Analysis

  • max time kernel
    145s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-10-2024 16:41

General

  • Target

    14239afe2ef26c66ad10fd74907e5c12_JaffaCakes118.html

  • Size

    53KB

  • MD5

    14239afe2ef26c66ad10fd74907e5c12

  • SHA1

    abe749d1c11a8f1d9c0621e76d8baf6a8df35622

  • SHA256

    b04995e3623f5b9a0a4446d5ddc56cd8433e7d2081ed1f7a563c8b054f4007c1

  • SHA512

    45eec6084640074f1e84aff4ca5f8ff6177fcd2b5e0f04267be4683f4cbf0964f5a795d670c3005868a00929281d447488c7533c9f81ef3e9ccff20edf71a31b

  • SSDEEP

    1536:CkgUiIakTqGivi+PyUUrunlYx63Nj+q5VyvR0w2AzTICbbUo+/t9M/dNwIUTDmDo:CkgUiIakTqGivi+PyUUrunlYx63Nj+q1

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\14239afe2ef26c66ad10fd74907e5c12_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1124
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bcad46f8,0x7ff8bcad4708,0x7ff8bcad4718
      2⤵
        PID:2952
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,5062747944221605146,9921656638699418658,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
        2⤵
          PID:4392
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,5062747944221605146,9921656638699418658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2796
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,5062747944221605146,9921656638699418658,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
          2⤵
            PID:3544
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5062747944221605146,9921656638699418658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
            2⤵
              PID:1880
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5062747944221605146,9921656638699418658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
              2⤵
                PID:2628
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5062747944221605146,9921656638699418658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
                2⤵
                  PID:3080
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,5062747944221605146,9921656638699418658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
                  2⤵
                    PID:4944
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,5062747944221605146,9921656638699418658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3016
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5062747944221605146,9921656638699418658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
                    2⤵
                      PID:4816
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5062747944221605146,9921656638699418658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
                      2⤵
                        PID:2632
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5062747944221605146,9921656638699418658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
                        2⤵
                          PID:4648
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5062747944221605146,9921656638699418658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
                          2⤵
                            PID:3344
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,5062747944221605146,9921656638699418658,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5384 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2148
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3740
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2428

                            Network

                            • flag-us
                              DNS
                              8.8.8.8.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              Response
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              dnsgoogle
                            • flag-us
                              DNS
                              www.wintotal-forum.de
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              www.wintotal-forum.de
                              IN A
                              Response
                              www.wintotal-forum.de
                              IN A
                              195.15.233.57
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Glossar/glossar-js.php
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Glossar/glossar-js.php HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: */*
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:24 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Glossar/glossar-js.php
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/default/xml_topic.js
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/default/xml_topic.js HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: */*
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:24 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/default/xml_topic.js
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/useroff.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/useroff.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:24 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/useroff.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Smileys/smilies_smf/shocked.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Smileys/smilies_smf/shocked.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:24 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Smileys/smilies_smf/shocked.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/default/script.js?fin11
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/default/script.js?fin11 HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: */*
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:24 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/default/script.js?fin11
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/default/sha1.js
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/default/sha1.js HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: */*
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:24 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/default/sha1.js
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/post/xx.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:24 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/stargmod.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:24 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/style.css?fin11
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/style.css?fin11 HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: text/css,*/*;q=0.1
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:24 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/style.css?fin11
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/default/spellcheck.js
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/default/spellcheck.js HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: */*
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:24 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/default/spellcheck.js
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/post/solved.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:24 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/Female.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/Female.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:24 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/Female.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/WT/wt-logo.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:24 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/star.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/star.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:24 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/star.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/Male.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/Male.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:24 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/Male.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Smileys/smilies_smf/cool.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:25 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/upshrink.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:24 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/topic_starter.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:24 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Smileys/smilies_smf/cry.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Smileys/smilies_smf/cry.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:24 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Smileys/smilies_smf/cry.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/WT/nav_unten.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:25 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/filter.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/filter.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:24 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/filter.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/topic/normal_post.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:24 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/WT2/images/www_sm.gif HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:24 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/Themes/default/print.css?fin11
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /Themes/default/print.css?fin11 HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: text/css,*/*;q=0.1
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:25 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/Themes/default/print.css?fin11
                            • flag-ch
                              GET
                              http://www.wintotal-forum.de/favicon.ico
                              msedge.exe
                              Remote address:
                              195.15.233.57:80
                              Request
                              GET /favicon.ico HTTP/1.1
                              Host: www.wintotal-forum.de
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 301 Moved Permanently
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Content-Length: 706
                              Date: Fri, 04 Oct 2024 16:41:25 GMT
                              Server: LiteSpeed
                              Location: https://www.wintotal-forum.de/favicon.ico
                            • flag-us
                              DNS
                              adsrv.wintotal-forum.de
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              adsrv.wintotal-forum.de
                              IN A
                              Response
                            • flag-us
                              DNS
                              wintotal.de.intellitxt.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              wintotal.de.intellitxt.com
                              IN A
                              Response
                            • flag-us
                              DNS
                              149.220.183.52.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              149.220.183.52.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              64.159.190.20.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              64.159.190.20.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              57.233.15.195.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              57.233.15.195.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              172.210.232.199.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              172.210.232.199.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              241.150.49.20.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              241.150.49.20.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              197.87.175.4.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              197.87.175.4.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              241.42.69.40.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              241.42.69.40.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              98.117.19.2.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              98.117.19.2.in-addr.arpa
                              IN PTR
                              Response
                              98.117.19.2.in-addr.arpa
                              IN PTR
                              a2-19-117-98deploystaticakamaitechnologiescom
                            • flag-us
                              DNS
                              88.210.23.2.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              88.210.23.2.in-addr.arpa
                              IN PTR
                              Response
                              88.210.23.2.in-addr.arpa
                              IN PTR
                              a2-23-210-88deploystaticakamaitechnologiescom
                            • flag-us
                              DNS
                              19.229.111.52.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              19.229.111.52.in-addr.arpa
                              IN PTR
                              Response
                            • 195.15.233.57:80
                              http://www.wintotal-forum.de/Smileys/smilies_smf/shocked.gif
                              http
                              msedge.exe
                              2.0kB
                              4.1kB
                              13
                              9

