Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

dmca.html

windows7-x64

1

dmca.html

windows10-2004-x64

1

Analysis

  • max time kernel
    65s
  • max time network
    63s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2024, 05:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dmca.html

  • Size

    82KB

  • MD5

    78828c407acacea129decfdaa12ee728

  • SHA1

    ae291a970910e5a0633e46ff75ca919ae210beff

  • SHA256

    8df846fd19b2fca0eabd0bec38d985ebad929168200b59a7d19276db11d64c92

  • SHA512

    24c64642f4290377b62918309fa46eb42af3fdc6291a0ef7a18a4de33ccf351e6eb9d96f009d689fd9f3ac319ade9c7f06af32bb9d306698a24e13b5bbe01396

  • SSDEEP

    768:PRO21r218qx6I+fwINGsN0H0z3Fz9+FAn82/C/20C/2Z+a:r1C18qQNxN0o3Fz9+Fd2/C/20C/2Z+a

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dmca.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2612
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2332

Network

  • flag-us
    DNS
    mc.yandex.ru
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    mc.yandex.ru
    IN A
    Response
    mc.yandex.ru
    IN A
    77.88.21.119
    mc.yandex.ru
    IN A
    87.250.251.119
    mc.yandex.ru
    IN A
    87.250.250.119
    mc.yandex.ru
    IN A
    93.158.134.119
  • flag-us
    DNS
    mc.yandex.ru
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    mc.yandex.ru
    IN A
  • flag-us
    DNS
    mc.yandex.ru
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    mc.yandex.ru
    IN A
  • flag-ru
    GET
    https://mc.yandex.ru/metrika/tag.js
    IEXPLORE.EXE
    Remote address:
    77.88.21.119:443
    Request
    GET /metrika/tag.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mc.yandex.ru
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=3600
    Content-Encoding: gzip
    Content-Length: 80298
    Content-Type: application/javascript
    Date: Sat, 16 Mar 2024 05:35:37 GMT
    ETag: "65e1be04-139aa"
    Expires: Sat, 16 Mar 2024 06:35:37 GMT
    Last-Modified: Fri, 01 Mar 2024 11:37:40 GMT
    Set-Cookie: _yasc=J9nfCwY+NK1pT++ytobiXT64QKrN7pwVxO2ilYFptSXVhHurUULzu32XA7V/KpHG; domain=.yandex.ru; path=/; expires=Tue, 14 Mar 2034 05:35:37 GMT; secure
    Set-Cookie: i=xmyuuDcQouQhzPup8y/sSkfYMVH6rO5qTRvoMj0slS5ALKwHUqb5OzodlhCNjVXZ1CidTaJvT0sOFpDQaVJ8WEzA7OA=; Expires=Mon, 16-Mar-2026 05:35:37 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly
    Set-Cookie: yandexuid=6790049261710567337; Expires=Mon, 16-Mar-2026 05:35:37 GMT; Domain=.yandex.ru; Path=/; Secure
    Strict-Transport-Security: max-age=31536000
    Timing-Allow-Origin: *
  • flag-ru
    GET
    https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10310.67qR7-5Ln_qgYhS7GPk9T2jMRj-8WJIqzF000okyaEyOFCMtguWchQdLpIFBuJFD.YNpxgzaM9j4DyL_m91TRt7HdAtM%2C
    IEXPLORE.EXE
    Remote address:
    77.88.21.119:443
    Request
    GET /sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10310.67qR7-5Ln_qgYhS7GPk9T2jMRj-8WJIqzF000okyaEyOFCMtguWchQdLpIFBuJFD.YNpxgzaM9j4DyL_m91TRt7HdAtM%2C HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mc.yandex.ru
    Connection: Keep-Alive
    Cookie: _yasc=J9nfCwY+NK1pT++ytobiXT64QKrN7pwVxO2ilYFptSXVhHurUULzu32XA7V/KpHG; i=xmyuuDcQouQhzPup8y/sSkfYMVH6rO5qTRvoMj0slS5ALKwHUqb5OzodlhCNjVXZ1CidTaJvT0sOFpDQaVJ8WEzA7OA=; yandexuid=6790049261710567337
    Response
    HTTP/1.1 302 Moved temporarily
    Date: Sat, 16 Mar 2024 05:35:40 GMT
