Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

f9791c06c6...d0.exe

windows7-x64

6

f9791c06c6...d0.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    139s
  • max time network
    166s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28/12/2023, 21:30 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f9791c06c600b3d6397bc23afcb330d0.exe

  • Size

    139KB

  • MD5

    f9791c06c600b3d6397bc23afcb330d0

  • SHA1

    d70d2b8ccb6ad8b0f97aa4c2292b21678f73ccaa

  • SHA256

    c61e79f975b0460fad0f0f6740c1a0de83d975de314dbbaa85ee48b8b24112b1

  • SHA512

    93996bf49114184b658d1517157050323e1dd2e030326724e100d052c81501fbc31dff51e7025e97a10c99e715c1a65784c22f34d7ad1e14bd1cc5b6fc7ecd2f

  • SSDEEP

    3072:ne5aeB2jKRiPKbgsXWMRCdB6brL0IlwzuM07CZwY4EO/5oVNBH:nAapFUgsXWRdsbrL0Ilw8ZY4R+V

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f9791c06c600b3d6397bc23afcb330d0.exe
    "C:\Users\Admin\AppData\Local\Temp\f9791c06c600b3d6397bc23afcb330d0.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=2MpYOfgjikQ&feature=player_embedded
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2804
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2620

Network

  • flag-us
    DNS
    www.youtube.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.youtube.com
    IN A
    Response
    www.youtube.com
    IN CNAME
    youtube-ui.l.google.com
    youtube-ui.l.google.com
    IN A
    142.250.200.46
    youtube-ui.l.google.com
    IN A
    142.250.200.14
    youtube-ui.l.google.com
    IN A
    216.58.201.110
    youtube-ui.l.google.com
    IN A
    216.58.204.78
    youtube-ui.l.google.com
    IN A
    216.58.213.14
    youtube-ui.l.google.com
    IN A
    172.217.169.14
    youtube-ui.l.google.com
    IN A
    216.58.212.206
    youtube-ui.l.google.com
    IN A
    216.58.212.238
    youtube-ui.l.google.com
    IN A
    142.250.179.238
    youtube-ui.l.google.com
    IN A
    142.250.180.14
    youtube-ui.l.google.com
    IN A
    142.250.187.206
    youtube-ui.l.google.com
    IN A
    142.250.187.238
    youtube-ui.l.google.com
    IN A
    172.217.16.238
    youtube-ui.l.google.com
    IN A
    142.250.178.14
  • flag-us
    DNS
    www.youtube.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.youtube.com
    IN A
  • flag-us
    DNS
    www.youtube.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.youtube.com
    IN A
    Response
    www.youtube.com
    IN CNAME
    youtube-ui.l.google.com
    youtube-ui.l.google.com
    IN A
    142.250.200.46
    youtube-ui.l.google.com
    IN A
    142.250.200.14
    youtube-ui.l.google.com
    IN A
    216.58.201.110
    youtube-ui.l.google.com
    IN A
    216.58.204.78
    youtube-ui.l.google.com
    IN A
    216.58.213.14
    youtube-ui.l.google.com
    IN A
    172.217.169.14
    youtube-ui.l.google.com
    IN A
    216.58.212.206
    youtube-ui.l.google.com
    IN A
    216.58.212.238
    youtube-ui.l.google.com
    IN A
    142.250.179.238
    youtube-ui.l.google.com
    IN A
    142.250.180.14
    youtube-ui.l.google.com
    IN A
    142.250.187.206
    youtube-ui.l.google.com
    IN A
    142.250.187.238
    youtube-ui.l.google.com
    IN A
    172.217.16.238
    youtube-ui.l.google.com
    IN A
    142.250.178.14
  • flag-gb
    GET
    http://www.youtube.com/watch?v=2MpYOfgjikQ&feature=player_embedded
    IEXPLORE.EXE
    Remote address:
    142.250.200.46:80
    Request
    GET /watch?v=2MpYOfgjikQ&feature=player_embedded HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.youtube.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: application/binary
    X-Content-Type-Options: nosniff
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Wed, 03 Jan 2024 13:11:49 GMT
    Location: https://www.youtube.com/watch?v=2MpYOfgjikQ&feature=player_embedded
    Server: ESF
    Content-Length: 0
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
  • flag-gb
    GET
    https://www.youtube.com/watch?v=2MpYOfgjikQ&feature=player_embedded
    IEXPLORE.EXE
    Remote address:
    142.250.200.46:443
    Request
    GET /watch?v=2MpYOfgjikQ&feature=player_embedded HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.youtube.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    Content-Type: application/binary
    X-Content-Type-Options: nosniff
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Wed, 03 Jan 2024 13:12:00 GMT
    Location: https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D2MpYOfgjikQ&feature=player_embedded
    Strict-Transport-Security: max-age=31536000
    X-Frame-Options: SAMEORIGIN
    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main"
    Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