                              HTTP Request

                              GET http://www.wintotal-forum.de/Glossar/glossar-js.php

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/default/xml_topic.js

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/useroff.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Smileys/smilies_smf/shocked.gif

                              HTTP Response

                              301
                            • 195.15.233.57:80
                              http://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif
                              http
                              msedge.exe
                              2.0kB
                              4.1kB
                              13
                              9

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/default/script.js?fin11

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/default/sha1.js

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif

                              HTTP Response

                              301
                            • 195.15.233.57:80
                              http://www.wintotal-forum.de/Themes/WT2/images/Female.gif
                              http
                              msedge.exe
                              2.0kB
                              4.1kB
                              13
                              9

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/style.css?fin11

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/default/spellcheck.js

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/Female.gif

                              HTTP Response

                              301
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:80
                              http://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif
                              http
                              msedge.exe
                              2.1kB
                              4.1kB
                              13
                              9

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/star.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/Male.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Smileys/smilies_smf/cool.gif

                              HTTP Response

                              301
                            • 195.15.233.57:80
                              http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif
                              http
                              msedge.exe
                              2.1kB
                              4.1kB
                              13
                              9

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Smileys/smilies_smf/cry.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif

                              HTTP Response

                              301
                            • 195.15.233.57:80
                              http://www.wintotal-forum.de/favicon.ico
                              http
                              msedge.exe
                              2.5kB
                              5.1kB
                              15
                              10

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/filter.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/Themes/default/print.css?fin11

                              HTTP Response

                              301

                              HTTP Request

                              GET http://www.wintotal-forum.de/favicon.ico

                              HTTP Response

                              301
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              909 B
                              3.4kB
                              8
                              7
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              909 B
                              3.4kB
                              8
                              7
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              909 B
                              3.4kB
                              8
                              7
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              909 B
                              3.4kB
                              8
                              7
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              909 B
                              3.4kB
                              8
                              7
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              909 B
                              3.4kB
                              8
                              7
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              909 B
                              3.4kB
                              8
                              7
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              909 B
                              3.4kB
                              8
                              7
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              909 B
                              3.4kB
                              8
                              7
                            • 195.15.233.57:443
                              www.wintotal-forum.de
                              tls
                              msedge.exe
                              955 B
                              3.5kB
                              9
                              8
                            • 8.8.8.8:53
                              8.8.8.8.in-addr.arpa
                              dns
                              66 B
                              90 B
                              1
                              1

                              DNS Request

                              8.8.8.8.in-addr.arpa

                            • 8.8.8.8:53
                              www.wintotal-forum.de
                              dns
                              msedge.exe
                              67 B
                              83 B
                              1
                              1

                              DNS Request

                              www.wintotal-forum.de

                              DNS Response

                              195.15.233.57

                            • 8.8.8.8:53
                              adsrv.wintotal-forum.de
                              dns
                              msedge.exe
                              69 B
                              132 B
                              1
                              1

