Analysis

  • max time kernel
    134s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-06-2024 04:37

General

  • Target

    18cc6ccf5ffe830e95ba39716d9e712a_JaffaCakes118.html

  • Size

    57KB

  • MD5

    18cc6ccf5ffe830e95ba39716d9e712a

  • SHA1

    1bd32cfa545e8faeb1a4f9ccd4bf6802727c682b

  • SHA256

    d966544947e1f4dfd145fd7112b6ae7e1fa7c41314e8459a8081c76914ccbace

  • SHA512

    1350ec56dd3a113e3af805161e530063308e82c06f38ca4432d9a8ffd24fe44cbe9f33df9ecc20df375492501e941a8ed14070106ec9dd1e8e1dc4410d5eb029

  • SSDEEP

    1536:ijEQvK8OPHdyA5o2vgyHJv0owbd6zKD6CDK2RVroDzwpDK2RVy:ijnOPHdyz2vgyHJutDK2RVroDzwpDK2m

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\18cc6ccf5ffe830e95ba39716d9e712a_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2884
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2808

Network

  • flag-us
    DNS
    myykza.free.fr
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    myykza.free.fr
    IN A
    Response
  • flag-us
    DNS
    tiwolfly.free.fr
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    tiwolfly.free.fr
    IN A
    Response
  • flag-us
    DNS
    i59.photobucket.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    i59.photobucket.com
    IN A
    Response
    i59.photobucket.com
    IN A
    216.137.44.112
    i59.photobucket.com
    IN A
    216.137.44.17
    i59.photobucket.com
    IN A
    216.137.44.119
    i59.photobucket.com
    IN A
    216.137.44.125
  • flag-us
    DNS
    zoom.ind.free.fr
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    zoom.ind.free.fr
    IN A
    Response
  • flag-gb
    GET
    http://pagead2.googlesyndication.com/pagead/show_ads.js
    IEXPLORE.EXE
    Remote address:
    216.58.201.98:80
    Request
    GET /pagead/show_ads.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: pagead2.googlesyndication.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Vary: Accept-Encoding
    Date: Fri, 28 Jun 2024 04:37:41 GMT
    Expires: Fri, 28 Jun 2024 04:37:41 GMT
    Cache-Control: private, max-age=3600
    Content-Type: text/javascript; charset=UTF-8
    ETag: 6251367981536348152
    X-Content-Type-Options: nosniff
    Content-Disposition: attachment; filename="f.txt"
    Content-Encoding: gzip
    Server: cafe
    Content-Length: 15936
    X-XSS-Protection: 0
  • flag-gb
    GET
    http://i59.photobucket.com/albums/g320/Blizzardtje/XIII/XIIIFreaky.jpg
    IEXPLORE.EXE
    Remote address:
    216.137.44.112:80
    Request
    GET /albums/g320/Blizzardtje/XIII/XIIIFreaky.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: i59.photobucket.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Server: CloudFront
    Date: Fri, 28 Jun 2024 04:37:41 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Location: https://i59.photobucket.com/albums/g320/Blizzardtje/XIII/XIIIFreaky.jpg
    X-Cache: Redirect from cloudfront
    Via: 1.1 b0ccdd99457b319f6d3d11d03a119afe.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LHR61-P2
    X-Amz-Cf-Id: 4USqlv9sZF8m4ReJKhImom2tzLvDm6soH2Z-Qjl8JRfIjrC5kCPdDA==
    Vary: Origin
  • flag-gb
    GET
    https://i59.photobucket.com/albums/g320/Blizzardtje/XIII/XIIIFreaky.jpg
    IEXPLORE.EXE
    Remote address:
    216.137.44.112:443
    Request
    GET /albums/g320/Blizzardtje/XIII/XIIIFreaky.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: i59.photobucket.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: image/jpeg
    Content-Length: 7650
    Connection: keep-alive
    Date: Fri, 21 Jun 2024 23:19:22 GMT
    Cache-Control: max-age=31536000, public
    Content-Disposition: inline; filename="XIIIFreaky.jpg"
    Content-Security-Policy: script-src 'none'
    Expires: Sat, 21 Jun 2025 23:19:22 GMT
    Server: photobucket
    X-Amzn-Trace-Id: Root=1-66760a7a-1166e9136af1cf47073d57e7
    X-Request-Id: wc9ZjJDnOttB8Rf5V9CQH
    Vary: Accept
    X-Cache: Hit from cloudfront
    Via: 1.1 b091f0807f56fed397ae3abb89dd1206.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LHR61-P2
    X-Amz-Cf-Id: DsbmjizsXnfOkW6gAyrdJ9iVxOD83yz4OKa0f6q3oSFCF97Qpx6rWw==
    Age: 537500
    Vary: Origin
  • flag-us
    DNS
    www.dailymotion.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.dailymotion.com
    IN A
    Response
    www.dailymotion.com
    IN CNAME
    dmwww.geo.dmcdn.net
    dmwww.geo.dmcdn.net
    IN CNAME
    fp.ix7.dailymotion.com
    fp.ix7.dailymotion.com
    IN A
    188.65.124.92
  • flag-fr
    GET
    http://www.dailymotion.com/videozap/ykza?rows=3&skin=myYKZA
    IEXPLORE.EXE
    Remote address:
    188.65.124.92:80
    Request
    GET /videozap/ykza?rows=3&skin=myYKZA HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.dailymotion.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Length: 0
    Content-Type: text/html
    Date: Fri, 28 Jun 2024 04:37:41 GMT
    Location: https://dailymotion.com/videozap/ykza?rows=3&skin=myYKZA
    Set-Cookie: ts=593264; Path=/; Domain=dailymotion.com; Expires=Mon, 28 Jul 2025 04:37:41 GMT; Max-Age=34127999; Secure; SameSite=None
    Set-Cookie: v1st=4d95566b-dc64-4e8e-8e5e-69d9a6811f4e; Path=/; Domain=dailymotion.com; Expires=Mon, 28 Jul 2025 04:37:41 GMT; Max-Age=34127999; Secure; SameSite=None
  • flag-us
    DNS
    dailymotion.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    dailymotion.com
    IN A
    Response
    dailymotion.com
    IN A
    195.8.215.136
  • flag-us
    DNS
    c.pki.goog
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    c.pki.goog
    IN A
    Response
    c.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    172.217.169.67
  • flag-gb
    GET
    http://c.pki.goog/r/r1.crl
    IEXPLORE.EXE
    Remote address:
    172.217.169.67:80
    Request
    GET /r/r1.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 854
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Fri, 28 Jun 2024 04:13:27 GMT
    Expires: Fri, 28 Jun 2024 05:03:27 GMT
    Cache-Control: public, max-age=3000
    Age: 1454
    Last-Modified: Wed, 01 Nov 2023 07:48:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-us
    DNS
    o.pki.goog
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    o.pki.goog
    IN A
    Response
    o.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    172.217.169.67
  • flag-gb
    GET
    http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCehKugGJdgWBAhc1EB8hIz
    IEXPLORE.EXE
    Remote address:
    172.217.169.67:80
    Request
    GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCehKugGJdgWBAhc1EB8hIz HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: o.pki.goog
    Response
    HTTP/1.1 200 OK
    Server: ocsp_responder
    Content-Length: 472
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Date: Fri, 28 Jun 2024 04:35:52 GMT
    Cache-Control: public, max-age=14400
    Content-Type: application/ocsp-response
    Age: 109
  • flag-gb
    GET
