hxxps://zzb[.]bz/3fuEh

Resubmissions

04/04/2024, 22:23 UTC

240404-2a63sscd35 1

04/04/2024, 22:22 UTC

240404-2adq9abe91 1

Analysis

max time kernel
120s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04/04/2024, 22:23 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://zzb.bz/3fuEh

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
1892	msedge.exe
1892	msedge.exe
3940	identity_helper.exe
3940	identity_helper.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
648	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 3352	1892	msedge.exe	85
PID 1892 wrote to memory of 3352	1892	msedge.exe	85
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 3376	1892	msedge.exe	88
PID 1892 wrote to memory of 4548	1892	msedge.exe	89
PID 1892 wrote to memory of 4548	1892	msedge.exe	89
PID 1892 wrote to memory of 2840	1892	msedge.exe	90
PID 1892 wrote to memory of 2840	1892	msedge.exe	90
PID 1892 wrote to memory of 2840	1892	msedge.exe	90
PID 1892 wrote to memory of 2840	1892	msedge.exe	90
PID 1892 wrote to memory of 2840	1892	msedge.exe	90
PID 1892 wrote to memory of 2840	1892	msedge.exe	90
PID 1892 wrote to memory of 2840	1892	msedge.exe	90
PID 1892 wrote to memory of 2840	1892	msedge.exe	90
PID 1892 wrote to memory of 2840	1892	msedge.exe	90
PID 1892 wrote to memory of 2840	1892	msedge.exe	90
PID 1892 wrote to memory of 2840	1892	msedge.exe	90
PID 1892 wrote to memory of 2840	1892	msedge.exe	90
PID 1892 wrote to memory of 2840	1892	msedge.exe	90
PID 1892 wrote to memory of 2840	1892	msedge.exe	90
PID 1892 wrote to memory of 2840	1892	msedge.exe	90
PID 1892 wrote to memory of 2840	1892	msedge.exe	90
PID 1892 wrote to memory of 2840	1892	msedge.exe	90
PID 1892 wrote to memory of 2840	1892	msedge.exe	90
PID 1892 wrote to memory of 2840	1892	msedge.exe	90
PID 1892 wrote to memory of 2840	1892	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://zzb.bz/3fuEh
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff9c99e46f8,0x7ff9c99e4708,0x7ff9c99e4718
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,13767774274503470122,4301471871279209476,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,13767774274503470122,4301471871279209476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,13767774274503470122,4301471871279209476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13767774274503470122,4301471871279209476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13767774274503470122,4301471871279209476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,13767774274503470122,4301471871279209476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,13767774274503470122,4301471871279209476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13767774274503470122,4301471871279209476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13767774274503470122,4301471871279209476,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13767774274503470122,4301471871279209476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13767774274503470122,4301471871279209476,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,13767774274503470122,4301471871279209476,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultd8546295hdf6dh4f5bh9091hd9da057decc0
1⤵
PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9c99e46f8,0x7ff9c99e4708,0x7ff9c99e4718
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1420,8623700310309567788,8590814424300707596,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1420,8623700310309567788,8590814424300707596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  PID:5668

Network

DNS

zzb.bz

msedge.exe

Remote address:

8.8.8.8:53

Request

zzb.bz

IN A

Response

zzb.bz

IN A

172.105.206.132
DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
GET

https://zzb.bz/3fuEh

msedge.exe

Remote address:

172.105.206.132:443

Request

GET /3fuEh HTTP/1.1
Host: zzb.bz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Thu, 04 Apr 2024 22:24:01 GMT
Server: Apache/2.4.25 (Debian)
Set-Cookie: zzbbz=wYf8QdVciuV%2Fpmq9w7U08r1BEGnQ0e3rB%2F%2F3XdirV73P0ZfOND06GlvX0O%2FCWbJCAPZqEjr3muhWDBdad8O%2FivvwuPJYuUhYrokiONY9Tyxj2cFKhhNwpwAp66Sszfo9ccHe5CVlVnMgH4%2F%2FObQIW%2FRrnEOaj1cOx0MWPxvKBPc5o38ZvT7Jpvrqz%2FmcAD8jZTEUGsF%2BpkKZ9hRlfNWlgScH7ANG3E3%2FacgdWE74AZLX%2BRBJLNDBTV%2B8kB2uziW0ZxqjK1HzHYfnXoD9g8JXfCdWMaM9sEUEo%2B%2BKWKPwx6N50qF7Y2JPwDP89NKfKFoyw3m0J3BFUdTCGxVYx4ClJOQeo2OyEcQpCHCldmD46E5k43ho3QHZCDbd5BLV1qGuXpGR6zZiYXQwMPkBLD2bhr3q%2BXUSlk4agin96snv3CgxavG9TKCfwF1jb9C859q9Z6mua1LLDXq%2Fl6TYmbPh7w%3D%3D65ef8196d65e245cea029c1de356bb367eacb69e; expires=Sat, 04-Apr-2026 22:24:01 GMT; Max-Age=63072000; path=/; domain=zzb.bz
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1397
Connection: close
Content-Type: text/html; charset=UTF-8
GET

https://zzb.bz/application/files/css/style.css?v=202404050601

msedge.exe

Remote address:

172.105.206.132:443

Request

GET /application/files/css/style.css?v=202404050601 HTTP/1.1
Host: zzb.bz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/css,*/*;q=0.1
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: style
Referer: https://zzb.bz/3fuEh
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: zzbbz=wYf8QdVciuV%2Fpmq9w7U08r1BEGnQ0e3rB%2F%2F3XdirV73P0ZfOND06GlvX0O%2FCWbJCAPZqEjr3muhWDBdad8O%2FivvwuPJYuUhYrokiONY9Tyxj2cFKhhNwpwAp66Sszfo9ccHe5CVlVnMgH4%2F%2FObQIW%2FRrnEOaj1cOx0MWPxvKBPc5o38ZvT7Jpvrqz%2FmcAD8jZTEUGsF%2BpkKZ9hRlfNWlgScH7ANG3E3%2FacgdWE74AZLX%2BRBJLNDBTV%2B8kB2uziW0ZxqjK1HzHYfnXoD9g8JXfCdWMaM9sEUEo%2B%2BKWKPwx6N50qF7Y2JPwDP89NKfKFoyw3m0J3BFUdTCGxVYx4ClJOQeo2OyEcQpCHCldmD46E5k43ho3QHZCDbd5BLV1qGuXpGR6zZiYXQwMPkBLD2bhr3q%2BXUSlk4agin96snv3CgxavG9TKCfwF1jb9C859q9Z6mua1LLDXq%2Fl6TYmbPh7w%3D%3D65ef8196d65e245cea029c1de356bb367eacb69e

Response

HTTP/1.1 200 OK

Date: Thu, 04 Apr 2024 22:24:02 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Tue, 06 Oct 2020 17:56:42 GMT
ETag: "23a4-5b1045253f103-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2522
Connection: close
Content-Type: text/css
DNS

ajax.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

216.58.213.10
GET

https://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js

msedge.exe

Remote address:

216.58.213.10:443

Request

GET /ajax/libs/jquery/1/jquery.min.js HTTP/2.0
host: ajax.googleapis.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://zzb.bz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

0.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.159.190.20.in-addr.arpa

IN PTR

Response
DNS

65.192.122.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.192.122.92.in-addr.arpa

IN PTR

Response

65.192.122.92.in-addr.arpa

IN PTR

a92-122-192-65deploystaticakamaitechnologiescom
DNS

132.206.105.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

132.206.105.172.in-addr.arpa

IN PTR

Response

132.206.105.172.in-addr.arpa

IN PTR

li1860-132memberslinodecom
DNS

pl15851797.highperformancegate.com

msedge.exe

Remote address:

8.8.8.8:53

Request

pl15851797.highperformancegate.com

IN A

Response

pl15851797.highperformancegate.com

IN A

192.243.61.225

pl15851797.highperformancegate.com

IN A

192.243.61.227

pl15851797.highperformancegate.com

IN A

172.240.108.76

pl15851797.highperformancegate.com

IN A

192.243.59.13

pl15851797.highperformancegate.com

IN A

172.240.253.132

pl15851797.highperformancegate.com

IN A

192.243.59.20

pl15851797.highperformancegate.com

IN A

192.243.59.12

pl15851797.highperformancegate.com

IN A

172.240.108.68

pl15851797.highperformancegate.com

IN A

172.240.108.84

pl15851797.highperformancegate.com

IN A

172.240.127.234
DNS

ssl.google-analytics.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

142.250.200.40
GET

https://ssl.google-analytics.com/ga.js

msedge.exe

Remote address:

142.250.200.40:443

Request

GET /ga.js HTTP/2.0
host: ssl.google-analytics.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://zzb.bz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1261737962&utmhn=zzb.bz&utmcs=UTF-8&utmsr=1280x720&utmvp=1263x609&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=ZZB.BZ%20-%20The%20Short%20URL&utmhid=332764121&utmr=-&utmp=%2F3fuEh&utmht=1712269442751&utmac=UA-10339001-2&utmcc=__utma%3D239271496.1679135635.1712269443.1712269443.1712269443.1%3B%2B__utmz%3D239271496.1712269443.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=766961064&utmredir=1&utmu=DAAAAAAAAAAAAAAAAAAAAAAE~

msedge.exe

Remote address:

142.250.200.40:443

Request

GET /r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1261737962&utmhn=zzb.bz&utmcs=UTF-8&utmsr=1280x720&utmvp=1263x609&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=ZZB.BZ%20-%20The%20Short%20URL&utmhid=332764121&utmr=-&utmp=%2F3fuEh&utmht=1712269442751&utmac=UA-10339001-2&utmcc=__utma%3D239271496.1679135635.1712269443.1712269443.1712269443.1%3B%2B__utmz%3D239271496.1712269443.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=766961064&utmredir=1&utmu=DAAAAAAAAAAAAAAAAAAAAAAE~ HTTP/2.0
host: ssl.google-analytics.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://zzb.bz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://pl15851797.highperformancegate.com/d6b35bf991add53e76bf015f2b9ef627/invoke.js

msedge.exe

Remote address:

192.243.61.225:443

Request

GET /d6b35bf991add53e76bf015f2b9ef627/invoke.js HTTP/1.1
Host: pl15851797.highperformancegate.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://zzb.bz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx/1.21.6
Date: Thu, 04 Apr 2024 22:24:03 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
DNS

10.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.213.58.216.in-addr.arpa

IN PTR

Response

10.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f101e100net

10.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f10�H
DNS

40.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.200.250.142.in-addr.arpa

IN PTR

Response

40.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f81e100net
DNS

225.61.243.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.61.243.192.in-addr.arpa

IN PTR

Response
DNS

203.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

203.197.79.204.in-addr.arpa

IN PTR

Response

203.197.79.204.in-addr.arpa

IN PTR

a-0003a-msedgenet
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

225.66.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.66.18.2.in-addr.arpa

IN PTR

Response

225.66.18.2.in-addr.arpa

IN PTR

a2-18-66-225deploystaticakamaitechnologiescom
DNS

43.56.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.56.20.217.in-addr.arpa

