Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

bfb3197e96...c3.exe

windows7-x64

3

bfb3197e96...c3.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11/03/2024, 03:17 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bfb3197e967b47e5be31682f483712c3.exe

  • Size

    14KB

  • MD5

    bfb3197e967b47e5be31682f483712c3

  • SHA1

    0edb9afe94ba65dced3b1fca8f0426c95aed0dbb

  • SHA256

    a8aed95b67e887c5a101869cf20ed283449c44252befab7ea715201a95df2009

  • SHA512

    07d2b3157fa0bc14a4beb62a896e44ac7e44ca41c0ab4a26fe3c972a7ab1ef4e07a868f758dcf807d9549f5d4e7a7449b220e6df5c254f597b01f73aa7f15dce

  • SSDEEP

    192:Kr9sK+lGFKbWLLKSq4zqD9YjtY8gU3xneFI5ue25fh7Kv30DGpsK6t:Kr9DFKWLe+zqD9YRL5eFI5ueOxKf2t

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bfb3197e967b47e5be31682f483712c3.exe
    "C:\Users\Admin\AppData\Local\Temp\bfb3197e967b47e5be31682f483712c3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=xkoBlCjLX6w
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2940
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2680
    • C:\Windows\SysWOW64\Explorer.exe
      Explorer.exe
      2⤵
        PID:2628
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32 /s svchosts.dll
        2⤵
          PID:2576

