Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
11/05/2024, 04:59 UTC
Static task
static1
Behavioral task
behavioral1
Sample
32d85296972b34d859727e5d84a67ad9_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
32d85296972b34d859727e5d84a67ad9_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
32d85296972b34d859727e5d84a67ad9_JaffaCakes118.html
-
Size
15KB
-
MD5
32d85296972b34d859727e5d84a67ad9
-
SHA1
1f291f43ced39ba23967c867bb034e0430649468
-
SHA256
5ff6fb9cd8a7c874b33e04e1069e7e604d1d38ca3b51571478945a0c34900e27
-
SHA512
6d29418fc4f632d1d7b73811bafee332bbee4c449b5bed378463bbfe37045fe34d0ef96b954b1f5d5b1435dd78e7d5fb8e02e7183341ef7e93c4c77e65ded189
-
SSDEEP
384:WR5jiAomf6jIBVb91PRIkro7g/NBPKzNp1WB1V96mRNIv2XxNh:gmzBjINI7GNBPmNSDVjXxNh
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000007f2637981b7f472c705a9061866d1fe49245273188ee0075222fa8a5ea37f5c9000000000e8000000002000020000000bb600e9997f579a1ace74643cf7c644c7d401edff912cbef9e3ee1fa72c9176720000000fe4bacddfa662a4af036b5ad8728b0cada5eb0185f274e3c6c9ff6de2666408540000000fcf32513bcf147e47b12058b9843fbcb25191df504b43132eb9f232a26140401229cb9ca7b5434723cbf9c0e21be27620383e81decb3dc15f82927e9609070c4 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000e081da1568a1529b53adcb1c5a87593f5257a68458c23767759b7629a4a91ec2000000000e80000000020000200000003bb91563d26869e59f7ed9116b50e52a8f7a761956e1210a6c3f136daa59bc9990000000f7cef97eee1fd8ba4936c3813227c6af3c3c2a84343975aa596ee8da81dca43c3eacc1ada389c0f8cc33ba4771a0f187838a48fd4883c8f119edb43e8fe0089457b2952ef1f529aa57362d96e4c5496955463c3c71c601617c4ddcedd0905a360f788781a6ba9bfc6f1c50286357061a5643a7800ce2dd66faa48f4fefd92f1b93a9c57b57cfaa1d3824b8107082673040000000313c2b96427714be3344f248ef29e4f1350f66aeb875baf26909e8eb1f288d0c53e319919bcf2de7ead0f22e69600ef423416a119f198fba16841fdd1dbb2f8b iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421565456" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4B613251-0F53-11EF-91D8-D6B84878A518} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e06ef62060a3da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1704 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1704 iexplore.exe 1704 iexplore.exe 1276 IEXPLORE.EXE 1276 IEXPLORE.EXE 1276 IEXPLORE.EXE 1276 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1704 wrote to memory of 1276 1704 iexplore.exe 28 PID 1704 wrote to memory of 1276 1704 iexplore.exe 28 PID 1704 wrote to memory of 1276 1704 iexplore.exe 28 PID 1704 wrote to memory of 1276 1704 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\32d85296972b34d859727e5d84a67ad9_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1704 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1276
-
Network
-
Remote address:8.8.8.8:53Requestthefireservice.co.ukIN AResponsethefireservice.co.ukIN A173.254.30.90
-
Remote address:173.254.30.90:80RequestGET /wp-content/themes/cubic/style.css?ver=4.9.6 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive
ResponseHTTP/1.1 404 Not Found
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
Upgrade: h2,h2c
Connection: Upgrade
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
-
Remote address:173.254.30.90:80RequestGET /wp-content/themes/boardwalk/style.css?ver=4.9.6 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive
ResponseHTTP/1.1 404 Not Found
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
Upgrade: h2,h2c
Connection: Upgrade
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
-
GEThttp://thefireservice.co.uk/wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?ver=3.1IEXPLORE.EXERemote address:173.254.30.90:80RequestGET /wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?ver=3.1 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Tue, 30 May 2023 21:22:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Mon, 10 Jun 2024 04:59:51 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Transfer-Encoding: chunked
Content-Type: text/css
-
Remote address:173.254.30.90:80RequestGET /wp-content/themes/boardwalk/js/pace.js?ver=1.0.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive
ResponseHTTP/1.1 404 Not Found
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
-
Remote address:173.254.30.90:80RequestGET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Tue, 08 Aug 2023 20:28:15 GMT
Accept-Ranges: bytes
Cache-Control: max-age=21600
Expires: Sat, 11 May 2024 10:59:51 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 5422
Content-Type: application/javascript
-
GEThttp://thefireservice.co.uk/wp-content/plugins/wp-automatic/js/main-front.js?ver=4.9.6IEXPLORE.EXERemote address:173.254.30.90:80RequestGET /wp-content/plugins/wp-automatic/js/main-front.js?ver=4.9.6 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive
ResponseHTTP/1.1 404 Not Found
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
-
Remote address:173.254.30.90:80RequestGET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Tue, 07 Nov 2023 21:02:41 GMT
Accept-Ranges: bytes
Cache-Control: max-age=21600
Expires: Sat, 11 May 2024 10:59:51 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Transfer-Encoding: chunked
Content-Type: application/javascript
-
GEThttp://thefireservice.co.uk/wp-content/themes/boardwalk/js/skip-link-focus-fix.js?ver=20130115IEXPLORE.EXERemote address:173.254.30.90:80RequestGET /wp-content/themes/boardwalk/js/skip-link-focus-fix.js?ver=20130115 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive
ResponseHTTP/1.1 404 Not Found
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
-
GEThttp://thefireservice.co.uk/wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0IEXPLORE.EXERemote address:173.254.30.90:80RequestGET /wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive
ResponseHTTP/1.1 404 Not Found
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
Upgrade: h2,h2c
Connection: Upgrade
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
-
Remote address:173.254.30.90:80RequestGET /wp-includes/js/comment-reply.min.js?ver=4.9.6 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Tue, 24 May 2022 20:37:07 GMT
Accept-Ranges: bytes
Cache-Control: max-age=21600
Expires: Sat, 11 May 2024 10:59:52 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 1477
Content-Type: application/javascript
-
Remote address:173.254.30.90:80RequestGET /wp-includes/js/wp-embed.min.js?ver=4.9.6 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 07 Nov 2023 21:02:41 GMT
Accept-Ranges: bytes
Cache-Control: max-age=21600
Expires: Sat, 11 May 2024 10:59:52 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 692
Content-Type: application/javascript
