e1fb59eebe2e9c12ef43f06c01947a58afdf36e687ca8d699d52274abe3f2fd9

Analysis

max time kernel
161s
max time network
176s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 02:39 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

007170a69b44f513ba5aef560082635a.html
Size

53KB
MD5

007170a69b44f513ba5aef560082635a
SHA1

cc132d3ed54fde02bb9be3fa85c98709f20e3036
SHA256

e1fb59eebe2e9c12ef43f06c01947a58afdf36e687ca8d699d52274abe3f2fd9
SHA512

c91126a7cd524a0f87c19ad227085b08fb1e1a1ac6f8ccd261a4647733937fb62a568a2657edd2f98df1e0b8041609888c718b0b6a2c6047105220a2b29b5af5
SSDEEP

1536:CkgUiIakTqGivi+PyUsrunlYz63Nj+q5VyvR0w2AzTICbbooA/t9M/dNwIUTDmDe:CkgUiIakTqGivi+PyUsrunlYz63Nj+qN

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{46422F01-A314-11EE-82B3-FA7D6BB1EAA3} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e074962b2137da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c19300000000002000000000010660000000100002000000025ffee6eba5ac6e1e07126a844b2dc5667a3e8e009ae6ac30ec56e684a7f9f61000000000e800000000200002000000024a7f2b69e9f90633c51c687d846099fe4bfd3f9c0d2a5a6dfb34e16e81fcfff200000004c0597cf2385956f4a805c255210013772eadab5a11a444b00cd81caee1686844000000028dbfa65e819fbccddc42c6cebfdb3c38ecb9c38e54640cb35ab438b57ae5ca293de9dccb54f705e3eaefd89c0e76fa7cba731c91a7b5da5994aa49c3600f800	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409663672"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c193000000000020000000000106600000001000020000000b56b108da79818b4d18d8d21a7ab0961536793493c6e2e928c3f1dc20fd52ad0000000000e8000000002000020000000fc6949bd6ca6ef5f5cf3b40efc6bdd5dd7d15a345a77659d8134e242e4eb58ad9000000002003b434bbd2d16aef08cd93d89a059487feba4f05fffc0d9aada1bfcd3538e7622eef7d2cdc9537f4950585ac40dcde5777438ad308eb1e81259eee9b9046db86ed6e6a739c5b98fe1a783570de7ad664ddfe787b018bae5388abcce40fb1c09008623aa76dc598af7ce29a7e0bed85b3a0f2f7dbcf6b565ed74188e8025adbe721afcf994282d594c27d9c522c750400000000066b8ffc4529144f04c055c0c7f73032f5a12c83569089312d9d0c22ab5f6275d4aac9f85225db2d4840b29afb1753737b16cf25954b968aedff51547c57bb1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2840	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2840	iexplore.exe
2840	iexplore.exe
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2964	2840	iexplore.exe	30
PID 2840 wrote to memory of 2964	2840	iexplore.exe	30
PID 2840 wrote to memory of 2964	2840	iexplore.exe	30
PID 2840 wrote to memory of 2964	2840	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\007170a69b44f513ba5aef560082635a.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2840 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2964

Network

DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A

Response
DNS

www.wintotal-forum.de

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.wintotal-forum.de

IN A

Response

www.wintotal-forum.de

IN A

195.15.233.57
DNS

www.wintotal-forum.de

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.wintotal-forum.de

IN A
DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A

Response
GET

http://www.wintotal-forum.de/Themes/WT2/images/star.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/star.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:51 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/star.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/filter.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/filter.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:45 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/filter.gif
GET

http://www.wintotal-forum.de/Glossar/glossar-js.php

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Glossar/glossar-js.php HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:45 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Glossar/glossar-js.php
GET

http://www.wintotal-forum.de/Themes/default/script.js?fin11

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/script.js?fin11 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:45 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/script.js?fin11
GET

http://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/topic_starter.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:45 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif
GET

http://www.wintotal-forum.de/Themes/default/print.css?fin11

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/print.css?fin11 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:45 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/print.css?fin11
GET

http://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/upshrink.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:45 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif
GET

http://www.wintotal-forum.de/Themes/default/sha1.js

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/sha1.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:45 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/sha1.js
GET

http://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/WT/wt-logo.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:45 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/topic/normal_post.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:45 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif
GET

http://www.wintotal-forum.de/Themes/WT2/style.css?fin11

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/style.css?fin11 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:45 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/style.css?fin11
GET

http://www.wintotal-forum.de/Themes/WT2/images/useroff.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/useroff.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/useroff.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/post/solved.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif
DNS