                              DNS Request

                              adsrv.wintotal-forum.de

                            • 8.8.8.8:53
                              wintotal.de.intellitxt.com
                              dns
                              msedge.exe
                              72 B
                              72 B
                              1
                              1

                              DNS Request

                              wintotal.de.intellitxt.com

                            • 8.8.8.8:53
                              149.220.183.52.in-addr.arpa
                              dns
                              73 B
                              147 B
                              1
                              1

                              DNS Request

                              149.220.183.52.in-addr.arpa

                            • 8.8.8.8:53
                              64.159.190.20.in-addr.arpa
                              dns
                              72 B
                              158 B
                              1
                              1

                              DNS Request

                              64.159.190.20.in-addr.arpa

                            • 8.8.8.8:53
                              57.233.15.195.in-addr.arpa
                              dns
                              72 B
                              136 B
                              1
                              1

                              DNS Request

                              57.233.15.195.in-addr.arpa

                            • 8.8.8.8:53
                              172.210.232.199.in-addr.arpa
                              dns
                              74 B
                              128 B
                              1
                              1

                              DNS Request

                              172.210.232.199.in-addr.arpa

                            • 224.0.0.251:5353
                              452 B
                              7
                            • 8.8.8.8:53
                              241.150.49.20.in-addr.arpa
                              dns
                              72 B
                              158 B
                              1
                              1

                              DNS Request

                              241.150.49.20.in-addr.arpa

                            • 8.8.8.8:53
                              197.87.175.4.in-addr.arpa
                              dns
                              71 B
                              157 B
                              1
                              1

                              DNS Request

                              197.87.175.4.in-addr.arpa

                            • 8.8.8.8:53
                              241.42.69.40.in-addr.arpa
                              dns
                              71 B
                              145 B
                              1
                              1

                              DNS Request

                              241.42.69.40.in-addr.arpa

                            • 8.8.8.8:53
                              98.117.19.2.in-addr.arpa
                              dns
                              70 B
                              133 B
                              1
                              1

                              DNS Request

                              98.117.19.2.in-addr.arpa

                            • 8.8.8.8:53
                              88.210.23.2.in-addr.arpa
                              dns
                              70 B
                              133 B
                              1
                              1

                              DNS Request

                              88.210.23.2.in-addr.arpa

                            • 8.8.8.8:53
                              19.229.111.52.in-addr.arpa
                              dns
                              72 B
                              158 B
                              1
                              1

                              DNS Request

                              19.229.111.52.in-addr.arpa

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              9e3fc58a8fb86c93d19e1500b873ef6f

                              SHA1

                              c6aae5f4e26f5570db5e14bba8d5061867a33b56

                              SHA256

                              828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

                              SHA512

                              e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              27304926d60324abe74d7a4b571c35ea

                              SHA1

                              78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

                              SHA256

                              7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

                              SHA512

                              f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              5KB

                              MD5

                              65e3d15413c88a711177d4ce6875578e

                              SHA1

                              f5d10077e2112ddd765c745c7aeac96744cda64d

                              SHA256

                              9c1575481dc0f86164924fbce96ce1468a937ed584cdd9245b13a4f083c499fe

                              SHA512

                              780d1eada898478328a6e494eb37aa48387a64443b518fa26f2a2e53a5677e262f571b9f3fdb0174e63e7672cc6190806c6d6e56eaca7c589c76356db034b2ab

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              7217f3865ebcd63cf39db48c191bb900

                              SHA1

                              e32f4ab62c17d4b2a46fa7feb7a8cb8c02bc6170

                              SHA256

                              d26637ba372994800115756c2e3d75da06a2e12a92ae91768b31fd92ee550e80

                              SHA512

                              0bbdc5ee29b876500ffd71098625edc1f26812acd5c6c1f7ee7f075700350a79124562870108763fbdfafbd1162c352dc58ae61927b59a04fb71fe9917bddd39

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                              Filesize

                              10KB

                              MD5

                              d92eca8a1500740a53b2deafb4fb0a89

                              SHA1

                              1cdd0dbcae88fee93ad100c3b6210afe01af879a

                              SHA256

                              0064fc0272808094c1beb7649f4374244258d8babc20101393e647de06a861f6

                              SHA512

                              02ffd1407c1fadcc0c1ed310d8276791a4bb63e4a3c3339c2cfcd6a72aeb5fc88f6caef65e4ae1f1964d854f1eb28470b1ba36d46d471e3b92c43380e2159e8c

                            We care about your privacy.

                            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.