182218bcdd17493de7651d8d6b49bca3404ba3be4eaf2c3e4182394f29cf99c1

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 23:55 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4754fd380bc21ed838d5d1ccf24729a6_JaffaCakes118.html
Size

53KB
MD5

4754fd380bc21ed838d5d1ccf24729a6
SHA1

f3c72703dd025cc35d58a6c28d898ca479062ffc
SHA256

182218bcdd17493de7651d8d6b49bca3404ba3be4eaf2c3e4182394f29cf99c1
SHA512

df7cdccd8953a6a678239870f19e51527b587ce3614cabd1d883f38efd32b85cd0bc6a3fa589c186ef1172009dc7025b1d7c013d3aa638445b44de6707a6a635
SSDEEP

1536:CkgUiIakTqGivi+PyUErunlYX63Nj+q5Vy0R0w2AzTICbbeo8/t9M/dNwIUTDmDO:CkgUiIakTqGivi+PyUErunlYX63Nj+qO

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000386149b4a5620c68b56b7882a851a0544b0efde8e1436220c839c693b45865e3000000000e80000000020000200000004854c870aaff6eed8948d4a0794264681f31410f166bb325eb6b227fc1e72c0120000000726392db972d8130973ab2b8b28a3c1f8617df0b317c8ef8e7943dcc3a70123740000000420550ff2f383678db8cb084cdbf11f321838ed8af746efececfaaa7ef787b6ae738ef509a41b8cd7085d752e7f17180f7a2595e9cd93097bc8e3c7cee9ff25b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427163202"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd000000000200000000001066000000010000200000000a659810ee5f54d9379be0a1aed1415768d70c320c4cac4a46ebdcfd839332d2000000000e8000000002000020000000279664bc086eeb248ac1e4d35289ff0c3efb3fc67eb2d89d7330f5dde2867731900000009eab421fc8f4bb34eb504ba86a44bd15b294ea0092a83beba31c578f75270260a88c157645e39b47d54576d66f68fcb66cd92b7ccef5b68af2082f2ef724b6fe2c89cf3999d14b1d6241491a5f83669dd8d2017056850378eb1d3f603cf9b39fb0134ab3d171f454d433e9f6bb72f1840f4ae50c5ddf45d441061e0648f741a9799f2165a9e5b5ed1612ba2871ace5ef40000000a9703771f690f24fe9bbe4bd5aa292564849314add33382aa15fc87613e7dcd99b0d939aefd03f16e2217a2ba849c1ac8a6e817ba9aeb83a8e8fd4f70b2ab107	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8F6D4A31-423C-11EF-90E9-F64010A3169C} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1082476649d6da01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2632	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2632	iexplore.exe
2632	iexplore.exe
1408	IEXPLORE.EXE
1408	IEXPLORE.EXE
1408	IEXPLORE.EXE
1408	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 1408	2632	iexplore.exe	31
PID 2632 wrote to memory of 1408	2632	iexplore.exe	31
PID 2632 wrote to memory of 1408	2632	iexplore.exe	31
PID 2632 wrote to memory of 1408	2632	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4754fd380bc21ed838d5d1ccf24729a6_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2632 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1408

Network

DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A

Response
DNS

www.wintotal-forum.de

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.wintotal-forum.de

IN A

Response

www.wintotal-forum.de

IN A

195.15.233.57
GET

http://www.wintotal-forum.de/Themes/default/script.js?fin11

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/script.js?fin11 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:38 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/script.js?fin11
GET

http://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/topic/normal_post.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:38 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif
GET

http://www.wintotal-forum.de/Glossar/glossar-js.php

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Glossar/glossar-js.php HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:38 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Glossar/glossar-js.php
GET

http://www.wintotal-forum.de/Themes/default/sha1.js

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/sha1.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:38 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/sha1.js
GET

http://www.wintotal-forum.de/Themes/WT2/style.css?fin11

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/style.css?fin11 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:38 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/style.css?fin11
GET

http://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/upshrink.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:38 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/star.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/star.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:39 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/star.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/useroff.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/useroff.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:38 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/useroff.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/topic_starter.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:38 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/post/solved.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:38 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/filter.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/filter.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:38 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/filter.gif
GET

http://www.wintotal-forum.de/Themes/default/print.css?fin11

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/print.css?fin11 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:38 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/print.css?fin11
GET

http://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/WT/wt-logo.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:38 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif
DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A