      Network

      • flag-us
        DNS
        turma1010.iespana.es
        bfb3197e967b47e5be31682f483712c3.exe
        Remote address:
        8.8.8.8:53
        Request
        turma1010.iespana.es
        IN A
        Response
      • flag-us
        DNS
        www.youtube.com
        IEXPLORE.EXE
        Remote address:
        8.8.8.8:53
        Request
        www.youtube.com
        IN A
        Response
        www.youtube.com
        IN CNAME
        youtube-ui.l.google.com
        youtube-ui.l.google.com
        IN A
        142.250.179.142
        youtube-ui.l.google.com
        IN A
        142.251.36.46
        youtube-ui.l.google.com
        IN A
        172.217.168.238
        youtube-ui.l.google.com
        IN A
        142.250.179.174
        youtube-ui.l.google.com
        IN A
        142.250.179.206
        youtube-ui.l.google.com
        IN A
        142.251.36.14
        youtube-ui.l.google.com
        IN A
        142.251.39.110
        youtube-ui.l.google.com
        IN A
        172.217.168.206
        youtube-ui.l.google.com
        IN A
        172.217.23.206
        youtube-ui.l.google.com
        IN A
        216.58.214.14
      • flag-nl
        GET
        http://www.youtube.com/watch?v=xkoBlCjLX6w
        IEXPLORE.EXE
        Remote address:
        142.250.179.142:80
        Request
        GET /watch?v=xkoBlCjLX6w HTTP/1.1
        Accept: text/html, application/xhtml+xml, */*
        Accept-Language: en-US
        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
        Accept-Encoding: gzip, deflate
        Host: www.youtube.com
        Connection: Keep-Alive
        Response
        HTTP/1.1 301 Moved Permanently
        Content-Type: application/binary
        X-Content-Type-Options: nosniff
        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
        Pragma: no-cache
        Expires: Mon, 01 Jan 1990 00:00:00 GMT
        Date: Mon, 11 Mar 2024 03:17:10 GMT
        Location: https://www.youtube.com/watch?v=xkoBlCjLX6w
        Server: ESF
        Content-Length: 0
        X-XSS-Protection: 0
        X-Frame-Options: SAMEORIGIN
      • flag-nl
        GET
        https://www.youtube.com/watch?v=xkoBlCjLX6w
        IEXPLORE.EXE
        Remote address:
        142.250.179.142:443
        Request
        GET /watch?v=xkoBlCjLX6w HTTP/1.1
        Accept: text/html, application/xhtml+xml, */*
        Accept-Language: en-US
        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
        Accept-Encoding: gzip, deflate
        Host: www.youtube.com
        Connection: Keep-Alive
        Response
        HTTP/1.1 302 Found
        Content-Type: application/binary
        X-Content-Type-Options: nosniff
        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
        Pragma: no-cache
        Expires: Mon, 01 Jan 1990 00:00:00 GMT
        Date: Mon, 11 Mar 2024 03:17:11 GMT
        Location: https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DxkoBlCjLX6w
        X-Frame-Options: SAMEORIGIN
        Strict-Transport-Security: max-age=31536000
        Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
        Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main"
        Origin-Trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
        Server: ESF
        Content-Length: 0
        X-XSS-Protection: 0
        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      • flag-nl
        GET
        https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DxkoBlCjLX6w
        IEXPLORE.EXE
        Remote address:
        142.250.179.142:443
        Request
        GET /supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DxkoBlCjLX6w HTTP/1.1
        Accept: text/html, application/xhtml+xml, */*
        Accept-Language: en-US
        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
        Accept-Encoding: gzip, deflate
        Host: www.youtube.com
        Connection: Keep-Alive
        Response
        HTTP/1.1 200 OK
        Content-Type: text/html; charset=utf-8
        X-Content-Type-Options: nosniff
        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
        Pragma: no-cache
        Expires: Mon, 01 Jan 1990 00:00:00 GMT
        Date: Mon, 11 Mar 2024 03:17:11 GMT
        X-Frame-Options: SAMEORIGIN
        Strict-Transport-Security: max-age=31536000
        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
        Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
        Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
        Origin-Trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
        P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
        Content-Encoding: gzip
        Server: ESF
        X-XSS-Protection: 0
        Set-Cookie: hideBrowserUpgradeBox=true; Domain=.youtube.com; Expires=Mon, 25-Mar-2024 03:17:11 GMT; Path=/; Secure; HttpOnly
        Set-Cookie: YSC=uFfr7bFhk1E; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
        Set-Cookie: VISITOR_INFO1_LIVE=kybAIBbkls0; Domain=.youtube.com; Expires=Sat, 07-Sep-2024 03:17:11 GMT; Path=/; Secure; HttpOnly; SameSite=none
        Set-Cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgTA%3D%3D; Domain=.youtube.com; Expires=Sat, 07-Sep-2024 03:17:11 GMT; Path=/; Secure; HttpOnly; SameSite=none
