Analysis

  • max time kernel
    151s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 21:56 UTC

General

  • Target

    14154a5fc3b7019dd3ef06c003d4d7b3.exe

  • Size

    227KB

  • MD5

    14154a5fc3b7019dd3ef06c003d4d7b3

  • SHA1

    92b3749ba47c497055ca5243814d4a05eb5b9dac

  • SHA256

    232c571f63f3d5f912d4b826b950090d11df00f85d97393d623bc80552645e49

  • SHA512

    a0bc1da22ee0be292ba9a47bd5ae7f0374f00d9ee2884de061c08525bc4003361ee5197ca69c851cdce24457ba4ee94477e1fbe0507cfd4ba2fc263a3d1bee3c

  • SSDEEP

    6144:kp4wdZ3t4A6M2kwp+E4tEZw7BkJgSoS3VFd:kp4wj3t9B7wp+1+w7NSoS3t

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14154a5fc3b7019dd3ef06c003d4d7b3.exe
    "C:\Users\Admin\AppData\Local\Temp\14154a5fc3b7019dd3ef06c003d4d7b3.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2588
    • C:\Windows\SysWOW64\cscript.exe
      cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
      2⤵
        PID:1740
      • C:\Users\Admin\AppData\Local\Temp\14154A~1.EXE
        "C:\Users\Admin\AppData\Local\Temp\14154A~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
        2⤵
        • Drops file in Program Files directory
        PID:2140

