68d2881d7c509490a86e209e2606d9c9680a5306630f3447f94b3f8a51d60d2e

Analysis

max time kernel
143s
max time network
143s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 05:22 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38980078da46e04666b556ee3abe9a22_JaffaCakes118.html
Size

71KB
MD5

38980078da46e04666b556ee3abe9a22
SHA1

91cd24e3154cd46f738c72e9dc62687fcc3cd124
SHA256

68d2881d7c509490a86e209e2606d9c9680a5306630f3447f94b3f8a51d60d2e
SHA512

2a8e85a1b2a760662ce6d30017f4d4a0470da06ee7d9ffad1ee345ce0ab8f024fcab163cf5ed459a78282c865741823acf7704f84225b33c3bf4d0a2c05ee913
SSDEEP

768:SW0hqGbIiP//mdvsYSgLj/DVWmTMYq8Dfr7Vq3t40MSxjfLD+PHgkyMrj3DZ+/Vu:SIIk//tnwO8Jmhucn

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d907000000000200000000001066000000010000200000008d4f6979c72bb89a2b57e32426efb5d6d5586842b08cb1d605c07570eaa495e9000000000e8000000002000020000000420ae61787a34cd0702e867953eb675cf7b09832d3bb17166245842d83199dcf900000001432274d07e945907582bed96df7d834b0aa840b33547503bff50a0117071cf099106ed3b6678da55809e2d848f398390577c4cc4877c4ec1242e77264cfd40c7eebe16b915ccfc3f4a8d8266aed803421ac87f0d16710262773cadec6c623837d052aa97f85c8a2ea8eeff9d097264682aa5739d5b723cd3933e5cacf310ba76cc657fb5bc5314cb9373b29f7bc058b4000000001b7126134a8f6f5d6ebb70e12a1b7fd9da891822a2db3db02f178d6db58fd97257e67e35a7722df0be04942f8cb0bd0ecf2f9e08416ed4ce07f906da3a391dc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0AE71FC1-885A-11EF-BB15-5A85C185DB3E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434872445"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d907000000000200000000001066000000010000200000007d24fbc8ad1a23d58016ab395877cdb8f23ad81899e5ecc85bbd888badf7294c000000000e80000000020000200000006e1cd51eb24366cb278cc0480108bf75816c9d32738bfcf4a75bd6922024269c2000000098ab517a95f77e6c19b27425a4ddc5c8d7a0c37d8215b6e666ae4e75df45f75a4000000069468a1b9fa753baf1c90f0cd2a734340765db91fd872a59cbe66e2329d86ad3bdbaa02df0e18d4a301264647f29a7f05360d7e340726e6a40e9c0f958c1acda	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0af66f9661cdb01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2668	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2668	iexplore.exe
2668	iexplore.exe
2684	IEXPLORE.EXE
2684	IEXPLORE.EXE
2684	IEXPLORE.EXE
2684	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 2684	2668	iexplore.exe	30
PID 2668 wrote to memory of 2684	2668	iexplore.exe	30
PID 2668 wrote to memory of 2684	2668	iexplore.exe	30
PID 2668 wrote to memory of 2684	2668	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\38980078da46e04666b556ee3abe9a22_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2684

Network

DNS

roundassmounds.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

roundassmounds.com

IN A

Response
DNS

tracker.icerocket.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

tracker.icerocket.com

IN A

Response

tracker.icerocket.com

IN CNAME

www.icerocket.com

www.icerocket.com

IN CNAME

icerocket.com

icerocket.com

IN A

209.191.189.249
DNS

teensoftheweb.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

teensoftheweb.com

IN A

Response
GET

http://www.google-analytics.com/ga.js

IEXPLORE.EXE

Remote address:

142.250.178.14:80

Request

GET /ga.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google-analytics.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:215:0
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting
Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:215:0"}],}
Date: Sat, 12 Oct 2024 03:37:45 GMT
Expires: Sat, 12 Oct 2024 05:37:45 GMT
Cache-Control: public, max-age=7200
Age: 6315
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
DNS

ccfelomvhk.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ccfelomvhk.com

IN A

Response

ccfelomvhk.com

IN A

103.224.182.217
GET

http://ccfelomvhk.com/dl/adv542.php

IEXPLORE.EXE

Remote address:

103.224.182.217:80

Request

GET /dl/adv542.php HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ccfelomvhk.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

date: Sat, 12 Oct 2024 05:23:43 GMT
server: Apache
set-cookie: __tad=1728710623.1507201; expires=Tue, 10-Oct-2034 05:23:43 GMT; Max-Age=315360000
location: http://ww16.ccfelomvhk.com/dl/adv542.php?sub1=20241012-1623-43c7-a389-a8997aeb61ce
content-length: 2
content-type: text/html; charset=UTF-8
connection: close
GET

http://ccfelomvhk.com/dl/adv542.php

IEXPLORE.EXE

Remote address:

103.224.182.217:80

Request

GET /dl/adv542.php HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ccfelomvhk.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

date: Sat, 12 Oct 2024 05:23:43 GMT
server: Apache
set-cookie: __tad=1728710623.3962598; expires=Tue, 10-Oct-2034 05:23:43 GMT; Max-Age=315360000
location: http://ww16.ccfelomvhk.com/dl/adv542.php?sub1=20241012-1623-43e9-bd55-f1f414d1e24a
content-length: 2
content-type: text/html; charset=UTF-8
connection: close
DNS

ww16.ccfelomvhk.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ww16.ccfelomvhk.com

IN A

Response

ww16.ccfelomvhk.com

IN CNAME

www.sedoparking.com

www.sedoparking.com

IN A

64.190.63.136
GET

http://ww16.ccfelomvhk.com/dl/adv542.php?sub1=20241012-1623-43e9-bd55-f1f414d1e24a

IEXPLORE.EXE

Remote address:

64.190.63.136:80

Request

GET /dl/adv542.php?sub1=20241012-1623-43e9-bd55-f1f414d1e24a HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ww16.ccfelomvhk.com
Connection: Keep-Alive
Cookie: __tad=1728710623.3962598

Response

HTTP/1.1 200 OK

date: Sat, 12 Oct 2024 05:23:43 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_ut2DuER+gXOY2CHoWI4bCxgA/UQUmzt9pxjM618eEndTVM6gs26/hOsn8rJ3RaStH/vL57FxfowPr9DvhGWMxQ==
last-modified: Sat, 12 Oct 2024 05:23:43 GMT
x-cache-miss-from: parking-84cb7b8874-n2jdh
server: Parking/1.0
content-encoding: gzip
GET

http://ww16.ccfelomvhk.com/search/tsc.php?ses=ogcAk5ED7VKYd9upREHmmrx49Hn_pUPNohCAHYxOJ_bkCnZ2HWIJzb5DCtJLLnbaYkg8YLU3NrHqrpkMrC9dm7YLTm5Du_96og4ZZrD35YyHPi9h4F4SObpIaQSwWAz3wCZRc05AhMzQTro7y_Hhyrf9o6BW1UYprNCj0GXYmIIyHMFuhJy74WEiD8Kpz78aGMZ7jWG9L6WAIKo234X2_LyEcbf5fEKy9FbqshH1R9gmHY-71dWLXjkjMmuvhA0RjkV-Peof2IU0Sode98XGG84AJoO3NFrJmRqxENQhG_0ObrZJLSIkQkyFxj9uTqGWYibHa08O-HDPOBcIZojVQqWOUF16EmGOSv4rYxG9DWfXnodSPFkBSkmCk5KAaA&cv=2

