{"report_id":"82c154a0-b630-4a24-8a5d-43031ab6d540","version":6,"status":"done","tags":[],"date":"2025-01-28T20:06:43Z","url":{"schema":"http","addr":"download.s21i.faiusr.com/21675261/0/0/ABUIABBPGAAg1ueZtAYojdfXiAI.zip","fqdn":"download.s21i.faiusr.com","domain":"faiusr.com","tld":"com"},"ip":{"addr":"154.85.69.8","port":0,"asn":139057,"as":"LEGEND DYNASTY PTE. LTD.","country":"Singapore","country_code":"SG"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-04-08T20:06:43Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"download.s21i.faiusr.com","ip":{"addr":"154.85.69.7","port":443,"asn":139057,"as":"LEGEND DYNASTY PTE. LTD.","country":"Singapore","country_code":"SG"},"domain_registered":"2015-05-14","domain_rank":0,"first_seen":"2018-07-01T21:36:29Z","last_seen":"2025-01-23T01:57:48.349979Z","alert_count":1,"request_count":1,"received_data":6677315,"sent_data":523,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"ddfa72e5a166e31b2b83fc78e0cd52dd","sha1":"42e4fbc08847d6fe6568c2c2eda6e1a04682af33","sha256":"8f2d014af7ff7c2709ea2a22dda9b0cfb7b72600bf5b9acfbe3d9cb78f91bb5d","sha512":"d6ee1431a6dc8d40e674587fcb8374c0a5770021f013ba0c92c4520f644c252fba87e9c0bf3920854844fd8c08e730b74c8c7aacd246bca8609f65b10b8c3efd","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":6676799,"url":{"schema":"https","addr":"download.s21i.faiusr.com/21675261/0/0/ABUIABBPGAAg1ueZtAYojdfXiAI.zip","fqdn":"download.s21i.faiusr.com","domain":"faiusr.com","tld":"com"},"ip":{"addr":"154.85.69.7","port":443,"asn":139057,"as":"LEGEND DYNASTY PTE. LTD.","country":"Singapore","country_code":"SG"},"archive":[{"path":"HEU_KMS_Activator_v42.0.4.exe","filename":"HEU_KMS_Activator_v42.0.4.exe","modified":"2024-05-28T02:34:36+08:00","Modified":"","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections","size":4597760,"md5":"d9aa16c92e6d7586317fd5b44810ee98","sha1":"78a38eb1602ba946aea808bdbea006fa4227afc5","sha256":"57de0e454d59ff0ccec9257d8b3b9d7758ef29544127e7f19379f2583046e889","sha512":"ad8980c759e1842a327300fa3c65db575b0cc8fcbbffb25fbdd9d677155ac87832e7c4538a7da59d0602d6993d52f500a8317bb5bfe731ef5269d0bdb308c76b","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-10-20","alert":"Scan result 49/71","trigger":"57de0e454d59ff0ccec9257d8b3b9d7758ef29544127e7f19379f2583046e889","verdict":"malicious","severity":"","comment":"malicious - 49/71","link":"https://www.virustotal.com/gui/file/57de0e454d59ff0ccec9257d8b3b9d7758ef29544127e7f19379f2583046e889","meta":null}]}},{"path":"HEU_KMS_Activatorʹ��˵���ֲ�.pdf","filename":"HEU_KMS_Activatorʹ��˵���ֲ�.pdf","modified":"2024-07-04T16:02:25+08:00","Modified":"","magic":"PDF document, version 1.7, 20 page(s)","size":1006970,"md5":"8ed66f8a4b007287937c899909304cfd","sha1":"cbfe38253e15407a9c7eb2a1ed4e968de8a3843c","sha256":"30a33c0bf2d2393a72a54288858950fa284eeefdd2164f2e4e513f1f3b32e49c","sha512":"576d1a5ede22dd9ff533e0bb740e7f5981675f795176c3f2dcde6d419c5d09d6b90fcf88f6e64ed714b54e2d1556d7c999319bfe3c2c023d73eb4479d1823700","alerts":{"urlquery":null,"analyzer":null}},{"path":"IT����-���Խ̳���.url","filename":"IT����-���Խ̳���.url","modified":"2023-10-13T20:56:27+08:00","Modified":"","magic":"MS