Overview

overview

1

Static

static

1

3ba5bc8678...8.html

windows7-x64

1

3ba5bc8678...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12/05/2024, 19:09 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ba5bc8678a29e65c7821d289c71ee9c_JaffaCakes118.html

  • Size

    28KB

  • MD5

    3ba5bc8678a29e65c7821d289c71ee9c

  • SHA1

    8701fb6b9846cf96c4785eb6a1202aa52737cafb

  • SHA256

    cb97c885b47cc7e00d5c2bda35d93b41a3106a6094c601b3a156308250beee90

  • SHA512

    eaea5382ebc2c5f42d0fc9ee12e7cabfcae709306e37600850e020faa739ab606857f6ac8387b5528aad4b60f9f839bfa8ecde598e66b9c1bdfaef021aed76bd

  • SSDEEP

    192:Cj5AzV3bMqCrzZtzczjsu3NaUhvgYgAvxn53Eo7OyBRqDcvsOcRyaaPH4ZdXaPH1:CCFXhvZvxnh9gDxOcRjZsFwsY4BT/r1P

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3ba5bc8678a29e65c7821d289c71ee9c_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:940

Network

  • flag-us
    DNS
    i2.cdn-image.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    i2.cdn-image.com
    IN A
    Response
    i2.cdn-image.com
    IN A
    208.91.196.253
  • flag-us
    DNS
    searchdiscovered.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    searchdiscovered.com
    IN A
    Response
    searchdiscovered.com
    IN A
    208.91.196.4
  • flag-us
    DNS
    fwdssp.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    fwdssp.com
    IN A
    Response
  • flag-us
    GET
    http://i2.cdn-image.com/__media__/js/min.js?v1.9
    IEXPLORE.EXE
    Remote address:
    208.91.196.253:80
    Request
    GET /__media__/js/min.js?v1.9 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: i2.cdn-image.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Sun, 12 May 2024 19:09:40 GMT
    Content-Type: application/javascript
    Content-Length: 8435
    Last-Modified: Fri, 17 Feb 2023 06:44:26 GMT
    Connection: keep-alive
    ETag: "63ef224a-20f3"
    Expires: Sun, 26 May 2024 19:09:40 GMT
    Cache-Control: max-age=1209600
    cache-control: public
    Accept-Ranges: bytes
  • flag-us
    GET
    http://searchdiscovered.com/__media__/pics/657/hostergator.gif
    IEXPLORE.EXE
    Remote address:
    208.91.196.4:80
    Request
    GET /__media__/pics/657/hostergator.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: searchdiscovered.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    Date: Sun, 12 May 2024 19:09:40 GMT
    Server: Apache
    Location: http://freeresultsguide.com/__media__/pics/657/hostergator.gif
    Content-Length: 246
    Keep-Alive: timeout=5, max=126
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1
  • flag-us
    GET
    http://searchdiscovered.com/__media__/pics/657/error-bg.gif
    IEXPLORE.EXE
    Remote address:
    208.91.196.4:80
    Request
    GET /__media__/pics/657/error-bg.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: searchdiscovered.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    Date: Sun, 12 May 2024 19:09:45 GMT
    Server: Apache
    Location: http://freeresultsguide.com/__media__/pics/657/error-bg.gif
    Content-Length: 243
    Keep-Alive: timeout=5, max=123
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1
  • flag-us
    DNS
    freeresultsguide.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    freeresultsguide.com
    IN A
    Response
    freeresultsguide.com
    IN A
    208.91.196.4
  • flag-us
    GET
    http://freeresultsguide.com/__media__/pics/657/hostergator.gif
    IEXPLORE.EXE
    Remote address:
    208.91.196.4:80
    Request
    GET /__media__/pics/657/hostergator.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: freeresultsguide.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sun, 12 May 2024 19:09:40 GMT
    Server: Apache
    Last-Modified: Wed, 20 Jan 2021 10:46:09 GMT
    ETag: "1f47-5b952a9b9b24e"
    Accept-Ranges: bytes
    Content-Length: 8007
    Keep-Alive: timeout=5, max=127
    Connection: Keep-Alive
    Content-Type: image/gif
  • flag-us
    GET
    http://freeresultsguide.com/__media__/pics/657/error-bg.gif
    IEXPLORE.EXE
    Remote address:
    208.91.196.4:80
    Request