IEXPLORE.EXE

Remote address:

64.190.63.136:80

Request

GET /search/tsc.php?ses=ogcAk5ED7VKYd9upREHmmrx49Hn_pUPNohCAHYxOJ_bkCnZ2HWIJzb5DCtJLLnbaYkg8YLU3NrHqrpkMrC9dm7YLTm5Du_96og4ZZrD35YyHPi9h4F4SObpIaQSwWAz3wCZRc05AhMzQTro7y_Hhyrf9o6BW1UYprNCj0GXYmIIyHMFuhJy74WEiD8Kpz78aGMZ7jWG9L6WAIKo234X2_LyEcbf5fEKy9FbqshH1R9gmHY-71dWLXjkjMmuvhA0RjkV-Peof2IU0Sode98XGG84AJoO3NFrJmRqxENQhG_0ObrZJLSIkQkyFxj9uTqGWYibHa08O-HDPOBcIZojVQqWOUF16EmGOSv4rYxG9DWfXnodSPFkBSkmCk5KAaA&cv=2 HTTP/1.1
Accept: */*
Referer: http://ww16.ccfelomvhk.com/dl/adv542.php?sub1=20241012-1623-43c7-a389-a8997aeb61ce
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: ww16.ccfelomvhk.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

date: Sat, 12 Oct 2024 05:23:43 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-cache-miss-from: parking-84cb7b8874-g4btw
server: Parking/1.0
GET

http://ww16.ccfelomvhk.com/dl/adv542.php?sub1=20241012-1623-43c7-a389-a8997aeb61ce

IEXPLORE.EXE

Remote address:

64.190.63.136:80

Request

GET /dl/adv542.php?sub1=20241012-1623-43c7-a389-a8997aeb61ce HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ww16.ccfelomvhk.com
Connection: Keep-Alive
Cookie: __tad=1728710623.1507201

Response

HTTP/1.1 200 OK

date: Sat, 12 Oct 2024 05:23:43 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_JeIG9fmJ9TFuU8bUJvTxUZYZXWPWf6lMcAEDdvc5hB8UlQ9Cxyvh4q8iVrhs8fYFv8+VBZmN2jZTlSmZ2sx5BA==
last-modified: Sat, 12 Oct 2024 05:23:43 GMT
x-cache-miss-from: parking-84cb7b8874-cmgx5
server: Parking/1.0
content-encoding: gzip
GET

http://ww16.ccfelomvhk.com/search/tsc.php?ses=ogcAKjbzKod8gJ8oUmgi0Hs1AKi-lcnCmzKGvyz3wCcIn9wluormZZXKJCd5UsFJP_8Tf-41jeURzodQfWKooeAlT1poDKk_JlLifiuy4UYpVdU2OhVKB4TejEgRjxxuUNGwwrMY53v0b84B1tMi2wgQvI6nf1vERkB6OzMNZ7XB1O0zLhkOjU8Toris6AiQOnKXB5-Ftbh6YLkH5Bz42TBmq3pcQaVwB99SwuP_Me8Ab-mgwRMLX4CiUWMrQcf2FYLFEjKI8km9xf9UgWIFjz1hZO5snhzMIO-SMwNcfpVyqNuBYehRlQbnvQelMvrdtW6GPJhkKT-8nbBBS25T53hGrCo8MYkRvHtgP_lLLj2ccWQUdJcHWUCgykVxG8&cv=2

IEXPLORE.EXE

Remote address:

64.190.63.136:80

Request

GET /search/tsc.php?ses=ogcAKjbzKod8gJ8oUmgi0Hs1AKi-lcnCmzKGvyz3wCcIn9wluormZZXKJCd5UsFJP_8Tf-41jeURzodQfWKooeAlT1poDKk_JlLifiuy4UYpVdU2OhVKB4TejEgRjxxuUNGwwrMY53v0b84B1tMi2wgQvI6nf1vERkB6OzMNZ7XB1O0zLhkOjU8Toris6AiQOnKXB5-Ftbh6YLkH5Bz42TBmq3pcQaVwB99SwuP_Me8Ab-mgwRMLX4CiUWMrQcf2FYLFEjKI8km9xf9UgWIFjz1hZO5snhzMIO-SMwNcfpVyqNuBYehRlQbnvQelMvrdtW6GPJhkKT-8nbBBS25T53hGrCo8MYkRvHtgP_lLLj2ccWQUdJcHWUCgykVxG8&cv=2 HTTP/1.1
Accept: */*
Referer: http://ww16.ccfelomvhk.com/dl/adv542.php?sub1=20241012-1623-43e9-bd55-f1f414d1e24a
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: ww16.ccfelomvhk.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

date: Sat, 12 Oct 2024 05:23:44 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-cache-miss-from: parking-84cb7b8874-4d5w4
server: Parking/1.0
DNS

www.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.200.36
GET

http://www.google.com/adsense/domains/caf.js?abp=1&YEr3CiF6AuQqLspNobyal3ji0SyqxBLn=true

IEXPLORE.EXE

Remote address:

142.250.200.36:80

Request

GET /adsense/domains/caf.js?abp=1&YEr3CiF6AuQqLspNobyal3ji0SyqxBLn=true HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://ww16.ccfelomvhk.com/dl/adv542.php?sub1=20241012-1623-43c7-a389-a8997aeb61ce
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sat, 12 Oct 2024 05:23:43 GMT
Expires: Sat, 12 Oct 2024 05:23:43 GMT
Cache-Control: private, max-age=3600
ETag: "774190084208534375"
X-Content-Type-Options: nosniff
Link: <https://syndicatedsearch.goog>; rel="preconnect"
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
DNS