    Location: https://mc.yandex.com/sync_cookie_image_decide?token=10310.sjJBnBXWfNq5rx18Pb2qWa2JwjhYw28TIZFYBLEqtYtIBzTVs58gaUDEElO4Fz2QanQAC8wVUnTF-QaQF15TMcK53dDTIEL9M-EkDOLTFeUMCECf_S_vmlIGE7i2a5YVNjgcAoYtW7ocZDrNNx_o4gYsLhzIeh1eFoN-WXcQ5S7v5LdIX5QacHJxNhEcQ2PVsvb11zF0__jzsPCRhGfaxMitz5giLSGG2-FXRrJ3zkk%2C.22mMRAlPjSlekudTCQKN5DZzQ_k%2C
    Set-Cookie: sync_cookie_csrf=1897757425fake; Expires=Sat, 16-Mar-2024 05:45:40 GMT; Domain=.mc.yandex.ru; Path=/
    Strict-Transport-Security: max-age=31536000
    Transfer-Encoding: chunked
    X-XSS-Protection: 1; mode=block
  • flag-us
    DNS
    mc.yandex.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    mc.yandex.com
    IN A
    Response
    mc.yandex.com
    IN CNAME
    mc.yandex.ru
    mc.yandex.ru
    IN A
    77.88.21.119
    mc.yandex.ru
    IN A
    87.250.250.119
    mc.yandex.ru
    IN A
    87.250.251.119
    mc.yandex.ru
    IN A
    93.158.134.119
  • flag-ru
    GET
    https://mc.yandex.com/metrika/advert.gif
    IEXPLORE.EXE
    Remote address:
    77.88.21.119:443
    Request
    GET /metrika/advert.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mc.yandex.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
    Accept-Ranges: bytes
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=3600
    Content-Length: 43
    Content-Type: image/gif
    Date: Sat, 16 Mar 2024 05:35:40 GMT
    ETag: "65e1be04-2b"
    Expires: Sat, 16 Mar 2024 06:35:40 GMT
    Last-Modified: Fri, 01 Mar 2024 11:37:40 GMT
    Set-Cookie: i=xFhADj9NyPts6FBFeiZ+UInA7QrUh874jw3pMpW7BTYsOJUesSV2o3NASKfaiWTtj5BKRIfjll0atWBSWjvkQYSi0oc=; Expires=Mon, 16-Mar-2026 05:35:40 GMT; Domain=.yandex.com; Path=/; Secure; HttpOnly
    Set-Cookie: yandexuid=4685647181710567340; Expires=Mon, 16-Mar-2026 05:35:40 GMT; Domain=.yandex.com; Path=/; Secure
    Strict-Transport-Security: max-age=31536000
    Timing-Allow-Origin: *
  • flag-ru
    GET
    https://mc.yandex.com/sync_cookie_image_decide?token=10310.sjJBnBXWfNq5rx18Pb2qWa2JwjhYw28TIZFYBLEqtYtIBzTVs58gaUDEElO4Fz2QanQAC8wVUnTF-QaQF15TMcK53dDTIEL9M-EkDOLTFeUMCECf_S_vmlIGE7i2a5YVNjgcAoYtW7ocZDrNNx_o4gYsLhzIeh1eFoN-WXcQ5S7v5LdIX5QacHJxNhEcQ2PVsvb11zF0__jzsPCRhGfaxMitz5giLSGG2-FXRrJ3zkk%2C.22mMRAlPjSlekudTCQKN5DZzQ_k%2C
    IEXPLORE.EXE
    Remote address:
    77.88.21.119:443
    Request
    GET /sync_cookie_image_decide?token=10310.sjJBnBXWfNq5rx18Pb2qWa2JwjhYw28TIZFYBLEqtYtIBzTVs58gaUDEElO4Fz2QanQAC8wVUnTF-QaQF15TMcK53dDTIEL9M-EkDOLTFeUMCECf_S_vmlIGE7i2a5YVNjgcAoYtW7ocZDrNNx_o4gYsLhzIeh1eFoN-WXcQ5S7v5LdIX5QacHJxNhEcQ2PVsvb11zF0__jzsPCRhGfaxMitz5giLSGG2-FXRrJ3zkk%2C.22mMRAlPjSlekudTCQKN5DZzQ_k%2C HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Cookie: sync_cookie_csrf=3435211848fake
    Connection: Keep-Alive
    Host: mc.yandex.com
    Response
    HTTP/1.1 200 Ok
    Content-Length: 43
    Content-Type: image/gif
    Date: Sat, 16 Mar 2024 05:35:40 GMT
    Set-Cookie: yandexuid=6790049261710567337; Expires=Tue, 14-Mar-2034 05:35:40 GMT; Domain=.yandex.com; Path=/
    Set-Cookie: i=xmyuuDcQouQhzPup8y/sSkfYMVH6rO5qTRvoMj0slS5ALKwHUqb5OzodlhCNjVXZ1CidTaJvT0sOFpDQaVJ8WEzA7OA=; Expires=Tue, 14-Mar-2034 05:35:40 GMT; Domain=.yandex.com; Path=/
    Set-Cookie: sync_cookie_ok=synced; Expires=Sun, 17-Mar-2024 05:35:40 GMT; Domain=.mc.yandex.com; Path=/
    Strict-Transport-Security: max-age=31536000
    X-XSS-Protection: 1; mode=block