Windows 95 Internet shortcut text (URL=\u003chttps://www.ithaoge.cn/\u003e), ASCII text, with CRLF line terminators","size":49,"md5":"4db32508a25305d75d6a9ee15db0fbb4","sha1":"8f6ec0ef11e685580cc7f5220a8bc41f098ce9ba","sha256":"4b40eb1001e03873e47821c74dc403a73e9f96e24eb36480bc86338ab5469f9b","sha512":"eb8bf1b07cd96fc01e369823005df15d64f2d8862ed43d7aea7fc378a5440328bfd756abc42d3d0754f8c27115e3d839b44f02292ceb6c2ecaad84484c6c1fff","alerts":{"urlquery":null,"analyzer":null}},{"path":"IT����-���������̳� - Link3.url","filename":"IT����-���������̳� - Link3.url","modified":"2024-03-03T10:00:50+08:00","Modified":"","magic":"MS Windows 95 Internet shortcut text (URL=\u003chttps://link3.cc/ithaoge\u003e), ASCII text, with CRLF line terminators","size":50,"md5":"f6b69cf81b66a665deadf810238d2307","sha1":"3490772ba30a692d5b75f4a71bd000c8639573e5","sha256":"a19825f58118f6dec7ccd0e68ee81b8ecb94b64d4d1f8c5be8cf81f33c30b3b8","sha512":"98aa1651e9726a91cbc125f8f11bf074d213ada782f1c525aaf32a18e0f0f13b2f0cc0ca5a442e825d4a5be822d223ea4213f60d3cd9a6e4708daf1bc3a16ffc","alerts":{"urlquery":null,"analyzer":null}},{"path":"ע�⣺����ʱ�ر�ʵʱ�����ͷ������������������г���.png","filename":"ע�⣺����ʱ�ر�ʵʱ�����ͷ������������������г���.png","modified":"2024-07-04T17:53:16+08:00","Modified":"","magic":"PNG image data, 3270 x 1839, 8-bit/color RGB, non-interlaced","size":1306324,"md5":"e2a54e028f2b51ac33e4df1f2050382d","sha1":"c20390e2814989e6be242cd20f77226a8c690f10","sha256":"b4b6f298448c8067f50b1e1ffe92739af3ec8aa1514317c43d1e4db24b39f2e0","sha512":"bb8c97f10d6a2a5d51906a630463974ce77e37e7eb4b07ba9fff26d2305e182916f31268e4b34f13b1fe1853138e3d57db31c6b06246b93d50d4782c7466a1de","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-07-19","alert":"Scan result 38/67","trigger":"8f2d014af7ff7c2709ea2a22dda9b0cfb7b72600bf5b9acfbe3d9cb78f91bb5d","verdict":"malicious","severity":"","comment":"malicious - 38/67","link":"https://www.virustotal.com/gui/file/8f2d014af7ff7c2709ea2a22dda9b0cfb7b72600bf5b9acfbe3d9cb78f91bb5d","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"ddfa72e5a166e31b2b83fc78e0cd52dd","sha1":"42e4fbc08847d6fe6568c2c2eda6e1a04682af33","sha256":"8f2d014af7ff7c2709ea2a22dda9b0cfb7b72600bf5b9acfbe3d9cb78f91bb5d","sha512":"d6ee1431a6dc8d40e674587fcb8374c0a5770021f013ba0c92c4520f644c252fba87e9c0bf3920854844fd8c08e730b74c8c7aacd246bca8609f65b10b8c3efd","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":6676799,"url":{"schema":"https","addr":"download.s21i.faiusr.com/21675261/0/0/ABUIABBPGAAg1ueZtAYojdfXiAI.zip","fqdn":"download.s21i.faiusr.com","domain":"faiusr.com","tld":"com"},"ip":{"addr":"154.85.69.7","port":443,"asn":139057,"as":"LEGEND DYNASTY