74e2b2c2a852660086e0b1aa7a370d128bcecbcea8588d55918cd0ecc50d21d2

Analysis

max time kernel
144s
max time network
151s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 23:46 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0bd5c22a43c095358eea47dfc79da84_JaffaCakes118.html
Size

27KB
MD5

b0bd5c22a43c095358eea47dfc79da84
SHA1

7fc486bb07acb223036541aebb858b8069271344
SHA256

74e2b2c2a852660086e0b1aa7a370d128bcecbcea8588d55918cd0ecc50d21d2
SHA512

069cfef0899bbc7d8cdf10a56e447dddfbab0280fcbea864691cf7747392e6dd27123d53632eb3c46c604bae35f7f106648cbdc81c779c6fc4385fbf96090205
SSDEEP

768:SxVdsFqvfkRlAVV1C5m1CCCcmzm3C/CnCQGUMXVz2:S7dsFqvfkc1C5m1CCCcmzm3C/CnCQqz2

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1016e3597ebfda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424657065"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000008bdb33b823a60c3d15df880e8f0c8a95c796df75a310c3f1283293ccc3c7e2ab000000000e8000000002000020000000c9ff828ce723487882e762e56994a38ff6d6ab38994580d74f453508480650692000000064720fca9c4e61cdb7e38e1f9df6d1f86f36ba7eedba215af3113c4469e7213a40000000c5849204aa5deeea1dee222ed22004f952dd7555652aafb531e2c79cbd4ade57ab481427dcd05617d5c13ca5945de65d3d2e2cf0936d591dd5a29088f5de1b45	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000658f6b7e691b68bd2887dd220f731b6dcbc50c13deec7423fca589ab492283bc000000000e8000000002000020000000549a223b014e384b50a5f388f8a88f9685f524e4e63db75aab80da3b4c92d6df90000000ba7ace64ffade420292363a50049981ed4ee7b2b7d5e61d6cfbf05365f81ccd6d35feb51c130f12e36e1176765d39137d4eaa39e732a2a1a6846d033e7727ef7e98b9a0863b55a6e95f1ae662916b4a69dadfcc537456f0ff20ea23fb1bf09421e43c4753681ed5001fab0fc04b2222ef8ed77933554cea910eff63b513dcc6efa2ade3603e8f5fd1801c74d0e9334f34000000097abad0302595ef19bb7410d0fe8f8c5748d0d8acaaba1495e04433611122968faf11b12eb8c54607cb8f9f74d883fc6daca7ffe28c9b7efd2f7a558e502b68b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{809D4501-2B71-11EF-B918-627D7EE66EFE} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2188	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2188	iexplore.exe
2188	iexplore.exe
2104	IEXPLORE.EXE
2104	IEXPLORE.EXE
2104	IEXPLORE.EXE
2104	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2104	2188	iexplore.exe	28
PID 2188 wrote to memory of 2104	2188	iexplore.exe	28
PID 2188 wrote to memory of 2104	2188	iexplore.exe	28
PID 2188 wrote to memory of 2104	2188	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b0bd5c22a43c095358eea47dfc79da84_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2104

Network

DNS

vmg1.info

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

vmg1.info

IN A

Response

vmg1.info

IN A

3.33.130.190

vmg1.info

IN A

15.197.148.33
DNS

ajax.googleapis.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

142.250.200.10
DNS

www.capitalfm.co.ke

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.capitalfm.co.ke

IN A

Response

www.capitalfm.co.ke

IN CNAME

wp.wpenginepowered.com

wp.wpenginepowered.com

IN A

141.193.213.11

wp.wpenginepowered.com

IN A

141.193.213.10
DNS

ghanasuperstar.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ghanasuperstar.com

IN A

Response
DNS

3.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

3.bp.blogspot.com

IN A

Response

3.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.180.1
DNS

www.ghanatoghana.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.ghanatoghana.com

IN A

Response

www.ghanatoghana.com

IN CNAME

ghanatoghana.com

ghanatoghana.com

IN A

192.64.80.67
DNS

img.modernghana.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

img.modernghana.com

IN A

Response

img.modernghana.com

IN A

104.20.45.9

img.modernghana.com

IN A

104.20.44.9
DNS

omgghana.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

omgghana.com

IN A

Response

omgghana.com

IN CNAME

traff-2.hugedomains.com

traff-2.hugedomains.com

IN CNAME

hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com

hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com

IN A

3.130.253.23

hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com

IN A

3.130.204.160
DNS

kitnes.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

kitnes.net

IN A

Response
DNS

www.africasoccernet.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.africasoccernet.com