adsrv.wintotal-forum.de

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

adsrv.wintotal-forum.de

IN A

Response
GET

http://www.wintotal-forum.de/Smileys/smilies_smf/shocked.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Smileys/smilies_smf/shocked.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:57 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Smileys/smilies_smf/shocked.gif
GET

http://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Smileys/smilies_smf/cool.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:57 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/post/xx.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:57 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif
GET

http://www.wintotal-forum.de/Themes/default/spellcheck.js

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/spellcheck.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:57 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/spellcheck.js
GET

http://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/stargmod.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:57 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/Male.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/Male.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:57 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/Male.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/Female.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/Female.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:57 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/Female.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/WT/nav_unten.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:57 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/www_sm.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:57 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif
GET

http://www.wintotal-forum.de/Smileys/smilies_smf/cry.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Smileys/smilies_smf/cry.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:57 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Smileys/smilies_smf/cry.gif
GET

http://www.wintotal-forum.de/Themes/default/xml_topic.js

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/xml_topic.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 25 Dec 2023 10:56:57 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/xml_topic.js
DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A

Response
DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A

Response
DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A

195.15.233.57:80

www.wintotal-forum.de

IEXPLORE.EXE

242 B
92 B
5
2
195.15.233.57:80

www.wintotal-forum.de

IEXPLORE.EXE

242 B
92 B
5
2
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/star.gif

http

IEXPLORE.EXE

912 B
1.1kB
7
4

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/star.gif

HTTP Response

301
195.15.233.57:80

www.wintotal-forum.de

IEXPLORE.EXE

242 B
92 B
5
2
195.15.233.57:80

www.wintotal-forum.de

IEXPLORE.EXE

242 B
92 B
5
2
195.15.233.57:80

www.wintotal-forum.de

IEXPLORE.EXE

242 B
92 B
5
2
195.15.233.57:80

http://www.wintotal-forum.de/Themes/default/script.js?fin11

http

IEXPLORE.EXE

1.2kB
3.1kB
7
6

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/filter.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Glossar/glossar-js.php

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/script.js?fin11

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif

http

IEXPLORE.EXE

1.2kB
3.1kB
7
6

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/print.css?fin11

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif

http

IEXPLORE.EXE

845 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/sha1.js

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/style.css?fin11

http

IEXPLORE.EXE

836 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/style.css?fin11

HTTP Response

301
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

524 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

524 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

592 B
681 B
9
6
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif

http

IEXPLORE.EXE

1.3kB
3.1kB
8
6

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/useroff.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif

HTTP Response

301
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:80

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

236 B
92 B
5
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

236 B
92 B
5
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

524 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

478 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

592 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

242 B
132 B
5
3
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

592 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

576 B
681 B
10
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

478 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

546 B
677 B
9
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

234 B
88 B
5
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

536 B
677 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

676 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
132 B
4
3
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
132 B
4
3
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
132 B
4
3
195.15.233.57:80

http://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif

http

IEXPLORE.EXE

867 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Smileys/smilies_smf/shocked.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/default/spellcheck.js

http

IEXPLORE.EXE

848 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/spellcheck.js

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/Male.gif

http

IEXPLORE.EXE

864 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/Male.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif

http

IEXPLORE.EXE

870 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/Female.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif

http

IEXPLORE.EXE

527 B
1.1kB
5
4

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/default/xml_topic.js

http

IEXPLORE.EXE

845 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Smileys/smilies_smf/cry.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/xml_topic.js

HTTP Response

301
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

478 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.9kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.8kB
9
12

8.8.8.8:53

wintotal.de.intellitxt.com

dns

IEXPLORE.EXE

72 B
72 B
1
1

DNS Request

wintotal.de.intellitxt.com
8.8.8.8:53

www.wintotal-forum.de

dns

IEXPLORE.EXE

134 B
83 B
2
1

DNS Request

www.wintotal-forum.de

DNS Request

www.wintotal-forum.de

DNS Response

195.15.233.57
8.8.8.8:53

wintotal.de.intellitxt.com

dns

IEXPLORE.EXE

72 B
72 B
1
1

DNS Request

wintotal.de.intellitxt.com
8.8.8.8:53

adsrv.wintotal-forum.de

dns

IEXPLORE.EXE

69 B
132 B
1
1

DNS Request

adsrv.wintotal-forum.de
8.8.8.8:53

wintotal.de.intellitxt.com

dns

IEXPLORE.EXE

72 B
72 B
1
1

DNS Request

wintotal.de.intellitxt.com
8.8.8.8:53

wintotal.de.intellitxt.com

dns

IEXPLORE.EXE

144 B
72 B
2
1

DNS Request

wintotal.de.intellitxt.com

DNS Request

wintotal.de.intellitxt.com

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb0ea8407e1d4f5632556add13478e0a