PTE. LTD.","country":"Singapore","country_code":"SG"},"archive":[{"path":"HEU_KMS_Activator_v42.0.4.exe","filename":"HEU_KMS_Activator_v42.0.4.exe","modified":"2024-05-28T02:34:36+08:00","Modified":"","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections","size":4597760,"md5":"d9aa16c92e6d7586317fd5b44810ee98","sha1":"78a38eb1602ba946aea808bdbea006fa4227afc5","sha256":"57de0e454d59ff0ccec9257d8b3b9d7758ef29544127e7f19379f2583046e889","sha512":"ad8980c759e1842a327300fa3c65db575b0cc8fcbbffb25fbdd9d677155ac87832e7c4538a7da59d0602d6993d52f500a8317bb5bfe731ef5269d0bdb308c76b","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-10-20","alert":"Scan result 49/71","trigger":"57de0e454d59ff0ccec9257d8b3b9d7758ef29544127e7f19379f2583046e889","verdict":"malicious","severity":"","comment":"malicious - 49/71","link":"https://www.virustotal.com/gui/file/57de0e454d59ff0ccec9257d8b3b9d7758ef29544127e7f19379f2583046e889","meta":null}]}},{"path":"HEU_KMS_Activatorʹ��˵���ֲ�.pdf","filename":"HEU_KMS_Activatorʹ��˵���ֲ�.pdf","modified":"2024-07-04T16:02:25+08:00","Modified":"","magic":"PDF document, version 1.7, 20 page(s)","size":1006970,"md5":"8ed66f8a4b007287937c899909304cfd","sha1":"cbfe38253e15407a9c7eb2a1ed4e968de8a3843c","sha256":"30a33c0bf2d2393a72a54288858950fa284eeefdd2164f2e4e513f1f3b32e49c","sha512":"576d1a5ede22dd9ff533e0bb740e7f5981675f795176c3f2dcde6d419c5d09d6b90fcf88f6e64ed714b54e2d1556d7c999319bfe3c2c023d73eb4479d1823700","alerts":{"urlquery":null,"analyzer":null}},{"path":"IT����-���Խ̳���.url","filename":"IT����-���Խ̳���.url","modified":"2023-10-13T20:56:27+08:00","Modified":"","magic":"MS Windows 95 Internet shortcut text (URL=\u003chttps://www.ithaoge.cn/\u003e), ASCII text, with CRLF line terminators","size":49,"md5":"4db32508a25305d75d6a9ee15db0fbb4","sha1":"8f6ec0ef11e685580cc7f5220a8bc41f098ce9ba","sha256":"4b40eb1001e03873e47821c74dc403a73e9f96e24eb36480bc86338ab5469f9b","sha512":"eb8bf1b07cd96fc01e369823005df15d64f2d8862ed43d7aea7fc378a5440328bfd756abc42d3d0754f8c27115e3d839b44f02292ceb6c2ecaad84484c6c1fff","alerts":{"urlquery":null,"analyzer":null}},{"path":"IT����-���������̳� - Link3.url","filename":"IT����-���������̳� - Link3.url","modified":"2024-03-03T10:00:50+08:00","Modified":"","magic":"MS Windows 95 Internet shortcut text (URL=\u003chttps://link3.cc/ithaoge\u003e), ASCII text, with CRLF line terminators","size":50,"md5":"f6b69cf81b66a665deadf810238d2307","sha1":"3490772ba30a692d5b75f4a71bd000c8639573e5","sha256":"a19825f58118f6dec7ccd0e68ee81b8ecb94b64d4d1f8c5be8cf81f33c30b3b8","sha512":"98aa1651e9726a91cbc125f8f11bf074d213ada782f1c525aaf32a18e0f0f13b2f0cc0ca5a442e825d4a5be822d223ea4213f60d3cd9a6e4708daf1bc3a16ffc","alerts":{"urlquery":null,"analyzer":null}},{"path":"ע�⣺����ʱ�ر�ʵʱ�����ͷ������������������г���.png","filename":"ע�⣺����ʱ�ر�ʵʱ�����ͷ������������������г���.png","modified":"2024-07-04T17:53:16+08:00","Modified":"","magic":"PNG image data, 3270 x 1839, 8-bit/color RGB, non-interlaced","size":1306324,"md5":"e2a54e028f2b51ac33e4df1f2050382d","sha1":"c20390e2814989e6be242cd20f77226a8c690f10","sha256":"b4b6f298448c8067f50b1e1ffe92739af3ec8aa1514317c43d1e4db24b39f2e0","sha512":"bb8c97f10d6a2a5d51906a630463974ce77e37e7eb4b07ba9fff26d2305e182916f31268e4b34f13b1fe1853138e3d57db31c6b06246b93d50d4782c7466a1de","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-07-19","alert":"Scan