Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    121s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 16:50 UTC

General

  • Target

    1bc2f099f316129dbfebfcb28114a96e_JaffaCakes118.html

  • Size

    20KB

  • MD5

    1bc2f099f316129dbfebfcb28114a96e

  • SHA1

    d30329a20f3810fa31c92b549fa2a232daf34ad4

  • SHA256

    d6a4b366dc258dd2d48be3ea3abe8dbc965ce1986e2e79bb5330c6c54865c1e3

  • SHA512

    b0cbb64edb53540a2a9b10f7c302aa25b4251adb572f493938b100996c29f2916dc36cb178c93e185994c1d9c7cd541aa4a9f47f791d11037f1d76d9c95eedf6

  • SSDEEP

    384:mcGR0nYW+Ic+1ttUKBSIkE0ShF6lRVJJ3nDql6eIF0zGWLK0:mDA+It1ttUKBSIkE0SD6lf3Dqlyw

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1bc2f099f316129dbfebfcb28114a96e_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1844
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1844 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3040

Network

  • flag-us
    DNS
    www.chip.de
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.chip.de
    IN A
    Response
    www.chip.de
    IN CNAME
    www.chip.de.27643.edgekey.net
    www.chip.de.27643.edgekey.net
    IN CNAME
    e27643.dscf.akamaiedge.net
    e27643.dscf.akamaiedge.net
    IN A
    2.16.56.141
    e27643.dscf.akamaiedge.net
    IN A
    2.16.56.143
  • flag-us
    DNS
    forum.chip.de
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    forum.chip.de
    IN A
    Response
    forum.chip.de
    IN CNAME
    chip.vanillacommunities.com
    chip.vanillacommunities.com
    IN CNAME
    site-6030169.onvanilla.net
    site-6030169.onvanilla.net
    IN A
    162.159.128.79
    site-6030169.onvanilla.net
    IN A
    162.159.138.78
  • flag-se
    GET
    http://www.chip.de/css/_merged/forum.css?v=40039
    IEXPLORE.EXE
    Remote address:
    2.16.56.141:80
    Request
    GET /css/_merged/forum.css?v=40039 HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Server: AkamaiGHost
    Content-Length: 0
    Location: https://www.chip.de/css/_merged/forum.css?v=40039
    Date: Mon, 01 Jul 2024 16:51:05 GMT
    Connection: keep-alive
    Permissions-Policy: ch-ua-model=*,ch-ua-platform-version=*
    Accept-CH: sec-ch-ua-model,sec-ch-ua-platform-version
    Access-Control-Allow-Methods: GET
    Access-Control-Allow-Origin: *
  • flag-se
    GET
    http://www.chip.de/js/omniture_somtr_code_vH.20.3.js?version=H.20.3.20100723
    IEXPLORE.EXE
    Remote address:
    2.16.56.141:80
    Request
    GET /js/omniture_somtr_code_vH.20.3.js?version=H.20.3.20100723 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Server: AkamaiGHost
    Content-Length: 0
    Location: https://www.chip.de/js/omniture_somtr_code_vH.20.3.js?version=H.20.3.20100723
    Date: Mon, 01 Jul 2024 16:51:05 GMT
    Connection: keep-alive
    Permissions-Policy: ch-ua-model=*,ch-ua-platform-version=*
    Accept-CH: sec-ch-ua-model,sec-ch-ua-platform-version
    Access-Control-Allow-Methods: GET
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    http://forum.chip.de/clientscript/vbulletin_important.css?v=383
    IEXPLORE.EXE
    Remote address:
    162.159.128.79:80
    Request
    GET /clientscript/vbulletin_important.css?v=383 HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: forum.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 01 Jul 2024 16:51:05 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Mon, 01 Jul 2024 17:51:05 GMT
    Location: https://forum.chip.de/clientscript/vbulletin_important.css?v=383
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 89c7e618fcf3940b-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    http://forum.chip.de/clientscript/ncode_imageresizer.js
    IEXPLORE.EXE
    Remote address:
    162.159.128.79:80
    Request
    GET /clientscript/ncode_imageresizer.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: forum.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 01 Jul 2024 16:51:05 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Mon, 01 Jul 2024 17:51:05 GMT
    Location: https://forum.chip.de/clientscript/ncode_imageresizer.js
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 89c7e6193d4f940b-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    http://forum.chip.de/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=383
    IEXPLORE.EXE
    Remote address:
    162.159.128.79:80
    Request
    GET /clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=383 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: forum.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 01 Jul 2024 16:51:05 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Mon, 01 Jul 2024 17:51:05 GMT
    Location: https://forum.chip.de/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=383
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 89c7e618fb8b94f9-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    http://forum.chip.de/clientscript/_merged/jQuery.js?t=42779
    IEXPLORE.EXE
    Remote address:
    162.159.128.79:80
    Request
    GET /clientscript/_merged/jQuery.js?t=42779 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: forum.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 01 Jul 2024 16:51:05 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Mon, 01 Jul 2024 17:51:05 GMT
    Location: https://forum.chip.de/clientscript/_merged/jQuery.js?t=42779
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 89c7e6193bd794f9-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    http://forum.chip.de/clientscript/yui/connection/connection-min.js?v=383
    IEXPLORE.EXE
    Remote address:
    162.159.128.79:80
    Request
    GET /clientscript/yui/connection/connection-min.js?v=383 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: forum.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 01 Jul 2024 16:51:05 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Mon, 01 Jul 2024 17:51:05 GMT