    Network

    • flag-us
      DNS
      stat.miniload.org
      14154a5fc3b7019dd3ef06c003d4d7b3.exe
      Remote address:
      8.8.8.8:53
      Request
      stat.miniload.org
      IN A
      Response
    • flag-us
      DNS
      stat.miniload.org
      14154a5fc3b7019dd3ef06c003d4d7b3.exe
      Remote address:
      8.8.8.8:53
      Request
      stat.miniload.org
      IN A
    • flag-us
      DNS
      19.177.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      19.177.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      19.177.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      19.177.190.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      asset0.torrentino.com
      14154a5fc3b7019dd3ef06c003d4d7b3.exe
      Remote address:
      8.8.8.8:53
      Request
      asset0.torrentino.com
      IN A
      Response
      asset0.torrentino.com
      IN A
      13.248.169.48
      asset0.torrentino.com
      IN A
      76.223.54.146
    • flag-us
      DNS
      asset0.torrentino.com
      14154a5fc3b7019dd3ef06c003d4d7b3.exe
      Remote address:
      8.8.8.8:53
      Request
      asset0.torrentino.com
      IN A
    • flag-us
      DNS
      asset0.torrentino.com
      14154a5fc3b7019dd3ef06c003d4d7b3.exe
      Remote address:
      8.8.8.8:53
      Request
      asset0.torrentino.com
      IN A
    • flag-us
      DNS
      0.204.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.204.248.87.in-addr.arpa
      IN PTR
      Response
      0.204.248.87.in-addr.arpa
      IN PTR
      https-87-248-204-0lhrllnwnet
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.a-0001.a-msedge.net
      g-bing-com.a-0001.a-msedge.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=64d2f3dde19f4c6998fda147d045ea27&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=64d2f3dde19f4c6998fda147d045ea27&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=0B023CCFBECB6A12155E2F3DBFEC6BD7; domain=.bing.com; expires=Sat, 18-Jan-2025 20:26:51 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: FE621B3208D546AC88AF7E394C3FC529 Ref B: LON04EDGE0622 Ref C: 2023-12-25T20:26:51Z
      date: Mon, 25 Dec 2023 20:26:51 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=64d2f3dde19f4c6998fda147d045ea27&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=64d2f3dde19f4c6998fda147d045ea27&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0B023CCFBECB6A12155E2F3DBFEC6BD7
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=B6eTt_ttHAJ8DvPrtdS8eJDA7-v2mgtEZyZP3Z4ZUZw; domain=.bing.com; expires=Sat, 18-Jan-2025 20:26:51 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 0570D7E39A5447D0BAEF584278A09284 Ref B: LON04EDGE0622 Ref C: 2023-12-25T20:26:51Z
      date: Mon, 25 Dec 2023 20:26:51 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=64d2f3dde19f4c6998fda147d045ea27&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=64d2f3dde19f4c6998fda147d045ea27&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0B023CCFBECB6A12155E2F3DBFEC6BD7; MSPTC=B6eTt_ttHAJ8DvPrtdS8eJDA7-v2mgtEZyZP3Z4ZUZw
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 80DCADCECEFB444997367A2FE36D63AB Ref B: LON04EDGE0622 Ref C: 2023-12-25T20:26:53Z
      date: Mon, 25 Dec 2023 20:26:52 GMT
    • flag-us
      DNS
      dl2.appzona.net
      14154a5fc3b7019dd3ef06c003d4d7b3.exe
      Remote address:
      8.8.8.8:53
      Request
      dl2.appzona.net
      IN A
      Response
      dl2.appzona.net
      IN A
      46.254.18.90
    • flag-ru
      GET
      http://dl2.appzona.net/dl/jre_latest.exe
      14154a5fc3b7019dd3ef06c003d4d7b3.exe
      Remote address:
      46.254.18.90:80
      Request
      GET /dl/jre_latest.exe HTTP/1.1
      User-Agent: httpget
      Host: dl2.appzona.net
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Server: nginx/1.20.2
      Date: Mon, 25 Dec 2023 20:26:51 GMT
      Content-Type: text/html
      Content-Length: 153
      Connection: keep-alive
    • flag-ru
      GET
      http://dl2.appzona.net/dl/jre_packed.exe
      14154a5fc3b7019dd3ef06c003d4d7b3.exe
      Remote address:
      46.254.18.90:80
      Request
      GET /dl/jre_packed.exe HTTP/1.1
      User-Agent: httpget
      Host: dl2.appzona.net
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Server: nginx/1.20.2
      Date: Mon, 25 Dec 2023 20:27:07 GMT
      Content-Type: text/html
      Content-Length: 153
      Connection: keep-alive
    • flag-us
      DNS
      26.35.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.35.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      59.128.231.4.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      59.128.231.4.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      90.18.254.46.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      90.18.254.46.in-addr.arpa
      IN PTR
      Response
      90.18.254.46.in-addr.arpa
      IN PTR
      hosted-byIHCru
    • flag-us
      GET
      http://asset0.torrentino.com/tvshows/covers/000/004/052/thumb.jpg
      14154a5fc3b7019dd3ef06c003d4d7b3.exe
      Remote address:
      13.248.169.48:80
      Request
      GET /tvshows/covers/000/004/052/thumb.jpg HTTP/1.1
      User-Agent: httpget
      Host: asset0.torrentino.com
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Server: openresty
      Date: Mon, 25 Dec 2023 20:26:51 GMT
      Content-Type: text/html
      Content-Length: 12976
      Last-Modified: Wed, 13 Dec 2023 20:27:43 GMT
      Connection: keep-alive
      ETag: "657a13bf-32b0"
      X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_MgswUSqSQhzeVCehT1NsVcNUhTNRaJ+h4SsjhqMtmB1bFZ9gYKBasyLNnrz6a0+K8AQMCAsPvjXpOAyoGIMIlg
      Cache-Control: no-cache
      X-Content-Type-Options: nosniff
      Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
      Set-Cookie: country=RO;Path=/;Max-Age=86400;
      Set-Cookie: city="";Path=/;Max-Age=86400;
      Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
      Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
      Accept-Ranges: bytes
    • flag-us
      DNS
      48.169.248.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      48.169.248.13.in-addr.arpa
      IN PTR
      Response
      48.169.248.13.in-addr.arpa