IN PTR

Response
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response

172.105.206.132:443

https://zzb.bz/3fuEh

tls, http

msedge.exe

1.8kB
6.1kB
10
11

HTTP Request

GET https://zzb.bz/3fuEh

HTTP Response

200
172.105.206.132:443

https://zzb.bz/application/files/css/style.css?v=202404050601

tls, http

msedge.exe

2.3kB
6.7kB
11
12

HTTP Request

GET https://zzb.bz/application/files/css/style.css?v=202404050601

HTTP Response

200
172.105.206.132:443

zzb.bz

tls

msedge.exe

2.1kB
3.8kB
8
8
172.105.206.132:443

zzb.bz

tls

msedge.exe

2.0kB
1.4kB
8
8
216.58.213.10:443

https://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js

tls, http2

msedge.exe

2.7kB
42.1kB
35
39

HTTP Request

GET https://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js
172.105.206.132:443

zzb.bz

tls

msedge.exe

2.2kB
6.1kB
10
12
172.105.206.132:443

zzb.bz

tls

msedge.exe

2.2kB
9.6kB
10
13
142.250.200.40:443

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1261737962&utmhn=zzb.bz&utmcs=UTF-8&utmsr=1280x720&utmvp=1263x609&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=ZZB.BZ%20-%20The%20Short%20URL&utmhid=332764121&utmr=-&utmp=%2F3fuEh&utmht=1712269442751&utmac=UA-10339001-2&utmcc=__utma%3D239271496.1679135635.1712269443.1712269443.1712269443.1%3B%2B__utmz%3D239271496.1712269443.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=766961064&utmredir=1&utmu=DAAAAAAAAAAAAAAAAAAAAAAE~

tls, http2

msedge.exe

3.0kB
25.6kB
30
33

HTTP Request

GET https://ssl.google-analytics.com/ga.js

HTTP Request

GET https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1261737962&utmhn=zzb.bz&utmcs=UTF-8&utmsr=1280x720&utmvp=1263x609&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=ZZB.BZ%20-%20The%20Short%20URL&utmhid=332764121&utmr=-&utmp=%2F3fuEh&utmht=1712269442751&utmac=UA-10339001-2&utmcc=__utma%3D239271496.1679135635.1712269443.1712269443.1712269443.1%3B%2B__utmz%3D239271496.1712269443.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=766961064&utmredir=1&utmu=DAAAAAAAAAAAAAAAAAAAAAAE~
192.243.61.225:443

https://pl15851797.highperformancegate.com/d6b35bf991add53e76bf015f2b9ef627/invoke.js

tls, http

msedge.exe

1.7kB
4.3kB
11
10

HTTP Request

GET https://pl15851797.highperformancegate.com/d6b35bf991add53e76bf015f2b9ef627/invoke.js

HTTP Response

403
172.105.206.132:443

zzb.bz

tls

msedge.exe

2.3kB
2.2kB
9
8
172.105.206.132:443

zzb.bz

tls

msedge.exe

884 B
515 B
7
8

8.8.8.8:53

zzb.bz

dns

msedge.exe

52 B
68 B
1
1

DNS Request

zzb.bz

DNS Response

172.105.206.132
8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

ajax.googleapis.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

216.58.213.10
8.8.8.8:53

0.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

0.159.190.20.in-addr.arpa
8.8.8.8:53

65.192.122.92.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

65.192.122.92.in-addr.arpa
8.8.8.8:53

132.206.105.172.in-addr.arpa

dns

74 B
117 B
1
1

DNS Request

132.206.105.172.in-addr.arpa
8.8.8.8:53

pl15851797.highperformancegate.com

dns

msedge.exe

80 B
240 B
1
1

DNS Request

pl15851797.highperformancegate.com

DNS Response

192.243.61.225

192.243.61.227

172.240.108.76

192.243.59.13

172.240.253.132

192.243.59.20

192.243.59.12

172.240.108.68

172.240.108.84

172.240.127.234
8.8.8.8:53

ssl.google-analytics.com

dns

msedge.exe

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

142.250.200.40
8.8.8.8:53

10.213.58.216.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

10.213.58.216.in-addr.arpa
8.8.8.8:53

40.200.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

40.200.250.142.in-addr.arpa
8.8.8.8:53

225.61.243.192.in-addr.arpa

dns

73 B
153 B
1
1

DNS Request

225.61.243.192.in-addr.arpa
142.250.200.40:443

ssl.google-analytics.com

https

msedge.exe

3.1kB
6.6kB
5
7
224.0.0.251:5353

580 B
9
8.8.8.8:53

203.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

203.197.79.204.in-addr.arpa
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

