hxxps://www[.]wixsite[.]com/_api/invoice/2e2a5a14-e43c-467e-8e24-878e7e41cc58[:]a803af1c-7dd6-4a14-977a-062311ec44d8/view?token=dee0c81d-a2cf-4699-94df-dc31c781c707

Resubmissions

27/09/2024, 07:23 UTC

240927-h73bbs1fjp 3

25/09/2024, 06:40 UTC

240925-he8yeatdld 6

25/09/2024, 06:28 UTC

240925-g8ljjashrb 3

25/09/2024, 06:13 UTC

240925-gyzneasdrc 1

25/09/2024, 06:10 UTC

240925-gxdpjszajj 3

25/09/2024, 06:06 UTC

240925-gt4rkascnc 3

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 07:23 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.wixsite.com/_api/invoice/2e2a5a14-e43c-467e-8e24-878e7e41cc58:a803af1c-7dd6-4a14-977a-062311ec44d8/view?token=dee0c81d-a2cf-4699-94df-dc31c781c707

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
3936	msedge.exe
3936	msedge.exe
4228	identity_helper.exe
4228	identity_helper.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3936 wrote to memory of 1416	3936	msedge.exe	82
PID 3936 wrote to memory of 1416	3936	msedge.exe	82
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 3860	3936	msedge.exe	83
PID 3936 wrote to memory of 4812	3936	msedge.exe	84
PID 3936 wrote to memory of 4812	3936	msedge.exe	84
PID 3936 wrote to memory of 2316	3936	msedge.exe	85
PID 3936 wrote to memory of 2316	3936	msedge.exe	85
PID 3936 wrote to memory of 2316	3936	msedge.exe	85
PID 3936 wrote to memory of 2316	3936	msedge.exe	85
PID 3936 wrote to memory of 2316	3936	msedge.exe	85
PID 3936 wrote to memory of 2316	3936	msedge.exe	85
PID 3936 wrote to memory of 2316	3936	msedge.exe	85
PID 3936 wrote to memory of 2316	3936	msedge.exe	85
PID 3936 wrote to memory of 2316	3936	msedge.exe	85
PID 3936 wrote to memory of 2316	3936	msedge.exe	85
PID 3936 wrote to memory of 2316	3936	msedge.exe	85
PID 3936 wrote to memory of 2316	3936	msedge.exe	85
PID 3936 wrote to memory of 2316	3936	msedge.exe	85
PID 3936 wrote to memory of 2316	3936	msedge.exe	85
PID 3936 wrote to memory of 2316	3936	msedge.exe	85
PID 3936 wrote to memory of 2316	3936	msedge.exe	85
PID 3936 wrote to memory of 2316	3936	msedge.exe	85
PID 3936 wrote to memory of 2316	3936	msedge.exe	85
PID 3936 wrote to memory of 2316	3936	msedge.exe	85
PID 3936 wrote to memory of 2316	3936	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.wixsite.com/_api/invoice/2e2a5a14-e43c-467e-8e24-878e7e41cc58:a803af1c-7dd6-4a14-977a-062311ec44d8/view?token=dee0c81d-a2cf-4699-94df-dc31c781c707
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2f8c46f8,0x7ffa2f8c4708,0x7ffa2f8c4718
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,957188918682882367,3131121778280413235,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,957188918682882367,3131121778280413235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,957188918682882367,3131121778280413235,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,957188918682882367,3131121778280413235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,957188918682882367,3131121778280413235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,957188918682882367,3131121778280413235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,957188918682882367,3131121778280413235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,957188918682882367,3131121778280413235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,957188918682882367,3131121778280413235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,957188918682882367,3131121778280413235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,957188918682882367,3131121778280413235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,957188918682882367,3131121778280413235,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5004 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4128

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

www.wixsite.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.wixsite.com

IN A

Response

www.wixsite.com

IN CNAME

username-ccm.wix.com

username-ccm.wix.com

IN CNAME

username-ccm-206-118.wix.com

username-ccm-206-118.wix.com

IN A

34.144.206.118
GET

https://www.wixsite.com/_api/invoice/2e2a5a14-e43c-467e-8e24-878e7e41cc58:a803af1c-7dd6-4a14-977a-062311ec44d8/view?token=dee0c81d-a2cf-4699-94df-dc31c781c707

msedge.exe

Remote address:

34.144.206.118:443

Request

GET /_api/invoice/2e2a5a14-e43c-467e-8e24-878e7e41cc58:a803af1c-7dd6-4a14-977a-062311ec44d8/view?token=dee0c81d-a2cf-4699-94df-dc31c781c707 HTTP/2.0
host: www.wixsite.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