    Location: https://forum.chip.de/clientscript/yui/connection/connection-min.js?v=383
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 89c7e618fd9d94ba-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    http://forum.chip.de/clientscript/vbulletin_global.js?v=383
    IEXPLORE.EXE
    Remote address:
    162.159.128.79:80
    Request
    GET /clientscript/vbulletin_global.js?v=383 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: forum.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 01 Jul 2024 16:51:05 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Mon, 01 Jul 2024 17:51:05 GMT
    Location: https://forum.chip.de/clientscript/vbulletin_global.js?v=383
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 89c7e618f9366439-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    http://forum.chip.de/clientscript/vbulletin_css/style-aea0c703-00006.css
    IEXPLORE.EXE
    Remote address:
    162.159.128.79:80
    Request
    GET /clientscript/vbulletin_css/style-aea0c703-00006.css HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: forum.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 01 Jul 2024 16:51:05 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Mon, 01 Jul 2024 17:51:05 GMT
    Location: https://forum.chip.de/clientscript/vbulletin_css/style-aea0c703-00006.css
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 89c7e618fcd7d168-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    http://forum.chip.de/clientscript/vbulletin_menu.js?v=38320100630
    IEXPLORE.EXE
    Remote address:
    162.159.128.79:80
    Request
    GET /clientscript/vbulletin_menu.js?v=38320100630 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: forum.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 01 Jul 2024 16:51:05 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Mon, 01 Jul 2024 17:51:05 GMT
    Location: https://forum.chip.de/clientscript/vbulletin_menu.js?v=38320100630
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 89c7e618ffa99478-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    http://forum.chip.de/clientscript/_merged/headfoot_forum.js?t=42781
    IEXPLORE.EXE
    Remote address:
    162.159.128.79:80
    Request
    GET /clientscript/_merged/headfoot_forum.js?t=42781 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: forum.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 01 Jul 2024 16:51:05 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Mon, 01 Jul 2024 17:51:05 GMT
    Location: https://forum.chip.de/clientscript/_merged/headfoot_forum.js?t=42781
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 89c7e6193ff09478-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-se
    GET
    https://www.chip.de/css/_merged/forum.css?v=40039
    IEXPLORE.EXE
    Remote address:
    2.16.56.141:443
    Request
    GET /css/_merged/forum.css?v=40039 HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Content-Type: text/html; charset=UTF-8
    Content-Length: 181389
    Server: nginx
    x-404: true
    X-Amz-Cf-Pop: FRA56-C2
    X-Amz-Cf-Id: v6_BcoCCx8xOjQbB4-oorCt_rUAdxIymQ_nteFIpVomPtYtSntGQjA==
    Expires: Mon, 01 Jul 2024 16:51:06 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Mon, 01 Jul 2024 16:51:06 GMT
    Connection: keep-alive
    Permissions-Policy: ch-ua-model=*,ch-ua-platform-version=*
    Accept-CH: sec-ch-ua-model,sec-ch-ua-platform-version
    Access-Control-Allow-Methods: GET
    Access-Control-Allow-Origin: *
  • flag-se
    GET
    https://www.chip.de/js/omniture_somtr_code_vH.20.3.js?version=H.20.3.20100723
    IEXPLORE.EXE
    Remote address:
    2.16.56.141:443
    Request
    GET /js/omniture_somtr_code_vH.20.3.js?version=H.20.3.20100723 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Content-Type: text/html; charset=UTF-8
    Content-Length: 181389
    Server: nginx
    x-404: true
    X-Amz-Cf-Pop: FRA56-C2
    X-Amz-Cf-Id: Nt-lNVuodtLXT2egT4xCoW78DmHn5FteGn7prsIX632f9oanCSweGw==
    Expires: Mon, 01 Jul 2024 16:51:06 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Mon, 01 Jul 2024 16:51:06 GMT
    Connection: keep-alive
    Permissions-Policy: ch-ua-model=*,ch-ua-platform-version=*
    Accept-CH: sec-ch-ua-model,sec-ch-ua-platform-version
    Access-Control-Allow-Methods: GET
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://forum.chip.de/clientscript/vbulletin_css/style-aea0c703-00006.css
    IEXPLORE.EXE
    Remote address:
    162.159.128.79:443
    Request
    GET /clientscript/vbulletin_css/style-aea0c703-00006.css HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: forum.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 404
    Date: Mon, 01 Jul 2024 16:51:12 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-lookup-mode: normal
    x-app: fc7e72c8a07b2f9c328b3f2c7b32831f5bbef1ef/cl40013
    p3p: CP="CAO PSA OUR"
    x-request-id: 89c7e63f8b768924-YYZ
    x-vanilla-version: 2024.012
    vary: Accept-Encoding, Cookie
    strict-transport-security: max-age=604800
    x-content-type-options: nosniff
    x-permitted-cross-domain-policies: master-only
    x-xss-protection: 0
    content-security-policy: frame-ancestors 'self'
    x-frame-options: SAMEORIGIN
    expires: Mon, 01 Jul 2024 16:53:12 GMT
    x-backend: cl40013
    x-vanilla-cache-control: public, max-age=120
    x-cache-tag: resourceType:static,deviceType:desktop
    cache-control: private, no-cache, max-age=0, must-revalidate
    x-backend-time: 2024-07-01T16:51:12Z
    CF-Cache-Status: BYPASS
    Server: cloudflare
    CF-RAY: 89c7e63f8b768924-LHR
    Content-Encoding: gzip
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://forum.chip.de/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=383
    IEXPLORE.EXE
    Remote address:
    162.159.128.79:443
    Request
    GET /clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=383 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: forum.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 404
