File name:

gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.exe

Full analysis: https://app.any.run/tasks/43ef0abf-36ec-437e-98df-2f3480decffe
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: August 21, 2024, 19:14:13
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
netreactor
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

B086EF09B25F2FE0481361388A851FC0

SHA1:

FC808701B2D7DBDA5A843D215C1C698D8908C5CE

SHA256:

10FAF17B3518FA344F29FC867FE8DB445B59780EDCB36F72B19CF44AD40037BE

SSDEEP:

49152:J7HecD4dnbibBlC2zWoFgH2nJ/Lw5GNrAOl1nHqzdU2Vl+ztz2eAB3RkBF5RH3/2:R+cD4dnNDoKcjw8Nrj1Hqzdn/GtDAnSU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • UnifiedStub-installer.exe (PID: 6868)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp (PID: 7028)
      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp (PID: 7124)
      • component0.exe (PID: 6724)

    • Executable content was dropped or overwritten

      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.exe (PID: 7000)
      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.exe (PID: 7100)
      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp (PID: 7124)
      • component0.exe (PID: 6724)
      • bpidwlix.exe (PID: 4016)
      • UnifiedStub-installer.exe (PID: 6868)

    • Drops the executable file immediately after the start

      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.exe (PID: 7000)
      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.exe (PID: 7100)
      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp (PID: 7124)
      • component0.exe (PID: 6724)
      • bpidwlix.exe (PID: 4016)
      • UnifiedStub-installer.exe (PID: 6868)

    • Reads the date of Windows installation

      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp (PID: 7028)
      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp (PID: 7124)
      • component0.exe (PID: 6724)

    • Reads the Windows owner or organization settings

      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp (PID: 7124)

    • Process drops legitimate windows executable

      • bpidwlix.exe (PID: 4016)

    • Searches for installed software

      • UnifiedStub-installer.exe (PID: 6868)

    • Creates a software uninstall entry

      • UnifiedStub-installer.exe (PID: 6868)

    • Executes application which crashes

      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp (PID: 7124)

    • Executes as Windows Service

      • rsSyncSvc.exe (PID: 7088)

  • INFO

    • Process checks computer location settings

      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp (PID: 7028)
      • component0.exe (PID: 6724)
      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp (PID: 7124)

    • Reads the computer name

      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp (PID: 7028)
      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp (PID: 7124)
      • component0.exe (PID: 6724)
      • UnifiedStub-installer.exe (PID: 6868)
      • rsSyncSvc.exe (PID: 6572)
      • rsSyncSvc.exe (PID: 7088)

    • Create files in a temporary directory

      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.exe (PID: 7000)
      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.exe (PID: 7100)
      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp (PID: 7124)
      • component0.exe (PID: 6724)
      • bpidwlix.exe (PID: 4016)

    • Checks supported languages

      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.exe (PID: 7000)
      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp (PID: 7028)
      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.exe (PID: 7100)
      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp (PID: 7124)
      • component0.exe (PID: 6724)
      • bpidwlix.exe (PID: 4016)
      • UnifiedStub-installer.exe (PID: 6868)
      • rsSyncSvc.exe (PID: 6572)
      • rsSyncSvc.exe (PID: 7088)

    • Reads the software policy settings

      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp (PID: 7124)
      • component0.exe (PID: 6724)
      • UnifiedStub-installer.exe (PID: 6868)
      • WerFault.exe (PID: 6388)
      • WerFault.exe (PID: 1048)

    • Checks proxy server information

      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp (PID: 7124)
      • component0.exe (PID: 6724)
      • UnifiedStub-installer.exe (PID: 6868)
      • WerFault.exe (PID: 6388)
      • WerFault.exe (PID: 1048)

    • Reads Environment values

      • component0.exe (PID: 6724)
      • UnifiedStub-installer.exe (PID: 6868)

    • Disables trace logs

      • component0.exe (PID: 6724)
      • UnifiedStub-installer.exe (PID: 6868)

    • Reads the machine GUID from the registry

      • gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp (PID: 7124)
      • component0.exe (PID: 6724)
      • UnifiedStub-installer.exe (PID: 6868)

    • Creates files in the program directory

      • UnifiedStub-installer.exe (PID: 6868)

    • Creates files or folders in the user directory

      • WerFault.exe (PID: 6388)
      • WerFault.exe (PID: 1048)

