Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

URLScan

urlscan

1

http://www.siscard.c...

windows7-x64

1

http://www.siscard.c...

windows10-2004-x64

1

Analysis

  • max time kernel
    66s
  • max time network
    75s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    12/01/2023, 13:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://www.siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2024

Network

  • flag-unknown
    DNS
    www.siscard.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.siscard.com
    IN A
    Response
    www.siscard.com
    IN A
    190.61.250.150
  • flag-unknown
    GET
    http://www.siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:80
    Request
    GET /wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Thu, 12 Jan 2023 13:33:30 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Location: https://www.siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Content-Length: 324
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1
  • flag-unknown
    GET
    https://www.siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Thu, 12 Jan 2023 13:33:31 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    X-Powered-By: PHP/7.4.28
    Vary: Accept-Encoding,Cookie
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    X-Redirect-By: WordPress
    Location: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Content-Length: 0
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/html; charset=UTF-8
  • flag-unknown
    DNS
    siscard.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    siscard.com
    IN A
    Response
    siscard.com
    IN A
    190.61.250.150
  • flag-unknown
    GET
    https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Thu, 12 Jan 2023 13:33:34 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    X-Powered-By: PHP/7.4.28
    Vary: Accept-Encoding,Cookie
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    Link: <https://siscard.com/wp-json/>; rel="https://api.w.org/"
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=UTF-8
  • flag-unknown
    GET
    https://siscard.com/wp-content/uploads/elementor/css/custom-frontend-lite.min.css?ver=1664774480
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/uploads/elementor/css/custom-frontend-lite.min.css?ver=1664774480 HTTP/1.1
    Accept: text/css, */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:38 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Mon, 03 Oct 2022 05:21:20 GMT
    ETag: "14300062-1a7ed-5ea1a838d6386"
    Accept-Ranges: bytes
    Content-Length: 108525
    Keep-Alive: timeout=5, max=99
    Connection: Keep-Alive
    Content-Type: text/css
  • flag-unknown
    GET
    https://siscard.com/wp-content/cache/autoptimize/css/autoptimize_single_59da3e3c8fdbd97595c0b04dc8a6489f.css?ver=1664774482
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/cache/autoptimize/css/autoptimize_single_59da3e3c8fdbd97595c0b04dc8a6489f.css?ver=1664774482 HTTP/1.1
    Accept: text/css, */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:38 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Wed, 26 Oct 2022 22:05:23 GMT
    ETag: "14300b0b-963b-5ebf738a7c8d0-gzip"
    Accept-Ranges: bytes
    Cache-Control: max-age=30672000, public, immutable
    Expires: Tue, 02 Jan 2024 13:33:38 GMT
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Length: 2783
    Keep-Alive: timeout=5, max=98
    Connection: Keep-Alive
    Content-Type: text/css
  • flag-unknown
    GET
    https://siscard.com/wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:38 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Fri, 23 Sep 2022 15:03:29 GMT
    ETag: "14302524-132e-5e9597b0f4774"
    Accept-Ranges: bytes
    Content-Length: 4910
    Keep-Alive: timeout=5, max=97
    Connection: Keep-Alive
    Content-Type: application/javascript
  • flag-unknown
    GET
    https://siscard.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.eot?
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.eot? HTTP/1.1
    Accept: */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: https://siscard.com
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:38 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Mon, 03 Oct 2022 05:19:46 GMT
    ETag: "14300a41-20cca-5ea1a7deaedfe"
    Accept-Ranges: bytes
    Content-Length: 134346
    Keep-Alive: timeout=5, max=96
    Connection: Keep-Alive
    Content-Type: application/vnd.ms-fontobject
  • flag-unknown
    GET
