Analysis

  • max time kernel
    145s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-10-2024 01:23

General

  • Target

    083ce3c5a0bae12a0a2f9c89bfbe17f4_JaffaCakes118.html

  • Size

    53KB

  • MD5

    083ce3c5a0bae12a0a2f9c89bfbe17f4

  • SHA1

    fc874fbe68978fdc4301e3037b99adca0d80f16a

  • SHA256

    73c475284b8a74943ec76cee30718c8de66b392ba731adb880de1e0861e13060

  • SHA512

    5abc18562fe31b294c5955e74e60c99203cea975fc4a4969d8ebdc2454de2e6c779e63377303f2d54077fa97d0e521be955455593d6c28d021789367c3c5a9af

  • SSDEEP

    1536:CkgUiIakTqGivi+PyUSrunlY263Nj+q5VyvR0w2AzTICbbKo3/t9M/dNwIUTDmDo:CkgUiIakTqGivi+PyUSrunlY263Nj+qc

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\083ce3c5a0bae12a0a2f9c89bfbe17f4_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3760
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe94a546f8,0x7ffe94a54708,0x7ffe94a54718
      2⤵
        PID:2712
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
        2⤵
          PID:4440
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4424
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
          2⤵
            PID:1240
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
            2⤵
              PID:988
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
              2⤵
                PID:4284
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
                2⤵
                  PID:5020
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
                  2⤵
                    PID:4060
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:912
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
                    2⤵
                      PID:3672
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
                      2⤵
                        PID:3272
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
                        2⤵
                          PID:368
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
                          2⤵
                            PID:572
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4152 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3224
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3396
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:3296

                            Network

                            • flag-us
                              DNS
                              8.8.8.8.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              Response
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              dnsgoogle
                            • flag-us
                              DNS
                              www.wintotal-forum.de
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              www.wintotal-forum.de
                              IN A
                              Response
                              www.wintotal-forum.de
                              IN A
                              195.15.233.57
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Glossar/glossar-js.php
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Glossar/glossar-js.php HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: */*
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:48 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Glossar/glossar-js.php
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/default/spellcheck.js
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/default/spellcheck.js HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: */*
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:48 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/default/spellcheck.js
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/WT/wt-logo.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:48 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/star.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/star.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:48 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/star.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Smileys/Weihnachten/cry.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Smileys/Weihnachten/cry.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:49 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Smileys/Weihnachten/cry.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/default/print.css?fin11
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/default/print.css?fin11 HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: text/css,*/*;q=0.1
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:49 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/default/print.css?fin11
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/favicon.ico
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /favicon.ico HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:49 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/favicon.ico
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/style.css?fin11
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/style.css?fin11 HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: text/css,*/*;q=0.1
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:48 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/style.css?fin11
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/default/xml_topic.js
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/default/xml_topic.js HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: */*
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:48 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/default/xml_topic.js
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/useroff.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/useroff.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:48 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/useroff.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Smileys/Weihnachten/shocked.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Smileys/Weihnachten/shocked.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:49 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Smileys/Weihnachten/shocked.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/default/script.js?fin11
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/default/script.js?fin11 HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: */*
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:48 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/default/script.js?fin11
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/default/sha1.js
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/default/sha1.js HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: */*
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:48 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/default/sha1.js
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/post/solved.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:48 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/stargmod.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:49 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif
                            • flag-us
                              DNS
                              adsrv.wintotal-forum.de
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              adsrv.wintotal-forum.de
                              IN A
                              Response
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/upshrink.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:48 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/topic_starter.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:48 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/www_sm.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:49 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/WT/nav_unten.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:49 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/filter.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/filter.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:48 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/filter.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/topic/normal_post.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:48 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/Male.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/Male.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:49 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/Male.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Smileys/Weihnachten/cool.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Smileys/Weihnachten/cool.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:49 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Smileys/Weihnachten/cool.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/post/xx.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:48 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/Female.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/Female.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Wed, 02 Oct 2024 01:23:49 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/Female.gif
                            • flag-us
                              DNS
                              wintotal.de.intellitxt.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              wintotal.de.intellitxt.com
                              IN A
                              Response
                            • flag-us
                              DNS
                              104.219.191.52.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              104.219.191.52.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              83.210.23.2.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              83.210.23.2.in-addr.arpa
                              IN PTR
                              Response
                              83.210.23.2.in-addr.arpa
                              IN PTR
                              a2-23-210-83deploystaticakamaitechnologiescom
                            • flag-us
                              DNS
                              68.32.126.40.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              68.32.126.40.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              57.233.15.195.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              57.233.15.195.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              95.221.229.192.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              95.221.229.192.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              133.211.185.52.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              133.211.185.52.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              86.23.85.13.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              86.23.85.13.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              198.187.3.20.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              198.187.3.20.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              75.117.19.2.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              75.117.19.2.in-addr.arpa
                              IN PTR
                              Response
                              75.117.19.2.in-addr.arpa
                              IN PTR
                              a2-19-117-75deploystaticakamaitechnologiescom
                            • flag-us
                              DNS
                              240.221.184.93.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              240.221.184.93.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              48.229.111.52.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              48.229.111.52.in-addr.arpa
                              IN PTR
                              Response
                            • 195.15.233.57:80
                              http://www.wintotal-forum.de/favicon.ico
                              http
                              msedge.exe
                              3.3kB
                              7.0kB
                              18
                              12