    http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCDR9vuwevMnRDMxC1byWoK
    IEXPLORE.EXE
    Remote address:
    172.217.169.67:80
    Request
    GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCDR9vuwevMnRDMxC1byWoK HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: o.pki.goog
    Response
    HTTP/1.1 200 OK
    Server: ocsp_responder
    Content-Length: 472
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Date: Fri, 28 Jun 2024 04:01:33 GMT
    Cache-Control: public, max-age=14400
    Content-Type: application/ocsp-response
    Age: 2173
  • flag-fr
    GET
    https://www.dailymotion.com/videozap/ykza?rows=3&skin=myYKZA
    IEXPLORE.EXE
    Remote address:
    188.65.124.92:443
    Request
    GET /videozap/ykza?rows=3&skin=myYKZA HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Cookie: ts=593264; v1st=4d95566b-dc64-4e8e-8e5e-69d9a6811f4e
    Connection: Keep-Alive
    Host: www.dailymotion.com
    Response
    HTTP/1.1 200 OK
    Content-Encoding: gzip
    Content-Length: 17255
    Content-Type: text/html; charset=utf-8
    Date: Fri, 28 Jun 2024 04:37:43 GMT
    Etag: W/"c8cc-7tfowdQ2G0oKWPDVdb0VmT8hDiY"
    Server: DMS/1.0.42
    Server-Timing: total;dur=18, dc;desc="ix7"
    Set-Cookie: ff=; Max-Age=0; Path=/; Expires=Fri, 28 Jun 2024 04:37:43 GMT
    Set-Cookie: ff=; Max-Age=0; Domain=.dailymotion.com; Path=/; Expires=Fri, 28 Jun 2024 04:37:43 GMT
    Set-Cookie: ff=on; Domain=.dailymotion.com; Path=/; Secure; SameSite=None
    Strict-Transport-Security: max-age=31708800; includeSubDomains; preload
    Timing-Allow-Origin: *
    Vary: Accept-Encoding
    X-Powered-By: Express
  • flag-us
    DNS
    geo.dailymotion.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    geo.dailymotion.com
    IN A
    Response
    geo.dailymotion.com
    IN CNAME
    www.dailymotion.com
    www.dailymotion.com
    IN CNAME
    dmwww.geo.dmcdn.net
    dmwww.geo.dmcdn.net
    IN CNAME
    fp.ix7.dailymotion.com
    fp.ix7.dailymotion.com
    IN A
    188.65.124.92
  • flag-us
    DNS
    static1.dmcdn.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    static1.dmcdn.net
    IN A
    Response
    static1.dmcdn.net
    IN CNAME
    d129qj39ell9t0.cloudfront.net
    d129qj39ell9t0.cloudfront.net
    IN A
    18.245.143.13
    d129qj39ell9t0.cloudfront.net
    IN A
    18.245.143.82
    d129qj39ell9t0.cloudfront.net
    IN A
    18.245.143.129
    d129qj39ell9t0.cloudfront.net
    IN A
    18.245.143.40
  • flag-gb
    GET
    https://static1.dmcdn.net/neon-ssr/prod/app.0d4277a9e954eb42aab1.js
    IEXPLORE.EXE
    Remote address:
    18.245.143.13:443
    Request
    GET /neon-ssr/prod/app.0d4277a9e954eb42aab1.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://www.dailymotion.com/videozap/ykza?rows=3&skin=myYKZA
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static1.dmcdn.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: application/x-javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: DMS/1.0.42
    Cache-Control: max-age=315360000
    Date: Wed, 26 Jun 2024 12:26:04 GMT
    Expires: Thu, 31 Dec 2037 23:55:55 GMT
    Timing-Allow-Origin: *
    ETag: W/"667c080e-6a769"
    Last-Modified: Wed, 26 Jun 2024 12:22:38 GMT
    Content-Encoding: gzip
    Vary: Accept-Encoding
    X-Cache: Hit from cloudfront
    Via: 1.1 718d744faad6ff02c7a7ca517a01865a.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LHR5-P1
    X-Amz-Cf-Id: -P1dWcr47lc_wSoHLQqx7gGeojEpzttzXMNrE_GGEEJQNG5-ZtDv2w==
    Age: 144699
    Vary: Origin
  • flag-fr
    GET
    https://geo.dailymotion.com/player/xjnde.js
    IEXPLORE.EXE
    Remote address:
    188.65.124.92:443
    Request
    GET /player/xjnde.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://www.dailymotion.com/videozap/ykza?rows=3&skin=myYKZA
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: geo.dailymotion.com
    Connection: Keep-Alive
    Cookie: ts=593264; v1st=4d95566b-dc64-4e8e-8e5e-69d9a6811f4e; ff=on
    Response
    HTTP/1.1 200 OK
    Cache-Control: no-cache, no-store
    Content-Encoding: gzip
    Content-Length: 621
    Content-Security-Policy: upgrade-insecure-requests
    Content-Security-Policy-Report-Only: default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri
    Content-Type: application/javascript; charset=utf-8
    Date: Fri, 28 Jun 2024 04:37:43 GMT
    Link: <https://www.dailymotion.com>; rel="preconnect"; crossorigin="use-credentials", <https://static1.dmcdn.net>; rel="preconnect"; crossorigin="anonymous"
    Referrer-Policy: strict-origin-when-cross-origin
    Server: DMS/1.0.42
    Server-Timing: total;dur=13, dc;desc="ix7"
    Set-Cookie: dmvk=667e3e17586d8; path=/; domain=.dailymotion.com; Secure; SameSite=none;
    Set-Cookie: _TEST_=1; path=/; domain=.dailymotion.com; Secure; SameSite=none;
    Strict-Transport-Security: max-age=31708800; includeSubDomains; preload
    Timing-Allow-Origin: *
    Vary: X-DM-SSL
    Vary: Accept-Encoding
  • flag-fr
    GET
    https://geo.dailymotion.com/player/xjnde.html
    IEXPLORE.EXE
    Remote address:
    188.65.124.92:443
    Request
    GET /player/xjnde.html HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Referer: https://www.dailymotion.com/videozap/ykza?rows=3&skin=myYKZA
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: geo.dailymotion.com
    Connection: Keep-Alive
    Cookie: ts=593264; v1st=4d95566b-dc64-4e8e-8e5e-69d9a6811f4e; ff=on; dmvk=667e3e17586d8; _TEST_=1
    Response
    HTTP/1.1 200 OK
    Cache-Control: no-cache, no-store
    Content-Encoding: gzip
    Content-Length: 6718
    Content-Security-Policy: upgrade-insecure-requests
    Content-Security-Policy-Report-Only: default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri
    Content-Type: text/html; charset=utf-8
    Date: Fri, 28 Jun 2024 04:37:43 GMT
    Referrer-Policy: strict-origin-when-cross-origin
    Server: DMS/1.0.42
    Server-Timing: total;dur=15, dc;desc="ix7"
    Strict-Transport-Security: max-age=31708800; includeSubDomains; preload
    Timing-Allow-Origin: *
    Vary: X-DM-SSL,Accept-Encoding
  • flag-gb
    GET
    https://static1.dmcdn.net/neon-ssr/prod/app-styles.359570e3ca6d16978875.css
    IEXPLORE.EXE
    Remote address:
    18.245.143.13:443
    Request
    GET /neon-ssr/prod/app-styles.359570e3ca6d16978875.css HTTP/1.1
    Accept: text/css, */*
    Referer: https://www.dailymotion.com/videozap/ykza?rows=3&skin=myYKZA
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static1.dmcdn.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: text/css
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: DMS/1.0.42
    Cache-Control: max-age=315360000
    Date: Thu, 27 Jun 2024 20:02:24 GMT
    Expires: Thu, 31 Dec 2037 23:55:55 GMT
    Timing-Allow-Origin: *
    ETag: W/"667dc4a4-435d9"
    Last-Modified: Thu, 27 Jun 2024 19:59:32 GMT
    Content-Encoding: gzip