IN A

Response
DNS

i.ytimg.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

142.250.178.22

i.ytimg.com

IN A

142.250.187.246

i.ytimg.com

IN A

216.58.201.118

i.ytimg.com

IN A

142.250.180.22

i.ytimg.com

IN A

142.250.200.54

i.ytimg.com

IN A

142.250.179.246

i.ytimg.com

IN A

172.217.16.246

i.ytimg.com

IN A

142.250.187.214

i.ytimg.com

IN A

172.217.169.54

i.ytimg.com

IN A

142.250.200.22

i.ytimg.com

IN A

216.58.212.246

i.ytimg.com

IN A

216.58.204.86
GET

http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=6867

IEXPLORE.EXE

Remote address:

142.250.200.10:80

Request

GET /ajax/libs/jquery/1/jquery.min.js?ver=6867 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ajax.googleapis.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 33434
Date: Sat, 15 Jun 2024 23:46:39 GMT
Expires: Sun, 15 Jun 2025 23:46:39 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
GET

http://vmg1.info/wp-content/plugins/pe_estro_slider/resources/pe.kenburns/themes/allskins.min.css?ver=1.0

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/plugins/pe_estro_slider/resources/pe.kenburns/themes/allskins.min.css?ver=1.0 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:40 GMT
Content-Type: text/html
Content-Length: 122
Connection: keep-alive
GET

http://vmg1.info/wp-admin/admin-ajax.php?action=wordfence_logHuman&hid=A34DCDC237A4C3F2637ADD03B5B1CB35

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-admin/admin-ajax.php?action=wordfence_logHuman&hid=A34DCDC237A4C3F2637ADD03B5B1CB35 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:41 GMT
Content-Type: text/html
Content-Length: 177
Connection: keep-alive
GET

http://3.bp.blogspot.com/-PRigyjnz6z8/UEUW71mnNnI/AAAAAAAABYM/rrZqFvVpTD4/s1600/Ghana.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-PRigyjnz6z8/UEUW71mnNnI/AAAAAAAABYM/rrZqFvVpTD4/s1600/Ghana.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "va66"
Expires: Sun, 16 Jun 2024 23:46:39 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="Ghana.jpg"
X-Content-Type-Options: nosniff
Date: Sat, 15 Jun 2024 23:46:39 GMT
Server: fife
Content-Length: 37877
X-XSS-Protection: 0
GET

http://i.ytimg.com/vi/7Uv4gomFNYw/0.jpg

IEXPLORE.EXE

Remote address:

142.250.178.22:80

Request

GET /vi/7Uv4gomFNYw/0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i.ytimg.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Vary: Origin
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: image/jpeg
Date: Sat, 15 Jun 2024 23:46:39 GMT
Expires: Sat, 15 Jun 2024 23:47:09 GMT
Cache-Control: public, max-age=30
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 1097
X-XSS-Protection: 0
GET

http://img.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg

IEXPLORE.EXE

Remote address:

104.20.45.9:80

Request

GET /images/content3/240x_mg_d82dlp1jam_50055069.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.modernghana.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 15 Jun 2024 23:46:39 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 16 Jun 2024 00:46:39 GMT
Location: https://img.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 894670d499f360e3-LHR
alt-svc: h3=":443"; ma=86400
GET

http://vmg1.info/wp-content/themes/onyx/css/reset.css

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/themes/onyx/css/reset.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:39 GMT
Content-Type: text/html
Content-Length: 114
Connection: keep-alive
GET

http://vmg1.info/wp-content/themes/onyx/css/dropdown.css

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/themes/onyx/css/dropdown.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:39 GMT
Content-Type: text/html
Content-Length: 114
Connection: keep-alive
GET

http://vmg1.info/wp-content/themes/onyx/js/custom.js?ver=1.0

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/themes/onyx/js/custom.js?ver=1.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:39 GMT
Content-Type: text/html
Content-Length: 122
Connection: keep-alive
GET

http://vmg1.info/wp-content/themes/onyx/js/prettyPhoto.js

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/themes/onyx/js/prettyPhoto.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:39 GMT
Content-Type: text/html
Content-Length: 114
Connection: keep-alive
GET

http://vmg1.info/wp-content/uploads/2011/08/LinkedIn.png

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/uploads/2011/08/LinkedIn.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:40 GMT
Content-Type: text/html
Content-Length: 114
Connection: keep-alive
GET

http://vmg1.info/wp-content/themes/onyx/js/superfish.js?ver=1.0

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/themes/onyx/js/superfish.js?ver=1.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:39 GMT
Content-Type: text/html
Content-Length: 122
Connection: keep-alive
GET

http://vmg1.info/wp-content/plugins/mappress-google-maps-for-wordpress/css/mappress.css?ver=2.39.2

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/plugins/mappress-google-maps-for-wordpress/css/mappress.css?ver=2.39.2 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:39 GMT
Content-Type: text/html
Content-Length: 125
Connection: keep-alive
GET

http://vmg1.info/wp-content/plugins/pe_estro_slider/resources/pe.kenburns/jquery.pixelentity.kenburnsSlider.min.js?ver=1.0