Response
DNS

adsrv.wintotal-forum.de

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

adsrv.wintotal-forum.de

IN A

Response
DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A

Response
DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A

Response
GET

http://www.wintotal-forum.de/Themes/default/spellcheck.js

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/spellcheck.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:39 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/spellcheck.js
GET

http://www.wintotal-forum.de/Themes/WT2/images/Female.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/Female.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:39 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/Female.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/Male.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/Male.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:39 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/Male.gif
GET

http://www.wintotal-forum.de/Themes/default/xml_topic.js

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/xml_topic.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:39 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/xml_topic.js
GET

http://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/www_sm.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:39 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif
GET

http://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Smileys/smilies_smf/cool.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:39 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/post/xx.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:39 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif
GET

http://www.wintotal-forum.de/Smileys/smilies_smf/cry.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Smileys/smilies_smf/cry.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:39 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Smileys/smilies_smf/cry.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/WT/nav_unten.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:39 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif
GET

http://www.wintotal-forum.de/Smileys/smilies_smf/shocked.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Smileys/smilies_smf/shocked.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:39 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Smileys/smilies_smf/shocked.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/stargmod.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sun, 14 Jul 2024 23:55:39 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif

195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif

http

IEXPLORE.EXE

860 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/script.js?fin11

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/default/sha1.js

http

IEXPLORE.EXE

818 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Glossar/glossar-js.php

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/sha1.js

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/star.gif

http

IEXPLORE.EXE

1.2kB
3.1kB
7
6

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/style.css?fin11

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/star.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif

http

IEXPLORE.EXE

872 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/useroff.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/filter.gif

http

IEXPLORE.EXE

869 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/filter.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif

http

IEXPLORE.EXE

833 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/print.css?fin11

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif

HTTP Response

301
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

456 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

380 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
132 B
4
3
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
132 B
4
3
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

494 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

494 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

456 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

456 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

380 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

380 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
132 B
4
3
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/Male.gif

http

IEXPLORE.EXE

1.2kB
3.1kB
7
6

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/spellcheck.js

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/Female.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/Male.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif

http

IEXPLORE.EXE

1.2kB
3.1kB
7
6

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/xml_topic.js

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif

HTTP Response

301
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif

http

IEXPLORE.EXE

1.2kB
3.1kB
7
6

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Smileys/smilies_smf/cry.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Smileys/smilies_smf/shocked.gif

http

IEXPLORE.EXE

530 B
1.1kB
5
4

HTTP Request

GET http://www.wintotal-forum.de/Smileys/smilies_smf/shocked.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif

http

IEXPLORE.EXE

529 B
1.1kB
5
4

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif

HTTP Response

301
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

494 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

494 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

456 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
132 B
4
3
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

380 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
132 B
4
3
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.7kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.7kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

831 B
7.8kB
10
13

8.8.8.8:53

wintotal.de.intellitxt.com

dns

IEXPLORE.EXE

72 B
72 B
1
1

DNS Request

wintotal.de.intellitxt.com
8.8.8.8:53

www.wintotal-forum.de

dns

IEXPLORE.EXE

67 B
83 B
1
1

DNS Request

www.wintotal-forum.de

DNS Response

195.15.233.57
8.8.8.8:53

wintotal.de.intellitxt.com

dns

IEXPLORE.EXE

72 B
72 B
1
1

DNS Request

wintotal.de.intellitxt.com
8.8.8.8:53

adsrv.wintotal-forum.de

dns

IEXPLORE.EXE

69 B
132 B
1
1

DNS Request

adsrv.wintotal-forum.de
8.8.8.8:53

wintotal.de.intellitxt.com

dns

IEXPLORE.EXE

72 B
72 B
1
1

DNS Request

wintotal.de.intellitxt.com
8.8.8.8:53

wintotal.de.intellitxt.com

dns

IEXPLORE.EXE

72 B
72 B
1
1

DNS Request

wintotal.de.intellitxt.com

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c7035fc572a4bc7a0dad29b2790b4fa

SHA1
5968a03d2e45e3c8431d08a7024162821dc69fe0

SHA256
a13a88cf18915e7bd7c4f580a0c4e1496b1698ef5f485487d009ff81efeedf44

SHA512
3fc02c189f2ecf51409c4a764610d9041b06f43e2bcdfe3a6f5941d6dda0a5aa2041780fdf3d2c0d127bb8a2fac499de3ef41bd51403cc493bb3fff50506c388

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
586ff6724c34c79a1e8c3e25b4a53e37

