hxxps://mubuenosaires[.]com[.]ar/

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230824-en
resource tags

arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 20:21 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mubuenosaires.com.ar/

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{208CA981-6477-40D7-9A4B-EA57E3F7C3B3}.catalogItem	svchost.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4384	msedge.exe
4384	msedge.exe
1784	msedge.exe
1784	msedge.exe
1448	identity_helper.exe
1448	identity_helper.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 1804	1784	msedge.exe	87
PID 1784 wrote to memory of 1804	1784	msedge.exe	87
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 1824	1784	msedge.exe	89
PID 1784 wrote to memory of 4384	1784	msedge.exe	88
PID 1784 wrote to memory of 4384	1784	msedge.exe	88
PID 1784 wrote to memory of 2464	1784	msedge.exe	90
PID 1784 wrote to memory of 2464	1784	msedge.exe	90
PID 1784 wrote to memory of 2464	1784	msedge.exe	90
PID 1784 wrote to memory of 2464	1784	msedge.exe	90
PID 1784 wrote to memory of 2464	1784	msedge.exe	90
PID 1784 wrote to memory of 2464	1784	msedge.exe	90
PID 1784 wrote to memory of 2464	1784	msedge.exe	90
PID 1784 wrote to memory of 2464	1784	msedge.exe	90
PID 1784 wrote to memory of 2464	1784	msedge.exe	90
PID 1784 wrote to memory of 2464	1784	msedge.exe	90
PID 1784 wrote to memory of 2464	1784	msedge.exe	90
PID 1784 wrote to memory of 2464	1784	msedge.exe	90
PID 1784 wrote to memory of 2464	1784	msedge.exe	90
PID 1784 wrote to memory of 2464	1784	msedge.exe	90
PID 1784 wrote to memory of 2464	1784	msedge.exe	90
PID 1784 wrote to memory of 2464	1784	msedge.exe	90
PID 1784 wrote to memory of 2464	1784	msedge.exe	90
PID 1784 wrote to memory of 2464	1784	msedge.exe	90
PID 1784 wrote to memory of 2464	1784	msedge.exe	90
PID 1784 wrote to memory of 2464	1784	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mubuenosaires.com.ar/
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf2ce46f8,0x7ffbf2ce4708,0x7ffbf2ce4718
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,6711030825565716444,12910637199015225229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6711030825565716444,12910637199015225229,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,6711030825565716444,12910637199015225229,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6711030825565716444,12910637199015225229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6711030825565716444,12910637199015225229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6711030825565716444,12910637199015225229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6711030825565716444,12910637199015225229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6711030825565716444,12910637199015225229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6711030825565716444,12910637199015225229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6711030825565716444,12910637199015225229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6711030825565716444,12910637199015225229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6711030825565716444,12910637199015225229,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1924

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4552

Network

DNS

73.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.159.190.20.in-addr.arpa

IN PTR

Response
DNS

mubuenosaires.com.ar

msedge.exe

Remote address:

8.8.8.8:53

Request

mubuenosaires.com.ar

IN A

Response

mubuenosaires.com.ar

IN A

172.67.201.121

mubuenosaires.com.ar

IN A

104.21.76.220
GET

https://mubuenosaires.com.ar/

msedge.exe

Remote address:

172.67.201.121:443

Request

GET / HTTP/2.0
host: mubuenosaires.com.ar
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 28 Aug 2023 20:21:56 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KDW0hDbOjyJ%2FQ4ND1fyv%2Bms3UiMtHyR51tKOA7YvDfxx1JUe4KB%2F7adSUjDIGTErcjyAGK4E7UIGHdd61EIyb9enqBM3f3iR1%2FO7xxxKcVZrxdrBUtI8nx%2B5dueoensHJDhzy%2BgIyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fdf43730d9a0e24-AMS
content-encoding: gzip
GET

https://mubuenosaires.com.ar/cdn-cgi/styles/cf.errors.css

msedge.exe

Remote address:

172.67.201.121:443

Request

GET /cdn-cgi/styles/cf.errors.css HTTP/2.0
host: mubuenosaires.com.ar
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://mubuenosaires.com.ar/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 28 Aug 2023 20:21:56 GMT
content-type: text/css
last-modified: Wed, 23 Aug 2023 13:09:20 GMT
etag: W/"64e60500-5e44"
server: cloudflare
cf-ray: 7fdf437529090e24-AMS
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Mon, 28 Aug 2023 22:21:56 GMT
cache-control: max-age=7200
cache-control: public
content-encoding: gzip
GET

https://mubuenosaires.com.ar/cdn-cgi/images/icon-exclamation.png?1376755637

msedge.exe

Remote address:

172.67.201.121:443

Request

GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/2.0
host: mubuenosaires.com.ar
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mubuenosaires.com.ar/cdn-cgi/styles/cf.errors.css
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 28 Aug 2023 20:21:56 GMT
content-type: image/png
content-length: 452
last-modified: Wed, 23 Aug 2023 13:09:20 GMT
etag: "64e60500-1c4"
server: cloudflare
cf-ray: 7fdf4375ca380e24-AMS
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Mon, 28 Aug 2023 22:21:56 GMT
cache-control: max-age=7200
cache-control: public
accept-ranges: bytes
GET

https://mubuenosaires.com.ar/favicon.ico

msedge.exe

Remote address:

172.67.201.121:443

Request

GET /favicon.ico HTTP/2.0
host: mubuenosaires.com.ar
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mubuenosaires.com.ar/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 404

date: Mon, 28 Aug 2023 20:21:58 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ILoOz26rDw3dmeKBcqdMOwUIYScCnkDXVaNbUY1vO2stGkOWT7K46qpo%2FeQj26gbxPRq9sMpp7XNZZDvesYQ6fYSb2VjSSZhgUjaAV1avv62HXXAsxo8NKuRSx6%2BOpALsfnnveCDGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fdf43805aaa0e24-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://mubuenosaires.com.ar/cdn-cgi/phish-bypass?atok=.sc.1AgGx3l6_r7v1hzLP6HUBzNXBI0Jzxp73U_utXc-1693254116-0-%2F

msedge.exe

Remote address:

172.67.201.121:443

Request

GET /cdn-cgi/phish-bypass?atok=.sc.1AgGx3l6_r7v1hzLP6HUBzNXBI0Jzxp73U_utXc-1693254116-0-%2F HTTP/2.0
host: mubuenosaires.com.ar
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://mubuenosaires.com.ar/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

date: Mon, 28 Aug 2023 20:22:03 GMT
content-type: text/html
content-length: 167
location: https://mubuenosaires.com.ar/
set-cookie: __cf_mw_byp=.sc.1AgGx3l6_r7v1hzLP6HUBzNXBI0Jzxp73U_utXc-1693254116-0-/; Domain=mubuenosaires.com.ar; Path=/; Max-Age=86400
cache-control: private, no-cache
server: cloudflare
cf-ray: 7fdf43a06a980e24-AMS
x-frame-options: DENY
x-content-type-options: nosniff
GET

https://mubuenosaires.com.ar/

msedge.exe

Remote address:

172.67.201.121:443

Request

GET / HTTP/2.0
host: mubuenosaires.com.ar
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
referer: https://mubuenosaires.com.ar/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_mw_byp=.sc.1AgGx3l6_r7v1hzLP6HUBzNXBI0Jzxp73U_utXc-1693254116-0-/

Response

HTTP/2.0 200

date: Mon, 28 Aug 2023 20:22:03 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=70o1VjKaymI%2Fyp%2Bt8i0SQGnXPDyLW0R11tue1PLVWVlovsG31KGgbMVVgWYSo1oNVQ9S%2BVws3A6oV8ZtSISCSSLlps5xzuWHARaxoIxbSS98GPXr30MDw3FkPYuMhZ7d%2BFC4JmAEhw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7fdf43a07ab40e24-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://mubuenosaires.com.ar/_autoindex/assets/css/autoindex.css

msedge.exe

Remote address:

172.67.201.121:443

Request

GET /_autoindex/assets/css/autoindex.css HTTP/2.0
host: mubuenosaires.com.ar
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://mubuenosaires.com.ar/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_mw_byp=.sc.1AgGx3l6_r7v1hzLP6HUBzNXBI0Jzxp73U_utXc-1693254116-0-/

Response

HTTP/2.0 200

date: Mon, 28 Aug 2023 20:22:04 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 04 Sep 2023 20:22:04 GMT
last-modified: Mon, 27 Mar 2023 15:34:09 GMT
vary: Accept-Encoding
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fn6ggOKmzwyAVJZHgTAuJ1TtW5ZIRGzSh8jB1Eqezg3mlnetVR%2B3tUk79%2F6m3yKjfQTXFfxErGcEARSJXrKozWmvnp7Hdd3Zl2MskqpaY5Pj7TziR0GwvYKdPISn9rSEnMSTW64ZIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7fdf43a2af480e24-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://mubuenosaires.com.ar/_autoindex/assets/js/tablesort.js

msedge.exe

Remote address:

172.67.201.121:443

Request

GET /_autoindex/assets/js/tablesort.js HTTP/2.0
host: mubuenosaires.com.ar
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://mubuenosaires.com.ar/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_mw_byp=.sc.1AgGx3l6_r7v1hzLP6HUBzNXBI0Jzxp73U_utXc-1693254116-0-/

Response

HTTP/2.0 200

date: Mon, 28 Aug 2023 20:22:04 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Mon, 04 Sep 2023 20:22:04 GMT
last-modified: Mon, 27 Mar 2023 15:34:09 GMT
vary: Accept-Encoding
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tooCT3dOGPAOHGK4gT%2Bism6mx9CgEbFxLyKiq63vPfJ%2F1e%2BKhwxmllpvVCShllWAE%2BRIFxBg97AtgxRG0v6dU3g6NSNIilMCZQQKzMRB7irrZYXWSUVwYwRzKHBgxhgjBN1wqv%2BXAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7fdf43a2af440e24-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://mubuenosaires.com.ar/_autoindex/assets/js/tablesort.number.js

msedge.exe

Remote address:

172.67.201.121:443

Request

GET /_autoindex/assets/js/tablesort.number.js HTTP/2.0
host: mubuenosaires.com.ar
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://mubuenosaires.com.ar/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_mw_byp=.sc.1AgGx3l6_r7v1hzLP6HUBzNXBI0Jzxp73U_utXc-1693254116-0-/

Response

HTTP/2.0 200

date: Mon, 28 Aug 2023 20:22:04 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 04 Sep 2023 20:22:04 GMT
last-modified: Mon, 27 Mar 2023 15:34:09 GMT
vary: Accept-Encoding
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dnvlLFMC7mJYkGQvSJFgw8%2FpqUNB8wvZgBs714o0uvmLPwC0qFv6AflFCsZSlGtwTCSm%2Beh6o6YXF1a5vXPrniTip8GZSowPfEvohAT2wAJM3oTaKeURiWLMuLfjvfSRYhDX5R%2BDuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7fdf43a2af4b0e24-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

8.3.197.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.3.197.209.in-addr.arpa

IN PTR

Response

8.3.197.209.in-addr.arpa

IN PTR

vip0x008map2sslhwcdnnet
DNS

121.201.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

121.201.67.172.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

a.nel.cloudflare.com

msedge.exe

Remote address:

8.8.8.8:53

Request

a.nel.cloudflare.com

IN A

Response

a.nel.cloudflare.com

IN A

35.190.80.1
OPTIONS

https://a.nel.cloudflare.com/report/v3?s=ILoOz26rDw3dmeKBcqdMOwUIYScCnkDXVaNbUY1vO2stGkOWT7K46qpo%2FeQj26gbxPRq9sMpp7XNZZDvesYQ6fYSb2VjSSZhgUjaAV1avv62HXXAsxo8NKuRSx6%2BOpALsfnnveCDGQ%3D%3D

msedge.exe

Remote address:

35.190.80.1:443

Request

OPTIONS /report/v3?s=ILoOz26rDw3dmeKBcqdMOwUIYScCnkDXVaNbUY1vO2stGkOWT7K46qpo%2FeQj26gbxPRq9sMpp7XNZZDvesYQ6fYSb2VjSSZhgUjaAV1avv62HXXAsxo8NKuRSx6%2BOpALsfnnveCDGQ%3D%3D HTTP/2.0
host: a.nel.cloudflare.com
origin: https://mubuenosaires.com.ar
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://a.nel.cloudflare.com/report/v3?s=ILoOz26rDw3dmeKBcqdMOwUIYScCnkDXVaNbUY1vO2stGkOWT7K46qpo%2FeQj26gbxPRq9sMpp7XNZZDvesYQ6fYSb2VjSSZhgUjaAV1avv62HXXAsxo8NKuRSx6%2BOpALsfnnveCDGQ%3D%3D

msedge.exe

Remote address:

35.190.80.1:443

Request

POST /report/v3?s=ILoOz26rDw3dmeKBcqdMOwUIYScCnkDXVaNbUY1vO2stGkOWT7K46qpo%2FeQj26gbxPRq9sMpp7XNZZDvesYQ6fYSb2VjSSZhgUjaAV1avv62HXXAsxo8NKuRSx6%2BOpALsfnnveCDGQ%3D%3D HTTP/2.0
host: a.nel.cloudflare.com
content-length: 445
content-type: application/reports+json
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

apps.identrust.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

2.18.121.68

a1952.dscq.akamai.net

IN A

2.18.121.80
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

msedge.exe

Remote address:

2.18.121.68:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Mon, 21 Aug 2023 22:08:28 GMT
ETag: "37d-603761e33cf00"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Mon, 28 Aug 2023 21:21:58 GMT
Date: Mon, 28 Aug 2023 20:21:58 GMT
Connection: keep-alive
DNS

1.80.190.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.80.190.35.in-addr.arpa

IN PTR

Response

1.80.190.35.in-addr.arpa

IN PTR

18019035bcgoogleusercontentcom
DNS

68.121.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.121.18.2.in-addr.arpa

IN PTR

Response

68.121.18.2.in-addr.arpa

IN PTR

a2-18-121-68deploystaticakamaitechnologiescom
DNS

226.173.246.72.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.173.246.72.in-addr.arpa

IN PTR

Response

226.173.246.72.in-addr.arpa

IN PTR

a72-246-173-226deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

126.153.241.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

126.153.241.8.in-addr.arpa

IN PTR

Response
DNS

126.177.238.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

126.177.238.8.in-addr.arpa

IN PTR

Response
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
DNS

26.73.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.73.42.20.in-addr.arpa

IN PTR

Response

172.67.201.121:443

https://mubuenosaires.com.ar/_autoindex/assets/js/tablesort.number.js

tls, http2

msedge.exe

3.7kB
21.9kB
39
54

HTTP Request

GET https://mubuenosaires.com.ar/

HTTP Response

200

HTTP Request

GET https://mubuenosaires.com.ar/cdn-cgi/styles/cf.errors.css

HTTP Response

200

HTTP Request

GET https://mubuenosaires.com.ar/cdn-cgi/images/icon-exclamation.png?1376755637

HTTP Response

200

HTTP Request

GET https://mubuenosaires.com.ar/favicon.ico

HTTP Response

404

HTTP Request

GET https://mubuenosaires.com.ar/cdn-cgi/phish-bypass?atok=.sc.1AgGx3l6_r7v1hzLP6HUBzNXBI0Jzxp73U_utXc-1693254116-0-%2F