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/plugins/pe_estro_slider/resources/pe.kenburns/jquery.pixelentity.kenburnsSlider.min.js?ver=1.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:39 GMT
Content-Type: text/html
Content-Length: 122
Connection: keep-alive
GET

http://vmg1.info/wp-content/plugins/pe_estro_slider/resources/img/blank.png

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/plugins/pe_estro_slider/resources/img/blank.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive
GET

http://vmg1.info/wp-content/themes/onyx/js/jquery.imgr.min.js?ver=1.1

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/themes/onyx/js/jquery.imgr.min.js?ver=1.1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:40 GMT
Content-Type: text/html
Content-Length: 122
Connection: keep-alive
GET

http://vmg1.info/wp-content/themes/onyx/thumb.php?src=http://vmg1.info/wp-content/uploads/2011/09/fakelogo.png&w=490&h=65&zc=0

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/themes/onyx/thumb.php?src=http://vmg1.info/wp-content/uploads/2011/09/fakelogo.png&w=490&h=65&zc=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:41 GMT
Content-Type: text/html
Content-Length: 191
Connection: keep-alive
GET

http://vmg1.info/wp-content/themes/onyx/js/jquery.formalize.js?ver=1.2

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/themes/onyx/js/jquery.formalize.js?ver=1.2 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:39 GMT
Content-Type: text/html
Content-Length: 122
Connection: keep-alive
GET

http://vmg1.info/wp-content/themes/onyx/css/grid.css

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/themes/onyx/css/grid.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:39 GMT
Content-Type: text/html
Content-Length: 114
Connection: keep-alive
GET

http://vmg1.info/wp-content/themes/onyx/css/prettyphoto.css

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/themes/onyx/css/prettyphoto.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:39 GMT
Content-Type: text/html
Content-Length: 114
Connection: keep-alive
GET

http://vmg1.info/wp-content/themes/onyx/js/slides.min.jquery.js

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/themes/onyx/js/slides.min.jquery.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:39 GMT
Content-Type: text/html
Content-Length: 114
Connection: keep-alive
GET

http://vmg1.info/wp-content/uploads/2011/08/Twitter.png

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/uploads/2011/08/Twitter.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:39 GMT
Content-Type: text/html
Content-Length: 114
Connection: keep-alive
GET

http://vmg1.info/wp-content/themes/onyx/js/jquery.smooth-scroll.min.js?ver=1.4

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/themes/onyx/js/jquery.smooth-scroll.min.js?ver=1.4 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:39 GMT
Content-Type: text/html
Content-Length: 122
Connection: keep-alive
GET

http://vmg1.info/wp-content/themes/onyx/css/master.css

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/themes/onyx/css/master.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:39 GMT
Content-Type: text/html
Content-Length: 114
Connection: keep-alive
GET

http://vmg1.info/wp-content/themes/onyx/style5.css

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/themes/onyx/style5.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:39 GMT
Content-Type: text/html
Content-Length: 114
Connection: keep-alive
GET

http://vmg1.info/wp-includes/js/comment-reply.min.js?ver=6867

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-includes/js/comment-reply.min.js?ver=6867 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:39 GMT
Content-Type: text/html
Content-Length: 123
Connection: keep-alive
GET

http://vmg1.info/wp-content/uploads/2011/08/facebook.png

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/uploads/2011/08/facebook.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:39 GMT
Content-Type: text/html
Content-Length: 114
Connection: keep-alive
GET

http://www.ghanatoghana.com/wp-content/uploads/2012/06/Accra-Mall-Ghana.jpg

IEXPLORE.EXE

Remote address:

192.64.80.67:80

Request

GET /wp-content/uploads/2012/06/Accra-Mall-Ghana.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.ghanatoghana.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 15 Jun 2024 23:46:39 GMT
Content-Length: 1505
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Cache-Control: no-store, max-age=0
Server: imunify360-webshield/1.21
DNS

IEXPLORE.EXE

Remote address:

3.130.253.23:80

Response

HTTP/1.1 408 Request Time-out

Content-length: 110
Cache-Control: no-cache
Connection: close
Content-Type: text/html
GET

http://omgghana.com/wp-content/uploads/2012/02/515158.jpg

IEXPLORE.EXE

Remote address:

3.130.253.23:80

Request

GET /wp-content/uploads/2012/02/515158.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: omgghana.com
Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found

cache-control: no-cache
content-type: text/html
x-reason: MediaRequest
GET

https://img.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg

IEXPLORE.EXE

Remote address:

104.20.45.9:443

Request

GET /images/content3/240x_mg_d82dlp1jam_50055069.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.modernghana.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 15 Jun 2024 23:46:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=31536000
Location: http://cdn.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
CF-Cache-Status: MISS
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 894670dbdde36365-LHR
alt-svc: h3=":443"; ma=86400
GET

http://www.capitalfm.co.ke/news/files/2012/02/TAKORADI-GHANA.jpg

IEXPLORE.EXE

Remote address:

141.193.213.11:80

Request

GET /news/files/2012/02/TAKORADI-GHANA.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.capitalfm.co.ke
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 15 Jun 2024 23:46:39 GMT
Content-Type: image/jpeg
Content-Length: 24328
Connection: keep-alive
Last-Modified: Thu, 25 Mar 2021 07:59:46 GMT
ETag: "109cc66f55c86834a0b9cae62cd391a7"
x-amz-server-side-encryption: AES256
Expires: Mon, 15 Jul 2024 23:46:39 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 894670d5efc69478-LHR
alt-svc: h3=":443"; ma=86400
DNS

apps.identrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

23.63.101.171

a1952.dscq.akamai.net

IN A

23.63.101.153
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

IEXPLORE.EXE

Remote address:

23.63.101.171:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Sun, 16 Jun 2024 00:46:39 GMT
Date: Sat, 15 Jun 2024 23:46:39 GMT
Connection: keep-alive
GET

http://vmg1.info/wp-content/plugins/pe_estro_slider/resources/img/blank.png

IEXPLORE.EXE

Remote address:

3.33.130.190:80

Request

GET /wp-content/plugins/pe_estro_slider/resources/img/blank.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vmg1.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 15 Jun 2024 23:46:47 GMT
Content-Type: text/html
Content-Length: 114
Connection: keep-alive
DNS

cdn.modernghana.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdn.modernghana.com

IN A

Response

cdn.modernghana.com

IN A

104.20.44.9

cdn.modernghana.com

IN A

104.20.45.9
GET

http://cdn.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg

IEXPLORE.EXE

Remote address:

104.20.44.9:80

Request

GET /images/content3/240x_mg_d82dlp1jam_50055069.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdn.modernghana.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 15 Jun 2024 23:46:40 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 16 Jun 2024 00:46:40 GMT
Location: https://cdn.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 894670dcbb8063cf-LHR
alt-svc: h3=":443"; ma=86400
GET

https://cdn.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg

IEXPLORE.EXE

Remote address:

104.20.44.9:443

Request

GET /images/content3/240x_mg_d82dlp1jam_50055069.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdn.modernghana.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sat, 15 Jun 2024 23:46:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=31536000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
CF-Cache-Status: MISS
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 894670de9bd977ab-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

kitnes.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

kitnes.net

IN A

Response

142.250.200.10:80

http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=6867

http

IEXPLORE.EXE

1.2kB
35.5kB
19
29

HTTP Request

GET http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=6867

HTTP Response

200
3.33.130.190:80

http://vmg1.info/wp-admin/admin-ajax.php?action=wordfence_logHuman&hid=A34DCDC237A4C3F2637ADD03B5B1CB35

http

IEXPLORE.EXE

973 B
1.2kB
7
8

HTTP Request

GET http://vmg1.info/wp-content/plugins/pe_estro_slider/resources/pe.kenburns/themes/allskins.min.css?ver=1.0

HTTP Response

200

HTTP Request

GET http://vmg1.info/wp-admin/admin-ajax.php?action=wordfence_logHuman&hid=A34DCDC237A4C3F2637ADD03B5B1CB35

HTTP Response

200
142.250.180.1:80

http://3.bp.blogspot.com/-PRigyjnz6z8/UEUW71mnNnI/AAAAAAAABYM/rrZqFvVpTD4/s1600/Ghana.jpg

http

IEXPLORE.EXE

1.3kB
40.0kB
22
33

HTTP Request

GET http://3.bp.blogspot.com/-PRigyjnz6z8/UEUW71mnNnI/AAAAAAAABYM/rrZqFvVpTD4/s1600/Ghana.jpg