      IN PTR
      a904c694c05102f30awsglobalacceleratorcom
    • flag-us
      DNS
      stat.miniload.org
      14154a5fc3b7019dd3ef06c003d4d7b3.exe
      Remote address:
      8.8.8.8:53
      Request
      stat.miniload.org
      IN A
      Response
    • flag-us
      DNS
      241.154.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.154.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      stat.miniload.org
      14154a5fc3b7019dd3ef06c003d4d7b3.exe
      Remote address:
      8.8.8.8:53
      Request
      stat.miniload.org
      IN A
      Response
    • flag-us
      DNS
      195.233.44.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      195.233.44.23.in-addr.arpa
      IN PTR
      Response
      195.233.44.23.in-addr.arpa
      IN PTR
      a23-44-233-195deploystaticakamaitechnologiescom
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      55.36.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      55.36.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301425_1VRGL6P12DBLOL6XY&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301425_1VRGL6P12DBLOL6XY&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 317587
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 12A804DC1C9A48168F06E3BCAB37C0EC Ref B: LON04EDGE1219 Ref C: 2023-12-25T20:27:30Z
      date: Mon, 25 Dec 2023 20:27:30 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301197_13N2PI9RULA3OK907&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301197_13N2PI9RULA3OK907&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 347909
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 21A6A05245E745E0BDFA9E809C54AEFF Ref B: LON04EDGE1219 Ref C: 2023-12-25T20:27:30Z
      date: Mon, 25 Dec 2023 20:27:30 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301468_1K7Q0DK1RQ5AV6436&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301468_1K7Q0DK1RQ5AV6436&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 183080
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 8382F720B00A46C586281EFED274E5E1 Ref B: LON04EDGE1219 Ref C: 2023-12-25T20:27:30Z
      date: Mon, 25 Dec 2023 20:27:30 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301035_1FUDWJ8GFFIFDV49E&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301035_1FUDWJ8GFFIFDV49E&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 593186
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: ED1774FDF921411D82CE2A34BE1B1289 Ref B: LON04EDGE1219 Ref C: 2023-12-25T20:27:30Z
      date: Mon, 25 Dec 2023 20:27:30 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317300992_1OQJAKUFY0EQY29DG&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317300992_1OQJAKUFY0EQY29DG&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 594776
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 62A94C56AC444F1B90578A48B0A5B2CB Ref B: LON04EDGE1219 Ref C: 2023-12-25T20:27:30Z
      date: Mon, 25 Dec 2023 20:27:30 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301606_1T3TGU025891179QA&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301606_1T3TGU025891179QA&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 200904
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: FC9CE104D9B841E49FE45A9270B868FB Ref B: LON04EDGE1219 Ref C: 2023-12-25T20:27:32Z
      date: Mon, 25 Dec 2023 20:27:31 GMT
    • flag-us
      DNS
      75.118.77.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      75.118.77.104.in-addr.arpa
      IN PTR
      Response
      75.118.77.104.in-addr.arpa
      IN PTR
      a104-77-118-75deploystaticakamaitechnologiescom
    • flag-us
      DNS
      183.1.37.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.1.37.23.in-addr.arpa
      IN PTR
      Response
      183.1.37.23.in-addr.arpa
      IN PTR
      a23-37-1-183deploystaticakamaitechnologiescom
    • flag-us
      DNS
      119.110.54.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      119.110.54.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      209.179.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.179.17.96.in-addr.arpa
      IN PTR
      Response
      209.179.17.96.in-addr.arpa
      IN PTR
      a96-17-179-209deploystaticakamaitechnologiescom
    • flag-us
      DNS
      176.179.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      176.179.17.96.in-addr.arpa
      IN PTR
      Response
      176.179.17.96.in-addr.arpa
      IN PTR
      a96-17-179-176deploystaticakamaitechnologiescom
    • flag-us
      DNS
      65.139.73.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      65.139.73.23.in-addr.arpa
      IN PTR
      Response
      65.139.73.23.in-addr.arpa
      IN PTR
      a23-73-139-65deploystaticakamaitechnologiescom
    • flag-us
      DNS
      23.236.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.236.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      106.27.33.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      106.27.33.23.in-addr.arpa
      IN PTR
      Response
      106.27.33.23.in-addr.arpa
      IN PTR
      a23-33-27-106deploystaticakamaitechnologiescom
    • flag-us
      DNS
      16.234.44.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      16.234.44.23.in-addr.arpa
      IN PTR
      Response
      16.234.44.23.in-addr.arpa
      IN PTR
      a23-44-234-16deploystaticakamaitechnologiescom
    • flag-us
      DNS
      153.141.79.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      153.141.79.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      153.141.79.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      153.141.79.40.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      203.254.1.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      203.254.1.23.in-addr.arpa
      IN PTR
      Response
      203.254.1.23.in-addr.arpa
      IN PTR
      a23-1-254-203deploystaticakamaitechnologiescom
    • flag-us
      DNS
      203.254.1.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      203.254.1.23.in-addr.arpa
      IN PTR
    • 204.79.197.200:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=64d2f3dde19f4c6998fda147d045ea27&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid=
      tls, http2
      2.7kB
      9.6kB
      26
      18

