http://www.iforumyomafrika.co.za/
This report is generated from a file or URL submitted to this webservice on September 12th 2023 23:59:27 (UTC) and action script Default browser analysis
Guest System: Windows 10 64 bit, Professional, 10.0 (build 16299),
Report generated by
Falcon Sandbox v10.2.0 © Hybrid Analysis
Incident Response
Risk Assessment
- Network Behavior
- Contacts 11 domains and 11 hosts. View all details
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 1
-
External Systems
-
Detected Suricata Alert
- details
-
Detected alert "ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (drilledgas .org)" (SID: 2046879, Rev: 1, Severity: 1) categorized as "Exploit Kit Activity Detected"
Detected alert "ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (drilledgas .org)" (SID: 2046880, Rev: 1, Severity: 1) categorized as "Exploit Kit Activity Detected"
Detected alert "ET EXPLOIT_KIT TA569 Keitaro TDS in DNS Lookup (surelytheme .org)" (SID: 2047006, Rev: 1, Severity: 1) categorized as "Exploit Kit Activity Detected"
Detected alert "ET EXPLOIT_KIT TA569 Keitaro TDS in TLS SNI (surelytheme .org)" (SID: 2047007, Rev: 1, Severity: 1) categorized as "Exploit Kit Activity Detected"
Detected alert "ET MALWARE SocGholish Domain in DNS Lookup (creativity .kinchcorp .com)" (SID: 2046785, Rev: 1, Severity: 1) categorized as "A Network Trojan was detected" (PUA/PUP/Adware)
Detected alert "ET MALWARE SocGholish Domain in TLS SNI (creativity .kinchcorp .com)" (SID: 2046947, Rev: 1, Severity: 1) categorized as "A Network Trojan was detected" (PUA/PUP/Adware) - source
- Suricata Alerts
- relevance
- 10/10
-
Detected Suricata Alert
-
Suspicious Indicators 2
-
General
-
GETs files from a webserver
- details
-
"GET / HTTP/1.1
Host: www.iforumyomafrika.co.za
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9" Response ==> HTTP/1.1 301 Moved Permanently
Date: Wed
13 Sep 2023 00:02:30 GMT
Server: Apache
X-Powered-By: PHP/8.1.22
X-Redirect-By: WordPress
Upgrade: h2
h2c
Connection: Upgrade
Keep-Alive
Location: https://www.iforumyomafrika.co.za/
Cache-Control: max-age=86400
Expires: Thu
14 Sep 2023 00:02:30 GMT
Vary: User-Agent
X-XSS-Protection: 1; mode=block
Content-Length: 0
Keep-Alive: timeout=5
max=100
Content-Type: text/html; charset=UTF-8 with response body ==>....... - source
- Network Traffic
- relevance
- 10/10
- ATT&CK ID
- T1071.001 (Show technique in the MITRE ATT&CK™ matrix)
-
GETs files from a webserver
-
Network Related
-
Found potential IP address in binary/memory
- details
-
Potential IP "1.5.75.75" found in string "d="M10 2a8 8 0 110 16 8 8 0 010-16zm0 10.5a.75.75 0 100 1.5.75.75 0 000-1.5zM10 6a.5.5 0 00-.5.41v4.68a.5.5 0 001 0V6.41A.5.5 0 0010 6z""
Potential IP "192.168.1.3" found in string ""192.168.1.3","
Potential IP "192.168.1.1" found in string ""192.168.1.1"," - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Found potential IP address in binary/memory
-
Informative 14
-
External Systems
-
Detected Suricata Alert
- details
- Detected alert "ET INFO Observed ZeroSSL SSL/TLS Certificate" (SID: 2031231, Rev: 3, Severity: 3) categorized as "Misc activity"
- source
- Suricata Alerts
- relevance
- 10/10
-
Sample was identified as clean by Antivirus engines
- details
- 0/90 Antivirus vendors marked sample as malicious (0% detection rate)
- source
- External System
- relevance
- 10/10
-
Detected Suricata Alert
-
General
-
Contacts domains
- details
- "www.iforumyomafrika.co.za"
- source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Contacts server
- details
-
"169.239.217.28:80"
"138.91.254.96:443"
"23.62.46.5:443"
"169.239.217.28:443"
"172.217.12.106:443"
"142.250.189.227:443"
"194.169.175.229:443"
"37.221.67.161:443"
"23.62.46.14:443"
"23.62.46.15:443" - source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Found a reference to a known community page
- details
-
file/memory contains long string with (Indicator: "facebook.com"; File: "Social")
Found string "zadn.vn/ansira.com/fcmatch.google.com/origo.hu/fcmatch.youtube.com/refersion.com/flocktory.com/vtex.com.br/rqtrk.eu/vocento.com/fingerprinter.msedgedemo.example/" (Indicator: "youtube"; File: "Fingerprinting")
Found string "fcmatch.youtube.com/fcmatch.google.com/other-tracker.msedgedemo.example/" (Indicator: "youtube"; File: "Other")
Found string ""baysidebuddy.com"," (Indicator: "ebuddy.com"; File: "wallet-pre-stable.json")
Found string ""comeherebuddy.com"," (Indicator: "ebuddy.com"; File: "wallet-pre-stable.json")
Found string ""www.facebook.com"," (Indicator: "facebook.com"; File: "wallet-pre-stable.json")
Found string ""linkedin.com"," (Indicator: "linkedin.com"; File: "wallet-pre-stable.json")
Found string ""paypal.com"," (Indicator: "paypal"; File: "wallet-checkout-eligible-sites.json")
Found string ""netflix.com"," (Indicator: "netflix.com"; File: "wallet-checkout-eligible-sites.json")
Found string ""ads.twitter.com"," (Indicator: "twitter"; File: "wallet-checkout-eligible-sites.json")
Found string ""ipnpb.paypal.com"," (Indicator: "paypal"; File: "wallet-checkout-eligible-sites.json")
Found string ""youtube.com"," (Indicator: "youtube"; File: "wallet-checkout-eligible-sites.json")
Found string ""developer.twitter.com"," (Indicator: "twitter"; File: "wallet-checkout-eligible-sites.json")
Found string ""securepayments.paypal.com"," (Indicator: "paypal"; File: "wallet-checkout-eligible-sites.json")
Found string ""payflowlink.paypal.com"," (Indicator: "paypal"; File: "wallet-checkout-eligible-sites.json")
Found string ""tubebuddy.com"," (Indicator: "ebuddy.com"; File: "wallet-checkout-eligible-sites.json")
Found string ""music.youtube.com"," (Indicator: "youtube"; File: "wallet-checkout-eligible-sites.json") - source
- File/Memory
- relevance
- 2/10
-
Possibly checks for the presence of an Antivirus engine
- details
-
""superantispyware.recurly.com"," (Indicator: "superantispyware") in Source: wallet-checkout-eligible-sites.json
""totaldefense.com"," (Indicator: "totaldefense") in Source: wallet-checkout-eligible-sites.json - source
- File/Memory
- relevance
- 2/10
- ATT&CK ID
- T1518.001 (Show technique in the MITRE ATT&CK™ matrix)
-
Queries DNS server
- details
-
"api.edgeoffer.microsoft.com"
"creativity.kinchcorp.com"
"draggedline.org"
"drilledgas.org"
"fonts.googleapis.com"
"fonts.gstatic.com"
"machinetext.org"
"surelytheme.org"
"throatpills.org"
"www.bing.com"
"www.iforumyomafrika.co.za" - source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071.004 (Show technique in the MITRE ATT&CK™ matrix)
-
References JavaScript(s)
- details
- file/memory contains long string with (Indicator: "text/javascript"; File: "shopping_fre.html")
- source
- File/Memory
- relevance
- 1/10
- ATT&CK ID
- T1059.007 (Show technique in the MITRE ATT&CK™ matrix)
-
Contacts domains
-
Installation/Persistence
-
Dropped files
- details
-
"data_3" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3]- [targetUID: 00000000-00008156]
"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\1976_1556311603\shopping.js]- [targetUID: 00000000-00005284]
"data_2" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2]- [targetUID: 00000000-00008156]
"wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]
"Ruleset Data" has type "data"- [targetUID: 00000000-00001976]
"wallet-stable.json" has type "ASCII text"- Location: [%TEMP%\1976_52758536\json\wallet\wallet-stable.json]- [targetUID: 00000000-00001976]
"wallet-pre-stable.json" has type "ASCII text"- Location: [%TEMP%\1976_52758536\json\wallet\wallet-pre-stable.json]- [targetUID: 00000000-00008008]
"recovery-component-inner.crx" has type "Google Chrome extension version 3"- Location: [%TEMP%\1976_1860027303\recovery-component-inner.crx]- [targetUID: 00000000-00001976]
"edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\1976_52758536\edge_driver.js]- [targetUID: 00000000-00005284]
"Filtering Rules" has type "data"- Location: [%TEMP%\1976_1077629506\Filtering Rules]- [targetUID: 00000000-00001976]
"edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\1976_1556311603\edge_driver.js]- [targetUID: 00000000-00005284]
"vendor.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\1976_52758536\vendor.bundle.js]- [targetUID: 00000000-00008008]
"wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\1976_52758536\Wallet-Checkout\wallet-drawer.bundle.js]- [targetUID: 00000000-00001976]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1]- [targetUID: 00000000-00008156]
"auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\1976_1556311603\auto_open_controller.js]- [targetUID: 00000000-00005284]
"edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\1976_1556311603\edge_confirmation_page_validator.js]- [targetUID: 00000000-00005284]
"edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\1976_1556311603\edge_checkout_page_validator.js]- [targetUID: 00000000-00005284]
"product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\1976_1556311603\product_page.js]- [targetUID: 00000000-00005284]
"000009.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000009.log]- [targetUID: 00000000-00001976]
"000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000013.ldb]- [targetUID: 00000000-00001976]
"bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\1976_52758536\bnpl\bnpl.bundle.js]- [targetUID: 00000000-00001976]
"f_0004d4" has type "PNG image data 807 x 519 8-bit/color RGBA non-interlaced"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d4]- [targetUID: 00000000-00008156]
"wallet-checkout-eligible-sites.json" has type "ASCII text"- [targetUID: N/A]
"f_0004d3" has type "JPEG image data JFIF standard 1.02 resolution (DPI) density 72x72 segment length 16 baseline precision 8 1921x1081 components 3"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d3]- [targetUID: 00000000-00008156]
"tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]
"f_0004d2" has type "JPEG image data JFIF standard 1.02 resolution (DPI) density 72x72 segment length 16 baseline precision 8 1921x1081 components 3"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d2]- [targetUID: 00000000-00008156]
"notification.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\1976_52758536\Notification\notification.bundle.js]- [targetUID: 00000000-00008008]
