Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
398949a479e...1d.exe
windows7-x64
798949a479e...1d.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
1$PLUGINSDI...er.dll
windows10-2004-x64
1$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/pwgen.dll
windows7-x64
3$PLUGINSDIR/pwgen.dll
windows10-2004-x64
3DomaIQ.exe
windows7-x64
1DomaIQ.exe
windows10-2004-x64
1DomaIQ10.exe
windows7-x64
1DomaIQ10.exe
windows10-2004-x64
1Analysis
-
max time kernel
93s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
13/02/2024, 05:22 UTC
Static task
static1
Behavioral task
behavioral1
Sample
98949a479e481213c2b747263ad7501d.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
98949a479e481213c2b747263ad7501d.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Banner.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Banner.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/pwgen.dll
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/pwgen.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral11
Sample
DomaIQ.exe
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
DomaIQ.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral13
Sample
DomaIQ10.exe
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
DomaIQ10.exe
Resource
win10v2004-20231222-en
General
-
Target
98949a479e481213c2b747263ad7501d.exe
-
Size
489KB
-
MD5
98949a479e481213c2b747263ad7501d
-
SHA1
21013b2c7d0efd7c4f065855ef7e646257a775a7
-
SHA256
24ca1ccadea86789ecfa651686910b20bd61a1ae775969b3cbf904d963df778c
-
SHA512
58496db0a59d886f15214270538fe05370fe2e4513ac864a8dbcd5d644573af624ff8d4b10d6c13ffde1b5062b591995eda2e7e6b92d710d149125707384087e
-
SSDEEP
12288:heuo6R5cmgutOGrBtHLdB1+3E5zdWLCr+d6iv9su3uXEl:Iju56pGl/B1Cir+d6i2ukEl
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2684 98949a479e481213c2b747263ad7501d.exe -
Loads dropped DLL 1 IoCs
pid Process 4160 98949a479e481213c2b747263ad7501d.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 2 IoCs
resource yara_rule behavioral2/files/0x0006000000023219-36.dat nsis_installer_1 behavioral2/files/0x0006000000023219-36.dat nsis_installer_2 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2684 98949a479e481213c2b747263ad7501d.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 4160 98949a479e481213c2b747263ad7501d.exe 4160 98949a479e481213c2b747263ad7501d.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2684 98949a479e481213c2b747263ad7501d.exe 2684 98949a479e481213c2b747263ad7501d.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4160 wrote to memory of 2684 4160 98949a479e481213c2b747263ad7501d.exe 84 PID 4160 wrote to memory of 2684 4160 98949a479e481213c2b747263ad7501d.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\98949a479e481213c2b747263ad7501d.exe"C:\Users\Admin\AppData\Local\Temp\98949a479e481213c2b747263ad7501d.exe"1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4160 -
C:\Users\Admin\AppData\Local\Temp\DM\wPjFzmb276fZhZ3\98949a479e481213c2b747263ad7501d.exeC:\Users\Admin\AppData\Local\Temp\DM\wPjFzmb276fZhZ3\98949a479e481213c2b747263ad7501d.exe /path="C:\Users\Admin\AppData\Local\Temp\98949a479e481213c2b747263ad7501d.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2684
-
Network
-
Remote address:8.8.8.8:53Request104.219.191.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request180.178.17.96.in-addr.arpaIN PTRResponse180.178.17.96.in-addr.arpaIN PTRa96-17-178-180deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request73.31.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestdtrack.secdls.comIN AResponse
-
Remote address:8.8.8.8:53Requestapi.updatevideos.comIN AResponseapi.updatevideos.comIN A13.248.169.48api.updatevideos.comIN A76.223.54.146
-
GEThttp://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml98949a479e481213c2b747263ad7501d.exeRemote address:13.248.169.48:80RequestGET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Host: api.updatevideos.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Tue, 13 Feb 2024 05:23:29 GMT
Content-Type: text/html
Content-Length: 315
Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
Connection: keep-alive