  • flag-ru
    GET
    https://mc.yandex.com/watch/91506751?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Fdmca.html&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Aqfujqr3nyxpmy96xs6n0cesb%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1261%3Acn%3A1%3Adp%3A0%3Als%3A229553880695%3Ahid%3A353489783%3Az%3A0%3Ai%3A20240316053539%3Aet%3A1710567339%3Ac%3A1%3Arn%3A166307579%3Au%3A1710567339309342583%3Aw%3A1280x609%3As%3A1280x720x24%3Ask%3A1%3Aj%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C102%2C0%2C%2C%2C%2C102%3Aco%3A0%3Ans%3A1710567332526%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1710567340%3At%3ATaken%20down%20by%20DMCA%20request&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(0)cdl(na)ti(2)
    IEXPLORE.EXE
    Remote address:
    77.88.21.119:443
    Request
    GET /watch/91506751?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Fdmca.html&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Aqfujqr3nyxpmy96xs6n0cesb%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1261%3Acn%3A1%3Adp%3A0%3Als%3A229553880695%3Ahid%3A353489783%3Az%3A0%3Ai%3A20240316053539%3Aet%3A1710567339%3Ac%3A1%3Arn%3A166307579%3Au%3A1710567339309342583%3Aw%3A1280x609%3As%3A1280x720x24%3Ask%3A1%3Aj%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C102%2C0%2C%2C%2C%2C102%3Aco%3A0%3Ans%3A1710567332526%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1710567340%3At%3ATaken%20down%20by%20DMCA%20request&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1
    Accept: */*
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: mc.yandex.com
    Connection: Keep-Alive
    Cookie: sync_cookie_csrf=3435211848fake; sync_cookie_ok=synced; i=xmyuuDcQouQhzPup8y/sSkfYMVH6rO5qTRvoMj0slS5ALKwHUqb5OzodlhCNjVXZ1CidTaJvT0sOFpDQaVJ8WEzA7OA=; yandexuid=6790049261710567337
    Response
    HTTP/1.1 302 Moved temporarily
    Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
    Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
    Date: Sat, 16 Mar 2024 05:35:40 GMT
    Expires: Sat, 16-Mar-2024 05:35:40 GMT
    Last-Modified: Sat, 16-Mar-2024 05:35:40 GMT
    Location: /watch/91506751/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Fdmca.html&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Aqfujqr3nyxpmy96xs6n0cesb%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1261%3Acn%3A1%3Adp%3A0%3Als%3A229553880695%3Ahid%3A353489783%3Az%3A0%3Ai%3A20240316053539%3Aet%3A1710567339%3Ac%3A1%3Arn%3A166307579%3Au%3A1710567339309342583%3Aw%3A1280x609%3As%3A1280x720x24%3Ask%3A1%3Aj%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C102%2C0%2C%2C%2C%2C102%3Aco%3A0%3Ans%3A1710567332526%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1710567340%3At%3ATaken%20down%20by%20DMCA%20request&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%280%29cdl%28na%29ti%282%29
    Pragma: no-cache
    Set-Cookie: yabs-sid=2522775291710567340; Path=/
    Set-Cookie: yandexuid=6790049261710567337; Expires=Sun, 16-Mar-2025 05:35:40 GMT; Domain=.yandex.com; Path=/
    Set-Cookie: ymex=1742103340.yrts.1710567340; Expires=Sun, 16-Mar-2025 05:35:40 GMT; Domain=.yandex.com; Path=/
    Strict-Transport-Security: max-age=31536000
    Transfer-Encoding: chunked
    X-XSS-Protection: 1; mode=block
  • flag-ru
    GET