HTTP Response

200
142.250.178.22:80

http://i.ytimg.com/vi/7Uv4gomFNYw/0.jpg

http

IEXPLORE.EXE

555 B
1.6kB
6
5

HTTP Request

GET http://i.ytimg.com/vi/7Uv4gomFNYw/0.jpg

HTTP Response

404
142.250.180.1:80

3.bp.blogspot.com

IEXPLORE.EXE

190 B
92 B
4
2
142.250.178.22:80

i.ytimg.com

IEXPLORE.EXE

190 B
92 B
4
2
104.20.45.9:80

img.modernghana.com

IEXPLORE.EXE

466 B
92 B
10
2
104.20.45.9:80

http://img.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg

http

IEXPLORE.EXE

590 B
739 B
6
4

HTTP Request

GET http://img.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg

HTTP Response

301
142.250.200.10:80

ajax.googleapis.com

IEXPLORE.EXE

190 B
92 B
4
2
3.33.130.190:80

http://vmg1.info/wp-content/uploads/2011/08/LinkedIn.png

http

IEXPLORE.EXE

1.9kB
2.1kB
11
14

HTTP Request

GET http://vmg1.info/wp-content/themes/onyx/css/reset.css

HTTP Response

200

HTTP Request

GET http://vmg1.info/wp-content/themes/onyx/css/dropdown.css

HTTP Response

200

HTTP Request

GET http://vmg1.info/wp-content/themes/onyx/js/custom.js?ver=1.0

HTTP Response

200

HTTP Request

GET http://vmg1.info/wp-content/themes/onyx/js/prettyPhoto.js

HTTP Response

200

HTTP Request

GET http://vmg1.info/wp-content/uploads/2011/08/LinkedIn.png

HTTP Response

200
3.33.130.190:80

http://vmg1.info/wp-content/plugins/pe_estro_slider/resources/img/blank.png

http

IEXPLORE.EXE

1.6kB
1.2kB
8
10

HTTP Request

GET http://vmg1.info/wp-content/themes/onyx/js/superfish.js?ver=1.0

HTTP Response

200

HTTP Request

GET http://vmg1.info/wp-content/plugins/mappress-google-maps-for-wordpress/css/mappress.css?ver=2.39.2

HTTP Response

200

HTTP Request

GET http://vmg1.info/wp-content/plugins/pe_estro_slider/resources/pe.kenburns/jquery.pixelentity.kenburnsSlider.min.js?ver=1.0

HTTP Response

200

HTTP Request

GET http://vmg1.info/wp-content/plugins/pe_estro_slider/resources/img/blank.png
3.33.130.190:80

http://vmg1.info/wp-content/themes/onyx/thumb.php?src=http://vmg1.info/wp-content/uploads/2011/09/fakelogo.png&w=490&h=65&zc=0

http

IEXPLORE.EXE

1.1kB
1.6kB
9
9

HTTP Request

GET http://vmg1.info/wp-content/themes/onyx/js/jquery.imgr.min.js?ver=1.1

HTTP Response

200

HTTP Request

GET http://vmg1.info/wp-content/themes/onyx/thumb.php?src=http://vmg1.info/wp-content/uploads/2011/09/fakelogo.png&w=490&h=65&zc=0

HTTP Response

200
3.33.130.190:80

http://vmg1.info/wp-content/uploads/2011/08/Twitter.png

http

IEXPLORE.EXE

1.9kB
2.1kB
11
14

HTTP Request

GET http://vmg1.info/wp-content/themes/onyx/js/jquery.formalize.js?ver=1.2

HTTP Response

200

HTTP Request

GET http://vmg1.info/wp-content/themes/onyx/css/grid.css

HTTP Response

200

HTTP Request

GET http://vmg1.info/wp-content/themes/onyx/css/prettyphoto.css

HTTP Response

200

HTTP Request

GET http://vmg1.info/wp-content/themes/onyx/js/slides.min.jquery.js

HTTP Response

200

HTTP Request

GET http://vmg1.info/wp-content/uploads/2011/08/Twitter.png

HTTP Response

200
3.33.130.190:80

http://vmg1.info/wp-content/uploads/2011/08/facebook.png

http

IEXPLORE.EXE

1.9kB
2.1kB
11
14

HTTP Request

GET http://vmg1.info/wp-content/themes/onyx/js/jquery.smooth-scroll.min.js?ver=1.4