        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
        Transfer-Encoding: chunked
      • flag-nl
        GET
        https://www.youtube.com/img/desktop/supported_browsers/yt_logo_rgb_light.png
        IEXPLORE.EXE
        Remote address:
        142.250.179.142:443
        Request
        GET /img/desktop/supported_browsers/yt_logo_rgb_light.png HTTP/1.1
        Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
        Referer: https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DxkoBlCjLX6w
        Accept-Language: en-US
        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
        Accept-Encoding: gzip, deflate
        Host: www.youtube.com
        Connection: Keep-Alive
        Cookie: hideBrowserUpgradeBox=true; YSC=uFfr7bFhk1E; VISITOR_INFO1_LIVE=kybAIBbkls0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgTA%3D%3D
        Response
        HTTP/1.1 200 OK
        Accept-Ranges: bytes
        Cross-Origin-Resource-Policy: cross-origin
        Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube-marketing"
        Report-To: {"group":"youtube-marketing","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube-marketing"}]}
        Content-Length: 9171
        X-Content-Type-Options: nosniff
        Server: sffe
        X-XSS-Protection: 0
        Date: Sat, 09 Mar 2024 22:44:54 GMT
        Expires: Sun, 09 Mar 2025 22:44:54 GMT
        Cache-Control: public, max-age=31536000
        Last-Modified: Wed, 16 Oct 2019 17:15:00 GMT
        Content-Type: image/png
        Age: 102737
        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      • flag-nl
        GET
        https://www.youtube.com/img/desktop/supported_browsers/dinosaur.png
        IEXPLORE.EXE
        Remote address:
        142.250.179.142:443
        Request
        GET /img/desktop/supported_browsers/dinosaur.png HTTP/1.1
        Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
        Referer: https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DxkoBlCjLX6w
        Accept-Language: en-US
        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
        Accept-Encoding: gzip, deflate
        Host: www.youtube.com
        Connection: Keep-Alive
        Cookie: hideBrowserUpgradeBox=true; YSC=uFfr7bFhk1E; VISITOR_INFO1_LIVE=kybAIBbkls0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgTA%3D%3D
        Response
        HTTP/1.1 200 OK
        Accept-Ranges: bytes
        Cross-Origin-Resource-Policy: cross-origin
        Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube-marketing"
        Report-To: {"group":"youtube-marketing","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube-marketing"}]}
        Content-Length: 59088
        X-Content-Type-Options: nosniff
        Server: sffe
        X-XSS-Protection: 0
        Date: Sat, 09 Mar 2024 22:46:59 GMT
        Expires: Sun, 09 Mar 2025 22:46:59 GMT
        Cache-Control: public, max-age=31536000
        Last-Modified: Wed, 16 Oct 2019 17:15:00 GMT
        Content-Type: image/png
        Age: 102612
        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      • flag-nl
        GET
        https://www.youtube.com/img/desktop/supported_browsers/firefox.png
        IEXPLORE.EXE
        Remote address:
        142.250.179.142:443
        Request
        GET /img/desktop/supported_browsers/firefox.png HTTP/1.1
        Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
        Referer: https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DxkoBlCjLX6w
        Accept-Language: en-US
        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
        Accept-Encoding: gzip, deflate
        Host: www.youtube.com
        Connection: Keep-Alive
        Cookie: hideBrowserUpgradeBox=true; YSC=uFfr7bFhk1E; VISITOR_INFO1_LIVE=kybAIBbkls0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgTA%3D%3D
        Response
        HTTP/1.1 200 OK
        Accept-Ranges: bytes
        Cross-Origin-Resource-Policy: cross-origin
        Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube-marketing"
        Report-To: {"group":"youtube-marketing","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube-marketing"}]}
        Content-Length: 9291
        X-Content-Type-Options: nosniff
        Server: sffe
        X-XSS-Protection: 0
        Date: Sat, 09 Mar 2024 22:50:00 GMT
        Expires: Sun, 09 Mar 2025 22:50:00 GMT
        Cache-Control: public, max-age=31536000
        Last-Modified: Sun, 25 Jun 2023 02:58:00 GMT
        Content-Type: image/png
        Age: 102431
        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      • flag-nl
        GET
        https://www.youtube.com/favicon.ico
        IEXPLORE.EXE
        Remote address:
        142.250.179.142:443
        Request
        GET /favicon.ico HTTP/1.1
        Accept: */*
        Accept-Encoding: gzip, deflate
        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
        Host: www.youtube.com
        Connection: Keep-Alive
        Cookie: hideBrowserUpgradeBox=true; YSC=uFfr7bFhk1E; VISITOR_INFO1_LIVE=kybAIBbkls0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgTA%3D%3D
        Response
        HTTP/1.1 200 OK
        Accept-Ranges: bytes
        Content-Encoding: gzip
        Cross-Origin-Resource-Policy: cross-origin
        Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube-marketing"
        Report-To: {"group":"youtube-marketing","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube-marketing"}]}
        Content-Length: 180
        X-Content-Type-Options: nosniff
        Server: sffe
        X-XSS-Protection: 0
        Date: Sat, 09 Mar 2024 22:52:01 GMT
        Expires: Sun, 09 Mar 2025 22:52:01 GMT
        Cache-Control: public, max-age=31536000
        Last-Modified: Sun, 25 Jun 2023 02:58:00 GMT
        Content-Type: image/x-icon
        Vary: Accept-Encoding
        Age: 102313
        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      • flag-nl
        GET
        https://www.youtube.com/img/desktop/supported_browsers/chrome.png
        IEXPLORE.EXE
        Remote address:
        142.250.179.142:443
        Request
        GET /img/desktop/supported_browsers/chrome.png HTTP/1.1
        Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
        Referer: https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DxkoBlCjLX6w
        Accept-Language: en-US
        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
        Accept-Encoding: gzip, deflate
        Host: www.youtube.com
        Connection: Keep-Alive
        Cookie: hideBrowserUpgradeBox=true; YSC=uFfr7bFhk1E; VISITOR_INFO1_LIVE=kybAIBbkls0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgTA%3D%3D
        Response
        HTTP/1.1 200 OK
        Accept-Ranges: bytes
        Cross-Origin-Resource-Policy: cross-origin
        Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube-marketing"
        Report-To: {"group":"youtube-marketing","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube-marketing"}]}
        Content-Length: 6213
        X-Content-Type-Options: nosniff
        Server: sffe
        X-XSS-Protection: 0
        Date: Thu, 07 Mar 2024 05:44:42 GMT
        Expires: Fri, 07 Mar 2025 05:44:42 GMT
        Cache-Control: public, max-age=31536000
        Age: 336749
        Last-Modified: Sun, 25 Jun 2023 02:58:00 GMT
        Content-Type: image/png
        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      • flag-nl
        GET
        https://www.youtube.com/img/desktop/supported_browsers/opera.png
        IEXPLORE.EXE
        Remote address:
        142.250.179.142:443
        Request
        GET /img/desktop/supported_browsers/opera.png HTTP/1.1
        Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
        Referer: https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DxkoBlCjLX6w
        Accept-Language: en-US
        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
        Accept-Encoding: gzip, deflate
        Host: www.youtube.com
        Connection: Keep-Alive
        Cookie: hideBrowserUpgradeBox=true; YSC=uFfr7bFhk1E; VISITOR_INFO1_LIVE=kybAIBbkls0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgTA%3D%3D
        Response
        HTTP/1.1 200 OK
        Accept-Ranges: bytes
        Cross-Origin-Resource-Policy: cross-origin
        Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube-marketing"
        Report-To: {"group":"youtube-marketing","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube-marketing"}]}
        Content-Length: 2375
        X-Content-Type-Options: nosniff
        Server: sffe
        X-XSS-Protection: 0
        Date: Sat, 09 Mar 2024 22:38:06 GMT
        Expires: Sun, 09 Mar 2025 22:38:06 GMT
        Cache-Control: public, max-age=31536000
        Last-Modified: Wed, 16 Oct 2019 17:15:00 GMT
        Content-Type: image/png
        Age: 103145
        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      • flag-nl
        GET
        https://www.youtube.com/img/desktop/supported_browsers/edgium.png
        IEXPLORE.EXE
        Remote address:
        142.250.179.142:443
        Request
        GET /img/desktop/supported_browsers/edgium.png HTTP/1.1
        Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
        Referer: https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DxkoBlCjLX6w
        Accept-Language: en-US
        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
        Accept-Encoding: gzip, deflate
        Host: www.youtube.com
        Connection: Keep-Alive
        Cookie: hideBrowserUpgradeBox=true; YSC=uFfr7bFhk1E; VISITOR_INFO1_LIVE=kybAIBbkls0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgTA%3D%3D
        Response
        HTTP/1.1 200 OK
        Accept-Ranges: bytes
        Cross-Origin-Resource-Policy: cross-origin
        Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube-marketing"
        Report-To: {"group":"youtube-marketing","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube-marketing"}]}
        Content-Length: 7121
        X-Content-Type-Options: nosniff
        Server: sffe
        X-XSS-Protection: 0
        Date: Thu, 07 Mar 2024 05:50:39 GMT
        Expires: Fri, 07 Mar 2025 05:50:39 GMT
        Cache-Control: public, max-age=31536000
        Age: 336392
        Last-Modified: Wed, 12 Feb 2020 21:45:00 GMT
        Content-Type: image/png
        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      • 142.250.179.142:80
        http://www.youtube.com/watch?v=xkoBlCjLX6w
        http
        IEXPLORE.EXE
        597 B
         1.0kB
         7
        5