    Vary: Accept-Encoding
    X-Cache: Hit from cloudfront
    Via: 1.1 454abb506de84114b90eb4ff9b2798f6.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LHR5-P1
    X-Amz-Cf-Id: ECxkwJt32y3oH2GlPpizcznPYn3iDWVMlZbE5eKRowTCRr0MEEq2ig==
    Age: 30919
    Vary: Origin
  • flag-us
    DNS
    ocsp.rootca3.amazontrust.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    ocsp.rootca3.amazontrust.com
    IN A
    Response
    ocsp.rootca3.amazontrust.com
    IN A
    108.138.216.113
  • flag-gb
    GET
    http://ocsp.rootca3.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRkNawYMzz%2BjKSfYbTyFR0AXuhs6QQUq7bb1waeN6wwhgeRcMecxBmxeMACEwdzEnA9eVH9TrLXPKuCavuqCA0%3D
    IEXPLORE.EXE
    Remote address:
    108.138.216.113:80
    Request
    GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRkNawYMzz%2BjKSfYbTyFR0AXuhs6QQUq7bb1waeN6wwhgeRcMecxBmxeMACEwdzEnA9eVH9TrLXPKuCavuqCA0%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: ocsp.rootca3.amazontrust.com
    Response
    HTTP/1.1 200 OK
    Content-Type: application/ocsp-response
    Content-Length: 821
    Connection: keep-alive
    Date: Fri, 28 Jun 2024 03:49:35 GMT
    Last-Modified: Fri, 28 Jun 2024 03:49:35 GMT
    ETag: 26ccf9d04f0a9ccac68efa05128723377c9bf170
    Expires: Fri, 05 Jul 2024 03:49:35 GMT
    Cache-Control: max-age=302400, public, no-transform, must-revalidate
    Server: ¯\_(ツ)_/¯
    X-Content-Type-Options: nosniff
    X-Cache: Hit from cloudfront
    Via: 1.1 9a4946b43dbf1005ebaa0c93701f16ec.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LHR61-P3
    X-Amz-Cf-Id: Xnhc8KVpsmXdfXSXDyk_EIgQC4sD09reJinCIMVwSBw3I2Y9OhAW6w==
    Age: 2888
  • flag-gb
    GET
    http://ocsp.rootca3.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRkNawYMzz%2BjKSfYbTyFR0AXuhs6QQUq7bb1waeN6wwhgeRcMecxBmxeMACEwdzEnA9eVH9TrLXPKuCavuqCA0%3D
    IEXPLORE.EXE
    Remote address:
    108.138.216.113:80
    Request
    GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRkNawYMzz%2BjKSfYbTyFR0AXuhs6QQUq7bb1waeN6wwhgeRcMecxBmxeMACEwdzEnA9eVH9TrLXPKuCavuqCA0%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: ocsp.rootca3.amazontrust.com
    Response
    HTTP/1.1 200 OK
    Content-Type: application/ocsp-response
    Content-Length: 821
    Connection: keep-alive
    Date: Fri, 28 Jun 2024 03:49:35 GMT
    Last-Modified: Fri, 28 Jun 2024 03:49:35 GMT
    ETag: 26ccf9d04f0a9ccac68efa05128723377c9bf170
    Expires: Fri, 05 Jul 2024 03:49:35 GMT
    Cache-Control: max-age=302400, public, no-transform, must-revalidate
    Server: ¯\_(ツ)_/¯
    X-Content-Type-Options: nosniff
    X-Cache: Hit from cloudfront
    Via: 1.1 77c679d2765b514e835e71841df67db2.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LHR61-P3
    X-Amz-Cf-Id: p6s0vzhWcEjFvFeGWMwdCv8_lMyhPWUPrdg_XOkbVxc3SZbjnenQvw==
    Age: 2888
  • flag-us
    DNS
    pebed.dm-event.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    pebed.dm-event.net
    IN A
    Response
    pebed.dm-event.net
    IN CNAME
    ebed.geo.dmcdn.net
    ebed.geo.dmcdn.net
    IN A
    188.65.124.59
  • flag-us
    DNS
    helphomecare.at
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    helphomecare.at
    IN A
    Response
    helphomecare.at
    IN A
    45.33.30.197
    helphomecare.at
    IN A
    198.58.118.167
    helphomecare.at
    IN A
    72.14.178.174
    helphomecare.at
    IN A
    96.126.123.244
    helphomecare.at
    IN A
    45.33.23.183
    helphomecare.at
    IN A
    45.79.19.196
    helphomecare.at
    IN A
    45.33.2.79
    helphomecare.at
    IN A
    45.33.18.44
    helphomecare.at
    IN A
    72.14.185.43
    helphomecare.at
    IN A
    45.33.20.235
    helphomecare.at
    IN A
    45.56.79.23
    helphomecare.at
    IN A
    173.255.194.134
  • flag-us
    DNS
    tpc.googlesyndication.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    tpc.googlesyndication.com
    IN A
    Response
    tpc.googlesyndication.com
    IN A
    172.217.16.225
  • flag-gb
    GET
    https://tpc.googlesyndication.com/sodar/sodar2.js
    IEXPLORE.EXE
    Remote address:
    172.217.16.225:443
    Request
    GET /sodar/sodar2.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: tpc.googlesyndication.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Type: text/javascript
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="adspam-signals-scs"
    Report-To: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
    Date: Fri, 28 Jun 2024 04:37:46 GMT
    Expires: Fri, 28 Jun 2024 04:37:46 GMT
    Cache-Control: private, max-age=3000
    ETag: "1637097310169751"
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
    IEXPLORE.EXE
    Remote address:
    172.217.16.225:443
    Request
    GET /sodar/sodar2/225/runner.html HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: tpc.googlesyndication.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="adspam-signals-scs"
    Report-To: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
    Content-Length: 5046
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Mon, 24 Jun 2024 21:53:17 GMT
    Expires: Tue, 24 Jun 2025 21:53:17 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Mon, 21 Jun 2021 20:47:05 GMT
    Content-Type: text/html
    Vary: Accept-Encoding
    Age: 283469
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://tpc.googlesyndication.com/generate_204?llWAPw
    IEXPLORE.EXE
    Remote address:
    172.217.16.225:443
    Request
    GET /generate_204?llWAPw HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: tpc.googlesyndication.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 204 No Content
    Content-Length: 0
    Cross-Origin-Resource-Policy: cross-origin
    Date: Fri, 28 Jun 2024 04:37:46 GMT
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCDR9vuwevMnRDMxC1byWoK
    IEXPLORE.EXE
    Remote address:
    172.217.169.67:80
    Request
    GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCDR9vuwevMnRDMxC1byWoK HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: o.pki.goog
    Response
    HTTP/1.1 200 OK
    Server: ocsp_responder
    Content-Length: 472
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Date: Fri, 28 Jun 2024 04:01:33 GMT
    Cache-Control: public, max-age=14400
    Content-Type: application/ocsp-response
    Age: 2173
  • flag-us
    DNS
    fe0.google.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    fe0.google.com
    IN A
    Response
  • flag-us
    DNS
    www.microsoft.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    23.55.97.181
  • flag-us
    DNS
    www.microsoft.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    23.55.97.181
  • 216.137.44.112:80
    i59.photobucket.com
    IEXPLORE.EXE
    466 B
    92 B
    10
    2
  • 216.58.201.98:80
    http://pagead2.googlesyndication.com/pagead/show_ads.js
    http
    IEXPLORE.EXE
    876 B
    17.2kB
    13
    16

