d6a4b366dc258dd2d48be3ea3abe8dbc965ce1986e2e79bb5330c6c54865c1e3

Analysis

max time kernel
121s
max time network
130s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 16:50 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1bc2f099f316129dbfebfcb28114a96e_JaffaCakes118.html
Size

20KB
MD5

1bc2f099f316129dbfebfcb28114a96e
SHA1

d30329a20f3810fa31c92b549fa2a232daf34ad4
SHA256

d6a4b366dc258dd2d48be3ea3abe8dbc965ce1986e2e79bb5330c6c54865c1e3
SHA512

b0cbb64edb53540a2a9b10f7c302aa25b4251adb572f493938b100996c29f2916dc36cb178c93e185994c1d9c7cd541aa4a9f47f791d11037f1d76d9c95eedf6
SSDEEP

384:mcGR0nYW+Ic+1ttUKBSIkE0ShF6lRVJJ3nDql6eIF0zGWLK0:mDA+It1ttUKBSIkE0SD6lf3Dqlyw

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1A28BE71-37CA-11EF-B04F-52AF0AAB4D51} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0a1b3f9d6cbda01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000008ae1c6e6173a30f6cc13d6f5d8e52c0ec70e1bd05e35b44cee57d1fd2e626328000000000e80000000020000200000003d60e8767538532dd5c1ea89f649ae0e92c946f404a517fb6ff1fa2a9f266d54900000009ef2cffe3dad20df0a6f71122096b89eb3792ce00ea7ec749f629604924e8e83b8d7faeb9d219470e3e03338e646dbbb3fa1657cdabe4c4808b507f8f5a2d84d08a9dad9049ad88322279cb28c9d6eddabdf52693191644f169e3fe06c4f9214d9ecae6c46f1e4439667dc55ba2492eac62088747c2a30a2073b3c12d9040e9e7b3c01b593d19c1e718eb303ac5a532e40000000fe7cc8236782717605d527d089c96ee2de93bf90b71dfd9fc2bad0c27b70a51e6dd82ea12b5a0f6123ed7f8343f25dc337069b5fd35b7da91fe24e624b8aef33	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426014531"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000767b3221dcf203ff4afe2d1f757727c48d082c76b5618dfb84b5d7b50ecce593000000000e8000000002000020000000350592f8f776a158e8f5d83c839096fdd88efcf3dee5373342021b037111661f20000000a28d428af2bb6a1a2fc5ff2a4b33d281db0ba445e3256a8f835fab49639a1779400000002d1c035a096456e0d538f38a659f8132c26f26b2178b1257ad934007d9b7863a1ebcc6e5ba8cae2bb6eb4a46381466a28b4e8e0429a65b95aab9b6b6be5955f9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1844	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1844	iexplore.exe
1844	iexplore.exe
3040	IEXPLORE.EXE
3040	IEXPLORE.EXE
3040	IEXPLORE.EXE
3040	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1844 wrote to memory of 3040	1844	iexplore.exe	28
PID 1844 wrote to memory of 3040	1844	iexplore.exe	28
PID 1844 wrote to memory of 3040	1844	iexplore.exe	28
PID 1844 wrote to memory of 3040	1844	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1bc2f099f316129dbfebfcb28114a96e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1844
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1844 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3040

Network

DNS

www.chip.de

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.chip.de

IN A

Response

www.chip.de

IN CNAME

www.chip.de.27643.edgekey.net

www.chip.de.27643.edgekey.net

IN CNAME

e27643.dscf.akamaiedge.net

e27643.dscf.akamaiedge.net

IN A

2.16.56.141

e27643.dscf.akamaiedge.net

IN A

2.16.56.143
DNS

forum.chip.de

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

forum.chip.de

IN A

Response

forum.chip.de

IN CNAME

chip.vanillacommunities.com

chip.vanillacommunities.com

IN CNAME

site-6030169.onvanilla.net

site-6030169.onvanilla.net

IN A

162.159.128.79

site-6030169.onvanilla.net

IN A

162.159.138.78
GET

http://www.chip.de/css/_merged/forum.css?v=40039

IEXPLORE.EXE

Remote address:

2.16.56.141:80

Request

GET /css/_merged/forum.css?v=40039 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: AkamaiGHost
Content-Length: 0
Location: https://www.chip.de/css/_merged/forum.css?v=40039
Date: Mon, 01 Jul 2024 16:51:05 GMT
Connection: keep-alive
Permissions-Policy: ch-ua-model=*,ch-ua-platform-version=*
Accept-CH: sec-ch-ua-model,sec-ch-ua-platform-version
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
GET

http://www.chip.de/js/omniture_somtr_code_vH.20.3.js?version=H.20.3.20100723

IEXPLORE.EXE

Remote address:

2.16.56.141:80

Request

GET /js/omniture_somtr_code_vH.20.3.js?version=H.20.3.20100723 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: AkamaiGHost
Content-Length: 0
Location: https://www.chip.de/js/omniture_somtr_code_vH.20.3.js?version=H.20.3.20100723
Date: Mon, 01 Jul 2024 16:51:05 GMT
Connection: keep-alive
Permissions-Policy: ch-ua-model=*,ch-ua-platform-version=*
Accept-CH: sec-ch-ua-model,sec-ch-ua-platform-version
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
GET

http://forum.chip.de/clientscript/vbulletin_important.css?v=383

IEXPLORE.EXE

Remote address:

162.159.128.79:80

Request

GET /clientscript/vbulletin_important.css?v=383 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: forum.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Mon, 01 Jul 2024 16:51:05 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 01 Jul 2024 17:51:05 GMT
Location: https://forum.chip.de/clientscript/vbulletin_important.css?v=383
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 89c7e618fcf3940b-LHR
alt-svc: h3=":443"; ma=86400
GET

http://forum.chip.de/clientscript/ncode_imageresizer.js

IEXPLORE.EXE

Remote address:

162.159.128.79:80

Request

GET /clientscript/ncode_imageresizer.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: forum.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Mon, 01 Jul 2024 16:51:05 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 01 Jul 2024 17:51:05 GMT
Location: https://forum.chip.de/clientscript/ncode_imageresizer.js
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 89c7e6193d4f940b-LHR
alt-svc: h3=":443"; ma=86400
GET

http://forum.chip.de/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=383

IEXPLORE.EXE

Remote address:

162.159.128.79:80

Request

GET /clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=383 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: forum.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Mon, 01 Jul 2024 16:51:05 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 01 Jul 2024 17:51:05 GMT
Location: https://forum.chip.de/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=383
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 89c7e618fb8b94f9-LHR
alt-svc: h3=":443"; ma=86400
GET

http://forum.chip.de/clientscript/_merged/jQuery.js?t=42779

IEXPLORE.EXE

Remote address:

162.159.128.79:80

Request

GET /clientscript/_merged/jQuery.js?t=42779 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: forum.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Mon, 01 Jul 2024 16:51:05 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 01 Jul 2024 17:51:05 GMT
Location: https://forum.chip.de/clientscript/_merged/jQuery.js?t=42779
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 89c7e6193bd794f9-LHR
alt-svc: h3=":443"; ma=86400
GET

http://forum.chip.de/clientscript/yui/connection/connection-min.js?v=383

IEXPLORE.EXE

Remote address:

162.159.128.79:80

Request

GET /clientscript/yui/connection/connection-min.js?v=383 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: forum.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Mon, 01 Jul 2024 16:51:05 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 01 Jul 2024 17:51:05 GMT
Location: https://forum.chip.de/clientscript/yui/connection/connection-min.js?v=383
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 89c7e618fd9d94ba-LHR
alt-svc: h3=":443"; ma=86400
GET

http://forum.chip.de/clientscript/vbulletin_global.js?v=383

IEXPLORE.EXE

Remote address:

162.159.128.79:80

Request

GET /clientscript/vbulletin_global.js?v=383 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: forum.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Mon, 01 Jul 2024 16:51:05 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 01 Jul 2024 17:51:05 GMT
Location: https://forum.chip.de/clientscript/vbulletin_global.js?v=383
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 89c7e618f9366439-LHR
alt-svc: h3=":443"; ma=86400
GET

http://forum.chip.de/clientscript/vbulletin_css/style-aea0c703-00006.css

IEXPLORE.EXE

Remote address:

162.159.128.79:80

Request

GET /clientscript/vbulletin_css/style-aea0c703-00006.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: forum.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Mon, 01 Jul 2024 16:51:05 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 01 Jul 2024 17:51:05 GMT
Location: https://forum.chip.de/clientscript/vbulletin_css/style-aea0c703-00006.css
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 89c7e618fcd7d168-LHR
alt-svc: h3=":443"; ma=86400
GET

http://forum.chip.de/clientscript/vbulletin_menu.js?v=38320100630

IEXPLORE.EXE

Remote address:

162.159.128.79:80

Request

GET /clientscript/vbulletin_menu.js?v=38320100630 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: forum.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Mon, 01 Jul 2024 16:51:05 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 01 Jul 2024 17:51:05 GMT
Location: https://forum.chip.de/clientscript/vbulletin_menu.js?v=38320100630
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 89c7e618ffa99478-LHR
alt-svc: h3=":443"; ma=86400
GET

http://forum.chip.de/clientscript/_merged/headfoot_forum.js?t=42781

IEXPLORE.EXE

Remote address:

162.159.128.79:80

Request

GET /clientscript/_merged/headfoot_forum.js?t=42781 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: forum.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Mon, 01 Jul 2024 16:51:05 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 01 Jul 2024 17:51:05 GMT
Location: https://forum.chip.de/clientscript/_merged/headfoot_forum.js?t=42781
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 89c7e6193ff09478-LHR
alt-svc: h3=":443"; ma=86400
GET

https://www.chip.de/css/_merged/forum.css?v=40039

IEXPLORE.EXE

Remote address:

2.16.56.141:443

Request

GET /css/_merged/forum.css?v=40039 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Content-Length: 181389
Server: nginx
x-404: true
X-Amz-Cf-Pop: FRA56-C2
X-Amz-Cf-Id: v6_BcoCCx8xOjQbB4-oorCt_rUAdxIymQ_nteFIpVomPtYtSntGQjA==
Expires: Mon, 01 Jul 2024 16:51:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 01 Jul 2024 16:51:06 GMT
Connection: keep-alive
Permissions-Policy: ch-ua-model=*,ch-ua-platform-version=*
Accept-CH: sec-ch-ua-model,sec-ch-ua-platform-version
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
GET

https://www.chip.de/js/omniture_somtr_code_vH.20.3.js?version=H.20.3.20100723

IEXPLORE.EXE

Remote address:

2.16.56.141:443

Request

GET /js/omniture_somtr_code_vH.20.3.js?version=H.20.3.20100723 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Content-Length: 181389
Server: nginx
x-404: true
X-Amz-Cf-Pop: FRA56-C2
X-Amz-Cf-Id: Nt-lNVuodtLXT2egT4xCoW78DmHn5FteGn7prsIX632f9oanCSweGw==
Expires: Mon, 01 Jul 2024 16:51:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 01 Jul 2024 16:51:06 GMT
Connection: keep-alive
Permissions-Policy: ch-ua-model=*,ch-ua-platform-version=*
Accept-CH: sec-ch-ua-model,sec-ch-ua-platform-version
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
GET

https://forum.chip.de/clientscript/vbulletin_css/style-aea0c703-00006.css

IEXPLORE.EXE

Remote address:

162.159.128.79:443

Request

GET /clientscript/vbulletin_css/style-aea0c703-00006.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: forum.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 404

Date: Mon, 01 Jul 2024 16:51:12 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-lookup-mode: normal
x-app: fc7e72c8a07b2f9c328b3f2c7b32831f5bbef1ef/cl40013
p3p: CP="CAO PSA OUR"
x-request-id: 89c7e63f8b768924-YYZ
x-vanilla-version: 2024.012
vary: Accept-Encoding, Cookie
strict-transport-security: max-age=604800
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-xss-protection: 0
content-security-policy: frame-ancestors 'self'
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jul 2024 16:53:12 GMT
x-backend: cl40013
x-vanilla-cache-control: public, max-age=120
x-cache-tag: resourceType:static,deviceType:desktop
cache-control: private, no-cache, max-age=0, must-revalidate
x-backend-time: 2024-07-01T16:51:12Z
CF-Cache-Status: BYPASS
Server: cloudflare
CF-RAY: 89c7e63f8b768924-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://forum.chip.de/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=383

IEXPLORE.EXE

Remote address:

162.159.128.79:443

Request

GET /clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=383 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: forum.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 404

Date: Mon, 01 Jul 2024 16:51:06 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-lookup-mode: normal
x-app: fc7e72c8a07b2f9c328b3f2c7b32831f5bbef1ef/cl40013
p3p: CP="CAO PSA OUR"
x-request-id: 89c7e61db9bd9535-YYZ
x-vanilla-version: 2024.012
vary: Accept-Encoding, Cookie
strict-transport-security: max-age=604800
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-xss-protection: 0
content-security-policy: frame-ancestors 'self'
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jul 2024 16:53:06 GMT
x-backend: cl40013
x-vanilla-cache-control: public, max-age=120
x-cache-tag: resourceType:static,deviceType:desktop
cache-control: private, no-cache, max-age=0, must-revalidate
x-backend-time: 2024-07-01T16:51:06Z
CF-Cache-Status: BYPASS
Server: cloudflare
CF-RAY: 89c7e61db9bd9535-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://forum.chip.de/clientscript/vbulletin_menu.js?v=38320100630

IEXPLORE.EXE

Remote address:

162.159.128.79:443

Request

GET /clientscript/vbulletin_menu.js?v=38320100630 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: forum.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 404

Date: Mon, 01 Jul 2024 16:51:13 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-lookup-mode: normal
x-app: 013e655b531f99f1902a354611a82f5aa35537d6/cl40013
p3p: CP="CAO PSA OUR"
x-request-id: 89c7e6450b4563d5-YYZ
x-vanilla-version: 2024.012
vary: Accept-Encoding, Cookie
strict-transport-security: max-age=604800
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-xss-protection: 0
content-security-policy: frame-ancestors 'self'
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jul 2024 16:53:13 GMT
x-backend: cl40013
x-vanilla-cache-control: public, max-age=120
x-cache-tag: resourceType:static,deviceType:desktop
cache-control: private, no-cache, max-age=0, must-revalidate
x-backend-time: 2024-07-01T16:51:13Z
CF-Cache-Status: BYPASS
Server: cloudflare
CF-RAY: 89c7e6450b4563d5-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://forum.chip.de/clientscript/_merged/headfoot_forum.js?t=42781

IEXPLORE.EXE

Remote address:

162.159.128.79:443

Request

GET /clientscript/_merged/headfoot_forum.js?t=42781 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: forum.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 404

Date: Mon, 01 Jul 2024 16:51:09 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-lookup-mode: normal
x-app: 013e655b531f99f1902a354611a82f5aa35537d6/cl40013
p3p: CP="CAO PSA OUR"
x-request-id: 89c7e6302fa26530-YYZ
x-vanilla-version: 2024.012
vary: Accept-Encoding, Cookie
strict-transport-security: max-age=604800
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-xss-protection: 0
content-security-policy: frame-ancestors 'self'
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jul 2024 16:53:09 GMT
x-backend: cl40013
x-vanilla-cache-control: public, max-age=120
x-cache-tag: resourceType:static,deviceType:desktop
cache-control: private, no-cache, max-age=0, must-revalidate
x-backend-time: 2024-07-01T16:51:09Z
CF-Cache-Status: BYPASS
Server: cloudflare
CF-RAY: 89c7e6302fa26530-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://forum.chip.de/clientscript/vbulletin_global.js?v=383

IEXPLORE.EXE

Remote address:

162.159.128.79:443

Request

GET /clientscript/vbulletin_global.js?v=383 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: forum.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 404

