a7689bd2ba86a82e620781afc58b2839e020a3ca85d054842dc23

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
62189e6fa0aacd34d42adcb08df33624

SHA1
930b9d302823469bc3be1bc1f8376662bed55a30

SHA256
4d585cb47824ca0dd7a272c3ce0c0163f3bfef137c369f87cbfd67808b4dc5f1

SHA512
c49a850c3276b39e55524c22ad760850a71ea9f7fa7a93d041db37ac5a86ea570677e2c5812daf1c7c2b32c6475a78ca06074ce24e89c12b04b7db7172e38323

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
610B

MD5
42cea7a7da96eaaf68e324c7f1e9e548

SHA1
fdc9431131fb2ac6bfdcdfc670cfaaeb027e68fe

SHA256
637a22c4d0481966d3bc0463fd330bb49eb27fc3ac1e2799e180fe11c9942448

SHA512
aef25e422bc6d5a201b1fe9fc6797a9c224a93c37cff941bf8bb2abbf8815409f138ab396af65082c061ad7b51f9dafeeed54c7d7edbf913fa97b5efa0e1d3ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
7KB

MD5
d6feb564e991b12ec658df881f2aefe1

SHA1
2ff5942f59f7ac0f7c482c7f1e1456ec21d62cb5

SHA256
2f3aa7761719f03015281c5b9bf8b15222408ab971e27bb1ae6d0b91300338e6

SHA512
9aad2211cea1d10b26084b7b73b4fbf996bb0ffa0d9831fb25c04219dea8041b7d95c68901580673f662238c58475cf59dbeb4deebbf5ca844931f769d102b66

Download Submit
C:\Users\Admin\AppData\Local\Temp\hd.vbs

Filesize
245B

MD5
d8682d715a652f994dca50509fd09669

SHA1
bb03cf242964028b5d9183812ed8b04de9d55c6e

SHA256
4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

SHA512
eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\zon782E.tmp

Filesize
12KB

MD5
cdedfa2739174ecbe1d917cccd39a997

SHA1
5692f9c2e13c4218661eb90ddfaec0ced6c15a79

SHA256
f1021db34e41f7a1749672945dd2b77235bd04184376f8ccfff07e613a53685d

SHA512
9ac63c2f46ae781c33ef188a6c2837e452a2d008028eaedd17199748e3c079df45efe4a6ac1e631769b60582d50bf34b993cdcf3607157ec64ab35afedf1570a

Download Submit
C:\Users\Admin\AppData\Roaming\Zona\tmp\133480096094313473javaSetup.exe

Filesize
153B

MD5
a53e183b2c571a68b246ad570b76da19

SHA1
7eac95d26ba1e92a3b4d6fd47ee057f00274ac13

SHA256
29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7

SHA512
1ca8f70acd82a194984a248a15541e0d2c75e052e00fc43c1c6b6682941dad6ce4b6c2cab4833e208e79f3546758c30857d1d4a3b05d8e571f0ce7a3a5b357be

Download Submit
memory/2140-112-0x0000000000180000-0x000000000021E000-memory.dmp

Filesize
632KB

Download
memory/2588-105-0x0000000000180000-0x000000000021E000-memory.dmp

Filesize
632KB

Download
memory/2588-0-0x0000000000180000-0x000000000021E000-memory.dmp

Filesize
632KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.