partner.googleadservices.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

partner.googleadservices.com

IN A

Response

partner.googleadservices.com

IN A

216.58.201.98
DNS

syndicatedsearch.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

syndicatedsearch.goog

IN A

Response

syndicatedsearch.goog

IN A

142.250.187.238
GET

https://syndicatedsearch.goog/afs/ads?adsafe=low&adtest=off&psid=7446205343&channel=cl-107%2Cexp-0014%2Cexp-0051%2Cauxa-control-1%2C13262&client=dp-sedo85_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww16.ccfelomvhk.com%2Fcaf%2F%3Fses%3DY3JlPTE3Mjg3MTA2MjMmdGNpZD13dzE2LmNjZmVsb212aGsuY29tNjcwYTA3ZGZhZTZhNTkuOTk0NDMwMzYmdGFzaz1zZWFyY2gmZG9tYWluPWNjZmVsb212aGsuY29tJmFfaWQ9MyZzZXNzaW9uPWdhZ1JwSGE3ZjE5c2ZVaFR1YUdY&type=3&uiopt=false&swp=as-drid-2976593320017976&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301511%2C17301516%2C17301520%2C17301542%2C17301266%2C72717108&format=r3%7Cs&nocache=1271728710622741&num=0&output=afd_ads&domain_name=ww16.ccfelomvhk.com&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1728710622742&u_w=1280&u_h=720&biw=-12245933&bih=-12245933&isw=0&ish=-16&psw=0&psh=1562&frm=2&uio=--&cont=rb-default&drt=0&jsid=caf&jsv=683617201&rurl=http%3A%2F%2Fww16.ccfelomvhk.com%2Fdl%2Fadv542.php%3Fsub1%3D20241012-1623-43c7-a389-a8997aeb61ce

IEXPLORE.EXE

Remote address:

142.250.187.238:443

Request

GET /afs/ads?adsafe=low&adtest=off&psid=7446205343&channel=cl-107%2Cexp-0014%2Cexp-0051%2Cauxa-control-1%2C13262&client=dp-sedo85_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww16.ccfelomvhk.com%2Fcaf%2F%3Fses%3DY3JlPTE3Mjg3MTA2MjMmdGNpZD13dzE2LmNjZmVsb212aGsuY29tNjcwYTA3ZGZhZTZhNTkuOTk0NDMwMzYmdGFzaz1zZWFyY2gmZG9tYWluPWNjZmVsb212aGsuY29tJmFfaWQ9MyZzZXNzaW9uPWdhZ1JwSGE3ZjE5c2ZVaFR1YUdY&type=3&uiopt=false&swp=as-drid-2976593320017976&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301511%2C17301516%2C17301520%2C17301542%2C17301266%2C72717108&format=r3%7Cs&nocache=1271728710622741&num=0&output=afd_ads&domain_name=ww16.ccfelomvhk.com&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1728710622742&u_w=1280&u_h=720&biw=-12245933&bih=-12245933&isw=0&ish=-16&psw=0&psh=1562&frm=2&uio=--&cont=rb-default&drt=0&jsid=caf&jsv=683617201&rurl=http%3A%2F%2Fww16.ccfelomvhk.com%2Fdl%2Fadv542.php%3Fsub1%3D20241012-1623-43c7-a389-a8997aeb61ce HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://ww16.ccfelomvhk.com/dl/adv542.php?sub1=20241012-1623-43c7-a389-a8997aeb61ce
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: syndicatedsearch.goog
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8
Content-Disposition: inline
Date: Sat, 12 Oct 2024 05:23:44 GMT
Expires: Sat, 12 Oct 2024 05:23:44 GMT
Cache-Control: private, max-age=3600
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-TKUiXyrSXywGMbYGVlOyIQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
Content-Encoding: gzip
Server: gws
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://syndicatedsearch.goog/afs/ads/i/iframe.html

IEXPLORE.EXE

Remote address:

142.250.187.238:443

Request

GET /afs/ads/i/iframe.html HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://ww16.ccfelomvhk.com/dl/adv542.php?sub1=20241012-1623-43c7-a389-a8997aeb61ce
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: syndicatedsearch.goog
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/html
Content-Security-Policy: script-src 'nonce-lpV2VQp16WQLc0GsfmMXlw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sat, 12 Oct 2024 05:23:44 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Tue, 17 Sep 2024 06:00:00 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://partner.googleadservices.com/gampad/cookie.js?domain=ww16.ccfelomvhk.com&client=dp-sedo85_3ph&product=SAS&callback=__sasCookie&cookie_types=v1%2Cv2

IEXPLORE.EXE

Remote address:

216.58.201.98:443

Request

GET /gampad/cookie.js?domain=ww16.ccfelomvhk.com&client=dp-sedo85_3ph&product=SAS&callback=__sasCookie&cookie_types=v1%2Cv2 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://ww16.ccfelomvhk.com/dl/adv542.php?sub1=20241012-1623-43c7-a389-a8997aeb61ce
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: partner.googleadservices.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/javascript; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Sat, 12 Oct 2024 05:23:44 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://syndicatedsearch.goog/afs/ads/i/iframe.html

IEXPLORE.EXE

Remote address:

142.250.187.238:443

Request

GET /afs/ads/i/iframe.html HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://ww16.ccfelomvhk.com/dl/adv542.php?sub1=20241012-1623-43e9-bd55-f1f414d1e24a
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: syndicatedsearch.goog
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/html
Content-Security-Policy: script-src 'nonce-Njd2NJqh9tja8HB5h1xSNQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sat, 12 Oct 2024 05:23:44 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Tue, 17 Sep 2024 06:00:00 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://syndicatedsearch.goog/adsense/domains/caf.js

IEXPLORE.EXE

Remote address:

142.250.187.238:443

Request

GET /adsense/domains/caf.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://syndicatedsearch.goog/afs/ads?adsafe=low&adtest=off&psid=7446205343&channel=cl-107%2Cexp-0014%2Cexp-0051%2Cauxa-control-1%2C13262&client=dp-sedo85_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww16.ccfelomvhk.com%2Fcaf%2F%3Fses%3DY3JlPTE3Mjg3MTA2MjMmdGNpZD13dzE2LmNjZmVsb212aGsuY29tNjcwYTA3ZGZhZTZhNTkuOTk0NDMwMzYmdGFzaz1zZWFyY2gmZG9tYWluPWNjZmVsb212aGsuY29tJmFfaWQ9MyZzZXNzaW9uPWdhZ1JwSGE3ZjE5c2ZVaFR1YUdY&type=3&uiopt=false&swp=as-drid-2976593320017976&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301511%2C17301516%2C17301520%2C17301542%2C17301266%2C72717108&format=r3%7Cs&nocache=1271728710622741&num=0&output=afd_ads&domain_name=ww16.ccfelomvhk.com&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1728710622742&u_w=1280&u_h=720&biw=-12245933&bih=-12245933&isw=0&ish=-16&psw=0&psh=1562&frm=2&uio=--&cont=rb-default&drt=0&jsid=caf&jsv=683617201&rurl=http%3A%2F%2Fww16.ccfelomvhk.com%2Fdl%2Fadv542.php%3Fsub1%3D20241012-1623-43c7-a389-a8997aeb61ce
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: syndicatedsearch.goog
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sat, 12 Oct 2024 05:23:44 GMT
Expires: Sat, 12 Oct 2024 05:23:44 GMT
Cache-Control: private, max-age=3600
ETag: "448379965871742668"
X-Content-Type-Options: nosniff
Link: <https://syndicatedsearch.goog>; rel="preconnect"
Content-Encoding: gzip
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://syndicatedsearch.goog/afs/ads?adsafe=low&adtest=off&psid=7446205343&channel=cl-107%2Cexp-0014%2Cexp-0051%2Cauxa-control-1%2C13262&client=dp-sedo85_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww16.ccfelomvhk.com%2Fcaf%2F%3Fses%3DY3JlPTE3Mjg3MTA2MjMmdGNpZD13dzE2LmNjZmVsb212aGsuY29tNjcwYTA3ZGZhZWMxNTIuNzg4NzIyMDMmdGFzaz1zZWFyY2gmZG9tYWluPWNjZmVsb212aGsuY29tJmFfaWQ9MyZzZXNzaW9uPWdhZ1JwSGE3ZjE5c2ZVaFR1YUdY&type=3&uiopt=false&swp=as-drid-2976593320017976&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301511%2C17301516%2C17301520%2C17301542%2C17301266%2C72717107&format=r3%7Cs&nocache=4301728710622781&num=0&output=afd_ads&domain_name=ww16.ccfelomvhk.com&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1728710622787&u_w=1280&u_h=720&biw=-12245933&bih=-12245933&isw=0&ish=-16&psw=0&psh=1562&frm=2&uio=--&cont=rb-default&drt=0&jsid=caf&jsv=683617201&rurl=http%3A%2F%2Fww16.ccfelomvhk.com%2Fdl%2Fadv542.php%3Fsub1%3D20241012-1623-43e9-bd55-f1f414d1e24a