    HTTP Request

    GET http://pagead2.googlesyndication.com/pagead/show_ads.js

    HTTP Response

    200
  • 216.58.201.98:80
    pagead2.googlesyndication.com
    IEXPLORE.EXE
    190 B
    92 B
    4
    2
  • 216.137.44.112:80
    http://i59.photobucket.com/albums/g320/Blizzardtje/XIII/XIIIFreaky.jpg
    http
    IEXPLORE.EXE
    586 B
    798 B
    6
    4

    HTTP Request

    GET http://i59.photobucket.com/albums/g320/Blizzardtje/XIII/XIIIFreaky.jpg

    HTTP Response

    301
  • 216.137.44.112:443
    https://i59.photobucket.com/albums/g320/Blizzardtje/XIII/XIIIFreaky.jpg
    tls, http
    IEXPLORE.EXE
    1.4kB
    15.2kB
    15
    18

    HTTP Request

    GET https://i59.photobucket.com/albums/g320/Blizzardtje/XIII/XIIIFreaky.jpg

    HTTP Response

    200
  • 188.65.124.92:80
    http://www.dailymotion.com/videozap/ykza?rows=3&skin=myYKZA
    http
    IEXPLORE.EXE
    838 B
    657 B
    12
    4

    HTTP Request

    GET http://www.dailymotion.com/videozap/ykza?rows=3&skin=myYKZA

    HTTP Response

    301
  • 188.65.124.92:80
    www.dailymotion.com
    IEXPLORE.EXE
    466 B
    92 B
    10
    2
  • 195.8.215.136:443
    dailymotion.com
    tls
    IEXPLORE.EXE
    822 B
    6.7kB
    11
    11
  • 195.8.215.136:443
    dailymotion.com
    tls
    IEXPLORE.EXE
    1.2kB
    7.0kB
    12
    11
  • 172.217.169.67:80
    http://c.pki.goog/r/r1.crl
    http
    IEXPLORE.EXE
    348 B
    1.7kB
    5
    4