result 38/67","trigger":"8f2d014af7ff7c2709ea2a22dda9b0cfb7b72600bf5b9acfbe3d9cb78f91bb5d","verdict":"malicious","severity":"","comment":"malicious - 38/67","link":"https://www.virustotal.com/gui/file/8f2d014af7ff7c2709ea2a22dda9b0cfb7b72600bf5b9acfbe3d9cb78f91bb5d","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"download.s21i.faiusr.com/21675261/0/0/ABUIABBPGAAg1ueZtAYojdfXiAI.zip","fqdn":"download.s21i.faiusr.com","domain":"faiusr.com","tld":"com"},"ip":{"addr":"154.85.69.7","port":443,"asn":139057,"as":"LEGEND DYNASTY PTE. LTD.","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-01-28T20:06:17.501Z","timestamp":1738094777501,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.s21i.faiusr.com","organization":""},"issuer":{"commonName":"sslTrus (RSA) DV CA","organization":"sslTrus"},"validity":{"start":"Fri, 22 Mar 2024 00:00:00 GMT","end":"Tue, 22 Apr 2025 23:59:59 GMT"},"fingerprint":{"sha1":"A0:DD:04:8D:B3:8F:6C:DB:22:1C:0C:B8:AE:B5:CC:46:DC:4B:81:2F","sha256":"3B:53:19:28:C7:82:00:DF:98:C2:B4:CC:69:AE:69:4C:94:C8:F8:58:82:D1:A2:5A:3A:39:B4:AB:4C:15:E0:4B"}}},"request":{"raw":"GET /21675261/0/0/ABUIABBPGAAg1ueZtAYojdfXiAI.zip HTTP/1.1\r\nHost: download.s21i.faiusr.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 28 Jan 2025 20:06:19 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 6676799\r\nConnection: keep-alive\r\nExpires: Tue, 28 Jan 2025 20:06:19 GMT\r\nServer: F-WEB\r\nContent-Disposition: attachment;filename=\"ABUIABBPGAAg1ueZtAYojdfXiAI.zip\";filename*=utf-8''ABUIABBPGAAg1ueZtAYojdfXiAI.zip\r\nAccess-Control-Allow-Origin: *\r\nOrigin-Agent-Cluster: ?0\r\nCache-Control: max-age=315360000\r\nX-Ser: i91710_c21603, i2103125_c25795, i1872278_c17483\r\nX-Cache: HIT from i2103125_c25795(cloudsvr)\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6676799,"size_decoded":6676799,"mime_type":"application/octet-stream","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"ddfa72e5a166e31b2b83fc78e0cd52dd","sha1":"42e4fbc08847d6fe6568c2c2eda6e1a04682af33","sha256":"8f2d014af7ff7c2709ea2a22dda9b0cfb7b72600bf5b9acfbe3d9cb78f91bb5d","sha512":"d6ee1431a6dc8d40e674587fcb8374c0a5770021f013ba0c92c4520f644c252fba87e9c0bf3920854844fd8c08e730b74c8c7aacd246bca8609f65b10b8c3efd","ssdeep":"196608:2dS3vxeQx1njKHmLVhqzzjkM1G0IfDwnxeEEztozlvGxBx+i:22v5xVWcV4XqinSSlyB3","tlshash":"ee6633611085b354b7166aa995208b315a00dc9fffa2afdbc327c364e781d605f273ee","first_seen":"2025-01-28T20:06:56.378506Z","last_seen":"2025-01-28T20:06:56.378506Z","times_seen":1,"resource_available":false,"data":null}},"time_used":4071,"timings":{"blocked":1171,"dns":673,"connect":19,"send":0,"wait":418,"receive":1308,"ssl":475},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-07-19","alert":"Scan result 38/67","trigger":"8f2d014af7ff7c2709ea2a22dda9b0cfb7b72600bf5b9acfbe3d9cb78f91bb5d","verdict":"malicious","severity":"","comment":"malicious - 38/67","link":"https://www.virustotal.com/gui/file/8f2d014af7ff7c2709ea2a22dda9b0cfb7b72600bf5b9acfbe3d9cb78f91bb5d","meta":null}],"urlquery":null}}]}