6c4d3c37f79a4751f1c3a8ab4612e4a8a205df08e705c76a608d0b06236a8051

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 09:15 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GetFlashInfo_v9.2.0.627_/Readme-ZOL.htm
Size

2KB
MD5

cb3eedb39a4b19375c929dd1ce6a671b
SHA1

c9321aafb5c98195aa35a54ae30f8aed8530d589
SHA256

7a0421963c81fb48f71c8a7727d9f33ec023b574befc6b35981aa388279086d7
SHA512

3dad8489626f5d87c6c0b8747908643a1f59df421821688ac272a19473f73427e707e4cea981fd1274d03ab597d22758f7c91f575369b15e7ab795d01c88e12e

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
1176	msedge.exe
1176	msedge.exe
3192	identity_helper.exe
3192	identity_helper.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 3244	1176	msedge.exe	82
PID 1176 wrote to memory of 3244	1176	msedge.exe	82
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 3152	1176	msedge.exe	84
PID 1176 wrote to memory of 4260	1176	msedge.exe	85
PID 1176 wrote to memory of 4260	1176	msedge.exe	85
PID 1176 wrote to memory of 4008	1176	msedge.exe	86
PID 1176 wrote to memory of 4008	1176	msedge.exe	86
PID 1176 wrote to memory of 4008	1176	msedge.exe	86
PID 1176 wrote to memory of 4008	1176	msedge.exe	86
PID 1176 wrote to memory of 4008	1176	msedge.exe	86
PID 1176 wrote to memory of 4008	1176	msedge.exe	86
PID 1176 wrote to memory of 4008	1176	msedge.exe	86
PID 1176 wrote to memory of 4008	1176	msedge.exe	86
PID 1176 wrote to memory of 4008	1176	msedge.exe	86
PID 1176 wrote to memory of 4008	1176	msedge.exe	86
PID 1176 wrote to memory of 4008	1176	msedge.exe	86
PID 1176 wrote to memory of 4008	1176	msedge.exe	86
PID 1176 wrote to memory of 4008	1176	msedge.exe	86
PID 1176 wrote to memory of 4008	1176	msedge.exe	86
PID 1176 wrote to memory of 4008	1176	msedge.exe	86
PID 1176 wrote to memory of 4008	1176	msedge.exe	86
PID 1176 wrote to memory of 4008	1176	msedge.exe	86
PID 1176 wrote to memory of 4008	1176	msedge.exe	86
PID 1176 wrote to memory of 4008	1176	msedge.exe	86
PID 1176 wrote to memory of 4008	1176	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\GetFlashInfo_v9.2.0.627_\Readme-ZOL.htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8b8946f8,0x7ffc8b894708,0x7ffc8b894718
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,471369690160319229,14936941578208438044,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,471369690160319229,14936941578208438044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,471369690160319229,14936941578208438044,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,471369690160319229,14936941578208438044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,471369690160319229,14936941578208438044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,471369690160319229,14936941578208438044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,471369690160319229,14936941578208438044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,471369690160319229,14936941578208438044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,471369690160319229,14936941578208438044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,471369690160319229,14936941578208438044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,471369690160319229,14936941578208438044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,471369690160319229,14936941578208438044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2296 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,471369690160319229,14936941578208438044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,471369690160319229,14936941578208438044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,471369690160319229,14936941578208438044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,471369690160319229,14936941578208438044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,471369690160319229,14936941578208438044,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3828

Network

DNS

digital.zol.com.cn

msedge.exe

Remote address:

8.8.8.8:53

Request

digital.zol.com.cn

IN A

Response

digital.zol.com.cn

IN CNAME

img.zol.com.cn

img.zol.com.cn

IN CNAME

img.zol.com.cn.zcdn.com.cn

img.zol.com.cn.zcdn.com.cn

IN CNAME

img.zol.com.cn.wswebpic.com

img.zol.com.cn.wswebpic.com

IN A

138.113.101.20

img.zol.com.cn.wswebpic.com

IN A

163.171.129.134
GET

http://digital.zol.com.cn/51_module_images/8/4bda6e8a6449c.jpg

msedge.exe

Remote address:

138.113.101.20:80

Request

GET /51_module_images/8/4bda6e8a6449c.jpg HTTP/1.1
Host: digital.zol.com.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Mon, 29 Apr 2024 09:15:21 GMT
Content-Type: image/jpeg
Content-Length: 9295
Connection: keep-alive
Expires: Thu, 27 Apr 2034 09:15:21 GMT
Server: ZTS
Last-Modified: Thu, 01 Nov 2012 15:40:30 GMT
Accept-Ranges: bytes
Cache-Control: max-age=315360000
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Via: http/1.1 zats (zats1 [cMsSfW]), http/1.0 Z-cnc-hf (zcache-cnc-hf [cHs f ])
X-Via: 1.1 PSrbJP1jg79:7 (Cdn Cache Server V2.0), 1.1 PSygldLON4vx61:18 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 662f6529_PSygldLON4vx61_36377-42397
DNS

75.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.159.190.20.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8ByOWj3B3bK1kA-Hk5IClDTVUCUxxFZL2fNzRePpOTSGjmbLrlU6DMoca-wpoC-Sq_U1Zq1L5LxDs4Imp6dqnuMIrgsaptcHanQ4L3hbKvKq1-RRdqo3zk2jFOpu1B_NtbJwASl7tP7cUsgytBb8AKdaDLJmkhyGteytGKkLnG4G1H5pf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3D870fb6e2f37e146f3ba5d0c954a7d436&TIME=20240426T131121Z&CID=531035994&EID=531035994&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8ByOWj3B3bK1kA-Hk5IClDTVUCUxxFZL2fNzRePpOTSGjmbLrlU6DMoca-wpoC-Sq_U1Zq1L5LxDs4Imp6dqnuMIrgsaptcHanQ4L3hbKvKq1-RRdqo3zk2jFOpu1B_NtbJwASl7tP7cUsgytBb8AKdaDLJmkhyGteytGKkLnG4G1H5pf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3D870fb6e2f37e146f3ba5d0c954a7d436&TIME=20240426T131121Z&CID=531035994&EID=531035994&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=3C7DC161257B6BD62372D511249B6A86; domain=.bing.com; expires=Sat, 24-May-2025 09:15:21 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0EC2B39B16AF40EE93264EEA347A07FC Ref B: LON04EDGE1009 Ref C: 2024-04-29T09:15:21Z
date: Mon, 29 Apr 2024 09:15:21 GMT
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8ByOWj3B3bK1kA-Hk5IClDTVUCUxxFZL2fNzRePpOTSGjmbLrlU6DMoca-wpoC-Sq_U1Zq1L5LxDs4Imp6dqnuMIrgsaptcHanQ4L3hbKvKq1-RRdqo3zk2jFOpu1B_NtbJwASl7tP7cUsgytBb8AKdaDLJmkhyGteytGKkLnG4G1H5pf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3D870fb6e2f37e146f3ba5d0c954a7d436&TIME=20240426T131121Z&CID=531035994&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8ByOWj3B3bK1kA-Hk5IClDTVUCUxxFZL2fNzRePpOTSGjmbLrlU6DMoca-wpoC-Sq_U1Zq1L5LxDs4Imp6dqnuMIrgsaptcHanQ4L3hbKvKq1-RRdqo3zk2jFOpu1B_NtbJwASl7tP7cUsgytBb8AKdaDLJmkhyGteytGKkLnG4G1H5pf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3D870fb6e2f37e146f3ba5d0c954a7d436&TIME=20240426T131121Z&CID=531035994&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3C7DC161257B6BD62372D511249B6A86; _EDGE_S=SID=36797BCB2CBD62A52F446FBB2D1E63C1

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=8lwWLE8c3ZvZu4fRj3oT0xlVtiGiALCY8SbffiM3XzM; domain=.bing.com; expires=Sat, 24-May-2025 09:15:22 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 81348D174C154B3FB09812A960711896 Ref B: LON04EDGE1009 Ref C: 2024-04-29T09:15:22Z
date: Mon, 29 Apr 2024 09:15:21 GMT
GET

https://www.bing.com/aes/c.gif?RG=281a180c1d7c40a390654fdb43028849&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131121Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038

Remote address:

23.62.61.121:443

Request

GET /aes/c.gif?RG=281a180c1d7c40a390654fdb43028849&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131121Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3C7DC161257B6BD62372D511249B6A86

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0F51D04E2812417F9A4EC24E83C04703 Ref B: AMS04EDGE1613 Ref C: 2024-04-29T09:15:22Z
content-length: 0
date: Mon, 29 Apr 2024 09:15:22 GMT
set-cookie: _EDGE_S=SID=36797BCB2CBD62A52F446FBB2D1E63C1; path=/; httponly; domain=bing.com
set-cookie: MUIDB=3C7DC161257B6BD62372D511249B6A86; path=/; httponly; expires=Sat, 24-May-2025 09:15:22 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.753d3e17.1714382122.24a95a87
DNS

133.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.190.18.2.in-addr.arpa

IN PTR

Response

133.190.18.2.in-addr.arpa

IN PTR

a2-18-190-133deploystaticakamaitechnologiescom
DNS

20.101.113.138.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.101.113.138.in-addr.arpa

IN PTR

Response
DNS

20.101.113.138.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.101.113.138.in-addr.arpa

IN PTR

Response
DNS

20.101.113.138.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.101.113.138.in-addr.arpa

IN PTR

Response
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

121.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

121.61.62.23.in-addr.arpa

IN PTR

Response

121.61.62.23.in-addr.arpa

IN PTR

a23-62-61-121deploystaticakamaitechnologiescom
DNS

xiazai.zol.com.cn

msedge.exe

Remote address:

8.8.8.8:53

Request

xiazai.zol.com.cn

IN A

Response

xiazai.zol.com.cn

IN A

110.43.213.99
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

192.142.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

192.142.123.92.in-addr.arpa

IN PTR

Response

192.142.123.92.in-addr.arpa

IN PTR

a92-123-142-192deploystaticakamaitechnologiescom
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response

138.113.101.20:80

http://digital.zol.com.cn/51_module_images/8/4bda6e8a6449c.jpg

http

msedge.exe

845 B
10.6kB
10
13

HTTP Request

GET http://digital.zol.com.cn/51_module_images/8/4bda6e8a6449c.jpg

HTTP Response

200
138.113.101.20:80

digital.zol.com.cn

msedge.exe

236 B
144 B
5
3
204.79.197.237:443

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8ByOWj3B3bK1kA-Hk5IClDTVUCUxxFZL2fNzRePpOTSGjmbLrlU6DMoca-wpoC-Sq_U1Zq1L5LxDs4Imp6dqnuMIrgsaptcHanQ4L3hbKvKq1-RRdqo3zk2jFOpu1B_NtbJwASl7tP7cUsgytBb8AKdaDLJmkhyGteytGKkLnG4G1H5pf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3D870fb6e2f37e146f3ba5d0c954a7d436&TIME=20240426T131121Z&CID=531035994&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949

tls, http2

2.6kB
9.0kB
19
16

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8ByOWj3B3bK1kA-Hk5IClDTVUCUxxFZL2fNzRePpOTSGjmbLrlU6DMoca-wpoC-Sq_U1Zq1L5LxDs4Imp6dqnuMIrgsaptcHanQ4L3hbKvKq1-RRdqo3zk2jFOpu1B_NtbJwASl7tP7cUsgytBb8AKdaDLJmkhyGteytGKkLnG4G1H5pf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3D870fb6e2f37e146f3ba5d0c954a7d436&TIME=20240426T131121Z&CID=531035994&EID=531035994&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8ByOWj3B3bK1kA-Hk5IClDTVUCUxxFZL2fNzRePpOTSGjmbLrlU6DMoca-wpoC-Sq_U1Zq1L5LxDs4Imp6dqnuMIrgsaptcHanQ4L3hbKvKq1-RRdqo3zk2jFOpu1B_NtbJwASl7tP7cUsgytBb8AKdaDLJmkhyGteytGKkLnG4G1H5pf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3D870fb6e2f37e146f3ba5d0c954a7d436&TIME=20240426T131121Z&CID=531035994&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949

HTTP Response

204
23.62.61.121:443

https://www.bing.com/aes/c.gif?RG=281a180c1d7c40a390654fdb43028849&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131121Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038

tls, http2

1.4kB
5.3kB
16
11

HTTP Request

GET https://www.bing.com/aes/c.gif?RG=281a180c1d7c40a390654fdb43028849&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131121Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038

