Analysis

  • max time kernel
    117s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 06:50

General

  • Target

    eacaf1dbbebd5e670d73124debbf04cd_JaffaCakes118.html

  • Size

    403KB

  • MD5

    eacaf1dbbebd5e670d73124debbf04cd

  • SHA1

    e829227a3059df3c297b8e999032325d41bf127d

  • SHA256

    df46b0f2717c3ad2d417c26005de25b0be34598ef5a65d8934e2ea40a4ede704

  • SHA512

    2145b16bf91374f0bdfbdd4a44b7c7842335f390debc576c51c9bb436d9c9cb12839558c6ca0b01f83e65e1d969dcb5abc0ad6fc1ea60ca4844a8adfeee037f1

  • SSDEEP

    6144:nK9YU93GYUCNECNPCNms/CN+C1x1Bg3PeF:varUCNECNPCNhCN+C1x11

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eacaf1dbbebd5e670d73124debbf04cd_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2660
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2704

Network

  • flag-us
    DNS
    www.indirads.org
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.indirads.org
    IN A
    Response
    www.indirads.org
    IN CNAME
    indirads.org
    indirads.org
    IN A
    193.36.61.68
  • flag-us
    DNS
    programindir.cafe
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    programindir.cafe
    IN A
    Response
    programindir.cafe
    IN CNAME
    pltraffic7.com
    pltraffic7.com
    IN A
    72.52.179.174
  • flag-tr
    GET
    https://www.indirads.org/tr/programindircafe.js
    IEXPLORE.EXE
    Remote address:
    193.36.61.68:443
    Request
    GET /tr/programindircafe.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.indirads.org
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx-V-ddos
    Date: Thu, 19 Sep 2024 06:50:40 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 315
    Connection: keep-alive
    Keep-Alive: timeout=15
  • flag-tr
    GET
    https://www.indirads.org/tr/programindircafe2.js
    IEXPLORE.EXE
    Remote address:
    193.36.61.68:443
    Request
    GET /tr/programindircafe2.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.indirads.org
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx-V-ddos
    Date: Thu, 19 Sep 2024 06:50:40 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 315
    Connection: keep-alive
    Keep-Alive: timeout=15
  • flag-us
    DNS
    c.pki.goog
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    c.pki.goog
    IN A
    Response
    c.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    142.250.200.35
  • flag-us
    DNS
    c.pki.goog
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    c.pki.goog
    IN A
    Response
    c.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    142.250.200.35
  • flag-gb
    GET
    http://c.pki.goog/r/r1.crl
    IEXPLORE.EXE
    Remote address:
    142.250.200.35:80
    Request
    GET /r/r1.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 854
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Thu, 19 Sep 2024 06:35:10 GMT
    Expires: Thu, 19 Sep 2024 07:25:10 GMT
    Cache-Control: public, max-age=3000
    Age: 933
    Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-gb
    GET
    http://c.pki.goog/r/r1.crl
    IEXPLORE.EXE
    Remote address:
    142.250.200.35:80
    Request
    GET /r/r1.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 854
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Thu, 19 Sep 2024 06:35:10 GMT
    Expires: Thu, 19 Sep 2024 07:25:10 GMT
    Cache-Control: public, max-age=3000
    Age: 933
    Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-us
    DNS
    e5.o.lencr.org
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    e5.o.lencr.org
    IN A
    Response
    e5.o.lencr.org
    IN CNAME
    o.lencr.edgesuite.net
    o.lencr.edgesuite.net
    IN CNAME
    a1887.dscq.akamai.net
    a1887.dscq.akamai.net
    IN A
    88.221.134.137
    a1887.dscq.akamai.net
    IN A
    88.221.134.89
    a1887.dscq.akamai.net
    IN A
    88.221.134.91
    a1887.dscq.akamai.net
    IN A
    88.221.135.114
  • flag-us
    DNS
    e5.o.lencr.org
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    e5.o.lencr.org
    IN A
    Response
    e5.o.lencr.org
    IN CNAME
    o.lencr.edgesuite.net
    o.lencr.edgesuite.net
    IN CNAME
    a1887.dscq.akamai.net
    a1887.dscq.akamai.net
    IN A
    88.221.134.129
    a1887.dscq.akamai.net
    IN A
    88.221.134.137
    a1887.dscq.akamai.net
    IN A
    88.221.135.97
    a1887.dscq.akamai.net
    IN A
    88.221.134.91
    a1887.dscq.akamai.net
    IN A
    88.221.135.105
    a1887.dscq.akamai.net
    IN A
    88.221.134.107
    a1887.dscq.akamai.net
    IN A
    88.221.135.106
    a1887.dscq.akamai.net
    IN A
    88.221.135.98
  • flag-gb
    GET
    http://e5.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQeEcDJrP2kU%2B9LL2pzIRVgTVStuQQUmc0pw6FYJq96ekyEWo9ziGCw394CEgQ5RkDISc%2FwpxjwOmVz08PPAA%3D%3D
    IEXPLORE.EXE
    Remote address:
    88.221.134.137:80
    Request
    GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBQeEcDJrP2kU%2B9LL2pzIRVgTVStuQQUmc0pw6FYJq96ekyEWo9ziGCw394CEgQ5RkDISc%2FwpxjwOmVz08PPAA%3D%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: e5.o.lencr.org
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Content-Type: application/ocsp-response
    Content-Length: 344
    ETag: "A99CF250EFC90FE03A8B52FD2B3BEE1B5E18F7EA551640FE9F4479AB4D9DA94F"
    Last-Modified: Wed, 18 Sep 2024 07:38:00 UTC
    Cache-Control: public, no-transform, must-revalidate, max-age=12196
    Expires: Thu, 19 Sep 2024 10:13:59 GMT
    Date: Thu, 19 Sep 2024 06:50:43 GMT
    Connection: keep-alive
  • flag-gb
    GET
    http://e5.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQeEcDJrP2kU%2B9LL2pzIRVgTVStuQQUmc0pw6FYJq96ekyEWo9ziGCw394CEgQ5RkDISc%2FwpxjwOmVz08PPAA%3D%3D
    IEXPLORE.EXE
    Remote address:
    88.221.134.129:80
    Request
    GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBQeEcDJrP2kU%2B9LL2pzIRVgTVStuQQUmc0pw6FYJq96ekyEWo9ziGCw394CEgQ5RkDISc%2FwpxjwOmVz08PPAA%3D%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: e5.o.lencr.org