IEXPLORE.EXE

Remote address:

142.250.187.238:443

Request

GET /afs/ads?adsafe=low&adtest=off&psid=7446205343&channel=cl-107%2Cexp-0014%2Cexp-0051%2Cauxa-control-1%2C13262&client=dp-sedo85_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww16.ccfelomvhk.com%2Fcaf%2F%3Fses%3DY3JlPTE3Mjg3MTA2MjMmdGNpZD13dzE2LmNjZmVsb212aGsuY29tNjcwYTA3ZGZhZWMxNTIuNzg4NzIyMDMmdGFzaz1zZWFyY2gmZG9tYWluPWNjZmVsb212aGsuY29tJmFfaWQ9MyZzZXNzaW9uPWdhZ1JwSGE3ZjE5c2ZVaFR1YUdY&type=3&uiopt=false&swp=as-drid-2976593320017976&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301511%2C17301516%2C17301520%2C17301542%2C17301266%2C72717107&format=r3%7Cs&nocache=4301728710622781&num=0&output=afd_ads&domain_name=ww16.ccfelomvhk.com&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1728710622787&u_w=1280&u_h=720&biw=-12245933&bih=-12245933&isw=0&ish=-16&psw=0&psh=1562&frm=2&uio=--&cont=rb-default&drt=0&jsid=caf&jsv=683617201&rurl=http%3A%2F%2Fww16.ccfelomvhk.com%2Fdl%2Fadv542.php%3Fsub1%3D20241012-1623-43e9-bd55-f1f414d1e24a HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://ww16.ccfelomvhk.com/dl/adv542.php?sub1=20241012-1623-43e9-bd55-f1f414d1e24a
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: syndicatedsearch.goog
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8
Content-Disposition: inline
Date: Sat, 12 Oct 2024 05:23:44 GMT
Expires: Sat, 12 Oct 2024 05:23:44 GMT
Cache-Control: private, max-age=3600
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-ETfCfcYN078P3yGPnIPBMQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
Content-Encoding: gzip
Server: gws
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 12 Oct 2024 05:11:47 GMT
Expires: Sat, 12 Oct 2024 06:01:47 GMT
Cache-Control: public, max-age=3000
Age: 717
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 12 Oct 2024 05:11:47 GMT
Expires: Sat, 12 Oct 2024 06:01:47 GMT
Cache-Control: public, max-age=3000
Age: 717
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 12 Oct 2024 05:11:47 GMT
Expires: Sat, 12 Oct 2024 06:01:47 GMT
Cache-Control: public, max-age=3000
Age: 717
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 12 Oct 2024 05:11:47 GMT
Expires: Sat, 12 Oct 2024 06:01:47 GMT
Cache-Control: public, max-age=3000
Age: 717
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 12 Oct 2024 05:11:47 GMT
Expires: Sat, 12 Oct 2024 06:01:47 GMT
Cache-Control: public, max-age=3000
Age: 717
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 12 Oct 2024 05:11:47 GMT
Expires: Sat, 12 Oct 2024 06:01:47 GMT
Cache-Control: public, max-age=3000
Age: 717
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCKUk6RKrjxXQrDJnCgBbXs

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCKUk6RKrjxXQrDJnCgBbXs HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 12 Oct 2024 05:10:50 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 774
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCCR5C%2BtAok7AqFTjnELtHc

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCCR5C%2BtAok7AqFTjnELtHc HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 12 Oct 2024 04:46:02 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2262
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCKUk6RKrjxXQrDJnCgBbXs

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCKUk6RKrjxXQrDJnCgBbXs HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 12 Oct 2024 05:10:50 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 774
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCCR5C%2BtAok7AqFTjnELtHc

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCCR5C%2BtAok7AqFTjnELtHc HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 12 Oct 2024 04:46:02 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2262
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCCR5C%2BtAok7AqFTjnELtHc

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCCR5C%2BtAok7AqFTjnELtHc HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 12 Oct 2024 04:46:02 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2262
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCCR5C%2BtAok7AqFTjnELtHc

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCCR5C%2BtAok7AqFTjnELtHc HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 12 Oct 2024 04:46:02 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2262
DNS

crl.microsoft.com

Remote address:

8.8.8.8:53

Request

crl.microsoft.com

IN A

Response

crl.microsoft.com

IN CNAME

crl.www.ms.akadns.net

crl.www.ms.akadns.net

IN CNAME

a1363.dscg.akamai.net

a1363.dscg.akamai.net

IN A

2.19.117.18

a1363.dscg.akamai.net

IN A

2.19.117.22
GET

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

Remote address:

2.19.117.18:80

Request

GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 11 Jul 2024 01:45:51 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

Response

HTTP/1.1 200 OK

Content-Length: 1036
Content-Type: application/octet-stream
Content-MD5: 8M9bF5Tsp81z+cAg2quO8g==
Last-Modified: Thu, 26 Sep 2024 02:21:11 GMT
ETag: 0x8DCDDD1E3AF2C76
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b28c4ea1-d01e-0016-0ebc-0fa13d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 12 Oct 2024 05:24:14 GMT
Connection: keep-alive