"000014.ldb" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000014.ldb]- [targetUID: 00000000-00001976]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log]- [targetUID: 00000000-00001976]
"Filtering Rules-AA" has type "data"- Location: [%TEMP%\1976_1077629506\Filtering Rules-AA]- [targetUID: 00000000-00001976]
"load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\load_statistics.db]- [targetUID: 00000000-00001976]
"shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\1976_1556311603\shoppingfre.js]- [targetUID: 00000000-00005284]
"notification_fast.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\1976_52758536\Notification\notification_fast.bundle.js]- [targetUID: 00000000-00001976]
"f_0004d1" has type "JPEG image data JFIF standard 1.02 resolution (DPI) density 72x72 segment length 16 baseline precision 8 1921x1080 components 3"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d1]- [targetUID: 00000000-00008156]
"miniwallet.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\GrShaderCache\data_1]- [targetUID: 00000000-00008156]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\DawnCache\data_1]- [targetUID: 00000000-00008156]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\ShaderCache\data_1]- [targetUID: 00000000-00008156]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\GPUCache\data_1]- [targetUID: 00000000-00008156]
"load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\load_statistics.db-wal]- [targetUID: 00000000-00001976]
"ebaa50e8-86ab-4bd8-acb7-0344020c61e4.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 46432"- Location: [%TEMP%\ebaa50e8-86ab-4bd8-acb7-0344020c61e4.tmp]- [targetUID: 00000000-00001976]
"edge_autofill_field_data.json" has type "JSON data"- Location: [%TEMP%\1976_1102787860\edge_autofill_field_data.json]- [targetUID: 00000000-00007484]
"f_0004d0" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 96x96 segment length 16 comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62) quality = 82" baseline precision 8 2560x1707 components 3"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d0]- [targetUID: 00000000-00008156]
"History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\History]- [targetUID: 00000000-00001976]
"data_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0]- [targetUID: 00000000-00008156]
"urlref_httpwww.iforumyomafrika.co.za" has type "HTML document UTF-8 Unicode text with very long lines with CRLF LF line terminators"- [targetUID: N/A]
"wallet-checkout-eligible-sites-pre-stable.json" has type "ASCII text"- Location: [%TEMP%\1976_52758536\json\wallet\wallet-checkout-eligible-sites-pre-stable.json]- [targetUID: 00000000-00008008]
"Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Web Data]- [targetUID: 00000000-00001976]
"Visited Links" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Visited Links]- [targetUID: 00000000-00001976]
"safety_tips.pb" has type "data"- Location: [%TEMP%\1976_519601550\safety_tips.pb]- [targetUID: 00000000-00001976]
"Tabs_13339036949152826" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sessions\Tabs_13339036949152826]- [targetUID: 00000000-00001976]
"2d097213-0e8f-44ed-9766-a89403f874c5.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Ad Blocking\2d097213-0e8f-44ed-9766-a89403f874c5.tmp]- [targetUID: 00000000-00001976]
"data.txt" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\1976_376637353\data.txt]- [targetUID: 00000000-00001976]
"edge_tracking_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\1976_1556311603\edge_tracking_page_validator.js]- [targetUID: 00000000-00005284]
"Diagnostic Data-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Diagnostic Data-wal]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-hub\ru\strings.json]- [targetUID: 00000000-00001976]
"f_0004c9" has type "Web Open Font Format (Version 2) TrueType length 78196 version 331.34275"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c9]- [targetUID: 00000000-00008156]
"f_0004ca" has type "Web Open Font Format (Version 2) TrueType length 76764 version 331.34275"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004ca]- [targetUID: 00000000-00008156]
"Entities" has type "UTF-8 Unicode text"- Location: [%TEMP%\1976_888724134\Mu\Entities]- [targetUID: 00000000-00008156]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-hub\ar\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-hub\ja\strings.json]- [targetUID: 00000000-00001976]
"6985c238-5b89-4548-8817-9e8d733d7a5c.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"55387857-bd66-452f-98e8-d29dfc92ec0c.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\55387857-bd66-452f-98e8-d29dfc92ec0c.tmp]- [targetUID: 00000000-00001976]
"1c89d9a9-9b58-45ac-962e-9a6ab590af04.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\1c89d9a9-9b58-45ac-962e-9a6ab590af04.tmp]- [targetUID: 00000000-00001976]
"af04f71e-e53b-47f7-98fe-9083c4852d54.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\af04f71e-e53b-47f7-98fe-9083c4852d54.tmp]- [targetUID: 00000000-00001976]
"f7abc190-ff27-4495-9cf2-e3c08988f149.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\f7abc190-ff27-4495-9cf2-e3c08988f149.tmp]- [targetUID: 00000000-00001976]
"1a550819-17ad-4e49-afa3-37ba45d3facd.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\1a550819-17ad-4e49-afa3-37ba45d3facd.tmp]- [targetUID: 00000000-00001976]
"3b020834-89d5-4392-a155-8e9dd2edc98b.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\3b020834-89d5-4392-a155-8e9dd2edc98b.tmp]- [targetUID: 00000000-00001976]
"6eb6e633-6623-4c49-a18e-a4e5d56c7e49.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\6eb6e633-6623-4c49-a18e-a4e5d56c7e49.tmp]- [targetUID: 00000000-00001976]
"aff735c1-ed8d-4717-a1ad-abebb2689b1c.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\aff735c1-ed8d-4717-a1ad-abebb2689b1c.tmp]- [targetUID: 00000000-00001976]
"dfe4fe9f-ef9a-41b6-8c0e-e3f2f9369ade.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\dfe4fe9f-ef9a-41b6-8c0e-e3f2f9369ade.tmp]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-hub\fr-CA\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-hub\fr\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-hub\de\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-hub\pt-PT\strings.json]- [targetUID: 00000000-00001976]
"Network Action Predictor" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network Action Predictor]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-hub\es\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-hub\it\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-hub\pt-BR\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-hub\nl\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-hub\sv\strings.json]- [targetUID: 00000000-00001976]
"f_0004c5" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 480x300 components 3"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c5]- [targetUID: 00000000-00008156]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-hub\id\strings.json]- [targetUID: 00000000-00001976]
"f_0004cb" has type "JPEG image data JFIF standard 1.01 resolution (DPCM) density 37x37 segment length 16 progressive precision 8 740x493 components 3"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004cb]- [targetUID: 00000000-00008156]
"000004.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000004.log]- [targetUID: 00000000-00001976]
"f_0004c6" has type "gzip compressed data from Unix original size modulo 2^32 159534"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c6]- [targetUID: 00000000-00008156]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-hub\en-GB\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-hub\zh-Hant\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-hub\zh-Hans\strings.json]- [targetUID: 00000000-00001976]
"Cookies" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\Cookies]- [targetUID: 00000000-00008156]
"sslkey.txt" has type "ASCII text"- Location: [%TEMP%\sslkey.txt]- [targetUID: 00000000-00001976]
"Favicons" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Favicons]- [targetUID: 00000000-00001976]
"checkoutdata.json" has type "JSON data"- [targetUID: N/A]
"Reporting and NEL" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\Reporting and NEL]- [targetUID: 00000000-00008156]
"f_0004cd" has type "gzip compressed data from Unix original size modulo 2^32 139153"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004cd]- [targetUID: 00000000-00008156]
"LICENSE" has type "ASCII text"- Location: [%TEMP%\1976_888724134\Mu\LICENSE]- [targetUID: 00000000-00001976]
"f_0004c4" has type "gzip compressed data from Unix original size modulo 2^32 87482"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c4]- [targetUID: 00000000-00008156]
"Vpn Tokens" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Vpn Tokens]- [targetUID: 00000000-00001976]
"shopping_iframe_driver.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\1976_52758536\shopping_iframe_driver.js]- [targetUID: 00000000-00005284]
"shopping_iframe_driver.js" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%TEMP%\1976_1556311603\shopping_iframe_driver.js]- [targetUID: 00000000-00005284]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log]- [targetUID: 00000000-00001976]
"f_0004d5" has type "PNG image data 150 x 150 8-bit/color RGBA non-interlaced"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d5]- [targetUID: 00000000-00008156]
"f_0004c3" has type "gzip compressed data from Unix original size modulo 2^32 152843"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c3]- [targetUID: 00000000-00008156]
"Advertising" has type "ASCII text"- Location: [%TEMP%\1976_888724134\Mu\Advertising]- [targetUID: 00000000-00008156]
"f_0004cc" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data little-endian direntries=1 description=Studio shot of unrecognizable women holding hands huddled together against a grey background\377\341\005] progressive precision 8 612x459 components 3"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004cc]- [targetUID: 00000000-00008156]
"LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\1976_1077629506\LICENSE]- [targetUID: 00000000-00001976]
"wallet-tokenization-config.json" has type "ASCII text"- Location: [%TEMP%\1976_52758536\json\wallet\wallet-tokenization-config.json]- [targetUID: 00000000-00001976]