    Date: Mon, 01 Jul 2024 16:51:06 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-lookup-mode: normal
    x-app: fc7e72c8a07b2f9c328b3f2c7b32831f5bbef1ef/cl40013
    p3p: CP="CAO PSA OUR"
    x-request-id: 89c7e61db9bd9535-YYZ
    x-vanilla-version: 2024.012
    vary: Accept-Encoding, Cookie
    strict-transport-security: max-age=604800
    x-content-type-options: nosniff
    x-permitted-cross-domain-policies: master-only
    x-xss-protection: 0
    content-security-policy: frame-ancestors 'self'
    x-frame-options: SAMEORIGIN
    expires: Mon, 01 Jul 2024 16:53:06 GMT
    x-backend: cl40013
    x-vanilla-cache-control: public, max-age=120
    x-cache-tag: resourceType:static,deviceType:desktop
    cache-control: private, no-cache, max-age=0, must-revalidate
    x-backend-time: 2024-07-01T16:51:06Z
    CF-Cache-Status: BYPASS
    Server: cloudflare
    CF-RAY: 89c7e61db9bd9535-LHR
    Content-Encoding: gzip
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://forum.chip.de/clientscript/vbulletin_menu.js?v=38320100630
    IEXPLORE.EXE
    Remote address:
    162.159.128.79:443
    Request
    GET /clientscript/vbulletin_menu.js?v=38320100630 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: forum.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 404
    Date: Mon, 01 Jul 2024 16:51:13 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-lookup-mode: normal
    x-app: 013e655b531f99f1902a354611a82f5aa35537d6/cl40013
    p3p: CP="CAO PSA OUR"
    x-request-id: 89c7e6450b4563d5-YYZ
    x-vanilla-version: 2024.012
    vary: Accept-Encoding, Cookie
    strict-transport-security: max-age=604800
    x-content-type-options: nosniff
    x-permitted-cross-domain-policies: master-only
    x-xss-protection: 0
    content-security-policy: frame-ancestors 'self'
    x-frame-options: SAMEORIGIN
    expires: Mon, 01 Jul 2024 16:53:13 GMT
    x-backend: cl40013
    x-vanilla-cache-control: public, max-age=120
    x-cache-tag: resourceType:static,deviceType:desktop
    cache-control: private, no-cache, max-age=0, must-revalidate
    x-backend-time: 2024-07-01T16:51:13Z
    CF-Cache-Status: BYPASS
    Server: cloudflare
    CF-RAY: 89c7e6450b4563d5-LHR
    Content-Encoding: gzip
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://forum.chip.de/clientscript/_merged/headfoot_forum.js?t=42781
    IEXPLORE.EXE
    Remote address:
    162.159.128.79:443
    Request
    GET /clientscript/_merged/headfoot_forum.js?t=42781 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: forum.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 404
    Date: Mon, 01 Jul 2024 16:51:09 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-lookup-mode: normal
    x-app: 013e655b531f99f1902a354611a82f5aa35537d6/cl40013
    p3p: CP="CAO PSA OUR"
    x-request-id: 89c7e6302fa26530-YYZ
    x-vanilla-version: 2024.012
    vary: Accept-Encoding, Cookie
    strict-transport-security: max-age=604800
    x-content-type-options: nosniff
    x-permitted-cross-domain-policies: master-only
    x-xss-protection: 0
    content-security-policy: frame-ancestors 'self'
    x-frame-options: SAMEORIGIN
    expires: Mon, 01 Jul 2024 16:53:09 GMT
    x-backend: cl40013
    x-vanilla-cache-control: public, max-age=120
    x-cache-tag: resourceType:static,deviceType:desktop
    cache-control: private, no-cache, max-age=0, must-revalidate
    x-backend-time: 2024-07-01T16:51:09Z
    CF-Cache-Status: BYPASS
    Server: cloudflare
    CF-RAY: 89c7e6302fa26530-LHR
    Content-Encoding: gzip
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://forum.chip.de/clientscript/vbulletin_global.js?v=383
    IEXPLORE.EXE
    Remote address:
    162.159.128.79:443
    Request
    GET /clientscript/vbulletin_global.js?v=383 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: forum.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 404
    Date: Mon, 01 Jul 2024 16:51:09 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-lookup-mode: normal
    x-app: d0bef3cfcc364246022b4c19596e145f4c02929e/cl40013
    p3p: CP="CAO PSA OUR"
    x-request-id: 89c7e630388b94bd-YYZ
    x-vanilla-version: 2024.012
    vary: Accept-Encoding, Cookie
    strict-transport-security: max-age=604800
    x-content-type-options: nosniff
    x-permitted-cross-domain-policies: master-only
    x-xss-protection: 0
    content-security-policy: frame-ancestors 'self'
    x-frame-options: SAMEORIGIN
    expires: Mon, 01 Jul 2024 16:53:09 GMT
    x-backend: cl40013
    x-vanilla-cache-control: public, max-age=120
    x-cache-tag: resourceType:static,deviceType:desktop
    cache-control: private, no-cache, max-age=0, must-revalidate
    x-backend-time: 2024-07-01T16:51:09Z
    CF-Cache-Status: BYPASS
    Server: cloudflare
    CF-RAY: 89c7e630388b94bd-LHR
    Content-Encoding: gzip
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://forum.chip.de/clientscript/_merged/jQuery.js?t=42779
    IEXPLORE.EXE
    Remote address:
    162.159.128.79:443
    Request
    GET /clientscript/_merged/jQuery.js?t=42779 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: forum.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 404
    Date: Mon, 01 Jul 2024 16:51:06 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-lookup-mode: normal
    x-app: fc7e72c8a07b2f9c328b3f2c7b32831f5bbef1ef/cl40013
    p3p: CP="CAO PSA OUR"
    x-request-id: 89c7e61edd1a7190-YYZ
    x-vanilla-version: 2024.012
    vary: Accept-Encoding, Cookie
    strict-transport-security: max-age=604800
    x-content-type-options: nosniff
    x-permitted-cross-domain-policies: master-only
    x-xss-protection: 0
    content-security-policy: frame-ancestors 'self'
    x-frame-options: SAMEORIGIN
    expires: Mon, 01 Jul 2024 16:53:06 GMT
    x-backend: cl40013
    x-vanilla-cache-control: public, max-age=120
    x-cache-tag: resourceType:static,deviceType:desktop
    cache-control: private, no-cache, max-age=0, must-revalidate