    Origin-Trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
    Server: ESF
    Content-Length: 0
    X-XSS-Protection: 0
    Set-Cookie: CONSENT=PENDING+784; expires=Fri, 02-Jan-2026 13:12:00 GMT; path=/; domain=.youtube.com; Secure
    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D2MpYOfgjikQ&feature=player_embedded
    IEXPLORE.EXE
    Remote address:
    142.250.200.46:443
    Request
    GET /supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D2MpYOfgjikQ&feature=player_embedded HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.youtube.com
    Connection: Keep-Alive
    Cookie: CONSENT=PENDING+784
    Response
    HTTP/1.1 200 OK
    Content-Type: text/html; charset=utf-8
    X-Content-Type-Options: nosniff
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Wed, 03 Jan 2024 13:12:00 GMT
    Strict-Transport-Security: max-age=31536000
    X-Frame-Options: SAMEORIGIN
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
    Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
    Origin-Trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
    P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
    Content-Encoding: gzip
    Server: ESF
    X-XSS-Protection: 0
    Set-Cookie: hideBrowserUpgradeBox=true; Domain=.youtube.com; Expires=Wed, 17-Jan-2024 13:12:00 GMT; Path=/; Secure; HttpOnly
    Set-Cookie: YSC=__tO7XFI1eA; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
    Set-Cookie: VISITOR_INFO1_LIVE=QL2FKxzHve0; Domain=.youtube.com; Expires=Mon, 01-Jul-2024 13:12:00 GMT; Path=/; Secure; HttpOnly; SameSite=none
    Set-Cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgQg%3D%3D; Domain=.youtube.com; Expires=Mon, 01-Jul-2024 13:12:00 GMT; Path=/; Secure; HttpOnly; SameSite=lax
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://www.youtube.com/img/desktop/supported_browsers/yt_logo_rgb_light.png
    IEXPLORE.EXE
    Remote address:
    142.250.200.46:443
    Request
    GET /img/desktop/supported_browsers/yt_logo_rgb_light.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D2MpYOfgjikQ&feature=player_embedded
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.youtube.com
    Connection: Keep-Alive
    Cookie: CONSENT=PENDING+784; hideBrowserUpgradeBox=true; YSC=__tO7XFI1eA; VISITOR_INFO1_LIVE=QL2FKxzHve0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgQg%3D%3D
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube-marketing"
    Report-To: {"group":"youtube-marketing","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube-marketing"}]}
    Content-Length: 9171
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Tue, 02 Jan 2024 02:06:48 GMT
    Expires: Wed, 01 Jan 2025 02:06:48 GMT
    Cache-Control: public, max-age=31536000
    Age: 126312
    Last-Modified: Wed, 16 Oct 2019 17:15:00 GMT
    Content-Type: image/png
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.youtube.com/img/desktop/supported_browsers/dinosaur.png
    IEXPLORE.EXE
    Remote address:
    142.250.200.46:443
    Request
    GET /img/desktop/supported_browsers/dinosaur.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D2MpYOfgjikQ&feature=player_embedded
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.youtube.com
    Connection: Keep-Alive
    Cookie: CONSENT=PENDING+784; hideBrowserUpgradeBox=true; YSC=__tO7XFI1eA; VISITOR_INFO1_LIVE=QL2FKxzHve0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgQg%3D%3D
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube-marketing"
    Report-To: {"group":"youtube-marketing","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube-marketing"}]}
    Content-Length: 59088
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Tue, 02 Jan 2024 18:22:42 GMT
    Expires: Wed, 01 Jan 2025 18:22:42 GMT
    Cache-Control: public, max-age=31536000
    Age: 67758
    Last-Modified: Wed, 16 Oct 2019 17:15:00 GMT
    Content-Type: image/png
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.youtube.com/img/desktop/supported_browsers/edgium.png
    IEXPLORE.EXE
    Remote address:
    142.250.200.46:443
    Request
    GET /img/desktop/supported_browsers/edgium.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D2MpYOfgjikQ&feature=player_embedded
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.youtube.com
    Connection: Keep-Alive
    Cookie: CONSENT=PENDING+784; hideBrowserUpgradeBox=true; YSC=__tO7XFI1eA; VISITOR_INFO1_LIVE=QL2FKxzHve0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgQg%3D%3D
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube-marketing"
    Report-To: {"group":"youtube-marketing","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube-marketing"}]}