    GET /__media__/pics/657/error-bg.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: freeresultsguide.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sun, 12 May 2024 19:09:45 GMT
    Server: Apache
    Last-Modified: Wed, 20 Jan 2021 10:46:09 GMT
    ETag: "7d7-5b952a9b9b24e"
    Accept-Ranges: bytes
    Content-Length: 2007
    Keep-Alive: timeout=5, max=128
    Connection: Keep-Alive
    Content-Type: image/gif
  • flag-us
    DNS
    i1.cdn-image.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    i1.cdn-image.com
    IN A
    Response
    i1.cdn-image.com
    IN A
    208.91.196.253
  • flag-us
    GET
    http://i1.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.eot?
    IEXPLORE.EXE
    Remote address:
    208.91.196.253:80
    Request
    GET /__media__/fonts/ubuntu-b/ubuntu-b.eot? HTTP/1.1
    Accept: */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: file:
    Accept-Encoding: gzip, deflate
    Host: i1.cdn-image.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Sun, 12 May 2024 19:09:45 GMT
    Content-Type: application/vnd.ms-fontobject
    Content-Length: 113646
    Last-Modified: Wed, 20 Jan 2021 10:45:11 GMT
    Connection: keep-alive
    ETag: "600809b7-1bbee"
    Access-Control-Allow-Origin: *
    Accept-Ranges: bytes
  • flag-us
    GET
    http://i1.cdn-image.com/__media__/pics/12471/libgh.png
    IEXPLORE.EXE
    Remote address:
    208.91.196.253:80
    Request
    GET /__media__/pics/12471/libgh.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: i1.cdn-image.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Sun, 12 May 2024 19:09:46 GMT
    Content-Type: image/png
    Content-Length: 1081
    Last-Modified: Wed, 20 Jan 2021 10:46:07 GMT
    Connection: keep-alive
    ETag: "600809ef-439"
    Expires: Sun, 26 May 2024 19:09:46 GMT
    Cache-Control: max-age=1209600
    cache-control: public
    Accept-Ranges: bytes
  • flag-us
    GET
    http://i1.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.eot?
    IEXPLORE.EXE
    Remote address:
    208.91.196.253:80
    Request
    GET /__media__/fonts/ubuntu-r/ubuntu-r.eot? HTTP/1.1
    Accept: */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: file:
    Accept-Encoding: gzip, deflate
    Host: i1.cdn-image.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Sun, 12 May 2024 19:09:45 GMT
    Content-Type: application/vnd.ms-fontobject
    Content-Length: 34685
    Last-Modified: Wed, 20 Jan 2021 10:45:11 GMT
    Connection: keep-alive
    ETag: "600809b7-877d"
    Access-Control-Allow-Origin: *
    Accept-Ranges: bytes
  • flag-us
    DNS
    i3.cdn-image.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    i3.cdn-image.com
    IN A
    Response
    i3.cdn-image.com
    IN A
    208.91.196.253
  • flag-us
    GET
    http://i1.cdn-image.com/__media__/pics/12471/search-icon.png
    IEXPLORE.EXE
    Remote address:
    208.91.196.253:80
    Request
    GET /__media__/pics/12471/search-icon.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: i1.cdn-image.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Sun, 12 May 2024 19:09:45 GMT
    Content-Type: image/png
    Content-Length: 1189
    Last-Modified: Wed, 20 Jan 2021 10:46:07 GMT
    Connection: keep-alive
    ETag: "600809ef-4a5"
    Expires: Sun, 26 May 2024 19:09:45 GMT
    Cache-Control: max-age=1209600
    cache-control: public
    Accept-Ranges: bytes
  • flag-us
    DNS
    i4.cdn-image.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    i4.cdn-image.com
    IN A
    Response
    i4.cdn-image.com
    IN A
    208.91.196.253
  • flag-us
    GET
    http://i4.cdn-image.com/__media__/pics/12471/arrow.png
    IEXPLORE.EXE
    Remote address:
    208.91.196.253:80
    Request
    GET /__media__/pics/12471/arrow.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: i4.cdn-image.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Sun, 12 May 2024 19:09:45 GMT
    Content-Type: image/png
    Content-Length: 1060
    Last-Modified: Wed, 20 Jan 2021 10:46:07 GMT
    Connection: keep-alive
    ETag: "600809ef-424"
    Expires: Sun, 26 May 2024 19:09:45 GMT
    Cache-Control: max-age=1209600
    cache-control: public
    Accept-Ranges: bytes
  • flag-us
    GET