    https://mc.yandex.com/watch/91506751/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Fdmca.html&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Aqfujqr3nyxpmy96xs6n0cesb%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1261%3Acn%3A1%3Adp%3A0%3Als%3A229553880695%3Ahid%3A353489783%3Az%3A0%3Ai%3A20240316053539%3Aet%3A1710567339%3Ac%3A1%3Arn%3A166307579%3Au%3A1710567339309342583%3Aw%3A1280x609%3As%3A1280x720x24%3Ask%3A1%3Aj%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C102%2C0%2C%2C%2C%2C102%3Aco%3A0%3Ans%3A1710567332526%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1710567340%3At%3ATaken%20down%20by%20DMCA%20request&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%280%29cdl%28na%29ti%282%29
    IEXPLORE.EXE
    Remote address:
    77.88.21.119:443
    Request
    GET /watch/91506751/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Fdmca.html&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Aqfujqr3nyxpmy96xs6n0cesb%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1261%3Acn%3A1%3Adp%3A0%3Als%3A229553880695%3Ahid%3A353489783%3Az%3A0%3Ai%3A20240316053539%3Aet%3A1710567339%3Ac%3A1%3Arn%3A166307579%3Au%3A1710567339309342583%3Aw%3A1280x609%3As%3A1280x720x24%3Ask%3A1%3Aj%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C102%2C0%2C%2C%2C%2C102%3Aco%3A0%3Ans%3A1710567332526%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1710567340%3At%3ATaken%20down%20by%20DMCA%20request&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%280%29cdl%28na%29ti%282%29 HTTP/1.1
    Accept: */*
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: mc.yandex.com
    Connection: Keep-Alive
    Cookie: sync_cookie_csrf=3435211848fake; sync_cookie_ok=synced; yabs-sid=2522775291710567340; i=xmyuuDcQouQhzPup8y/sSkfYMVH6rO5qTRvoMj0slS5ALKwHUqb5OzodlhCNjVXZ1CidTaJvT0sOFpDQaVJ8WEzA7OA=; yandexuid=6790049261710567337; ymex=1742103340.yrts.1710567340
    Response
    HTTP/1.1 200 Ok
    Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
    Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
    Content-Length: 447
    Content-Type: application/json; charset=utf-8
    Date: Sat, 16 Mar 2024 05:35:41 GMT
    Expires: Sat, 16-Mar-2024 05:35:41 GMT
    Last-Modified: Sat, 16-Mar-2024 05:35:41 GMT
    Pragma: no-cache
    Strict-Transport-Security: max-age=31536000
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 1; mode=block
  • flag-ru
    GET
    https://mc.yandex.com/sync_cookie_image_check
    IEXPLORE.EXE
    Remote address:
    77.88.21.119:443
    Request
    GET /sync_cookie_image_check HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mc.yandex.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Moved temporarily
    Date: Sat, 16 Mar 2024 05:35:40 GMT
    Location: https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10310.67qR7-5Ln_qgYhS7GPk9T2jMRj-8WJIqzF000okyaEyOFCMtguWchQdLpIFBuJFD.YNpxgzaM9j4DyL_m91TRt7HdAtM%2C
    Set-Cookie: sync_cookie_csrf=3435211848fake; Expires=Sat, 16-Mar-2024 05:45:40 GMT; Domain=.mc.yandex.com; Path=/
    Strict-Transport-Security: max-age=31536000
    Transfer-Encoding: chunked
    X-XSS-Protection: 1; mode=block
  • 77.88.21.119:443
    mc.yandex.ru
    tls
    IEXPLORE.EXE
    808 B
     3.8kB
     8
    8
  • 77.88.21.119:443
    https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10310.67qR7-5Ln_qgYhS7GPk9T2jMRj-8WJIqzF000okyaEyOFCMtguWchQdLpIFBuJFD.YNpxgzaM9j4DyL_m91TRt7HdAtM%2C
    tls, http
    IEXPLORE.EXE
    3.8kB
     89.0kB
     52
    77