    Content-Length: 7121
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Tue, 02 Jan 2024 14:54:06 GMT
    Expires: Wed, 01 Jan 2025 14:54:06 GMT
    Cache-Control: public, max-age=31536000
    Age: 80274
    Last-Modified: Wed, 12 Feb 2020 21:45:00 GMT
    Content-Type: image/png
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.youtube.com/img/desktop/supported_browsers/chrome.png
    IEXPLORE.EXE
    Remote address:
    142.250.200.46:443
    Request
    GET /img/desktop/supported_browsers/chrome.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D2MpYOfgjikQ&feature=player_embedded
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.youtube.com
    Connection: Keep-Alive
    Cookie: CONSENT=PENDING+784; hideBrowserUpgradeBox=true; YSC=__tO7XFI1eA; VISITOR_INFO1_LIVE=QL2FKxzHve0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgQg%3D%3D
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube-marketing"
    Report-To: {"group":"youtube-marketing","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube-marketing"}]}
    Content-Length: 6213
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Tue, 02 Jan 2024 05:15:29 GMT
    Expires: Wed, 01 Jan 2025 05:15:29 GMT
    Cache-Control: public, max-age=31536000
    Age: 114991
    Last-Modified: Sun, 25 Jun 2023 02:58:00 GMT
    Content-Type: image/png
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.youtube.com/img/desktop/supported_browsers/opera.png
    IEXPLORE.EXE
    Remote address:
    142.250.200.46:443
    Request
    GET /img/desktop/supported_browsers/opera.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D2MpYOfgjikQ&feature=player_embedded
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.youtube.com
    Connection: Keep-Alive
    Cookie: CONSENT=PENDING+784; hideBrowserUpgradeBox=true; YSC=__tO7XFI1eA; VISITOR_INFO1_LIVE=QL2FKxzHve0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgQg%3D%3D
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube-marketing"
    Report-To: {"group":"youtube-marketing","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube-marketing"}]}
    Content-Length: 2375
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Fri, 29 Dec 2023 10:06:47 GMT
    Expires: Sat, 28 Dec 2024 10:06:47 GMT
    Cache-Control: public, max-age=31536000
    Age: 443113
    Last-Modified: Wed, 16 Oct 2019 17:15:00 GMT
    Content-Type: image/png
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.youtube.com/favicon.ico
    IEXPLORE.EXE
    Remote address:
    142.250.200.46:443
    Request
    GET /favicon.ico HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: www.youtube.com
    Connection: Keep-Alive
    Cookie: CONSENT=PENDING+784; hideBrowserUpgradeBox=true; YSC=__tO7XFI1eA; VISITOR_INFO1_LIVE=QL2FKxzHve0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgQg%3D%3D
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube-marketing"
    Report-To: {"group":"youtube-marketing","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube-marketing"}]}
    Content-Length: 180
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 30 Dec 2023 20:16:38 GMT
    Expires: Sun, 29 Dec 2024 20:16:38 GMT
    Cache-Control: public, max-age=31536000
    Age: 320124
    Last-Modified: Sun, 25 Jun 2023 02:58:00 GMT
    Content-Type: image/x-icon
    Vary: Accept-Encoding
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.youtube.com/img/desktop/supported_browsers/firefox.png
    IEXPLORE.EXE
    Remote address:
    142.250.200.46:443
    Request
    GET /img/desktop/supported_browsers/firefox.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D2MpYOfgjikQ&feature=player_embedded
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.youtube.com
    Connection: Keep-Alive
    Cookie: CONSENT=PENDING+784; hideBrowserUpgradeBox=true; YSC=__tO7XFI1eA; VISITOR_INFO1_LIVE=QL2FKxzHve0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgQg%3D%3D
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube-marketing"
    Report-To: {"group":"youtube-marketing","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube-marketing"}]}
    Content-Length: 9291
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Tue, 02 Jan 2024 15:42:35 GMT
    Expires: Wed, 01 Jan 2025 15:42:35 GMT
    Cache-Control: public, max-age=31536000
    Age: 77365
    Last-Modified: Sun, 25 Jun 2023 02:58:00 GMT
    Content-Type: image/png
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • 142.250.200.46:80
    www.youtube.com
    IEXPLORE.EXE
    242 B
     144 B
     5
    3
  • 142.250.200.46:80
    http://www.youtube.com/watch?v=2MpYOfgjikQ&feature=player_embedded
    http
    IEXPLORE.EXE
    1.3kB
     644 B
     9
    5

