File name:

IPTV Editor Zaman Tantruttv 2020.zip

Full analysis: https://app.any.run/tasks/9542612a-2c8b-4fc0-824e-6154e9cee5be
Verdict: Malicious activity
Threats:

Crypto mining malware is a resource-intensive threat that infiltrates computers with the purpose of mining cryptocurrencies. This type of threat can be deployed either on an infected machine or a compromised website. In both cases the miner will utilize the computing power of the device and its network bandwidth.

Malware Trends Tracker     >>>
Analysis date: March 27, 2020, 18:56:45
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
evasion
miner
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

B797406E62D7AE9622DA43AC74F3FC11

SHA1:

37E5915C0E26E4E310E1E750E62D1D8B8F981341

SHA256:

9F3512E389ABF88043BAFA695766AD4CD9971FBB85DF275C72164061ACB1725C

SSDEEP:

393216:qOY9fa6WwGNrVroBTWR5j26JC6089B2uPFdnEU7qJ:M9+XZroBTgROypfnEUGJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • IPTV_Zaman_NOW.exe (PID: 3080)
      • IPTV_Zaman_NOW.exe (PID: 3932)
      • Svchost.exe (PID: 3220)
      • IPTV_Zaman_NOW.exe (PID: 1724)
      • IPTV_Zaman_NOW.exe (PID: 2792)
      • CL_Debug_Log.txt (PID: 2432)
      • Helper.exe (PID: 1516)
      • svchost.com (PID: 1744)
      • Helper.exe (PID: 1500)
      • svchost.com (PID: 280)
      • Helper.exe (PID: 1920)
      • Helper.exe (PID: 3428)
      • Helper.exe (PID: 3972)
      • svchost.com (PID: 3040)
      • svchost.com (PID: 3352)
      • tor.exe (PID: 3768)
      • Helper.exe (PID: 2920)
      • Helper.exe (PID: 3460)
      • svchost.com (PID: 3272)
      • svchost.com (PID: 2884)
      • Helper.exe (PID: 2548)
      • Helper.exe (PID: 3136)
      • Helper.exe (PID: 1940)
      • svchost.com (PID: 2752)
      • svchost.com (PID: 3884)
      • Helper.exe (PID: 3916)
      • Helper.exe (PID: 3424)
      • Helper.exe (PID: 1684)
      • Helper.exe (PID: 2428)

    • Changes the autorun value in the registry

      • WScript.exe (PID: 660)

    • Writes to a start menu file

      • WScript.exe (PID: 660)

    • Loads the Task Scheduler COM API

      • schtasks.exe (PID: 2540)

    • Uses Task Scheduler to run other applications

      • cmd.exe (PID: 3556)

    • Loads dropped or rewritten executable

      • IPTV_Zaman_NOW.exe (PID: 2792)
      • tor.exe (PID: 3768)

    • Looks like application has launched a miner

      • Helper.exe (PID: 1920)

    • Connects to CnC server

      • attrib.exe (PID: 3892)

    • MINER was detected

      • attrib.exe (PID: 3892)

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 3052)

    • Changes settings of System certificates

      • IPTV_Zaman_NOW.exe (PID: 2792)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3284)
      • IPTV_Zaman_NOW.exe (PID: 3932)
      • IPTV_Zaman_NOW.exe (PID: 1724)
      • Svchost.exe (PID: 3220)
      • CL_Debug_Log.txt (PID: 2432)
      • IPTV_Zaman_NOW.exe (PID: 2792)
      • Helper.exe (PID: 1500)
      • Helper.exe (PID: 3972)
      • Helper.exe (PID: 1920)

    • Creates executable files which already exist in Windows

      • IPTV_Zaman_NOW.exe (PID: 1724)

    • Creates files in the user directory

      • WScript.exe (PID: 660)
      • IPTV_Zaman_NOW.exe (PID: 1724)
      • Svchost.exe (PID: 3220)
      • vlc.exe (PID: 2312)

    • Executes scripts

      • IPTV_Zaman_NOW.exe (PID: 1724)

    • Creates files in the Windows directory

      • IPTV_Zaman_NOW.exe (PID: 3932)

    • Modifies the open verb of a shell class

      • IPTV_Zaman_NOW.exe (PID: 3932)

    • Starts application with an unusual extension

      • Svchost.exe (PID: 3220)
      • Helper.exe (PID: 1516)
      • Helper.exe (PID: 1500)
      • Helper.exe (PID: 1920)
      • Helper.exe (PID: 2428)
      • Helper.exe (PID: 3460)
      • Helper.exe (PID: 1940)
      • Helper.exe (PID: 3136)