209.191.189.249:80

tracker.icerocket.com

IEXPLORE.EXE

152 B
3
209.191.189.249:80

tracker.icerocket.com

IEXPLORE.EXE

152 B
3
142.250.178.14:80

http://www.google-analytics.com/ga.js

http

IEXPLORE.EXE

858 B
18.7kB
13
17

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
142.250.178.14:80

www.google-analytics.com

IEXPLORE.EXE

190 B
92 B
4
2
209.191.189.249:80

tracker.icerocket.com

IEXPLORE.EXE

152 B
3
209.191.189.249:80

tracker.icerocket.com

IEXPLORE.EXE

152 B
3
103.224.182.217:80

http://ccfelomvhk.com/dl/adv542.php

http

IEXPLORE.EXE

492 B
517 B
5
4

HTTP Request

GET http://ccfelomvhk.com/dl/adv542.php

HTTP Response

302
103.224.182.217:80

http://ccfelomvhk.com/dl/adv542.php

http

IEXPLORE.EXE

492 B
517 B
5
4

HTTP Request

GET http://ccfelomvhk.com/dl/adv542.php

HTTP Response

302
64.190.63.136:80

http://ww16.ccfelomvhk.com/search/tsc.php?ses=ogcAk5ED7VKYd9upREHmmrx49Hn_pUPNohCAHYxOJ_bkCnZ2HWIJzb5DCtJLLnbaYkg8YLU3NrHqrpkMrC9dm7YLTm5Du_96og4ZZrD35YyHPi9h4F4SObpIaQSwWAz3wCZRc05AhMzQTro7y_Hhyrf9o6BW1UYprNCj0GXYmIIyHMFuhJy74WEiD8Kpz78aGMZ7jWG9L6WAIKo234X2_LyEcbf5fEKy9FbqshH1R9gmHY-71dWLXjkjMmuvhA0RjkV-Peof2IU0Sode98XGG84AJoO3NFrJmRqxENQhG_0ObrZJLSIkQkyFxj9uTqGWYibHa08O-HDPOBcIZojVQqWOUF16EmGOSv4rYxG9DWfXnodSPFkBSkmCk5KAaA&cv=2

http

IEXPLORE.EXE

1.8kB
9.5kB
16
10

HTTP Request

GET http://ww16.ccfelomvhk.com/dl/adv542.php?sub1=20241012-1623-43e9-bd55-f1f414d1e24a

HTTP Response

200

HTTP Request

GET http://ww16.ccfelomvhk.com/search/tsc.php?ses=ogcAk5ED7VKYd9upREHmmrx49Hn_pUPNohCAHYxOJ_bkCnZ2HWIJzb5DCtJLLnbaYkg8YLU3NrHqrpkMrC9dm7YLTm5Du_96og4ZZrD35YyHPi9h4F4SObpIaQSwWAz3wCZRc05AhMzQTro7y_Hhyrf9o6BW1UYprNCj0GXYmIIyHMFuhJy74WEiD8Kpz78aGMZ7jWG9L6WAIKo234X2_LyEcbf5fEKy9FbqshH1R9gmHY-71dWLXjkjMmuvhA0RjkV-Peof2IU0Sode98XGG84AJoO3NFrJmRqxENQhG_0ObrZJLSIkQkyFxj9uTqGWYibHa08O-HDPOBcIZojVQqWOUF16EmGOSv4rYxG9DWfXnodSPFkBSkmCk5KAaA&cv=2

HTTP Response

200
64.190.63.136:80

http://ww16.ccfelomvhk.com/search/tsc.php?ses=ogcAKjbzKod8gJ8oUmgi0Hs1AKi-lcnCmzKGvyz3wCcIn9wluormZZXKJCd5UsFJP_8Tf-41jeURzodQfWKooeAlT1poDKk_JlLifiuy4UYpVdU2OhVKB4TejEgRjxxuUNGwwrMY53v0b84B1tMi2wgQvI6nf1vERkB6OzMNZ7XB1O0zLhkOjU8Toris6AiQOnKXB5-Ftbh6YLkH5Bz42TBmq3pcQaVwB99SwuP_Me8Ab-mgwRMLX4CiUWMrQcf2FYLFEjKI8km9xf9UgWIFjz1hZO5snhzMIO-SMwNcfpVyqNuBYehRlQbnvQelMvrdtW6GPJhkKT-8nbBBS25T53hGrCo8MYkRvHtgP_lLLj2ccWQUdJcHWUCgykVxG8&cv=2

http

IEXPLORE.EXE

1.8kB
9.6kB
17
11

HTTP Request

GET http://ww16.ccfelomvhk.com/dl/adv542.php?sub1=20241012-1623-43c7-a389-a8997aeb61ce

HTTP Response

200

HTTP Request

GET http://ww16.ccfelomvhk.com/search/tsc.php?ses=ogcAKjbzKod8gJ8oUmgi0Hs1AKi-lcnCmzKGvyz3wCcIn9wluormZZXKJCd5UsFJP_8Tf-41jeURzodQfWKooeAlT1poDKk_JlLifiuy4UYpVdU2OhVKB4TejEgRjxxuUNGwwrMY53v0b84B1tMi2wgQvI6nf1vERkB6OzMNZ7XB1O0zLhkOjU8Toris6AiQOnKXB5-Ftbh6YLkH5Bz42TBmq3pcQaVwB99SwuP_Me8Ab-mgwRMLX4CiUWMrQcf2FYLFEjKI8km9xf9UgWIFjz1hZO5snhzMIO-SMwNcfpVyqNuBYehRlQbnvQelMvrdtW6GPJhkKT-8nbBBS25T53hGrCo8MYkRvHtgP_lLLj2ccWQUdJcHWUCgykVxG8&cv=2

HTTP Response

200
142.250.200.36:80

http://www.google.com/adsense/domains/caf.js?abp=1&YEr3CiF6AuQqLspNobyal3ji0SyqxBLn=true

http

IEXPLORE.EXE

1.7kB
58.1kB
28
46

HTTP Request

GET http://www.google.com/adsense/domains/caf.js?abp=1&YEr3CiF6AuQqLspNobyal3ji0SyqxBLn=true