    HTTP Request

    GET http://www.youtube.com/watch?v=2MpYOfgjikQ&feature=player_embedded

    HTTP Response

    301
  • 142.250.200.46:443
    https://www.youtube.com/img/desktop/supported_browsers/chrome.png
    tls, http
    IEXPLORE.EXE
    6.1kB
     102.0kB
     56
    85

    HTTP Request

    GET https://www.youtube.com/watch?v=2MpYOfgjikQ&feature=player_embedded

    HTTP Response

    302

    HTTP Request

    GET https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D2MpYOfgjikQ&feature=player_embedded

    HTTP Response

    200

    HTTP Request

    GET https://www.youtube.com/img/desktop/supported_browsers/yt_logo_rgb_light.png

    HTTP Response

    200

    HTTP Request

    GET https://www.youtube.com/img/desktop/supported_browsers/dinosaur.png

    HTTP Response

    200

    HTTP Request

    GET https://www.youtube.com/img/desktop/supported_browsers/edgium.png

    HTTP Response

    200

    HTTP Request

    GET https://www.youtube.com/img/desktop/supported_browsers/chrome.png

    HTTP Response

    200
  • 142.250.200.46:443
    https://www.youtube.com/favicon.ico
    tls, http
    IEXPLORE.EXE
    2.1kB
     12.4kB
     16
    16

    HTTP Request

    GET https://www.youtube.com/img/desktop/supported_browsers/opera.png

    HTTP Response

    200

    HTTP Request

    GET https://www.youtube.com/favicon.ico

    HTTP Response

    200
  • 142.250.200.46:443
    www.youtube.com
    tls
    IEXPLORE.EXE
    830 B
     7.3kB
     11
    11
  • 142.250.200.46:443
    https://www.youtube.com/img/desktop/supported_browsers/firefox.png
    tls, http
    IEXPLORE.EXE
    1.6kB
     17.8kB
     14
    18

    HTTP Request

    GET https://www.youtube.com/img/desktop/supported_browsers/firefox.png

    HTTP Response

    200
  • 142.250.200.46:443
    www.youtube.com
    tls
    IEXPLORE.EXE
    830 B
     7.3kB
     11
    11
  • 142.250.200.46:443
    www.youtube.com
    tls
    IEXPLORE.EXE
    784 B
     7.3kB
     10
    11
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    805 B
     8.1kB
     10
    14
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    805 B
     8.1kB
     10
    14
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    1.1kB
     7.9kB
     11
    13
  • 8.8.8.8:53
    www.youtube.com
    dns
    IEXPLORE.EXE
    122 B
     319 B
     2
    1

    DNS Request

    www.youtube.com

    DNS Request

    www.youtube.com

    DNS Response

    142.250.200.46
    142.250.200.14
    216.58.201.110
    216.58.204.78
    216.58.213.14
    172.217.169.14
    216.58.212.206
    216.58.212.238
    142.250.179.238
    142.250.180.14
    142.250.187.206
    142.250.187.238
    172.217.16.238
    142.250.178.14

  • 8.8.8.8:53
    www.youtube.com
    dns
    IEXPLORE.EXE
    61 B
     319 B
     1
    1

    DNS Request

    www.youtube.com

    DNS Response

    142.250.200.46
    142.250.200.14
    216.58.201.110
    216.58.204.78
    216.58.213.14
    172.217.169.14
    216.58.212.206
    216.58.212.238
    142.250.179.238
    142.250.180.14
    142.250.187.206
    142.250.187.238
    172.217.16.238
    142.250.178.14

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    57f87457b90e1b48c311ae23ccd18296

    SHA1

    ad9423e7adb9ad68eb6b52d42a07f4159bd15df7

    SHA256

    19ef081f6a5a0138e5e2862b93bc018fe33785df3f916eb16b38d7d60b91a4ed

    SHA512

    c8c74159d20f0c9c944e34d43f0a95b3d45d49f014d50c2f140f8e67640f02c15263a481e0ea5649e6057fcb05b935304ec52863936b83d4c6ef5fd9ab3ddbb2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e464e8f1f1366018d43188234cb5c2cf