    http://i4.cdn-image.com/__media__/pics/12471/libg.png
    IEXPLORE.EXE
    Remote address:
    208.91.196.253:80
    Request
    GET /__media__/pics/12471/libg.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: i4.cdn-image.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Sun, 12 May 2024 19:09:45 GMT
    Content-Type: image/png
    Content-Length: 1092
    Last-Modified: Wed, 20 Jan 2021 10:46:07 GMT
    Connection: keep-alive
    ETag: "600809ef-444"
    Expires: Sun, 26 May 2024 19:09:45 GMT
    Cache-Control: max-age=1209600
    cache-control: public
    Accept-Ranges: bytes
  • flag-us
    GET
    http://i4.cdn-image.com/__media__/pics/12471/kwbg.jpg
    IEXPLORE.EXE
    Remote address:
    208.91.196.253:80
    Request
    GET /__media__/pics/12471/kwbg.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: i4.cdn-image.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Sun, 12 May 2024 19:09:45 GMT
    Content-Type: image/jpeg
    Content-Length: 37219
    Last-Modified: Wed, 20 Jan 2021 10:46:07 GMT
    Connection: keep-alive
    ETag: "600809ef-9163"
    Expires: Sun, 26 May 2024 19:09:45 GMT
    Cache-Control: max-age=1209600
    cache-control: public
    Accept-Ranges: bytes
  • flag-us
    GET
    http://i3.cdn-image.com/__media__/pics/12471/logo.png
    IEXPLORE.EXE
    Remote address:
    208.91.196.253:80
    Request
    GET /__media__/pics/12471/logo.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: i3.cdn-image.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Sun, 12 May 2024 19:09:45 GMT
    Content-Type: image/png
    Content-Length: 3956
    Last-Modified: Wed, 20 Jan 2021 10:46:07 GMT
    Connection: keep-alive
    ETag: "600809ef-f74"
    Expires: Sun, 26 May 2024 19:09:45 GMT
    Cache-Control: max-age=1209600
    cache-control: public
    Accept-Ranges: bytes
  • flag-us
    GET
    http://i3.cdn-image.com/__media__/pics/12471/bodybg.png
    IEXPLORE.EXE
    Remote address:
    208.91.196.253:80
    Request
    GET /__media__/pics/12471/bodybg.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: i3.cdn-image.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Sun, 12 May 2024 19:09:45 GMT
    Content-Type: image/png
    Content-Length: 97189
    Last-Modified: Wed, 20 Jan 2021 10:46:07 GMT
    Connection: keep-alive
    ETag: "600809ef-17ba5"
    Expires: Sun, 26 May 2024 19:09:45 GMT
    Cache-Control: max-age=1209600
    cache-control: public
    Accept-Ranges: bytes
  • flag-us
    DNS
    www.microsoft.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    2.21.17.194
  • flag-us
    DNS
    www.microsoft.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    2.21.17.194
  • flag-nl
    GET
    http://www.bing.com/favicon.ico
    iexplore.exe
    Remote address:
    23.62.61.160:80
    Request
    GET /favicon.ico HTTP/1.1
    Accept: */*
    UA-CPU: AMD64
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Host: www.bing.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Cache-Control: public, max-age=15552000
    Content-Length: 4286
    Content-Type: image/x-icon
    Last-Modified: Mon, 01 Jan 1601 00:00:00 GMT
    X-EventID: 65d4c65a538b4afa839064a00a9b728a
    UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
    Content-Security-Policy-Report-Only: script-src https: 'strict-dynamic' 'report-sample' 'nonce-+F5kGRSFPCuHDPk8f7Po0fttTEsC9TyM4t+ZD7xNcas='; base-uri 'self';report-to csp-endpoint
    Report-To: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    X-MSEdge-Ref: Ref A: A265F6639C05488182DB1302B90CE8B1 Ref B: BRU30EDGE0617 Ref C: 2024-02-22T08:31:31Z
    Date: Sun, 12 May 2024 19:09:55 GMT
    Connection: keep-alive
    X-CDN-TraceID: 0.9c3d3e17.1715540995.a091897
  • flag-nl
    DNS
    iexplore.exe
    Remote address:
    23.62.61.160:80
    Response
    HTTP/1.0 408 Request Time-out
    Server: AkamaiGHost
    Mime-Version: 1.0
    Date: Sun, 12 May 2024 19:10:29 GMT
    Content-Type: text/html
    Content-Length: 314
    Expires: Sun, 12 May 2024 19:10:29 GMT
  • 208.91.196.253:80
    http://i2.cdn-image.com/__media__/js/min.js?v1.9
    http
    IEXPLORE.EXE
    685 B
     9.2kB
     9
    10