    x-backend-time: 2024-07-01T16:51:06Z
    CF-Cache-Status: BYPASS
    Server: cloudflare
    CF-RAY: 89c7e61edd1a7190-LHR
    Content-Encoding: gzip
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://forum.chip.de/clientscript/yui/connection/connection-min.js?v=383
    IEXPLORE.EXE
    Remote address:
    162.159.128.79:443
    Request
    GET /clientscript/yui/connection/connection-min.js?v=383 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: forum.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 404
    Date: Mon, 01 Jul 2024 16:51:07 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-lookup-mode: normal
    x-app: f288bcd5e6bd6962d96dca6660a4da4a9f6906ae/cl40013
    p3p: CP="CAO PSA OUR"
    x-request-id: 89c7e61eecc363d9-YYZ
    x-vanilla-version: 2024.012
    vary: Accept-Encoding, Cookie
    strict-transport-security: max-age=604800
    x-content-type-options: nosniff
    x-permitted-cross-domain-policies: master-only
    x-xss-protection: 0
    content-security-policy: frame-ancestors 'self'
    x-frame-options: SAMEORIGIN
    expires: Mon, 01 Jul 2024 16:53:07 GMT
    content-encoding: gzip
    x-backend: cl40013
    x-vanilla-cache-control: public, max-age=120
    x-cache-tag: resourceType:static,deviceType:desktop
    cache-control: private, no-cache, max-age=0, must-revalidate
    x-backend-time: 2024-07-01T16:51:07Z
    CF-Cache-Status: BYPASS
    Server: cloudflare
    CF-RAY: 89c7e61eecc363d9-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://forum.chip.de/clientscript/ncode_imageresizer.js
    IEXPLORE.EXE
    Remote address:
    162.159.128.79:443
    Request
    GET /clientscript/ncode_imageresizer.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: forum.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 404
    Date: Mon, 01 Jul 2024 16:51:07 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-lookup-mode: normal
    x-app: 1d75b3b8823c9fb1dd23d214873236da06a4b39e/cl40013
    p3p: CP="CAO PSA OUR"
    x-request-id: 89c7e6225a6a9497-YYZ
    x-vanilla-version: 2024.012
    vary: Accept-Encoding, Cookie
    strict-transport-security: max-age=604800
    x-content-type-options: nosniff
    x-permitted-cross-domain-policies: master-only
    x-xss-protection: 0
    content-security-policy: frame-ancestors 'self'
    x-frame-options: SAMEORIGIN
    expires: Mon, 01 Jul 2024 16:53:07 GMT
    x-backend: cl40013
    x-vanilla-cache-control: public, max-age=120
    x-cache-tag: resourceType:static,deviceType:desktop
    cache-control: private, no-cache, max-age=0, must-revalidate
    x-backend-time: 2024-07-01T16:51:07Z
    CF-Cache-Status: BYPASS
    Server: cloudflare
    CF-RAY: 89c7e6225a6a9497-LHR
    Content-Encoding: gzip
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    chip.ivwbox.de
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    chip.ivwbox.de
    IN A
    Response
  • flag-us
    DNS
    rl.chip.de
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    rl.chip.de
    IN A
    Response
  • flag-us
    DNS
    r.chip.de
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    r.chip.de
    IN A
    Response
    r.chip.de
    IN CNAME
    r.chip.de.27643.edgekey.net
    r.chip.de.27643.edgekey.net
    IN CNAME
    e27643.dscf.akamaiedge.net
    e27643.dscf.akamaiedge.net
    IN A
    2.16.56.143
    e27643.dscf.akamaiedge.net
    IN A
    2.16.56.141
  • flag-gb
    GET
    http://www.google-analytics.com/ga.js
    IEXPLORE.EXE
    Remote address:
    216.58.213.14:80
    Request
    GET /ga.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.google-analytics.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Content-Encoding: gzip
    Cross-Origin-Resource-Policy: cross-origin
    Server: Golfe2
    Content-Length: 17168
    Date: Mon, 01 Jul 2024 15:30:20 GMT
    Expires: Mon, 01 Jul 2024 17:30:20 GMT
    Cache-Control: public, max-age=7200
    Age: 4859
    Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
    Content-Type: text/javascript
    Vary: Accept-Encoding
  • flag-se
    DNS
    IEXPLORE.EXE
    Remote address:
    2.16.56.143:80
    Response
    HTTP/1.0 408 Request Time-out
    Server: AkamaiGHost
    Mime-Version: 1.0
    Date: Mon, 01 Jul 2024 16:51:55 GMT
    Content-Type: text/html
    Content-Length: 312
    Expires: Mon, 01 Jul 2024 16:51:55 GMT
  • flag-se
    GET
    http://r.chip.de/images/pic.gif?m=c1&nc=0&sep=%2C&tce=1&c=23276087&b=4042906&l=3892&tid=Viren,%20Trojaner,%20W�rmer&tp=9223%2C21453%2C8&tn=28_Viren%2C+Trojaner%2C+W%FCrmer&tpn=Home%2CChip_Forum%2C8_Specials&tc=9223%2C21453%2C8%2CViren%2C+Trojaner%2C+W%FCrmer&con=1&tit=showpost%3A+showpost&url=http%3A%2F%2Fforum.chip.de%2Fshowpost.php%3Fp%3D3642104%26postcount%3D5&json=0&random=0.6481992553996747&r=&sz=1280x720x24&cs=1
    IEXPLORE.EXE
    Remote address:
    2.16.56.143:80
    Request
    GET /images/pic.gif?m=c1&nc=0&sep=%2C&tce=1&c=23276087&b=4042906&l=3892&tid=Viren,%20Trojaner,%20W�rmer&tp=9223%2C21453%2C8&tn=28_Viren%2C+Trojaner%2C+W%FCrmer&tpn=Home%2CChip_Forum%2C8_Specials&tc=9223%2C21453%2C8%2CViren%2C+Trojaner%2C+W%FCrmer&con=1&tit=showpost%3A+showpost&url=http%3A%2F%2Fforum.chip.de%2Fshowpost.php%3Fp%3D3642104%26postcount%3D5&json=0&random=0.6481992553996747&r=&sz=1280x720x24&cs=1 HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: r.chip.de
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: text/html
    Content-Length: 4
    Expires: Mon, 01 Jul 2024 16:51:19 GMT
    Cache-Control: max-age=0, no-cache
    Pragma: no-cache
    Date: Mon, 01 Jul 2024 16:51:19 GMT
    Connection: keep-alive
  • flag-us
    DNS
    www.microsoft.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    2.21.189.233
  • flag-us
    DNS
    www.microsoft.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    2.21.189.233
  • 2.16.56.141:80
    http://www.chip.de/css/_merged/forum.css?v=40039
    http
    IEXPLORE.EXE
    631 B
    1.4kB
    8
    6