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Content-Type: application/ocsp-response
    Content-Length: 344
    ETag: "A99CF250EFC90FE03A8B52FD2B3BEE1B5E18F7EA551640FE9F4479AB4D9DA94F"
    Last-Modified: Wed, 18 Sep 2024 07:38:00 UTC
    Cache-Control: public, no-transform, must-revalidate, max-age=12226
    Expires: Thu, 19 Sep 2024 10:14:29 GMT
    Date: Thu, 19 Sep 2024 06:50:43 GMT
    Connection: keep-alive
  • flag-us
    DNS
    o.pki.goog
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    o.pki.goog
    IN A
    Response
    o.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    142.250.200.35
  • flag-us
    DNS
    o.pki.goog
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    o.pki.goog
    IN A
    Response
    o.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    142.250.200.35
  • flag-gb
    GET
    http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEGs31zQSL0RFCna%2BsoPon%2Bg%3D
    IEXPLORE.EXE
    Remote address:
    142.250.200.35:80
    Request
    GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEGs31zQSL0RFCna%2BsoPon%2Bg%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: o.pki.goog
    Response
    HTTP/1.1 200 OK
    Server: ocsp_responder
    Content-Length: 471
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Date: Thu, 19 Sep 2024 05:51:43 GMT
    Cache-Control: public, max-age=14400
    Content-Type: application/ocsp-response
    Age: 3540
  • flag-gb
    GET
    http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEGs31zQSL0RFCna%2BsoPon%2Bg%3D
    IEXPLORE.EXE
    Remote address:
    142.250.200.35:80
    Request
    GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEGs31zQSL0RFCna%2BsoPon%2Bg%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: o.pki.goog
    Response
    HTTP/1.1 200 OK
    Server: ocsp_responder
    Content-Length: 471
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Date: Thu, 19 Sep 2024 05:51:43 GMT
    Cache-Control: public, max-age=14400
    Content-Type: application/ocsp-response
    Age: 3540
  • flag-us
    DNS
    mc.yandex.ru
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    mc.yandex.ru
    IN A
    Response
    mc.yandex.ru
    IN A
    87.250.251.119
    mc.yandex.ru
    IN A
    93.158.134.119
    mc.yandex.ru
    IN A
    87.250.250.119
    mc.yandex.ru
    IN A
    77.88.21.119
  • flag-ru
    GET
    https://mc.yandex.ru/metrika/tag.js
    IEXPLORE.EXE
    Remote address:
    87.250.251.119:443
    Request
    GET /metrika/tag.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mc.yandex.ru
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=3600
    Content-Encoding: gzip
    Content-Length: 79270
    Content-Type: application/javascript
    Date: Thu, 19 Sep 2024 06:50:54 GMT
    ETag: "66eaba6d-135a6"
    Expires: Thu, 19 Sep 2024 07:50:54 GMT
    Last-Modified: Wed, 18 Sep 2024 11:33:01 GMT
    Set-Cookie: _yasc=5r+t3b4doOHddyEFt51Y1vt2vFIUWZhNe6qF5oxyP13B4/bRve6sJauVmvKKPsMuvkzC; domain=.yandex.ru; path=/; expires=Sun, 17 Sep 2034 06:50:54 GMT; secure
    Set-Cookie: i=1sbKdHLiZtj9kS7Cqgin4WBY9f/1W1cfcfhJQe/MNrCVMG4GhUx+h/UaFGsi4zhqTz9iwuD33aYhlQ399QpDtDdOOrk=; Expires=Sat, 19-Sep-2026 06:50:54 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly
    Set-Cookie: yandexuid=5349756521726728654; Expires=Sat, 19-Sep-2026 06:50:54 GMT; Domain=.yandex.ru; Path=/; Secure
    Set-Cookie: yashr=8729236521726728654; Path=/; Domain=.yandex.ru; Expires=Fri, 19 Sep 2025 06:50:54 GMT; Secure; HttpOnly
    Strict-Transport-Security: max-age=31536000
    Timing-Allow-Origin: *
  • flag-ru
    GET
    https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10497.1BCXbTv3xfG5cIwzigu7uMPcLQkEvM9LuHjyzl0roYEQvfA0zG4p6X7Q-ezElX7n.txV1xRdT92wRnCse6lf19WVMSK0%2C
    IEXPLORE.EXE
    Remote address:
    87.250.251.119:443
    Request
    GET /sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10497.1BCXbTv3xfG5cIwzigu7uMPcLQkEvM9LuHjyzl0roYEQvfA0zG4p6X7Q-ezElX7n.txV1xRdT92wRnCse6lf19WVMSK0%2C HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mc.yandex.ru
    Connection: Keep-Alive
    Cookie: _yasc=5r+t3b4doOHddyEFt51Y1vt2vFIUWZhNe6qF5oxyP13B4/bRve6sJauVmvKKPsMuvkzC; i=1sbKdHLiZtj9kS7Cqgin4WBY9f/1W1cfcfhJQe/MNrCVMG4GhUx+h/UaFGsi4zhqTz9iwuD33aYhlQ399QpDtDdOOrk=; yandexuid=5349756521726728654; yashr=8729236521726728654
    Response
    HTTP/1.1 302 Moved temporarily
    Date: Thu, 19 Sep 2024 06:50:55 GMT
    Location: https://mc.yandex.com/sync_cookie_image_decide?token=10497.sjfnhwVvox1Z9f-oQgK2WBPj9FRW54SjiVrSJSoHHZk9paQuqliTXCIcMh6ukKu6-lsqZjIVEfZ1QI8w1OJtfKn_b8sSPB56_Kf17YMUir2EcZtgggCeicSza1GfSqhIo4Vb6MeFlTNHkTkr0A4C7eS5Mt8w7pYtZOYdU2ryym-T42ZbK5pjo0bXA0hFGx_MJQ9oyL3lDu0QE1QluC0t1f7XNafD27H5P_lyHjjmLMs%2C.rjairZgE4eJ2hbtsR4Su2A2fM1c%2C
    Set-Cookie: sync_cookie_csrf=3394552122fake; Expires=Thu, 19-Sep-2024 07:00:55 GMT; Domain=.mc.yandex.ru; Path=/
    Strict-Transport-Security: max-age=31536000
    Transfer-Encoding: chunked
    X-XSS-Protection: 1; mode=block
  • flag-us
    DNS
    mc.yandex.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    mc.yandex.com
    IN A
    Response
    mc.yandex.com
    IN CNAME
    mc.yandex.ru
    mc.yandex.ru
    IN A
    93.158.134.119
    mc.yandex.ru
    IN A
    77.88.21.119
    mc.yandex.ru
    IN A
    87.250.250.119
    mc.yandex.ru
    IN A
    87.250.251.119
  • flag-ru
    GET
    https://mc.yandex.com/sync_cookie_image_check
    IEXPLORE.EXE
    Remote address:
    93.158.134.119:443
    Request
    GET /sync_cookie_image_check HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mc.yandex.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Moved temporarily
    Date: Thu, 19 Sep 2024 06:50:55 GMT
    Location: https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10497.1BCXbTv3xfG5cIwzigu7uMPcLQkEvM9LuHjyzl0roYEQvfA0zG4p6X7Q-ezElX7n.txV1xRdT92wRnCse6lf19WVMSK0%2C