HTTP Response

200

HTTP Request

GET http://vmg1.info/wp-content/themes/onyx/css/master.css

HTTP Response

200

HTTP Request

GET http://vmg1.info/wp-content/themes/onyx/style5.css

HTTP Response

200

HTTP Request

GET http://vmg1.info/wp-includes/js/comment-reply.min.js?ver=6867

HTTP Response

200

HTTP Request

GET http://vmg1.info/wp-content/uploads/2011/08/facebook.png

HTTP Response

200
192.64.80.67:80

http://www.ghanatoghana.com/wp-content/uploads/2012/06/Accra-Mall-Ghana.jpg

http

IEXPLORE.EXE

591 B
2.0kB
6
6

HTTP Request

GET http://www.ghanatoghana.com/wp-content/uploads/2012/06/Accra-Mall-Ghana.jpg

HTTP Response

200
192.64.80.67:80

www.ghanatoghana.com

IEXPLORE.EXE

190 B
132 B
4
3
3.130.253.23:80

omgghana.com

http

IEXPLORE.EXE

236 B
365 B
5
3

HTTP Response

408
3.130.253.23:80

http://omgghana.com/wp-content/uploads/2012/02/515158.jpg

http

IEXPLORE.EXE

527 B
349 B
5
4

HTTP Request

GET http://omgghana.com/wp-content/uploads/2012/02/515158.jpg

HTTP Response

404
104.20.45.9:443

https://img.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg

tls, http

IEXPLORE.EXE

1.1kB
5.3kB
10
9

HTTP Request

GET https://img.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg

HTTP Response

301
141.193.213.11:80

http://www.capitalfm.co.ke/news/files/2012/02/TAKORADI-GHANA.jpg

http

IEXPLORE.EXE

994 B
25.7kB
15
22

HTTP Request

GET http://www.capitalfm.co.ke/news/files/2012/02/TAKORADI-GHANA.jpg

HTTP Response

200
141.193.213.11:80

www.capitalfm.co.ke

IEXPLORE.EXE

466 B
92 B
10
2
23.63.101.171:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

IEXPLORE.EXE

369 B
1.6kB
5
4

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
3.33.130.190:80

http://vmg1.info/wp-content/plugins/pe_estro_slider/resources/img/blank.png

http

IEXPLORE.EXE

643 B
770 B
7
6

HTTP Request

GET http://vmg1.info/wp-content/plugins/pe_estro_slider/resources/img/blank.png

HTTP Response

200
104.20.44.9:80

http://cdn.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg

http

IEXPLORE.EXE

550 B
1.3kB
5
5

HTTP Request

GET http://cdn.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg

HTTP Response

301
104.20.44.9:80

cdn.modernghana.com

IEXPLORE.EXE

466 B
92 B
10
2
104.20.44.9:443

https://cdn.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg

tls, http

IEXPLORE.EXE

1.0kB
5.7kB
9
10

HTTP Request

GET https://cdn.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg

HTTP Response

404
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

753 B
7.7kB
9
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

753 B
7.7kB
9
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

785 B
7.7kB
9
13

8.8.8.8:53

vmg1.info

dns

IEXPLORE.EXE

55 B
87 B
1
1

DNS Request

vmg1.info

DNS Response

3.33.130.190

15.197.148.33
8.8.8.8:53

ajax.googleapis.com

dns

IEXPLORE.EXE

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

142.250.200.10
8.8.8.8:53

www.capitalfm.co.ke

dns

IEXPLORE.EXE

65 B
133 B
1
1

DNS Request

www.capitalfm.co.ke

DNS Response

141.193.213.11

141.193.213.10
8.8.8.8:53

ghanasuperstar.com

dns

IEXPLORE.EXE

64 B
137 B
1
1

DNS Request

ghanasuperstar.com
8.8.8.8:53

3.bp.blogspot.com

dns

IEXPLORE.EXE

63 B
124 B
1
1

DNS Request

3.bp.blogspot.com

DNS Response

142.250.180.1
8.8.8.8:53

www.ghanatoghana.com

dns

IEXPLORE.EXE

66 B
96 B
1
1

DNS Request

www.ghanatoghana.com

DNS Response

192.64.80.67
8.8.8.8:53

img.modernghana.com

dns

IEXPLORE.EXE

65 B
97 B
1
1

DNS Request

img.modernghana.com

DNS Response

104.20.45.9

104.20.44.9
8.8.8.8:53

omgghana.com

dns

IEXPLORE.EXE

58 B
188 B
1
1

DNS Request

omgghana.com

DNS Response

3.130.253.23

3.130.204.160
8.8.8.8:53

kitnes.net

dns

IEXPLORE.EXE

56 B
56 B
1
1

DNS Request

kitnes.net
8.8.8.8:53

www.africasoccernet.com

dns

IEXPLORE.EXE

69 B
159 B
1
1

DNS Request

www.africasoccernet.com
8.8.8.8:53

i.ytimg.com

dns

IEXPLORE.EXE

57 B
249 B
1
1

DNS Request

i.ytimg.com

DNS Response

142.250.178.22

142.250.187.246

216.58.201.118

142.250.180.22

142.250.200.54

142.250.179.246

172.217.16.246

142.250.187.214

172.217.169.54

142.250.200.22

216.58.212.246

216.58.204.86
8.8.8.8:53

apps.identrust.com

dns

IEXPLORE.EXE

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

23.63.101.171

23.63.101.153
8.8.8.8:53

cdn.modernghana.com

dns

IEXPLORE.EXE

65 B
97 B
1
1

DNS Request

cdn.modernghana.com

DNS Response

104.20.44.9

104.20.45.9
8.8.8.8:53

kitnes.net

dns

IEXPLORE.EXE

56 B
56 B
1
1

DNS Request

kitnes.net

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09852f7adf7d9f27a344c099c2838fef