                              HTTP Request

                              GET http://www.wintotal-forum.de/Glossar/glossar-js.php

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/default/spellcheck.js

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/star.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Smileys/Weihnachten/cry.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/default/print.css?fin11

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/favicon.ico

                              HTTP Response

                              301
                            • 195.15.233.57:80
                              http://www.wintotal-forum.de/Smileys/Weihnachten/shocked.gif
                              http
                              msedge.exe
                              2.0kB
                              4.1kB
                              13
                              9

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/style.css?fin11

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/default/xml_topic.js

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/useroff.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Smileys/Weihnachten/shocked.gif

                              HTTP Response

                              301
                            • 195.15.233.57:80
                              http://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif
                              http
                              msedge.exe
                              2.0kB
                              4.1kB
                              13
                              9

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/default/script.js?fin11

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/default/sha1.js

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif

                              HTTP Response

                              301
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:80
                              http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif
                              http
                              msedge.exe
                              2.1kB
                              4.1kB
                              13
                              9

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif

                              HTTP Response

                              301
                            • 195.15.233.57:80
                              http://www.wintotal-forum.de/Smileys/Weihnachten/cool.gif
                              http
                              msedge.exe
                              2.1kB
                              4.1kB
                              13
                              9

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/filter.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/Male.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Smileys/Weihnachten/cool.gif

                              HTTP Response

                              301
                            • 195.15.233.57:80
                              http://www.wintotal-forum.de/Themes/WT2/images/Female.gif
                              http
                              msedge.exe
                              1.2kB
                              2.2kB
                              9
                              7

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/Female.gif

                              HTTP Response

                              301
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              909 B
                              3.4kB
                              8
                              7
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              909 B
                              3.4kB
                              8
                              7
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              909 B
                              3.4kB
                              8
                              7
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              909 B
                              3.4kB
                              8
                              7
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              909 B
                              3.4kB
                              8
                              7
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              909 B
                              3.4kB
                              8
                              7
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              909 B
                              3.4kB
                              8
                              7
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              909 B
                              3.4kB
                              8
                              7
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              909 B
                              3.4kB
                              8
                              7
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              909 B
                              3.4kB
                              8
                              7
                            • 8.8.8.8:53
                              8.8.8.8.in-addr.arpa
                              dns
                              66 B
                              90 B
                              1
                              1

                              DNS Request

                              8.8.8.8.in-addr.arpa

                            • 8.8.8.8:53
                              www.wintotal-forum.de
                              dns
                              msedge.exe
                              67 B
                              83 B
                              1
                              1

                              DNS Request

                              www.wintotal-forum.de

                              DNS Response

                              195.15.233.57

                            • 8.8.8.8:53
                              adsrv.wintotal-forum.de
                              dns
                              msedge.exe
                              69 B
                              132 B
                              1
                              1

                              DNS Request

                              adsrv.wintotal-forum.de

                            • 8.8.8.8:53
                              wintotal.de.intellitxt.com
                              dns
                              msedge.exe
                              72 B
                              72 B
                              1
                              1

                              DNS Request

                              wintotal.de.intellitxt.com

                            • 8.8.8.8:53
                              104.219.191.52.in-addr.arpa
                              dns
                              73 B
                              147 B
                              1
                              1