"e82dcd4e-c208-4b2d-ba74-2330939c6874.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\e82dcd4e-c208-4b2d-ba74-2330939c6874.tmp]- [targetUID: 00000000-00001976]
"75ccef16-dca0-4b25-9e6a-9ff6701feb29.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"8ce61e11-4b84-4ed7-a852-976dacb186fb.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\8ce61e11-4b84-4ed7-a852-976dacb186fb.tmp]- [targetUID: 00000000-00001976]
"f61ecaf0-3d32-4250-b35f-0741f00b5f0c.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\f61ecaf0-3d32-4250-b35f-0741f00b5f0c.tmp]- [targetUID: 00000000-00001976]
"fa531598-82b8-4ca2-b59e-cba2c483cebc.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\fa531598-82b8-4ca2-b59e-cba2c483cebc.tmp]- [targetUID: 00000000-00001976]
"8b3d24d9-0b83-4401-8c0c-704f76cbbb1f.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\8b3d24d9-0b83-4401-8c0c-704f76cbbb1f.tmp]- [targetUID: 00000000-00001976]
"9e07739b-34f2-4f1b-9f5f-90d72e870ec1.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\9e07739b-34f2-4f1b-9f5f-90d72e870ec1.tmp]- [targetUID: 00000000-00001976]
"crl-set" has type "data"- Location: [%TEMP%\1976_1548324098\crl-set]- [targetUID: 00000000-00007760]
"super_coupon.json" has type "JSON data"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-ec\ru\strings.json]- [targetUID: 00000000-00001976]
"Shortcuts" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Shortcuts]- [targetUID: 00000000-00001976]
"f_0004c8" has type "Web Open Font Format (Version 2) TrueType length 18856 version 1.0"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c8]- [targetUID: 00000000-00008156]
"f_0004c7" has type "Web Open Font Format (Version 2) TrueType length 18664 version 1.0"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c7]- [targetUID: 00000000-00008156]
"f_0004ce" has type "Web Open Font Format (Version 2) TrueType length 18604 version 1.0"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004ce]- [targetUID: 00000000-00008156]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-ec\ar\strings.json]- [targetUID: 00000000-00001976]
"arbitration_service_config.json" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\arbitration_service_config.json]- [targetUID: 00000000-00001976]
"Entities" has type "ASCII text"- Location: [%TEMP%\1976_888724134\Sigma\Entities]- [targetUID: 00000000-00008156]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-ec\ja\strings.json]- [targetUID: 00000000-00001976]
"load-ec-i18n.bundle.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-ec\fr-CA\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-ec\fr\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-ec\de\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-ec\pt-PT\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-ec\it\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-ec\es\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-ec\nl\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-ec\pt-BR\strings.json]- [targetUID: 00000000-00001976]
"driver-signature.txt" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\1976_52758536\driver-signature.txt]- [targetUID: 00000000-00001976]
"WebAssistDatabase" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\WebAssistDatabase]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-ec\sv\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-ec\id\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-ec\zh-Hant\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-ec\en-GB\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-ec\zh-Hans\strings.json]- [targetUID: 00000000-00001976]
"temp-index" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- [targetUID: 00000000-00001976]
"bnpl_driver.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\1976_52758536\bnpl_driver.js]- [targetUID: 00000000-00001976]
"Session_13339036948413228" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sessions\Session_13339036948413228]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-shared-components\de\strings.json]- [targetUID: 00000000-00001976]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-notification-shared\ru\strings.json]- [targetUID: 00000000-00001976]
"000004.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Session Storage\000004.log]- [targetUID: 00000000-00001976]
"Content" has type "ASCII text"- Location: [%TEMP%\1976_888724134\Mu\Content]- [targetUID: 00000000-00008156]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-notification-shared\ar\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-notification-shared\ja\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-notification-shared\fr\strings.json]- [targetUID: 00000000-00001976]
"mini-wallet.html" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-notification-shared\de\strings.json]- [targetUID: 00000000-00001976]
"c9826999-16a9-4cc7-bdc3-d307ba4a447e.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"db068a27-36ac-4400-b8d3-3d78da4ba38d.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\db068a27-36ac-4400-b8d3-3d78da4ba38d.tmp]- [targetUID: 00000000-00008156]
"cea6f2b4-349c-46e6-a205-52c2b4519d66.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\cea6f2b4-349c-46e6-a205-52c2b4519d66.tmp]- [targetUID: 00000000-00008156]
"126501a8-b7c5-4528-a3fd-6157e0d7fefd.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\126501a8-b7c5-4528-a3fd-6157e0d7fefd.tmp]- [targetUID: 00000000-00008156]
"Staging" has type "ASCII text"- Location: [%TEMP%\1976_888724134\Sigma\Staging]- [targetUID: 00000000-00008156]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-notification-shared\pt-PT\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-notification-shared\es\strings.json]- [targetUID: 00000000-00001976]
"3443a6b7-7e63-43be-bec1-f2e91109f152.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\3443a6b7-7e63-43be-bec1-f2e91109f152.tmp]- [targetUID: 00000000-00008156]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-notification-shared\it\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-notification-shared\nl\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-notification-shared\pt-BR\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-notification-shared\id\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-notification-shared\sv\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-notification-shared\zh-Hant\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-notification-shared\en-GB\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-notification-shared\zh-Hans\strings.json]- [targetUID: 00000000-00001976]
"notification_fast.html" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]
"notification.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\1976_52758536\Notification\notification.html]- [targetUID: 00000000-00001976]
"Analytics" has type "ASCII text"- Location: [%TEMP%\1976_888724134\Mu\Analytics]- [targetUID: 00000000-00008156]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-mobile-hub\ru\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-mobile-hub\ar\strings.json]- [targetUID: 00000000-00001976]
"edge_autofill_global_block_list.json" has type "JSON data"- Location: [%TEMP%\1976_1102787860\edge_autofill_global_block_list.json]- [targetUID: 00000000-00007484]
"Social" has type "ASCII text"- Location: [%TEMP%\1976_888724134\Sigma\Social]- [targetUID: 00000000-00008156]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-mobile-hub\ja\strings.json]- [targetUID: 00000000-00001976]
"typosquatting_list.pb" has type "data"- Location: [%TEMP%\1976_519601550\typosquatting_list.pb]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-mobile-hub\fr-CA\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-mobile-hub\de\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-mobile-hub\pt-PT\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-mobile-hub\nl\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-mobile-hub\id\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-mobile-hub\it\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-mobile-hub\es\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-mobile-hub\pt-BR\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-mobile-hub\sv\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-mobile-hub\en-GB\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-mobile-hub\zh-Hans\strings.json]- [targetUID: 00000000-00001976]
"35b9eba3-c1d4-4362-852c-e982b52491bd.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\35b9eba3-c1d4-4362-852c-e982b52491bd.tmp]- [targetUID: 00000000-00008156]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-mobile-hub\zh-Hant\strings.json]- [targetUID: 00000000-00001976]
"vendor.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\1976_52758536\vendor.bundle.js.LICENSE.txt]- [targetUID: 00000000-00001976]
"f6a4f247dbf4d697c26b375e3580d6053baf25f5.tbres" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\TokenBroker\Cache\f6a4f247dbf4d697c26b375e3580d6053baf25f5.tbres]- [targetUID: 00000000-00001976]
"adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\1976_1077629506\adblock_snippet.js]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-tokenized-card\pt-PT\strings.json]- [targetUID: 00000000-00001976]
"runtime.bundle.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\1976_52758536\runtime.bundle.js]- [targetUID: 00000000-00008008]
"wallet-crypto.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\1976_52758536\wallet-crypto.html]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-tokenized-card\zh-Hant\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-tokenized-card\en-GB\strings.json]- [targetUID: 00000000-00001976]
"wallet-drawer.html" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]
"wallet-drawer.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"verified_contents.json" has type "JSON data"- Location: [%TEMP%\1976_519601550\_metadata\verified_contents.json]- [targetUID: 00000000-00001976]
"bnpl.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\1976_52758536\bnpl\bnpl.bundle.js.LICENSE.txt]- [targetUID: 00000000-00001976]
"Fingerprinting" has type "ASCII text"- Location: [%TEMP%\1976_888724134\Mu\Fingerprinting]- [targetUID: 00000000-00008156]
"tokenized-card.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\1976_52758536\Tokenized-Card\tokenized-card.html]- [targetUID: 00000000-00001976]