SHA1
d5c59176a6fafb627bde0feed69548199e6317fd

SHA256
c7e1b73961cbf7f1f8b414139825c11f400425fdbd927f1fb551107ee80c048b

SHA512
10769a74e7e7047dee311fd20ca61480b2054b9bfc18dfcd1e9a5ffd8125d5680047d231dca8a70e51ebbda5a7c1269eb341d4c96440132c6b4f7dab0e7ef91d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f302b4df2472ff106aff48bdcfdc80e

SHA1
94fc59855276bd61d6403f522e47d9f2c3bb3129

SHA256
0676c1a9d3bcd21a554bf90e40171ae1594fb615a48f9de9356fe1764a0efa25

SHA512
c6ed73fbac17ebe9941243d5497a382b28e8fef2d174061be36d5184d507bb20fe0eafc81ec0e1cf577bc03cfc95a8f91ead5dfc7ebd05ae6479535b8f6ecd13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2b7b4328f7cd29de54135dbccf3ac9e

SHA1
adf47f9b18f032a27420d58ba703a135c8be09ee

SHA256
67ff113c3a72b7989ef53ed964ff64d1e041acc30a6c5f9b2f1227ec3617c1c8

SHA512
a7f2a8230b438074b16d8aba5a4d27309febaeebe84391dfe6596255a308b4525a11edadfb75a9993209596270f8a446985e660d9ed4b14b09b0827827e90848

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85c375e7df2b39260cc28a28940fdab3

SHA1
be31127c00e2d437bb5b47aeffcfb044cc6d6e27

SHA256
b2c5489995c60477cea7f93f0e016cedab1035af78da4ff198f15c356b6e8954

SHA512
70b0f091be05e0afe04fb48dcf9a0484c7b3cbd7051096114dff960ca8c069b069d735c1412af2aefd8d22c4e9949103fdbc0d806c4c726d5ee3e23926b3414c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3349e982809f2836e4376c4892f2998

SHA1
4611a8ee19014bb4c4657a9c05589c6dc0dbb0ae

SHA256
3b1df4e04a3b586ed4cc63767ba2efc1c9ba6f20adcfc66829f67608e2393a9d

SHA512
d79d5c883c9e4dfe3c9abd739e0780ccf07848ee15dfc78ec7408e14ed998cd79826254001b94cb35be6a87b471b78e7475d3df98d5199edf16125067a4637db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
efa0a38b62350b85e6deb9ad1c40b391

SHA1
84abb0d8c20b7d2f28443c407004b1a48c0edd5d

SHA256
1ecbb2529506b6643096fc42c311b42a21506ca950f87c5415d03323d4f436a2

SHA512
fc05ec04ff80647ea7da92e7aa24da1b4e4c963a1b900316466101cfd833a458882338f8d7aed81b97778693d4896ad844c2e9feccc654ca3c82b15427acd8bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef1db1eaf4ce5d88666097fc7d1e496c

SHA1
b5481ec0a9de0e9783b39e76204fdc34ab42796e

SHA256
5959077eb7d8c144d9a94d26a5ba3341da9d049763bd54b40c4647dce1d18a78

SHA512
3b428a96e7a8c4fc23c2b73eef2d89a80ee83aa0c295e591fa82d2c8405f176cdd49a9ad2e8e6156e0d81edcb71402946865154a54c0bd3b209e4872c9499d95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1ec5c14579fbfefcc207c87f3e71b19

SHA1
1825afe49d82c052cc182a3652ccdb658b40a67d

SHA256
5c986b41d1336bb6bc525cf90ebee38d028e637d72c08707d6a595affc5af839

SHA512
eb80e437ab45b7b179087e3048ce760a85be5ea44ee58832d50cb1b13b5727ff1f98556e0c8df59608b2bb812a174a722f94d761c6b8d5522cf80eeb237450e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe3d5a7a70a4e7e5da9a82bc5427d67c

SHA1
a0c6e5ba5e41b91f35b0861b855760de3b42554a

SHA256
864064035e4c13d974d00431aab3dbbe1947697992cd282879cd3451caaa5e2f

SHA512
0b137b20212ee9865802af6415437358e044dbbf2099b8dcbe5290f418d47d00109413a52e98a7c419712e7c8f64f77cdc9c425fdc9a8dedc969c03058e67d7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fba98999bb6e30461ff2a34ff4990d12

SHA1
7166a88065398ecb517a36b00c24667fb6cc0aed

SHA256
4b1f59e150f850f02ebaaa8e1f4efe3687c0094846d11f517db7dd96665ad8ed

SHA512
e2699b85013cf7b94a045401b390a58ca6047471333dfeb1273e19f289960091658cc4e1c716dcbaecdbe17c6d29f9e96c6de704f452c7b9de6e02a4a58743d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
216a4b24f4ebef231dd817e89dbf5402