    • Reads Internet Cache Settings

      • WScript.exe (PID: 660)
      • chrome.exe (PID: 3052)
      • IPTV_Zaman_NOW.exe (PID: 2792)

    • Checks for external IP

      • WScript.exe (PID: 660)

    • Starts CMD.EXE for commands execution

      • Svchost.exe (PID: 3220)

    • Executed via Task Scheduler

      • Helper.exe (PID: 1516)
      • Helper.exe (PID: 1500)
      • Helper.exe (PID: 3460)
      • Helper.exe (PID: 2428)
      • Helper.exe (PID: 3136)
      • Helper.exe (PID: 1940)

    • Reads Environment values

      • IPTV_Zaman_NOW.exe (PID: 2792)

    • Starts itself from another location

      • Helper.exe (PID: 1500)
      • Helper.exe (PID: 1516)
      • Helper.exe (PID: 3460)
      • Helper.exe (PID: 2428)
      • Helper.exe (PID: 3136)
      • Helper.exe (PID: 1940)

    • Application launched itself

      • Helper.exe (PID: 1920)
      • chrome.exe (PID: 3052)

    • Reads the cookies of Google Chrome

      • chrome.exe (PID: 3140)

    • Uses ATTRIB.EXE to modify file attributes

      • Helper.exe (PID: 1920)

    • Reads internet explorer settings

      • IPTV_Zaman_NOW.exe (PID: 2792)

    • Adds / modifies Windows certificates

      • IPTV_Zaman_NOW.exe (PID: 2792)

  • INFO

    • Manual execution by user

      • svchost.com (PID: 3040)

    • Reads the hosts file

      • chrome.exe (PID: 3140)
      • chrome.exe (PID: 3052)

    • Reads settings of System Certificates

      • chrome.exe (PID: 3140)
      • IPTV_Zaman_NOW.exe (PID: 2792)

    • Dropped object may contain Bitcoin addresses

      • tor.exe (PID: 3768)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2020:03:27 19:24:16
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: IPTV Editor Zaman Tantruttv 2020/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
116
Monitored processes
70
Malicious processes
18
Suspicious processes
4

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start drop and start drop and start drop and start winrar.exe iptv_zaman_now.exe no specs iptv_zaman_now.exe wscript.exe iptv_zaman_now.exe svchost.exe iptv_zaman_now.exe cl_debug_log.txt cmd.exe no specs schtasks.exe no specs helper.exe helper.exe no specs svchost.com no specs svchost.com no specs helper.exe no specs helper.exe helper.exe svchost.com no specs tor.exe svchost.com no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs vlc.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs helper.exe no specs #MINER attrib.exe chrome.exe no specs helper.exe no specs helper.exe no specs svchost.com no specs helper.exe no specs svchost.com no specs helper.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs helper.exe no specs helper.exe no specs svchost.com no specs svchost.com no specs helper.exe no specs helper.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
280"C:\Windows\svchost.com" "C:\Users\admin\AppData\Local\Temp\3582-490\Helper.exe" -SystemCheckC:\Windows\svchost.comHelper.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\windows\svchost.com
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
528"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --field-trial-handle=980,350635825690401994,6632272437260086580,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=13572955635994695765 --mojo-platform-channel-handle=2924 --ignored=" --type=renderer " /prefetch:8C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\progra~1\google\chrome\applic~1\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
572"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --field-trial-handle=980,350635825690401994,6632272437260086580,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10208943683839588720 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\progra~1\google\chrome\applic~1\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
660"C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Roaming\Svchost.js" C:\Windows\System32\WScript.exe
IPTV_Zaman_NOW.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
Modules
Images
c:\windows\system32\wscript.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
852"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --field-trial-handle=980,350635825690401994,6632272437260086580,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=330936590752769550 --mojo-platform-channel-handle=3764 --ignored=" --type=renderer " /prefetch:8C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\progra~1\google\chrome\applic~1\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1024"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --field-trial-handle=980,350635825690401994,6632272437260086580,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=10517998790332361995 --mojo-platform-channel-handle=4588 --ignored=" --type=renderer " /prefetch:8C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\progra~1\google\chrome\applic~1\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1156"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --field-trial-handle=980,350635825690401994,6632272437260086580,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=17667901783833409361 --mojo-platform-channel-handle=4508 --ignored=" --type=renderer " /prefetch:8C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\progra~1\google\chrome\applic~1\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1348"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --field-trial-handle=980,350635825690401994,6632272437260086580,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=2597586867368871759 --mojo-platform-channel-handle=4832 --ignored=" --type=renderer " /prefetch:8C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\progra~1\google\chrome\applic~1\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1392"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --field-trial-handle=980,350635825690401994,6632272437260086580,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=17459562068456163968 --mojo-platform-channel-handle=3632 --ignored=" --type=renderer " /prefetch:8C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\progra~1\google\chrome\applic~1\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1444"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --field-trial-handle=980,350635825690401994,6632272437260086580,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=2443516270010675808 --mojo-platform-channel-handle=3584 --ignored=" --type=renderer " /prefetch:8C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\progra~1\google\chrome\applic~1\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
Total events
6 342
Read events
4 976
Write events
1 361
Delete events
5