ETag: "65b834cc-13b"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
Set-Cookie: country=RO;Path=/;Max-Age=86400;
Set-Cookie: city="";Path=/;Max-Age=86400;
Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
Accept-Ranges: bytes
-
GEThttp://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml98949a479e481213c2b747263ad7501d.exeRemote address:13.248.169.48:80RequestGET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Host: api.updatevideos.com
ResponseHTTP/1.1 200 OK
Date: Tue, 13 Feb 2024 05:23:30 GMT
Content-Type: text/html
Content-Length: 315
Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
Connection: keep-alive
ETag: "65b834cc-13b"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
Set-Cookie: country=RO;Path=/;Max-Age=86400;
Set-Cookie: city="";Path=/;Max-Age=86400;
Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
Accept-Ranges: bytes
-
GEThttp://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml98949a479e481213c2b747263ad7501d.exeRemote address:13.248.169.48:80RequestGET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Host: api.updatevideos.com
ResponseHTTP/1.1 200 OK
Date: Tue, 13 Feb 2024 05:23:30 GMT
Content-Type: text/html
Content-Length: 315
Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
Connection: keep-alive
ETag: "65b834cc-13b"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
Set-Cookie: country=RO;Path=/;Max-Age=86400;
Set-Cookie: city="";Path=/;Max-Age=86400;
Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
Accept-Ranges: bytes
-
GEThttp://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml98949a479e481213c2b747263ad7501d.exeRemote address:13.248.169.48:80RequestGET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Host: api.updatevideos.com
ResponseHTTP/1.1 200 OK
Date: Tue, 13 Feb 2024 05:23:30 GMT
Content-Type: text/html
Content-Length: 315
Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
Connection: keep-alive
ETag: "65b834cc-13b"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
Set-Cookie: country=RO;Path=/;Max-Age=86400;
Set-Cookie: city="";Path=/;Max-Age=86400;
Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
Accept-Ranges: bytes
-
GEThttp://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml98949a479e481213c2b747263ad7501d.exeRemote address:13.248.169.48:80RequestGET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Host: api.updatevideos.com
ResponseHTTP/1.1 200 OK
Date: Tue, 13 Feb 2024 05:23:30 GMT
Content-Type: text/html
Content-Length: 315
Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
Connection: keep-alive
ETag: "65b834cc-13b"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
Set-Cookie: country=RO;Path=/;Max-Age=86400;
Set-Cookie: city="";Path=/;Max-Age=86400;
Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
Accept-Ranges: bytes
-
GEThttp://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml98949a479e481213c2b747263ad7501d.exeRemote address:13.248.169.48:80RequestGET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Host: api.updatevideos.com
ResponseHTTP/1.1 200 OK
Date: Tue, 13 Feb 2024 05:23:30 GMT
Content-Type: text/html
Content-Length: 315
Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
Connection: keep-alive
ETag: "65b834cc-13b"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
Set-Cookie: country=RO;Path=/;Max-Age=86400;
Set-Cookie: city="";Path=/;Max-Age=86400;
Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
Accept-Ranges: bytes
-
GEThttp://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml98949a479e481213c2b747263ad7501d.exeRemote address:13.248.169.48:80RequestGET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Host: api.updatevideos.com
ResponseHTTP/1.1 200 OK
Date: Tue, 13 Feb 2024 05:23:30 GMT
Content-Type: text/html
Content-Length: 315
Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
Connection: keep-alive
ETag: "65b834cc-13b"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
Set-Cookie: country=RO;Path=/;Max-Age=86400;
Set-Cookie: city="";Path=/;Max-Age=86400;
Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
Accept-Ranges: bytes
-