    Set-Cookie: sync_cookie_csrf=2863705595fake; Expires=Thu, 19-Sep-2024 07:00:55 GMT; Domain=.mc.yandex.com; Path=/
    Strict-Transport-Security: max-age=31536000
    Transfer-Encoding: chunked
    X-XSS-Protection: 1; mode=block
  • flag-ru
    GET
    https://mc.yandex.com/sync_cookie_image_decide?token=10497.sjfnhwVvox1Z9f-oQgK2WBPj9FRW54SjiVrSJSoHHZk9paQuqliTXCIcMh6ukKu6-lsqZjIVEfZ1QI8w1OJtfKn_b8sSPB56_Kf17YMUir2EcZtgggCeicSza1GfSqhIo4Vb6MeFlTNHkTkr0A4C7eS5Mt8w7pYtZOYdU2ryym-T42ZbK5pjo0bXA0hFGx_MJQ9oyL3lDu0QE1QluC0t1f7XNafD27H5P_lyHjjmLMs%2C.rjairZgE4eJ2hbtsR4Su2A2fM1c%2C
    IEXPLORE.EXE
    Remote address:
    93.158.134.119:443
    Request
    GET /sync_cookie_image_decide?token=10497.sjfnhwVvox1Z9f-oQgK2WBPj9FRW54SjiVrSJSoHHZk9paQuqliTXCIcMh6ukKu6-lsqZjIVEfZ1QI8w1OJtfKn_b8sSPB56_Kf17YMUir2EcZtgggCeicSza1GfSqhIo4Vb6MeFlTNHkTkr0A4C7eS5Mt8w7pYtZOYdU2ryym-T42ZbK5pjo0bXA0hFGx_MJQ9oyL3lDu0QE1QluC0t1f7XNafD27H5P_lyHjjmLMs%2C.rjairZgE4eJ2hbtsR4Su2A2fM1c%2C HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Cookie: sync_cookie_csrf=2863705595fake
    Connection: Keep-Alive
    Host: mc.yandex.com
    Response
    HTTP/1.1 200 Ok
    Content-Length: 43
    Content-Type: image/gif
    Date: Thu, 19 Sep 2024 06:50:55 GMT
    Set-Cookie: yandexuid=5349756521726728654; Expires=Sun, 17-Sep-2034 06:50:55 GMT; Domain=.yandex.com; Path=/
    Set-Cookie: i=1sbKdHLiZtj9kS7Cqgin4WBY9f/1W1cfcfhJQe/MNrCVMG4GhUx+h/UaFGsi4zhqTz9iwuD33aYhlQ399QpDtDdOOrk=; Expires=Sun, 17-Sep-2034 06:50:55 GMT; Domain=.yandex.com; Path=/
    Set-Cookie: sync_cookie_ok=synced; Expires=Fri, 20-Sep-2024 06:50:55 GMT; Domain=.mc.yandex.com; Path=/
    Strict-Transport-Security: max-age=31536000
    X-XSS-Protection: 1; mode=block
  • flag-ru
    GET
    https://mc.yandex.com/watch/55550833?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Feacaf1dbbebd5e670d73124debbf04cd_JaffaCakes118.html&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Ac4o2nplw0gn9nduetxpw3hlsrf%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1450%3Acn%3A1%3Adp%3A0%3Als%3A1123267023542%3Ahid%3A591476869%3Az%3A0%3Ai%3A20240919065053%3Aet%3A1726728654%3Ac%3A1%3Arn%3A15649667%3Au%3A1726728654645045755%3Aw%3A1263x609%3As%3A1280x720x24%3Ask%3A1%3Aj%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Ans%3A1726728641522%3Arqnl%3A1%3Ast%3A1726728654%3At%3AEuro%20Truck%20Simulator%202%20%C4%B0ndir%20-%20(ETS%202)%20v1.38.1.0s%20%2B%2072%20DLC%20%7C%20Program%20%C4%B0ndir%20cafe%20%7C%20Oyun%20%C4%B0ndir%20-%20Apk%20-%20Film%20indir&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(0)cdl(na)eco(21037568)ti(2)
    IEXPLORE.EXE
    Remote address:
    93.158.134.119:443
    Request
    GET /watch/55550833?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Feacaf1dbbebd5e670d73124debbf04cd_JaffaCakes118.html&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Ac4o2nplw0gn9nduetxpw3hlsrf%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1450%3Acn%3A1%3Adp%3A0%3Als%3A1123267023542%3Ahid%3A591476869%3Az%3A0%3Ai%3A20240919065053%3Aet%3A1726728654%3Ac%3A1%3Arn%3A15649667%3Au%3A1726728654645045755%3Aw%3A1263x609%3As%3A1280x720x24%3Ask%3A1%3Aj%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Ans%3A1726728641522%3Arqnl%3A1%3Ast%3A1726728654%3At%3AEuro%20Truck%20Simulator%202%20%C4%B0ndir%20-%20(ETS%202)%20v1.38.1.0s%20%2B%2072%20DLC%20%7C%20Program%20%C4%B0ndir%20cafe%20%7C%20Oyun%20%C4%B0ndir%20-%20Apk%20-%20Film%20indir&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(0)cdl(na)eco(21037568)ti(2) HTTP/1.1
    Accept: */*
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: mc.yandex.com
    Connection: Keep-Alive
    Cookie: sync_cookie_csrf=2863705595fake; sync_cookie_ok=synced; yandexuid=5349756521726728654; i=1sbKdHLiZtj9kS7Cqgin4WBY9f/1W1cfcfhJQe/MNrCVMG4GhUx+h/UaFGsi4zhqTz9iwuD33aYhlQ399QpDtDdOOrk=
    Response
    HTTP/1.1 302 Moved temporarily
    Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
    Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
    Date: Thu, 19 Sep 2024 06:50:55 GMT
    Expires: Thu, 19-Sep-2024 06:50:55 GMT
    Last-Modified: Thu, 19-Sep-2024 06:50:55 GMT
    Location: /watch/55550833/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Feacaf1dbbebd5e670d73124debbf04cd_JaffaCakes118.html&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Ac4o2nplw0gn9nduetxpw3hlsrf%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1450%3Acn%3A1%3Adp%3A0%3Als%3A1123267023542%3Ahid%3A591476869%3Az%3A0%3Ai%3A20240919065053%3Aet%3A1726728654%3Ac%3A1%3Arn%3A15649667%3Au%3A1726728654645045755%3Aw%3A1263x609%3As%3A1280x720x24%3Ask%3A1%3Aj%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Ans%3A1726728641522%3Arqnl%3A1%3Ast%3A1726728654%3At%3AEuro%20Truck%20Simulator%202%20%C4%B0ndir%20-%20%28ETS%202%29%20v1.38.1.0s%20%2B%2072%20DLC%20%7C%20Program%20%C4%B0ndir%20cafe%20%7C%20Oyun%20%C4%B0ndir%20-%20Apk%20-%20Film%20indir&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%280%29cdl%28na%29eco%2821037568%29ti%282%29
    Pragma: no-cache
    Set-Cookie: yabs-sid=216662261726728655; Path=/
    Set-Cookie: yandexuid=5349756521726728654; Expires=Fri, 19-Sep-2025 06:50:55 GMT; Domain=.yandex.com; Path=/
    Set-Cookie: ymex=1758264655.yrts.1726728655; Expires=Fri, 19-Sep-2025 06:50:55 GMT; Domain=.yandex.com; Path=/
    Strict-Transport-Security: max-age=31536000
    Transfer-Encoding: chunked
    X-XSS-Protection: 1; mode=block
  • flag-ru
    GET