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=64d2f3dde19f4c6998fda147d045ea27&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=64d2f3dde19f4c6998fda147d045ea27&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=64d2f3dde19f4c6998fda147d045ea27&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid=

      HTTP Response

      204
    • 46.254.18.90:80
      http://dl2.appzona.net/dl/jre_packed.exe
      http
      14154a5fc3b7019dd3ef06c003d4d7b3.exe
      618 B
      868 B
      8
      6

      HTTP Request

      GET http://dl2.appzona.net/dl/jre_latest.exe

      HTTP Response

      404

      HTTP Request

      GET http://dl2.appzona.net/dl/jre_packed.exe

      HTTP Response

      404
    • 13.248.169.48:80
      http://asset0.torrentino.com/tvshows/covers/000/004/052/thumb.jpg
      http
      14154a5fc3b7019dd3ef06c003d4d7b3.exe
      987 B
      14.5kB
      18
      17

      HTTP Request

      GET http://asset0.torrentino.com/tvshows/covers/000/004/052/thumb.jpg

      HTTP Response

      200
    • 52.142.223.178:80
      260 B
      5
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.5kB
      8.7kB
      18
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.5kB
      8.7kB
      18
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.5kB
      8.7kB
      18
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.5kB
      8.7kB
      18
      14
    • 204.79.197.200:443
      https://tse1.mm.bing.net/th?id=OADD2.10239317301606_1T3TGU025891179QA&pid=21.2&w=1080&h=1920&c=4
      tls, http2
      80.6kB
      2.3MB
      1710
      1703

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301425_1VRGL6P12DBLOL6XY&pid=21.2&w=1080&h=1920&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301197_13N2PI9RULA3OK907&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301468_1K7Q0DK1RQ5AV6436&pid=21.2&w=1080&h=1920&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301035_1FUDWJ8GFFIFDV49E&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317300992_1OQJAKUFY0EQY29DG&pid=21.2&w=1920&h=1080&c=4

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301606_1T3TGU025891179QA&pid=21.2&w=1080&h=1920&c=4

      HTTP Response

      200
    • 8.8.8.8:53
      stat.miniload.org
      dns
      14154a5fc3b7019dd3ef06c003d4d7b3.exe
      126 B
      145 B
      2
      1

      DNS Request

      stat.miniload.org

      DNS Request

      stat.miniload.org

    • 8.8.8.8:53
      19.177.190.20.in-addr.arpa
      dns
      144 B
      158 B
      2
      1

      DNS Request

      19.177.190.20.in-addr.arpa

      DNS Request

      19.177.190.20.in-addr.arpa

    • 8.8.8.8:53
      asset0.torrentino.com
      dns
      14154a5fc3b7019dd3ef06c003d4d7b3.exe
      201 B
      99 B
      3
      1

      DNS Request

      asset0.torrentino.com

      DNS Request

      asset0.torrentino.com

      DNS Request

      asset0.torrentino.com

      DNS Response

      13.248.169.48
      76.223.54.146

    • 8.8.8.8:53
      0.204.248.87.in-addr.arpa
      dns
      71 B
      116 B
      1
      1

      DNS Request

      0.204.248.87.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
      144 B
      1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
      158 B
      1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      dl2.appzona.net
      dns
      14154a5fc3b7019dd3ef06c003d4d7b3.exe
      61 B
      77 B
      1
      1

      DNS Request

      dl2.appzona.net

      DNS Response

      46.254.18.90

    • 8.8.8.8:53
      26.35.223.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      26.35.223.20.in-addr.arpa