        HTTP Request

        GET http://www.youtube.com/watch?v=xkoBlCjLX6w

        HTTP Response

        301
      • 142.250.179.142:80
        www.youtube.com
        IEXPLORE.EXE
        190 B
         92 B
         4
        2
      • 142.250.179.142:443
        https://www.youtube.com/img/desktop/supported_browsers/dinosaur.png
        tls, http
        IEXPLORE.EXE
        4.4kB
         86.4kB
         50
        73

        HTTP Request

        GET https://www.youtube.com/watch?v=xkoBlCjLX6w

        HTTP Response

        302

        HTTP Request

        GET https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DxkoBlCjLX6w

        HTTP Response

        200

        HTTP Request

        GET https://www.youtube.com/img/desktop/supported_browsers/yt_logo_rgb_light.png

        HTTP Response

        200

        HTTP Request

        GET https://www.youtube.com/img/desktop/supported_browsers/dinosaur.png

        HTTP Response

        200
      • 142.250.179.142:443
        https://www.youtube.com/favicon.ico
        tls, http
        IEXPLORE.EXE
        2.0kB
         18.7kB
         16
        18

        HTTP Request

        GET https://www.youtube.com/img/desktop/supported_browsers/firefox.png

        HTTP Response

        200

        HTTP Request

        GET https://www.youtube.com/favicon.ico

        HTTP Response

        200
      • 142.250.179.142:443
        https://www.youtube.com/img/desktop/supported_browsers/chrome.png
        tls, http
        IEXPLORE.EXE
        1.5kB
         14.5kB
         13
        15

        HTTP Request

        GET https://www.youtube.com/img/desktop/supported_browsers/chrome.png

        HTTP Response

        200
      • 142.250.179.142:443
        https://www.youtube.com/img/desktop/supported_browsers/opera.png
        tls, http
        IEXPLORE.EXE
        1.5kB
         10.9kB
         13
        13

        HTTP Request

        GET https://www.youtube.com/img/desktop/supported_browsers/opera.png

        HTTP Response

        200
      • 142.250.179.142:443
        https://www.youtube.com/img/desktop/supported_browsers/edgium.png
        tls, http
        IEXPLORE.EXE
        1.5kB
         15.4kB
         13
        15

        HTTP Request

        GET https://www.youtube.com/img/desktop/supported_browsers/edgium.png

        HTTP Response

        200
      • 142.250.179.142:443
        www.youtube.com
        tls
        IEXPLORE.EXE
        1.3kB
         8.7kB
         14
        11
      • 204.79.197.200:443
        ieonline.microsoft.com
        tls
        iexplore.exe
        799 B
         7.7kB
         10
        13
      • 204.79.197.200:443
        ieonline.microsoft.com
        tls
        iexplore.exe
        799 B
         7.7kB
         10
        13
      • 204.79.197.200:443
        ieonline.microsoft.com
        tls
        iexplore.exe
        831 B
         7.7kB
         10
        13
      • 8.8.8.8:53
        turma1010.iespana.es
        dns
        bfb3197e967b47e5be31682f483712c3.exe
        66 B
         139 B
         1
        1

        DNS Request

        turma1010.iespana.es

      • 8.8.8.8:53
        www.youtube.com
        dns
        IEXPLORE.EXE
        61 B
         255 B
         1
        1

        DNS Request

        www.youtube.com

        DNS Response

        142.250.179.142
        142.251.36.46
        172.217.168.238
        142.250.179.174
        142.250.179.206
        142.251.36.14
        142.251.39.110
        172.217.168.206
        172.217.23.206
        216.58.214.14

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
        Filesize

        67KB

        MD5

        753df6889fd7410a2e9fe333da83a429

        SHA1

        3c425f16e8267186061dd48ac1c77c122962456e

        SHA256

        b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

        SHA512

        9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        228e02b5a909e45cf8a86e7b06cc1ca5

