2db211b988c8f776e2cfa80b3980ea2a9d85a9719f37fa4fae8648377db73705

Analysis

max time kernel
117s
max time network
128s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 11:06 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

77f9e12fefff8b67f5141f3cf157b3d8_JaffaCakes118.html
Size

53KB
MD5

77f9e12fefff8b67f5141f3cf157b3d8
SHA1

420e18f30e244c63f0a83d41dcfb26effd8689a0
SHA256

2db211b988c8f776e2cfa80b3980ea2a9d85a9719f37fa4fae8648377db73705
SHA512

417e7be2af6d4e729ad4b8c04d7c08a0e0afd2355f82a4d48615824f977947ae43d8d46912281ba729b5d715803be65110e3a24f888272551a94aaeb4cd522ce
SSDEEP

1536:CkgUiIakTqGivi+PyUIrunlYB63Nj+q5VyvR0w2AzTICbbOoq/t9M/dNwIUTDmDv:CkgUiIakTqGivi+PyUIrunlYB63Nj+qo

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c7000000000200000000001066000000010000200000006091b217dc6d4a6cf8ac2e035bf5b104c7df9cda167beeed3679550844a7b55e000000000e800000000200002000000041e74362b49805641febc3f96f5363318837b5fe92482e319f4eb89d24f7c3722000000052a9937392ed6d301546ed9d43526481575d6d8c10c9fa9e1e90e67d57f08c6a400000002be671559cea06dfce4ad1af9a521150fb7d4a943ec4f92a475abbcf10e9d5f13e40c46f89dda52bacca277ab4fa44b161455405f306db9671fbe72e241a82a6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EDEF7EE1-4E51-11EF-84B3-46A49AEEEEC8} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428491794"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 501bdfc45ee2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c700000000020000000000106600000001000020000000d16feba349ed393bb016fff64e1461cdfdec1bd9f0f85d0410c690d83f0bc866000000000e8000000002000020000000b8dc9c3623de205f4c7fdf4d95fc826dfedbb3ca1a6d8a9de858d040da4bda2190000000e94605dafef0d2cf86c610b27ea24695889c278aee1df1664808ec2dc727e957b8536160b1f4e298921cc68634496a55c2a03d2636c61e199bcfebec2f0478f4c718fcd7782f154bc954b126decc15c91024ecdb04653a614a346ec8ad15d5595249ee4a794a35765a0b2af89d4952d8375f9247252f72600c75f9acb70dc313cc967fb767401b009d322b636170e76b40000000499ed83484056c1be51b491ed4ce2fec50d0d57088f851badb3b071dff2073b446d98fc9d233e76a2dafd1bd024b39550611c4736dd47dd71c8e0b9f4711de7f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2912	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2912	iexplore.exe
2912	iexplore.exe
2760	IEXPLORE.EXE
2760	IEXPLORE.EXE
2760	IEXPLORE.EXE
2760	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2760	2912	iexplore.exe	30
PID 2912 wrote to memory of 2760	2912	iexplore.exe	30
PID 2912 wrote to memory of 2760	2912	iexplore.exe	30
PID 2912 wrote to memory of 2760	2912	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\77f9e12fefff8b67f5141f3cf157b3d8_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2760

Network

DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A

Response
DNS

www.wintotal-forum.de

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.wintotal-forum.de

IN A

Response

www.wintotal-forum.de

IN A

195.15.233.57
GET

http://www.wintotal-forum.de/Themes/WT2/style.css?fin11

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/style.css?fin11 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/style.css?fin11
GET

http://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/topic/normal_post.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif
GET

http://www.wintotal-forum.de/Glossar/glossar-js.php

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Glossar/glossar-js.php HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Glossar/glossar-js.php
GET

http://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/topic_starter.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/WT/wt-logo.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/filter.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/filter.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/filter.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/post/solved.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif
GET

http://www.wintotal-forum.de/Themes/default/print.css?fin11

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/print.css?fin11 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/print.css?fin11
GET

http://www.wintotal-forum.de/Themes/default/sha1.js

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/sha1.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/sha1.js
GET

http://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/upshrink.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/star.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/star.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/star.gif
GET

http://www.wintotal-forum.de/Themes/default/script.js?fin11

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/script.js?fin11 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/script.js?fin11
GET

http://www.wintotal-forum.de/Themes/WT2/images/useroff.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/useroff.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/useroff.gif
DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A

Response
DNS

adsrv.wintotal-forum.de

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

adsrv.wintotal-forum.de

IN A

Response
DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A

Response
DNS

wintotal.de.intellitxt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wintotal.de.intellitxt.com

