e93e801fcf7109699ce72b56d1c6a0c4fa9773b0c3c891fd9faa70f687387b7e

Analysis

max time kernel
136s
max time network
132s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 04:46 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bfe183391bf883688245b38b2067e78b.html
Size

53KB
MD5

bfe183391bf883688245b38b2067e78b
SHA1

31c2d9f76255443cb1ec0f6fe75e1c5730fc874f
SHA256

e93e801fcf7109699ce72b56d1c6a0c4fa9773b0c3c891fd9faa70f687387b7e
SHA512

09dc142a6a6567df0c50fea02e81c9968af22b228882673af541867b8dc0a338c5d5a924ff76356c66d2b5c2f6b883f75da8ce38c1cb79f4079ada1aaa33603a
SSDEEP

1536:CkgUiIakTqGivi+PyUyrunlYa63Nj+q5VyvR0w2AzTICbbAoD/t9M/dNwIUTDmD7:CkgUiIakTqGivi+PyUyrunlYa63Nj+qZ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c23067700000000020000000000106600000001000020000000aa8417b1dfd145cb575f8ad337e0b28e0fd687074133229b1f4cb054f04e9d69000000000e80000000020000200000006eeee4a640a54068c432322536b0837d91524205b0297afd3c50acfc904a6d429000000051aaa94674490e364a99351bc4d2624743d7831595138c2beda07435d5fcb137f7e587f4b8c3dad2ecf8086595d197b6c5de1215a3e252055dfd0de19916f521187b0f49f6f462539bebe14abbf70034b34f1d9a5b93e2cbc3ea6d1114ac18be05ce85cd3cebe39f0de7c54993ce6d54da2fddc4f90777b0df25c6c8577f0f10265432fdca3e4f30b376a316a3f75a5c40000000c14999b51d9f3a1c60d1fa2003fa48409afce2b382f9f2fc646fed82e5cc3d11439dccee24e048e3a66a172119e4d0b91f5f91dc7fc660390d2cbf5d7e2f4aa6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4C1A09E1-DF62-11EE-91D4-52ADCDCA366E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416294247"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a04e9f3f6f73da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c230677000000000200000000001066000000010000200000003dd9e478e2ede829e041e24f1573aad0d354a5d52738f62ad875578004e87445000000000e800000000200002000000076cbfb5039a8a5732f18df015988d4c0db3a978c159ade5814c7eaffce3cf125200000006697ff032d3fbeb1ef9dd83b6c4e0d111d59009decf804fcde1e66f9fde258b740000000662c99bc352177dd4da235a4cbb5f279fb13704c0c0c0a6b2caf8ac051336f135eb25fa9022b5530e74851d26e1650e543df023371cbce793580834870da5413	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1732	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1732	iexplore.exe
1732	iexplore.exe
1704	IEXPLORE.EXE
1704	IEXPLORE.EXE
1704	IEXPLORE.EXE
1704	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 1704	1732	iexplore.exe	28
PID 1732 wrote to memory of 1704	1732	iexplore.exe	28
PID 1732 wrote to memory of 1704	1732	iexplore.exe	28
PID 1732 wrote to memory of 1704	1732	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bfe183391bf883688245b38b2067e78b.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1704

Network

DNS

www.wintotal-forum.de

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.wintotal-forum.de

IN A

Response

www.wintotal-forum.de

IN A

195.15.233.57
DNS

www.wintotal-forum.de

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.wintotal-forum.de

IN A
DNS

www.wintotal-forum.de

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.wintotal-forum.de

IN A
DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A

Response
DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A
DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A
GET

http://www.wintotal-forum.de/Themes/default/script.js?fin11

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/script.js?fin11 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:22 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/script.js?fin11
GET

http://www.wintotal-forum.de/Themes/default/print.css?fin11

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/print.css?fin11 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:22 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/print.css?fin11
GET

http://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/upshrink.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:22 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/WT/wt-logo.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:22 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif
GET

http://www.wintotal-forum.de/Themes/WT2/style.css?fin11

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/style.css?fin11 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:22 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/style.css?fin11
GET

http://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/post/solved.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:23 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif
GET

http://www.wintotal-forum.de/Glossar/glossar-js.php

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Glossar/glossar-js.php HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:22 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Glossar/glossar-js.php
GET

http://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/topic/normal_post.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:31 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/topic_starter.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:24 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif
GET

http://www.wintotal-forum.de/Themes/default/sha1.js

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/sha1.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:31 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/sha1.js
GET

http://www.wintotal-forum.de/Themes/WT2/images/useroff.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/useroff.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:26 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/useroff.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/star.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/star.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:24 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/star.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/filter.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/filter.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:31 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/filter.gif
DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A