    HTTP Request

    GET https://mc.yandex.ru/metrika/tag.js

    HTTP Response

    200

    HTTP Request

    GET https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10310.67qR7-5Ln_qgYhS7GPk9T2jMRj-8WJIqzF000okyaEyOFCMtguWchQdLpIFBuJFD.YNpxgzaM9j4DyL_m91TRt7HdAtM%2C

    HTTP Response

    302
  • 77.88.21.119:443
    https://mc.yandex.com/watch/91506751/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Fdmca.html&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Aqfujqr3nyxpmy96xs6n0cesb%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1261%3Acn%3A1%3Adp%3A0%3Als%3A229553880695%3Ahid%3A353489783%3Az%3A0%3Ai%3A20240316053539%3Aet%3A1710567339%3Ac%3A1%3Arn%3A166307579%3Au%3A1710567339309342583%3Aw%3A1280x609%3As%3A1280x720x24%3Ask%3A1%3Aj%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C102%2C0%2C%2C%2C%2C102%3Aco%3A0%3Ans%3A1710567332526%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1710567340%3At%3ATaken%20down%20by%20DMCA%20request&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%280%29cdl%28na%29ti%282%29
    tls, http
    IEXPLORE.EXE
    4.0kB
     9.9kB
     12
    15

    HTTP Request

    GET https://mc.yandex.com/metrika/advert.gif

    HTTP Response

    200

    HTTP Request

    GET https://mc.yandex.com/sync_cookie_image_decide?token=10310.sjJBnBXWfNq5rx18Pb2qWa2JwjhYw28TIZFYBLEqtYtIBzTVs58gaUDEElO4Fz2QanQAC8wVUnTF-QaQF15TMcK53dDTIEL9M-EkDOLTFeUMCECf_S_vmlIGE7i2a5YVNjgcAoYtW7ocZDrNNx_o4gYsLhzIeh1eFoN-WXcQ5S7v5LdIX5QacHJxNhEcQ2PVsvb11zF0__jzsPCRhGfaxMitz5giLSGG2-FXRrJ3zkk%2C.22mMRAlPjSlekudTCQKN5DZzQ_k%2C

    HTTP Response

    200

    HTTP Request

    GET https://mc.yandex.com/watch/91506751?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Fdmca.html&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Aqfujqr3nyxpmy96xs6n0cesb%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1261%3Acn%3A1%3Adp%3A0%3Als%3A229553880695%3Ahid%3A353489783%3Az%3A0%3Ai%3A20240316053539%3Aet%3A1710567339%3Ac%3A1%3Arn%3A166307579%3Au%3A1710567339309342583%3Aw%3A1280x609%3As%3A1280x720x24%3Ask%3A1%3Aj%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C102%2C0%2C%2C%2C%2C102%3Aco%3A0%3Ans%3A1710567332526%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1710567340%3At%3ATaken%20down%20by%20DMCA%20request&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(0)cdl(na)ti(2)

    HTTP Response

    302

    HTTP Request

    GET https://mc.yandex.com/watch/91506751/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Fdmca.html&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Aqfujqr3nyxpmy96xs6n0cesb%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1261%3Acn%3A1%3Adp%3A0%3Als%3A229553880695%3Ahid%3A353489783%3Az%3A0%3Ai%3A20240316053539%3Aet%3A1710567339%3Ac%3A1%3Arn%3A166307579%3Au%3A1710567339309342583%3Aw%3A1280x609%3As%3A1280x720x24%3Ask%3A1%3Aj%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C102%2C0%2C%2C%2C%2C102%3Aco%3A0%3Ans%3A1710567332526%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1710567340%3At%3ATaken%20down%20by%20DMCA%20request&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%280%29cdl%28na%29ti%282%29

    HTTP Response

    200
  • 77.88.21.119:443
    https://mc.yandex.com/sync_cookie_image_check
    tls, http
    IEXPLORE.EXE
    965 B
     4.9kB
     8
    10

    HTTP Request

    GET https://mc.yandex.com/sync_cookie_image_check

    HTTP Response

    302
  • 204.79.197.200:443
    iexplore.exe
  • 204.79.197.200:443
    iexplore.exe
  • 8.8.8.8:53
    mc.yandex.ru
    dns
    IEXPLORE.EXE
    174 B
     122 B
     3
    1