IN A

Response
GET

http://www.wintotal-forum.de/Themes/default/spellcheck.js

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/spellcheck.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:49 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/spellcheck.js
GET

http://www.wintotal-forum.de/Themes/default/xml_topic.js

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/default/xml_topic.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:49 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/xml_topic.js
GET

http://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/post/xx.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:50 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif
GET

http://www.wintotal-forum.de/Smileys/smilies_smf/shocked.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Smileys/smilies_smf/shocked.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:50 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Smileys/smilies_smf/shocked.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/stargmod.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:50 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/Female.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/Female.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:50 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/Female.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/www_sm.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:50 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif
GET

http://www.wintotal-forum.de/Smileys/smilies_smf/cry.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Smileys/smilies_smf/cry.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:50 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Smileys/smilies_smf/cry.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/Male.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/Male.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:50 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/Male.gif
GET

http://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Smileys/smilies_smf/cool.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:50 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif
GET

http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif

IEXPLORE.EXE

Remote address:

195.15.233.57:80

Request

GET /Themes/WT2/images/WT/nav_unten.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.wintotal-forum.de
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Tue, 30 Jul 2024 08:58:50 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif

195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif

http

IEXPLORE.EXE

836 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/style.css?fin11

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif

http

IEXPLORE.EXE

848 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Glossar/glossar-js.php

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif

http

IEXPLORE.EXE

1.2kB
3.1kB
7
6

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/filter.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/default/sha1.js

http

IEXPLORE.EXE

806 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/print.css?fin11

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/sha1.js

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/star.gif

http

IEXPLORE.EXE

864 B
2.1kB
6
5

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/star.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/useroff.gif

http

IEXPLORE.EXE

896 B
2.1kB
7
6

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/script.js?fin11

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/useroff.gif

HTTP Response

301
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

494 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

494 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

456 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

380 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

380 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
132 B
4
3
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
132 B
4
3
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

494 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

494 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

456 B
641 B
7
5
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

456 B
641 B
7
5
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

410 B
641 B
6
5
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

410 B
641 B
6
5
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

456 B
641 B
7
5
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

456 B
601 B
7
4
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

478 B
681 B
9
6
195.15.233.57:80

http://www.wintotal-forum.de/Themes/default/spellcheck.js

http

IEXPLORE.EXE

510 B
1.1kB
5
4

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/spellcheck.js

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Themes/default/xml_topic.js

http

IEXPLORE.EXE

509 B
1.1kB
5
4

HTTP Request

GET http://www.wintotal-forum.de/Themes/default/xml_topic.js

HTTP Response

301
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

752 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

752 B
681 B
9
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif

http

IEXPLORE.EXE

528 B
1.1kB
5
4

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif

HTTP Response

301
195.15.233.57:80

http://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif

http

IEXPLORE.EXE

2.6kB
7.0kB
11
10

HTTP Request

GET http://www.wintotal-forum.de/Smileys/smilies_smf/shocked.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/Female.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Smileys/smilies_smf/cry.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/Male.gif

HTTP Response

301

HTTP Request

GET http://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif

HTTP Response

301
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

456 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

498 B
677 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

422 B
677 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

422 B
677 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:80

http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif

http

IEXPLORE.EXE

533 B
1.1kB
5
4

HTTP Request

GET http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif

HTTP Response

301
195.15.233.57:80

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

494 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

456 B
681 B
7
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

540 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

380 B
641 B
7
5
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

502 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
195.15.233.57:443

www.wintotal-forum.de

tls

IEXPLORE.EXE

426 B
681 B
8
6
195.15.233.57:443

www.wintotal-forum.de

IEXPLORE.EXE

190 B
92 B
4
2
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.7kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.7kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

831 B
7.8kB
10
13

8.8.8.8:53

wintotal.de.intellitxt.com

dns

IEXPLORE.EXE

72 B
72 B
1
1

DNS Request

wintotal.de.intellitxt.com
8.8.8.8:53

www.wintotal-forum.de

dns

IEXPLORE.EXE

67 B
83 B
1
1

DNS Request

www.wintotal-forum.de

DNS Response

195.15.233.57
8.8.8.8:53

wintotal.de.intellitxt.com

dns

IEXPLORE.EXE

72 B
72 B
1
1

DNS Request

wintotal.de.intellitxt.com
8.8.8.8:53

adsrv.wintotal-forum.de

dns

IEXPLORE.EXE

69 B
132 B
1
1

DNS Request

adsrv.wintotal-forum.de
8.8.8.8:53

wintotal.de.intellitxt.com

dns

IEXPLORE.EXE

72 B
72 B
1
1

DNS Request

wintotal.de.intellitxt.com
8.8.8.8:53

wintotal.de.intellitxt.com

dns

IEXPLORE.EXE

72 B
72 B
1
1

DNS Request

wintotal.de.intellitxt.com

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea6876a64a266a2fb14e752dd2edec4e