    HTTP Request

    GET http://i2.cdn-image.com/__media__/js/min.js?v1.9

    HTTP Response

    200
  • 208.91.196.4:80
    searchdiscovered.com
    IEXPLORE.EXE
    190 B
     92 B
     4
    2
  • 208.91.196.4:80
    http://searchdiscovered.com/__media__/pics/657/error-bg.gif
    http
    IEXPLORE.EXE
    975 B
     2.4kB
     8
    8

    HTTP Request

    GET http://searchdiscovered.com/__media__/pics/657/hostergator.gif

    HTTP Response

    302

    HTTP Request

    GET http://searchdiscovered.com/__media__/pics/657/error-bg.gif

    HTTP Response

    302
  • 208.91.196.253:80
    i2.cdn-image.com
    IEXPLORE.EXE
    190 B
     92 B
     4
    2
  • 208.91.196.4:80
    freeresultsguide.com
    IEXPLORE.EXE
    190 B
     92 B
     4
    2
  • 208.91.196.4:80
    http://freeresultsguide.com/__media__/pics/657/error-bg.gif
    http
    IEXPLORE.EXE
    1.2kB
     12.1kB
     12
    14

    HTTP Request

    GET http://freeresultsguide.com/__media__/pics/657/hostergator.gif

    HTTP Response

    200

    HTTP Request

    GET http://freeresultsguide.com/__media__/pics/657/error-bg.gif

    HTTP Response

    200
  • 208.91.196.253:80
    http://i1.cdn-image.com/__media__/pics/12471/libgh.png
    http
    IEXPLORE.EXE
    2.9kB
     119.0kB
     50
    91

    HTTP Request

    GET http://i1.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.eot?

    HTTP Response

    200

    HTTP Request

    GET http://i1.cdn-image.com/__media__/pics/12471/libgh.png

    HTTP Response

    200
  • 208.91.196.253:80
    http://i1.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.eot?
    http
    IEXPLORE.EXE
    1.2kB
     36.2kB
     20
    30

    HTTP Request

    GET http://i1.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.eot?

    HTTP Response

    200
  • 208.91.196.253:80
    http://i1.cdn-image.com/__media__/pics/12471/search-icon.png
    http
    IEXPLORE.EXE
    576 B
     1.7kB
     6
    4

    HTTP Request

    GET http://i1.cdn-image.com/__media__/pics/12471/search-icon.png

    HTTP Response

    200
  • 208.91.196.253:80
    http://i4.cdn-image.com/__media__/pics/12471/arrow.png
    http
    IEXPLORE.EXE
    570 B
     1.6kB
     6
    4

    HTTP Request

    GET http://i4.cdn-image.com/__media__/pics/12471/arrow.png

    HTTP Response

    200
  • 208.91.196.253:80
    http://i4.cdn-image.com/__media__/pics/12471/libg.png
    http
    IEXPLORE.EXE
    569 B
     1.6kB
     6
    4

    HTTP Request

    GET http://i4.cdn-image.com/__media__/pics/12471/libg.png

    HTTP Response

    200
  • 208.91.196.253:80
    http://i4.cdn-image.com/__media__/pics/12471/kwbg.jpg
    http
    IEXPLORE.EXE
    1.2kB
     38.8kB
     20
    31

    HTTP Request

    GET http://i4.cdn-image.com/__media__/pics/12471/kwbg.jpg

    HTTP Response

    200
  • 208.91.196.253:80
    http://i3.cdn-image.com/__media__/pics/12471/logo.png
    http
    IEXPLORE.EXE
    615 B
     4.5kB
     7
    6

    HTTP Request

    GET http://i3.cdn-image.com/__media__/pics/12471/logo.png

    HTTP Response

    200
  • 208.91.196.253:80
    http://i3.cdn-image.com/__media__/pics/12471/bodybg.png
    http
    IEXPLORE.EXE
    2.3kB
     100.6kB
     44
    77