Response
DNS

adsrv.wintotal-forum.de

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

adsrv.wintotal-forum.de

IN A

Response
GET

http://www.wintotal-forum.de/Smileys/smilies_smf/shocked.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Smileys/smilies_smf/shocked.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:42 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Smileys/smilies_smf/shocked.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/Male.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/Male.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:42 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/Male.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/stargmod.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:42 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/www_sm.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:42 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/useron.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/useron.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:42 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/useron.gif
GET

http://www.wintotal-forum.de/Themes/default/spellcheck.js

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/spellcheck.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:42 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/spellcheck.js
GET

http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/WT/nav_unten.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:42 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/Female.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/Female.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:42 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/Female.gif
GET

http://www.wintotal-forum.de/Themes/default/xml_topic.js

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/xml_topic.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:42 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/xml_topic.js
GET

http://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Smileys/smilies_smf/cool.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:42 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/post/xx.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:42 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif
GET

http://www.wintotal-forum.de/Smileys/smilies_smf/cry.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Smileys/smilies_smf/cry.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Mon, 11 Mar 2024 04:46:42 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Smileys/smilies_smf/cry.gif
DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A

Response
DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A

Response

195.15.233.57:80

http://www.wintotal-forum.de/Themes/default/script.js?fin11

http

IEXPLORE.EXE

926 B
1.1kB
8
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/script.js?fin11

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/default/print.css?fin11

http

IEXPLORE.EXE

794 B
1.1kB
6
4

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/print.css?fin11

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif

http

IEXPLORE.EXE

868 B
1.1kB
6
4

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif

http

IEXPLORE.EXE

872 B
1.1kB
6
4

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif

http

IEXPLORE.EXE

1.6kB
3.1kB
11
8

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/style.css?fin11

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Glossar/glossar-js.php

http

IEXPLORE.EXE

818 B
1.1kB
6
4

HTTP Request

GET http://www.wintotal-forum.de/Glossar/glossar-js.php

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif

http

IEXPLORE.EXE

736 B
2.1kB
9
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif

http

IEXPLORE.EXE

678 B
1.2kB
8
6

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/default/sha1.js

http

IEXPLORE.EXE

702 B
2.1kB
9
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/sha1.js

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/useroff.gif

http

IEXPLORE.EXE

580 B
1.1kB
6
4

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/useroff.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/star.gif

http

IEXPLORE.EXE

669 B
1.2kB
8
6

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/star.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/filter.gif

http

IEXPLORE.EXE

725 B
2.1kB
9
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/filter.gif

HTTP Response

301
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

918 B
653 B
9
5
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

918 B
653 B
9
5
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

640 B
677 B
10
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

594 B
637 B
9
5
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

592 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

592 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

752 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

752 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

554 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

554 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

830 B
705 B
12
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

1.2kB
705 B
12
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

758 B
653 B
8
5
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

758 B
653 B
8
5
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

432 B
641 B
8
5
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

478 B
641 B
8
5
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

524 B
1.1kB
9
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

434 B
136 B
9
3
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

434 B
176 B
9
4
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

592 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

380 B
641 B
7
5
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

236 B
92 B
5
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

236 B
92 B
5
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

592 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

456 B
641 B
7
5
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

628 B
733 B
11
7
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

524 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

242 B
92 B
5
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

448 B
601 B
6
4
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

242 B
92 B
5
2
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/Male.gif

http

IEXPLORE.EXE

865 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Smileys/smilies_smf/shocked.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/Male.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif

http

IEXPLORE.EXE

912 B
2.1kB
7
6

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif

http

IEXPLORE.EXE

1.3kB
4.0kB
9
7

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/useron.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/spellcheck.js

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif

http

IEXPLORE.EXE

1.3kB
4.0kB
9
7

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/Female.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/xml_topic.js