    https://mc.yandex.com/watch/55550833/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Feacaf1dbbebd5e670d73124debbf04cd_JaffaCakes118.html&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Ac4o2nplw0gn9nduetxpw3hlsrf%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1450%3Acn%3A1%3Adp%3A0%3Als%3A1123267023542%3Ahid%3A591476869%3Az%3A0%3Ai%3A20240919065053%3Aet%3A1726728654%3Ac%3A1%3Arn%3A15649667%3Au%3A1726728654645045755%3Aw%3A1263x609%3As%3A1280x720x24%3Ask%3A1%3Aj%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Ans%3A1726728641522%3Arqnl%3A1%3Ast%3A1726728654%3At%3AEuro%20Truck%20Simulator%202%20%C4%B0ndir%20-%20%28ETS%202%29%20v1.38.1.0s%20%2B%2072%20DLC%20%7C%20Program%20%C4%B0ndir%20cafe%20%7C%20Oyun%20%C4%B0ndir%20-%20Apk%20-%20Film%20indir&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%280%29cdl%28na%29eco%2821037568%29ti%282%29
    IEXPLORE.EXE
    Remote address:
    93.158.134.119:443
    Request
    GET /watch/55550833/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Feacaf1dbbebd5e670d73124debbf04cd_JaffaCakes118.html&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Ac4o2nplw0gn9nduetxpw3hlsrf%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1450%3Acn%3A1%3Adp%3A0%3Als%3A1123267023542%3Ahid%3A591476869%3Az%3A0%3Ai%3A20240919065053%3Aet%3A1726728654%3Ac%3A1%3Arn%3A15649667%3Au%3A1726728654645045755%3Aw%3A1263x609%3As%3A1280x720x24%3Ask%3A1%3Aj%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Ans%3A1726728641522%3Arqnl%3A1%3Ast%3A1726728654%3At%3AEuro%20Truck%20Simulator%202%20%C4%B0ndir%20-%20%28ETS%202%29%20v1.38.1.0s%20%2B%2072%20DLC%20%7C%20Program%20%C4%B0ndir%20cafe%20%7C%20Oyun%20%C4%B0ndir%20-%20Apk%20-%20Film%20indir&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%280%29cdl%28na%29eco%2821037568%29ti%282%29 HTTP/1.1
    Accept: */*
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: mc.yandex.com
    Connection: Keep-Alive
    Cookie: sync_cookie_csrf=2863705595fake; sync_cookie_ok=synced; yabs-sid=216662261726728655; yandexuid=5349756521726728654; i=1sbKdHLiZtj9kS7Cqgin4WBY9f/1W1cfcfhJQe/MNrCVMG4GhUx+h/UaFGsi4zhqTz9iwuD33aYhlQ399QpDtDdOOrk=; ymex=1758264655.yrts.1726728655
    Response
    HTTP/1.1 200 Ok
    Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
    Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
    Content-Length: 551
    Content-Type: application/json; charset=utf-8
    Date: Thu, 19 Sep 2024 06:50:55 GMT
    Expires: Thu, 19-Sep-2024 06:50:55 GMT
    Last-Modified: Thu, 19-Sep-2024 06:50:55 GMT
    Pragma: no-cache
    Strict-Transport-Security: max-age=31536000
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 1; mode=block
  • flag-ru
    GET
    https://mc.yandex.com/metrika/advert.gif
    IEXPLORE.EXE
    Remote address:
    93.158.134.119:443
    Request
    GET /metrika/advert.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mc.yandex.com
    Connection: Keep-Alive
    Cookie: sync_cookie_csrf=2863705595fake; sync_cookie_ok=synced; yabs-sid=216662261726728655; yandexuid=5349756521726728654; i=1sbKdHLiZtj9kS7Cqgin4WBY9f/1W1cfcfhJQe/MNrCVMG4GhUx+h/UaFGsi4zhqTz9iwuD33aYhlQ399QpDtDdOOrk=; ymex=1758264655.yrts.1726728655
    Response
    HTTP/1.1 200 OK
    Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
    Accept-Ranges: bytes
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=3600
    Content-Length: 43
    Content-Type: image/gif
    Date: Thu, 19 Sep 2024 06:50:56 GMT
    ETag: "66eaba6d-2b"
    Expires: Thu, 19 Sep 2024 07:50:56 GMT
    Last-Modified: Wed, 18 Sep 2024 11:33:01 GMT
    Set-Cookie: _yasc=5GZhpu1WJ8gSyQP7iaPkz+VNEyXh4mNT4UJEBP8sxKPofzOrH/2+bACyL5SHH6Qx1oAT; domain=.yandex.com; path=/; expires=Sun, 17 Sep 2034 06:50:56 GMT; secure
    Set-Cookie: yashr=3059506961726728656; Path=/; Domain=.yandex.com; Expires=Fri, 19 Sep 2025 06:50:56 GMT; Secure; HttpOnly
    Strict-Transport-Security: max-age=31536000
    Timing-Allow-Origin: *
  • flag-us
    DNS
    crl.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    crl.microsoft.com
    IN A
    Response
    crl.microsoft.com
    IN CNAME
    crl.www.ms.akadns.net
    crl.www.ms.akadns.net
    IN CNAME
    a1363.dscg.akamai.net
    a1363.dscg.akamai.net
    IN A
    92.123.142.59
    a1363.dscg.akamai.net
    IN A
    92.123.143.234
  • flag-gb
    GET
    http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
    Remote address:
    92.123.142.59:80
    Request
    GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    If-Modified-Since: Wed, 01 May 2024 09:28:59 GMT
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: crl.microsoft.com
    Response
    HTTP/1.1 200 OK
    Content-Length: 1036
    Content-Type: application/octet-stream
    Content-MD5: 5xIscz+eN7ugykyYXOEdbQ==
    Last-Modified: Thu, 11 Jul 2024 01:45:51 GMT
    ETag: 0x8DCA14B323B2CC0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 5fc09696-301e-0053-5f42-d374de000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 06:51:13 GMT
    Connection: keep-alive
  • flag-us
    DNS
    www.microsoft.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    95.100.245.144
  • flag-gb
    GET
    http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
    Remote address:
    95.100.245.144:80
    Request
    GET /pkiops/crl/MicCodSigPCA2011_2011-07-08.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    If-Modified-Since: Mon, 03 Jun 2024 21:25:24 GMT
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: www.microsoft.com
    Response
    HTTP/1.1 200 OK
    Content-Length: 1078
    Content-Type: application/octet-stream
    Content-MD5: cyz+t2uRxNE5eKALjGZu1w==
    Last-Modified: Sun, 18 Aug 2024 00:23:49 GMT
    ETag: 0x8DCBF1C07FCB4BF
    x-ms-request-id: e6150cee-901e-0017-5408-f1fee1000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 06:51:14 GMT
    Connection: keep-alive
    TLS_version: UNKNOWN
    ms-cv: CASMicrosoftCV5893cac0.0
    ms-cv-esi: CASMicrosoftCV5893cac0.0
    X-RTag: RT
  • flag-us
    DNS
    www.microsoft.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    95.100.245.144
  • flag-us
    DNS
    www.microsoft.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    95.100.245.144
  • 193.36.61.68:443
    https://www.indirads.org/tr/programindircafe.js
    tls, http
    IEXPLORE.EXE
    1.2kB
    3.9kB
    13
    10