Date: Mon, 01 Jul 2024 16:51:09 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-lookup-mode: normal
x-app: d0bef3cfcc364246022b4c19596e145f4c02929e/cl40013
p3p: CP="CAO PSA OUR"
x-request-id: 89c7e630388b94bd-YYZ
x-vanilla-version: 2024.012
vary: Accept-Encoding, Cookie
strict-transport-security: max-age=604800
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-xss-protection: 0
content-security-policy: frame-ancestors 'self'
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jul 2024 16:53:09 GMT
x-backend: cl40013
x-vanilla-cache-control: public, max-age=120
x-cache-tag: resourceType:static,deviceType:desktop
cache-control: private, no-cache, max-age=0, must-revalidate
x-backend-time: 2024-07-01T16:51:09Z
CF-Cache-Status: BYPASS
Server: cloudflare
CF-RAY: 89c7e630388b94bd-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://forum.chip.de/clientscript/_merged/jQuery.js?t=42779

IEXPLORE.EXE

Remote address:

162.159.128.79:443

Request

GET /clientscript/_merged/jQuery.js?t=42779 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: forum.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 404

Date: Mon, 01 Jul 2024 16:51:06 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-lookup-mode: normal
x-app: fc7e72c8a07b2f9c328b3f2c7b32831f5bbef1ef/cl40013
p3p: CP="CAO PSA OUR"
x-request-id: 89c7e61edd1a7190-YYZ
x-vanilla-version: 2024.012
vary: Accept-Encoding, Cookie
strict-transport-security: max-age=604800
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-xss-protection: 0
content-security-policy: frame-ancestors 'self'
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jul 2024 16:53:06 GMT
x-backend: cl40013
x-vanilla-cache-control: public, max-age=120
x-cache-tag: resourceType:static,deviceType:desktop
cache-control: private, no-cache, max-age=0, must-revalidate
x-backend-time: 2024-07-01T16:51:06Z
CF-Cache-Status: BYPASS
Server: cloudflare
CF-RAY: 89c7e61edd1a7190-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://forum.chip.de/clientscript/yui/connection/connection-min.js?v=383

IEXPLORE.EXE

Remote address:

162.159.128.79:443

Request

GET /clientscript/yui/connection/connection-min.js?v=383 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: forum.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 404

Date: Mon, 01 Jul 2024 16:51:07 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-lookup-mode: normal
x-app: f288bcd5e6bd6962d96dca6660a4da4a9f6906ae/cl40013
p3p: CP="CAO PSA OUR"
x-request-id: 89c7e61eecc363d9-YYZ
x-vanilla-version: 2024.012
vary: Accept-Encoding, Cookie
strict-transport-security: max-age=604800
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-xss-protection: 0
content-security-policy: frame-ancestors 'self'
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jul 2024 16:53:07 GMT
content-encoding: gzip
x-backend: cl40013
x-vanilla-cache-control: public, max-age=120
x-cache-tag: resourceType:static,deviceType:desktop
cache-control: private, no-cache, max-age=0, must-revalidate
x-backend-time: 2024-07-01T16:51:07Z
CF-Cache-Status: BYPASS
Server: cloudflare
CF-RAY: 89c7e61eecc363d9-LHR
alt-svc: h3=":443"; ma=86400
GET

https://forum.chip.de/clientscript/ncode_imageresizer.js

IEXPLORE.EXE

Remote address:

162.159.128.79:443

Request

GET /clientscript/ncode_imageresizer.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: forum.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 404

Date: Mon, 01 Jul 2024 16:51:07 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-lookup-mode: normal
x-app: 1d75b3b8823c9fb1dd23d214873236da06a4b39e/cl40013
p3p: CP="CAO PSA OUR"
x-request-id: 89c7e6225a6a9497-YYZ
x-vanilla-version: 2024.012
vary: Accept-Encoding, Cookie
strict-transport-security: max-age=604800
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-xss-protection: 0
content-security-policy: frame-ancestors 'self'
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jul 2024 16:53:07 GMT
x-backend: cl40013
x-vanilla-cache-control: public, max-age=120
x-cache-tag: resourceType:static,deviceType:desktop
cache-control: private, no-cache, max-age=0, must-revalidate
x-backend-time: 2024-07-01T16:51:07Z
CF-Cache-Status: BYPASS
Server: cloudflare
CF-RAY: 89c7e6225a6a9497-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

chip.ivwbox.de

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

chip.ivwbox.de

IN A

Response
DNS

rl.chip.de

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

rl.chip.de

IN A

Response
DNS

r.chip.de

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

r.chip.de

IN A

Response

r.chip.de

IN CNAME

r.chip.de.27643.edgekey.net

r.chip.de.27643.edgekey.net

IN CNAME

e27643.dscf.akamaiedge.net

e27643.dscf.akamaiedge.net

IN A

2.16.56.143

e27643.dscf.akamaiedge.net

IN A

2.16.56.141
GET

http://www.google-analytics.com/ga.js

IEXPLORE.EXE

Remote address:

216.58.213.14:80

Request

GET /ga.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google-analytics.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Mon, 01 Jul 2024 15:30:20 GMT
Expires: Mon, 01 Jul 2024 17:30:20 GMT
Cache-Control: public, max-age=7200
Age: 4859
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
DNS

IEXPLORE.EXE

Remote address:

2.16.56.143:80

Response

HTTP/1.0 408 Request Time-out

Server: AkamaiGHost
Mime-Version: 1.0
Date: Mon, 01 Jul 2024 16:51:55 GMT
Content-Type: text/html
Content-Length: 312
Expires: Mon, 01 Jul 2024 16:51:55 GMT
GET

http://r.chip.de/images/pic.gif?m=c1&nc=0&sep=%2C&tce=1&c=23276087&b=4042906&l=3892&tid=Viren,%20Trojaner,%20W�rmer&tp=9223%2C21453%2C8&tn=28_Viren%2C+Trojaner%2C+W%FCrmer&tpn=Home%2CChip_Forum%2C8_Specials&tc=9223%2C21453%2C8%2CViren%2C+Trojaner%2C+W%FCrmer&con=1&tit=showpost%3A+showpost&url=http%3A%2F%2Fforum.chip.de%2Fshowpost.php%3Fp%3D3642104%26postcount%3D5&json=0&random=0.6481992553996747&r=&sz=1280x720x24&cs=1

IEXPLORE.EXE

Remote address:

2.16.56.143:80

Request

GET /images/pic.gif?m=c1&nc=0&sep=%2C&tce=1&c=23276087&b=4042906&l=3892&tid=Viren,%20Trojaner,%20W�rmer&tp=9223%2C21453%2C8&tn=28_Viren%2C+Trojaner%2C+W%FCrmer&tpn=Home%2CChip_Forum%2C8_Specials&tc=9223%2C21453%2C8%2CViren%2C+Trojaner%2C+W%FCrmer&con=1&tit=showpost%3A+showpost&url=http%3A%2F%2Fforum.chip.de%2Fshowpost.php%3Fp%3D3642104%26postcount%3D5&json=0&random=0.6481992553996747&r=&sz=1280x720x24&cs=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: r.chip.de
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html
Content-Length: 4
Expires: Mon, 01 Jul 2024 16:51:19 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Mon, 01 Jul 2024 16:51:19 GMT
Connection: keep-alive
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.189.233
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.189.233

2.16.56.141:80

http://www.chip.de/css/_merged/forum.css?v=40039

http

IEXPLORE.EXE

631 B
1.4kB
8
6

HTTP Request

GET http://www.chip.de/css/_merged/forum.css?v=40039

HTTP Response

301
2.16.56.141:80

http://www.chip.de/js/omniture_somtr_code_vH.20.3.js?version=H.20.3.20100723

http

IEXPLORE.EXE

627 B
1.0kB
7
5

HTTP Request

GET http://www.chip.de/js/omniture_somtr_code_vH.20.3.js?version=H.20.3.20100723

HTTP Response

301
162.159.128.79:80

http://forum.chip.de/clientscript/ncode_imageresizer.js

http

IEXPLORE.EXE

814 B
1.3kB
6
5

HTTP Request

GET http://forum.chip.de/clientscript/vbulletin_important.css?v=383

HTTP Response

301

HTTP Request

GET http://forum.chip.de/clientscript/ncode_imageresizer.js

HTTP Response

301
162.159.128.79:80

http://forum.chip.de/clientscript/_merged/jQuery.js?t=42779

http

IEXPLORE.EXE

951 B
1.9kB
8
6

HTTP Request

GET http://forum.chip.de/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=383

HTTP Response

301

HTTP Request

GET http://forum.chip.de/clientscript/_merged/jQuery.js?t=42779

HTTP Response

301
162.159.128.79:80

http://forum.chip.de/clientscript/yui/connection/connection-min.js?v=383

http

IEXPLORE.EXE

617 B
817 B
7
6

HTTP Request

GET http://forum.chip.de/clientscript/yui/connection/connection-min.js?v=383

HTTP Response

301
162.159.128.79:80

http://forum.chip.de/clientscript/vbulletin_global.js?v=383

http

IEXPLORE.EXE

604 B
804 B
7
6

HTTP Request

GET http://forum.chip.de/clientscript/vbulletin_global.js?v=383

HTTP Response

301
162.159.128.79:80

http://forum.chip.de/clientscript/vbulletin_css/style-aea0c703-00006.css

http

IEXPLORE.EXE

551 B
777 B
6
5

HTTP Request

GET http://forum.chip.de/clientscript/vbulletin_css/style-aea0c703-00006.css

HTTP Response

301
162.159.128.79:80

http://forum.chip.de/clientscript/_merged/headfoot_forum.js?t=42781

http

IEXPLORE.EXE

946 B
1.9kB
8
6

HTTP Request

GET http://forum.chip.de/clientscript/vbulletin_menu.js?v=38320100630

HTTP Response

301

HTTP Request

GET http://forum.chip.de/clientscript/_merged/headfoot_forum.js?t=42781

HTTP Response

301
162.159.128.79:443

forum.chip.de

tls

IEXPLORE.EXE

570 B
92 B
4
2
2.16.56.141:443

https://www.chip.de/css/_merged/forum.css?v=40039

tls, http

IEXPLORE.EXE

1.7kB
33.9kB
25
30

HTTP Request

GET https://www.chip.de/css/_merged/forum.css?v=40039

HTTP Response

404
2.16.56.141:443

https://www.chip.de/js/omniture_somtr_code_vH.20.3.js?version=H.20.3.20100723

tls, http

IEXPLORE.EXE

1.9kB
34.0kB
29
31

HTTP Request

GET https://www.chip.de/js/omniture_somtr_code_vH.20.3.js?version=H.20.3.20100723