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Smileys/smilies_smf/cry.gif

http

IEXPLORE.EXE

864 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Smileys/smilies_smf/cry.gif

HTTP Response

301
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

706 B
641 B
8
5
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

810 B
693 B
10
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

592 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

448 B
601 B
6
4
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

448 B
601 B
6
4
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

676 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

592 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

592 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

478 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

1.3kB
733 B
13
7
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

676 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

380 B
641 B
7
5
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

232 B
128 B
5
3
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

630 B
1.1kB
10
7
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

630 B
1.1kB
10
7
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

490 B
637 B
7
5
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

452 B
597 B
7
4
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

1.0kB
733 B
13
7
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

242 B
92 B
5
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

236 B
144 B
5
3
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

546 B
641 B
8
5
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

858 B
685 B
11
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

586 B
721 B
9
7
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

340 B
144 B
7
3
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
641 B
8
5
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

380 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

444 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
132 B
4
3
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

236 B
92 B
5
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

594 B
2.0kB
10
8
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

478 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

472 B
721 B
9
7
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

236 B
92 B
5
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

1.0kB
693 B
11
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

456 B
641 B
7
5
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

432 B
601 B
7
4
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

236 B
132 B
5
3
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.6kB
9
12

8.8.8.8:53

www.wintotal-forum.de

dns

IEXPLORE.EXE

201 B
83 B
3
1

DNS Request

www.wintotal-forum.de

DNS Request

www.wintotal-forum.de

DNS Request

www.wintotal-forum.de

DNS Response

195.15.233.57
8.8.8.8:53

wintotal.de.intellitxt.com

dns

IEXPLORE.EXE

216 B
72 B
3
1

DNS Request

wintotal.de.intellitxt.com

DNS Request

wintotal.de.intellitxt.com

DNS Request

wintotal.de.intellitxt.com
8.8.8.8:53

wintotal.de.intellitxt.com

dns

IEXPLORE.EXE

72 B
72 B
1
1

DNS Request

wintotal.de.intellitxt.com
8.8.8.8:53

adsrv.wintotal-forum.de

dns

IEXPLORE.EXE

69 B
132 B
1
1

DNS Request

adsrv.wintotal-forum.de
8.8.8.8:53

wintotal.de.intellitxt.com

dns

IEXPLORE.EXE

72 B
72 B
1
1

DNS Request

wintotal.de.intellitxt.com
8.8.8.8:53

wintotal.de.intellitxt.com

dns

IEXPLORE.EXE

72 B
72 B
1
1

DNS Request

wintotal.de.intellitxt.com

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52205c82f3d6549292b3c43e1d886e05

SHA1
9d8bb5458c2e2a6ddc5de173f46e89af112ebffe

SHA256
fce3670e13fc6a3a62a636efb6f8cdf78fdb1bb6647966bccb5d2840f153b64f

SHA512
93df90eccb67fc3303b2886071e5e92472b4c0f2dc8d6b27e6b16c0abf3d21ec845f82bbf4885ae7a18eaa6174193bc3aaa8417a3272964eabe6d6fc2cb8c5ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
620dbb1e7d30ae9fbf3b900e210f35c1

SHA1
cf8b8231ca30c486aa9cfd7993267028a9cdfad5

SHA256
a9500c8edcfe88b8a5e6dcaaded362dbe5b1159496a81cfa5af6aa44673fc191

SHA512
3e97db4022e3a2f26cae9f16c74d89e2733db52c8d82503121d5bb10e136251d0cf92cc77c55ed20779b2f793e329c9f04c7374d0b1d7b7b44a32efa0c69cf5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1d5ceac1f387af879d51cb39e333d66

SHA1
b263b434fa4f85d5f4c7a924f63429c041f3fa6f

SHA256
124fb05aebf21136f376b37dcccbe89c14b2defa0524aa8617ff3efa3835329a

SHA512
30626072ae78b8c0697b983f170b756967f1d269ea0083fa146f343309f170a0ecd01b4d4bc8fac25945591e4ceea5bb98cf395d441270d421fbcfb8bf43c415

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58fbecd2a472a7aedc6ae99aaf96845b