"bnpl.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\1976_52758536\bnpl\bnpl.html]- [targetUID: 00000000-00001976]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log]- [targetUID: 00000000-00001976]
"shopping.html" has type "HTML document ASCII text with CRLF line terminators"- Location: [%TEMP%\1976_1556311603\shopping.html]- [targetUID: 00000000-00005284]
"load-hub-i18n.bundle.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\1976_52758536\load-hub-i18n.bundle.js]- [targetUID: 00000000-00001976]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log]- [targetUID: 00000000-00001976]
"notification.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"shopping_fre.html" has type "HTML document ASCII text with CRLF line terminators"- Location: [%TEMP%\1976_1556311603\shopping_fre.html]- [targetUID: 00000000-00005284]
"Cryptomining" has type "ASCII text"- Location: [%TEMP%\1976_888724134\Mu\Cryptomining]- [targetUID: 00000000-00008156]
"Advertising" has type "ASCII text"- Location: [%TEMP%\1976_888724134\Sigma\Advertising]- [targetUID: 00000000-00008156]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG]- [targetUID: 00000000-00001976]
"hub-signature.txt" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\1976_52758536\hub-signature.txt]- [targetUID: 00000000-00001976]
"CompatExceptions" has type "ASCII text"- Location: [%TEMP%\1976_888724134\Mu\CompatExceptions]- [targetUID: 00000000-00008156]
"wallet-notification-config.json" has type "ASCII text"- [targetUID: N/A]
"MANIFEST-000001" has type "PGP Secret Key -"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001]- [targetUID: 00000000-00001976]
"Social" has type "ASCII text"- Location: [%TEMP%\1976_888724134\Mu\Social]- [targetUID: 00000000-00008156]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG]- [targetUID: 00000000-00001976]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG]- [targetUID: 00000000-00001976]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG]- [targetUID: 00000000-00001976]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Platform Notifications\LOG]- [targetUID: 00000000-00001976]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG]- [targetUID: 00000000-00001976]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG]- [targetUID: 00000000-00001976]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG]- [targetUID: 00000000-00001976]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Extension State\LOG]- [targetUID: 00000000-00001976]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Session Storage\LOG]- [targetUID: 00000000-00001976]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\LOG]- [targetUID: 00000000-00001976]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG]- [targetUID: 00000000-00001976]
"miniwallet.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\1976_52758536\Mini-Wallet\miniwallet.bundle.js.LICENSE.txt]- [targetUID: 00000000-00001976]
"986f8d735f7c190b_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\986f8d735f7c190b_0]- [targetUID: 00000000-00001976]
"83d306a38da8a222_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\83d306a38da8a222_0]- [targetUID: 00000000-00001976]
"fc38b4a04deb7f55_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\fc38b4a04deb7f55_0]- [targetUID: 00000000-00001976]
"09e976d54b45a4db_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\09e976d54b45a4db_0]- [targetUID: 00000000-00001976]
"settings.dat" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Crashpad\settings.dat]- [targetUID: 00000000-00002316]
"07bb7cd3c3add05e_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\07bb7cd3c3add05e_0]- [targetUID: 00000000-00001976]
"8ddbcbca5371c8e6_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\8ddbcbca5371c8e6_0]- [targetUID: 00000000-00001976]
"aa45e67cedef8722_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\aa45e67cedef8722_0]- [targetUID: 00000000-00001976]
"653aa8ac95c12d38_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\653aa8ac95c12d38_0]- [targetUID: 00000000-00001976]
"203f9d32a361dcfe_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\203f9d32a361dcfe_0]- [targetUID: 00000000-00001976]
"29c77761fbe6b1b6_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\29c77761fbe6b1b6_0]- [targetUID: 00000000-00001976]
"94b064909db77035_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\94b064909db77035_0]- [targetUID: 00000000-00001976]
"f38e825e4a2e24b7_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\f38e825e4a2e24b7_0]- [targetUID: 00000000-00001976]
"54f6d47ea7400af5_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\54f6d47ea7400af5_0]- [targetUID: 00000000-00001976]
"48a6c6be8470791b_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\48a6c6be8470791b_0]- [targetUID: 00000000-00001976]
"559cc5da6b6067ef_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\559cc5da6b6067ef_0]- [targetUID: 00000000-00001976]
"857d69f89a0dd82d_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\857d69f89a0dd82d_0]- [targetUID: 00000000-00001976]
"42100481f42d8fe9_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\42100481f42d8fe9_0]- [targetUID: 00000000-00001976]
"1804b1c55899a23e_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\1804b1c55899a23e_0]- [targetUID: 00000000-00001976]
"708c49b970a123fd_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\708c49b970a123fd_0]- [targetUID: 00000000-00001976]
"a08bb3137b56dfec_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\a08bb3137b56dfec_0]- [targetUID: 00000000-00001976]
"c0f52ad520bebb15_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\c0f52ad520bebb15_0]- [targetUID: 00000000-00001976]
"1f28287f0d45d435_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\1f28287f0d45d435_0]- [targetUID: 00000000-00001976]
"110f128ad06afccf_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\110f128ad06afccf_0]- [targetUID: 00000000-00001976]
"40678a7de162da1d_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\40678a7de162da1d_0]- [targetUID: 00000000-00001976]
"18a9e11fc6a3d3b6_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\18a9e11fc6a3d3b6_0]- [targetUID: 00000000-00001976]
"ae73420fab42e533_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\ae73420fab42e533_0]- [targetUID: 00000000-00001976]
"b5eb3fb705f4e91c_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\b5eb3fb705f4e91c_0]- [targetUID: 00000000-00001976]
"7185f2fc59f0452b_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\7185f2fc59f0452b_0]- [targetUID: 00000000-00001976]
"regex_patterns.json" has type "JSON data"- Location: [%TEMP%\1976_1102787860\regex_patterns.json]- [targetUID: 00000000-00007484]
"Fingerprinting" has type "ASCII text"- Location: [%TEMP%\1976_888724134\Sigma\Fingerprinting]- [targetUID: 00000000-00008156]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\1976_1556311603\manifest.json]- [targetUID: 00000000-00007760]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\1976_1860027303\manifest.json]- [targetUID: 00000000-00007760]
"manifest.json" has type "JSON data"- Location: [%TEMP%\1976_888724134\manifest.json]- [targetUID: 00000000-00007760]
"Analytics" has type "ASCII text"- Location: [%TEMP%\1976_888724134\Sigma\Analytics]- [targetUID: 00000000-00008156]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\1976_52758536\manifest.json]- [targetUID: 00000000-00007760]
"crypto.bundle.js" has type "ASCII text with no line terminators"- Location: [%TEMP%\1976_52758536\crypto.bundle.js]- [targetUID: 00000000-00001976]
"Last Browser" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Last Browser]- [targetUID: 00000000-00001976]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\1976_1102787860\manifest.json]- [targetUID: 00000000-00007760]
"manifest.json" has type "JSON data"- Location: [%TEMP%\1976_1077629506\manifest.json]- [targetUID: 00000000-00007760]
"manifest.json" has type "JSON data"- Location: [%TEMP%\1976_1548324098\manifest.json]- [targetUID: 00000000-00007760]
"TransparentAdvertisers" has type "ASCII text"- Location: [%TEMP%\1976_888724134\Mu\TransparentAdvertisers]- [targetUID: 00000000-00001976]
"README.md" has type "ASCII text"- [targetUID: N/A]
"Variations" has type "JSON data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Variations]- [targetUID: 00000000-00001976]
"Other" has type "ASCII text"- Location: [%TEMP%\1976_888724134\Sigma\Other]- [targetUID: 00000000-00008156]
"manifest.json" has type "JSON data"- Location: [%TEMP%\1976_519601550\manifest.json]- [targetUID: 00000000-00007760]
"manifest.fingerprint" has type "ASCII text with no line terminators"- [targetUID: 00000000-00001976]
"manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\1976_1556311603\manifest.fingerprint]- [targetUID: 00000000-00001976]
"LICENSE" has type "ASCII text with no line terminators"- Location: [%TEMP%\1976_888724134\Sigma\LICENSE]- [targetUID: 00000000-00001976]
"manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\1976_376637353\manifest.fingerprint]- [targetUID: 00000000-00001976]
"manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\1976_1548324098\manifest.fingerprint]- [targetUID: 00000000-00001976]
"000012.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000012.log]- [targetUID: 00000000-00001976]
".ses" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\.ses]- [targetUID: 00000000-00001976]
"manifest.json" has type "JSON data"- Location: [%TEMP%\1976_376637353\manifest.json]- [targetUID: 00000000-00007760]
"MANIFEST-000001" has type "PGP Secret Key -"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001]- [targetUID: 00000000-00001976]
"app-setup.js" has type "ASCII text with no line terminators"- Location: [%TEMP%\1976_52758536\Wallet-Checkout\app-setup.js]- [targetUID: 00000000-00001976]
"Content" has type "ASCII text"- Location: [%TEMP%\1976_888724134\Sigma\Content]- [targetUID: 00000000-00008156]
"Other" has type "ASCII text"- Location: [%TEMP%\1976_888724134\Mu\Other]- [targetUID: 00000000-00008156]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log]- [targetUID: 00000000-00001976]
"Cryptomining" has type "ASCII text"- Location: [%TEMP%\1976_888724134\Sigma\Cryptomining]- [targetUID: 00000000-00008156]