    HTTP Request

    GET https://www.indirads.org/tr/programindircafe.js

    HTTP Response

    404
  • 193.36.61.68:443
    https://www.indirads.org/tr/programindircafe2.js
    tls, http
    IEXPLORE.EXE
    1.2kB
    3.9kB
    13
    10

    HTTP Request

    GET https://www.indirads.org/tr/programindircafe2.js

    HTTP Response

    404
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 142.250.200.35:80
    http://c.pki.goog/r/r1.crl
    http
    IEXPLORE.EXE
    348 B
    1.7kB
    5
    4

    HTTP Request

    GET http://c.pki.goog/r/r1.crl

    HTTP Response

    200
  • 142.250.200.35:80
    http://c.pki.goog/r/r1.crl
    http
    IEXPLORE.EXE
    348 B
    1.7kB
    5
    4

    HTTP Request

    GET http://c.pki.goog/r/r1.crl

    HTTP Response

    200
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 88.221.134.137:80
    http://e5.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQeEcDJrP2kU%2B9LL2pzIRVgTVStuQQUmc0pw6FYJq96ekyEWo9ziGCw394CEgQ5RkDISc%2FwpxjwOmVz08PPAA%3D%3D
    http
    IEXPLORE.EXE
    468 B
    862 B
    5
    3

    HTTP Request

    GET http://e5.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQeEcDJrP2kU%2B9LL2pzIRVgTVStuQQUmc0pw6FYJq96ekyEWo9ziGCw394CEgQ5RkDISc%2FwpxjwOmVz08PPAA%3D%3D

    HTTP Response

    200
  • 88.221.134.129:80
    http://e5.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQeEcDJrP2kU%2B9LL2pzIRVgTVStuQQUmc0pw6FYJq96ekyEWo9ziGCw394CEgQ5RkDISc%2FwpxjwOmVz08PPAA%3D%3D
    http
    IEXPLORE.EXE
    526 B
    1.7kB
    6
    5

    HTTP Request

    GET http://e5.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQeEcDJrP2kU%2B9LL2pzIRVgTVStuQQUmc0pw6FYJq96ekyEWo9ziGCw394CEgQ5RkDISc%2FwpxjwOmVz08PPAA%3D%3D

    HTTP Response

    200
  • 142.250.200.35:80
    http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEGs31zQSL0RFCna%2BsoPon%2Bg%3D
    http
    IEXPLORE.EXE
    520 B
    1.6kB
    6
    4

    HTTP Request

    GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEGs31zQSL0RFCna%2BsoPon%2Bg%3D

    HTTP Response

    200
  • 142.250.200.35:80
    http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEGs31zQSL0RFCna%2BsoPon%2Bg%3D
    http
    IEXPLORE.EXE
    468 B
    844 B
    5
    3

    HTTP Request

    GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEGs31zQSL0RFCna%2BsoPon%2Bg%3D

    HTTP Response

    200
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 87.250.251.119:443
    https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10497.1BCXbTv3xfG5cIwzigu7uMPcLQkEvM9LuHjyzl0roYEQvfA0zG4p6X7Q-ezElX7n.txV1xRdT92wRnCse6lf19WVMSK0%2C
    tls, http
    IEXPLORE.EXE
    3.6kB
    89.1kB
    51
    83