    HTTP Request

    GET http://c.pki.goog/r/r1.crl

    HTTP Response

    200
  • 172.217.169.67:80
    http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCDR9vuwevMnRDMxC1byWoK
    http
    IEXPLORE.EXE
    780 B
    1.6kB
    7
    4

    HTTP Request

    GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCehKugGJdgWBAhc1EB8hIz

    HTTP Response

    200

    HTTP Request

    GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCDR9vuwevMnRDMxC1byWoK

    HTTP Response

    200
  • 188.65.124.92:443
    https://www.dailymotion.com/videozap/ykza?rows=3&skin=myYKZA
    tls, http
    IEXPLORE.EXE
    1.5kB
    22.4kB
    19
    25

    HTTP Request

    GET https://www.dailymotion.com/videozap/ykza?rows=3&skin=myYKZA

    HTTP Response

    200
  • 18.245.143.13:443
    https://static1.dmcdn.net/neon-ssr/prod/app.0d4277a9e954eb42aab1.js
    tls, http
    IEXPLORE.EXE
    3.4kB
    141.4kB
    60
    108

    HTTP Request

    GET https://static1.dmcdn.net/neon-ssr/prod/app.0d4277a9e954eb42aab1.js

    HTTP Response

    200
  • 188.65.124.92:443
    geo.dailymotion.com
    tls
    IEXPLORE.EXE
    756 B
    3.7kB
    10
    10
  • 188.65.124.92:443
    https://geo.dailymotion.com/player/xjnde.html
    tls, http
    IEXPLORE.EXE
    1.8kB
    13.4kB
    14
    19

    HTTP Request

    GET https://geo.dailymotion.com/player/xjnde.js

    HTTP Response

    200

    HTTP Request

    GET https://geo.dailymotion.com/player/xjnde.html

    HTTP Response

    200
  • 18.245.143.13:443
    https://static1.dmcdn.net/neon-ssr/prod/app-styles.359570e3ca6d16978875.css
    tls, http
    IEXPLORE.EXE
    2.0kB
    54.0kB
    29
    45

    HTTP Request

    GET https://static1.dmcdn.net/neon-ssr/prod/app-styles.359570e3ca6d16978875.css

    HTTP Response

    200
  • 108.138.216.113:80
    http://ocsp.rootca3.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRkNawYMzz%2BjKSfYbTyFR0AXuhs6QQUq7bb1waeN6wwhgeRcMecxBmxeMACEwdzEnA9eVH9TrLXPKuCavuqCA0%3D
    http
    IEXPLORE.EXE
    478 B
    1.6kB
    5
    4

    HTTP Request

    GET http://ocsp.rootca3.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRkNawYMzz%2BjKSfYbTyFR0AXuhs6QQUq7bb1waeN6wwhgeRcMecxBmxeMACEwdzEnA9eVH9TrLXPKuCavuqCA0%3D

    HTTP Response

    200
  • 108.138.216.113:80
    http://ocsp.rootca3.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRkNawYMzz%2BjKSfYbTyFR0AXuhs6QQUq7bb1waeN6wwhgeRcMecxBmxeMACEwdzEnA9eVH9TrLXPKuCavuqCA0%3D
    http
    IEXPLORE.EXE
    478 B
    1.6kB
    5
    4

    HTTP Request

    GET http://ocsp.rootca3.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRkNawYMzz%2BjKSfYbTyFR0AXuhs6QQUq7bb1waeN6wwhgeRcMecxBmxeMACEwdzEnA9eVH9TrLXPKuCavuqCA0%3D

    HTTP Response

    200
  • 188.65.124.59:443
    pebed.dm-event.net
    tls
    IEXPLORE.EXE
    399 B
    219 B
    5
    5
  • 188.65.124.59:443
    pebed.dm-event.net
    tls
    IEXPLORE.EXE
    361 B
    219 B
    5
    5
  • 188.65.124.59:443
    pebed.dm-event.net
    tls
    IEXPLORE.EXE
    288 B
    219 B
    5
    5
  • 188.65.124.59:443
    pebed.dm-event.net
    IEXPLORE.EXE
    190 B
    92 B
    4
    2
  • 45.33.30.197:8080
    helphomecare.at
    IEXPLORE.EXE
    152 B
    3
  • 45.33.30.197:8080
    helphomecare.at
    IEXPLORE.EXE
    152 B
    3
  • 172.217.16.225:443
    tpc.googlesyndication.com
    tls
    IEXPLORE.EXE
    762 B
    4.6kB
    10
    9
  • 172.217.16.225:443
    https://tpc.googlesyndication.com/generate_204?llWAPw
    tls, http
    IEXPLORE.EXE
    2.1kB
    18.5kB
    18
    21

    HTTP Request

    GET https://tpc.googlesyndication.com/sodar/sodar2.js

    HTTP Response

    200

    HTTP Request

    GET https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

    HTTP Response

    200

    HTTP Request

    GET https://tpc.googlesyndication.com/generate_204?llWAPw

    HTTP Response

    204
  • 172.217.169.67:80
    http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCDR9vuwevMnRDMxC1byWoK
    http
    IEXPLORE.EXE
    462 B
    845 B
    5
    3

    HTTP Request

    GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCDR9vuwevMnRDMxC1byWoK

    HTTP Response

    200
  • 198.58.118.167:8080
    helphomecare.at
    IEXPLORE.EXE
    152 B
    3
  • 198.58.118.167:8080
    helphomecare.at
    IEXPLORE.EXE
    152 B
    3
  • 72.14.178.174:8080
    helphomecare.at
    IEXPLORE.EXE
    152 B
    3
  • 72.14.178.174:8080
    helphomecare.at
    IEXPLORE.EXE
    152 B
    3
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
    7.7kB
    9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
    7.7kB
    9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
    7.7kB
    9
    12
  • 96.126.123.244:8080
    helphomecare.at
    IEXPLORE.EXE
    152 B
    3
  • 96.126.123.244:8080
    helphomecare.at
    IEXPLORE.EXE
    152 B
    3
  • 45.33.23.183:8080
    helphomecare.at
    IEXPLORE.EXE
    152 B
    3
  • 45.33.23.183:8080
    helphomecare.at
    IEXPLORE.EXE
    152 B
    3
  • 8.8.8.8:53
    myykza.free.fr
    dns
    IEXPLORE.EXE
    60 B
    129 B
    1
    1