SHA1
161a09b47028ba815a38a5749cdf0436dbf5f3cd

SHA256
d034e8cc634584396630dc2ecf5f3f099d90dd2de9bff7b19642b6d1f9c474c7

SHA512
71bdad0f40cb7079c869a096359d3459c4f9298caf620b331708e27ea1feb1b72ed3e3ba639ddbff44bcef69775fbebf75425ef5480edc866745502ba07f20e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a01a0791b800ab6747f803681900a12

SHA1
324f6c3ee47e921704dc63a790e799dd2253ae98

SHA256
062f1fce44854b8268317814ebe7aabeeff744434641974cce39057d74b7b0c9

SHA512
4a1b94242d88b8411e4ee8a0b7f08132fbdf6c2b17e50e66de91f2687092249cf6a112607eed9d984d7b95d151d59e4c27fab2f75201e8ee96b6c3ee80daa0dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8af7e0d23c7f181621267c62469582de

SHA1
10ad1c34e8bccd424228ed890950565c82f46888

SHA256
bc89d7d490b9aa3c5c93fa5428a8706d3b713065ed3e0bebf1c277a2292ed59f

SHA512
37d3a9962d562a781652e01aa2ca182a0a4fece82629113f7052c3f46f58b72f01cfd92a2f5ac43e3d3276ea061625428bb9be3c887e1641357a61b250d4acc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
304941a57212cb0def716377d98bdaa2

SHA1
84871b25314cdb26f1e4d029f6e8e18422e508cc

SHA256
3f864106db7e6e00f23ce208c944cc0ce146281ef1b0b6b0c9d9af65d2472833

SHA512
3067132836527ae6fcbbcc7ee318d1d794031a1bcec9080f57f98af0571231a7f1a642f686855c9bb315e4c7b3037cd80b2f1dd9482752f676273537112d8a0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37abef6ea67b55c98b28bed7e2201d03

SHA1
775d9b847412c2af861d9faea88207604957ab56

SHA256
30e288a961dc618fce137ab8eb359aae24a3a5cb13cde0ca034b3addbb46cc8f

SHA512
1500ab29177ad8824ac987846fabc6f45a09fe51027b8b9376a42e5ff9f11dfc201902479e36a67e3db0dd17f0f2e4ec622e1ac58649f2310fc31deaee849d85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
360f077a65290fdedfcd20dd9d952dc2

SHA1
fdbf3c305542871cc42abc610e2e85cfa4d190ef

SHA256
b1c751881c796ed3b97014cc9ccd33543d9b03ce390fdc2fe8db25117c7a6b86

SHA512
6eb169816a9d0f95974ac9d9170530163434761a1087308b941afdbf8e116c1879cc27c56a2b10f2e7ed5b9489a4e3af0efe98daea8d48a83292ae723417a5f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35082c697758e68a78cbcaba4b62afac

SHA1
05543a164eb3b931e38a96140732da8496fdedcd

SHA256
bf97c9e3161cf19ade5ae1a9dc040f57b37ceb2af7c8d6271e40ebf5629eb974

SHA512
66095c62b5713ac3a4f66ea0cf3b8c76e33d2f59a27c7fcccd116c5eb0a5ac76ac9dbe2b84a81d950209d92e3337925666dca2e83b2ba040363b9a2ad1ab7b26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a0988f0ef2945fe30840f8b7738cd65

SHA1
3b1d92190923f0154cde9a5ea08c442b02ee2683

SHA256
12821cc226fc00b39d42f3e68618c22c6bc4ab4c5e1b6e0a0eab0eadeacb9f62

SHA512
800966efd0ba7e3023d5a8beb3db6bd57576efe85a875129261321e47fd437e7762a0e05a29aa37224b685443a62644e903488835afea18d669cfdc08ba9bdf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7c9afe2deaddda503ab74341db90f13

SHA1
376fc121be25364098449951b0a567c2ca2d66ac

SHA256
44998eb499a0c962598c3bb463b97bed112b3e9e3dd89f9bce4e53effd56607e

SHA512
951ca471ba2e4c5b98cddd5dd0f7f9e7a8da37d26ec2233c0401d48831d66d73fa026dca7ec782b5269c5b8b91668a8d490a795c7db8a40de8e048bf4d26f019

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45713afa4da7dda8eb918926c1181705

SHA1
36e80b0128c2ea1005d2b9465fdefe8651d9250b

SHA256
476657863528d3d8a89bdda87ff6e3dcd1aab8e0baa461be8c24d583fbc2971e

SHA512
ace15e466af816a14ea16e76cd47bac39282c7fc55369a0e8e908f3ed5b7cf1ddc1961b068d8ebd62cd2d2f1e75cafb2a269f6ceab093e469a133c76c58ef08b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
369d2154928876e119f42bf349b1bc30