    • 8.8.8.8:53
      59.128.231.4.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      59.128.231.4.in-addr.arpa

    • 8.8.8.8:53
      90.18.254.46.in-addr.arpa
      dns
      71 B
      101 B
      1
      1

      DNS Request

      90.18.254.46.in-addr.arpa

    • 8.8.8.8:53
      48.169.248.13.in-addr.arpa
      dns
      72 B
      128 B
      1
      1

      DNS Request

      48.169.248.13.in-addr.arpa

    • 8.8.8.8:53
      stat.miniload.org
      dns
      14154a5fc3b7019dd3ef06c003d4d7b3.exe
      63 B
      145 B
      1
      1

      DNS Request

      stat.miniload.org

    • 8.8.8.8:53
      241.154.82.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      241.154.82.20.in-addr.arpa

    • 8.8.8.8:53
      103.169.127.40.in-addr.arpa
      dns
      146 B
      147 B
      2
      1

      DNS Request

      103.169.127.40.in-addr.arpa

      DNS Request

      103.169.127.40.in-addr.arpa

    • 8.8.8.8:53
      stat.miniload.org
      dns
      14154a5fc3b7019dd3ef06c003d4d7b3.exe
      63 B
      145 B
      1
      1

      DNS Request

      stat.miniload.org

    • 8.8.8.8:53
      195.233.44.23.in-addr.arpa
      dns
      72 B
      137 B
      1
      1

      DNS Request

      195.233.44.23.in-addr.arpa

    • 8.8.8.8:53
      86.23.85.13.in-addr.arpa
      dns
      70 B
      144 B
      1
      1

      DNS Request

      86.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      70 B
      156 B
      1
      1

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      55.36.223.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      55.36.223.20.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      124 B
      173 B
      2
      1

      DNS Request

      tse1.mm.bing.net

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      75.118.77.104.in-addr.arpa
      dns
      72 B
      137 B
      1
      1

      DNS Request

      75.118.77.104.in-addr.arpa

    • 8.8.8.8:53
      183.1.37.23.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      183.1.37.23.in-addr.arpa

    • 8.8.8.8:53
      119.110.54.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      119.110.54.20.in-addr.arpa

    • 8.8.8.8:53
      209.179.17.96.in-addr.arpa
      dns
      72 B
      137 B
      1
      1

      DNS Request

      209.179.17.96.in-addr.arpa

    • 8.8.8.8:53
      176.179.17.96.in-addr.arpa
      dns
      72 B
      137 B
      1
      1

      DNS Request

      176.179.17.96.in-addr.arpa

    • 8.8.8.8:53
      65.139.73.23.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      65.139.73.23.in-addr.arpa

    • 8.8.8.8:53
      23.236.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      23.236.111.52.in-addr.arpa

    • 8.8.8.8:53
      106.27.33.23.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      106.27.33.23.in-addr.arpa

    • 8.8.8.8:53
      16.234.44.23.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      16.234.44.23.in-addr.arpa

    • 8.8.8.8:53
      153.141.79.40.in-addr.arpa
      dns
      144 B
      146 B
      2
      1

      DNS Request

      153.141.79.40.in-addr.arpa

      DNS Request

      153.141.79.40.in-addr.arpa

    • 8.8.8.8:53
      203.254.1.23.in-addr.arpa
      dns
      142 B
      135 B
      2
      1

      DNS Request

      203.254.1.23.in-addr.arpa

      DNS Request

      203.254.1.23.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

      Filesize

      7KB

      MD5

      72240d64dd50b1136312c16454844575

      SHA1

      0d9756c4cdd65ba2036c119e0b7fd4053db06d40

      SHA256

      a8456f207aecb1746f0a89e8d7182d1df673b5e42321192794cffb372fea30e5

      SHA512

      2b96107b9c80b17c31f07fc0313d81d04ee6932c5d821e343e130023dbe0bf366379e40273cc60bab13d34e4e5558285af61924e38a0ae76c25d3ebb9136ccf5