    DNS Request

    myykza.free.fr

  • 8.8.8.8:53
    tiwolfly.free.fr
    dns
    IEXPLORE.EXE
    62 B
    131 B
    1
    1

    DNS Request

    tiwolfly.free.fr

  • 8.8.8.8:53
    i59.photobucket.com
    dns
    IEXPLORE.EXE
    65 B
    129 B
    1
    1

    DNS Request

    i59.photobucket.com

    DNS Response

    216.137.44.112
    216.137.44.17
    216.137.44.119
    216.137.44.125

  • 8.8.8.8:53
    zoom.ind.free.fr
    dns
    IEXPLORE.EXE
    62 B
    131 B
    1
    1

    DNS Request

    zoom.ind.free.fr

  • 8.8.8.8:53
    www.dailymotion.com
    dns
    IEXPLORE.EXE
    65 B
    135 B
    1
    1

    DNS Request

    www.dailymotion.com

    DNS Response

    188.65.124.92

  • 8.8.8.8:53
    dailymotion.com
    dns
    IEXPLORE.EXE
    61 B
    77 B
    1
    1

    DNS Request

    dailymotion.com

    DNS Response

    195.8.215.136

  • 8.8.8.8:53
    c.pki.goog
    dns
    IEXPLORE.EXE
    56 B
    107 B
    1
    1

    DNS Request

    c.pki.goog

    DNS Response

    172.217.169.67

  • 8.8.8.8:53
    o.pki.goog
    dns
    IEXPLORE.EXE
    56 B
    107 B
    1
    1

    DNS Request

    o.pki.goog

    DNS Response

    172.217.169.67

  • 8.8.8.8:53
    geo.dailymotion.com
    dns
    IEXPLORE.EXE
    65 B
    153 B
    1
    1

    DNS Request

    geo.dailymotion.com

    DNS Response

    188.65.124.92

  • 8.8.8.8:53
    static1.dmcdn.net
    dns
    IEXPLORE.EXE
    63 B
    167 B
    1
    1

    DNS Request

    static1.dmcdn.net

    DNS Response

    18.245.143.13
    18.245.143.82
    18.245.143.129
    18.245.143.40

  • 8.8.8.8:53
    ocsp.rootca3.amazontrust.com
    dns
    IEXPLORE.EXE
    74 B
    90 B
    1
    1

    DNS Request

    ocsp.rootca3.amazontrust.com

    DNS Response

    108.138.216.113

  • 8.8.8.8:53
    pebed.dm-event.net
    dns
    IEXPLORE.EXE
    64 B
    109 B
    1
    1

    DNS Request

    pebed.dm-event.net

    DNS Response

    188.65.124.59

  • 8.8.8.8:53
    helphomecare.at
    dns
    IEXPLORE.EXE
    61 B
    253 B
    1
    1

    DNS Request

    helphomecare.at

    DNS Response

    45.33.30.197
    198.58.118.167
    72.14.178.174
    96.126.123.244
    45.33.23.183
    45.79.19.196
    45.33.2.79
    45.33.18.44
    72.14.185.43
    45.33.20.235
    45.56.79.23
    173.255.194.134

  • 8.8.8.8:53
    tpc.googlesyndication.com
    dns
    IEXPLORE.EXE
    71 B
    87 B
    1
    1

    DNS Request

    tpc.googlesyndication.com

    DNS Response

    172.217.16.225

  • 8.8.8.8:53
    fe0.google.com
    dns
    IEXPLORE.EXE
    60 B
    110 B
    1
    1

    DNS Request

    fe0.google.com

  • 8.8.8.8:53
    www.microsoft.com
    dns
    iexplore.exe
    63 B
    230 B
    1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    23.55.97.181

  • 8.8.8.8:53
    www.microsoft.com
    dns
    iexplore.exe
    63 B
    230 B
    1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    23.55.97.181

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

    Filesize

    230B

    MD5

    8cce53cc416449ba10256ab8d133d1eb

    SHA1

    d4e634bd37d203aeef9978b782586de65ca2aa41

    SHA256

    f733a2027d7bfdf4ebb48eb84fcd060fece1e676547ef5c510d72cd12b66d126

    SHA512

    ddf2edf3e2797fa5b6410c5852b09bfcf2eea6d8a6e2aac44160421ab71c4ff86c1efdf1b34a659e5adf963acf26c99089e0c46ba0e6cfe2d6e9f957b532a41b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    1c0bcc11a9e98e5b76def103bf917502

    SHA1

    0bdd7d461eb6889ed3223d691336a44a9389409c

    SHA256

    a416f4af7aaa3200ea91a1fc84d93971543bb34a45efa4ec5950d90b7e0f1967

    SHA512

    705c0929500aabeeca7f46185716d9b4f9dfdd6009a7501fac34634b349aafbe3499093fa2cf0c8fd371834d314478735419bc835c85b5a3c502875ecf50ab1a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    638619f3cffc89662be3c387a306fd23

    SHA1

    a9c8787f9723b855ad12162c588f92dcdcfba69a

    SHA256

    88c742142bdd49a2de2a457e1b1d89fed22d0c1e9de5717645a3f3f72ffed9eb

    SHA512

    255d5b52b3a03f092e9527661c5e23b9bcc9053e2bd96d7cb6f68841d6c301a07c1baf9164e6b68083fa8f2ae2057fd85a7dc808a327024f0ccb9d46dc72c587

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    22948664d042d7b86aedd5cdc5c58b70

    SHA1

    6ca8235563c783fa2501c54984f6f3d1289d901d

    SHA256

    e55fb089821bfb844e678baca72ad383ffe183f5dddcf720257fd6dc1862a211

    SHA512

    a7b2556652e03b118b5cec8fdd54c1a1c0ebb39f6b378cef2ea3ea1e1b781e3e40c5e7c82c73a93f849478a07226517c548ab48af8c601f9bc37ad1c812e813e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f9cc2b1f8d364e268bf30341271d9e48

    SHA1

    c4a756b772d09764c3e5013eea57941ee7d01599

    SHA256

    fc3277614ae74df6612823a9c45f5d9cc276d6fe5abbacf35a745b574e36f1c3

    SHA512

    77871f58aa50e8880a6f8e824e95e3c1c7d9b561eb903069e2364c8e6a0d353693850964e71d386ae4648bef6c217eb72aa4baaf60455db201a5e2748ee81483