    HTTP Request

    GET https://mc.yandex.ru/metrika/tag.js

    HTTP Response

    200

    HTTP Request

    GET https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10497.1BCXbTv3xfG5cIwzigu7uMPcLQkEvM9LuHjyzl0roYEQvfA0zG4p6X7Q-ezElX7n.txV1xRdT92wRnCse6lf19WVMSK0%2C

    HTTP Response

    302
  • 87.250.251.119:443
    mc.yandex.ru
    tls
    IEXPLORE.EXE
    841 B
    4.0kB
    12
    11
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 93.158.134.119:443
    https://mc.yandex.com/metrika/advert.gif
    tls, http
    IEXPLORE.EXE
    5.3kB
    9.7kB
    19
    19

    HTTP Request

    GET https://mc.yandex.com/sync_cookie_image_check

    HTTP Response

    302

    HTTP Request

    GET https://mc.yandex.com/sync_cookie_image_decide?token=10497.sjfnhwVvox1Z9f-oQgK2WBPj9FRW54SjiVrSJSoHHZk9paQuqliTXCIcMh6ukKu6-lsqZjIVEfZ1QI8w1OJtfKn_b8sSPB56_Kf17YMUir2EcZtgggCeicSza1GfSqhIo4Vb6MeFlTNHkTkr0A4C7eS5Mt8w7pYtZOYdU2ryym-T42ZbK5pjo0bXA0hFGx_MJQ9oyL3lDu0QE1QluC0t1f7XNafD27H5P_lyHjjmLMs%2C.rjairZgE4eJ2hbtsR4Su2A2fM1c%2C

    HTTP Response

    200

    HTTP Request

    GET https://mc.yandex.com/watch/55550833?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Feacaf1dbbebd5e670d73124debbf04cd_JaffaCakes118.html&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Ac4o2nplw0gn9nduetxpw3hlsrf%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1450%3Acn%3A1%3Adp%3A0%3Als%3A1123267023542%3Ahid%3A591476869%3Az%3A0%3Ai%3A20240919065053%3Aet%3A1726728654%3Ac%3A1%3Arn%3A15649667%3Au%3A1726728654645045755%3Aw%3A1263x609%3As%3A1280x720x24%3Ask%3A1%3Aj%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Ans%3A1726728641522%3Arqnl%3A1%3Ast%3A1726728654%3At%3AEuro%20Truck%20Simulator%202%20%C4%B0ndir%20-%20(ETS%202)%20v1.38.1.0s%20%2B%2072%20DLC%20%7C%20Program%20%C4%B0ndir%20cafe%20%7C%20Oyun%20%C4%B0ndir%20-%20Apk%20-%20Film%20indir&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(0)cdl(na)eco(21037568)ti(2)

    HTTP Response

    302

    HTTP Request

    GET https://mc.yandex.com/watch/55550833/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Feacaf1dbbebd5e670d73124debbf04cd_JaffaCakes118.html&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3Ac4o2nplw0gn9nduetxpw3hlsrf%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1450%3Acn%3A1%3Adp%3A0%3Als%3A1123267023542%3Ahid%3A591476869%3Az%3A0%3Ai%3A20240919065053%3Aet%3A1726728654%3Ac%3A1%3Arn%3A15649667%3Au%3A1726728654645045755%3Aw%3A1263x609%3As%3A1280x720x24%3Ask%3A1%3Aj%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C0%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Ans%3A1726728641522%3Arqnl%3A1%3Ast%3A1726728654%3At%3AEuro%20Truck%20Simulator%202%20%C4%B0ndir%20-%20%28ETS%202%29%20v1.38.1.0s%20%2B%2072%20DLC%20%7C%20Program%20%C4%B0ndir%20cafe%20%7C%20Oyun%20%C4%B0ndir%20-%20Apk%20-%20Film%20indir&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%280%29cdl%28na%29eco%2821037568%29ti%282%29

    HTTP Response

    200

    HTTP Request

    GET https://mc.yandex.com/metrika/advert.gif

    HTTP Response

    200
  • 93.158.134.119:443
    mc.yandex.com
    tls
    IEXPLORE.EXE
    888 B
    4.1kB
    13
    13
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 72.52.179.174:443
    programindir.cafe
    IEXPLORE.EXE
    152 B
    120 B
    3
    3
  • 92.123.142.59:80
    http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
    http
    399 B
    1.7kB
    4
    4

    HTTP Request

    GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

    HTTP Response

    200
  • 95.100.245.144:80
    http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
    http
    393 B
    1.7kB
    4
    4

    HTTP Request

    GET http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

    HTTP Response

    200
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
    7.8kB
    9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
    7.8kB
    9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
    7.8kB
    9
    12
  • 8.8.8.8:53
    www.indirads.org
    dns
    IEXPLORE.EXE
    62 B
    92 B
    1
    1

    DNS Request

    www.indirads.org

    DNS Response

    193.36.61.68

  • 8.8.8.8:53
    programindir.cafe
    dns
    IEXPLORE.EXE
    63 B
    107 B
    1
    1

    DNS Request

    programindir.cafe

    DNS Response

    72.52.179.174

  • 8.8.8.8:53
    c.pki.goog
    dns
    IEXPLORE.EXE
    56 B
    107 B
    1
    1

    DNS Request

    c.pki.goog

    DNS Response

    142.250.200.35

  • 8.8.8.8:53
    c.pki.goog
    dns
    IEXPLORE.EXE
    56 B
    107 B
    1
    1

    DNS Request

    c.pki.goog

    DNS Response

    142.250.200.35

  • 8.8.8.8:53
    e5.o.lencr.org
    dns
    IEXPLORE.EXE
    60 B
    191 B
    1
    1

    DNS Request

    e5.o.lencr.org

    DNS Response

    88.221.134.137
    88.221.134.89
    88.221.134.91
    88.221.135.114

  • 8.8.8.8:53
    e5.o.lencr.org
    dns
    IEXPLORE.EXE
    60 B
    255 B
    1
    1

    DNS Request

    e5.o.lencr.org

    DNS Response

    88.221.134.129
    88.221.134.137
    88.221.135.97
    88.221.134.91
    88.221.135.105
    88.221.134.107
    88.221.135.106
    88.221.135.98

  • 8.8.8.8:53
    o.pki.goog
    dns
    IEXPLORE.EXE
    56 B
    107 B
    1
    1

    DNS Request

    o.pki.goog

    DNS Response

    142.250.200.35

  • 8.8.8.8:53
    o.pki.goog
    dns
    IEXPLORE.EXE
    56 B
    107 B
    1
    1