225.66.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

225.66.18.2.in-addr.arpa
8.8.8.8:53

43.56.20.217.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

43.56.20.217.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
4ffc28a186f7a2b7b40bd51cdd0b50f3

SHA1
0a639eda60036f894da510c4fdc93ad75058c21b

SHA256
84fd7809fac185a9c47cb90928218f3794422c8a73d90d06bb4417e61ec22fdf

SHA512
e2631c6c8f92d7a16e4610297c19c8f1174002031a9b7eadfc7e8ff939b486e78fc452f4cc36829bf9bfdac7d12a7f020eb96252060d5ee2006ad038b8f90efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
602B

MD5
63575037a84e5335f74a6d39db4c7c85

SHA1
93f4bfbac7d39d9a658495ae0dea162d520aca1e

SHA256
7babb1f77252441362a359d46b3df437bf1dffa490d94bf2dbfc0ae87eb455aa

SHA512
d3366b64d204f4da9d8dc7582a229c09375ccfd944eaf76c8c8146b0f21fdb0638bdbb9232663bfe8037d10b2e63094b7fa949e40208e8ea30599d953f384d76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
88b29c7e64e82f84a6cdb69b98ed7c93

SHA1
5f76f50075e0fbccd1153c4f0ef97ef7808768d8

SHA256
ced04237745bab464ab7115f4c6cf4f92ffd178961f8ef8576288d571900c6f9

SHA512
65a6bc8313721151b8af29e311f83913fcc3f0390be9a3249d077d0118ae27766b6863513cb1c2c763d94bdcc071ae3ef855c5b41f304760729d77a0b56d2cef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5920ebf8d79180e4a366a38722987904

SHA1
7c5631888fa276cb4bc613b1548939d95e471e8d

SHA256
4a219f1ba23127a10dce3e4b76dc3c70030be18bc7bb8743700bcc97dec44cbb

SHA512
d8d93cf2ca2a217e698389fe1eca41b4f4f99dfb67a20ba8ab67260e8d4f4829e0653f6043384e64214fc10d619aa0723f1e0cae06630fdb7d59abd122c14ed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a4881d8de84e0512127f3a983d22039

SHA1
e6bbfab1817195a851be378c35196bdb370e0d36

SHA256
02ee47d96660452d33d107dcf1afe82c8cc3b6db1e40668e729f76827b900f7b

SHA512
5811658d89fc9ac82c8ccbbf7034e6940664c57ad6987671cf89d7696ced235c8f74615035c906ec526cb40c0b8536e8bf3c15190540258538d16dadf22748a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2871875aef0634c27f2da60bf52e0f6e

SHA1
6b792ecbd118b5133b123fe9c82718ea1347225e

SHA256
be6c688b9783b9c4ea46b1d27062ffe36dd7bddefbe13a2aa305cec26dcd37be

SHA512
eb6ff2af62b42f0eaec61ab57c8e23a2c1d91f2890080ace17a4671b7fc3b843e837866a08c7a2b2022d72bcd85f0064c0f8f8cb0f780a7b258fc57708f986a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f8248a859b670f4631d531895bc7c1b6

SHA1
f2290d23cbdaa42a520470a727a0c9f16a766bb3

SHA256
995968eec202c830861cffe7055f89cc4744ce3d60add6b273ba5b73df166e11

SHA512
b93980d47865d1e8ef11072d56fbad046b9bbc5f22022562e388004afb063bc38b12884c1b2fa993fcb26304a5b27fe3988e6926b3af9c7f91dac59430701ba5

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.