HTTP Response

200
110.43.213.99:80

xiazai.zol.com.cn

msedge.exe

260 B
5
110.43.213.99:80

xiazai.zol.com.cn

msedge.exe

260 B
5
110.43.213.99:80

xiazai.zol.com.cn

msedge.exe

260 B
5
110.43.213.99:80

xiazai.zol.com.cn

msedge.exe

260 B
5
110.43.213.99:80

xiazai.zol.com.cn

msedge.exe

260 B
5
110.43.213.99:80

xiazai.zol.com.cn

msedge.exe

260 B
5
110.43.213.99:80

xiazai.zol.com.cn

msedge.exe

260 B
5
110.43.213.99:80

xiazai.zol.com.cn

msedge.exe

260 B
5
110.43.213.99:80

xiazai.zol.com.cn

msedge.exe

260 B
5
52.111.229.48:443

322 B
7
110.43.213.99:80

xiazai.zol.com.cn

msedge.exe

260 B
5
110.43.213.99:80

xiazai.zol.com.cn

msedge.exe

260 B
5
110.43.213.99:80

xiazai.zol.com.cn

msedge.exe

260 B
5

8.8.8.8:53

digital.zol.com.cn

dns

msedge.exe

64 B
189 B
1
1

DNS Request

digital.zol.com.cn

DNS Response

138.113.101.20

163.171.129.134
8.8.8.8:53

75.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

75.159.190.20.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

133.190.18.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

133.190.18.2.in-addr.arpa
8.8.8.8:53

20.101.113.138.in-addr.arpa

dns

219 B
219 B
3
3

DNS Request

20.101.113.138.in-addr.arpa

DNS Request

20.101.113.138.in-addr.arpa

DNS Request

20.101.113.138.in-addr.arpa
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
224.0.0.251:5353

508 B
8
8.8.8.8:53

121.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

121.61.62.23.in-addr.arpa
8.8.8.8:53

xiazai.zol.com.cn

dns

msedge.exe

63 B
79 B
1
1

DNS Request

xiazai.zol.com.cn

DNS Response

110.43.213.99
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

192.142.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

192.142.123.92.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa
8.8.8.8:53

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93bfc716d8301b2225b943e4141d722f

SHA1
f08643e5fab97fbe62a3df53d07bc85aa5e4d466

SHA256
4e0866eaa1b12206fea1e614584b3b5116e55e89a7cc1e2a3f9359fb7272045e

SHA512
0ca1f0e8c061e60bb11b4f0849d2ece357e9040f1e191d60fafe1799fe0031ce199f35d49a2e0d62a1ab5d761cfc16110d80cf1d1966de8362cbf4c5aa83273d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1655cd7915ca8b536b7a972fe23868f5

SHA1
f30d68b6d466fe017f70569ca4df6e09447dafde

SHA256
2aaaeb5d712bb4a9cbb358c6ff865c043af8910e853eae7af2cf0b5287ae5728

SHA512
87b28591a3bfc6a127ded393d295c3b41100701b528eea90cfb569654da4ff06ddc1d57a5cc568b8b081f7d54b752d92f68953ea325e5bfa4e40b7892aacd504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd67a975705ba6ec53111335751e2650

SHA1
5c37b39f54747f712eca060ef0270035c015edb1

SHA256
5f18ea7e9474727a6e601c73137520c936801820fe8fa80852a7336ef8b259e8

SHA512
063b1ca4d13574d730dcd602124ff7a85872c522b1127adf2ae3bbbc4dc258e3a37f5255d580803c392912313bc2155f4c3b903acb90c2b8e79647df65ceaeba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4bec56048d4b6bc055d035f5334a78e6

SHA1
83465de2cd04f2eeee4197388fae158505e2269d

SHA256
30e21da2c073c36f7c7808c588831aff4b11766ebd9acb6b5f3377aa616cc032

SHA512
ad7a71a34acffc18101cc9072d915f6adceda5ecdd85158a089890d94212a8053f8d7b428acb64021787888d6c65957404fe1ac4b68e1b4622631cd3f353200c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.