                              DNS Request

                              104.219.191.52.in-addr.arpa

                            • 8.8.8.8:53
                              83.210.23.2.in-addr.arpa
                              dns
                              70 B
                              133 B
                              1
                              1

                              DNS Request

                              83.210.23.2.in-addr.arpa

                            • 8.8.8.8:53
                              68.32.126.40.in-addr.arpa
                              dns
                              71 B
                              157 B
                              1
                              1

                              DNS Request

                              68.32.126.40.in-addr.arpa

                            • 8.8.8.8:53
                              57.233.15.195.in-addr.arpa
                              dns
                              72 B
                              136 B
                              1
                              1

                              DNS Request

                              57.233.15.195.in-addr.arpa

                            • 8.8.8.8:53
                              95.221.229.192.in-addr.arpa
                              dns
                              73 B
                              144 B
                              1
                              1

                              DNS Request

                              95.221.229.192.in-addr.arpa

                            • 224.0.0.251:5353
                              513 B
                              8
                            • 8.8.8.8:53
                              133.211.185.52.in-addr.arpa
                              dns
                              73 B
                              147 B
                              1
                              1

                              DNS Request

                              133.211.185.52.in-addr.arpa

                            • 8.8.8.8:53
                              86.23.85.13.in-addr.arpa
                              dns
                              70 B
                              144 B
                              1
                              1

                              DNS Request

                              86.23.85.13.in-addr.arpa

                            • 8.8.8.8:53
                              198.187.3.20.in-addr.arpa
                              dns
                              71 B
                              157 B
                              1
                              1

                              DNS Request

                              198.187.3.20.in-addr.arpa

                            • 8.8.8.8:53
                              75.117.19.2.in-addr.arpa
                              dns
                              70 B
                              133 B
                              1
                              1

                              DNS Request

                              75.117.19.2.in-addr.arpa

                            • 8.8.8.8:53
                              240.221.184.93.in-addr.arpa
                              dns
                              73 B
                              144 B
                              1
                              1

                              DNS Request

                              240.221.184.93.in-addr.arpa

                            • 8.8.8.8:53
                              48.229.111.52.in-addr.arpa
                              dns
                              72 B
                              158 B
                              1
                              1

                              DNS Request

                              48.229.111.52.in-addr.arpa

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              ff63763eedb406987ced076e36ec9acf

                              SHA1

                              16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

                              SHA256

                              8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

                              SHA512

                              ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              2783c40400a8912a79cfd383da731086

                              SHA1

                              001a131fe399c30973089e18358818090ca81789

                              SHA256

                              331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

                              SHA512

                              b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              5KB

                              MD5

                              4a130425c4504891bcb817d6546c842e

                              SHA1

                              1d28bf4b2b1bb4467c0443e833b20284785edee7

                              SHA256

                              c888dc3af14ed211349346120e4518305473517f6fd3c42220e752e82d304383

                              SHA512

                              11d8daec367b07a0924aa2df66ba5210fc013adec3086479c5637c582c37a00d9d6e635285393dcdc2e3ca0bd6ffc82af20c2f03a86b7cc66da70452ff913b82

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              1d6013b8c36b0a13bf68073e64d3190d

                              SHA1

                              547998b18f4b005117d4aa7e5c3f32ac56d1de9e

                              SHA256

                              b4904714dc5ec14e4e6168fe390770ce15f781cc6ee09d4105ce8f74fba9006d

                              SHA512

                              8ba7f613c19a3d29ad149584f20d1427cb7af837b048aab8567be0dc01d88f5a1f3e40b34b97cc9822de20133b2f57f3d7f7522414c30121ddb2c2f62f2c2e9c

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                              Filesize

                              10KB

                              MD5

                              93466f49dc23bacfac8bf295218b918b

                              SHA1

                              d20a7b9a55e5330e8b16696de75c1a50a337b0f6

                              SHA256

                              dba40a7e7aa96e19b07416e9d09d026907170735cce22d79e05cbcd58dce3a8d

                              SHA512

                              8ffa2540d6e76fa6d1b9f22b1261bc6a72508678b0578d549e6ffd0aed8598aede29a2cfbacb956ecb5bcb1289da7aa23fd1ffca646eb80262f157a988d31639

                            We care about your privacy.

                            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.