    • .NET Reactor protector has been detected

      • UnifiedStub-installer.exe (PID: 6868)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:15 14:54:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 89600
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 423.56.98.8907
ProductVersionNumber: 423.56.98.8907
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: Softonic International SA
FileVersion: 423.56.98.8907
LegalCopyright: ©2023 Softonic International SA
OriginalFileName:
ProductName: Softonic International SA
ProductVersion: 3.1.5.7
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
142
Monitored processes
12
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start gta-5-zombie-mod-1.0.2d-installer_j-aqxz1.exe gta-5-zombie-mod-1.0.2d-installer_j-aqxz1.tmp no specs gta-5-zombie-mod-1.0.2d-installer_j-aqxz1.exe gta-5-zombie-mod-1.0.2d-installer_j-aqxz1.tmp component0.exe bpidwlix.exe THREAT unifiedstub-installer.exe rssyncsvc.exe no specs conhost.exe no specs rssyncsvc.exe no specs werfault.exe werfault.exe

Process information

PID
CMD
Path
Indicators
Parent process
1048C:\WINDOWS\SysWOW64\WerFault.exe -u -p 7124 -s 1792C:\Windows\SysWOW64\WerFault.exe
gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
4016"C:\Users\admin\AppData\Local\Temp\bpidwlix.exe" /silentC:\Users\admin\AppData\Local\Temp\bpidwlix.exe
component0.exe
User:
admin
Company:
ReasonLabs
Integrity Level:
HIGH
Description:
ReasonLabs-setup-wizard.exe
Version:
6.0.6
Modules
Images
c:\users\admin\appdata\local\temp\bpidwlix.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
6372\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exersSyncSvc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6388C:\WINDOWS\SysWOW64\WerFault.exe -u -p 7124 -s 2300C:\Windows\SysWOW64\WerFault.exe
gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
6572"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeUnifiedStub-installer.exe
User:
admin
Company:
Reason Software Company Inc.
Integrity Level:
HIGH
Description:
Reason Security Synchronize Service
Exit code:
0
Version:
1.8.5.0
Modules
Images
c:\program files\reasonlabs\common\rssyncsvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
c:\windows\system32\rpcrt4.dll
6724"C:\Users\admin\AppData\Local\Temp\is-LSA8C.tmp\component0.exe" -ip:"dui=bb926e54-e3ca-40fd-ae90-2764341e7792&dit=20240821191440&is_silent=true&oc=ZB_RAV_Cross_Solo_Soft&p=fa70&a=100&b=&se=true" -iC:\Users\admin\AppData\Local\Temp\is-LSA8C.tmp\component0.exe
gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp
User:
admin
Company:
Reason Software Company Inc.
Integrity Level:
HIGH
Description:
rsStubActivator
Version:
1.6.1.0
Modules
Images
c:\users\admin\appdata\local\temp\is-lsa8c.tmp\component0.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
6868.\UnifiedStub-installer.exe /silentC:\Users\admin\AppData\Local\Temp\7zS0BFB9152\UnifiedStub-installer.exe
bpidwlix.exe
User:
admin
Company:
Reason Software Company Inc.
Integrity Level:
HIGH
Description:
UnifiedStub
Version:
6.0.6
Modules
Images
c:\users\admin\appdata\local\temp\7zs0bfb9152\unifiedstub-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
7000"C:\Users\admin\AppData\Local\Temp\gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.exe" C:\Users\admin\AppData\Local\Temp\gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.exe
explorer.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Softonic International SA
Exit code:
3221226525
Version:
423.56.98.8907
Modules
Images
c:\users\admin\appdata\local\temp\gta-5-zombie-mod-1.0.2d-installer_j-aqxz1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
7028"C:\Users\admin\AppData\Local\Temp\is-QOD7L.tmp\gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmp" /SL5="$A0302,837598,832512,C:\Users\admin\AppData\Local\Temp\gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.exe" C:\Users\admin\AppData\Local\Temp\is-QOD7L.tmp\gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmpgta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
3221226525
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-qod7l.tmp\gta-5-zombie-mod-1.0.2d-installer_j-aqxz1.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
7088"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeservices.exe
User:
SYSTEM
Company:
Reason Software Company Inc.
Integrity Level:
SYSTEM
Description:
Reason Security Synchronize Service
Version:
1.8.5.0
Modules
Images
c:\program files\reasonlabs\common\rssyncsvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
20 623
Read events
20 523
Write events
75
Delete events
25