"000001.dbtmp" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp]- [targetUID: 00000000-00001976]
"Last Version" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Last Version]- [targetUID: 00000000-00001976]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\1976_52758536\json\i18n-notification\ru\strings.json]- [targetUID: 00000000-00001976]
"8116d7f8-c2e2-47bb-941e-15cacdf18198.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\8116d7f8-c2e2-47bb-941e-15cacdf18198.tmp]- [targetUID: 00000000-00001976]
"f7fbe2ee-d9c6-43fb-9b40-420d7a91dff5.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"f_0004cf" has type "JPEG image data JFIF standard 1.01 resolution (DPCM) density 37x37 segment length 16 progressive precision 8 740x493 components 3"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004cf]- [targetUID: 00000000-00008156]
"LICENSE" has type "ASCII text with CRLF line terminators"- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-notification-shared\fr-CA\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-mobile-hub\fr\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "JSON data"- Location: [%TEMP%\1976_52758536\json\i18n-tokenized-card\fr-CA\strings.json]- [targetUID: 00000000-00001976]
"tokenized-card.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"notification_fast.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\1976_52758536\Notification\notification_fast.bundle.js.LICENSE.txt]- [targetUID: 00000000-00001976]
"app-setup.js" has type "ASCII text with no line terminators"- Location: [%TEMP%\1976_52758536\app-setup.js]- [targetUID: 00000000-00001976]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\1976_52758536\json\i18n-notification\es\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\1976_52758536\json\i18n-notification\nl\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "ASCII text with no line terminators"- [targetUID: 00000000-00001976]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\1976_52758536\json\i18n-notification\de\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\1976_52758536\json\i18n-notification\ja\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\1976_52758536\json\i18n-notification\it\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\1976_52758536\json\i18n-notification\pt-BR\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\1976_52758536\json\i18n-notification\fr-CA\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\1976_52758536\json\i18n-notification\id\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\1976_52758536\json\i18n-notification\en-GB\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\1976_52758536\json\i18n-notification\pt-PT\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\1976_52758536\json\i18n-notification\ar\strings.json]- [targetUID: 00000000-00001976]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\1976_52758536\json\i18n-notification\fr\strings.json]- [targetUID: 00000000-00001976] - source
- Binary File
- relevance
- 3/10
- ATT&CK ID
- T1105 (Show technique in the MITRE ATT&CK™ matrix)
-
Drops a license file
- details
-
"wallet-drawer.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"notification.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"tokenized-card.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A] - source
- Binary File
- relevance
- 1/10
- ATT&CK ID
- T1083 (Show technique in the MITRE ATT&CK™ matrix)
-
Dropped files
-
Network Related
-
Communicates with HTTP webserver (GET/POST requests)
- details
- Found http requests in header "GET /"
- source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071.001 (Show technique in the MITRE ATT&CK™ matrix)
-
Found mail related domain names
- details
-
Observed email domain:""colourpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""aepop.net"," [Source: wallet-pre-stable.json]
Observed email domain:""artpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""avenuepop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""bassettbmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""canvasmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""drinkolipop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""fashionfunpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""fastandloosebmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""flitebmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""fofopop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""gellipop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""gforcemx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""happipop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""hauzofpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""hiccapop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""hijabipop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""jellypop.la"," [Source: wallet-pre-stable.json]
Observed email domain:""kinkbmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""kloudkpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""knitpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""kpop.exchange"," [Source: wallet-pre-stable.json]
Observed email domain:""laperlamx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""lovepop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""lullipop.com"," [Source: wallet-pre-stable.json] - source
- File/Memory
- relevance
- 1/10
- ATT&CK ID
- T1071.003 (Show technique in the MITRE ATT&CK™ matrix)
-
Found potential URL in binary/memory
- details
-
Pattern match: "http://www.iforumyomafrika.co.za/"
Pattern match: "http://www.iforumyomafrika.co.za"
Pattern match: "www.iforumyomafrika.co.za/Home"
Pattern match: "search.yahoo.com/favicon.icohttps://search.yahoo.com/search{google:pathWildcard}?ei={inputEncoding}&fr=crmas_sfp&p={searchTerms}UTF-8https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command={searchTerms}485bf7d3-0215-45af-87dc-53886800000"
Pattern match: "https://ntp.msn.com/edge/ntp?locale=en&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531edge://settings/profileskeygjgieestate_{edge://settingsedge://settings/edge://settings/?search=smartkeygr10nmstate_{edge://settingsedge://settings/?search=smartedge"
Pattern match: "R54WtH.exUZ/B.Mzs^c'NTJDOdc{:@ox]ad"
Pattern match: "https://wcpstatic.microsoft.com/https://js.monitor.azure.com/learn.microsoft.com"
Pattern match: "https://ntp.www.office.com&_https://ntp.msn.comCookieSyncExpiry'_https://ntp.msn.comDefaultFeedPolicy_https://ntp.msn.comGpuExist/_https://ntp.msn.comNOTIFICATION_CACHE_LS_KEY_https://ntp.msn.combkgdV+_https://ntp.msn.combreakingNewsDismissed"
Pattern match: "www.clarity.msCLIDv10"
Pattern match: "www.iforumyomafrika.co.za/http://www.iforumyomafrika.co.za/9https://ntp.msn.com/edge/ntp?locale=en&title=New+tab&dsp=1&sp=Bing&startpage=1&PC=U531]=https://ntp.msn.com/edge/ntp?locale=en&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531U-https://ntp.msn.co"
Pattern match: "identity.nel.measure.office.net/api/report?catId=GW+estsfd+estc#"
Pattern match: "https://www.bestbuy.com/site/help-topics/price-match-guarantee/pcmcat290300050002.c?id=pcmcat290300050002},costco.com:{policyDays:30,supportPageUrl:https://customerservice.costco.com/app/answers/detail/a_id/628/~/price-adjustment---costco.com-orders,u"
Pattern match: "github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.4.7/npp.8.4.7.portable.x64.7zhttps://objects.githubusercontent.com/github-production-release-asset-2e65be/33014811/42d9bc38-89f0-48d8-94ec-d1f3649d2fc3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-A"
Pattern match: "avocet.io/aprecision.net/adpdealerservices.com/nuffnang.com.my/demdex.net/augur.io/cmmeglobal.com/adrolays.com/atrinsic.com/acuityads.com/wishabi.net/admedia.com/vertamedia.com/adworx.at/2leep.com/globe7.com/awaps.yandex.ru/i-behavior.com/reklamstore.com/m"
Pattern match: "ns.adobe.com/xap/1.0/"
Pattern match: "https://github.com/easylist"
Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE53r3l?ver=5412,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE53bta?ver=2bf3,update_period:86400},creativeId:128000000003595"
Pattern match: "https://www.coupert.com"
Pattern match: "http://www.w3.org/2000/svg,svg"
Pattern match: "https://www.iforumyomafrika.co.za/http://www.iforumyomafrika.co.za/https://www.iforumyomafrika.co.za/http://www.iforumyomafrika.co.za/https://www.iforumyomafrika.co.za/http://www.iforumyomafrika.co.za/https://www.iforumyomafrika.co.za/http://www.iforumyoma"
Pattern match: "https://ntp.msn.com/REG:https://ntp.msn.com/https://ntp.msn.com/edge/ntp.https://ntp.msn.com/edge/ntp/service-worker.js"
Pattern match: "https://googleads.g.doubleclick.net/next-map-idQnamespace-3bbc91a6_51d0_4200_9fa7_2e3ec0fddf25-https://tpc.googlesyndication.com/34U"
Pattern match: "google.as/cambio.com/chrome.google.com/theboombox.com/baynote.com/aolanswers.com/tidaltv.com/disqus.com/heyzap.com/google.com.au/google.co.id/google.kg/google.co.ve/google.nr/yahoo.com/autoblog.com/feedproxy.google.com/s-msn.com/mandatory.com/noisecreep.co"
Pattern match: "https://www.clarity.ms,supports_spdy:true},{anonymization:[],server:https://microsoftedgewelcome.microsoft.com,supports_spdy:true},{anonymization:[],server:https://edgefrecdn.azureedge.net,supports_spdy:true},{anonymization:[],server"
Pattern match: "cmail26.com/indexww.com/mkt5654.com/snapchat.com/mgid.com/zendable.com/mkt3798.com/adsafety.net/technical-service.net/hybrid.ai/contentsquare.net/mkt32.net/helpscout.net/admanmedia.com/mkt8756.com/dmxleo.com/mkt9430.com/basis.net/mailstat.us/mkt7832.com/bf"
Pattern match: "acxiom.com/atinternet.com/hitslink.com/mm7.net/go-mpulse.net/retailautomata.com/free-pagerank.com/amplitude.com/i-stats.com/dl-rms.com/enquisite.com/p.brsrvr.com/onestat.com/lyris.com/alexametrics.com/inboundwriter.com/awio.com/betssonpalantir.com/xiti.com"
Pattern match: "autofill.account.microsoft.com/,type"
Pattern match: "emaillabs.co/open.mkt4477.com/open.mkt10008.com/open.mkt6917.com/open.mkt1946.com/convertkit-mail5.com/social-tracker.msedgedemo.example/open.mkt8062.com/open.mkt8008.com/open.mkt6316.com/m3651.net/open.mkt6793.com/open.mkt3838.com/open.mkt4158.com/eds5.ma"
Pattern match: "1123movies.la/123moviess.la/3dmmgame.com/4playstation.com/aashingtonpost.com/adultdfriendfinder.com/aircananda.com/aks.ms/alaskaaair.com/alibabaa.com/alibbaba.com/alrecipes.com/ameritraade.com/answwers.com/arketwatch.com/ashshleyfurniture.com/ationalgeogra"