    SHA1

    a36851f98e135671f1512e48a6447f382f1b0d98

    SHA256

    ce5a4a3f6e28af84eab79114451590b71b8017ed0b8ac7b1aaea38f638240875

    SHA512

    9e4fbb64885f33c3860c8c0e49fccd0bda1944059e5b59b8229ed88f7dfd81e8f5c31690716da1f028d1c5d0b0196c5901cfb064c26dfec0edb5691c3e9b5012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cd40b078dfeb4b20397179b9942ed330

    SHA1

    2031343d5a4c8ac04f03737df9733b264a66ff41

    SHA256

    4474dbfa9600f516613fd8a8ebb393fe5fe2494798fc55bea007e605a8c4cb80

    SHA512

    563a37f3236cb0c87f3ffa327a1e1e919d46c736d89b88fb9da0fd4ee3cd7f9a9eb19bcb14d304880790c665c5e7c640dc36125f694025eb4c78f765488e0ac6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f41932297ab3d1b277c317a8ef72223d

    SHA1

    2085c152ce54dbc12bce452abcaf9a9c7555e5d7

    SHA256

    746ce932874e7d069d66ba18ff7032f51b709e38e9c3228bd9a0b3d11611d24c

    SHA512

    74e9f8dcd82ce4db8380e1e38fc267b0d381bfbb44a4e582bc775296efab92f5132eeaab6f1096a9ea4cb2533e2f9f51fc153d35aa5a6f1ce6fca3258d1f9f80

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    34b8e47c60c5bb1d3d9d6465adb315fa

    SHA1

    43591f02d6f8f1b0814362a9fe867380a911f168

    SHA256

    857a973f3d47b41d1de58ac45fd2c152973b2e86f6ee437f2a188a08e180dd4a

    SHA512

    26f0477420fac8e6d9ef1ef2a0647417f3cd2a06c074f1a73d81ff7e8d5be45bce1da470361f50ef16c53e893aed75538799a1fe4c9e3e3c3c17a60a2cd52486

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    672c7bbce22f82a269b88d02f6a1bc3d

    SHA1

    6cd01a4494c1a52d072d39f0b2d072b69c93afb9

    SHA256

    a44e5e540f1b089ff0c93270ebd3adfc69691a06b70e1f7feebdf1fbfad88caa

    SHA512

    2cd5ed3fe88c7e3ab7838cae2dcf00cb3c0cbf59966c987fe024bf1303ae09642e3b8b505b2f4b9b8f51d26be264dce321d97d526a4bed421917e75e7ccb11f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    38563bcfa51b78cfac0898814e7430fd

    SHA1

    8446218acc4bc77c9dc5d0bdd308e2cb3ab70f0a

    SHA256

    870e6caed0008dc5481cbc6464439593e97711ddac9ce6bde18087623fce57fc

    SHA512

    c066508ee22a8b40042cc4feed66eb4d6e4353840b4fe36a0fd4fd210265a257a169ad56b894c03e73061141016a8260d27aecd8bcd1f731ef7dd50029b19c13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    55f29ad68cfa2e0889a5c1a08c0df436

    SHA1

    83e20e25757d94de9e001fe3cdfd94446396fabe

    SHA256

    2c72566c5173825834e7225c9489a1f5514344fb52eccf61db65dc67d77e8403

    SHA512

    8439367e85eeec124b6b04adbf6392ce4ba25e4877f036ffeddb44b7fa1f11880ae014d338aba430a135e7b66e0dae8d5b248a27d082062a30458ba736acd42e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3d3f54643ad4a71f9ef8d94f186c4cdc

    SHA1

    d6b647402dbbd4a21c60e763cc03a6add5ac0329

    SHA256

    7e3ddc29c21e26eebf8211b8745c4b3fb35f4ab502775504ff5411e21656880c

    SHA512

    ad2211fca168594a038cccbf009614935fb96c5dbe5b07dc41cf6b821640b5a145014eb09fc7149252685dbb80c839f11e60d812366f86467e54ed8ccfa253de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    789074866fb3566a173be1f733989abd