    https://siscard.com/wp-content/cache/autoptimize/css/autoptimize_adb17d506f233696b2cbf6ac7f8203a6.css
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/cache/autoptimize/css/autoptimize_adb17d506f233696b2cbf6ac7f8203a6.css HTTP/1.1
    Accept: text/css, */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:37 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Wed, 26 Oct 2022 22:06:13 GMT
    ETag: "14300b26-3f608-5ebf73ba0b998-gzip"
    Accept-Ranges: bytes
    Cache-Control: max-age=30672000, public, immutable
    Expires: Tue, 02 Jan 2024 13:33:37 GMT
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Length: 45411
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/css
  • flag-unknown
    GET
    https://siscard.com/wp-content/cache/autoptimize/css/autoptimize_single_c69d51af149192bf468d5df5535aec7f.css?ver=1664774480
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/cache/autoptimize/css/autoptimize_single_c69d51af149192bf468d5df5535aec7f.css?ver=1664774480 HTTP/1.1
    Accept: text/css, */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:38 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Wed, 26 Oct 2022 22:05:23 GMT
    ETag: "14300b0a-897-5ebf738a5c530-gzip"
    Accept-Ranges: bytes
    Cache-Control: max-age=30672000, public, immutable
    Expires: Tue, 02 Jan 2024 13:33:38 GMT
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Length: 535
    Keep-Alive: timeout=5, max=99
    Connection: Keep-Alive
    Content-Type: text/css
  • flag-unknown
    GET
    https://siscard.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:38 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Fri, 23 Sep 2022 15:03:18 GMT
    ETag: "143023eb-15db1-5e9597a62debc"
    Accept-Ranges: bytes
    Content-Length: 89521
    Keep-Alive: timeout=5, max=98
    Connection: Keep-Alive
    Content-Type: application/javascript
  • flag-unknown
    GET
    https://siscard.com/wp-content/uploads/2022/08/DIN-Medium-Regular.ttf
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/uploads/2022/08/DIN-Medium-Regular.ttf HTTP/1.1
    Accept: */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: https://siscard.com
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:38 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Fri, 23 Sep 2022 15:02:28 GMT
    ETag: "14301aaa-7110-5e959776e2414"
    Accept-Ranges: bytes
    Content-Length: 28944
    Keep-Alive: timeout=5, max=97
    Connection: Keep-Alive
    Content-Type: font/ttf
  • flag-unknown
    GET
    https://siscard.com/wp-content/uploads/elementor/css/custom-pro-frontend-lite.min.css?ver=1664774480
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/uploads/elementor/css/custom-pro-frontend-lite.min.css?ver=1664774480 HTTP/1.1
    Accept: text/css, */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:38 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Mon, 03 Oct 2022 05:21:20 GMT
    ETag: "143000a4-2cdf-5ea1a838ff3c6"
    Accept-Ranges: bytes
    Content-Length: 11487
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/css
  • flag-unknown
    GET
    https://siscard.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:38 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Fri, 23 Sep 2022 15:03:25 GMT
    ETag: "14302507-4ac6-5e9597ad80ebc"
    Accept-Ranges: bytes
    Content-Length: 19142
    Keep-Alive: timeout=5, max=99
    Connection: Keep-Alive
    Content-Type: application/javascript
  • flag-unknown
    GET
    https://siscard.com/wp-content/uploads/2022/08/D-DINCondensed-Bold.ttf
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/uploads/2022/08/D-DINCondensed-Bold.ttf HTTP/1.1
    Accept: */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: https://siscard.com
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:38 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Fri, 23 Sep 2022 15:02:24 GMT
    ETag: "14301a5f-c3c4-5e95977314ddc"
    Accept-Ranges: bytes
    Content-Length: 50116
    Keep-Alive: timeout=5, max=98
    Connection: Keep-Alive
    Content-Type: font/ttf
  • flag-unknown
    GET
    https://siscard.com/wp-content/uploads/elementor/css/custom-pro-widget-nav-menu.min.css?ver=1664774483
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/uploads/elementor/css/custom-pro-widget-nav-menu.min.css?ver=1664774483 HTTP/1.1
    Accept: text/css, */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:38 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Mon, 03 Oct 2022 05:21:23 GMT
    ETag: "143000af-72ae-5ea1a83ba3046"
    Accept-Ranges: bytes
    Content-Length: 29358