SHA1
69e1f62a24e5607357ed6f8148ac3ad2f5890e1f

SHA256
4bd42dd70f88a67a019b18cdacb71e5d18fc195c010157c9a6049c7b64a07d68

SHA512
fe0d64e9700fd728b0244cfddee1ba1c1ea1af1f6ede08176bab51812f0a6dc977e5836feba47acaa12832c18c8919564d54384621e9324e02d9a1a4ef356ae9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08982c912c9419462b8028dbf0f9bae4

SHA1
022308dc16580e4d0d536a24f53ff351cb08eba3

SHA256
49079cafbbd20c57f1639627355369e7b2a979f137c5dac8a66b12bb27cb56bf

SHA512
54ad039d4d3bbc52b2981706325b3849587fd4252dd1aa463b776653f85029f70105441f01f33c0eca38ff5e50f6ac848913e51ac3af54a19976b277c53f6ec2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55126fcc04df9f597571d6ecc657960d

SHA1
4c33b6047eebb046c58b70dd0e7921aebd6c433f

SHA256
3fd6ce8b53fcebcf9c00e08c96e8f537849d04b4e276d41ae8090acdfb560877

SHA512
14c822ec19a3db91e0b41b3349e3766cba63943808d1c7799505041cf7594bb459798721d021fa25194d3c722a955378574da3f919582b4205ca79c4bf2c7ef9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
276d63d7de7c8b6ec2fd3aa10998298c

SHA1
7d43bd809d457ed4c93249694d4c3efabfcf8151

SHA256
eb82cd625ef6d76beb2d0734cc8d1c2261fb13dd521002e0e907abfa2cebfc6c

SHA512
b7706dcf722a6c20b8c15a77a992faef43a4f2c47c8e0b3a578fe6240611882b0d1a1fc27e06bdbb260e5cef4e10f032ffb19e091aa78396a998135e792222a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d380e173d79eb58ebe83df9900fdf34a

SHA1
1cb0eeee3fd6781882fe3d3e1ed7c1dafcab2d20

SHA256
030f287237969b83a4e0f617f835b2f66b5168d866c4023cab2c226e8bbe1eeb

SHA512
4a5975f08292fbea3409f577cbb9f24145afce5e6b0c62d7120f8ea24db266c05afb2406209efeaa952fd9ebb6193588c0ca014d26f231d194d4c806c684c909

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb8e05ebd834c57a7acf14f9017243ff

SHA1
2d80000c67a4f59812f7fcaa5679443ce8dadd8c

SHA256
4e4e5a519bfe27db7d26a5cd61f8432eee0fa3f2d261ee35181338f4fbd62c91

SHA512
8f37f9e8525a7250ce307beadac49a49f7ffbf892af7562eb5cd455adcec33835d178ba05ec812466f946e984f58d08077823d9f0f04545eaa514156d2f4aa14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4b4172c0cd0653c924478aafcef7eb4

SHA1
81fb8b86b104f168760a378684afec0d6fb81a83

SHA256
9bfc59588725d601102eb370e10925a8469d637aded18d6aa1dc1729eeeedbc6

SHA512
009c595484e382339cf015f7775a764bdf8072c8d5bba3f578e3ad59df2c6fef0d4d4926b7d52dd7f22ee50e75c0e04457b4cd75ca4e8c9567e147262433e337

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e27b78b0de8c213ea6c68a89fc468d3

SHA1
71634c42ffe9067c850d6cdac5e6afff1d524d0a

SHA256
92d9e0a69318053ceeb3139b664ded364c54761c4b38abcde4b0324e1cbd7ff3

SHA512
fbaafcb777a31df7b096650c4d6bfa76bba7ba56ddc3319dce5697b6dd3ca197c96111a3a9fa76366231d82c95040971a01b2d9262391ae5e4a3a1966ef6cd7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
453b717d15bb75cbce38562dd6bce758

SHA1
255b34d3101d27c2c6d24f72c3111712ff339ae2

SHA256
b65568357b9e2ff5908850471fc8b40bbbbbb00e686cac7c0522ee0497e13764

SHA512
e97bfc4a9defbed42d29ac66d200c7d2b2ebeab6db398b10453192e7d56eaa520203411329f2528a0b2ea01e4add55302115cf98273ee9a69f9068d67385253c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
917e6056fd3eab43b87dbe3e0fb693a6

SHA1
14b9356f5dadf1fce9437c4461dab98eb7707676

SHA256
38672e9749b4df04591dcb96bc7010385570fe35a8deec4b477ab30ffc568a34

SHA512
92f19eb62ffd8aa95f12b51be9347ace2e94aeaf78a2f09e76ae0d01e275ded5235f3c34e5bd0462bfb35ae59722f6e7057084cdbf01b31874d0123cce0480be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
892faa3ac36f984594505f5b87efdbe9