    HTTP Request

    GET http://www.chip.de/css/_merged/forum.css?v=40039

    HTTP Response

    301
  • 2.16.56.141:80
    http://www.chip.de/js/omniture_somtr_code_vH.20.3.js?version=H.20.3.20100723
    http
    IEXPLORE.EXE
    627 B
    1.0kB
    7
    5

    HTTP Request

    GET http://www.chip.de/js/omniture_somtr_code_vH.20.3.js?version=H.20.3.20100723

    HTTP Response

    301
  • 162.159.128.79:80
    http://forum.chip.de/clientscript/ncode_imageresizer.js
    http
    IEXPLORE.EXE
    814 B
    1.3kB
    6
    5

    HTTP Request

    GET http://forum.chip.de/clientscript/vbulletin_important.css?v=383

    HTTP Response

    301

    HTTP Request

    GET http://forum.chip.de/clientscript/ncode_imageresizer.js

    HTTP Response

    301
  • 162.159.128.79:80
    http://forum.chip.de/clientscript/_merged/jQuery.js?t=42779
    http
    IEXPLORE.EXE
    951 B
    1.9kB
    8
    6

    HTTP Request

    GET http://forum.chip.de/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=383

    HTTP Response

    301

    HTTP Request

    GET http://forum.chip.de/clientscript/_merged/jQuery.js?t=42779

    HTTP Response

    301
  • 162.159.128.79:80
    http://forum.chip.de/clientscript/yui/connection/connection-min.js?v=383
    http
    IEXPLORE.EXE
    617 B
    817 B
    7
    6

    HTTP Request

    GET http://forum.chip.de/clientscript/yui/connection/connection-min.js?v=383

    HTTP Response

    301
  • 162.159.128.79:80
    http://forum.chip.de/clientscript/vbulletin_global.js?v=383
    http
    IEXPLORE.EXE
    604 B
    804 B
    7
    6

    HTTP Request

    GET http://forum.chip.de/clientscript/vbulletin_global.js?v=383

    HTTP Response

    301
  • 162.159.128.79:80
    http://forum.chip.de/clientscript/vbulletin_css/style-aea0c703-00006.css
    http
    IEXPLORE.EXE
    551 B
    777 B
    6
    5

    HTTP Request

    GET http://forum.chip.de/clientscript/vbulletin_css/style-aea0c703-00006.css

    HTTP Response

    301
  • 162.159.128.79:80
    http://forum.chip.de/clientscript/_merged/headfoot_forum.js?t=42781
    http
    IEXPLORE.EXE
    946 B
    1.9kB
    8
    6

    HTTP Request

    GET http://forum.chip.de/clientscript/vbulletin_menu.js?v=38320100630

    HTTP Response

    301

    HTTP Request

    GET http://forum.chip.de/clientscript/_merged/headfoot_forum.js?t=42781

    HTTP Response

    301
  • 162.159.128.79:443
    forum.chip.de
    tls
    IEXPLORE.EXE
    570 B
    92 B
    4
    2
  • 2.16.56.141:443
    https://www.chip.de/css/_merged/forum.css?v=40039
    tls, http
    IEXPLORE.EXE
    1.7kB
    33.9kB
    25
    30

    HTTP Request

    GET https://www.chip.de/css/_merged/forum.css?v=40039

    HTTP Response

    404
  • 2.16.56.141:443
    https://www.chip.de/js/omniture_somtr_code_vH.20.3.js?version=H.20.3.20100723
    tls, http
    IEXPLORE.EXE
    1.9kB
    34.0kB
    29
    31

    HTTP Request

    GET https://www.chip.de/js/omniture_somtr_code_vH.20.3.js?version=H.20.3.20100723

    HTTP Response

    404
  • 162.159.128.79:443
    https://forum.chip.de/clientscript/vbulletin_css/style-aea0c703-00006.css
    tls, http
    IEXPLORE.EXE
    2.3kB
    38.6kB
    33
    44

    HTTP Request

    GET https://forum.chip.de/clientscript/vbulletin_css/style-aea0c703-00006.css

    HTTP Response

    404
  • 162.159.128.79:443
    https://forum.chip.de/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=383
    tls, http
    IEXPLORE.EXE
    2.5kB
    50.1kB
    40
    49

    HTTP Request

    GET https://forum.chip.de/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=383

    HTTP Response

    404
  • 162.159.128.79:443
    https://forum.chip.de/clientscript/vbulletin_menu.js?v=38320100630
    tls, http
    IEXPLORE.EXE
    3.0kB
    51.7kB
    45
    55