Pattern match: "jedwatson.github.io/classnames"
Pattern match: "https://github.com/focus-trap/tabbable/blob/master/LICENSE"
Pattern match: "ad-maven.com/appcast.io/leadlander.com/affasi.com/clixtell.com/adgainersolutions.com/franecki.net/pixanalytics.com/wrethicap.info/ismatlab.com/y-track.com/ecsanalytics.com/albacross.com/bgclck.me/lptracker.io/ze-fir.com/eyereturn.com/bitmedia.io/azetklik.s"
Pattern match: "https://github.com/jsstyles/css-vendor"
Pattern match: "anybest.site/webmine.pro/jsecoin.com/flightzy.bid/nerohut.com/flightsy.bid/coinpot.co/yololike.space/flightzy.win/zymerget.bid/bitcoin-pay.eu/freecontent.stream/authedwebmine.cz/zymerget.faith/hostingcloud.racing/mineralt.io/dinorslick.icu/coinhive.com/bms"
Pattern match: "ufpcdn.com/vdx.tv/ebaystatic.com/ad4m.at/00px.net/warumbistdusoarm.space/ownpage.fr/smct.io/ansira.com/photorank.me/fengkongcloud.com/vtex.com.br/vocento.com/ie8eamus.com/flocktory.com/justpremium.com/dynata.com/stripst.com/adskeeper.com/curalate.com/vptms"
Pattern match: "auth.adobe.com/^/horizonte.browserapps.amazon.com/^/horizonte.browserapps.amazon.de/^/horizonte.browserapps.amazon.ca/^/acrobatservices.adobe.com/^/signin.aws.amazon.com/^/horizonte-browserapps.amazon.com.br/^/zendesk.com/^/my.salesforce.com/^/disqus.com/^"
Pattern match: "mail.google.com/apps.fbsbx.com/fb.com/developers.google.com/friendfeed.com/social-tracker.msedgedemo.example/googlemail.com/facebook.com/plus.google.com/fbsbx.com/voice.google.com/facebook.de/facebook.fr/wave.google.com/twimg.com/orkut.com/twitter.jp/gmail"
Pattern match: "assets.db/MANIFEST-0000012023/09/12-17:02:33.680"
Pattern match: "www.iforumyomafrika.co.za/wp-content/plugins/wpforms-lite/assets/js/integrations/elementor/frontend.min.js?ver=1.8.1.3"
Pattern match: "www.iforumyomafrika.co.za/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js"
Pattern match: "www.iforumyomafrika.co.za/wp-content/uploads/astra-addon/astra-addon-632ef8c8f17803-85953986.js?ver=3.6.8"
Pattern match: "www.iforumyomafrika.co.za/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.7.2"
Pattern match: "www.iforumyomafrika.co.za/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.7.2"
Pattern match: "www.iforumyomafrika.co.za/wp-content/plugins/wpforms-lite/assets/lib/jquery.validate.min.js?ver=1.19.5"
Pattern match: "www.iforumyomafrika.co.za/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2"
Pattern match: "www.iforumyomafrika.co.za/wp-content/plugins/give/assets/dist/js/give-donation-summary.js?ver=2.27.2"
Pattern match: "www.iforumyomafrika.co.za/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.13.2"
Pattern match: "www.iforumyomafrika.co.za/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.13.2"
Pattern match: "www.iforumyomafrika.co.za/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6"
Pattern match: "www.iforumyomafrika.co.za/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.7.2"
Pattern match: "www.iforumyomafrika.co.za/wp-content/plugins/wpforms-lite/assets/js/wpforms.min.js?ver=1.8.1.3"
Pattern match: "www.iforumyomafrika.co.za/wp-content/plugins/give/assets/dist/js/give.js?ver=025b1e7cc9612693"
Pattern match: "www.iforumyomafrika.co.za/wp-content/plugins/wpforms-lite/assets/js/utils.min.js?ver=1.8.1.3"
Pattern match: "www.iforumyomafrika.co.za/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.13.2"
Pattern match: "www.iforumyomafrika.co.za/wp-content/themes/astra/assets/js/minified/style.min.js?ver=3.8.1"
Pattern match: "www.iforumyomafrika.co.za/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.11"
Pattern match: "www.iforumyomafrika.co.za/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2"
Pattern match: "www.iforumyomafrika.co.za/wp-includes/js/dist/hooks.min.js?ver=c6aec9a8d4e5a5d543a1"
Pattern match: "www.iforumyomafrika.co.za/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0"
Pattern match: "www.iforumyomafrika.co.za/wp-includes/js/dist/i18n.min.js?ver=7701b0c3857f914212ef"
Pattern match: "www.iforumyomafrika.co.za/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1"
Pattern match: "www.iforumyomafrika.co.za/wp-includes/js/wp-emoji-release.min.js?ver=6.3.1"
Pattern match: "www.iforumyomafrika.co.za/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2"
Pattern match: "www.iforumyomafrika.co.za/wp-includes/js/jquery/jquery.min.js?ver=3.7.0"
Pattern match: "www.iforumyomafrika.co.za/wp-includes/js/underscore.min.js?ver=1.13.4"
Pattern match: "www.iforumyomafrika.co.za/wp-includes/js/wp-util.min.js?ver=6.3.1"
Pattern match: "zadn.vn/ansira.com/fcmatch.google.com/origo.hu/fcmatch.youtube.com/refersion.com/flocktory.com/vtex.com.br/rqtrk.eu/vocento.com/fingerprinter.msedgedemo.example/"
Pattern match: "gimbal.com/thirdwatch.ai/fndrsp.net/analytics-tracker.msedgedemo.example/cuebiq.com/inrix.com/zoominfo.com/clarity.ms/"
Pattern match: "microsoftedgeinsider.com/Fabrikam^microsoftedgeinsider.com/VanArsdel^microsoftedgeinsider.com/"
Pattern match: "fcmatch.youtube.com/fcmatch.google.com/other-tracker.msedgedemo.example/"
Pattern match: "https://reactjs.org/docs/error-decoder.html?invariant=+e,o=1;o"
Pattern match: "http://www.w3.org/2000/svg"
Pattern match: "www.iforumyomafrika.co.za"
Pattern match: "www.iforumyomafrika.co.zaConnection"
Pattern match: "Math.PI/180"
Heuristic match: "creativity.kinchcorp.com"
Heuristic match: "draggedline.org"
Heuristic match: "drilledgas.org"
Heuristic match: "fonts.googleapis.com"
Heuristic match: "fonts.gstatic.com"
Heuristic match: "machinetext.org"
Heuristic match: "surelytheme.org"
Heuristic match: "throatpills.org"
Pattern match: "www.bing.com"
Pattern match: "Math.PI/180,grad:Math.PI/200,rad:1,turn:2*Math.PI},turn:{deg:1/360,grad:1/400,rad:.5/Math.PI,turn:1},s:{s:1,ms:.001},ms:{s:1e3,ms:1},Hz:{Hz:1,kHz:1e3},kHz:{Hz:.001,kHz:1},dpi:{dpi:1,dpcm:1/2.54,dppx:1/96},dpcm:{dpi:2.54,dpcm:1,dppx:2.54/96},dppx:{dpi:96,dp"
Pattern match: "https://github.com/microsoft/fast/issues/5848\n"
Pattern match: "www.klarna.com"
Pattern match: "www.google.com"
Pattern match: "www.gstatic.com"
Pattern match: "www.transunion.com"
Pattern match: "www.googletagmanager.com"
Pattern match: "www.facebook.com"
Pattern match: "www.googleadservices.com"
Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"
Pattern match: "http://www.w3.org/2000/svg};class"
Pattern match: "https://reactjs.org/docs/error-decoder.html?invariant=+e,i=1;i"
Pattern match: "https://aka.ms/EdgeSaveCardFAQ,gs.UseVirtualCardLearnMore=https://aka.ms/EdgeVirtualCardFAQ,gs.WalletSettings=edge://wallet/settings,gs.microsoftRewardsDashboardURL=https://rewards.microsoft.com/,gs.microsoftRewardsRedeemURL=https://rewards.microso"
Pattern match: "www.gap.com"
Pattern match: "www.gapfactory.com"
Pattern match: "www2.hm.com"
Pattern match: "www.gapcanada.ca"
Pattern match: "www2.factoryoutletstore.com"
Pattern match: "www2.invoicecloud.com"
Pattern match: "www1.ussailing.org"
Pattern match: "www2.doggysuperfoods.com"
Pattern match: "www1.agenciatributaria.gob.es"
Pattern match: "www9.agenciatributaria.gob.es"
Pattern match: "www.vaxvacationaccess.com"
Pattern match: "www2.promap.co.uk"
Pattern match: "www2.correios.com.br"
Pattern match: "www2.stanlycountync.gov"
Pattern match: "www2.registerblast.com"
Pattern match: "www5.maine.gov"
Pattern match: "www2.haircarerefined.com"
Pattern match: "www2.tonyprotein.com"
Pattern match: "www2.vinesse.com"
Pattern match: "www5.ibackup.com"
Pattern match: "www3.thedatabank.com"
Pattern match: "www2.helminc.com"
Pattern match: "www2.unifyhealthlabs.com"
Pattern match: "www3.benefitsolver.com"
Pattern match: "www1.nobexpartners.com"
Pattern match: "www6.agenciatributaria.gob.es"
Pattern match: "www2.kintsugihair.com"
Pattern match: "www2.lectinblocker.com"
Pattern match: "www1.hhrd.org"
Pattern match: "www6.lifeatworkportal.com"
Pattern match: "www3.mutualofomaha.com"
Pattern match: "www3.masterwriter.com"
Pattern match: "www1.carey.com"
Pattern match: "www2.gundrymdtotalrestore.com"
Pattern match: "www2.ymtvacations.com"
Pattern match: "www2.invisicrepe.com"
Pattern match: "www2.americanprofessional.com"
Pattern match: "www2.ambrose.edu"
Pattern match: "www1.netfirms.com"
Pattern match: "www2.agenciatributaria.gob.es"
Pattern match: "www1.12cloudpayroll.com"
Pattern match: "www2.bwproducers.com"
Pattern match: "www2.bhdpanama.com"
Pattern match: "www2.fl-dcf.org"
Pattern match: "www3.sylectus.com"
Pattern match: "www1.iaproducers.com"
Pattern match: "www1.mydomain.com"
Pattern match: "www1.payroo.com"
Pattern match: "www40.polyu.edu.hk"
Pattern match: "www2.csebo.it"
Pattern match: "www3.subcontrataley.cl"
Pattern match: "www4.texashealth.org"
Pattern match: "www2.drmartypets.com" - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Communicates with HTTP webserver (GET/POST requests)
-
Unusual Characteristics
-
Detected known bank URL artifact
- details
-
""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")
""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")
""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""beautiiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""beautyandwhiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""bellagracehealthscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""belleandbubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""beyondblessedscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""blingbykey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""boosted-luckey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""bowlingmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""burgeonbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")
""busybeescrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""cabbagekey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""coatsandscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""codenxtscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""cognitiontsscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""concreterosescrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com") - source
- File/Memory
- relevance
- 2/10
-
Detected known bank URL artifact
Session Details
No relevant data available.
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 25 processes in total.