HTTP Response

404
162.159.128.79:443

https://forum.chip.de/clientscript/vbulletin_css/style-aea0c703-00006.css

tls, http

IEXPLORE.EXE

2.3kB
38.6kB
33
44

HTTP Request

GET https://forum.chip.de/clientscript/vbulletin_css/style-aea0c703-00006.css

HTTP Response

404
162.159.128.79:443

https://forum.chip.de/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=383

tls, http

IEXPLORE.EXE

2.5kB
50.1kB
40
49

HTTP Request

GET https://forum.chip.de/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=383

HTTP Response

404
162.159.128.79:443

https://forum.chip.de/clientscript/vbulletin_menu.js?v=38320100630

tls, http

IEXPLORE.EXE

3.0kB
51.7kB
45
55

HTTP Request

GET https://forum.chip.de/clientscript/vbulletin_menu.js?v=38320100630

HTTP Response

404
162.159.128.79:443

https://forum.chip.de/clientscript/_merged/headfoot_forum.js?t=42781

tls, http

IEXPLORE.EXE

2.6kB
30.9kB
36
41

HTTP Request

GET https://forum.chip.de/clientscript/_merged/headfoot_forum.js?t=42781

HTTP Response

404
162.159.128.79:443

https://forum.chip.de/clientscript/vbulletin_global.js?v=383

tls, http

IEXPLORE.EXE

3.8kB
73.6kB
68
73

HTTP Request

GET https://forum.chip.de/clientscript/vbulletin_global.js?v=383

HTTP Response

404
162.159.128.79:443

https://forum.chip.de/clientscript/_merged/jQuery.js?t=42779

tls, http

IEXPLORE.EXE

3.6kB
71.6kB
65
71

HTTP Request

GET https://forum.chip.de/clientscript/_merged/jQuery.js?t=42779

HTTP Response

404
162.159.128.79:443

https://forum.chip.de/clientscript/yui/connection/connection-min.js?v=383

tls, http

IEXPLORE.EXE

1.5kB
17.3kB
19
22

HTTP Request

GET https://forum.chip.de/clientscript/yui/connection/connection-min.js?v=383

HTTP Response

404
162.159.128.79:443

https://forum.chip.de/clientscript/ncode_imageresizer.js

tls, http

IEXPLORE.EXE

3.6kB
73.3kB
65
67

HTTP Request

GET https://forum.chip.de/clientscript/ncode_imageresizer.js

HTTP Response

404
162.159.128.79:443

forum.chip.de

tls

IEXPLORE.EXE

518 B
215 B
6
5
162.159.128.79:443

forum.chip.de

tls

IEXPLORE.EXE

382 B
262 B
7
6
162.159.128.79:443

forum.chip.de

IEXPLORE.EXE

290 B
88 B
6
2
216.58.213.14:80

http://www.google-analytics.com/ga.js

http

IEXPLORE.EXE

858 B
18.3kB
13
16

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
216.58.213.14:80

www.google-analytics.com

IEXPLORE.EXE

190 B
92 B
4
2
2.16.56.143:80

r.chip.de

http

IEXPLORE.EXE

288 B
692 B
6
4

HTTP Response

408
2.16.56.143:80

http://r.chip.de/images/pic.gif?m=c1&nc=0&sep=%2C&tce=1&c=23276087&b=4042906&l=3892&tid=Viren,%20Trojaner,%20W�rmer&tp=9223%2C21453%2C8&tn=28_Viren%2C+Trojaner%2C+W%FCrmer&tpn=Home%2CChip_Forum%2C8_Specials&tc=9223%2C21453%2C8%2CViren%2C+Trojaner%2C+W%FCrmer&con=1&tit=showpost%3A+showpost&url=http%3A%2F%2Fforum.chip.de%2Fshowpost.php%3Fp%3D3642104%26postcount%3D5&json=0&random=0.6481992553996747&r=&sz=1280x720x24&cs=1

http

IEXPLORE.EXE

937 B
394 B
6
4

HTTP Request

GET http://r.chip.de/images/pic.gif?m=c1&nc=0&sep=%2C&tce=1&c=23276087&b=4042906&l=3892&tid=Viren,%20Trojaner,%20W�rmer&tp=9223%2C21453%2C8&tn=28_Viren%2C+Trojaner%2C+W%FCrmer&tpn=Home%2CChip_Forum%2C8_Specials&tc=9223%2C21453%2C8%2CViren%2C+Trojaner%2C+W%FCrmer&con=1&tit=showpost%3A+showpost&url=http%3A%2F%2Fforum.chip.de%2Fshowpost.php%3Fp%3D3642104%26postcount%3D5&json=0&random=0.6481992553996747&r=&sz=1280x720x24&cs=1

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

753 B
7.8kB
9
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

753 B
7.8kB
9
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

831 B
7.8kB
10
13

8.8.8.8:53

www.chip.de

dns

IEXPLORE.EXE

57 B
169 B
1
1

DNS Request

www.chip.de

DNS Response

2.16.56.141

2.16.56.143
8.8.8.8:53

forum.chip.de

dns

IEXPLORE.EXE

59 B
172 B
1
1

DNS Request

forum.chip.de

DNS Response

162.159.128.79

162.159.138.78
8.8.8.8:53

chip.ivwbox.de

dns

IEXPLORE.EXE

60 B
110 B
1
1

DNS Request

chip.ivwbox.de
8.8.8.8:53

rl.chip.de

dns

IEXPLORE.EXE

56 B
122 B
1
1

DNS Request

rl.chip.de
8.8.8.8:53

r.chip.de

dns

IEXPLORE.EXE

55 B
165 B
1
1

DNS Request

r.chip.de

DNS Response

2.16.56.143

2.16.56.141
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.189.233
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.189.233