118.206.144.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

118.206.144.34.in-addr.arpa

IN PTR

Response

118.206.144.34.in-addr.arpa

IN PTR

11820614434bcgoogleusercontentcom
DNS

77.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

77.190.18.2.in-addr.arpa

IN PTR

Response

77.190.18.2.in-addr.arpa

IN PTR

a2-18-190-77deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

74.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.32.126.40.in-addr.arpa

IN PTR

Response
DNS

static.parastorage.com

msedge.exe

Remote address:

8.8.8.8:53

Request

static.parastorage.com

IN A

Response

static.parastorage.com

IN CNAME

static-external.parastorage.com

static-external.parastorage.com

IN CNAME

td-static-34-49-229-81.parastorage.com

td-static-34-49-229-81.parastorage.com

IN A

34.49.229.81
DNS

cdn.ravenjs.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn.ravenjs.com

IN A

Response

cdn.ravenjs.com

IN A

151.101.66.217

cdn.ravenjs.com

IN A

151.101.2.217

cdn.ravenjs.com

IN A

151.101.130.217

cdn.ravenjs.com

IN A

151.101.194.217
GET

https://cdn.ravenjs.com/3.24.2/raven.min.js

msedge.exe

Remote address:

151.101.66.217:443

Request

GET /3.24.2/raven.min.js HTTP/2.0
host: cdn.ravenjs.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://www.wixsite.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.wixsite.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Wed, 18 Apr 2018 11:46:49 GMT
etag: "f1ba4f93c0582ba936494fa7a5d84908"
content-type: application/javascript; charset=UTF-8
content-encoding: gzip
accept-ranges: bytes
date: Fri, 27 Sep 2024 07:23:48 GMT
age: 13819
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
timing-allow-origin: *
cache-control: public, max-age=31536000
content-length: 13238
GET

https://static.parastorage.com/services/third-party/fonts/Helvetica/fontFace.css

msedge.exe

Remote address:

34.49.229.81:443

Request

GET /services/third-party/fonts/Helvetica/fontFace.css HTTP/2.0
host: static.parastorage.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.wixsite.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://static.parastorage.com/services/price-quotes-server/1.1331.631/invoice-view.min.css

msedge.exe

Remote address:

34.49.229.81:443

Request

GET /services/price-quotes-server/1.1331.631/invoice-view.min.css HTTP/2.0
host: static.parastorage.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.wixsite.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://static.parastorage.com/services/price-quotes-server/1.1331.631/commons.min.css

msedge.exe

Remote address:

34.49.229.81:443

Request

GET /services/price-quotes-server/1.1331.631/commons.min.css HTTP/2.0
host: static.parastorage.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.wixsite.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://static.parastorage.com/unpkg/@wix/wix-fonts@1.9.3/madefor.min.css

msedge.exe

Remote address:

34.49.229.81:443

Request

GET /unpkg/@wix/wix-fonts@1.9.3/madefor.min.css HTTP/2.0
host: static.parastorage.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.wixsite.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://static.parastorage.com/polyfill/v2/polyfill.min.js?features=default,es6,es7,es2017&flags=gated&unknown=polyfill&rum=0

msedge.exe

Remote address:

34.49.229.81:443

Request

GET /polyfill/v2/polyfill.min.js?features=default,es6,es7,es2017&flags=gated&unknown=polyfill&rum=0 HTTP/2.0
host: static.parastorage.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.wixsite.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://static.parastorage.com/services/cookie-consent-policy-client/1.866.0/app.bundle.min.js

msedge.exe

Remote address:

34.49.229.81:443

Request

GET /services/cookie-consent-policy-client/1.866.0/app.bundle.min.js HTTP/2.0
host: static.parastorage.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.wixsite.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://static.parastorage.com/services/price-quotes-server/1.1331.631/commons.bundle.min.js

msedge.exe

Remote address:

34.49.229.81:443

Request

GET /services/price-quotes-server/1.1331.631/commons.bundle.min.js HTTP/2.0
host: static.parastorage.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.wixsite.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://static.parastorage.com/unpkg/react-dom@16.8.3/umd/react-dom.production.min.js

msedge.exe

Remote address:

34.49.229.81:443

Request

GET /unpkg/react-dom@16.8.3/umd/react-dom.production.min.js HTTP/2.0
host: static.parastorage.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.wixsite.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://static.parastorage.com/unpkg/react@16.8.3/umd/react.production.min.js

msedge.exe

Remote address:

34.49.229.81:443

Request

GET /unpkg/react@16.8.3/umd/react.production.min.js HTTP/2.0
host: static.parastorage.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.wixsite.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://static.parastorage.com/services/price-quotes-server/1.1331.631/invoice-view.bundle.min.js

msedge.exe

Remote address:

34.49.229.81:443

Request

GET /services/price-quotes-server/1.1331.631/invoice-view.bundle.min.js HTTP/2.0
host: static.parastorage.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.wixsite.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

217.66.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.66.101.151.in-addr.arpa

IN PTR

Response
DNS

81.229.49.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.229.49.34.in-addr.arpa

IN PTR

Response

81.229.49.34.in-addr.arpa

IN PTR

812294934bcgoogleusercontentcom
DNS

226.21.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.21.18.104.in-addr.arpa

IN PTR

Response
DNS

frog.wix.com

msedge.exe

Remote address:

8.8.8.8:53

Request

frog.wix.com

IN A

Response

frog.wix.com

IN CNAME

bi-flogger-alb-ext-343643057.us-east-1.elb.amazonaws.com

bi-flogger-alb-ext-343643057.us-east-1.elb.amazonaws.com

IN A

3.226.194.193

bi-flogger-alb-ext-343643057.us-east-1.elb.amazonaws.com

IN A

52.45.160.169

bi-flogger-alb-ext-343643057.us-east-1.elb.amazonaws.com

IN A

44.193.186.194

bi-flogger-alb-ext-343643057.us-east-1.elb.amazonaws.com

IN A

50.17.183.161

bi-flogger-alb-ext-343643057.us-east-1.elb.amazonaws.com

IN A

35.171.58.3

bi-flogger-alb-ext-343643057.us-east-1.elb.amazonaws.com

IN A

3.214.242.45
POST

https://frog.wix.com/dash?_brandId=wix&_siteBranchId=undefined&_ms=2908&_isHeadless=undefined&_hostingPlatform=undefined&_lv=2.0.985%7CC&src=5&evid=406&invoice_id=a803af1c-7dd6-4a14-977a-062311ec44d8&paid=false&origin=customer&is_visible=true&paymentType=One%20Time&invoiceSource=13ee94c1-b635-8505-3391-97919052c16f&msid=8f105f65-b404-4d67-b61a-4285756cf659&uuid=8d5b2c33-a1de-429a-b3ec-eb949c2f2227&_isca=1&_iscf=1&_ispd=0&_ise=0&_=17274218276590

msedge.exe

Remote address:

3.226.194.193:443

Request

POST /dash?_brandId=wix&_siteBranchId=undefined&_ms=2908&_isHeadless=undefined&_hostingPlatform=undefined&_lv=2.0.985%7CC&src=5&evid=406&invoice_id=a803af1c-7dd6-4a14-977a-062311ec44d8&paid=false&origin=customer&is_visible=true&paymentType=One%20Time&invoiceSource=13ee94c1-b635-8505-3391-97919052c16f&msid=8f105f65-b404-4d67-b61a-4285756cf659&uuid=8d5b2c33-a1de-429a-b3ec-eb949c2f2227&_isca=1&_iscf=1&_ispd=0&_ise=0&_=17274218276590 HTTP/2.0
host: frog.wix.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.wixsite.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.wixsite.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Fri, 27 Sep 2024 07:23:49 GMT
server: nginx
access-control-allow-origin: https://www.wixsite.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
POST

https://frog.wix.com/fed

msedge.exe

Remote address:

3.226.194.193:443

Request

POST /fed HTTP/2.0
host: frog.wix.com
content-length: 663
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.wixsite.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.wixsite.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Fri, 27 Sep 2024 07:23:49 GMT
server: nginx
access-control-allow-origin: https://www.wixsite.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
DNS

manage.wix.com

msedge.exe

Remote address:

8.8.8.8:53

Request

manage.wix.com

IN A

Response

manage.wix.com

IN CNAME

editor.wix.com

editor.wix.com

IN CNAME

glb-editor.wix.com

glb-editor.wix.com

IN A

34.149.206.255
GET

https://manage.wix.com/favicon.ico

msedge.exe

Remote address:

34.149.206.255:443

Request

GET /favicon.ico HTTP/2.0
host: manage.wix.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.wixsite.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

193.194.226.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

193.194.226.3.in-addr.arpa

IN PTR

Response

193.194.226.3.in-addr.arpa

IN PTR

ec2-3-226-194-193 compute-1 amazonawscom
DNS

255.206.149.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

255.206.149.34.in-addr.arpa

IN PTR

Response

255.206.149.34.in-addr.arpa

IN PTR

25520614934bcgoogleusercontentcom
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