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f76f09a059687b4dd2e2555bfe8ad58d

    SHA1

    64af397bc3c89284f7c07ddbe7795c2459ef379f

    SHA256

    aa6f1e42291518d7aacae39948a4ee60d388fd74cf3ec209269caf9965a3a4ba

    SHA512

    aac3b5ec43d218451cb1ac16d53669420a482ff680da304bb3be4d0a0f33c9093953bb097ca92a58daaaf1ab1b68dc93162df10fc6195979fc577ee647ab6a58

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0f850304bc1e37840b4853e8730f5a42

    SHA1

    7c7a628e7fb6b782ea737d7e776457703745a17e

    SHA256

    705b836596c6d860c2a206bdc9fa099543197a0817c99ee3f6c81bfef9197787

    SHA512

    6e6015f1356f8d80e4f51f86ee4b9561c19c81d5e644dd0ac7dfbc7010b9733cacd8c96ba92435c2784c2f31735908b26d78549e16dc7a613b3bdf22e2c3ea76

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6fddd5b80fd7540d9febfe606350db88

    SHA1

    b9448afda2931546e9fec00bc0ad30fb17a599e1

    SHA256

    62b00a61fdd3d555efaa9ab851d0f60bf0543dd307337f4725a4354493fe9372

    SHA512

    334122c7690917f46ec2961c315e3eafad2a4057fa248ea8ca8d8516a6c9103765bf4db0125a2f775aa72f88fa2bcf7eab01b1a29fa1d95464e69de946b19d82

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f3817bf8fa3b949e4ad9371096fd68c9

    SHA1

    02d09adadab574ebfd30094752af330129496a22

    SHA256

    b25d679ffb2af13c050b93c6f7b5d47bf0c39459c0f5ff9f4cd06aa13d8bdd06

    SHA512

    15af25f1a6a6144ff147f11d792fa6758ae498c5a6dbc02fe1a759afde62b1fc0ac565d5ef471ea21cee897d5874ddf162f9c7f9748053cbd76839298dc78265

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    330fbe7c82f6b88a83d1da6f39463b1c

    SHA1

    5a8450da6f7956b8577345c6ceab231e72e451e9

    SHA256

    7504fddbdbc757ef207b57395b4689fc6a22efd79c70e31e124a9b03f6db7608

    SHA512

    2273e6014e9b450612d359c47d467c7c827aa506c5617b888f76c7702e037ce9b8d510fe7e18ffb2ef6f8cd02071b710d4eccf526a3ade1e99a2d4beaf1f1de7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6ef81b6431eedbbb9a5e80dda5ae5f96

    SHA1

    b2247eeb75da85ff00b65b29211fa8f9d0774943

    SHA256

    a5cfdf07b2ff1ec28a878af93921c3156390dde6f786ed180f9f5724e251e221

    SHA512

    5f7b8ba1505bdb9b0e2c78917e4a67b74b8eae34962fdfd549545a2c63922c89ffb3c45a6a4dbeb837e2c2a8ead77d6671d29eb86d5eed130fbe159c06990c90

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0dd9a1e095c2f09103744648b9a67eb9

    SHA1

    ff39f648b959bd453515728e78351725c9c731c0

    SHA256

    2126df9643f889d21675253062684fd18ce12f247c43002d7bf64b68d4310238

    SHA512

    ad10615cdd3045faf9250312a3a4df6e20164f765fd52a5b9b50fd803bb7a859309275dd46c78ef9ec961afe8b4caae41472e89eab787cc58834422fdf138e5f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4bbbe948c94d71c8ce9b000f9036f253

    SHA1

    d291f50607954e3fb2d66bfb03d3d64fa328387f

    SHA256

    2a956c826e0f7de3b40da8858016b7d732bf077dc5f3a0ab79ce514fd55d11e2

    SHA512

    cf3a9f293b0a4a95dfc66409244c3f4cb6eca60bb3726e0d1d7e2549a41186ba634ef17fe5a9f4bbc1fefd28712de2bfdb905cef92d156c86d4e0602bbce8025

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1f30c846d6496c6182afd33e45efa4a1

    SHA1

    6eaa40d3f36a8146fce51c54f3f1de3e075888c9

    SHA256

    4aec154c798c84393118fb89be59ba918fe73d0e80cd74691d8fd5fc22d65e4e

    SHA512

    5840a9f84f52ba6b2f484fc7be8e8def3b49d2ca0d6a9acdf4aa52e6e1d4c6f405ab27f67f8ffe646a6ab92ae2893c9cfc0235b6efaed49868475d398acafaec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5c43705cae94cc2e1058e2a667e03752

    SHA1

    593611f508e4d31e5a403df72989ab7420e0e35f

    SHA256

    0e68c2aaf7fa8c7ef952667106efd9b939753eed075aa6350e1846baf3bb57a1

    SHA512

    0b7670d5a83078402457f6db00373acef5ff0c540265f73d5c33ea85f5fb4741c521d0bffed213dd51ccba3a4e3cf44e8c2498f41eb44053fd223617124b3256

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    532989b1023399004d6efe3458d0d3c3

    SHA1

    dbe40b376e729b7098ca0ee43213bf31ab9823ae

    SHA256

    d960e4c402e25b3fc7cd87731a64c6b7b2f97ac32f6d9c665943327cdd7eb9f1

    SHA512

    983dea3e9d8282ca47b1428a8ecb38b987850792c0347e520ec6c1bacb7cc84eb5156ab78ef51ff818075b880566ebd04cd81fcb29d0dbc4ba0d99c10cb0704b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    59bcca31eff8334da433ddfba1a06d87

    SHA1

    b264dce608392e772a6c8a0c3d0f408e9333546c

    SHA256

    dec8d8a29d35a9907f4e87831e2b33d381bceed1e8153a795a5da19e10e685a8

    SHA512

    4374dd985a1d16232d22384fddbeeccc614937abc186da1ab23adb379975c058bb6b35855397ef2e40eeed927509a36efa5592becde03290df313196bd27e849

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9c163b1c84b28aae685950fd9815c78b