        SHA1

        3d1e661941d27bba90cc2a6dad6998d151b4cf07

        SHA256

        3f420714900337cbf199726361799fb47589e3d0aa89dfd258af632e7b6513e6

        SHA512

        5d666653a06a7b90d37579f4c0c31f7e10206c95fa5be6b4298a9f6cb7459e392c81aecb29a05bfac25f00c89114495cd1f0bd56c93c3a08b58b888e05b2228c

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        7ec9eea19b2dd0e8cea435791a6b97cb

        SHA1

        c75b7254c1775c1875a77b07cb3ba86d8e67c29d

        SHA256

        4ecb243f611d60677c858ec213048ec7003293ff6412021ed7e5a5a509dbee01

        SHA512

        2481dc8417585909889e7240d797ac5a3d3545eb31cf38bae8d070c5a465efee2184626ffa0376f56774518f7212c0a5d246476b8bfbd44c7631e05dcae611dc

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        a172013503f5cb2352952bbe025bdd2d

        SHA1

        a6550886965c99dc1317f0c987103b983c35ee54

        SHA256

        1f3f5adab1a99e461112ab8db45a15c136fe8ff50156880c519b3e11f38244a5

        SHA512

        f961932617962a900d885617fae185d562afaf6104514c8a996bc452fa38904063a596dc10c07366ed9c40904f2ac7982e7fa87b12444e584ce6e99482939716

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        1c15b4fab7116bd423108bde1499f321

        SHA1

        c6ebb426e2700a6d68c83f362e809b47310c52dd

        SHA256

        b9b8eea518559777aaf2daea539b8254302a4e5c31a336422ede16502c15a06d

        SHA512

        242202f1a0170bc782a91e0a460d4dc2adaa2e54cc5604277d1505f1ef893ac287dd9f0ce854747e044118641eb5d8cf7330967a88a2815fb7b522d69c76149b

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        35f9e59cd4ee9cd21a2256251b4f162a

        SHA1

        2d6eda2c5381df76605ded660305b65d2bd73dae

        SHA256

        7aa328f0619d4a4836a98a4ff71eccf3e54d8e069418dd50387b68f045db40a2

        SHA512

        ae46c85a95363bf2c3b1e6239d09ea9c7cb82fd51388dd809edee8cef89e38ef29ebba2137e7b8e002a03775b39fa5add7e326085f485ebd06b4621247e4c6dd

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        6094779bdda37263a467e8ab6f39b5d4

        SHA1

        13bda3e83bc0051c7dee64b45629db56822529f4

        SHA256

        5175a27e3c9503e94611bfa2632062aeccb058a786102590390793d0566f0199

        SHA512

        e4f080ddb9c2d3d25263fe8fc4ee0e1888974d8184dd70c3fe36fca67ed5a4b95330bcc8f11268780e4d950e44ea992ed436e997fd2a5251d623a9e90679c091

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        2db650fde888aed14a3ad90b01e414d2

        SHA1

        5a600d2727940f156780b3acbe96c5257dd272bf

        SHA256

        29b5f548cc9300ee151d5b64ccc62fbf078fbfb0411b139a39cd3be6eef1ee1b

        SHA512

        37320b743ea1cd119b6bd2b070d9270c4b93f3084e55200c49b460fbcd01bcd77d4371731cd8aac31b84673aaf34c235fe98a6d5b438f52a073fd3825ecfb88c

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        4ed618a1409fff0bd75a312c0db996ef

        SHA1

        7dc6fa2628353132274959a40c5351636158fb88

        SHA256

        5f3f0ae401919645450e3247ee70975b1b0788bd8e918d298e82739df5059951

        SHA512

        22ed4fcb8eaa01e848602a4725afe58a4e02b13605fb0fe2d4699a694929602f4a83da41f119076ce72db500259fa389cbd1e471e54540af4c9ac204b2b74971

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        b44da91790198fcefd3b0b7a65ef2dab

        SHA1

        1cf779fa171b2758f4d4ceaf54726cdea93de228

        SHA256

        43d2adf9e4a6750103dc6f3f049b9ee5090249f485fed26fce66933a9974c343

        SHA512

        317fe3be561d37bae4f484f5dad8a2578ceaf2e656092828f9b7fc36224edc5e81f86d890aa8d1c81c61522bc9390b01021e014f24ef3d2b39f27a4b4472aa92