GEThttp://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml98949a479e481213c2b747263ad7501d.exeRemote address:13.248.169.48:80RequestGET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Host: api.updatevideos.com
ResponseHTTP/1.1 200 OK
Date: Tue, 13 Feb 2024 05:23:30 GMT
Content-Type: text/html
Content-Length: 315
Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
Connection: keep-alive
ETag: "65b834cc-13b"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
Set-Cookie: country=RO;Path=/;Max-Age=86400;
Set-Cookie: city="";Path=/;Max-Age=86400;
Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
Accept-Ranges: bytes
-
GEThttp://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml98949a479e481213c2b747263ad7501d.exeRemote address:13.248.169.48:80RequestGET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Host: api.updatevideos.com
ResponseHTTP/1.1 200 OK
Date: Tue, 13 Feb 2024 05:23:30 GMT
Content-Type: text/html
Content-Length: 315
Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
Connection: keep-alive
ETag: "65b834cc-13b"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
Set-Cookie: country=RO;Path=/;Max-Age=86400;
Set-Cookie: city="";Path=/;Max-Age=86400;
Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
Accept-Ranges: bytes
-
GEThttp://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml98949a479e481213c2b747263ad7501d.exeRemote address:13.248.169.48:80RequestGET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Host: api.updatevideos.com
ResponseHTTP/1.1 200 OK
Date: Tue, 13 Feb 2024 05:23:30 GMT
Content-Type: text/html
Content-Length: 315
Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
Connection: keep-alive
ETag: "65b834cc-13b"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
Set-Cookie: country=RO;Path=/;Max-Age=86400;
Set-Cookie: city="";Path=/;Max-Age=86400;
Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
Accept-Ranges: bytes
-
GEThttp://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml98949a479e481213c2b747263ad7501d.exeRemote address:13.248.169.48:80RequestGET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Host: api.updatevideos.com
ResponseHTTP/1.1 200 OK
Date: Tue, 13 Feb 2024 05:23:31 GMT
Content-Type: text/html
Content-Length: 315
Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
Connection: keep-alive
ETag: "65b834cc-13b"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
Set-Cookie: country=RO;Path=/;Max-Age=86400;
Set-Cookie: city="";Path=/;Max-Age=86400;
Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
Accept-Ranges: bytes
-
GEThttp://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml98949a479e481213c2b747263ad7501d.exeRemote address:13.248.169.48:80RequestGET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Host: api.updatevideos.com
ResponseHTTP/1.1 200 OK
Date: Tue, 13 Feb 2024 05:23:31 GMT
Content-Type: text/html
Content-Length: 315
Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
Connection: keep-alive
ETag: "65b834cc-13b"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
Set-Cookie: country=RO;Path=/;Max-Age=86400;
Set-Cookie: city="";Path=/;Max-Age=86400;
Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
Accept-Ranges: bytes
-
Remote address:8.8.8.8:53Request48.169.248.13.in-addr.arpaIN PTRResponse48.169.248.13.in-addr.arpaIN PTRa904c694c05102f30awsglobalacceleratorcom
-
Remote address:8.8.8.8:53Requestdtrack.secdls.comIN AResponse
-
Remote address:8.8.8.8:53Requesttrack.updatevideos.comIN AResponsetrack.updatevideos.comIN A13.248.169.48track.updatevideos.comIN A76.223.54.146
-
POSThttp://track.updatevideos.com/index.php/trackLocal/sendQueue98949a479e481213c2b747263ad7501d.exeRemote address:13.248.169.48:80RequestPOST /index.php/trackLocal/sendQueue HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: track.updatevideos.com
Content-Length: 379
Expect: 100-continue
Connection: Keep-Alive
ResponseHTTP/1.1 403 Forbidden
Date: Tue, 13 Feb 2024 05:23:34 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
ETag: "65ca405c-0"
-
POSThttp://track.updatevideos.com/index.php/trackLocal/sendQueue98949a479e481213c2b747263ad7501d.exeRemote address:13.248.169.48:80RequestPOST /index.php/trackLocal/sendQueue HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: track.updatevideos.com