-
GEThttp://thefireservice.co.uk/wp-content/uploads/2018/07/%D9%87%D9%86%D8%A7%D9%83-%D8%B5%D8%AE%D8%B1%D8%A9-%D9%81%D9%8A-%D8%A7%D9%84%D9%8A%D8%A7%D8%A8%D8%A7%D9%86-%D8%B9%D9%84%D9%89-%D9%85%D9%86%D8%AD%D8%AF%D8%B1-%D9%83%D8%AA%D8%A8%D8%AA-%D8%B9%D9%84%D9%8A%D9%87%D8%A7-%D9%83%D9%84.jpgIEXPLORE.EXERemote address:173.254.30.90:80RequestGET /wp-content/uploads/2018/07/%D9%87%D9%86%D8%A7%D9%83-%D8%B5%D8%AE%D8%B1%D8%A9-%D9%81%D9%8A-%D8%A7%D9%84%D9%8A%D8%A7%D8%A8%D8%A7%D9%86-%D8%B9%D9%84%D9%89-%D9%85%D9%86%D8%AD%D8%AF%D8%B1-%D9%83%D8%AA%D8%A8%D8%AA-%D8%B9%D9%84%D9%8A%D9%87%D8%A7-%D9%83%D9%84.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive
ResponseHTTP/1.1 404 Not Found
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
-
Remote address:173.254.30.90:80RequestGET /wp-content/themes/cubic/js/cubic.js?ver=20150113 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive
ResponseHTTP/1.1 404 Not Found
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
Upgrade: h2,h2c
Connection: Upgrade
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
-
173.254.30.90:80http://thefireservice.co.uk/wp-content/themes/cubic/style.css?ver=4.9.6httpIEXPLORE.EXE1.3kB 27.6kB 22 24
HTTP Request
GET http://thefireservice.co.uk/wp-content/themes/cubic/style.css?ver=4.9.6HTTP Response
404 -
173.254.30.90:80http://thefireservice.co.uk/wp-content/themes/boardwalk/style.css?ver=4.9.6httpIEXPLORE.EXE1.2kB 27.5kB 21 23
HTTP Request
GET http://thefireservice.co.uk/wp-content/themes/boardwalk/style.css?ver=4.9.6HTTP Response
404 -
173.254.30.90:80http://thefireservice.co.uk/wp-content/themes/boardwalk/js/pace.js?ver=1.0.0httpIEXPLORE.EXE2.2kB 44.8kB 34 38
HTTP Request
GET http://thefireservice.co.uk/wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?ver=3.1HTTP Response
200HTTP Request
GET http://thefireservice.co.uk/wp-content/themes/boardwalk/js/pace.js?ver=1.0.0HTTP Response
404 -
173.254.30.90:80http://thefireservice.co.uk/wp-content/plugins/wp-automatic/js/main-front.js?ver=4.9.6httpIEXPLORE.EXE1.5kB 22.0kB 19 20
HTTP Request
GET http://thefireservice.co.uk/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1HTTP Response
200HTTP Request
GET http://thefireservice.co.uk/wp-content/plugins/wp-automatic/js/main-front.js?ver=4.9.6HTTP Response
404 -
173.254.30.90:80http://thefireservice.co.uk/wp-content/themes/boardwalk/js/skip-link-focus-fix.js?ver=20130115httpIEXPLORE.EXE3.5kB 142.9kB 64 109
HTTP Request
GET http://thefireservice.co.uk/wp-includes/js/jquery/jquery.js?ver=1.12.4HTTP Response
200HTTP Request
GET http://thefireservice.co.uk/wp-content/themes/boardwalk/js/skip-link-focus-fix.js?ver=20130115HTTP Response
404 -
173.254.30.90:80http://thefireservice.co.uk/wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0httpIEXPLORE.EXE1.3kB 27.5kB 22 23
HTTP Request
GET http://thefireservice.co.uk/wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0HTTP Response
404 -
173.254.30.90:80http://thefireservice.co.uk/wp-content/uploads/2018/07/%D9%87%D9%86%D8%A7%D9%83-%D8%B5%D8%AE%D8%B1%D8%A9-%D9%81%D9%8A-%D8%A7%D9%84%D9%8A%D8%A7%D8%A8%D8%A7%D9%86-%D8%B9%D9%84%D9%89-%D9%85%D9%86%D8%AD%D8%AF%D8%B1-%D9%83%D8%AA%D8%A8%D8%AA-%D8%B9%D9%84%D9%8A%D9%87%D8%A7-%D9%83%D9%84.jpghttpIEXPLORE.EXE2.2kB 30.6kB 25 28
HTTP Request