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

      Filesize

      8KB

      MD5

      131f0149694ccdf95ea053eacccbb652

      SHA1

      b62dd22fc2196a791546acdc37e62e9eda0b70cf

      SHA256

      0425d8ae3b0898b0d8c6d7057aaea423fc0ccf4b6e83561b9f959ab4e5420b85

      SHA512

      0c14bd39ef665cf095e6ef3e9b3a79a1fed91c8987a6276c084855a7156cf8a98de7e09cc0f10f9bf8680a2555ac0f87bc2cad9f1117eff4489574b8d52d2c2d

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

      Filesize

      8KB

      MD5

      04bac92392cc52d2e461b13553b5f5c6

      SHA1

      afce90b7143c3763bc99137866760071ad8dee59

      SHA256

      27c6b7d832f6d5fa309517fa07fb7c2c41365880de3928c0622d72b1202f03d4

      SHA512

      15ae3c0d920ee3aea06e42a8a4453e844b70b5948c7defbf30ec7599645fa0b61467d2f1e90c3977becb95349fee8eb9b2a9493f6754f799f00ea1499d87738d

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

      Filesize

      10KB

      MD5

      b8edc3d1356d8c40b6f9349e00242894

      SHA1

      eb9638b0680ae74541dad14543305259a1c4dbe9

      SHA256

      58618f580cd4b970b75d5019c2f044ca07d2e83019b4dce0bea9a00821eac0a0

      SHA512

      c532894041883567b971e0091a0e0290c2c79a37b0a7d2328fdaf44e1b433ec51d991b16b23cf82f2bd73c83add044a969b9f11240fca5dfacd7cb2249f842ab

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

      Filesize

      12KB

      MD5

      9334d434e48d2839547f850a42ad520b

      SHA1

      68afb5f23ee9229f6bac7b7a64c53a00e60d53ea

      SHA256

      a52ee4711140b853301d566da2abc23d1eed475ad55f979ee62b64925a6ba83e

      SHA512

      d47e99f9fe39dadde5f686ccae4f6457bb77e62ed03058fcf1f9b97056a6e7b52c66a493ece69ecd9ab184b3076a95c11db8be6e081ac4f6daca525ab0bd724d

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

      Filesize

      1KB

      MD5

      f3e8e6fc9ac2eb4c0ed1f99577350178

      SHA1

      0ce533930c007ef141bd781dd6a09447bd6192f0

      SHA256

      94613dde511951c89fb06361fee3638fcb35ef3a8883a6bb99c04871919dc5c5

      SHA512

      41280940601aeb8904312866e12c9b2ef16625602583083a799eadb5564a3d9a1c859fb91639f1c37b404b128e698fe635f2b4958503e1d431ce7f429fae2426

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

      Filesize

      13KB

      MD5

      94e23dcb6f3a52c6a7b4ff6871a774e1

      SHA1

      0efc6725fd763e242b02d72f90faff9ca9bf1d3e

      SHA256

      fc1cf2dd6772189fe5cc3f817965205403faed744fafe4da202210c5339950f2

      SHA512

      89ab051a5aebb5e09f296034c09e86ed3829ba666b1f2b51f486bfac0ee169b9381aec41469de4c154e770bd07ddb7dedb45291ed0206b172d92a4a1d212bb29

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

      Filesize

      14KB

      MD5

      3a1dc490376257bcbc0a74a80af6ebeb

      SHA1

      15a60c29098f2e817d03f2925a77ff42ce1181d8

      SHA256

      8594c90baadb6ea845ccee7f8bfa9c0eb3838dcdeaac6d4b26831280b553e1d2

      SHA512

      0061c094162251f1622d12982d5c04646390442d7f128c87bd079fd1650a5d0b3f224b0d7f28b0e5f70bd45b24382cb02950261bf6df34082d48ead1b654bc84

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

      Filesize

      4KB

      MD5

      e7a0ed14764f0108237aec9d57fd6f0f

      SHA1

      d874c7fcccfdd1d93c0656520af56691c010152b

      SHA256

      e831a0b8a8adb205982d3d0b637b59c1203abf02a6b20a1b6a2cbf855a0bc68c

      SHA512

      9c2a6f97eb46a339e62eb49b1d55943e712e770ac84cebf9e25b3670e38d2819507131d0cbc8a40818870180d8f64a10fab45071c5cbbd5f4c344cd1e2d36cd8