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        ce292b2c632741fe5e8e79cea926236f

        SHA1

        0ac3f3b4517dcde53abecfcc1ecc9dcef462e3c5

        SHA256

        dc17aaabc5b87e4e5e40f7282d17aeabf07ae5a5b4d568fa2500f55df6f1527d

        SHA512

        887865da1723a8bc478cd99d17de2b96b490c0d0d954184f32766152ca457ae804304c54807073473840aed4dd51453cd2cb55d49a5a2e374129f3ba91e5eafb

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        298d9ad08830271ccc4a11e220038726

        SHA1

        0b3a157843a64482fa7a4ba1049b35702781e767

        SHA256

        4ccc7d99677e41898a6e89c08d6e1ebf8a1ad59d629911cee7c8d770301dff59

        SHA512

        ff55961d70b59bb65b17ed6d51abfe0a3649769c76b37d4d6114bce6c2bae977ce6fdc09194698cac94b277bbf00c0043672e3d7a243fd22807c2897d7685e1c

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        11b09d563ec56a625a911d868661beae

        SHA1

        72221b1919e8cd6085629644928f857dc81272af

        SHA256

        1f7bc6e96ab135c77f50243ed549b14c57a611796c067ce3379bbeb1bb61959f

        SHA512

        3f01961b29f121e0a4957bcadf2eb2dee12eda4bf761d37c51586249ab2c8ad76c7180b0ecca030465e5fb113ce86760744871c572c68d48494e3ea5f53e131a

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        fbbc4b715a112d1b044f36917305aa6b

        SHA1

        d276b53f9d9e2d799f355e0168eaad1127c9a6c0

        SHA256

        f1c69842c607f3b8cfe590b5a9972239ec44832d9fb8647b4f029776d7f13e56

        SHA512

        79104ab9318f7dd5226546d2e4087fd03288ff10ef3b062d6fa235711c84c84dcf7b84c506ce59a4e3dd333709ca4b6c59a00a14f61cf3def4078c448bfad301

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        bb40ed4c47dc8197b5354afa42ee94b0

        SHA1

        ab8a3edfd370af4946549422ca1c23d8a3ef64a3

        SHA256

        1f4c2ad1e41e445d7880970a9372e1defe3be3bae0a1a50e199874964358b9fb

        SHA512

        ed812082cfa2b8964003cfccf583db2f0b599b371f22259c8b01f76a26c04203b4563281529ae74836888afa7541bb48257444338df9331c25fdc71e6b868113

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        a41492540ab124091795b7ad73ef5edd

        SHA1

        fefec12c258cf7ea7ea016d7caf3ac0c7770b652

        SHA256

        c338c74f73445707ea275366f754e07bcc4d852a3bf7afbe8422928745d53c71

        SHA512

        af182d354ecfad661e0538507b7a08625dc7589e505e559c5deebff2e4010a57135b041c6b91684689d81e6336c21a22828a48b26a7211d798e38404c8c0c914

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        e077b6e026dfe1fa7e63051ad469d51b

        SHA1

        8994badd078ff3754f5f780e3dd118962695dade

        SHA256

        4473df59ee2ff89bdb652cdf664c9530946f15373bef4342e0af2e742a806794

        SHA512

        d86f2d1c10ca0d4332f265f875c3af8fd35ff23a2b55e53e704cf1d511723476dfac27ea4f09d91d0f7b07e96218d9c1718cd2517bbbadde7b62723d46481374

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        caf8d70cc0b2b02f0aa3bd3b0bf0dcfe

        SHA1

        c17e62089c94e6895533141055220eae7a7c7607

        SHA256

        0ce851cff48aeb89a0432f5ecc2f5f1e3d1a44495d177626ca8d2a848737fd89

        SHA512

        55572b4de1035c1ba883c68e50ad5faa663f75dd28f228d1208312cadb845a5052c18659fa7431b271c666102250275bc9e5653ef3a64bbf1d46bd053bb9308e