    DNS Request

    o.pki.goog

    DNS Response

    142.250.200.35

  • 8.8.8.8:53
    mc.yandex.ru
    dns
    IEXPLORE.EXE
    58 B
    122 B
    1
    1

    DNS Request

    mc.yandex.ru

    DNS Response

    87.250.251.119
    93.158.134.119
    87.250.250.119
    77.88.21.119

  • 8.8.8.8:53
    mc.yandex.com
    dns
    IEXPLORE.EXE
    59 B
    149 B
    1
    1

    DNS Request

    mc.yandex.com

    DNS Response

    93.158.134.119
    77.88.21.119
    87.250.250.119
    87.250.251.119

  • 8.8.8.8:53
    crl.microsoft.com
    dns
    63 B
    162 B
    1
    1

    DNS Request

    crl.microsoft.com

    DNS Response

    92.123.142.59
    92.123.143.234

  • 8.8.8.8:53
    www.microsoft.com
    dns
    iexplore.exe
    63 B
    230 B
    1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    95.100.245.144

  • 8.8.8.8:53
    www.microsoft.com
    dns
    iexplore.exe
    63 B
    230 B
    1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    95.100.245.144

  • 8.8.8.8:53
    www.microsoft.com
    dns
    iexplore.exe
    63 B
    230 B
    1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    95.100.245.144

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    30f2f2ae2c57d319d31d82050fde5ab4

    SHA1

    885653d46c42c563538642747c85d651ecb638e8

    SHA256

    f0a00b0488bd2c4cc97825decb0847f9721e6720ab59f1b050fd75f6dec90962

    SHA512

    bc838b9d6c931302fdc195dcc2c65e7b8356ad95bfbb704b84e4a72fa6ba8e7123ca211139e062fae9a72e11a9e3e702e5d7c41fd9ab4367191099ef3445b00f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0bf8f224f317c00f64a4e4f86f07ccfa

    SHA1

    8722c71ef96198d3c3dea82fbf56b48227546946

    SHA256

    1a646ef041eab0291948a3c490040dee9b1d76fab7cdd29a35eb3d1686ddab73

    SHA512

    f81136712a630dc336a7a881f1933324ce3833f848eabe0eaa8b1b7ffaf427ad7f0601c567be55c1162924177347f25ec475ff4811a79b1029c155a13aabc1f7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    03ea43a31ddcaa188719a5b6ef93182a

    SHA1

    4d41a82253b8b28a43669fb0f022268f42a13db6

    SHA256

    f63af6ca99419f097036661b9169e3f1195d85efc5b250d152077fc8e0af9f44

    SHA512

    d45dc37d7f08fa05f176fabe7c1c177a11042d3c72c17e8bb0524722b6f70db5c5095c7c7f332a797e8c39e537ff487a293cd6256fcb14ce70626a938936352b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a2733c29007b9f184eb8189e25a609ab

    SHA1

    058ec22bc5fa66601646cb817c637b507181efd3

    SHA256

    89ad91f0d65e805f77efeb14759d4eec4e0aab4e54b1b1b423cd448bd5d0fccf

    SHA512

    417951ebfb8ef3b17b9ba52d49abdd32bded75e81f16323bde12031af8fc7e43d8edce6376324957c1a937380b11d79c3ba44e27403a40292f06c1d6b2cdf070

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    77b9a2a3a0543ac4275001d5c7fd5e05

    SHA1

    7faf1405f47a35150e68ffdbb96c597a5587c729

    SHA256

    1f69d781446172bbe51acacebae1d6138a242695d99ecc909ff89dcd30ab9fc0

    SHA512

    772a849df0060ef32eac7db539a232e0a3c42254d7a650e5319717e1dd304cd911648e888e88bf26bbb395260e0561cf32b05309e20c36c19014ccc4d3be169e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a5bb26928b17ae11bdfa65cfbf795e15

    SHA1

    7024789bfb51aac79557c9bc457dacd15536620e

    SHA256

    7288d63893321d729652c1ecb789ec6c2c372ee0a80bfdcdba31582da4ba9355

    SHA512

    a9b9ac4c37ec5f632bb227f754aa5fa3c6cc958ec3adb2e7364187cdb01d7822403a06f3aab7c4f1c4e09e6609813e1069aa66b0ddac7ea29c72052575a24a51

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e7614b7d59069aae34a4e5b186874ce2

    SHA1

    e162479bee58ae3c327f8d60a7cb909666e0d336

    SHA256

    53b3857fda4b29ef72367d8f1b646c37d2d0d35511e1451af7e0e089f167309d

    SHA512

    58a334589c0b4ee1f7ac631167a970f741a61ac261fdb9b018b03415f63a051a69b3b3551156d7835f0f20ed0252ba9c14a21129ad71465dbbd8004950b622f8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    11e2ab6093691752cb341747e6db120f

    SHA1

    4fac80bc2a95e6ec20d83070b2bd3303a69f2393

    SHA256

    f7f7b88dee5e1354a847a600e71530d0fee237d3b383e94b67115c0981dae1ab

    SHA512

    035f31dd6538b43bb41eca3cbe3ecd0cb60057e532f13285b5223961ed44d583cd2f62c0d133b07aad6e1e62c3a5125abd3db28015c22eebc23c3e4ad0ab0d22

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0609778f4bbe327d0a46a396bfd1e49b

    SHA1

    7ab05f9246f980e9439685c435f87369632717f2

    SHA256

    771bd80502aa74ee2190bce44ad5944ae5537ef03221f445983e179a6de066cf

    SHA512

    d610cf722ce2ee07ad3130b32e03cea3e3e794817b11469929b339663323bdfae5e00dfd758ef47fd22a01913b656f9fb891f7ce7b12e274f3aef22dc11409f5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a7952d943de8b2cd4e41f7bc8c6a699e

    SHA1

    da2cbbb6196a9361034fe72700297b4c387ed3e2

    SHA256

    0ecaf4682534e2c35d3cf73ee7c189260407d8495fa8b44c0f5aa70fefe661ff

    SHA512

    d2db941838d5c208bd642fea0ad8ed6e179f051cce49f294db113720d52127bd630db782449f6c95dfe08948833562e953044af467cbd8624058ee9e2523140b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8ce07fcb12462cf097ffb8cca24fa513