    HTTP Request

    GET https://forum.chip.de/clientscript/vbulletin_menu.js?v=38320100630

    HTTP Response

    404
  • 162.159.128.79:443
    https://forum.chip.de/clientscript/_merged/headfoot_forum.js?t=42781
    tls, http
    IEXPLORE.EXE
    2.6kB
    30.9kB
    36
    41

    HTTP Request

    GET https://forum.chip.de/clientscript/_merged/headfoot_forum.js?t=42781

    HTTP Response

    404
  • 162.159.128.79:443
    https://forum.chip.de/clientscript/vbulletin_global.js?v=383
    tls, http
    IEXPLORE.EXE
    3.8kB
    73.6kB
    68
    73

    HTTP Request

    GET https://forum.chip.de/clientscript/vbulletin_global.js?v=383

    HTTP Response

    404
  • 162.159.128.79:443
    https://forum.chip.de/clientscript/_merged/jQuery.js?t=42779
    tls, http
    IEXPLORE.EXE
    3.6kB
    71.6kB
    65
    71

    HTTP Request

    GET https://forum.chip.de/clientscript/_merged/jQuery.js?t=42779

    HTTP Response

    404
  • 162.159.128.79:443
    https://forum.chip.de/clientscript/yui/connection/connection-min.js?v=383
    tls, http
    IEXPLORE.EXE
    1.5kB
    17.3kB
    19
    22

    HTTP Request

    GET https://forum.chip.de/clientscript/yui/connection/connection-min.js?v=383

    HTTP Response

    404
  • 162.159.128.79:443
    https://forum.chip.de/clientscript/ncode_imageresizer.js
    tls, http
    IEXPLORE.EXE
    3.6kB
    73.3kB
    65
    67

    HTTP Request

    GET https://forum.chip.de/clientscript/ncode_imageresizer.js

    HTTP Response

    404
  • 162.159.128.79:443
    forum.chip.de
    tls
    IEXPLORE.EXE
    518 B
    215 B
    6
    5
  • 162.159.128.79:443
    forum.chip.de
    tls
    IEXPLORE.EXE
    382 B
    262 B
    7
    6
  • 162.159.128.79:443
    forum.chip.de
    IEXPLORE.EXE
    290 B
    88 B
    6
    2
  • 216.58.213.14:80
    http://www.google-analytics.com/ga.js
    http
    IEXPLORE.EXE
    858 B
    18.3kB
    13
    16

    HTTP Request

    GET http://www.google-analytics.com/ga.js

    HTTP Response

    200
  • 216.58.213.14:80
    www.google-analytics.com
    IEXPLORE.EXE
    190 B
    92 B
    4
    2
  • 2.16.56.143:80
    r.chip.de
    http
    IEXPLORE.EXE
    288 B
    692 B
    6
    4

    HTTP Response

    408
  • 2.16.56.143:80
    http://r.chip.de/images/pic.gif?m=c1&nc=0&sep=%2C&tce=1&c=23276087&b=4042906&l=3892&tid=Viren,%20Trojaner,%20W�rmer&tp=9223%2C21453%2C8&tn=28_Viren%2C+Trojaner%2C+W%FCrmer&tpn=Home%2CChip_Forum%2C8_Specials&tc=9223%2C21453%2C8%2CViren%2C+Trojaner%2C+W%FCrmer&con=1&tit=showpost%3A+showpost&url=http%3A%2F%2Fforum.chip.de%2Fshowpost.php%3Fp%3D3642104%26postcount%3D5&json=0&random=0.6481992553996747&r=&sz=1280x720x24&cs=1
    http
    IEXPLORE.EXE
    937 B
    394 B
    6
    4

    HTTP Request

    GET http://r.chip.de/images/pic.gif?m=c1&nc=0&sep=%2C&tce=1&c=23276087&b=4042906&l=3892&tid=Viren,%20Trojaner,%20W�rmer&tp=9223%2C21453%2C8&tn=28_Viren%2C+Trojaner%2C+W%FCrmer&tpn=Home%2CChip_Forum%2C8_Specials&tc=9223%2C21453%2C8%2CViren%2C+Trojaner%2C+W%FCrmer&con=1&tit=showpost%3A+showpost&url=http%3A%2F%2Fforum.chip.de%2Fshowpost.php%3Fp%3D3642104%26postcount%3D5&json=0&random=0.6481992553996747&r=&sz=1280x720x24&cs=1

    HTTP Response

    200
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    753 B
    7.8kB
    9
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    753 B
    7.8kB
    9
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    831 B
    7.8kB
    10
    13
  • 8.8.8.8:53
    www.chip.de
    dns
    IEXPLORE.EXE
    57 B
    169 B
    1
    1

    DNS Request

    www.chip.de

    DNS Response

    2.16.56.141
    2.16.56.143

  • 8.8.8.8:53
    forum.chip.de
    dns
    IEXPLORE.EXE
    59 B
    172 B
    1
    1

    DNS Request

    forum.chip.de

    DNS Response

    162.159.128.79
    162.159.138.78

  • 8.8.8.8:53
    chip.ivwbox.de
    dns
    IEXPLORE.EXE
    60 B
    110 B
    1
    1

    DNS Request

    chip.ivwbox.de

  • 8.8.8.8:53
    rl.chip.de
    dns
    IEXPLORE.EXE
    56 B
    122 B
    1
    1

    DNS Request

    rl.chip.de

  • 8.8.8.8:53
    r.chip.de
    dns
    IEXPLORE.EXE
    55 B
    165 B
    1
    1

    DNS Request

    r.chip.de

    DNS Response

    2.16.56.143
    2.16.56.141

  • 8.8.8.8:53
    www.microsoft.com
    dns
    iexplore.exe
    63 B
    230 B
    1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    2.21.189.233