SHA1
3ba31db423b92c742b8410b8148ccef75a2d273f

SHA256
198055ae25d8c96eb78ddf6aaea49a993b0cc0b84b392e287737132a1ea4934f

SHA512
ef1d5ed78663995a37abe91b7307df673cf7057cb635116d2661cea774c9928b8aee3be3d4455376b6b5256c29fb87b7e8e4a07ae4567dcef3d7b4dfda0f438d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef2361e5e8950aaeeb95e275ae868ad0

SHA1
af68a34fd3ff79c6e6f7222980960d4bbf49c42b

SHA256
80be9820423097d8c312c144260eeb315ddcc678cebfa628b6a8bfc5cf74a9cf

SHA512
c83856b583785bffd59cd4bd20665a8414f3ff7aa9dfc7f6d2ac5e555fd56332e7dc83f9cc55fea14ee67d16f5040358fa014fc41000af192eb75c87e2361848

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2982de845bd31d046d7580f2b3481b3d

SHA1
846ad2f9df49cb9f5500da73e26dda0d9777a899

SHA256
7b925fb009d590c5459a518d82bad0de367b08ab8d80e516c259bf76d38981e5

SHA512
f217ab0ad0ee6f7a538830baa3798ed9606ed9c18fc9b2b18cd95deb23e757ef4f64decd5034604479e093c18de843bc1ad5b682ae06cf75d1fe670f24060978

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61fdc397305acf88c16fdd4fcf0788f8

SHA1
07a1f87b913716e757bfc6817ea19d524cf8923d

SHA256
14c93ba26d3e68cb75f327a3a3819cde47816f97fc29ab954fe5d2c0eb253452

SHA512
8ff397babe21c7bc5f994d11b61e7d87f55e8cbb8877fbfc964ce82f67fa79be8c1a2f5382ad2911923427398570a857c945c1b3c27a023433352eb85bc0b9c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48ce2829295f6f53f6febee9b7a3bab6

SHA1
bf3708ba2044e356c9199b4f89a2f0bae503af6a

SHA256
cab5743285feca71c4f70308f0de783de5eece14c861ba1604f1cbbc521d5578

SHA512
62dfe557a8de300d3dde4e46ff461f7619c963a539c9d952a64d1664f86dd3be2e01992173adc7000ec071cd4ec85d3a901437c49835bb2c5ecbc71e7bfecce2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b39f8b40a3027689072296556d8c9ed

SHA1
8aa6d3bfa99b6b4498760f2bb98d230475ec86f2

SHA256
45b7537d85a4f03de52ec2c9c26c5a29a3ba1db326605bcbcc2b2e655c31d088

SHA512
340714231568344ed4d7636e1b0295b0a2a9d955d5d39c92c6855195878a201b6aeb85510e148635bac835dfc6ed66b931b86b63cd91651ee761530992a97b9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be7c12245216467e730d86838afd35d3

SHA1
dee8f81a270267434ae71943143e9ffe1002ae89

SHA256
b55528be27ba805b1e657ed1ff776c5e143a0aa51dfd92570c0ef9da6a162036

SHA512
656bfd6417b15c7a77dea8872732d17b79604d9f98f25083d955e3627f1ba2940659ea0cf68c8984a877a28443dc1fb0dff0c24a19ab5efe71ea92a36cd30092

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3cf4679c3520aa2c9f3b81616022431d

SHA1
f2b1bd2157a7b35af025d9c58512d352b5590fc6

SHA256
52e7727a031c7778687614468878fe69f72c96de29665773334aa2cf945413ef

SHA512
5cefa78b18884aac633c07d40266c865acfb52daa3ed61d6d62250078d50cffe2c2ccb7d6532f01ed71990882f174841fab9eb147f99432b757b43e099b50252

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4e2c8f283bd7c7bcbe890d580c13796

SHA1
b133d2f1261f36f1246d1fe555a264f2ef60a12e

SHA256
4a6495d17278a569b69aee3daf08549580bdf0f63cf908e7eb7ff85945ea9f43

SHA512
440e5b5fe674c4d34d02f810b98f7d65d81eb16735510f0066994f5e435f4290c3ccbbf069f7eca2ecf6ec9b90978e8c78ae28a44ceb7cb392a978dfe979f3fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63822cdd08f9ca2f0112c1ee86f36ce9