    HTTP Request

    GET http://i3.cdn-image.com/__media__/pics/12471/bodybg.png

    HTTP Response

    200
  • 23.62.61.160:80
    http://www.bing.com/favicon.ico
    http
    iexplore.exe
    640 B
     5.9kB
     9
    9

    HTTP Request

    GET http://www.bing.com/favicon.ico

    HTTP Response

    200
  • 23.62.61.160:80
    www.bing.com
    http
    iexplore.exe
    340 B
     746 B
     7
    5

    HTTP Response

    408
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.6kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
     7.7kB
     10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
     7.6kB
     9
    12
  • 8.8.8.8:53
    i2.cdn-image.com
    dns
    IEXPLORE.EXE
    62 B
     78 B
     1
    1

    DNS Request

    i2.cdn-image.com

    DNS Response

    208.91.196.253

  • 8.8.8.8:53
    searchdiscovered.com
    dns
    IEXPLORE.EXE
    66 B
     82 B
     1
    1

    DNS Request

    searchdiscovered.com

    DNS Response

    208.91.196.4

  • 8.8.8.8:53
    fwdssp.com
    dns
    IEXPLORE.EXE
    56 B
     56 B
     1
    1

    DNS Request

    fwdssp.com

  • 8.8.8.8:53
    freeresultsguide.com
    dns
    IEXPLORE.EXE
    66 B
     82 B
     1
    1

    DNS Request

    freeresultsguide.com

    DNS Response

    208.91.196.4

  • 8.8.8.8:53
    i1.cdn-image.com
    dns
    IEXPLORE.EXE
    62 B
     78 B
     1
    1

    DNS Request

    i1.cdn-image.com

    DNS Response

    208.91.196.253

  • 8.8.8.8:53
    i3.cdn-image.com
    dns
    IEXPLORE.EXE
    62 B
     78 B
     1
    1

    DNS Request

    i3.cdn-image.com

    DNS Response

    208.91.196.253

  • 8.8.8.8:53
    i4.cdn-image.com
    dns
    IEXPLORE.EXE
    62 B
     78 B
     1
    1

    DNS Request

    i4.cdn-image.com

    DNS Response

    208.91.196.253

  • 8.8.8.8:53
    www.microsoft.com
    dns
    iexplore.exe
    63 B
     230 B
     1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    2.21.17.194

  • 8.8.8.8:53
    www.microsoft.com
    dns
    iexplore.exe
    63 B
     230 B
     1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    2.21.17.194

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    5662b224525be94b65ce6916117e3ec1

    SHA1

    177d3be500bc6d32cdf3ab668137e6803aa13ca4

    SHA256

    9bedf1aa22cd11f0ddd4bcdda0c904d3b6d65fb8bccfd6526c4a10b7876ba318

    SHA512

    8d374d35da40bc6e8ea80af89c0feef9418adc72dfa03f9f79a8cf44dc60ce06ccd04ea8de7656c1d54f8511fae5ab85a2b93516b1da31ea4e3a1c59cf56e936

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    474db76085115ed1975eed88d892a568

    SHA1

    658ca802a2bb63443be5eb4993d4774a5899200c

    SHA256

    5f73a6d665833562417c346bb4a901c2d6a4d5d8e13ac1ded698529a835c5f74

    SHA512

    d80941bf99dfe421526cd60467426fb59a1b7c9e59e767361b54949b8af02d36f3dcd85bdb4ac2d2683888b62d6dc7bdd465141717aefd89337badfd38924cfd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0c10af0a6f80367da94bbf51f9508652

    SHA1

    e8ee1c81957a50fdc06d24fd878949bc0e00566b

    SHA256

    3cee04df2dba35f22f7d9b3585f48f815425ae4d59edd17a5d4b6857b5a010ee

    SHA512

    0318c43bd8eb7ec541ed3fed9052e227a8fd21783499503ed01e3dffbf784e8ac3a1b05f8992ce72b18fab37c23c4c355ed72b434b45c012b8b691b147d3ca00

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    480a2a5ecfa46caa5989d207b9115a21

    SHA1

    8e956946332d70ecd1e7c35173aae23387131ffc

    SHA256

    286a60f12db3926c976328f860e1a355bddc30c006d9fc8eddb05958c84b0287

    SHA512

    8453831729c0930c5eb2539e0f008568a7c8c85bda79be0ce72bc02f4846ff8ec926f6442c64c8dfe62cd792d66a32cb9bffdfb1b93925fb28f13f8ce520a83c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cb0aeb82c51bac338db28e04b91aa2ec