SHA1
8fc2f732d979a27672520f3d036874040ff4b426

SHA256
baeef0a89c099ae4f3a4a70ae19e14e596f98f2e16063177a3f27f0a11fa8c40

SHA512
ec325667cd4442f65d6cc21b8e9865863a8ee98955ecc9b8a95b0170aeb1c2ecff926efd006ebff53b6ef094b8a9ddbf9d1385e7839de9ced6ec2d453b49655a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a67708c7a2bf0ce664d9b0094d56ce2

SHA1
1030ba834d10fc915ea17d71c5d4a5d998332ad6

SHA256
1e938895afa39f2a48ebf81e14bb1efc6e77082e7429b9366472daa9b81d5733

SHA512
4b4b52a52a7f42897b6c3295d4c98344562a3d1046dda1944ecee31be32f7606069c112364ffb814a7b1b442b7a76326778446ae027fa8ae443c8cb4f64c5c13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db2bd509e05a76d62c32c48e3f5f4a26

SHA1
c53ecc7d8907998f0bdf67d40f0124620a25ec39

SHA256
bbc4bb353a7de7f8dc2a9d962bc905efc89ec6cd2401f999a8c7782b37238444

SHA512
f59ccd5f5534254ac319eee269aa324f5df58d07e4b68b3ffbdd38a348be811e094fe9289fa2bbf78eff5e984e6622c8434d96377a6e5535a309aa1190978683

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6c0f70cbc5a2f4160cff5fd68e53c66

SHA1
9bf1fe799002b3855a04ca187156bd003be543dc

SHA256
33f86830d22edff70891affd0bc25c102fbc5f2210f8b10256bb01ffbca20de6

SHA512
168c094fad8f78b60bdfe1878c47b83d9c7507d4da9146fe5da07d61d54726968eb7624e114fe25b3feee16de2ed4888126063366ad3e4d902d2d25a019c7d73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d214f23f60250acc403f5b6f5f91d1d

SHA1
b947ba40be80ab6401cc5835da7f32cfc137c8df

SHA256
d7f76a488c7a6a5d7f8238bc8d9f520d861480b69c7969a239ac382b72c97098

SHA512
b0cb3a8d955ca969d42402f12ff92772a140294f94ab93ab47f8d9935d33d8860599805e82850b6871f1561f196362c5e0d9f829fe5a28777179d2223238470f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a5ad9d1a4aea4eb25d271545514fd1a

SHA1
28b7fe25b69b7336e91c748fcea06b4d47e22ab9

SHA256
412149161f477664288647a5c396d539b2ffe787d568464e5db05ae4e3960079

SHA512
f0749417db12b291386d19eaebfe1167e249ace2f965ae643bd430e9865d90b9f3150f1eeac0560664c1527cabf1e24937502b4f506490cb64663d4a059f10c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
93fcefc1ce41f3b7ca89548a0e23f1da

SHA1
7dbdcda9e70181038c3bb206af1a8befe7c5f330

SHA256
df05e53f0bc8dfa432d7bc66292b25af746b390d0ab014a2cf16e1c00fe5bb35

SHA512
421f22a251ba30a2b729b2a3f113328cedc43a1e5803c8908fdd9637f30bccbd77ea84a7f3a1b8170db812d9ba7ef743c1790682be52b7a4f7b5538896b5764b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48dcdda5b4d764652bbc64214636960d

SHA1
6ac2d0b47f0f605a0ed02547b62bb570459a839b

SHA256
1a3e6f02f66c292acc84c3d0870b5e6b75c7f926dadf70060f2f4dc3f5cedddb

SHA512
bbc4c220b3481885cfd7e1f8448af575fcd393722212c93425517d7382d6cad6e02d7b08f460e860b020e5984923406baaf7217af2ee15161519668e38c0135c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebc82990a7076f0bb17cf61cea83b510

SHA1
77bf4a2e6c672327e1e327aa1611af0177f875e8

SHA256
ffbd10ecf21cc5187e1aa1df86781c25d11fd206eb619a707aee40ae2b3a5d7e

SHA512
d74306b8af560f14a6079f565e9694346d4fdadb376fc225946a503ae95c9df1e53df0531b8c7b78cbeedafd0586f01f9651a6199e07d0cee89e3417c0aaa655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNZH54VQ\glossar-js[1].htm

Filesize
706B

MD5
67f3a5933c17b3ab044826d3927d0ba9

SHA1
5957076d09bacaa6db8ddc832b4fd87ed8f05f8a

SHA256
97e800f4836b7030dd58fe6296294b7ff5ef1b5eb0e88353f230ea1608d2bb64

SHA512
03ba224055ffdbf32b7eea30c764dc18d66cc6d8707dc5fafab74e155b0bb3d4d691c5788b033a68f05299547297125122778fa7e3252f93e7343d918936643e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabABBD.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAC2D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.