SHA1
99e96f9a459aa2cc85ef8636221edd335d00b1ee

SHA256
0dfef8ca75de5731062f8e9e01b538c75ae9433d294534cde58de3ccd5590075

SHA512
828d059f2c5244c40a6353d3dbe937c46d9e97c955bb798ef596d595b439b566f8393956ba531cd226f83e9f3ce2a7ac99524f48c219a3ceb109effc6d778b12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0bf4d42dd7a119c449956957c0db6c88

SHA1
a2759b1b8cec55602557209830133b06038cd46a

SHA256
738c74e08b30e04cc847797543c74baafdd0ac874c2769db9c656cf4b3abfcf1

SHA512
761fc9c7a8a42895d4aff49e708abb5ec38d6aa2a5c80f38a0fe14643d4e01170ca44394ff789fc6bcf0d2902eaab5305c4918d45523b09a2b62cb89834142c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d88d572a03e59f137146713b133c0150

SHA1
66c5badbfd39b8bf9f622dd2fd073dedd4c88cfd

SHA256
f4d7fa93125abbdd5e83dd412612d114878d4d1a4d5703f20782ab54c574c78d

SHA512
d3f9f59b54ba30b64ccb1b0774371113e21615ab9b7a21931866a5ce8986266c444b3bf9e15a2f32a4bfd55cd2c128d07a55d85d046c52cf563bbce9c36bb370

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b38c6d80892f554829ed59eba8d40695

SHA1
63b4483fa897f5f9767293facd9f2d944fa139a4

SHA256
83767b4169e83b5928f074e99b8debdd7af9de292d7a75126cb1043fa386c6bd

SHA512
fd40e749d6627bb4604500b38f861fbcb891c2c26d77123dda4624c0ac36323eb040a01786f779ded0a2d3171b1ba63833633f1fb6a535b23436c76511571090

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
59efc22231e980e54f37065ce6808a13

SHA1
6baa83800a43a342a3c0e3a5b908a1922a5c5258

SHA256
22a5891b704d4360f48a2b08dd9603cc4a7084f610ff15a99b6ad748c5b8e334

SHA512
68aeb5b56a6af812077b73b6c9490570831b26f9fa200384f2354be452d6ffa46bff2351189ee1a2c80c5e85dc07f1108845597a515187d4b9a8ff7198e459f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
40400ded90b8c90a15356406883eee62

SHA1
b32f373b6581dbe89084b0397e5983683512f6de

SHA256
580ff2a2c260e5a4204e3df21fe07758a0edd2357e7996b19cb4fe969f201ea6

SHA512
b726fd8b27f07323f537ab031a7d86d08686703abaea3ebe833e45bf813ffc8843dbd78555f8d100219785886bac57f11f301aa6fb525eaf9c3c9db45ddc4b31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad6c086ce1f9be32d2904eb9951fd071

SHA1
619137ac0add37db3abc34a02d4971b4d44a332c

SHA256
98e9acf07a348bf86b6ad0e3a1cb074a3ad4e30c934a363f53f35d50f46d870e

SHA512
51ec291a51fee3fb6ca827e7e1bc0a7f46750154bbd11ea8eb4a1b262556f818c62d2ef23cbcfbef03bae6f56df4f9eab7c2d0aae91fcbfeab17f81ff24fa8eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f70ecd9efcfb093bac0cd1affe9b5c6

SHA1
e422fd336f21b9468f4f7d9620d0d19ffe439759

SHA256
a6340a704715b605b4016de27da3a8550b6f2699e919c71b2adc7f50a29209c5

SHA512
8a47750e1155ac863e567fd6883e422dfb7b2510486442760bab2abc82e0fae0e0011584b75eeb0cf5dbf0da1ff3d7359c70c40bd4e645cb6b49d55e288f9fda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6MCRSFJ\print[1].htm

Filesize
706B

MD5
67f3a5933c17b3ab044826d3927d0ba9

SHA1
5957076d09bacaa6db8ddc832b4fd87ed8f05f8a

SHA256
97e800f4836b7030dd58fe6296294b7ff5ef1b5eb0e88353f230ea1608d2bb64

SHA512
03ba224055ffdbf32b7eea30c764dc18d66cc6d8707dc5fafab74e155b0bb3d4d691c5788b033a68f05299547297125122778fa7e3252f93e7343d918936643e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5267.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar52A8.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.