    SHA1

    4bfddce0510add7126351928a417489ed2883617

    SHA256

    bdaf46739acc55b2b9bc270a4bd40c734c8bdada40be4cd1066373e317eaabae

    SHA512

    0330bfb4b9c2de6d4780527a396f1518c3d483e385bf98000062f732f9e59d2c2d22bb9b5b63ae503d6f0c1481d5fce82a0a8cdff88e2e34398e897137a7fb4a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    71d211bd6ed52575321f7e8403ce6a6f

    SHA1

    f5f19173d53d4e2b89643a28b1b53c8d9db334b3

    SHA256

    aaa96df33b5793e43866f0c741974fd9b5b196a509441e8c858e54ee01f6e7ed

    SHA512

    a85ea03d11bcf32b801c2c636d89605b29a60827dc19351a25ba275cf0bc2d0863c35a16eae709606219a90e8dff191276b77806947d50e796bbe38b86d37626

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5882e31428a0daacad17fd76f0864163

    SHA1

    f6aa87c7256f0bdd139289debb20d895f5e17338

    SHA256

    f572f20098feffda1d56f0c00f959724e9a5557ce99d195fe57eac7c9556c2a3

    SHA512

    6bb25604b5fcec2c5616b7982629ca580fa374119c57713c09c41ae96a1fdb2cf9a6e38c6a13383034fc5cf601a323a86808497f333af742e5510c50c986acb5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    17520497c39e55fd12818a2ac1736644

    SHA1

    41be9dae475792ae8af27c7b21cfc587d49eb98e

    SHA256

    b0178323edea901ec3cd69d6aa62ff59fdfc2234184e1534d3e3abddf08697c2

    SHA512

    1fa7971fafe6d34be2592fecfc7a4aeb6857da03777e31c6a00e3a668e44ebd8b7d8b2e3e0ca6d334a27248a282a3f0e8726a51545b5cc74796e35969644de3e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ef98b06835832aaa4ad1c8c3791e54c5

    SHA1

    ee647c49c45f298780b091c119e33471ee4bb312

    SHA256

    fd1f9ee2491616b13f5a1164f822301810c49e61cca5dd9defea9afd9b69c3b6

    SHA512

    0feb090e8c747d1aa4e5b3ad0ee4845f8df89c34e7a5a451561d28d1c52dc5414a0ce87417624f514c4f0a5dca93e058d6e4c7b95d7e0fa182f04ab2da650d91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a5c33aa777258454e57f132c9b978e9d

    SHA1

    adb11669a9fff7c632964dd15e9a105f0896df17

    SHA256

    d87c2ee2cd8ff0abb1f3e7c6cbdfe8a0946335a02082688f59ddb619ea9b2a2a

    SHA512

    736e3ac4d3efba352cc1bd474dd463c4d66d02397d8fa7c171e3b3e18daf1e80dca09406f011b3673d0c69d048308ec85722a712667dbae97ab1ff9fe9eccfc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8025bdd2e6b4dddbae37595952bdfdcf

    SHA1

    8675ed2affabbebd123fb9a8990a585ff968b5cc

    SHA256

    2ba4c228ac02b1641439ca23f78f0e2a62f905724cce6d0088fec76f00d56bda

    SHA512

    a5d2c33e63615a36adbfef600fb0f298ce2c18c4d66b670a5d36cf2a31cc6e656729a1423a77cb1395b59a782d54dff408fd9f342f6d712da93876e5148c9171

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f2808428be5c67c648b85e4420befb7d

    SHA1

    e94b1b2810c720f59c068e8f1eedf87c323d7934

    SHA256

    e09739522aa407cc8fbe14d149de0c1ec192f6a4e98ce8979faad1c0513322de

    SHA512

    ccfd8c1babddecbf6ab9a209619d25fd814a34d082d55aae86e330adb003357da57efcc63f4661770641f71be2bd6779dd370a470cee36d0a79503e470ec5f73

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ee44adc77d0794eb68f37f70b545365f

