e4d6522b49f207f350578ead18a2f875594a14f9172e3e8d18b093fe2064bfd4

Analysis

max time kernel
136s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 01:07 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8afede30440062ca84bca38ae51ea5c4.html
Size

53KB
MD5

8afede30440062ca84bca38ae51ea5c4
SHA1

f83c29157206eca1fa403519f4e973aacf525247
SHA256

e4d6522b49f207f350578ead18a2f875594a14f9172e3e8d18b093fe2064bfd4
SHA512

4e042e8cd7815494dd855332a77c9d07997a45df4b2f7438e4fc1575ef584b065804d29d7a245f47cefaaeb020c3274ba6d5077d9ca91e3acd03b26d5c31557e
SSDEEP

1536:CkgUiIakTqGivi+PyUerunlYA63Nj+q5VyvR0w2AzTICbbWod/t9M/dNwIUTDmDu:CkgUiIakTqGivi+PyUerunlYA63Nj+qI

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000ae5bfe0bf06709b0d3da348592fbeb173a632ecdc9d515a083ef903b7b43ef80000000000e8000000002000020000000308ba9ce3aa8c4fe798293f5043d2c578f4d7cb98dc59aa064a9c0f9c2bb354590000000a4ef849b3240a66ba9c76286fbabed2ff64cad53f7cf6f27b77ffb656688336e7ea7dcac8bbb9bdd26f2644128c0f6536a89706cd54762b83cf8cf718c98f1d7f0b1ac678d6dd36f5566b90df36aaff67d024688b57ccee481d3d3e04fa1b06e700057c4062e864dfe7d7d4bc4bcfd7b2c86000a7b24aaf8de3578b87475acbb2ed76eb65a34e5ac9ee6e96badd0f13940000000afed218606c2e1d47a115c67140e7f2716103043c1de0435403cbf0a4c8e05c47f5f84bf10fdcbf0615ab30ab147881cc63c75113495baeb614c4aa1b2574cdb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000003656a2576874ef1ee4c3db42b6b145528b2ed085c22f70dd97f1cf6d2f60aebb000000000e80000000020000200000007ca27761d85478a90a9a558173344f422867cfc7de646eb936211d31fb4a76e02000000050902621ae0d9b151ed99ce2d1869cbec6a8a04727e79479160a96f328edbab3400000004c3e1d5314ae4206b01b436682613d53e7e93cc7a149060d3e07db743f9ec56821421cbaae777f9271d594f91ae6e0e470d186eac8511bbfe26268087258322d	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0536b763d56da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413084330"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A059E241-C230-11EE-8AED-E6629DF8543F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2908	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2908	iexplore.exe
2908	iexplore.exe
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2764	2908	iexplore.exe	28
PID 2908 wrote to memory of 2764	2908	iexplore.exe	28
PID 2908 wrote to memory of 2764	2908	iexplore.exe	28
PID 2908 wrote to memory of 2764	2908	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8afede30440062ca84bca38ae51ea5c4.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2764

Network

DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A

Response
DNS

www.wintotal-forum.de

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.wintotal-forum.de

IN A

Response

www.wintotal-forum.de

IN A

195.15.233.57
GET

http://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/WT/wt-logo.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:43 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif
GET

http://www.wintotal-forum.de/Themes/default/sha1.js

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/sha1.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:43 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/sha1.js
GET

http://www.wintotal-forum.de/Themes/default/print.css?fin11

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/print.css?fin11 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:43 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/print.css?fin11
GET

http://www.wintotal-forum.de/Themes/WT2/images/filter.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/filter.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:43 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/filter.gif
GET

http://www.wintotal-forum.de/Glossar/glossar-js.php

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Glossar/glossar-js.php HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:43 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Glossar/glossar-js.php
GET

http://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/topic/normal_post.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:43 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif
GET

http://www.wintotal-forum.de/Themes/default/script.js?fin11

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/script.js?fin11 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:43 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/script.js?fin11
GET

http://www.wintotal-forum.de/Themes/WT2/images/useroff.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/useroff.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:43 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/useroff.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/upshrink.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:43 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/topic_starter.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:43 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif
GET

http://www.wintotal-forum.de/Themes/WT2/style.css?fin11

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/style.css?fin11 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:43 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/style.css?fin11
GET

http://www.wintotal-forum.de/Themes/WT2/images/star.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/star.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:43 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/star.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/post/solved.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:43 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif
DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A