    SHA1

    60a073eeb2363ab8736df7eb187a63b2a3ae985a

    SHA256

    1f3645c6f7765fc638b724d08d3216651e932d9187af7f8716968c61f53ba69f

    SHA512

    c4932eb6bf4459de6b2966ad4c46cb7b5185b8a78b233e779efd7506e73b2e14fdc57859cb3623c0384786b02eb891cf3756530fb739d956e1f2795b9ad039b2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a521ee413f72d78946a313f7972d778e

    SHA1

    99941147f72e56eedeae1e41c11b1308c72c895e

    SHA256

    2574de193f034485ed414625e31420d1cfd43cec62c817461555c28f2cea55a4

    SHA512

    fd64d6065a79ccd5933abca70e081cf3b4b502bcae0d5ced0f816815be07923f4cf6145b1c39dcae6488ba76b889f90fbcd9e8be9ab6e32dab8e5efcfd2595ec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    66a183d1c8944bbb9b04fde29be73ceb

    SHA1

    8ff894df9cf98ccb42563bcea97068a71b266b8b

    SHA256

    e704939357078dc3542f067bea4d632fe4ded052d6fbf4e7aa943a00e4b996fd

    SHA512

    f25387f9e140bfbd7b83c121eba88d6e1e1f5808262824fd0c17a10b53b8f39456b0f43bd0c9edf0b88cd4310e1080898110a0b876e570927d1961c8fcc24b45

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e843a1ec58da20f9b0a1968a9f91cb73

    SHA1

    eb61db2ae274aafb5738c25875788329bd2f7e0c

    SHA256

    a8d6330ef485b2208265d0983f25fd949aa0693d24ccfbcd567ab405b781a28f

    SHA512

    de1f2c3873f6de321c9e0ba7517e7664aba1b41d2332e649f2b256865facb2990b338d21402fe160203a98a383b060f236e8811c1425e1a0e23ab48163892d65

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3f9dba48496f3ed08944bd388164ada0

    SHA1

    a2de0ee09883b8eb45d1afb55e9e237cfc51fdcd

    SHA256

    fdb4306fd48d0d0be51d6c1f70b0c58adfc4104d63c6e4045cbebd26c5722445

    SHA512

    e240243ebd9d5a3477a5c121d7af720cbd68815c7e6423ab8d661ea73d873437f16b2dfa476ca5b5521ee8d73cebe09f783f78bae7ee9b25ce74322f8a72d040

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    16bf6d2b808182dafbbd6d0e77ff978a

    SHA1

    925b3b16d4d3c84dbe4cbe257458430baf238820

    SHA256

    36cc3dc1a303b9ce3be655e56016dde5a35ce2c53dbe6d8ffadd59c779e4fc9e

    SHA512

    24bee234df1d5cb03cc23c1bf57d07aa845ad8c3003a75553af8264dc2856863374e3a32dbeb3033a156ea59da938a6c6bff0983c00e55912719a5eb90ab0808

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    68e11793cc3001279e2c8b93a51c894a

    SHA1

    59b1066418094a47d250b4833993feaf5ad9d306

    SHA256

    9be78a1332e221bec0804e831cdc209427d1e09ab15df18f627625fdd54c8f09

    SHA512

    9cc8e0901f34df89b88aac14a1fa4942b4209557591260706e129cd6776870d260b99a6616e273ea5e0b1ad6956b002f4662ccacdb45a0b076643a65d4311372

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    608438b2c44d7070a0024896b65900c1

    SHA1

    f2188af7e9ece4d787618b92a8e00712233e764f

    SHA256

    fc70bddb86307d71fe4910bde85c00d97f2ff4494740ce4eb797bc2d3618b95f

    SHA512

    9ba2428ecf03dafebcb6f80f4a9427b30b495d90c83c22ca402f85de3b776657932c13fa044fbecfe24dfa48ba11d69b778192757e1577106064fac40eaab875

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    78a3c0c3425b50fd053f983631ba2020

    SHA1

    d4cd4936d4903a22f72f491165cbad3b47911c24

    SHA256

    6a526c1c29328188dfdd00954cc89583398135e44a63140322b70eb47c43b554

    SHA512

    96e19186fff8b65cda15d8b1493f7e42a78c957c056f8068f5cf7f006427b768a2941bfb51c3dd51b965044608333fa26d3e04832473255ba929e24fd5139ab7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    afb9e46373a8e6bc8a76c6a3b34f092f

    SHA1

    952db9f1aeb5d6a3dc23eeb05ee36051cbc501bf

    SHA256

    2708a2beeafb9973540156a4b296e3128d12203225098a5da40dbbb2bfc49dc6

    SHA512

    ae82b86d52148c654170fb5fc84b55384fa377473a335499bd9c101d0edd4ff4df982d04638d3954371a2e7f4cac11751db6c108665d4e4cd11f1f2646ab289f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e07abe91edc5679bc96d4490c4fb31ab

    SHA1

    2140e2564587610447503afeaa93912fc5e31eae

    SHA256

    a1d132ad702b6cf09cc3d05ef3cbddbcc1f8881765b7244bcde2cdbac87e16ca

    SHA512

    9fcb034b3e8eb93f9891c5ba5e69c6b95b4f649726821f58af1336a8d8b1749f96276d086172a79039237ceec63afddba89fe32223861c4e9a9706d583252437

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    1c1034684f3565f300b3c9bc6d21c0b0

    SHA1

    398a0f9a2f3e7318a334f6645c867d34a2aaa1e9

    SHA256

    b0a99a34836e0aaac4adde16374dbad640fa1ac1079510bed82f5039273e9c8c

    SHA512

    fc1eb51c1b842d4780ac72a56958c67c13544edef4ecdc01e4e376ec11f38ac452eee3015530c250915cb87c6a19595b94fa7fddcfeea868dd825a7cde33e304

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\f[1].txt

    Filesize

    40KB

    MD5

    3498ba50aaeb35a9246d0584de90c6ef

    SHA1

    061c91f82346d41065285e18e698399667a859d6

    SHA256

    17fc0c523f20c9c941759feed1f693b3e30233e709b9dee3de9b1a6d265533c1

    SHA512

    e5e914eef2cb15aa929aeb79209d88b9efe97a532ddc01737ff52d377ae5ad6d00096c9ce85db0caa8029d8d2ed251696e61c4e4c1c2ac71548be28b4be2d59c

  • C:\Users\Admin\AppData\Local\Temp\Tar1B93.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.