Modification events

(PID) Process:(7124) gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
D41B0000F90FAA53FEF3DA01
(PID) Process:(7124) gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
E19261E8D252A03400CD3279DF5C9D65E45423E90E13953D2C5004133BBB76F1
(PID) Process:(7124) gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(7124) gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(7124) gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(7124) gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(7124) gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6724) component0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\component0_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6724) component0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\component0_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6724) component0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\component0_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
66
Suspicious files
9
Text files
10
Unknown types
0

Dropped files

PID
Process
Filename
Type
7124gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmpC:\Users\admin\AppData\Local\Temp\is-LSA8C.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
7100gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.exeC:\Users\admin\AppData\Local\Temp\is-GC9TT.tmp\gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmpexecutable
MD5:4ACF1D5507307BC4063EB0AF69C66161
SHA256:C90E4407F546F05FA6F4A0EED76681867989C2D4C8203BB92113D618AA564045
7124gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmpC:\Users\admin\AppData\Local\Temp\is-LSA8C.tmp\RAV_Cross.pngimage
MD5:4167C79312B27C8002CBEEA023FE8CB5
SHA256:C3BF350627B842BED55E6A72AB53DA15719B4F33C267A6A132CB99FF6AFE3CD8
7124gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmpC:\Users\admin\AppData\Local\Temp\is-LSA8C.tmp\is-271N8.tmpimage
MD5:4167C79312B27C8002CBEEA023FE8CB5
SHA256:C3BF350627B842BED55E6A72AB53DA15719B4F33C267A6A132CB99FF6AFE3CD8
7124gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmpC:\Users\admin\AppData\Local\Temp\is-LSA8C.tmp\gta-5-zombie-mod-1.0.2d-installer.execompressed
MD5:40132491A177F5D803C4667EB5FAB4E1
SHA256:EAD38CADCE60EE1D51AEC88ACA9B93D453BB181397750B945077162BBA7B564C
7124gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmpC:\Users\admin\AppData\Local\Temp\is-LSA8C.tmp\mainlogo.jpgimage
MD5:ECA26860B84A05FE49C8FAE16186E4FD
SHA256:4752F7E12F7ACAD692A694A00ECF7EB37F42371F6BA2186F55E01C8D0F4EA4BE
7124gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmpC:\Users\admin\AppData\Local\Temp\is-LSA8C.tmp\is-PLCVK.tmpcompressed
MD5:40132491A177F5D803C4667EB5FAB4E1
SHA256:EAD38CADCE60EE1D51AEC88ACA9B93D453BB181397750B945077162BBA7B564C
7124gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmpC:\Users\admin\AppData\Local\Temp\is-LSA8C.tmp\Y.pngimage
MD5:C199687E52F7393C941A143B45D78207
SHA256:0EB767424750B6F8C22AE5EBB105C5C37B3A047EED986FFA6DEBA53EFDC2142E
7124gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmpC:\Users\admin\AppData\Local\Temp\is-LSA8C.tmp\is-OQ4CE.tmpimage
MD5:ECA26860B84A05FE49C8FAE16186E4FD
SHA256:4752F7E12F7ACAD692A694A00ECF7EB37F42371F6BA2186F55E01C8D0F4EA4BE
7124gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.tmpC:\Users\admin\AppData\Local\Temp\is-LSA8C.tmp\component0executable
MD5:BF6166AC0B52331CB281FADE25E448D3
SHA256:316B0884E4A34B3E90E1F46930BBFF65CADCC6FDDA0038B95AF661EA95736506
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
42
DNS requests
21
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7072
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
5284
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5468
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
252
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
3260
svchost.exe
40.113.103.199:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5284
svchost.exe
20.190.159.71:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5284
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
7072
backgroundTaskHost.exe
20.103.156.88:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
7072
backgroundTaskHost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
252
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 142.250.186.142
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
login.live.com
  • 20.190.159.71
  • 20.190.159.23
  • 20.190.159.4
  • 40.126.31.67
  • 20.190.159.0
  • 40.126.31.73
  • 20.190.159.73
  • 40.126.31.71
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
arc.msn.com
  • 20.103.156.88
whitelisted
d25qho5rs4tpl0.cloudfront.net
  • 18.239.102.58
  • 18.239.102.158
  • 18.239.102.104
  • 18.239.102.206
whitelisted
images.sftcdn.net
  • 151.101.1.91
  • 151.101.65.91
  • 151.101.129.91
  • 151.101.193.91
whitelisted
gsf-fl.softonic.com
  • 199.232.194.133
  • 199.232.198.133
whitelisted
slscr.update.microsoft.com
  • 20.114.59.183
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
gta-5-zombie-mod-1.0.2d-installer_J-AQxZ1.exe