    DNS Request

    mc.yandex.ru

    DNS Request

    mc.yandex.ru

    DNS Request

    mc.yandex.ru

    DNS Response

    77.88.21.119
    87.250.251.119
    87.250.250.119
    93.158.134.119

  • 8.8.8.8:53
    mc.yandex.com
    dns
    IEXPLORE.EXE
    59 B
     149 B
     1
    1

    DNS Request

    mc.yandex.com

    DNS Response

    77.88.21.119
    87.250.250.119
    87.250.251.119
    93.158.134.119

  • 8.8.8.8:53

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a44a92115645589cd0c7ceef53437d34

    SHA1

    b73c544a94257f2ae281e7a75394215efed3d6a6

    SHA256

    fcdcff88c71ad253d5d34932ba3332a89d0bc5c132cb4c308a1e164fc320cf9e

    SHA512

    1427694f7a058042ad6a777e97ffac7c0bc58b21d86d6b1b946e123db78e73c77d286fabd311db19439e8f3f7f0f2795faf2756324127238ceb97929af829c3e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1245a1f72d8c31118371d01e9a3a0e87

    SHA1

    1338666c63c73a56effc32e8464037f92c6d9cf3

    SHA256

    489b2db7be8e1cc0c1d05c5087ef8a8fe7fce637d21660a28f9d7d691fa8d284

    SHA512

    bba9b5119639d9bed673e1db7fd80d4858a8e6ae74f3a1ae8badcbf4242043898b9a5d760ec3c116c27d1e7bd123cf71ccd5c53fa77858e2d3fea739eb134970

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dd073fee03d48aefa2c12d57160bcb60

    SHA1

    8ede45a61f830a619880fbd314c2300073da4fc4

    SHA256

    c1899371faa49b9fd1f17c6b07726ee11ca5959935891f1c5530253919b7f683

    SHA512

    520697b1946a3df6c3fd708fdb4121e287023abf8efed1e5166b666a2fc311b591eaa2f0bc3bd527cd815af2f8f6b327e275309ec0cb33c30bd896edd2c63616

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    873437e5666d708e5a3995ccaeda7660

    SHA1

    4f0eff48fb398592ea0b524d023f483fa2cfedb7

    SHA256

    7724ab9ccf74901b93b57ba6dacd2f6ae25295380c3c0d21f6a822635a2cf3f6

    SHA512

    1f63dcf581b8c876da930ac59b4e0ae53924f5176de7d51bb689ffbc464d546bc5050f6795ed06b75db1391208ea738ce14e525afec7329dc8ebedb505cde366

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    baf73f134c589a335ca8cccefcd178a7

    SHA1

    fec7f459a2a700309fc4c07a45085c39a9d5aa56

    SHA256

    544f7dd9146bfd078e6bb8a4a822473b92f7ba08817c944fa289efd1eae7352f

    SHA512

    6dd4172fe4c38460c6e6258e80d871cabe80da4d81fc92ae5cdb46eac255a3d639d02b40ec5bf22a9ea3b2e83d80bfeb5e856108271545ca7b2ad71f5b27bb39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a1804aac99f2b9b7e7b297a0714b7cd9

    SHA1

    f68b3816b87ea8ca5fb766e6612e917c0c317779

    SHA256

    c46e4da9adb428e1f776852f50bdfe5fbba05d11fc418720955a52b4e4c3ac77

    SHA512

    81bea6d657d4a2bfd1f6ca56761f6a4f361a55c7e7d23618d7aada641763a62be561ecd7ad26ba6f16052cfd491fa94b00ef2130ecef1084373ced96886beb7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6aba0edc19d99e425e150e22c6c4f75d

    SHA1

    14fafdcd0799d435d50f13e0714f0acd696b2a36

    SHA256

    c5c398007111b2ab0c142607ca03fee4d875dd31510c2e324d5e9647dd654bf2

    SHA512

    685499bba1d5a79afe05a55c946f77d5db71a8a30d2b0ec38ef8273f310f5072409314fedb44969d41b932f5bf7d8f856e819044185839f1e1d93ea3b9a3c70d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab42CB.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4510.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar45A2.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.