SHA1
7a61ca580f12334c4dc5424c065036e80dbc5c21

SHA256
19a7f7a64f84e8a3b7ce2e82bc8f50516e0d477831344758625e74f10459baef

SHA512
c1268b35c84e2add94ca4321ab40e36cf09865254bd3d66daae42e5a1f65faecb95b8c8e66e132b32ea20b2c826650ff6d18dc743f41da32ae0a0e71c6996dd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da5314175c033eff920a9e576db14902

SHA1
e0fec0f320adcea61ee783f591da0687c4079f54

SHA256
25a19022f5157788482ecbd3d3cc5aab51b7a0d86716e575d3703146b52d38bc

SHA512
700c32b140057a587f4cbcf0b4db9d34fdb1b357ca7a915ddc5ae2df511bd78b95596a8e713b785770e525bb62c67e0933475d35137ac4e4768e265d8ad9478c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c77f3ef6de810cc32e063c0d6c67600a

SHA1
ff87a04431067e8ece728319284440665566fc12

SHA256
4a9d754784a5aa66ae7d83aea1959e33180a0d3350586d5002de18f93761cd5c

SHA512
27e47c5618a0bc0b0eb795b072fe3ecc211bf88bd2884bfd201a3f0d47c11255395657bc78998c6c6885d21377c41f72ad04584049c159ab7474152806570a7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
318d8ac075ff34e09d26a6426dfa79ee

SHA1
d2cc1a19d6ad0e3b52b86982ffcdca97d98c2a8b

SHA256
a55c68610767e8fe1c819111186c228552df38dc8fba7536f078794603afa0c7

SHA512
7aa5c8f00edf66d88fe4d797b784e9128bbeb904e3c24a69660f88a4843d61756bd54289eded0566f9e11c268febac81dde16c3729a51df16eedea16ce7030e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a146b8c139427561c6ae00fa76ecb03

SHA1
51115979ecdfafb0f8c9715057373a4c5c3e19fd

SHA256
364208358645552f20d6ed1a7d1b47746695d381cded9817f05aa56ba2f4684b

SHA512
fe9af6789da149c28f52b8516b2fd370efb7ec02cefd4ae8800a6d1c675106f4c1db2428d244d29c65cd99ba5ef9663bc5d0f05eeba27a9ab613ed2660a3de8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a0a2c920f0ea3b8eb91847557d7cae7

SHA1
271bb16a9be6486cd1f34edba2fe7d143ff860c7

SHA256
67bf7ac22bab01ed6e010ab0f683d140ef97e3be8b3c9d7c0f8541867b430442

SHA512
179539680d51beebb60a75bead1272c43ac197e4ebab7df6ce906ebffae77a60ca1bad8d65efe280e86f3b5e9ee93e3b341df660eea3c15b79501c3fb8e18766

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1d5b27422a3f23b898390ce9fb576c0

SHA1
3c1d6cc8723a31520da2c78d5c572d086ca29f36

SHA256
a79e1c3bc410694872ee6785482a0d82f774e195398a3347811aacfe892fa63a

SHA512
85dd8bba1736b9901fbdc47607a779545a9e53ce7a1ec866259a97fd0d831ed47df177229eedd0c4e14e597474c098b63a58459e8a465c8c7bedb2ae6805315c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1917c5a7d3391abc674e54f145120de5

SHA1
acb74667cc4f23305df7085f5b382716a85d7cc2

SHA256
d8fb065aee003804bc3d7e4e097bfb1fc1e1823cc4e977df43daf50cc94a9cc5

SHA512
447181e99cded1f606f96c9b3756d12c277fa2613a849caeb6c878013f0c2481c44b3abe021bd8e4fe547f4183986508d96cf23b9be708f4231686d9c6e17a23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\print[1].htm

Filesize
706B

MD5
67f3a5933c17b3ab044826d3927d0ba9

SHA1
5957076d09bacaa6db8ddc832b4fd87ed8f05f8a

SHA256
97e800f4836b7030dd58fe6296294b7ff5ef1b5eb0e88353f230ea1608d2bb64

SHA512
03ba224055ffdbf32b7eea30c764dc18d66cc6d8707dc5fafab74e155b0bb3d4d691c5788b033a68f05299547297125122778fa7e3252f93e7343d918936643e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab12B7.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1329.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.