-
rundll32.exe
"%WINDIR%\system32\ieframe.dll",OpenURL C:\sample.url
(PID: 6832)
-
msedge.exe
--single-argument http://www.iforumyomafrika.co.za/
(PID: 1976)
- msedge.exe --type=crashpad-handler "--user-data-dir=%LOCALAPPDATA%\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=%LOCALAPPDATA%\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=107.0.5304.110 "--annotation=exe=%PROGRAMFILES%\(x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=107.0.1418.56 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0x160,0x7ffe2f3bb208,0x7ffe2f3bb218,0x7ffe2f3bb228 (PID: 2316)
- msedge.exe --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:2 (PID: 7428)
- msedge.exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:3 (PID: 8156)
- msedge.exe --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2160 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:8 (PID: 2568)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --time-ticks-at-unix-epoch=-1694562268265624 --launch-time-ticks=1079020899 --mojo-platform-channel-handle=2840 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:1 (PID: 7616)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --time-ticks-at-unix-epoch=-1694562268265624 --launch-time-ticks=1079407223 --mojo-platform-channel-handle=2864 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:1 (PID: 6268)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3400 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:8 (PID: 3524)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4880 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:8 (PID: 4036)
- msedge.exe --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5008 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:8 (PID: 584)
- msedge.exe --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5088 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:8 (PID: 7268)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --time-ticks-at-unix-epoch=-1694562268265624 --launch-time-ticks=1086880260 --mojo-platform-channel-handle=5612 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:1 (PID: 7320)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4200 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:8 (PID: 6500)
- msedge.exe --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=4120 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:8 (PID: 4264)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4132 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:8 (PID: 7760)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4204 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:8 (PID: 7740)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5136 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:8 (PID: 6740)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:8 (PID: 7484)
- msedge.exe --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.16299.192 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5992 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:2 (PID: 1284)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4128 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:8 (PID: 1064)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5744 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:8 (PID: 5348)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4120 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:8 (PID: 4552)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5160 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:8 (PID: 5284)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6056 --field-trial-handle=1964,i,13433736213521022987,1844740717742802727,131072 /prefetch:8 (PID: 8008)
-
msedge.exe
--single-argument http://www.iforumyomafrika.co.za/
(PID: 1976)
Network Analysis
DNS Requests
Domain | Address | Registrar | Country |
---|---|---|---|
api.edgeoffer.microsoft.com
OSINT |
138.91.254.96
TTL: 1919 |
MarkMonitor, Inc.
Organization: Microsoft Corporation Name Server: NS1.MSFT.NET Creation Date: 1991-05-02T00:00:00 |
United States |
creativity.kinchcorp.com
OSINT |
37.221.67.161
TTL: 14400 |
FastDomain Inc.
Organization: KINCH CORPORATION Name Server: NS1.BLUEHOST.COM Creation Date: 1999-04-05T04:00:00 |
Russian Federation |
draggedline.org
OSINT |
194.169.175.229
TTL: 32 |
Registrar of Domain Names REG.RU LLC
Organization: Private Person Name Server: a.dnspod.com Creation Date: 2023-08-26T15:52:22 |
Germany |
drilledgas.org
OSINT |
194.169.175.229
TTL: 492 |
Registrar of Domain Names REG.RU LLC
Organization: Private Person Name Server: a.dnspod.com Creation Date: 2023-07-11T16:27:13 |
Germany |
fonts.googleapis.com
OSINT |
172.217.12.106
TTL: 45 |
MarkMonitor, Inc.
Organization: Google Inc. Name Server: NS1.GOOGLE.COM Creation Date: 2005-01-25T00:00:00 |
United States |
fonts.gstatic.com
OSINT |
142.250.189.227
TTL: 154 |
MarkMonitor, Inc.
Organization: Google Inc. Name Server: NS1.GOOGLE.COM Creation Date: 2008-02-11T00:00:00 |
United States |
machinetext.org
OSINT |
194.169.175.229
TTL: 600 |
Registrar of Domain Names REG.RU LLC
Organization: Private Person Name Server: a.dnspod.com Creation Date: 2023-09-01T17:26:03 |
Germany |
surelytheme.org
OSINT |
194.169.175.229
TTL: 600 |
Registrar of Domain Names REG.RU LLC
Organization: Private Person Name Server: a.dnspod.com Creation Date: 2023-07-11T16:27:10 |
Germany |
throatpills.org
OSINT |
194.169.175.229
TTL: 600 |
Registrar of Domain Names REG.RU LLC
Organization: Private Person Name Server: a.dnspod.com Creation Date: 2023-08-26T15:52:22 |
Germany |
www.bing.com |
23.62.46.5
TTL: 12924 |
- | United States |
www.iforumyomafrika.co.za |
169.239.217.28
TTL: 14400 |
- | South Africa |
Contacted Hosts
IP Address | Port/Protocol | Associated Process | Details |
---|---|---|---|
169.239.217.28 |
80
TCP |
msedge.exe PID: 8156 |
South Africa |
138.91.254.96 |
443
TCP |
msedge.exe PID: 8156 |
United States |
23.62.46.5 |
443
TCP |
msedge.exe PID: 8156 |
United States |
169.239.217.28 |
443
TCP |
msedge.exe PID: 8156 |
South Africa |
172.217.12.106 |
443
TCP |
msedge.exe PID: 8156 |
United States |
142.250.189.227 |
443
TCP |
msedge.exe PID: 8156 |
United States |
194.169.175.229 |
443
TCP |
msedge.exe PID: 8156 |
Germany |
37.221.67.161 |
443
TCP |
msedge.exe PID: 8156 |
Russian Federation |
142.250.189.227 |
443
UDP |
msedge.exe PID: 8156 |
United States |
23.62.46.14 |
443
UDP |
msedge.exe PID: 8156 |
United States |
23.62.46.15 |
443
UDP |
msedge.exe PID: 8156 |
United States |
Contacted Countries
HTTP Traffic
Endpoint | Request | URL | |
---|---|---|---|
169.239.217.28:80 (www.iforumyomafrika.co.za) | GET | www.iforumyomafrika.co.za/ | GET / HTTP/1.1
Host: www.iforumyomafrika.co.za
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9 301 Moved Permanently More Details |
Suricata Alerts
Event | Category | Description | SID |
---|---|---|---|
local -> 8.8.8.8:53 (UDP) | Exploit Kit Activity Detected | ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (drilledgas .org) | 2046879 |
local -> 194.169.175.229:443 (TCP) | Exploit Kit Activity Detected | ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (drilledgas .org) | 2046880 |
local -> 8.8.8.8:53 (UDP) | Exploit Kit Activity Detected | ET EXPLOIT_KIT TA569 Keitaro TDS in DNS Lookup (surelytheme .org) | 2047006 |
local -> 194.169.175.229:443 (TCP) | Exploit Kit Activity Detected | ET EXPLOIT_KIT TA569 Keitaro TDS in TLS SNI (surelytheme .org) | 2047007 |
local -> 8.8.8.8:53 (UDP) | A Network Trojan was detected | ET MALWARE SocGholish Domain in DNS Lookup (creativity .kinchcorp .com) | 2046785 |
local -> 37.221.67.161:443 (TCP) | A Network Trojan was detected | ET MALWARE SocGholish Domain in TLS SNI (creativity .kinchcorp .com) | 2046947 |
37.221.67.161 -> local:49751 (TCP) | Misc activity | ET INFO Observed ZeroSSL SSL/TLS Certificate | 2031231 |
Extracted Strings
Extracted Files
Displaying 50 extracted file(s). The remaining 309 file(s) are available in the full version and XML/JSON reports.
-
Informative Selection 50
-
-
1a550819-17ad-4e49-afa3-37ba45d3facd.tmp
- Size
- 60KiB (61873 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- f9eee1f5de689a0401e44a2e95fbbcb9
- SHA1
- b25a02c289bd5dc1efbaaf0b0f1ffdb21262fa02
- SHA256
- 59f056a959dc5351224141037da84641a33e820a51244d23a8fdd754a5b8fa66
-
1c89d9a9-9b58-45ac-962e-9a6ab590af04.tmp
- Size
- 61KiB (61964 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- 95fbaa13c9561b342bb89728b64ba876
- SHA1
- 0b22adaefff7ff09675dea6c1e67c62db22c1f84
- SHA256
- a658d29a16a467d54cd5fcb101221f2313d1b2e38854c3e929b73680805699bd
-
3b020834-89d5-4392-a155-8e9dd2edc98b.tmp
- Size
- 60KiB (61873 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- e2abff134ed078d4b5072208cd67888b
- SHA1
- fdfb97d907cd438d99b9dac0257ba1bd2d1469ee
- SHA256
- ed6fc10307e747dbf7de283b7b5825e8882e6595af1918e548765e9f22ac7a41
-
55387857-bd66-452f-98e8-d29dfc92ec0c.tmp
- Size
- 61KiB (61964 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- aead61f8720972386e8b2ba332975cc2
- SHA1
- 5f1fc81b778876bffbefc1ffcd206905c6d3f074
- SHA256
- 16241ee2bf5d07b9ea294de3b86778506d297240a2c2686f1a74cad0ef303995
-
6eb6e633-6623-4c49-a18e-a4e5d56c7e49.tmp
- Size
- 60KiB (61872 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- 0bf8f4ad8aa5e5937d1c0bed16a3d4b0
- SHA1
- 98b4ceed5756ded8cb243cde8d4bbcaeeaee3b3c
- SHA256
- 567f2298b0a60b11aac34ddc625b20e6156cf369123d0fd153a9d6d55e5008a6
-
2d097213-0e8f-44ed-9766-a89403f874c5.tmp
- Size
- 91KiB (93083 bytes)
- Type
- data
- Description
- JSON data