    SHA1

    5399493981a43c9dc510229bfb598f99adf44c48

    SHA256

    662728b741955f3e20f7242c3f568d3da329176d7000f0a52fa8cddb88cd8bc6

    SHA512

    a167d5e1ea6deb7a2556d1cf9775c6e9ebd123dfccbe2353d84654e20ce9ac79129336614ea5e174c2343c50875b4af73943084ef985670bf51e8723b9168ffc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fbc6f85015da475e036a5c0cd89e2086

    SHA1

    11fdf233120a348c446aa6ed950657105d23e32a

    SHA256

    b5cab0cb40507b0740e956fc477efbcf7e90bbd7a3c7ec47c91fcc653e07efcf

    SHA512

    13e4150a67a0d73f6893ed35037ef32f042d38d5c432a5a04c6c144b45b5511b37994cbc179c70f660d053232a3e83afed1be42a170a073e6c39a49da669fc1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d1a137ae76bba63bcfeb3db2e3e754d0

    SHA1

    1425164881979d95865345c0e336ea12494d0a52

    SHA256

    d56879e01dc47377bd402a6e7f57cb80b926bc1d03a27c4b8b1ea39e8c980b0e

    SHA512

    1b6938b761c1bee7b332313f633b159e7dbec59e72057b27af9802726a95befa1cce18bd0ae44e28aae6fd72d40ba4998468ec0393ba31103bc875110e3ffdca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    52e12c3e19a2c7a0f9d2d852a0cf7865

    SHA1

    1af46298ec64e4ff46a897a76bc538f31594c604

    SHA256

    6ffdf69a266627fb91fc8e95c32a5afad32985753439e135d122cdb1e0389609

    SHA512

    1dff0a367a9d36a51cf0f556e8113387e6ce0b90136b340e03f304b97fbd54af3637d9d8430b5b310b17e64dc6fbeaa04efaeac31329514c6a95455642818d38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    954b9fe4be8bb5eec5296c581e15c19e

    SHA1

    a3213c171f0f3ff29afd140d9437d6eb3cbc5c78

    SHA256

    9862bfbd9c1a3050bb9140ee70f33288a8996c8c0d7203c84c5b0b7c4107d208

    SHA512

    f1f955aa8a3f10ceeeed7f12d1d3515046fc75d0b1ef8bd9ff1d23f9a25ad8cbaa03047ed0edbc8d5da4c5817f925642f2391a3a159de648205ea544c9f66d30

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1c7db3cff8c14d2d4a7c627eef7aa54a

    SHA1

    3c36e2ecd56f1a91628b6b2c7b0bb0a9eaba506f

    SHA256

    1cdc9b2251fcab6ec4908fe431182e6ef159465c7f5614b59198af8f1e1be048

    SHA512

    7bad6c4fa017237574c73c1386a4082d1bb4af833bfdcfbb5734ddba370dcfd1a667fd0ddd8283cc71843a841fabec297ed4dfbaf6edb78c8582bfac00ad9fe0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a0bf480ab21ab7b3bb406df4bc39c25e

    SHA1

    e2d5c4f5f817330b8afbfc63ced9d16e416b70b0

    SHA256

    6f8548c72fb344a01355906113dc4f0c116e75425353d62a22aa1b8bae8f4513

    SHA512

    1fd51d57e5f86216fd29282f078a6ccb1829e65b5767124d624471bff5e266d1ee41a2b6e58db144c9fb71b739c31f406507f089cb8904d69f49d5fd83a18cee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    94763141fe92353545988803a860b6d9

    SHA1

    2e4b88f45d15021ba2239c5284a0dcdc126a8e7e

    SHA256

    3c34cc50287a6cf09f0c8af3442af2610e6dad789afa0d9dc3087756e55940df

    SHA512

    8bb9eb5a873808c6b3ec29fccb7374015cccf6b854571321cc0bb012fb12248dc062bae0f0efbd09ec6188f66d55cd55ecf32ff3a4bc8c895b4b8de82b4a0524

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    6127468ea5cc1861d03eea698f7d3e78

    SHA1

    7edf13b34c60d0510fc32637cc0c1c4da39f590f

    SHA256

    b2df2dc3b25f64c48eaefc4d7a223d77cb35b84cb977a58f18d1990f96fd57ec

    SHA512

    eef7cd9d196b27e377e753c70fc1fc56a11d1a9f4516cb5e0c96eb9c9f7a4a6b1660acbaf89da8b34bfb296096602326a3294be24fa712390c1833fcd00d6d73

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3E87.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3FD4.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.