HTTP Response

200
142.250.200.36:80

www.google.com

IEXPLORE.EXE

190 B
92 B
4
2
142.250.187.238:443

https://syndicatedsearch.goog/afs/ads?adsafe=low&adtest=off&psid=7446205343&channel=cl-107%2Cexp-0014%2Cexp-0051%2Cauxa-control-1%2C13262&client=dp-sedo85_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww16.ccfelomvhk.com%2Fcaf%2F%3Fses%3DY3JlPTE3Mjg3MTA2MjMmdGNpZD13dzE2LmNjZmVsb212aGsuY29tNjcwYTA3ZGZhZTZhNTkuOTk0NDMwMzYmdGFzaz1zZWFyY2gmZG9tYWluPWNjZmVsb212aGsuY29tJmFfaWQ9MyZzZXNzaW9uPWdhZ1JwSGE3ZjE5c2ZVaFR1YUdY&type=3&uiopt=false&swp=as-drid-2976593320017976&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301511%2C17301516%2C17301520%2C17301542%2C17301266%2C72717108&format=r3%7Cs&nocache=1271728710622741&num=0&output=afd_ads&domain_name=ww16.ccfelomvhk.com&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1728710622742&u_w=1280&u_h=720&biw=-12245933&bih=-12245933&isw=0&ish=-16&psw=0&psh=1562&frm=2&uio=--&cont=rb-default&drt=0&jsid=caf&jsv=683617201&rurl=http%3A%2F%2Fww16.ccfelomvhk.com%2Fdl%2Fadv542.php%3Fsub1%3D20241012-1623-43c7-a389-a8997aeb61ce

tls, http

IEXPLORE.EXE

2.1kB
5.8kB
11
11

HTTP Request

GET https://syndicatedsearch.goog/afs/ads?adsafe=low&adtest=off&psid=7446205343&channel=cl-107%2Cexp-0014%2Cexp-0051%2Cauxa-control-1%2C13262&client=dp-sedo85_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww16.ccfelomvhk.com%2Fcaf%2F%3Fses%3DY3JlPTE3Mjg3MTA2MjMmdGNpZD13dzE2LmNjZmVsb212aGsuY29tNjcwYTA3ZGZhZTZhNTkuOTk0NDMwMzYmdGFzaz1zZWFyY2gmZG9tYWluPWNjZmVsb212aGsuY29tJmFfaWQ9MyZzZXNzaW9uPWdhZ1JwSGE3ZjE5c2ZVaFR1YUdY&type=3&uiopt=false&swp=as-drid-2976593320017976&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301511%2C17301516%2C17301520%2C17301542%2C17301266%2C72717108&format=r3%7Cs&nocache=1271728710622741&num=0&output=afd_ads&domain_name=ww16.ccfelomvhk.com&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1728710622742&u_w=1280&u_h=720&biw=-12245933&bih=-12245933&isw=0&ish=-16&psw=0&psh=1562&frm=2&uio=--&cont=rb-default&drt=0&jsid=caf&jsv=683617201&rurl=http%3A%2F%2Fww16.ccfelomvhk.com%2Fdl%2Fadv542.php%3Fsub1%3D20241012-1623-43c7-a389-a8997aeb61ce

HTTP Response

200
142.250.187.238:443

https://syndicatedsearch.goog/afs/ads/i/iframe.html

tls, http

IEXPLORE.EXE

1.3kB
6.6kB
13
13

HTTP Request

GET https://syndicatedsearch.goog/afs/ads/i/iframe.html

HTTP Response

200
216.58.201.98:443

partner.googleadservices.com

tls

IEXPLORE.EXE

713 B
4.5kB
9
8
216.58.201.98:443

https://partner.googleadservices.com/gampad/cookie.js?domain=ww16.ccfelomvhk.com&client=dp-sedo85_3ph&product=SAS&callback=__sasCookie&cookie_types=v1%2Cv2

tls, http

IEXPLORE.EXE

1.4kB
5.7kB
12
12

HTTP Request

GET https://partner.googleadservices.com/gampad/cookie.js?domain=ww16.ccfelomvhk.com&client=dp-sedo85_3ph&product=SAS&callback=__sasCookie&cookie_types=v1%2Cv2

HTTP Response

200
142.250.187.238:443

https://syndicatedsearch.goog/adsense/domains/caf.js

tls, http

IEXPLORE.EXE

3.6kB
67.3kB
35
58

HTTP Request

GET https://syndicatedsearch.goog/afs/ads/i/iframe.html

HTTP Response

200

HTTP Request

GET https://syndicatedsearch.goog/adsense/domains/caf.js

HTTP Response

200
142.250.187.238:443

https://syndicatedsearch.goog/afs/ads?adsafe=low&adtest=off&psid=7446205343&channel=cl-107%2Cexp-0014%2Cexp-0051%2Cauxa-control-1%2C13262&client=dp-sedo85_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww16.ccfelomvhk.com%2Fcaf%2F%3Fses%3DY3JlPTE3Mjg3MTA2MjMmdGNpZD13dzE2LmNjZmVsb212aGsuY29tNjcwYTA3ZGZhZWMxNTIuNzg4NzIyMDMmdGFzaz1zZWFyY2gmZG9tYWluPWNjZmVsb212aGsuY29tJmFfaWQ9MyZzZXNzaW9uPWdhZ1JwSGE3ZjE5c2ZVaFR1YUdY&type=3&uiopt=false&swp=as-drid-2976593320017976&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301511%2C17301516%2C17301520%2C17301542%2C17301266%2C72717107&format=r3%7Cs&nocache=4301728710622781&num=0&output=afd_ads&domain_name=ww16.ccfelomvhk.com&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1728710622787&u_w=1280&u_h=720&biw=-12245933&bih=-12245933&isw=0&ish=-16&psw=0&psh=1562&frm=2&uio=--&cont=rb-default&drt=0&jsid=caf&jsv=683617201&rurl=http%3A%2F%2Fww16.ccfelomvhk.com%2Fdl%2Fadv542.php%3Fsub1%3D20241012-1623-43e9-bd55-f1f414d1e24a

tls, http

IEXPLORE.EXE

2.2kB
5.9kB
12
12

HTTP Request

GET https://syndicatedsearch.goog/afs/ads?adsafe=low&adtest=off&psid=7446205343&channel=cl-107%2Cexp-0014%2Cexp-0051%2Cauxa-control-1%2C13262&client=dp-sedo85_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww16.ccfelomvhk.com%2Fcaf%2F%3Fses%3DY3JlPTE3Mjg3MTA2MjMmdGNpZD13dzE2LmNjZmVsb212aGsuY29tNjcwYTA3ZGZhZWMxNTIuNzg4NzIyMDMmdGFzaz1zZWFyY2gmZG9tYWluPWNjZmVsb212aGsuY29tJmFfaWQ9MyZzZXNzaW9uPWdhZ1JwSGE3ZjE5c2ZVaFR1YUdY&type=3&uiopt=false&swp=as-drid-2976593320017976&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301511%2C17301516%2C17301520%2C17301542%2C17301266%2C72717107&format=r3%7Cs&nocache=4301728710622781&num=0&output=afd_ads&domain_name=ww16.ccfelomvhk.com&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1728710622787&u_w=1280&u_h=720&biw=-12245933&bih=-12245933&isw=0&ish=-16&psw=0&psh=1562&frm=2&uio=--&cont=rb-default&drt=0&jsid=caf&jsv=683617201&rurl=http%3A%2F%2Fww16.ccfelomvhk.com%2Fdl%2Fadv542.php%3Fsub1%3D20241012-1623-43e9-bd55-f1f414d1e24a