197.87.175.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

197.87.175.4.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

71.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.190.18.2.in-addr.arpa

IN PTR

Response

71.190.18.2.in-addr.arpa

IN PTR

a2-18-190-71deploystaticakamaitechnologiescom
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

22.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.236.111.52.in-addr.arpa

IN PTR

Response

34.144.206.118:443

https://www.wixsite.com/_api/invoice/2e2a5a14-e43c-467e-8e24-878e7e41cc58:a803af1c-7dd6-4a14-977a-062311ec44d8/view?token=dee0c81d-a2cf-4699-94df-dc31c781c707

tls, http2

msedge.exe

2.9kB
55.5kB
36
56

HTTP Request

GET https://www.wixsite.com/_api/invoice/2e2a5a14-e43c-467e-8e24-878e7e41cc58:a803af1c-7dd6-4a14-977a-062311ec44d8/view?token=dee0c81d-a2cf-4699-94df-dc31c781c707
151.101.66.217:443

https://cdn.ravenjs.com/3.24.2/raven.min.js

tls, http2

msedge.exe

2.2kB
19.8kB
24
25

HTTP Request

GET https://cdn.ravenjs.com/3.24.2/raven.min.js

HTTP Response

200
34.49.229.81:443

static.parastorage.com

tls, http2

msedge.exe

943 B
4.0kB
8
7
34.49.229.81:443

static.parastorage.com

tls

msedge.exe

839 B
3.3kB
7
6
34.49.229.81:443

static.parastorage.com

tls

msedge.exe

885 B
3.3kB
8
6
34.49.229.81:443

https://static.parastorage.com/services/price-quotes-server/1.1331.631/invoice-view.bundle.min.js

tls, http2

msedge.exe

12.6kB
478.0kB
230
360

HTTP Request

GET https://static.parastorage.com/services/third-party/fonts/Helvetica/fontFace.css

HTTP Request

GET https://static.parastorage.com/services/price-quotes-server/1.1331.631/invoice-view.min.css

HTTP Request

GET https://static.parastorage.com/services/price-quotes-server/1.1331.631/commons.min.css

HTTP Request

GET https://static.parastorage.com/unpkg/@wix/wix-fonts@1.9.3/madefor.min.css

HTTP Request

GET https://static.parastorage.com/polyfill/v2/polyfill.min.js?features=default,es6,es7,es2017&flags=gated&unknown=polyfill&rum=0

HTTP Request

GET https://static.parastorage.com/services/cookie-consent-policy-client/1.866.0/app.bundle.min.js

HTTP Request

GET https://static.parastorage.com/services/price-quotes-server/1.1331.631/commons.bundle.min.js

HTTP Request

GET https://static.parastorage.com/unpkg/react-dom@16.8.3/umd/react-dom.production.min.js

HTTP Request

GET https://static.parastorage.com/unpkg/react@16.8.3/umd/react.production.min.js

HTTP Request

GET https://static.parastorage.com/services/price-quotes-server/1.1331.631/invoice-view.bundle.min.js
34.49.229.81:443

static.parastorage.com

tls, http2

msedge.exe

943 B
4.0kB
8
7
34.49.229.81:443

static.parastorage.com

tls, http2

msedge.exe

943 B
4.0kB
8
7
3.226.194.193:443

https://frog.wix.com/fed

tls, http2

msedge.exe

2.9kB
7.7kB
16
17

HTTP Request

POST https://frog.wix.com/dash?_brandId=wix&_siteBranchId=undefined&_ms=2908&_isHeadless=undefined&_hostingPlatform=undefined&_lv=2.0.985%7CC&src=5&evid=406&invoice_id=a803af1c-7dd6-4a14-977a-062311ec44d8&paid=false&origin=customer&is_visible=true&paymentType=One%20Time&invoiceSource=13ee94c1-b635-8505-3391-97919052c16f&msid=8f105f65-b404-4d67-b61a-4285756cf659&uuid=8d5b2c33-a1de-429a-b3ec-eb949c2f2227&_isca=1&_iscf=1&_ispd=0&_ise=0&_=17274218276590