Response
DNS

adsrv.wintotal-forum.de

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

adsrv.wintotal-forum.de

IN A

Response
DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A

Response
GET

http://www.wintotal-forum.de/Themes/default/spellcheck.js

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/spellcheck.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:44 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/spellcheck.js
GET

http://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/stargmod.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:44 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif
GET

http://www.wintotal-forum.de/Themes/default/xml_topic.js

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/xml_topic.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:44 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/xml_topic.js
GET

http://www.wintotal-forum.de/Themes/WT2/images/Male.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/Male.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:44 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/Male.gif
DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A

Response
GET

http://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/post/xx.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:44 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/www_sm.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:44 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif
GET

http://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Smileys/smilies_smf/cool.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:44 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif
GET

http://www.wintotal-forum.de/Smileys/smilies_smf/shocked.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Smileys/smilies_smf/shocked.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:44 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Smileys/smilies_smf/shocked.gif
GET

http://www.wintotal-forum.de/Smileys/smilies_smf/cry.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Smileys/smilies_smf/cry.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:44 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Smileys/smilies_smf/cry.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/WT/nav_unten.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:44 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/Female.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/Female.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 03 Feb 2024 01:07:44 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/Female.gif

195.15.233.57:80

http://www.wintotal-forum.de/Themes/default/sha1.js

http

IEXPLORE.EXE

845 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/sha1.js

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/filter.gif

http

IEXPLORE.EXE

829 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/print.css?fin11

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/filter.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif

http

IEXPLORE.EXE

852 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Glossar/glossar-js.php

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/useroff.gif

http

IEXPLORE.EXE

850 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/script.js?fin11

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/useroff.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif

http

IEXPLORE.EXE

873 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif

http

IEXPLORE.EXE

1.2kB
3.1kB
7
6

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/style.css?fin11

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/star.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif

HTTP Response

301
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

380 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

380 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
132 B
4
3
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
132 B
4
3
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

494 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif

http

IEXPLORE.EXE

849 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/spellcheck.js

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/Male.gif

http

IEXPLORE.EXE

844 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/xml_topic.js

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/Male.gif

HTTP Response

301
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:80

http://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif

http

IEXPLORE.EXE

1.2kB
3.1kB
7
6

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif

http

IEXPLORE.EXE

1.2kB
3.1kB
7
6

HTTP Request

GET http://www.wintotal-forum.de/Smileys/smilies_smf/shocked.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Smileys/smilies_smf/cry.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/Female.gif

http

IEXPLORE.EXE

527 B
1.1kB
5
4

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/Female.gif

HTTP Response

301
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

236 B
132 B
5
3
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

831 B
7.7kB
10
13

8.8.8.8:53

wintotal.de.intellitxt.com

dns

IEXPLORE.EXE

72 B
72 B
1
1

DNS Request

wintotal.de.intellitxt.com
8.8.8.8:53

www.wintotal-forum.de

dns

IEXPLORE.EXE

67 B
83 B
1
1

DNS Request

www.wintotal-forum.de

DNS Response

195.15.233.57
8.8.8.8:53

wintotal.de.intellitxt.com

dns

IEXPLORE.EXE

72 B
72 B
1
1

DNS Request

wintotal.de.intellitxt.com
8.8.8.8:53

adsrv.wintotal-forum.de

dns

IEXPLORE.EXE

69 B
132 B
1
1

DNS Request

adsrv.wintotal-forum.de
8.8.8.8:53

wintotal.de.intellitxt.com

dns

IEXPLORE.EXE

72 B
72 B
1
1

DNS Request

wintotal.de.intellitxt.com
8.8.8.8:53

wintotal.de.intellitxt.com

dns

IEXPLORE.EXE

72 B
72 B
1
1

DNS Request

wintotal.de.intellitxt.com

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27d61d14e057e49a2a96bb7b4d510974

SHA1
cbd6c657b0b32323d71ecef2622c9bae4b3601f5

SHA256
e222fe128571a7e50e1b9b0c767fe133d8481984a5ec9937f96303c05ee72a0d

SHA512
6ac805bc07d51f30fe7bf161ac14d74babb398ea2a06b1967be63542d676b6a6db4a492770990d2f864bc8d42944f9f3e3539bb1ec3165502b0500ed1ee52009

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c41912c19a1e93f1aea2877d4ad2804f