SHA1
3224c725b08e49cf1bd2ff23607f836eb0609c3f

SHA256
6a40fd44f7158e4c87aeb64b7d272099a6ff15f23e64b1657e452bd3eb23ad32

SHA512
7ed32d03e563f05a0b2326f026bb085808d8438c06b6764a6723580bcbd32e3cf1ccbebc160f13f45321844d336dac4ed191b29015e6326104eb9111041e02f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee36aeedf6dc970a8ac804a6b21aad8f

SHA1
24f551951e97b6ce0c48fa0273fea509d5a2b7ca

SHA256
60f64b3ebf2bb19828f130903cce56725dab745b7af39426b735d778b328f15a

SHA512
9d19966aa1de33a63f8bc056c5d824bb738e51ba3626980af1fd0f498c3e05ef6c5a781b34e0343e8be8a1444684b1363364785a52cf37428f19beef5049e41e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2da5d644938ac784c7a538016227c2a0

SHA1
51965a23b1ff56e305bdbcc06d6b0852480ea1db

SHA256
282638a94404009ef1595123b4242bd1e31fa9c05ccabd098cf853b705135ae6

SHA512
485a6e83fe792cfb187dfd19db4be671c6e49154e09836f1eb5ae1a6662b28c382c2bfbb02aec691fabe4cbe6099dabf14cad174c5ec2b354f0f995e80803e48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1845c96586006e035df0ae5386d1c8b0

SHA1
0bef50a2e5363958db696c6b66fca8995ab1feb8

SHA256
977a296d0e26625c617aff572c404d4610366d549e449e1e54bf112ce9e20bae

SHA512
731e46a5720e639098c034582d1d83bc632a0d4211fc65ee4d34f355289d9f1fd3c9ea66299687c171444a01f09f9dfc9fc2f155e554beeb27f40c602b70a5ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e81d62f45746a30ece2ba97ef49fd3d4

SHA1
c29a141a38a229b09e599566db7ff9ca6b49e7af

SHA256
78397d6823e4a8cd5c360e459d0457f32969586f600b9a8bdf9df0b02c746e58

SHA512
adf0505cb434dd2ccf2fabbc2732d0dfa048229b05444b7164b13a6542b9e4c538411bbb10c7672a7788372e2eae440104f2e05ef6946b66f4acbc919db14e66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ee019ec2a5d1d7210751708f12cdb0c

SHA1
36854a194480123c4a3072c70568b67e045e98ab

SHA256
60656c3b4f38beacad8d99007053173a6824f9179350742b8c4bf9b5b2870029

SHA512
58a6f0ca5a54d651903f9404fcb17c6956a194ea70b49beea779de6430f7765c00cfc312b43248d34ac3088daf0eabbb3fbc9c7068a1074c60e3984622c065bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
874568f8dd5315d99bf2b4305a8f3e0f

SHA1
44c5e9496b555bbe35ed194ab8717af1ee233ce1

SHA256
d58abcab3939ec4f40b4206e0f916b7bab40f05c3aea11fa816bfbe1156a50ef

SHA512
cb3bba238d1a524c8f211ab3a62c6c71f24b0cb031c0d46910251982a19f5afcfe942e6e94f5102327a41dd4e2a53896f3a6bf8fa9c88407522f5e1313e1457e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf56ed6f5bead74e76ab07d5268faa4a

SHA1
417a36f442c34943af4f6ffe1bc9ca29510e55ee

SHA256
2854ec0500ba18525a9d531049867372b55aa9146e2e8e1d300fb97b8ff32c63

SHA512
56a8fedef87763c97e73525e160b181276bd5be4d19e4731dafa1e53df5c075ca61e83bf6f1e5e942ba5917c83ba51c32e0e679389b059df3a3e704d0351ca98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
badcff8c5f1d082af2132e910991967e

SHA1
97073f63da0b4f89778c3b438d63b024a458e59a

SHA256
d63a5c29ce9090425ef966140444d2bcef737e2e2a815e6ed1e5cf514fd0c288

SHA512
766503f214632fc8309755cf2c29b4d8b7279c0b4d00483a3661a7bb3711d5c891e78263518dc1b900314850644da2f33ebded6ec0155e46e8156e282181087c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\allskins.min[1].htm

Filesize
122B

MD5
00d64a82ba2d055e5facd3a30efac924

SHA1
308e275068e3bec5effca608fe9df2008c979650

SHA256
aaa3feed097fda6687c7c27860c24980f3ff105b6f326d10c98854145e9afa6b

SHA512
1151e227086964ec19c11eb388ace411a56a6e1da96409b2bfdb5313fb5df75223add437a653decf3afdfbd2be2cde421c512f9de423ad74f2ebbaf81119d8fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\master[1].htm

Filesize
114B

MD5
e89f75f918dbdcee28604d4e09dd71d7

SHA1
f9d9055e9878723a12063b47d4a1a5f58c3eb1e9

SHA256
6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023

SHA512
8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5A81.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5B3F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request