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCKUk6RKrjxXQrDJnCgBbXs

http

IEXPLORE.EXE

514 B
1.6kB
6
4

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCKUk6RKrjxXQrDJnCgBbXs

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCCR5C%2BtAok7AqFTjnELtHc

http

IEXPLORE.EXE

464 B
845 B
5
3

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCCR5C%2BtAok7AqFTjnELtHc

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCKUk6RKrjxXQrDJnCgBbXs

http

IEXPLORE.EXE

514 B
1.6kB
6
4

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCKUk6RKrjxXQrDJnCgBbXs

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCCR5C%2BtAok7AqFTjnELtHc

http

IEXPLORE.EXE

464 B
845 B
5
3

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCCR5C%2BtAok7AqFTjnELtHc

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCCR5C%2BtAok7AqFTjnELtHc

http

IEXPLORE.EXE

464 B
845 B
5
3

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCCR5C%2BtAok7AqFTjnELtHc

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCCR5C%2BtAok7AqFTjnELtHc

http

IEXPLORE.EXE

464 B
845 B
5
3

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCCR5C%2BtAok7AqFTjnELtHc

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.8kB
9
12
2.19.117.18:80

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

http

491 B
1.7kB
6
6

HTTP Request

GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

HTTP Response

200

8.8.8.8:53

roundassmounds.com

dns

IEXPLORE.EXE

64 B
137 B
1
1

DNS Request

roundassmounds.com
8.8.8.8:53

tracker.icerocket.com

dns

IEXPLORE.EXE

67 B
115 B
1
1

DNS Request

tracker.icerocket.com

DNS Response

209.191.189.249
8.8.8.8:53

teensoftheweb.com

dns

IEXPLORE.EXE

63 B
136 B
1
1

DNS Request

teensoftheweb.com
8.8.8.8:53

ccfelomvhk.com

dns

IEXPLORE.EXE

60 B
76 B
1
1

DNS Request

ccfelomvhk.com

DNS Response

103.224.182.217
8.8.8.8:53

ww16.ccfelomvhk.com

dns

IEXPLORE.EXE

65 B
111 B
1
1

DNS Request

ww16.ccfelomvhk.com

DNS Response

64.190.63.136
8.8.8.8:53

www.google.com

dns

IEXPLORE.EXE

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.200.36
8.8.8.8:53

partner.googleadservices.com

dns

IEXPLORE.EXE

74 B
90 B
1
1

DNS Request

partner.googleadservices.com

DNS Response

216.58.201.98
8.8.8.8:53

syndicatedsearch.goog

dns

IEXPLORE.EXE

67 B
83 B
1
1

DNS Request

syndicatedsearch.goog

DNS Response

142.250.187.238
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

crl.microsoft.com

dns

63 B
162 B
1
1

DNS Request

crl.microsoft.com

DNS Response

2.19.117.18

2.19.117.22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
6afcdfb776d760f94f4bf5868df56c70

SHA1
aca979a9d2301979103e9115acd712709b25fd24

SHA256
276bea698f0167763515b157e17e3fc2d9084e5786ad69f3a3626c4de5db7656

SHA512
c9eef4a0ef0e90866e7f7e0a1e5813374697df5c74503933cd0139938e50e83d66c5757e702c90c9d9ea8262d2263721e42f10f1ec919546e11de3feab481d43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
ce9180545109d9276fe64eb74fb4828d

SHA1
4970964e6864e4359b9323e603ff8f04f8c8a99d

SHA256
766b47bae9fd8c953527cbf19898cea723c7b282b9d2d335d917bf71898fb76f

SHA512
16c7186b877b7041c1e282a8567ad42bbaa2060fa5e8f720d48446fe6c5f0eeee7970fb1a0e440fb486661b1e32b23a5b82dc353770b5bf713b13dca49b83c9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
b9d655fe9921503c8bf2a5e3cb6d0ebd

SHA1
4206980fa3d05e111f5efe0135fe3574b72d341c

SHA256
4f9cbebae05cfbf3bc32ece78258e61068f3e91ea9039206d146a47921f2ee1e

SHA512
98e867be79d52581e2df92e1c58dffd6e5b1a4e5486b94f6794f26727f54d9db8910cc54520a1a90a1367a71e5a5354525f80a8ad61b8d60ccd4918097528504

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8373bc02c1d0be1512bbae36708dd5e4

SHA1
88c3a60f4d334121ceffdee41c29355c38a57508

SHA256
4d1ed094cc36110208aa717d621e08fc291bfab1f864e0110e30d130b5669009

SHA512
993a7fa93e16e6fd0b55f2325548886ecf81e6e3514202b41e02e109754d92f6b28245eae00e849f2957ee51caaef16387c68914a1b20cd1c04c71039df16d04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0aa8dc7ac5dabea3a2fc4bde0324daf1

SHA1
37463e0d9d3c1e292873812a23c383557965c8af

SHA256
aef3d2e92d101e26bfdfab842ba4ce01ff6b81040ad39639a503d421aa2eabfa

SHA512
d93f5e50e8a90d2e590fd8d877aa4fea660c0c85fb3dc8a38755636e385654a021468d9730053a75d346ea91f3fc6fdc0340dd6424687dc22e5c4270ff3ccacb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0bd1c65af5ab7d67ec29595e4376839

SHA1
208e149850beab78dab8dff29c5833317b025041

SHA256
37393573f26d1d099a65c1836463b73f606b9a6c107ab709f8bde3bce5bee3d3

SHA512
cc3d72f8553e7f2d0d504c16183ced0f7d9fa6902e2004a617024dac0ac80e0b41622a9fb87be6912a4c8fc21423b7b011cbc44918b78b8acab68aaf1b93536f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59b47b4ec034f1581448a3c0920eb664

SHA1
d095877da87e61adf2b96d9a7ceb726b57685191

SHA256
6048ee953a11b1f768431e8632803451452bc0e205d658057f59077677dce766

SHA512
4471464e86d8826295a7c3da258a522b444de0006b8db6f4fce0eb49bdefe6d9b625164bf6562989f5367da7e4554695db7c373ebb376ab3903fb8d6baa9e4e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
420dc2d99f73ab9a3933cbb55ca3b1f8

SHA1
46775ad9013856f8778fcdc58019d23b28304356

SHA256
1b2845ba970d47f26f14ad024e2d9d9857b4008fd23a38caa2bfa2bfde4d21c7

SHA512
e6bf425f4cc0c4ec4323f029eacd35d22d984d041b5e261a32bd5fe9e6d8c4989805cbac507b5887878cd62280a744ed5341443bc8fa8230d763ed326c88471d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a75e0b20f9f0b14dee75ee1fb475a2e

SHA1
193e720e18ca4b410b10ad930e4d9ba372a8b7d0

SHA256
019db1796525a8ec5072ecbf541cfa2e8a7c4620848ef8fb7e6487fbe107f00d

SHA512
fbb2e724a0cf3f32f69a862575f1f672598a4a463c65fa437502892d297f6ee2792590f66c74db3ea67695df0e581f5aa83027800d4ef3402a78cd1c1f54301e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51aae8acec21f94c53342da1d7617ab6