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
11e25329194e9c8e21c94f172834eb24

SHA1
ef020c06d16fa16abde902a672dc5d64987d20ae

SHA256
4d7422ef3969ee461d2013dad3b5ebc3f393f3a6a7041112abb1cdc14d23a41d

SHA512
837c26150749bb02b3ce91cb913d9d9c059f0c7e140657a5e37fa5a9e1a2bd8f55da6fad256c05b7d63915e6c79a0c54f173876086f5f701e7464ca251db1c11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a9bfacda5e7682438f43086033d1361

SHA1
e69d49846bf1898a60d969b0a79cca279b2271f0

SHA256
9e1e02fea8d1484b5b177bc733cdfd78d079fa725db31e4489dc757157fcbb6b

SHA512
e78a69d1221b7e63f64af90b48800ccbec039ea87fb416388b1f34ae8586d9fd1881c0f4009e44bebb3dc0e845c553c082451ce124d9f6eb90fef35840723bc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a1714c0a7d389a6e4e6775fa92a9dab

SHA1
3b6b6248968a9a8cc93a17aae0f7ada828e3f313

SHA256
5093e4dc71ae8c3a38ee5cc946719f30cc0f91ca1e97c92d48efd93396ab75b4

SHA512
e55c8d8159b65d8ebd23f1007886ae2dd2db7c62dfb709a733035df61f7b57cf3dbdf90e63c98f43730a1ae822ebd55eaa5eafa31760df6bc3da51a028b514eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f530202f4970fd33190cc643641a647a

SHA1
fc08ac6324673b7b6579c05079e32f45be2ebc1f

SHA256
22ad9b45db5339cc4d2963d3021ace4e41443d2b352702c8c721731c7a41c41c

SHA512
ae55cd2564366c53009d994c8101e4bede53bce780ef45eef0ba44f55d6a7d0455754b9c67e060348b578a88f4c5581b819c278a2db54d550ccc3824612729c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c54613fc61b5781923e6236cacf746e4

SHA1
248aab88408fabbcf8d736a0efb4850ceea4ad3d

SHA256
26819065a2fa534ea193fc646f01304b115c8414a6a6913ee8d789db6a359605

SHA512
1836e0908df29e91714ee21effc0d1f9d41f45cbad94808a9065c3d64e1b9ee80696227f09537bd6d9523762b2941695b75bbb47c7a83777c522d95a2cc17145

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eabdeaad7b7d4854fa6a149aa6ffd49c

SHA1
964a53424ebdedf600691f5cfe61159fd0be38f5

SHA256
6295e2d2fc3c3160c4d7c87035927624917de190010f951e658ee14c893dd5a6

SHA512
2ab8760cef4318a806cccf021ec3f7f211f2b60e0b5be548441be3b25b5cdff571ec58d8c162096a1363cfc664ff2817c36e4ea8521242ede275c09ed049ce5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
015d065bffaf84bfbb5c20ede4220428

SHA1
9f7d90c9aefd55ff9ef1a141b2a05fc37cd3f2f0

SHA256
74ca2c5a0b228f4e72801ad81b73e1388289a8c5f4f40da8ae2408081b1a73f9

SHA512
eee08f0a45384776d3c3f79754ee8b981f1af302e4a47d351b9d657a4c8916610177e0106e9624bd7c07c374e7a2bdd93ee438bc7ae452c0d803ee9f6930c754

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00b1f31a1854d27d1d3bccc933759960

SHA1
12b6162d299ef66534fce6888e510713416e5e25

SHA256
36bea10d14244e33a8878bcc2b9990f470b0f5342263a5819d1af23d87bd2f97

SHA512
32d1e91221c4d26830d1e0fc86eab1bf0916062a7d6a90dc47754fa01c1adebaab23bf4f23218ac153ea375e73377eee2319a1acee911fe4131ecfdf9dcb4760

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ee95b4dfd3791334589378a694df782

SHA1
16bf6e7ae224689c4724e5de23d7092dc16aa8ea

SHA256
02cee7bf1d9c84ab15e42606ebaf368805cddceafdd17dc97c492b95462ec54f

SHA512
7afaea778f38c4017a99fcc4aa181105a73ebc78f368c735a75fc05184222f33a8f2ef2588cf8490656f401b972e7ce1ed0455211c82d914b4edc308d8ca807e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7e5110be979c04a980144307b6c63f6

SHA1
c5aa0654cae6cfc38712f3c8a787fc9575f7eaa5

SHA256
6e30586e519cdb66cad2272f77180450cb7d7d3a87a1740af8dd288360fe8554

SHA512
8bdcb80bcdf921ed413b46a80cbd7466c49c1defaf1665bc9d6c10222d96273b5b80d7fdea85c1c2d0047cb5ddaca5cf728db462ea3870f2b0ee540ac2493106

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00ff07c97ade60cc06173ab2dbbb0662

SHA1
5590aa098836584645a9aef0f51c7765bba111cf

SHA256
72374f8b51ad2e8333c9aaa3087899ba23ab5dab29653c4bbd0e4470224b23b3

SHA512
a7e36214906144eef04843e97d3479fdf398c511d65f5fea6f31dd52d6b5c4c3d8b63b7ffc3398a2af1ff59164639760dc575fb743743da03820890b12afbebf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8861a24df4e2bf8ace48948ff72fd814