  • 8.8.8.8:53
    www.microsoft.com
    dns
    iexplore.exe
    63 B
    230 B
    1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    2.21.189.233

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    11e25329194e9c8e21c94f172834eb24

    SHA1

    ef020c06d16fa16abde902a672dc5d64987d20ae

    SHA256

    4d7422ef3969ee461d2013dad3b5ebc3f393f3a6a7041112abb1cdc14d23a41d

    SHA512

    837c26150749bb02b3ce91cb913d9d9c059f0c7e140657a5e37fa5a9e1a2bd8f55da6fad256c05b7d63915e6c79a0c54f173876086f5f701e7464ca251db1c11

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6a9bfacda5e7682438f43086033d1361

    SHA1

    e69d49846bf1898a60d969b0a79cca279b2271f0

    SHA256

    9e1e02fea8d1484b5b177bc733cdfd78d079fa725db31e4489dc757157fcbb6b

    SHA512

    e78a69d1221b7e63f64af90b48800ccbec039ea87fb416388b1f34ae8586d9fd1881c0f4009e44bebb3dc0e845c553c082451ce124d9f6eb90fef35840723bc8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3a1714c0a7d389a6e4e6775fa92a9dab

    SHA1

    3b6b6248968a9a8cc93a17aae0f7ada828e3f313

    SHA256

    5093e4dc71ae8c3a38ee5cc946719f30cc0f91ca1e97c92d48efd93396ab75b4

    SHA512

    e55c8d8159b65d8ebd23f1007886ae2dd2db7c62dfb709a733035df61f7b57cf3dbdf90e63c98f43730a1ae822ebd55eaa5eafa31760df6bc3da51a028b514eb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f530202f4970fd33190cc643641a647a

    SHA1

    fc08ac6324673b7b6579c05079e32f45be2ebc1f

    SHA256

    22ad9b45db5339cc4d2963d3021ace4e41443d2b352702c8c721731c7a41c41c

    SHA512

    ae55cd2564366c53009d994c8101e4bede53bce780ef45eef0ba44f55d6a7d0455754b9c67e060348b578a88f4c5581b819c278a2db54d550ccc3824612729c4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c54613fc61b5781923e6236cacf746e4

    SHA1

    248aab88408fabbcf8d736a0efb4850ceea4ad3d

    SHA256

    26819065a2fa534ea193fc646f01304b115c8414a6a6913ee8d789db6a359605

    SHA512

    1836e0908df29e91714ee21effc0d1f9d41f45cbad94808a9065c3d64e1b9ee80696227f09537bd6d9523762b2941695b75bbb47c7a83777c522d95a2cc17145

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    eabdeaad7b7d4854fa6a149aa6ffd49c

    SHA1

    964a53424ebdedf600691f5cfe61159fd0be38f5

    SHA256

    6295e2d2fc3c3160c4d7c87035927624917de190010f951e658ee14c893dd5a6

    SHA512

    2ab8760cef4318a806cccf021ec3f7f211f2b60e0b5be548441be3b25b5cdff571ec58d8c162096a1363cfc664ff2817c36e4ea8521242ede275c09ed049ce5c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    015d065bffaf84bfbb5c20ede4220428

    SHA1

    9f7d90c9aefd55ff9ef1a141b2a05fc37cd3f2f0

    SHA256

    74ca2c5a0b228f4e72801ad81b73e1388289a8c5f4f40da8ae2408081b1a73f9

    SHA512

    eee08f0a45384776d3c3f79754ee8b981f1af302e4a47d351b9d657a4c8916610177e0106e9624bd7c07c374e7a2bdd93ee438bc7ae452c0d803ee9f6930c754

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    00b1f31a1854d27d1d3bccc933759960

    SHA1

    12b6162d299ef66534fce6888e510713416e5e25

    SHA256

    36bea10d14244e33a8878bcc2b9990f470b0f5342263a5819d1af23d87bd2f97

    SHA512

    32d1e91221c4d26830d1e0fc86eab1bf0916062a7d6a90dc47754fa01c1adebaab23bf4f23218ac153ea375e73377eee2319a1acee911fe4131ecfdf9dcb4760

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9ee95b4dfd3791334589378a694df782

    SHA1

    16bf6e7ae224689c4724e5de23d7092dc16aa8ea

    SHA256

    02cee7bf1d9c84ab15e42606ebaf368805cddceafdd17dc97c492b95462ec54f

    SHA512

    7afaea778f38c4017a99fcc4aa181105a73ebc78f368c735a75fc05184222f33a8f2ef2588cf8490656f401b972e7ce1ed0455211c82d914b4edc308d8ca807e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f7e5110be979c04a980144307b6c63f6

    SHA1

    c5aa0654cae6cfc38712f3c8a787fc9575f7eaa5

    SHA256

    6e30586e519cdb66cad2272f77180450cb7d7d3a87a1740af8dd288360fe8554

    SHA512

    8bdcb80bcdf921ed413b46a80cbd7466c49c1defaf1665bc9d6c10222d96273b5b80d7fdea85c1c2d0047cb5ddaca5cf728db462ea3870f2b0ee540ac2493106

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    00ff07c97ade60cc06173ab2dbbb0662

    SHA1

    5590aa098836584645a9aef0f51c7765bba111cf

    SHA256

    72374f8b51ad2e8333c9aaa3087899ba23ab5dab29653c4bbd0e4470224b23b3

    SHA512

    a7e36214906144eef04843e97d3479fdf398c511d65f5fea6f31dd52d6b5c4c3d8b63b7ffc3398a2af1ff59164639760dc575fb743743da03820890b12afbebf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8861a24df4e2bf8ace48948ff72fd814