SHA1
7046260c86fc8c7db87b235c2017ed078dd785b7

SHA256
2e8f5944abd226f7b24b123d369be6f0ce5f6ac887ddd8ea6a9f2151f40bce6e

SHA512
f8e2a724a8c1170c4f506c9149beaf4d9ece058d0d04e8904d052fb18dd3606cda9517b94c6bda24bd1d90f08329d8bb32f7cb543d2e6e3e8ac969fb72d18f4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1098e6e859942b086c062a2fbe92acff

SHA1
d1fe5803c79a37b68881271dd86f008a459d1f98

SHA256
4ffeecdef4e78e1036706a91fed667efd213192be464c0c1e3ea35e4635aee34

SHA512
f748452ce5ff4df86047923b28aadf1e6dced0827e8a37960c1183a5eaa8adad4b456a64a8b6fe3dc261506a79046781ff152aebc0a3ef70d3944f7f4ba149b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19f0d6b8112796ba56b37aa41a3596fe

SHA1
9e02e0678e9c252f7ebcde2e1b988d486283089e

SHA256
de02548c0d0697aa4a625ec9d94b2adc4e779107c5dae8e1f2744d48a2cf17f1

SHA512
24b4dd12fa4fe979cbc25376e01ad8cf258f12d7625ffff306a4b4aeeedc143f6659633c1ba256af5e322004b931f790084c5c3e46c2773e92e995963f637ac9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d06d79dfc71fb211038059e71244893

SHA1
4dc8488d45fabed36ca9abf2326815e1aac274c7

SHA256
3d51728f7d1b8d973bc0c0d33b0d1ba7693df77625d149039266b05435abd287

SHA512
06c2a0926c14505f52ad21c550dbe74ad19b2c4b54f81cc4b05e7026239855526e85f2be7e3a2393335ce854c33a38b98c505808f2773a22fcbae9d73ddfdc42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a08b3b69e0c71ed7bd6c5b188744c995

SHA1
3a92112052eefb70e98db8414247aef239292157

SHA256
74177a8918da5fc27f8863993a9dc2a0b08c10ccd2b5ef5676337ce6fbea6a20

SHA512
b89c7d1a0185b11821d8d2569e772e6681df2b1e1040b74f20e949b3dd8e02486c3758ce5d19a67fd75a15e67a3d098250e7e897e602962422175b62ee4ca460

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ac04c0ac144e107e376448c6075b134

SHA1
74dca86dfeb46b6f5439fa6499cb8964c219fd47

SHA256
1060e310c547cf941eda558922446e7db8ed86ef3c7fe05c5cc5c4e022f438ec

SHA512
3a4ed11b2ce08fdfe4bd9cbd49143e0c495a0633aacc88821ae4a2cbf0872d96c39d713be8b86094324ed28ba8adb1a25aaea7e975c2d3ac60943abbca328759

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46802a8927457ce175a6448b1d39aaa8

SHA1
44d32da804f350ccbba60db26218b3007a54f6bc

SHA256
4af12592246f973d4d15fd099a29657520dd4cdc621e209e7b95fc9afe914c8b

SHA512
af8696abe39e1b02235fb4451e4c3ab5f5a4518617f29739afca35fd53569307a41531777b39c9e918ed08d77e8bfb610a97283a1b504065012c392a0359ab3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d1992a39e12359aa949d7caffc1b096

SHA1
e0663a558bce2e2ab99ab302e166dac24e077a83

SHA256
356ccdae9b2aebf30203547d132141b573a277f266442517dc9f677faaffdd53

SHA512
1069d3e3b3bc9682b6483a11ffc6f3561ed79b7a6c355e96a0a46f19ddd4653d9ceff9a93f95a26d615dc89ed2cdad68463900636d72bbaa702a7c30336e33cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a881a4de62b3a8db25e996d1b6476ad9

SHA1
69028c241c0ef2e783d2059397eb3f6d6da22e8c

SHA256
a995414062ff587b9e61afb0e600e601ad30289f517c048b8f2fb96ee9ed65d2

SHA512
b87c37fea4da59cb2e6c7eb7fc9ff56f7d91b37b12078beb6dcc793c3d42aef011470b94f5d0416c29c8d1ea8465ea17e18a45dbc9aa0da042a278b64575b7e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b7106e995a4881671d32b9b9b231967

SHA1
29fc0563e3870e4d5ac14560134b74881939cb5f

SHA256
8ad4596aa0ee3b4934e540ec85ecbd0964365e7ba90f8b47f08edb84b9936ded

SHA512
b7d7e5fc5886a8bfdd300a5d652e549fd7ed82c1141e01ce2746ab15b8621fab37df2697f9aae39082fbe946b70620fd23e2233b717eef13f515140c489dc680