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        93c3fad80c165b7f9cec8eaa5b92c31b

        SHA1

        28fdd2e7a6d3647a491a15b7a86089e24d2ea5ad

        SHA256

        496f74602cc9f1dacc2d509905dad1a4c4cdf605fba1659432a1db13629e04e0

        SHA512

        71aaf9ecdc6840683806b9dd713e3348b0b7893aa8f947032a82f784aceb9943dd859a6f63e440eb766bad710664fe2dd3b8120724835d5d212b418dc2562d24

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        efe1f912595f99e1428099387db60de0

        SHA1

        33ef5d90965db8ff0f638d7969df4f58604e8aaa

        SHA256

        7b9a439bb95176002803150caa06e390708a382194d3aea503df2fede2868c4e

        SHA512

        fb725435be15432f3fbbd79a2683d517a2ae3b08ea6d8fe3c46aea09bdcdcff5d815b5649ec94d42bfb67397a2a3c11b3d59c0fcd3d1fd4d51c81558df4d9071

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        098a2e9f21fd87316fd5a7c82f63cb37

        SHA1

        56dfbbaabebe92ff5d4f76cf296f2a4685bd46ea

        SHA256

        660d5cd9cd86cde0e8b58315780e57b6d1dd5f1f22921974ffb92cb7f6c86cc3

        SHA512

        513238fea8c7a285df2df1425ebdf0944516a0163c563e71fd4e455e01749bef81d36ac1510a81fa09068e5107378534e11d9abd3fa1ac488506dc79a4468c8f

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        63a46b3e14c9920090adbeaf830e6268

        SHA1

        d044f52ab10b6c42bf54e3112ac137e50b866531

        SHA256

        39490b395201e9ab6f2d9964fd00affe389d5380cba3f14813fa07857432d861

        SHA512

        b9822380ca4bb784df4b231be804b5e96b0591e1ba22eaf4aa4be6ad606004e9e338aa1b258c160bf3c989a34ba0f2651de47f1f1d82ac9e55d2efa9155d991f

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jq7rho9\imagestore.dat
        Filesize

        1KB

        MD5

        7070cd72b01fe8f27c73d4f01de35e6a

        SHA1

        21624acbb42c5834d3bcf0907aafafa708b1f067

        SHA256

        f847b1921efc8c4722795edc24eb0c2e2067739fc179fa36c86c1541d3d6350b

        SHA512

        4e51cd978862bcb95cae1de02fd255b62dcaf8bf3a978d11793f1330d13cab3cfd3cf170351a08658020684ec3b5f64bfdca8c6ea19b8079192ca7f069a0397f

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PU2MMJX7\favicon[2].ico
        Filesize

        1KB

        MD5

        f2a495d85735b9a0ac65deb19c129985

        SHA1

        f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

        SHA256

        8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

        SHA512

        6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Cab7AAD.tmp
        Filesize

        65KB

        MD5

        ac05d27423a85adc1622c714f2cb6184

        SHA1

        b0fe2b1abddb97837ea0195be70ab2ff14d43198

        SHA256

        c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

        SHA512

        6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Tar7ACF.tmp
        Filesize

        171KB

        MD5

        9c0c641c06238516f27941aa1166d427

        SHA1

        64cd549fb8cf014fcd9312aa7a5b023847b6c977

        SHA256

        4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

        SHA512

        936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Tar7C4B.tmp
        Filesize

        175KB

        MD5

        dd73cead4b93366cf3465c8cd32e2796

        SHA1

        74546226dfe9ceb8184651e920d1dbfb432b314e

        SHA256

        a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

        SHA512

        ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

        Download Submit

      • memory/2352-0-0x0000000000400000-0x000000000040F000-memory.dmp

        Filesize

        60KB

        Download

      • memory/2352-1-0x0000000000400000-0x000000000040F000-memory.dmp

        Filesize

        60KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.