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/css
  • flag-unknown
    GET
    https://siscard.com/wp-content/cache/autoptimize/js/autoptimize_134d22f37a5afe1ddcfcc13edc2e3009.js
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/cache/autoptimize/js/autoptimize_134d22f37a5afe1ddcfcc13edc2e3009.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:38 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Wed, 26 Oct 2022 22:06:13 GMT
    ETag: "14300b25-390d9-5ebf73b9f90b8-gzip"
    Accept-Ranges: bytes
    Cache-Control: max-age=30672000, public, immutable
    Expires: Tue, 02 Jan 2024 13:33:38 GMT
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Keep-Alive: timeout=5, max=99
    Connection: Keep-Alive
    Transfer-Encoding: chunked
    Content-Type: application/javascript
  • flag-unknown
    GET
    https://siscard.com/wp-content/uploads/2022/08/D-DIN-Bold-1.ttf
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/uploads/2022/08/D-DIN-Bold-1.ttf HTTP/1.1
    Accept: */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: https://siscard.com
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:38 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Fri, 23 Sep 2022 15:02:28 GMT
    ETag: "14301ac5-cbec-5e959776e473c"
    Accept-Ranges: bytes
    Content-Length: 52204
    Keep-Alive: timeout=5, max=98
    Connection: Keep-Alive
    Content-Type: font/ttf
  • flag-unknown
    GET
    https://siscard.com/wp-content/cache/autoptimize/css/autoptimize_single_c77803031473d98d8c9edc29ffb4b3b7.css?ver=1664818507
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/cache/autoptimize/css/autoptimize_single_c77803031473d98d8c9edc29ffb4b3b7.css?ver=1664818507 HTTP/1.1
    Accept: text/css, */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:38 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Wed, 26 Oct 2022 22:05:23 GMT
    ETag: "14300b0f-3491-5ebf738abbc88-gzip"
    Accept-Ranges: bytes
    Cache-Control: max-age=30672000, public, immutable
    Expires: Tue, 02 Jan 2024 13:33:38 GMT
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Length: 1510
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/css
  • flag-unknown
    GET
    https://siscard.com/wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:38 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Fri, 23 Sep 2022 15:03:29 GMT
    ETag: "14302529-27ee-5e9597b0f820c"
    Accept-Ranges: bytes
    Content-Length: 10222
    Keep-Alive: timeout=5, max=99
    Connection: Keep-Alive
    Content-Type: application/javascript
  • flag-unknown
    GET
    https://siscard.com/wp-content/uploads/2022/08/D-DIN-1.ttf
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/uploads/2022/08/D-DIN-1.ttf HTTP/1.1
    Accept: */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: https://siscard.com
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:38 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Fri, 23 Sep 2022 15:02:24 GMT
    ETag: "14301a4b-c07c-5e9597731366c"
    Accept-Ranges: bytes
    Content-Length: 49276
    Keep-Alive: timeout=5, max=98
    Connection: Keep-Alive
    Content-Type: font/ttf
  • flag-unknown
    GET
    https://siscard.com/wp-content/cache/autoptimize/css/autoptimize_single_dc45da0d903fc1b8cd123af9e4aec3bf.css?ver=1664774482
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/cache/autoptimize/css/autoptimize_single_dc45da0d903fc1b8cd123af9e4aec3bf.css?ver=1664774482 HTTP/1.1
    Accept: text/css, */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:38 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Wed, 26 Oct 2022 22:05:23 GMT
    ETag: "14300b0e-1a79-5ebf738aa5910-gzip"
    Accept-Ranges: bytes
    Cache-Control: max-age=30672000, public, immutable
    Expires: Tue, 02 Jan 2024 13:33:38 GMT
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Length: 1081
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/css
  • flag-unknown
    GET
    https://siscard.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:38 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Fri, 23 Sep 2022 15:03:25 GMT
    ETag: "14302513-194b-5e9597ad83d9c"
    Accept-Ranges: bytes
    Content-Length: 6475
    Keep-Alive: timeout=5, max=99
    Connection: Keep-Alive
    Content-Type: application/javascript
  • flag-unknown
    DNS
    www.microsoft.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    104.85.1.163
  • 190.61.250.150:80
    http://www.siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    http
    IEXPLORE.EXE
    578 B
     1.7kB
     5
    5