    SHA1

    f11ad587d652fa9a7e883eaf33c0330b0cc0cf49

    SHA256

    50b8eaaa3a9d103ab6c1d24ecb9fe7eb1db71f11d1e0dadbcaede14fe818651b

    SHA512

    6ef3bb942bb2dd454e15353108f4c08023b62bb4158701ebf53fac2ad27cb861fa81481410578e21aa54c0b3a31822106cea80a13c3171fc3f83877a3b715a8c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4b553995387194c1e15d61a06607a3f8

    SHA1

    084af003766a1ced11e65feb74fca171fcd1f95d

    SHA256

    b99864ed682f7f337e6cf3409d63bcd149a1d90913a38c63492375e797b08639

    SHA512

    f2b41f1eb5585caf9ff3da671ab3cbd6d7a2f87257828cda1112d690f9162178209d3be5043dc18f888c56068d31e27306fee5dca381b43124c62e8065bfa7d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    55d0d2dcbf37845b945e734c715f7d0b

    SHA1

    1a192e9fcf5f589db05fb0d9d690d0f5d28020d7

    SHA256

    bb20ac9e68a1762866f96d9fa2f024207725661b97058e2f12f247407f04b30a

    SHA512

    812334a3fde3fbc7a27d1a5c0de54a2a1e6bda6448c2e23b0929520f381d83c39366e2825425c4c89b0354ef695f5e054c25307e79c5a77d8aef618502a697f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a636469294d30462bf36c4e09c3f2ee2

    SHA1

    a6c7c65d892e9e6702c60dd4194b2f751a99a396

    SHA256

    79868cc6ef7779b53547ffe68219c0e4c007172771bdd5922deb258117f1113c

    SHA512

    5c039b34d29b1e8d01095188738906b555acf1b02e7e0857aa519476998578468772655c596275ce3d778e4beeb276acebf0c7e2ae21c0cb5549509bf5476a64

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2803fce3c2c865ff6f21762073e31664

    SHA1

    529561dc50b408c3e8616954fc997956968ad411

    SHA256

    9009836d5f674c7874fd2b53606b763bb770e405ab1a84ae91334e1632c29e7c

    SHA512

    06b6aa20ca3c12024b8c5e486787a4c50fd7155a054ea81122b1916358504553a249d7fb08ff9294e72781e4846a695e43562207cf833e0bdba7c8fd483888a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7fe95ce462058d820c39d17c081390c0

    SHA1

    5c37a374ce05cba8462d2966e8393352e6491fc7

    SHA256

    b49263537251670bff1ea27f46b9194ba0252b627e76c7d93a6ca5eb078dd34b

    SHA512

    87623b7630ef16a18c60dc08f4aaa310e2be4e9911523552ce87c095cab13b58672050d968acf502ae5b00a685fed7555fd38f3718f0003b46b64604bfd37ef3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3fbe9ac5e1212a4a0481206a98eae7fb

    SHA1

    046744c8c7629973c39994455e1ba480da5e16e9

    SHA256

    5d7ffdb972055d28717653f49c37bacea065e2ffb199400b20df49be8a60a58b

    SHA512

    50b001d25c6ed60d3e22c819048b729bbb1540e9f72048b7dd0ebc3e6e88b075003b3e8c9e4968e704bca153a8ff45ab3ece86b58a4c3e097d20989127ae9a32

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat
    Filesize

    1KB

    MD5

    9ec6dc05bac7a89abd55b41f0d9f0902

    SHA1

    4f8710db0039e8fc7ed9ae7e4be0f6ceaf28dbbb

    SHA256

    91d75a4d9de90847867f43cce5550999b858618a160b13f02bb25a607a94534a

    SHA512

    fa079e4ec95dc8e12c8c034698b19ad259d7a1b177de32d2a376538c346072ccb8f7847a69c87a54d52d6e257d95c0f61edc4176a4a5f53bb19b1747e717a91e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAJVCBJI\favicon[2].ico
    Filesize

    1KB

    MD5

    f2a495d85735b9a0ac65deb19c129985

    SHA1

    f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

    SHA256

    8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

    SHA512

    6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab16A.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar17A.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2352-1-0x0000000000400000-0x0000000000489000-memory.dmp

    Filesize

    548KB

    Download

  • memory/2352-2-0x0000000000270000-0x00000000002B6000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2352-3-0x0000000000400000-0x0000000000489000-memory.dmp

    Filesize

    548KB

    Download

  • memory/2352-6-0x0000000000400000-0x0000000000489000-memory.dmp

    Filesize

    548KB

    Download

  • memory/2352-7-0x0000000000270000-0x00000000002B6000-memory.dmp

    Filesize

    280KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.