SHA1
08c58b249ac628cb6b68647b563b2b79dadafe88

SHA256
5eb2c977c701efe5eff8b8d7e1ab81f4b279f17ce761ba241679338397901937

SHA512
9dfaa2092d6967e599a503d07320cd8073815a574bde955bbd915fe000fb8580e7ae77e4371eec9b61c1f318d742e05b9634618da3a8bc1c1ffb366543bfc7b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70d1b96747a24689579f53a8cb11859f

SHA1
0a1fdef9bfbde245f922a60f3f3e38d5e6867834

SHA256
435325060bfbbaa26ea93465d4bc866370707d66506fc16d261fd05532c1ed20

SHA512
fbd69c6c7fe6524b5e6ef6033939c02cfa3038a00a5d7639bd23bd7eaed00ef3e195ed1d1e16170a59c6546b691b2a740cca587626c6ebcbb0110561f144fd7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c88ad1c0b1053bd89de6269d07ee156e

SHA1
6c85bd519dc311a451778cfab3eb81343e336955

SHA256
259a15c2d54df2c847ef5ada922233f0a339bc93fef992c2a927a478743f32e6

SHA512
79e6048e0cb3b95cb2e69d3075f5975e24ee8a92e69c3991862600b674b753a3e757f15fda943469d0f2da52f9a08ddea5b34a79c69a952af518223f1b0344b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2987ce9647aaa785642a520434516f0

SHA1
88ab8be5eefe872fc8a170b2469f57c7f8d4edcd

SHA256
1509b95a10d6ee382c2e40ad2fc75042f0346bf616f66fa0850c596b9f0cba57

SHA512
eec2618a1c6be81204a09eec9189dd3a8f0abe2d942fa63c120bc5f3f24b0cc4bf56d428a86040e7733f82e12ff649414cb48fcb48ab40dd0e4c8807d80d709c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5955ad18961441c57c2cd69cc7ac6ade

SHA1
9451faef5c9df9754a81671598ce4514a5320249

SHA256
0d702f9a45cbf1791dc6248d161af4a13f450cac0e2d40efe9e3e72e9691b3b8

SHA512
7ba469d7d33a3fca2f553600784d6ac740550e31e579e46dabb165e2f1d8cba44b924bd430300c64f886cc1131ab974a71ab6f934e54a547968f29e28d33d53b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e88353a078f5c4c68878733020919943

SHA1
fb0cf0b9ff028ba7524f1dc0c9510e9f081aff8e

SHA256
9f8b2d3b1c5751f4da367511d8860d0656614f70eea9f99c5af1f35fff7a3690

SHA512
6b416199cfd60a51f95c195e4081a32fee11eefecdc989286966e88d4d42c8361b9624117849ce1845dfb1832487e85262a5a2e38b157864458b8d5305450060

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1daa0587fac45ef983f2f033a9d27f2b

SHA1
a9d41cee9d02a01559608a335e4c9f95cd7ee5d0

SHA256
18337ea30f6ac6a37326796a510e7f795496e7ff83ce74aa0eb55b25be779f15

SHA512
5c0a0b55f7c7a27fdf2664a91d1eb5244857aea69576fd88ee8c8dab3b9925cb78dab48de30892370c18c677dfa8c757d0ff0ea620cc03e650d9872e34d614f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
526dc9613e3b54d3efeda073295cb55a

SHA1
5e979f9b79fd2066149c5988b23c73216b0a2562

SHA256
db3c51b2a3c7e3ac87a34dc412a4e31c86b039008c85649c62eb2e54bd6aa2ba

SHA512
ea52a1bc7da812d6b72600faab7ec88340ee086b42fe578897f07514aaa539b64852f368a22579b2ce77d658924af9c82e5ef192d4740ce6ebf29229261b50a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6f2a46c6febfdaf8e589ca9a0f6c83b

SHA1
180b9c6ff9547ee9616ddd3e68c214bd2f44125a

SHA256
5d81b5bd6824f43261b815258ad232c6877c062dba65200325cecc98412d6f0d

SHA512
1699292fe1d951ea0147cbde83ceeb1c7a50d87879f2448dbfa44028e392bac38d4364e7dd14f569e43b12273b77f3776f92fc61dee1e52535049077beb1e97c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8925c55d448e81a9b325fc7484757376