    HTTP Request

    GET http://www.siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf

    HTTP Response

    301
  • 190.61.250.150:80
    www.siscard.com
    IEXPLORE.EXE
    150 B
     104 B
     3
    2
  • 190.61.250.150:443
    https://www.siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    tls, http
    IEXPLORE.EXE
    1.3kB
     5.3kB
     9
    11

    HTTP Request

    GET https://www.siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf

    HTTP Response

    301
  • 190.61.250.150:443
    https://siscard.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.eot?
    tls, http
    IEXPLORE.EXE
    10.2kB
     390.4kB
     159
    292

    HTTP Request

    GET https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf

    HTTP Response

    404

    HTTP Request

    GET https://siscard.com/wp-content/uploads/elementor/css/custom-frontend-lite.min.css?ver=1664774480

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-content/cache/autoptimize/css/autoptimize_single_59da3e3c8fdbd97595c0b04dc8a6489f.css?ver=1664774482

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.eot?

    HTTP Response

    200
  • 190.61.250.150:443
    https://siscard.com/wp-content/uploads/2022/08/DIN-Medium-Regular.ttf
    tls, http
    IEXPLORE.EXE
    6.1kB
     177.0kB
     79
    137

    HTTP Request

    GET https://siscard.com/wp-content/cache/autoptimize/css/autoptimize_adb17d506f233696b2cbf6ac7f8203a6.css

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-content/cache/autoptimize/css/autoptimize_single_c69d51af149192bf468d5df5535aec7f.css?ver=1664774480

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-content/uploads/2022/08/DIN-Medium-Regular.ttf

    HTTP Response

    200
  • 190.61.250.150:443
    https://siscard.com/wp-content/uploads/2022/08/D-DINCondensed-Bold.ttf
    tls, http
    IEXPLORE.EXE
    3.6kB
     86.3kB
     41
    72

    HTTP Request

    GET https://siscard.com/wp-content/uploads/elementor/css/custom-pro-frontend-lite.min.css?ver=1664774480

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-content/uploads/2022/08/D-DINCondensed-Bold.ttf

    HTTP Response

    200
  • 190.61.250.150:443
    https://siscard.com/wp-content/uploads/2022/08/D-DIN-Bold-1.ttf
    tls, http
    IEXPLORE.EXE
    4.9kB
     156.2kB
     69
    122

    HTTP Request

    GET https://siscard.com/wp-content/uploads/elementor/css/custom-pro-widget-nav-menu.min.css?ver=1664774483

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-content/cache/autoptimize/js/autoptimize_134d22f37a5afe1ddcfcc13edc2e3009.js

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-content/uploads/2022/08/D-DIN-Bold-1.ttf

    HTTP Response

    200
  • 190.61.250.150:443
    https://siscard.com/wp-content/uploads/2022/08/D-DIN-1.ttf
    tls, http
    IEXPLORE.EXE
    3.3kB
     67.6kB
     33
    56

    HTTP Request

    GET https://siscard.com/wp-content/cache/autoptimize/css/autoptimize_single_c77803031473d98d8c9edc29ffb4b3b7.css?ver=1664818507

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-content/uploads/2022/08/D-DIN-1.ttf

    HTTP Response

    200
  • 190.61.250.150:443
    https://siscard.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
    tls, http
    IEXPLORE.EXE
    1.8kB
     9.4kB
     11
    14

    HTTP Request

    GET https://siscard.com/wp-content/cache/autoptimize/css/autoptimize_single_dc45da0d903fc1b8cd123af9e4aec3bf.css?ver=1664774482

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9

    HTTP Response

    200
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    707 B
     7.6kB
     8
    11
  • 8.8.8.8:53
    www.siscard.com
    dns
    IEXPLORE.EXE
    61 B
     77 B
     1
    1

    DNS Request

    www.siscard.com

    DNS Response

    190.61.250.150

  • 8.8.8.8:53
    siscard.com
    dns
    IEXPLORE.EXE
    57 B
     73 B
     1
    1

    DNS Request

    siscard.com

    DNS Response

    190.61.250.150

  • 8.8.8.8:53
    www.microsoft.com
    dns
    iexplore.exe
    63 B
     230 B
     1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    104.85.1.163

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    34e5cf516ecad791e582b4c7f5ad582a

    SHA1

    1a6a79caaa0a582a619d29e49732cc67d2808f20

    SHA256

    6d72b88bea5b5a5ec07bf2d2f33301cf3edef7e60d6d2ed48410df0cb2ef152a

    SHA512

    4d5ad69d3cbbc5e557e8762c953101736329211bb3d2567cf3a3050bef6a958e6d4069294e5947a64ebc59045231cb732f018a541bfc4ee3469b70f84f35a7a9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WLVRKE7T.txt
    Filesize

    608B

    MD5

    987dba6d1e6129cd75936d1a80fbcb4b

    SHA1

    0b1ec39947ecdfa5c62a4174f148c8e8d49f3de7

    SHA256

    c151ba849a1999dbea5b2b8c8ed5280932893520f4a9ddaa8c7c0c581ddc4927

    SHA512

    53adbc0e509cc67e746932551212d4948dc789aaf8a2e3e6cd4591f095a3b2133f68342a840ec010b386d24be01ecc8104b07f68ca450cf2f4c6a4fc21eb8b82

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.