    SHA1

    785671424139f0cad1b0f64f881c5096b01654ee

    SHA256

    9790fc54003b6dd263ecd0e9d51cce223522edffe554c901f06eb8069087f2f7

    SHA512

    e6db1c7884daf234b98a69ea7b753129645b930ee8e07d2ad0658c91ccb13a99f1348fc0cb471201175a043e3f6ef78242c837e667372bf7df4fe007e37dec23

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c388345916d5ec81c14b0e581536dd7d

    SHA1

    82175c4e8a799dfca7e359c7a6e843134648fd18

    SHA256

    d200f151a51da96de8468c06b74abf77d18c8a59b3fe1368d36c6d76570e6203

    SHA512

    dc3605120e1e1d9c1690ad9e4db11c5b179eb8053b93ac6e41b8a695bdc082da77e1796a26ffce0f01e20cd925e65f122b25f958a5ed044c150598c53876b8ff

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b10e92f9f218edb285400da3c6cf0712

    SHA1

    9185f7512c0a1e9574464fb848f81e90693e24ad

    SHA256

    0954c1fb0ca803e70fddc9fe865fb98ad6eced63d476955fa80fd913b88da758

    SHA512

    3e0684c8b2806b142aad40116959a656c8859e9e98d2b5fead9564f1608591a213d8e54aa56ff512f3ae31250880470f9647d5362535d6be97d01c71ef9cce5e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d01beb7a506052946af269a857fd6224

    SHA1

    352e03b6223ba00eb13fd66020db44f8e33241a5

    SHA256

    bdcdfb95107360a03785aec0f3e83c4dae8fa6efad8502e7b419afccbe4e17ac

    SHA512

    7526459896318d45872a30206c38898e3850e6435cc2266ca5fac2b88b84719ccf30c4ef69d23f8b881ed953acbdb2e29cb9365a71695d673fc3d8840759d001

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7fc22a4d6599f64b9e5fb5ba9b7cd4f2

    SHA1

    6f2e7ccf3ac2d72a2f9192c8e014f6a0174d93d1

    SHA256

    d13a64c1c018a49f5c329b9d626324dd18e6fc6a75b5a0ada75ccb6c7aec5e27

    SHA512

    938e9a9b743487bc1c19f56d024db719deb62ca9d7fe69d6f6aad4014f8032092a20c33302aa793b2d735fae8d3906ee6d39bc1caa5a0f54463d3006f9e93d51

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ab7cc7619835b8c623aa98bbf5a12ba1

    SHA1

    74b945a82183c4bad5ad881d49eaa326ed2081f2

    SHA256

    f7fc748357616e091ee18924e3e8e1aa69715c5ec96da12734e09775e082552b

    SHA512

    dddd1959f370d09f486944e12443afb1403ff1e455063d26c6c287f27373ba61eeb5b077f3e905a01c494b783bf3da765ffcbb213c1ea8e572e26c6f4068b10b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    93ff55bbbcdda9c6ae26bbe2693402d5

    SHA1

    8cf83b861d96b215a1484521e57eae46d3eebd9e

    SHA256

    31e58647e6fde43ee1bd17729f294b98364a4ead075a4adea1e3eeeb84433d73

    SHA512

    9c1845e4c0bdc95e5ed9994acd1072be2b24641d1dc0b067dfc5a69d9045d6b62b53ff7019aa6cad05d73d7271be957ff86521340ba53d4de13d9f50ab99b691

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    50aba8d3706aff6d429c8f1be3712bb4

    SHA1

    747f18abae9eac5f179cc5a56a7baabd01d2ddcf

    SHA256

    bb48943027ef12d10b8a64d65b54b8a8452e57046d8b3fe0e868fec923babb7b

    SHA512

    86eab79627d274b7eaedb826a411c21a48356fa4e9b0211cc19f9fe8cdc6dd2f38c81ed2fcedc973eb14a3f323813e74917e0abc42012c54efe38adfa908d7d8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    136d8087a149307b8e412000e4c9ce98

    SHA1

    82379579d5b5212f23df15cab41dbbba2c9e1406

    SHA256

    ad9835da670de010cf8ef967b97b105bd165276f49c48f11a8da2901d40d2d95

    SHA512

    c832016121ad55e73b619b773d737edd0856a9dbe8f02f7c4b1f4cef22d9dd377ee52b5a918ff81f685b5e3a1aa93383027f257c68fd0712811c4d1966e53e54

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ca3abe7dca49de906dc58e922b9b59cb

    SHA1

    f97dda9be3e14d0220523fbc469cd966d58903a0

    SHA256

    213f39296ac9adc56ec1d0fb6034145ef8a46a019cb6a8e1f4748c95c0b16b04

    SHA512

    56e1b36d923974659f660dbe3583e9a105af386ed5ae1f67a7fc4c024078e0f644339ee286f602235031206bf64268efeb8a1131ae95b94c4cc78b80e2b5918e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    58dbe3a823d3c36901badb28ba0af970

    SHA1

    f6ec57ac5da8ee30d39f2f59383f2c193d98e312

    SHA256

    ade54eef5b0e470b1a1fe9ce21f2c83606f34d3d23fde373ba80cd97b1f55b66

    SHA512

    0e58d1a1223b1aeb5f4f9002663c3636be2bb09a688b3cda589bf79dc190eaf16f98f7ff400230319271b019de98a3f15c3bd181694f00023ab5a50cd3c1621d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    67d55d519bf2ff07fccd7cbe48fdc169

    SHA1

    38b45b87d1812a2273262921173391d7e83021f6

    SHA256

    70a5d5195f087f49c19de1f0b72f761d3a74376c0ec3c9d394f7c8e89987332c

    SHA512

    3cce0ffaf92bca85b9dc54c3d90e6cc5a57b0f4b9977df9869917a01a632c4b014d9aeda95dc9b03a84d40208d3035fbeb835d5c568bfd2b6f42b28b66ae5028

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    3c33733650ff135c0ea9d7bb866b812a

    SHA1

    7097725b1824e737a9210498697c5fac9538ff20

    SHA256

    1060a57802880743a3f82877e8e5ad7a0396e6a94f870866c06fc54f8f6d09e5

    SHA512

    3dd60dc7418fd447efd3cb115de5e620f6e576c5e5eb5a6ef3ed9970476b4172f8a5a33bf839d5dcf420462fa32f3fb2d912a481628f15155b82d366df6d4d5b

  • C:\Users\Admin\AppData\Local\Temp\Cab5BB9.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar5BBA.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.