Modification events

(PID) Process:(3284) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3284) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3284) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3284) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\IPTV Editor Zaman Tantruttv 2020.zip
(PID) Process:(3284) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3284) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3284) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3284) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3284) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3284) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
67
Suspicious files
50
Text files
342
Unknown types
8

Dropped files

PID
Process
Filename
Type
1724IPTV_Zaman_NOW.exeC:\Users\admin\AppData\Local\Temp\nsiA765.tmp
MD5:
SHA256:
3220Svchost.exeC:\Users\admin\AppData\Local\Temp\autB0DA.tmp
MD5:
SHA256:
3220Svchost.exeC:\Users\admin\AppData\Local\Temp\asacpiex.dll
MD5:
SHA256:
3932IPTV_Zaman_NOW.exeC:\MSOCache\All Users\{90140000-006E-0407-0000-0000000FF1CE}-C\dwtrig20.exeexecutable
MD5:CF6C595D3E5E9667667AF096762FD9C4
SHA256:593E60CC30AE0789448547195AF77F550387F6648D45847EA244DD0DD7ABF03D
3284WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3284.26509\IPTV Editor Zaman Tantruttv 2020\IPTV_Zaman_NOW.exeexecutable
MD5:0D9E44521B0135384280B8551341B1A8
SHA256:2C4E3395AE9B95B8EF906BC05530ED283C7AF00F4D54CD6D7E00735759F0EF49
1724IPTV_Zaman_NOW.exeC:\Users\admin\AppData\Roaming\IPTV_Zaman_NOW.exeexecutable
MD5:C5D46457CF009A2096A106BE3450B129
SHA256:D623A49F259CE0C0FFB31657991AE001C2C30FBB6A34CB898CE910E19EDE3A6D
3932IPTV_Zaman_NOW.exeC:\Windows\svchost.comexecutable
MD5:B2F9BBB7CCB25EA373A80A9D47FD5E12
SHA256:62038544EC5995E3C342298A52452A1785EC53DAAC94D73DFC3D43C7EDC5BB6F
1724IPTV_Zaman_NOW.exeC:\Users\admin\AppData\Roaming\Svchost.jstext
MD5:4DC8D7FF45200E9EE04EAE201F2E15FC
SHA256:CF1B5ED9C45E6FA14B6A27BCA9B5220912C683FD5373FF829AC4B191A716DD3E
3220Svchost.exeC:\Users\admin\AppData\Local\Temp\CR_Debug_Log.txt
MD5:
SHA256:
3932IPTV_Zaman_NOW.exeC:\MSOCache\All Users\{90140000-006E-0412-0000-0000000FF1CE}-C\dwtrig20.exeexecutable
MD5:CF6C595D3E5E9667667AF096762FD9C4
SHA256:593E60CC30AE0789448547195AF77F550387F6648D45847EA244DD0DD7ABF03D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
99
TCP/UDP connections
140
DNS requests
45
Threats
30