HTTP Response

301

HTTP Request

GET https://mubuenosaires.com.ar/

HTTP Response

200

HTTP Request

GET https://mubuenosaires.com.ar/_autoindex/assets/css/autoindex.css

HTTP Request

GET https://mubuenosaires.com.ar/_autoindex/assets/js/tablesort.js

HTTP Request

GET https://mubuenosaires.com.ar/_autoindex/assets/js/tablesort.number.js

HTTP Response

200

HTTP Response

200

HTTP Response

200
35.190.80.1:443

https://a.nel.cloudflare.com/report/v3?s=ILoOz26rDw3dmeKBcqdMOwUIYScCnkDXVaNbUY1vO2stGkOWT7K46qpo%2FeQj26gbxPRq9sMpp7XNZZDvesYQ6fYSb2VjSSZhgUjaAV1avv62HXXAsxo8NKuRSx6%2BOpALsfnnveCDGQ%3D%3D

tls, http2

msedge.exe

2.8kB
6.2kB
19
17

HTTP Request

OPTIONS https://a.nel.cloudflare.com/report/v3?s=ILoOz26rDw3dmeKBcqdMOwUIYScCnkDXVaNbUY1vO2stGkOWT7K46qpo%2FeQj26gbxPRq9sMpp7XNZZDvesYQ6fYSb2VjSSZhgUjaAV1avv62HXXAsxo8NKuRSx6%2BOpALsfnnveCDGQ%3D%3D

HTTP Request

POST https://a.nel.cloudflare.com/report/v3?s=ILoOz26rDw3dmeKBcqdMOwUIYScCnkDXVaNbUY1vO2stGkOWT7K46qpo%2FeQj26gbxPRq9sMpp7XNZZDvesYQ6fYSb2VjSSZhgUjaAV1avv62HXXAsxo8NKuRSx6%2BOpALsfnnveCDGQ%3D%3D
2.18.121.68:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

msedge.exe

416 B
1.6kB
6
5

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200

8.8.8.8:53

73.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

73.159.190.20.in-addr.arpa
8.8.8.8:53

mubuenosaires.com.ar

dns

msedge.exe

66 B
98 B
1
1

DNS Request

mubuenosaires.com.ar

DNS Response

172.67.201.121

104.21.76.220
8.8.8.8:53

8.3.197.209.in-addr.arpa

dns

70 B
111 B
1
1

DNS Request

8.3.197.209.in-addr.arpa
8.8.8.8:53

121.201.67.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

121.201.67.172.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

a.nel.cloudflare.com

dns

msedge.exe

66 B
82 B
1
1

DNS Request

a.nel.cloudflare.com

DNS Response

35.190.80.1
8.8.8.8:53

apps.identrust.com

dns

msedge.exe

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

2.18.121.68

2.18.121.80
35.190.80.1:443

a.nel.cloudflare.com

https

msedge.exe

3.1kB
5.0kB
5
7
8.8.8.8:53

1.80.190.35.in-addr.arpa

dns

70 B
120 B
1
1

DNS Request

1.80.190.35.in-addr.arpa
8.8.8.8:53

68.121.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

68.121.18.2.in-addr.arpa
8.8.8.8:53

226.173.246.72.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

226.173.246.72.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
224.0.0.251:5353

515 B
8
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

126.153.241.8.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

126.153.241.8.in-addr.arpa
8.8.8.8:53

126.177.238.8.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

126.177.238.8.in-addr.arpa
8.8.8.8:53

19.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

19.229.111.52.in-addr.arpa
8.8.8.8:53

26.73.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

26.73.42.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3590c7788f1f36717cbd298007259a6f

SHA1
9e9a602016435a1d642e18a54d8d6589f938a5bb

SHA256
09a08de2fcd19e304c3b8f6e04f5e4da257a3f18759827be4e9c6af862412174

SHA512
07df3ee7e2d4a313c996c6b8451450556a75e5ac8e4d10595f255164fdd25d6bc596ad579d90f6496c78a15a3c6fc349d748dd7c5f4b2b51d330c52577e2988a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
6aaa811395c78c8fcde6fb75b2e94646