HTTP Request

POST https://frog.wix.com/fed

HTTP Response

204

HTTP Response

204
34.149.206.255:443

https://manage.wix.com/favicon.ico

tls, http2

msedge.exe

1.8kB
8.5kB
15
17

HTTP Request

GET https://manage.wix.com/favicon.ico
3.226.194.193:443

frog.wix.com

msedge.exe

98 B
52 B
2
1

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

www.wixsite.com

dns

msedge.exe

61 B
143 B
1
1

DNS Request

www.wixsite.com

DNS Response

34.144.206.118
8.8.8.8:53

118.206.144.34.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

118.206.144.34.in-addr.arpa
8.8.8.8:53

77.190.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

77.190.18.2.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

74.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

74.32.126.40.in-addr.arpa
8.8.8.8:53

static.parastorage.com

dns

msedge.exe

68 B
151 B
1
1

DNS Request

static.parastorage.com

DNS Response

34.49.229.81
8.8.8.8:53

cdn.ravenjs.com

dns

msedge.exe

61 B
125 B
1
1

DNS Request

cdn.ravenjs.com

DNS Response

151.101.66.217

151.101.2.217

151.101.130.217

151.101.194.217
34.49.229.81:443

static.parastorage.com

https

msedge.exe

1.7kB
4.0kB
4
6
8.8.8.8:53

217.66.101.151.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

217.66.101.151.in-addr.arpa
8.8.8.8:53

81.229.49.34.in-addr.arpa

dns

71 B
122 B
1
1

DNS Request

81.229.49.34.in-addr.arpa
8.8.8.8:53

226.21.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

226.21.18.104.in-addr.arpa
8.8.8.8:53

frog.wix.com

dns

msedge.exe

58 B
221 B
1
1

DNS Request

frog.wix.com

DNS Response

3.226.194.193

52.45.160.169

44.193.186.194

50.17.183.161

35.171.58.3

3.214.242.45
34.49.229.81:443

static.parastorage.com

https

msedge.exe

2.9kB
30.7kB
16
27
8.8.8.8:53

manage.wix.com

dns

msedge.exe

60 B
122 B
1
1

DNS Request

manage.wix.com

DNS Response

34.149.206.255
8.8.8.8:53

193.194.226.3.in-addr.arpa

dns

72 B
127 B
1
1

DNS Request

193.194.226.3.in-addr.arpa
8.8.8.8:53

255.206.149.34.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

255.206.149.34.in-addr.arpa
224.0.0.251:5353

531 B
8
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

197.87.175.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

197.87.175.4.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

71.190.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

71.190.18.2.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

22.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

22.236.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
98129e748f59fe5114c4d7f1267414ad

SHA1
3c82992789bed533e2ecbd26b34bdbe2cda4d1f2

SHA256
51de79fb801eca966748ffd03f04f01569057119777ee3f1bb25a9a3ce4661f2

SHA512
77f627f8ad07b95382c29251b8a3c0daed564560b4a049bfa49619fea72863f2c7ac5ea85ab5aeaa0cf64a2dfb2e7d0820faf66bcc5413fb0b557c6c7e3f439f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
932B

MD5
13b2df0c14f70c38eceedfd0e4985bda

SHA1
77a6a5cf50fd9944e2f3e0e468dc63057a1de7bd

SHA256
470f8fd2ff93a21aa4564a6d3ae56d5001a3a47c770a5666ca6e45f44437c5bf

SHA512
5ad96978f5a54c8bbcbbc4684728344ab70ccfc1ff53093950e523c5c4037cd8dea6d0857bb996bb81ecb2cb24f0a8e368366c3db344414f17b855f5b5cdc36b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d380d557a8990f0ffa27f012cf76b96b

SHA1
11dff7554eee777dcd4ea4d88bca3286f5f445cb

SHA256
0fd2c8743ce8c813deaa959ae7ada1a3fb574f59aa26e82b2891c9c8653b0a71

SHA512
c5aa84c41f9e00921921b1c2d77afbf0277cce4d9f79bd3e0d48e628c7a6ecdfddf2a00faf9c6f35b47309c9f520e01f0f7ff736e2798bec75a17c26080d8318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
47cf358a73d2f43072007e8a50da5784

SHA1
07ecdac662e9fd0e9d943418d2d292a2ad9cf4a0

SHA256
2dc125e60d12ce966e5273b089567c48ddc908d7aeaad4c2d1e44ec50c1c211f

SHA512
f9b963dab20527917171795b246d3ded4fa41a525aafd5def39dbd62300c298c09b639d5f4148075e0542b9182201cefc6236988f196de77e44fe6dbf27c7136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0c8c45501b1f78e314ee480db3db3b9a

SHA1
418a02f93a08e3b1da41a2ce2eb9fbf0786dd6fe

SHA256
1adf21c675e2e13912aef1b9a4504c746ca289ef2589baa043f20be7e8077b16

SHA512
f379d71119dd6e3ef913a26f2ad831639a5c86bbe48249308d121c3333bbe7e2167b529d124b542dc9825b74ff7a377d31b1d6d9400c5b4afb147c6e998a093b

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.