GET http://thefireservice.co.uk/wp-includes/js/comment-reply.min.js?ver=4.9.6HTTP Response
200HTTP Request
GET http://thefireservice.co.uk/wp-includes/js/wp-embed.min.js?ver=4.9.6HTTP Response
200HTTP Request
GET http://thefireservice.co.uk/wp-content/uploads/2018/07/%D9%87%D9%86%D8%A7%D9%83-%D8%B5%D8%AE%D8%B1%D8%A9-%D9%81%D9%8A-%D8%A7%D9%84%D9%8A%D8%A7%D8%A8%D8%A7%D9%86-%D8%B9%D9%84%D9%89-%D9%85%D9%86%D8%AD%D8%AF%D8%B1-%D9%83%D8%AA%D8%A8%D8%AA-%D8%B9%D9%84%D9%8A%D9%87%D8%A7-%D9%83%D9%84.jpgHTTP Response
404 -
173.254.30.90:80http://thefireservice.co.uk/wp-content/themes/cubic/js/cubic.js?ver=20150113httpIEXPLORE.EXE1.3kB 27.5kB 22 23
HTTP Request
GET http://thefireservice.co.uk/wp-content/themes/cubic/js/cubic.js?ver=20150113HTTP Response
404 -
242 B 144 B 5 3
-
799 B 7.7kB 10 13
-
799 B 7.7kB 10 13
-
831 B 7.7kB 10 13
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50431f6e5ab06fb350f2ba2871142d2c6
SHA1266ad71ee2e6dfba5fd57add96bb982274ffe41b
SHA25625fecbef4c54e3ec7ad04c4217b738f8737b3ee15d6a7ae746ec3e596a48d449
SHA512f1e5dfd41d257e56d397e3044c3f9ae29148590ab840f5af78b656c174e85285efbc6e69d94397fdd00df0ef599b0a21718f31fdf5dd21dd53367e8d06d081e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD557371df5710bdaac40b09b3836d92a15
SHA126e9e0ab5b8a6de32298227acdd11a3d85a74bd9
SHA256540432dc8187c646f1091d204c011c23d87f4ac0af5f373139f9bf9910325033
SHA512a424f262ff809f04c265ff94013577781b61d88034edd1aa7443aaf8c95e44c1ea0d4ba12f194ad16ed025604137dfb9c7566c7ace68b0438264a7a9fa8a6cc2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56c7471ea682d34991cb595d85e2ac53e
SHA1c2ceb3d273f8f77204e22d56dada398250f4815c
SHA2566dc0dcdeff363d478ec4c95bcc848546f6d0ca56284724333331876572bccca6
SHA5124674f8a0a81eb658a0ca19809d1912f2601a21c7a410a9745c754ec510a9f884e740163ad4565d357540452bf26dc5ff38e7ab3946dc1183b68889edff6a0fc1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53c07b380ef133e9087f1a9e5dc97f54f
SHA165ffd6c733917e93d2862b24e6eb21467191b6e1
SHA256c80ced1f2c78b839dc8a01ba73e7a104c5b4d058d3990e16b76d84a82b7f2c6a
SHA512476c9f60aa6ea18d343cb9be8109685ada886c3b1b8a26b72c6aae754fc4d7b1ec55927d05df53c640fa9b2a67890b40d08a90a4a6d8ab5a614427f154d04011
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD584fd815608e9a33b44dd27f7ff1194e3
SHA13dcbb24f80e5aaaf2229ecd28b83c4a256bbbe9c
SHA256877c9f8abb87a3539339c27be39dbee0cc69a1fc16673b3f2a263a2b0f460bc0
SHA51251c5c7f2a16e23ec60bc17eaa5481d51736613fbf55c15717e7e3c7d05756c3597510af46afe287575b16477912fd264f740e26a86a1360f97bb32db59251e06
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5853dac15c0a71737613858f979212bfc
SHA1564b22987658bce8b489bb8fe0866967a38658ea
SHA256afed2c0bfe2705980a590186ca6d3c17af458e85fbcd450e9d090bfe4adf0d0f
SHA512132ab89491fe1eda9820e9b6c22b67d5a7fa68e5bbbef0311cebc73ef6f1ea565aa6847367af85ea6a42ad5c11f835c3d0dc1563e182afb4a59c885ef0f1a531
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD581aba972dcfef203056346fd92086700
SHA187a284312105c7b6bc4d72dee72144ee0cf1e9ab
SHA25621f522e073db963ac59b72e5b719cee36858b7c81f8a4aa1e1e757fa1bc66192
SHA51259a457e638f3262ae539e7505014d38d6ea9112a41cb0716534473f803c96a0e269ccba7a8f5d357bdc684f0f7a34e63d17e6787afa349034a1b92c13ce4f5de
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD584d84c6ddfddfa4b1a6b108cf12f3693
SHA12cecf41705d32d27ebb36645e4fb7e255ec18428