SHA1
5740d0c08bc9fe9998a4ea6e72067b5de45a0bd0

SHA256
bc781a989a664a61118b416a083e1ce31665c2be5ee24f91d365726929690561

SHA512
7011e9c943802da12bde8e6c17b59a08a461429fe983ef50341cf950a05464505c2ab049e994a894e7ea1af3900882fcae5ee0278bd36700136bc24a6d88ae4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69cbc35cd700f86ae60a00958350dd1c

SHA1
536a6facee8f430ed448be6778b136e906af4d42

SHA256
01051a52c7c40ca3f986b0c4302a0c27ee8e39d0af3e438642438d0143fd4d2a

SHA512
861fb3bd344618eea9af0632d861c97c34faec7197810d13496a5c238cb5afb6da1006d69266fa745e79ebe3550c23e100d2d18b0f1a3a0a14d95f8053b85866

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e4f544e0b14fcef055ae145bc4dc3f0

SHA1
443f3ef150541ffb67924adc98ec9f8d49228d3b

SHA256
8746822893cd9da3342885b033622636c5114bf92feecbc9ed3e8440609e61c0

SHA512
c6750834a4b0a8509fbe005581d0ed49d9ebff71d218599e6f3d39ab976ae6b2e9cdab2d01db546d2419f25c9202f18281ea9f3948b3a4c4394517d01cfd425d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78e1f937653f9f7f37ecbc0108e9f261

SHA1
b9223c618f5a0d693c5a6a02b9ec45ef9efb1ac7

SHA256
b47bb06f152acdaa3d32de231625c0b720ac9ed73d691457bc85dfaff8eaa4b6

SHA512
b142731f37ab4c0862a9200a3d1243ffa281f93a137faf0a158269195bdd147a8da4bc592a56f7f84b036da26ca21aed50ee32d2376b558c2061d39d9f24acde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
353c54f79904cdf82e822e49efc3f353

SHA1
6fbd1fd5a907b2564fd9d07e028b595c87460df2

SHA256
a5ee5f2e8259700f47de962675a28c28e6b71ffb374784d123ed1afe214ff388

SHA512
22c15ad078b8c06cac1b15d6bc37aed34ef1fa0ea5923b522038f093a501879a154d5a67cf78dce80de3e688fb5f05662279f7f2b6c72e5da7f89646c8e25ef2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa6cb48617c06d024084acee49af82d0

SHA1
54f1fbf6210f12f558625d0992a79ae6fd35eeee

SHA256
7d82aefcc9f73323e0d1fab4f7196a08f0d0e11dbbde5c4d84fa0ba027cbe84b

SHA512
a5be369c5d60a61db1c7e336c67466935cb1ac6dca3b839159bcdcb13b36235790a30fc37f91781b57c21bbae91273c692bd5e359ea7879a5bf747833748c0fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
711722d39ad23b2457e6ada7c05eb538

SHA1
5d3111a4fe88da4702c4197fab9d3a3dbc812e56

SHA256
66a340ab811e6f23aee53675c7c5ae01bfbbb39a47589da14af9148337ebb653

SHA512
ed9e23e9af017c6e4eb4a123deea20fc23e5085176e001556735aa63c4d8311a8c5974bf0567dd759dbed0ca0293b5d6bd40a63e3569595dd49e534fdf41e9bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfac182a702ac309b0129cb2c8850d44

SHA1
a52543eae9ca284fb5d5ce12e69c56c97b86b68b

SHA256
1067f85bb406896f1c7ca40292eca1e17b07df68f51cc75704a69505b87daa1a

SHA512
cac02def26bf5362b2a1521dd6502efd78154da1f05a7618438772052128fe6aa3e04cd3a2653f64b44bb3658f36c2b94324385ad04b71b675d282262f7afebf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1f665e382e067e2299038de3eec9a89

SHA1
e8f7dc06305f0e7c15036fd8c9d40d4adb29edbe

SHA256
266189891f3fd634881d845f2473875006cffb38612ada1505ef3d8fd745862b

SHA512
f1e3fb751bd656251a0feae52d51aa0e0aed88da388edfadcfa91f1298c6c3a40378f81a1f06a63ef6dacf13fb5710542717ef55e5b2a421fef159b1978f3f7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
493c16a8522c4ebf484b1ba4c08d22f4

SHA1
4e49e0cce83fe43e0f7a7c76a7665db77aad6999

SHA256
5699f73b2a5dd16276ac056b97242ed24af1357f83d2247d3c747cfffd2ec4b8

SHA512
8fca58e0b89f601c429b8d330f1b1f5b2030df41a5da83b5c0b7fdad61306b74cf3c1bfc55b75227eaa4bf1f41b3e4b04ba5e7748967292a23d4b3dd98df98ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
8b7816b4dcdbf67803fc4dcaaa596a8b

SHA1
387fd03c93d95976001c0dc57578fa0a23ec7664

SHA256
6b327d8957a3317cb102e6833d39c82701bb4c86d50ceaa7c6aa0a32191f1183

SHA512
f56a7c8b5383e95e9ff198a40b04d348e14a492b37db8a8488b105519fc23dfd2fac6681ab83d716c45384edcaa2dc6184c2e30dc185e78337dae80265d1e863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\headfoot_forum[1].htm

Filesize
167B

MD5
0104c301c5e02bd6148b8703d19b3a73

SHA1
7436e0b4b1f8c222c38069890b75fa2baf9ca620

SHA256
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

SHA512
84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2389.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar23AC.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar24C1.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.