Content-Length: 379
Expect: 100-continue
ResponseHTTP/1.1 403 Forbidden
Date: Tue, 13 Feb 2024 05:23:34 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
ETag: "65ca405c-0"
-
Remote address:8.8.8.8:53Request13.86.106.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request79.121.231.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request194.178.17.96.in-addr.arpaIN PTRResponse194.178.17.96.in-addr.arpaIN PTRa96-17-178-194deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request13.227.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request0.205.248.87.in-addr.arpaIN PTRResponse0.205.248.87.in-addr.arpaIN PTRhttps-87-248-205-0lgwllnwnet
-
104 B 2
-
13.248.169.48:80http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xmlhttp98949a479e481213c2b747263ad7501d.exe3.7kB 15.3kB 17 25
HTTP Request
GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xmlHTTP Response
200HTTP Request
GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xmlHTTP Response
200HTTP Request
GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xmlHTTP Response
200HTTP Request
GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xmlHTTP Response
200HTTP Request
GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xmlHTTP Response
200HTTP Request
GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xmlHTTP Response
200HTTP Request
GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xmlHTTP Response
200HTTP Request
GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xmlHTTP Response
200HTTP Request
GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xmlHTTP Response
200HTTP Request
GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xmlHTTP Response
200HTTP Request
GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xmlHTTP Response
200HTTP Request
GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xmlHTTP Response
200 -
13.248.169.48:80http://track.updatevideos.com/index.php/trackLocal/sendQueuehttp98949a479e481213c2b747263ad7501d.exe1.4kB 634 B 7 7
HTTP Request
POST http://track.updatevideos.com/index.php/trackLocal/sendQueueHTTP Response
403HTTP Request
POST http://track.updatevideos.com/index.php/trackLocal/sendQueueHTTP Response
403
-
73 B 147 B 1 1
DNS Request
104.219.191.52.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
180.178.17.96.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
73.31.126.40.in-addr.arpa
-
63 B 136 B 1 1
DNS Request
dtrack.secdls.com
-
66 B 98 B 1 1
DNS Request
api.updatevideos.com
DNS Response
13.248.169.4876.223.54.146
-
72 B 128 B 1 1
DNS Request
48.169.248.13.in-addr.arpa
-
63 B 136 B 1 1
DNS Request
dtrack.secdls.com
-
68 B 100 B 1 1
DNS Request
track.updatevideos.com
DNS Response
13.248.169.4876.223.54.146
-
71 B 157 B 1 1
DNS Request
13.86.106.20.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
103.169.127.40.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
79.121.231.20.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
194.178.17.96.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
13.227.111.52.in-addr.arpa
-
71 B 116 B 1 1
DNS Request
0.205.248.87.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
361KB
MD5d50392c6002950c8e2fc7ea0c7af4a05
SHA18cd8fd41bbb9fdb2376b1623af9f2e850ef142ce
SHA256bfe0338d37e9cb6ceb5b47742f400f06345c713e2743947afb0db19da9428787
SHA5125e6a2ad58c24eacba09c197ed5d07e6b37c1a897cfde0fc27743087c0d6a47ee14204497c5c6af8696999ced668eb0d858ebe711d14c3f236a2eac5f3cb5addf
-
Filesize
489KB
MD598949a479e481213c2b747263ad7501d
SHA121013b2c7d0efd7c4f065855ef7e646257a775a7
SHA25624ca1ccadea86789ecfa651686910b20bd61a1ae775969b3cbf904d963df778c
SHA51258496db0a59d886f15214270538fe05370fe2e4513ac864a8dbcd5d644573af624ff8d4b10d6c13ffde1b5062b591995eda2e7e6b92d710d149125707384087e
-
Filesize
16KB
MD5a555472395178ac8c733d90928e05017
SHA1f44b192d66473f01a6540aaec4b6c9ac4c611d35
SHA25682ae08fced4a1f9a7df123634da5f4cb12af4593a006bef421a54739a2cbd44e
SHA512e6d87b030c45c655d93b2e76d7437ad900df5da2475dd2e6e28b6c872040491e80f540b00b6091d16bc8410bd58a1e82c62ee1b17193ef8500a153d4474bb80a