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b490be84c63b4b59ca467a4b84cbbbaf

SHA1
6018bcfed69097cb6e477c0b26850a97ac425a7c

SHA256
1acdfc7fe2a1c8968aa975b3f41e9664dff3fc2549a8891f72acab689be48d70

SHA512
4e13546351997a1de3d0cf53d81f43be674392ae767f14e6c841b0705b13d79af6a0340e1891e5403a80e83d892dc60787757f1346e2f853442acc14dd73e825

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60c59acb031e15d02c627cc3121e3ffc

SHA1
52b850b3f6e4c04a4ce283ce99b46944d3e280af

SHA256
7582c80d8f1bf32298ed954db798fe1ae2eb359690a070293fd043e4a0865bef

SHA512
e97cc1092b412ae19ce796c35093c7400a041e8877cb0e4b7148b35e35003b628360a34b3b6c022f8aeaf7c09aaf1bf5ddf07a29c89669b891e4a3e6884f9359

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0816df1064664e0770633268eef963ab

SHA1
fa95ebc5909ac699015bbe8ed48d0a0b4da413f2

SHA256
c5c8a58a1bc86432ab88fadc1b8dd4f1077e97feb5399b1f27c154608545f324

SHA512
99931d02c8b33fba096d2d9532b52a33c8c2f54c3a625559b732351c5a3d13d0b2d1553a21845ca974239a87c8bfc650292b77d12374a15f600df15b0d9276b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4318686e5d495d6849b3776cb6aefcf

SHA1
056a341cf549f1b7bb42915dfb7ff24c0160c589

SHA256
eadb5d6a190c4afae4d25ab34b08b4330cb2c9e539436bdeeafcb9a6dd372a1e

SHA512
5251cde5855783bb89ad92717e52622ad0a51307d2cd0709c0897854f45ac404d5883859cc4ca55eef29fb6503445887ec6364997688d8ec082139bf65b6621e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2040eb8e52252bfcc93fdb2c3b2df400

SHA1
ff19078016927d146c3a413d8eb742b1be3de3d7

SHA256
a24531029c9673747e16a8cf51be685f9c42db22dda60503ec43d35d97c0e097

SHA512
9d9c0c3523ccd75d997d48e2ba83c658f0a88176af55aee85ee670cdfd184303b47b95a131dea00624e7f0123a81ff5f713dd5859e5c31585d45470d1bf36b0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
553e0ca14d1845e4f2da65c4194d73fd

SHA1
9ec3408f293354836181a2543d831a0196983e4e

SHA256
d71e4d71220baa8eaadaaf81dc02d63aea33937bbef7ddce88d723bd2983f982

SHA512
6e0701721d03f66ad1b142ee5961b305452f9f703b8d8ec7e7f00c8ca963a01dcc81239ba80d3b333bcda4abe752679133dbd538e1ee6a8de03716aa3e1e0d0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25ec4171d41486e672dabedbfcfb290c

SHA1
37cdcebfa1a78f5d5ff6b22e5e46ff020ae65d89

SHA256
ea568ede3350f07aeeceed8b6fb91279f52f8b6c5bb51f570070f6816f87ce92

SHA512
9327002f7e179dc3dec3b282c92b987b70a8556e7cf487b39d94f04a9e04010698fadd7ee4879b7ef64ac8434b0ec78c074499824d004b423214ed7b89fad465

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d52562903ca5c9733dea7ac4a139313d

SHA1
2eb24dcdb445a05b239dd330bdb4293a9c7e1d77

SHA256
a2d45e2a08033623b813db5e57413dcc959961427a03fbb392ab3e26a63521c0

SHA512
3ccb51d87dcc5212cf3db9b5c913103bf4daf7074b6299a6cde0904b137d48a75c12a370a7a158bf68da904f6aafa69d45d2e5e21f3650f04a53e162f423051d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\glossar-js[1].htm

Filesize
706B

MD5
67f3a5933c17b3ab044826d3927d0ba9

SHA1
5957076d09bacaa6db8ddc832b4fd87ed8f05f8a

SHA256
97e800f4836b7030dd58fe6296294b7ff5ef1b5eb0e88353f230ea1608d2bb64

SHA512
03ba224055ffdbf32b7eea30c764dc18d66cc6d8707dc5fafab74e155b0bb3d4d691c5788b033a68f05299547297125122778fa7e3252f93e7343d918936643e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab84F9.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar85D9.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.