SHA1
d5fcb784b5eec74aed0756969c54ad1d598fe0d0

SHA256
0667dc9205a15cb129248d8a349a3d7b4465e47540f8fb086920042726e62e42

SHA512
a0db7a64fa8c743ed22a6dbe16127df91831061d12a2afddd1ed38fa4977a449b3d6c4b29323546a7212df949d81f6dfb521564e8f651a0a4c2948d7ae3b876c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
478B

MD5
5d0562ff982c01926c507dde45b6e547

SHA1
0fc143b07d64c316f756774195e7ae3de3d48a6d

SHA256
f9d1929fbd37b00df31889150336719084d2dddb321f5f288ee19f9c5cd6ffee

SHA512
79f4fbbca188eeec1d5d1bf08947e15c1276b69137bf2fa03067c04364bee33c20ba521314e7a143ed4acf349e62c9678f5e55a4d5197cf28439a854e257879b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
634ff9096b62eaea126ec6f88236dbad

SHA1
2bab23edd0386c6216dc9a69e1b91c6ef196f19c

SHA256
5c6fd55690555e3b0c3e021724e8de072cf9b2196bef8963289b7ae0d979bb7a

SHA512
ba2b008ddbac26dc6f0c2f8a9faef5d95352aefbd9bee4273e34ce2fb91bd60aa16195ce65311a0e095969b1291cf9018d1533faa2254346d2428af5ef2f4666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3ad09ab62edc1739ee84a52e3c72ed53

SHA1
e597abdf120e593a9ecc4a90b21a98fdce183c2a

SHA256
d1bfdd0e45e54be8d253c3d40b4da54082974d7f41ca9f4fea7ac73359d58fb5

SHA512
788b184c2eb7bd52ff3479bd8514ff8d5bce29f91438bfdd1b2804a3a4e5b26c418da95780689212c1db14d1b5fd2f3472f83e7265c0d8726aa08cbd06a3b3a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dc3099635da707c41b60c0f346adfadd

SHA1
279a39901707fe8f2e30f6c19cfcc5dcf32577f2

SHA256
fb5ebea63e3f5efb1080c8b47276ce0388e240299c9c972dce71db07c7201dc5

SHA512
5d190729a421e8d8da299f40e57ec7d178d2e0f67ba2e3ecbf3c6be8ad1820edb88a324b3a3318b922aa3f7846be225688b4987298e1e58ec123916cb5744d40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
a128973ca2ca245299ef7e60156b4ef8

SHA1
d39a437204591bbff98d673e6d1c4f869683ebcc

SHA256
5c6e1f3c7213460c24dc670521adbe32ec76df5e3facc0a7b92a3fa9e340b302

SHA512
bbbdbe2fae61c2a27b4aadfbda2efae2675156dcea6edb8b45fbe83f397f8a1f50d694d8bcd1f53939a277722baf102f3f80caffadfcf0ca80d7408d77d8c490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
50b4fb8056ff52efc9af60cee6beebe0

SHA1
cb76794e26456a0607e37132e5f3d36dee79e137

SHA256
0e381980499dfeaa8f500073208061622d6d541598568c8991c478a8b44cd14a

SHA512
d009ad3d60443b214797b7f6b6a1dfd55d49847afdae7fdfdf82455614c337aeabc61068dcef59768599e530bce6297057d47c8df455fc8d8c8b2cb3eb0b0f3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
87b19260cbd6a435003e1d3bdb18da6f

SHA1
680504105becbc01f268cb1eb879622518d9dbaa

SHA256
f6c7543e3b50bd0046a3167c9b552dc2ce6ebeebfa9a926dc491549c52214282

SHA512
a1bd07a2b177de3a34397eb451e0cc717bcabbfe2c7c990d1a02213615309bc4dcfce8586cb91a0a52c4c0e9a368a5c903c7aa7112a7e0b5cc5c9e5fdb2a9e88

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.