    SHA1

    5740d0c08bc9fe9998a4ea6e72067b5de45a0bd0

    SHA256

    bc781a989a664a61118b416a083e1ce31665c2be5ee24f91d365726929690561

    SHA512

    7011e9c943802da12bde8e6c17b59a08a461429fe983ef50341cf950a05464505c2ab049e994a894e7ea1af3900882fcae5ee0278bd36700136bc24a6d88ae4f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    69cbc35cd700f86ae60a00958350dd1c

    SHA1

    536a6facee8f430ed448be6778b136e906af4d42

    SHA256

    01051a52c7c40ca3f986b0c4302a0c27ee8e39d0af3e438642438d0143fd4d2a

    SHA512

    861fb3bd344618eea9af0632d861c97c34faec7197810d13496a5c238cb5afb6da1006d69266fa745e79ebe3550c23e100d2d18b0f1a3a0a14d95f8053b85866

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1e4f544e0b14fcef055ae145bc4dc3f0

    SHA1

    443f3ef150541ffb67924adc98ec9f8d49228d3b

    SHA256

    8746822893cd9da3342885b033622636c5114bf92feecbc9ed3e8440609e61c0

    SHA512

    c6750834a4b0a8509fbe005581d0ed49d9ebff71d218599e6f3d39ab976ae6b2e9cdab2d01db546d2419f25c9202f18281ea9f3948b3a4c4394517d01cfd425d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    78e1f937653f9f7f37ecbc0108e9f261

    SHA1

    b9223c618f5a0d693c5a6a02b9ec45ef9efb1ac7

    SHA256

    b47bb06f152acdaa3d32de231625c0b720ac9ed73d691457bc85dfaff8eaa4b6

    SHA512

    b142731f37ab4c0862a9200a3d1243ffa281f93a137faf0a158269195bdd147a8da4bc592a56f7f84b036da26ca21aed50ee32d2376b558c2061d39d9f24acde

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    353c54f79904cdf82e822e49efc3f353

    SHA1

    6fbd1fd5a907b2564fd9d07e028b595c87460df2

    SHA256

    a5ee5f2e8259700f47de962675a28c28e6b71ffb374784d123ed1afe214ff388

    SHA512

    22c15ad078b8c06cac1b15d6bc37aed34ef1fa0ea5923b522038f093a501879a154d5a67cf78dce80de3e688fb5f05662279f7f2b6c72e5da7f89646c8e25ef2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    aa6cb48617c06d024084acee49af82d0

    SHA1

    54f1fbf6210f12f558625d0992a79ae6fd35eeee

    SHA256

    7d82aefcc9f73323e0d1fab4f7196a08f0d0e11dbbde5c4d84fa0ba027cbe84b

    SHA512

    a5be369c5d60a61db1c7e336c67466935cb1ac6dca3b839159bcdcb13b36235790a30fc37f91781b57c21bbae91273c692bd5e359ea7879a5bf747833748c0fb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    711722d39ad23b2457e6ada7c05eb538

    SHA1

    5d3111a4fe88da4702c4197fab9d3a3dbc812e56

    SHA256

    66a340ab811e6f23aee53675c7c5ae01bfbbb39a47589da14af9148337ebb653

    SHA512

    ed9e23e9af017c6e4eb4a123deea20fc23e5085176e001556735aa63c4d8311a8c5974bf0567dd759dbed0ca0293b5d6bd40a63e3569595dd49e534fdf41e9bd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cfac182a702ac309b0129cb2c8850d44

    SHA1

    a52543eae9ca284fb5d5ce12e69c56c97b86b68b

    SHA256

    1067f85bb406896f1c7ca40292eca1e17b07df68f51cc75704a69505b87daa1a

    SHA512

    cac02def26bf5362b2a1521dd6502efd78154da1f05a7618438772052128fe6aa3e04cd3a2653f64b44bb3658f36c2b94324385ad04b71b675d282262f7afebf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c1f665e382e067e2299038de3eec9a89

    SHA1

    e8f7dc06305f0e7c15036fd8c9d40d4adb29edbe

    SHA256

    266189891f3fd634881d845f2473875006cffb38612ada1505ef3d8fd745862b

    SHA512

    f1e3fb751bd656251a0feae52d51aa0e0aed88da388edfadcfa91f1298c6c3a40378f81a1f06a63ef6dacf13fb5710542717ef55e5b2a421fef159b1978f3f7f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    493c16a8522c4ebf484b1ba4c08d22f4

    SHA1

    4e49e0cce83fe43e0f7a7c76a7665db77aad6999

    SHA256

    5699f73b2a5dd16276ac056b97242ed24af1357f83d2247d3c747cfffd2ec4b8

    SHA512

    8fca58e0b89f601c429b8d330f1b1f5b2030df41a5da83b5c0b7fdad61306b74cf3c1bfc55b75227eaa4bf1f41b3e4b04ba5e7748967292a23d4b3dd98df98ef

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    8b7816b4dcdbf67803fc4dcaaa596a8b

    SHA1

    387fd03c93d95976001c0dc57578fa0a23ec7664

    SHA256

    6b327d8957a3317cb102e6833d39c82701bb4c86d50ceaa7c6aa0a32191f1183

    SHA512

    f56a7c8b5383e95e9ff198a40b04d348e14a492b37db8a8488b105519fc23dfd2fac6681ab83d716c45384edcaa2dc6184c2e30dc185e78337dae80265d1e863

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\headfoot_forum[1].htm

    Filesize

    167B

    MD5

    0104c301c5e02bd6148b8703d19b3a73

    SHA1

    7436e0b4b1f8c222c38069890b75fa2baf9ca620

    SHA256

    446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

    SHA512

    84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

  • C:\Users\Admin\AppData\Local\Temp\Cab2389.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar23AC.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

  • C:\Users\Admin\AppData\Local\Temp\Tar24C1.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.