SHA2561034c53c76d1837c70f0e5ed1a0aea068013f53783f65c90af07af7ee315c86f
SHA51238e609cbd4d03963000379d345a93d79bd9d850ba728725a4aff48b73a8277d8ab4fd0138f49002a22496ef87dd12f93e2360881474e3a82b8dcb1d91c85d6ee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cebb30a585332fc7ea3e01931b7a9386
SHA1e95c8f46d686a5c804c999e53ce4437333b0fe8d
SHA256f806062191fbe3185c6ea6b642fa178bdffa51fea4a72a8d53b7044138aadd62
SHA5122297d4df6e327d22d9fd72f887bdde29faf814ffb73306d114d343a76c6f4dd5213be071655632b591797249c6a5c003bb1d1252626e60131a9fdd9af16b817d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55b65ebfee6cd48c8c430565d387f14bd
SHA18bb4f45dc924338784aeacc37b178d76467701fb
SHA2568126f2f321f3d6fcd8468e633b05d6aed1f8e878c0441bdfa18f5a91caa1bf0e
SHA512337bb7d03a3c8326d13998012dfd524ee2ce340e74159df9c1248bd6b58c8257dc2fe6c44f992dcffc3af2ccd8df78d4e88111b1dcaf66f5fec754c3ff48cf75
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a6f81548939b2bd25f876212f338f296
SHA1329c4451311ea88de0a39e4b43e57b9dff65e964
SHA256f17c2f6e15360a43659b9d9db689334405a8e16841e96aa95d49127fc9f40ea2
SHA512c147889be4fb4797d01a8101202194baf4174e8f9542a621142974820db675264578d67f9629bc54a3ead1f6a3dbd4480183059a9e96ec981d0ca1abfd555a02
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58358a4013ed8915693f2d7c969c8e4f8
SHA1fb92d471db808f9fa37f7940d2bd78a9fcf67da9
SHA2561bbbdc700ff88ef9d341e557c0d7e701e50a229d96ca117b1a9541c014f09c8c
SHA5128850f9113d61d8c2aae0f443311d19dd5809564fd0f4d820b9031721b23a0cbba869caf7d5427495a0fc00b35166bf12344998127d44bebdad4b939293ad3e09
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51abdac9584aec9adbb1dbf7628aeec89
SHA1901ff6dae5bed2ff4076930e0114e075907393fd
SHA2561229b6564117ad7abadde01d1e0b970283d2d8acfbec2e3037147de17360619a
SHA5129688ab040523cef1130f6ca4b021918db1dffc063a75c24040d7db4734c01de33e8b5811be609eeda4902f40af719bea04dffa6dff012de48f7efc14cf4b4bb8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dcedbc88ee23f54fd524074f9624af72
SHA12f85f6a4251b453cb72b031b4b3f8d12d3b8be57
SHA2561cc30992acaf02c7f063aedb974425a28f3b6cdc543fd76d32b896d45cc23185
SHA51224000d431ef897c25fd1d3fe023feb7ea1634c3d6cef735d9acb6ac7d7e3cfacf9f304e8dcc58fee2c3fa1f332bcab77521eb8be83714947a8c64b42602ab250
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD597a51e6e69721c8606d003c48fea95ee
SHA12578161a83f1e48b919b055935776f5c27fa130d
SHA256a13b9cc7c1f589835464ce3851c8d044ce26b28b4285b7d726994907ec5de0ef
SHA512d7739ac7aba9916cd71c91a57784b4cde91ac5301d86a73cd0719e60608654c032509ba71f0a69ef010823b8ed8c9c15793b5af65a793bce84bba19150e63fc5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57e935db94b21e480a1057e8d8f296ee3
SHA154a986e6af9db8fd6d81f34bed79cfa904bd0a1b
SHA2560d91e81590d08e2115c408abc1eb531603c4a425331f8bc9009ef7885a4f9992
SHA512945c719f420072c406ba34e1fd9aed3973a3dd0a4a3c02d049fe26c98bfefe89d21d4747ba0e851debd429472a978141c901cb71f11172272d012d1a84369cc4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c09b845d7b2d7d577734c054e87e9bbd
SHA18e86ff7f108a02ea3010d7df4c957c5494554463
SHA256e79856d0265af4a5505093669b34ed6a8591c1955b4387a87caf4680f0ede426
SHA512133ad6f630ff2de01dca8bbda30a0badd097dc32451c2f1a948deb6853d64d36ef9d70c93f087881c5041a9f3edf9889902193e44f4df9101fcba9ce6fb3aad7
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a