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

      Filesize

      5KB

      MD5

      88642ed86bb57db31b00dfcd01d7607a

      SHA1

      c09dc8363ecbce09ebfb3941875fde7542a1e372

      SHA256

      9c595af3714331ca92680b68ba7f8ff457d14b2b32d061c2b13227f2d40fd023

      SHA512

      4d12538c4b42985daa7441db2caf7419b72b2223709a03cc9a1726af4f3af400367563fd3c6a7689bd2ba86a82e620781afc58b2839e020a3ca85d054842dc23

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

      Filesize

      5KB

      MD5

      62189e6fa0aacd34d42adcb08df33624

      SHA1

      930b9d302823469bc3be1bc1f8376662bed55a30

      SHA256

      4d585cb47824ca0dd7a272c3ce0c0163f3bfef137c369f87cbfd67808b4dc5f1

      SHA512

      c49a850c3276b39e55524c22ad760850a71ea9f7fa7a93d041db37ac5a86ea570677e2c5812daf1c7c2b32c6475a78ca06074ce24e89c12b04b7db7172e38323

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

      Filesize

      610B

      MD5

      42cea7a7da96eaaf68e324c7f1e9e548

      SHA1

      fdc9431131fb2ac6bfdcdfc670cfaaeb027e68fe

      SHA256

      637a22c4d0481966d3bc0463fd330bb49eb27fc3ac1e2799e180fe11c9942448

      SHA512

      aef25e422bc6d5a201b1fe9fc6797a9c224a93c37cff941bf8bb2abbf8815409f138ab396af65082c061ad7b51f9dafeeed54c7d7edbf913fa97b5efa0e1d3ad

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

      Filesize

      7KB

      MD5

      d6feb564e991b12ec658df881f2aefe1

      SHA1

      2ff5942f59f7ac0f7c482c7f1e1456ec21d62cb5

      SHA256

      2f3aa7761719f03015281c5b9bf8b15222408ab971e27bb1ae6d0b91300338e6

      SHA512

      9aad2211cea1d10b26084b7b73b4fbf996bb0ffa0d9831fb25c04219dea8041b7d95c68901580673f662238c58475cf59dbeb4deebbf5ca844931f769d102b66

    • C:\Users\Admin\AppData\Local\Temp\hd.vbs

      Filesize

      245B

      MD5

      d8682d715a652f994dca50509fd09669

      SHA1

      bb03cf242964028b5d9183812ed8b04de9d55c6e

      SHA256

      4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

      SHA512

      eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

    • C:\Users\Admin\AppData\Local\Temp\zon782E.tmp

      Filesize

      12KB

      MD5

      cdedfa2739174ecbe1d917cccd39a997

      SHA1

      5692f9c2e13c4218661eb90ddfaec0ced6c15a79

      SHA256

      f1021db34e41f7a1749672945dd2b77235bd04184376f8ccfff07e613a53685d

      SHA512

      9ac63c2f46ae781c33ef188a6c2837e452a2d008028eaedd17199748e3c079df45efe4a6ac1e631769b60582d50bf34b993cdcf3607157ec64ab35afedf1570a

    • C:\Users\Admin\AppData\Roaming\Zona\tmp\133480096094313473javaSetup.exe

      Filesize

      153B

      MD5

      a53e183b2c571a68b246ad570b76da19

      SHA1

      7eac95d26ba1e92a3b4d6fd47ee057f00274ac13

      SHA256

      29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7

      SHA512

      1ca8f70acd82a194984a248a15541e0d2c75e052e00fc43c1c6b6682941dad6ce4b6c2cab4833e208e79f3546758c30857d1d4a3b05d8e571f0ce7a3a5b357be

    • memory/2140-112-0x0000000000180000-0x000000000021E000-memory.dmp

      Filesize

      632KB

    • memory/2588-105-0x0000000000180000-0x000000000021E000-memory.dmp

      Filesize

      632KB

    • memory/2588-0-0x0000000000180000-0x000000000021E000-memory.dmp

      Filesize

      632KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.