SHA1
2377039867c819bd4deaed0a1b837ca9eb449763

SHA256
6ff2bfdcccd8b7efaab6b51e6de7edd0238afed71498038734547b44af1747f6

SHA512
3815d1be5e7c48615e6e43fe77efb2a32e6a27555cd206892c6f33490414b9b691e33c42f7a8e651e2abf90f764c0f193563858ab35e1e35843709e03c4f30f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c8ec4e525f9f6198dc75f4dcc5d0e9f

SHA1
bb75fba570ddaaeebda39f5c64056a41a5c4e19d

SHA256
a4160046dda5241c0951f90793a53fe84a73cfb2beb76b72eab7a78dca5bb0ac

SHA512
d19b79a286ce27cbbacb6e4cea2baa2037d1edcc19f5fabf8a4ab468f33adb39cbc525f22769dc94c4597234f422a73d4fc7c275ea6099a7823aa325d5c5437d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13bff1cd3da531d2348647f43b32a792

SHA1
0aa11ad188e0b9826334dd9bb409d95a7a3831e7

SHA256
11952af39ff2dc1d29a9cba78144a9a1f382f5cb8fd7e1c6c2a7f94c18e16ba8

SHA512
dc63cbaa4ecb384ef913f84fe4bbeecb72c7d11def4741d8f6d23930577058bcbe791d8dff43c9025bd33220e3f2255a0d8797696b25339dcbfe47f4db1392f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9831aba89d1517cc590351071a48bcce

SHA1
c3667a4b38cdcddba9e7f97823ec5b1cdd50f98b

SHA256
01bfcd9446d7505db5cf8dc233688a68b54fa458ab49a5563a1068a28a815aa9

SHA512
793949f0e82c4f198f1c5036fd924170fd253b2bda4d717ce3fa7b97a9a4478f54543ee2656061c12593b2aee9685a0aee7a88e6689b284b8516361dee49d4b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d0d0f652f2e7f576978ed4685533968

SHA1
4437012d82eac71778be0d7eaf8ff5fb7574ee3b

SHA256
92f139f5437b2faabc73590ea2ca9f87b491aa2f528b320538f178eaa09eb6db

SHA512
13876bd5c61bcd4894765e6372bc9abd9bc42233e73e1e5d1142253b9bce22f9b666174964d7f2642c536623eba409b1301f136c2d629caecf301b23d17d7d1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3cedb5075693d5b853084ad8c845ebf

SHA1
e91c0392cfb30e3449fd22f0c51207e0fe58e05a

SHA256
ee08dfd816683e9ad4485dd4151956e382a4df86ebefe4ee9bfb7b3752dab98f

SHA512
ec8c16a6845f3b86c71f1bd41831bfb56b7aabbd02d217da51e55cac3c6924d4cb0369b38458c3df5f22a749ca3e62b9012cff8f2fd5a3630577274806c817c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c980c54c98dade5b9f37bb843c0ac65b

SHA1
a2e4357b1f54629374603e546ddc44bd2096c088

SHA256
628b65a842b50b4e37d930b083fbbc4ba814d8c6fed7fa3803d63e1e9558c18b

SHA512
38af6b57050f069d07acbc3063b8198cd555455d08e3e185b3c80cfa2eab1a49a30231ef97cc0c320ca51b5e45e4cb7054d6121439b885b28bb760dbb98e6ce4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd49c42d3fc0ca62555619793f5b97c2

SHA1
426559e9bac3d5df673fa80217e5a06117278d30

SHA256
f7e397f9a6d089d9e146065a4369677b49c3433724f3d56591a84ae83cc87ce9

SHA512
41e5bffee1326eedc494399ffa91186128887277742a039e41cc68b1f96fcfc78ecb4d4da44ac976dd96b4033763bbc7abd41304ee6a577bfe9b7a082f169eef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23EIUNT7\glossar-js[1].htm

Filesize
706B

MD5
67f3a5933c17b3ab044826d3927d0ba9

SHA1
5957076d09bacaa6db8ddc832b4fd87ed8f05f8a

SHA256
97e800f4836b7030dd58fe6296294b7ff5ef1b5eb0e88353f230ea1608d2bb64

SHA512
03ba224055ffdbf32b7eea30c764dc18d66cc6d8707dc5fafab74e155b0bb3d4d691c5788b033a68f05299547297125122778fa7e3252f93e7343d918936643e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar295A.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.