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2792
IPTV_Zaman_NOW.exe
GET
302
103.29.214.171:80
http://zaman-now.com/tv-radio/tv_nasional%EF%BB%BF_indonezia.m3u/
ID
suspicious
2792
IPTV_Zaman_NOW.exe
GET
63.250.32.224:8080
http://jockeriptv.com:8080/get.php?username=10919234688&password=10919234688&type=m3u
US
unknown
2792
IPTV_Zaman_NOW.exe
GET
144.76.71.228:12345
http://ip.tv4all.top:12345/get.php?username=radio&password=radio&type=m3u
DE
suspicious
2792
IPTV_Zaman_NOW.exe
GET
103.29.214.171:80
http://zaman-now.com/tv-radio/tv_nasional%EF%BB%BF_indonezia7.m3u
ID
suspicious
2792
IPTV_Zaman_NOW.exe
GET
63.250.32.224:8080
http://jockeriptv.com:8080/get.php?username=27330021925&password=27330021925&type=m3u
US
unknown
2792
IPTV_Zaman_NOW.exe
GET
63.250.32.224:8080
http://jockeriptv.com:8080/get.php?username=84401556131&password=84401556131&type=m3u
US
unknown
2792
IPTV_Zaman_NOW.exe
GET
63.250.32.224:8080
http://jockeriptv.com:8080/get.php?username=10919234688&password=10919234688&type=m3u
US
unknown
2792
IPTV_Zaman_NOW.exe
GET
63.250.32.224:8080
http://jockeriptv.com:8080/get.php?username=27330021925&password=27330021925&type=m3u
US
unknown
2792
IPTV_Zaman_NOW.exe
GET
63.250.32.224:8080
http://jockeriptv.com:8080/get.php?username=84401556131&password=84401556131&type=m3u
US
unknown
2792
IPTV_Zaman_NOW.exe
GET
63.250.32.224:8080
http://jockeriptv.com:8080/get.php?username=27330021925&password=27330021925&type=m3u
US
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
660
WScript.exe
208.95.112.1:80
ip-api.com
IBURST
malicious
660
WScript.exe
81.61.77.92:8000
Vodafone Ono, S.A.
ES
malicious
2792
IPTV_Zaman_NOW.exe
103.29.214.171:80
ez-tracker.net
Sentra Niaga Solusindo, PT.
ID
unknown
2792
IPTV_Zaman_NOW.exe
151.80.100.155:25443
iptv13.m3ulinks.net
OVH SAS
FR
unknown
2792
IPTV_Zaman_NOW.exe
94.23.215.215:41000
OVH SAS
FR
unknown
2792
IPTV_Zaman_NOW.exe
185.23.215.146:25461
iptv7.premium-stv.com
Global Layer B.V.
NL
unknown
2792
IPTV_Zaman_NOW.exe
51.159.21.231:2052
iptv8.premium-stv.com
GB
unknown
2792
IPTV_Zaman_NOW.exe
144.76.71.228:12345
i1.mikro.work
Hetzner Online GmbH
DE
suspicious
2792
IPTV_Zaman_NOW.exe
63.250.32.224:8080
jockeriptv.com
Frontline Data Services, Inc
US
unknown
63.250.32.224:8080
jockeriptv.com
Frontline Data Services, Inc
US
unknown

DNS requests

Domain
IP
Reputation
ip-api.com
  • 208.95.112.1
malicious
ez-tracker.net
  • 103.29.214.171
suspicious
zaman-now.com
  • 103.29.214.171
unknown
iptv13.m3ulinks.net
  • 151.80.100.155
unknown
iptv7.premium-stv.com
  • 185.23.215.146
unknown
iptv8.premium-stv.com
  • 51.159.21.231
unknown
i1.mikro.work
  • 144.76.71.228
suspicious
ip.tv4all.top
  • 144.76.71.228
suspicious
jockeriptv.com
  • 63.250.32.224
unknown
rayito-tv.xyz
  • 62.210.83.86
unknown

Threats

PID
Process
Class
Message
660
WScript.exe
Potential Corporate Privacy Violation
ET POLICY External IP Lookup ip-api.com
660
WScript.exe
Potential Corporate Privacy Violation
AV POLICY Internal Host Retrieving External IP Address (ip-api. com)
1052
svchost.exe
Potentially Bad Traffic
ET INFO Observed DNS Query to .work TLD
2792
IPTV_Zaman_NOW.exe
Potentially Bad Traffic
ET INFO HTTP Request to Suspicious *.work Domain
1052
svchost.exe
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
2792
IPTV_Zaman_NOW.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.top domain
2792
IPTV_Zaman_NOW.exe
Potentially Bad Traffic
AV INFO HTTP Request to a *.xyz domain
3768
tor.exe
Misc Attack
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 229
1052
svchost.exe
Potentially Bad Traffic
ET POLICY DNS Query to DynDNS Domain *.ddns .net
3768
tor.exe
Potential Corporate Privacy Violation
POLICY [PTsecurity] TOR SSL connection
Process
Message
vlc.exe
core libvlc: one instance mode ENABLED
vlc.exe
core libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
vlc.exe
core playlist: stopping playback
vlc.exe
ts demux: MPEG-4 descriptor not found for pid 0x100 type 0xf
vlc.exe
packetizer_mpeg4audio packetizer: AAC channels: 2 samplerate: 22050
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
IPTV Editor Zaman Tantruttv 2020.zip