SHA1
623fead482a55fcc29248dd9e80deb9ee4739277

SHA256
6d889cc74b20396be24b5d17ef692981e86ca4ca16dbe7fba8e56ac7d82089e0

SHA512
66458125a3d592e5cc93d15b6e171271dbf983495dcb95b6ce400d1df5cbf8a00411c996d756a761f28b91c738833f4ec63308d7c2e3af36b5a95e0cf64b6cee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
020b1410b145770479f40b60613e040e

SHA1
cef9bdce6a9af54db1762e6cd5d56947b9a57028

SHA256
a12815db324772ad1095c6d7e5caad86ebc87bf7f7b9844d18c5fd2b66c576bc

SHA512
7046a07b542514b9d9c52a0b6e82b5e2db7cdd92a75b45ae362cf69c0474c125929f640e6206210acc6b14ee2fe65af203aa7fa43f96e30a97a2cbf0a0743e85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
edac7d979f2bdf2c1efd9630537fec23

SHA1
86f8df9e249626323adb07da5282fe86256e1abd

SHA256
aa550a403c4000c44f4a13d2237d8e9349381217418b9b03ac59b71b5bfcc473

SHA512
401f1bbccc90bb3394f054f30c80b96fc93377842e60c3ef320107867dc6319c3c30de0d603b5adc5168842877b168261d3e7829e07ed8447ecac4458f9bc0d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35589d700c5ef963e2e94f12ddbdb544

SHA1
8a99bdbb27ba230d6d8ce41cc7cb371f4d3df676

SHA256
727814e6c72282f2db65d2213c7c5e73fe7d9abb3b3439fca3b42aa471923a0b

SHA512
98524db8d2be7ae4c845a87a381e09ea1cc8b79972254d16051ef71a8400517498877c3495114e1b82c5769d4271891a61482ed1f3308e09aed41eef11c60882

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3748e08f8d39b2a63fc32e898c3d0a10

SHA1
09dee00480bb52d975f917596cb9275a58616b4c

SHA256
d42490a171100199fea3c65e11c208e0831668b8c4699ab48acfb7b90f2680b7

SHA512
56659a73804dce8feaf50f7d901700a76080dfb8a4c600c79c55e9a8f66648e7109ea2c019c7a8105d58c6e412cc89876e6f98cb6e37adb45b66153c861c38b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa6b9c2712d3ee4a8f24b8f89f247b25

SHA1
10a00ede8432d9345d88a72401545211ba78039d

SHA256
851ac57648c35037695728119cee12912a87af582c56034e6dde869f3a2fdd26

SHA512
46622cf29c1cf55c32aa03e62e6b4fc2a07f2f466bf92ae737c221eacc62e514b8cadaea93617e581d0de72f28cd59a5b3b82451b8eb4daac41ff270e972c3ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66703f7fb1259fb54c31b6035a7c265d

SHA1
4f5cd46ee9c4a5912a1ae8d9984cbc364c668031

SHA256
ad0e47ea1c6cd4a0c6bd236dd354035c59af5f4a99226c59af8f19923858736d

SHA512
332add9001e5f4df772ddacca8c6e09010b6b53fd48afb69ee903f2ac98ee6a835d303e083f969a57e3d9c4ad2da234287185da6df0634cf565e5e15d7e87120

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d757df74557c55f20ed8fe9f72347c9

SHA1
d603a150d56c77608ba5f955733643cfd2368bb2

SHA256
caa8f702bba3dc29bbda224ed9f8cf346d2eec53e6a8f20a52a097d7259b6bd7

SHA512
8dbe31dbd3a3d41df4358c4e2deb971bd60b97f0d874a06b7636b82e7825596d9b2a5e275fa4877e25d6237d3bd340fc42eb0344d01b674ab8d3eebd4748f219

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c3ecc3375ca7da5c7fc5960019fa13c

SHA1
e1600993eb4adb736f1fe5ae97720f7078d8a788

SHA256
883eba83ac151dfd6f75cd9f80d31ba7bfbb34090dfddc99334a919709307f80

SHA512
2f8b15c67f272978da1a12f7250dec3c70877cbf7129786a9d9fbbc114e61e723e7e3839969dc9b700329b24c8692ab0798ec1b6c42585ed66e3aaee1ef6c99a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d8b6e3b463d3d715781df8bf7340473

SHA1
56a496900c13ed2c009d8e86154b2b38e604368b

SHA256
c8f1bf9242fba56c1e29ac0e9d197f4ea73a143487ceec0b5a20d754aa89cd34

SHA512
d1f67d7a7157bcb2616769a0bfad173a78691de55074ef379623d3cde01cebbcd2fe4f58f7b98adf0494086de6389cc4bea51e3bad6acd171518bf9a834cf07b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7280b30dce4b06a83590e923320be4d

SHA1
17cf7e185ed079e3b96484b158259a882194d134

SHA256
5ae38b270b5bb6ecce4f6f78cafa1fb48a9a02aaa4acaa8d3cf3c060ce96f283

SHA512
2d9db20a728f85a5a51ea77d62d36074b244cbb0666c975d9b533e91ea2dcbe95f77ab86336d83ced07e59cae9bb44d5b02eedcd70a36c71e6923ada7aa4b393

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
596d6dc29eb4755d6ec4449f9d80708e

SHA1
d0312a08001d7eaaac172ea44995da137310790c

SHA256
34b24ba3882aa3a1af7e9635763fd9e3b5aac472aaff67da616b803ceef5395c

SHA512
4d3339eb4258b9195b171be2da0dfc1eee93533813912096a2db7e4bcb49c7d4d6fae4a07e5e78d46c930afd2ccf5027f782c1e1bc8d739ec2f2674febc41ea2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3672848f82e9b0fa73a86b166b9ca7a

SHA1
831891ca0e9a280df507622f8f91668ebcf6c693

SHA256
ae1f3224ce41a22eb4e3113e22338c2b6fcd2deab1217c79045dadd2e14cabaa

SHA512
e5960e6fafe416e8717ca2deac92bb0f6d902bd381be3deab92132f1b0b0f2fb7c65970d9e1fc71abde17c7b30feeb519f5052f3fdf2d302ca6b7c40568e08aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c4b22abaa15bb3fe08e58a7fb4e2917

SHA1
b2f956b2a2f64771cc604fc950e858ba9360ab2c

SHA256
793921a9909976a4078a23e582c5cd18a4a2112ac514061a45331d352a4fbe86

SHA512
05413ac96784135d6206c0cf1158acb1accaed3cf548b97d36af058d555e52d36a541bd2f08e828ac108668c91f89026885c3371a0f893d161dd933883ddc7e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0WBLVJY\ga[1].js

Filesize
45KB

MD5
e9372f0ebbcf71f851e3d321ef2a8e5a

SHA1
2c7d19d1af7d97085c977d1b69dcb8b84483d87c

SHA256
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

SHA512
c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFF85.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar149D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request