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- 6eb81dbb583051a8de3b294ceae1e7b6
- SHA1
- b29104551042bf1f35e89edd214fbc84051821eb
- SHA256
- d4db5ff53c952f15344cbbe9e7f1cddfa5f4fc18523d34aa57024582d759c1c8
-
settings.dat
- Size
- 280B (280 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 2316)
- MD5
- ad0bc7a515cdef716546f1fe7dffce24
- SHA1
- 1211554ababfbadba842f3c900fdd9d76e3186a0
- SHA256
- ff788ad9260235970674c12b2c4faa4c1825b6cbe3b471b8de23ef1ae13b1a56
-
8116d7f8-c2e2-47bb-941e-15cacdf18198.tmp
- Size
- 1B (1 bytes)
- Type
- unknown
- Description
- very short file (no magic)
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- 5058f1af8388633f609cadb75a75dc9d
- SHA1
- 3a52ce780950d4d969792a2559cd519d7ee8c727
- SHA256
- cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
-
8b3d24d9-0b83-4401-8c0c-704f76cbbb1f.tmp
- Size
- 22KiB (22713 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- b25656f2ce46ff4e94f97fd90cb72705
- SHA1
- 818525f567a8bcaa050d1be0ce5c7b6e0d459178
- SHA256
- 35a69ee34966a0d564a7d14c16ed2e41b2b88c50d4c37be7475619c51d6be768
-
8ce61e11-4b84-4ed7-a852-976dacb186fb.tmp
- Size
- 22KiB (22911 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- 17ff0c6997a43d32b7fbfcd039071f2c
- SHA1
- 561f9cea92564f3754db4dbf1b31169d6f5714be
- SHA256
- 15c4a0681373bda272c1434177f69313456900078e7b1294e574431e8af0d273
-
9e07739b-34f2-4f1b-9f5f-90d72e870ec1.tmp
- Size
- 22KiB (22713 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- d68069842127ddd2ab21dc3aeefc66e7
- SHA1
- 8ddee9d92ee006c93ef7f99618ff95435098cd39
- SHA256
- c4d9073038ad8a2689b77b5fb3048415920f3525c7fb76b499f5e412aa6a90bf
-
000001.dbtmp
- Size
- 16B (16 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- 46295cac801e5d4857d09837238a6394
- SHA1
- 44e0fa1b517dbf802b18faf0785eeea6ac51594b
- SHA256
- 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
-
000003.log
- Size
- 33B (33 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- f27314dd366903bbc6141eae524b0fde
- SHA1
- 4714d4a11c53cf4258c3a0246b98e5f5a01fbc12
- SHA256
- 68c7ad234755b9edb06832a084d092660970c89a7305e0c47d327b6ac50dd898
-
LOG
- Size
- 311B (311 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- 23b1718b8cc519fcfa2e10304533437e
- SHA1
- 92d1902c975cfd65747c5a1d99bf082e8babc7c8
- SHA256
- 360072c8cabcb5efafe81ca663e72422b4ef85a59e8788e2d8efc9556debbf40
-
MANIFEST-000001
- Size
- 41B (41 bytes)
- Type
- unknown
- Description
- PGP Secret Key -
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- 5af87dfd673ba2115e2fcf5cfdb727ab
- SHA1
- d5b5bbf396dc291274584ef71f444f420b6056f1
- SHA256
- f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
-
000003.log
- Size
- 420KiB (429683 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- 1c6caefcc33d5bccc95d84703446c0bb
- SHA1
- 0973896d7a6e4c6747d920a4e426516d86e9c419
- SHA256
- 1a07e89add269f5007e4b8b39617e1ebee87231f9e4d5ee32c6d52f70868e3dc
-
LOG
- Size
- 338B (338 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- 6438f5f93d91db3ebed7b5e6e2f2b330
- SHA1
- 90b109e06dbc5a4e37df8d8f62d3402897bfada9
- SHA256
- 1ada62174318c9fa7c8b43494273e7b5e3f5569482a58ba18dc71f7dd38e43c6
-
data_0
- Size
- 152KiB (155648 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- 1cc895498321b28494d8edbe0cb70e51
- SHA1
- 7234779d798f6eea06c4c912f2ba283b8326c42e
- SHA256
- 51ffd36ab73c39ed4ea5657ee1369b7fdac7397bd055a4965ea1581454265c83
-
data_1
- Size
- 1.3MiB (1318912 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- eba78b0f4e94089b1c9e7c30a05ffa5f
- SHA1
- 50bfe7f962e74956cb6112f0ea614f7b94cde9b2
- SHA256
- b14b0a21a9afb00d5667952c6b4af2d65d416a9086b4a52a08d48920e5758298
-
data_2
- Size
- 3MiB (3153920 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- 268b1fa896fa9bd713696d0526146e74
- SHA1
- 910d77036411b180f23294bb64c0608e196a1792
- SHA256
- 96f38a4390a53bcdc86f46bd2ff9bc3ba47419b5bcbc4283e646b03788433500
-
data_3
- Size
- 5MiB (5246976 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- f9f94e83ccdad22a411176eeac0851e0
- SHA1
- 65614a03ef69c37d6103476f75eba9c1e8d1bf04
- SHA256
- 0c7ce17fbdc7f4a246381d91ceee0d36807b51a1f63ea4cf06976cdbb7b5e9d7
-
f_0004c3
- Size
- 25KiB (25358 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 152843
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- 5d7694aaf72cf0676bcf600180eae102
- SHA1
- 41acb836911b2933689d141696b91771dd3b48b6
- SHA256
- d135735574209d60f81b4b298a474d4989af4b71796c36a51377fc5988e96698
-
f_0004c4
- Size
- 30KiB (30343 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 87482
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- 82baac247d4db91cc1f49c6cf98b4355
- SHA1
- 4f52fadd01e90d714aa6e313dc241c9cc46238ea
- SHA256
- ec3c39d8c6b9e0d6925cee375e3b1fe4252e9d046cedf0f497a163c4149addbc
-
f_0004c5
- Size
- 53KiB (54400 bytes)
- Type
- img image
- Description
- JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x300, components 3
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- 55d3a5df39323057893b9636f30c29e8
- SHA1
- 647fe5fc7b4ed3dd96c0f9f0bf815739b968c55c
- SHA256
- a8e313ddefc617b273689ac42f0ea518e6e134064cf1d31d7b27de79e4c3c884
-
f_0004c6
- Size
- 50KiB (51190 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 159534
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- 081603013998749edaffed40498d998f
- SHA1
- 3776cdb60c213371676837091b0cd651dbf5a26d
- SHA256
- e9eccadad4c60f468f389a3f1138017d2d85d7226f19f64e6bb33ebf0fd21b11
-
f_0004c7
- Size
- 18KiB (18664 bytes)
- Type
- unknown
- Description
- Web Open Font Format (Version 2), TrueType, length 18664, version 1.0
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- 8d1c44b2bf75a4e6f1bd141f9a965f4f
- SHA1
- 1e5dfdb7ca5ee8e823f9f5787f84b18fbdc38434
- SHA256
- 441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709
-
f_0004c8
- Size
- 18KiB (18856 bytes)
- Type
- unknown
- Description
- Web Open Font Format (Version 2), TrueType, length 18856, version 1.0
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- 9b52bd7bb49d1d47f2b0401b0cb4af35
- SHA1
- 65bc8c65415dc29f93986ed868b2c111dc5d5f82
- SHA256
- c87fcac153783ea615f856ad1c0e12791952c39b8ddde7f11fa3d47c0a3b3998
-
f_0004c9
- Size
- 76KiB (78196 bytes)
- Type
- unknown
- Description
- Web Open Font Format (Version 2), TrueType, length 78196, version 331.34275
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- e8a427e15cc502bef99cfd722b37ea98
- SHA1
- a9922842a120a7f1eaced667480c5e185a106d69
- SHA256
- d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
-
f_0004ca
- Size
- 75KiB (76764 bytes)
- Type
- unknown
- Description
- Web Open Font Format (Version 2), TrueType, length 76764, version 331.34275
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- f7307680c7fe85959f3ecf122493ea7d
- SHA1
- fce0da592a3e536d6d5df5b50cb513398d8c5161
- SHA256
- 43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
-
f_0004cb
- Size
- 51KiB (52548 bytes)
- Type
- img image
- Description
- JPEG image data, JFIF standard 1.01, resolution (DPCM), density 37x37, segment length 16, progressive, precision 8, 740x493, components 3
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- 1a27ae87f8f4ba5bbafb6c1c4568c540
- SHA1
- 7d9f643f938e9a95bd694a639014ff5c6f214b85
- SHA256
- d7f088a26fed1ead23b18fee3909ce9f9cdad32a8e3a18a5c0c3e32753115681
-
f_0004cc
- Size
- 24KiB (24671 bytes)
- Type
- img image
- Description
- JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, description=Studio shot of unrecognizable women holding hands huddled together against a grey background\377\341\005], progressive, precision 8, 612x459, components 3
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- 5a2242408b201529f26e8c121d92d028
- SHA1
- 9ae4625124a963ff3b9d91aeaf46673958b58a9b
- SHA256
- 89cbe71b5c573e5b689d33044b5312b5dc386f6d5a4607bb20acd1b23b0b8b5b
-
f_0004cd
- Size
- 35KiB (35491 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 139153
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- f2f239cb6e82311cd197aa5888632811
- SHA1
- e2376a981fa3bf8e7e36e86b979f3a3ea6443d29
- SHA256
- c4ceac2088d1b38f5263c50bdfb2e54ed643186248b3a81c5850214b55336e4d
-
f_0004ce
- Size
- 18KiB (18604 bytes)
- Type
- unknown
- Description
- Web Open Font Format (Version 2), TrueType, length 18604, version 1.0
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- 4b6914a69e6a586fbe253f73d19d90b0
- SHA1
- 1f965709606b88830826c45ef0ebcfe3484aa674
- SHA256
- 25f33e61cf995abd6be62931cf03bf427286259177b43618cc410ee0157cfd30
-
f_0004cf
- Size
- 51KiB (52548 bytes)
- Type
- img image
- Description
- JPEG image data, JFIF standard 1.01, resolution (DPCM), density 37x37, segment length 16, progressive, precision 8, 740x493, components 3
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- 1a27ae87f8f4ba5bbafb6c1c4568c540
- SHA1
- 7d9f643f938e9a95bd694a639014ff5c6f214b85
- SHA256
- d7f088a26fed1ead23b18fee3909ce9f9cdad32a8e3a18a5c0c3e32753115681
-
f_0004d0
- Size
- 165KiB (168514 bytes)
- Type
- img image
- Description
- JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 2560x1707, components 3
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- 4b4beaf8b3473438127b0d173b5a6d9d
- SHA1
- e43b953714683ba8913573a87ab9280568410404
- SHA256
- 58f4e62019eff91f6e4ef5208f4f43ace95e300e437350930a5682849d9a6fef
-
f_0004d1
- Size
- 290KiB (297461 bytes)
- Type
- img image
- Description
- JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1921x1080, components 3
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- f6ed16b855702bde66fd2f52926bc831
- SHA1
- c3a92229a7cccb5479166fd352b18162d275f9d4
- SHA256
- 7e860fa54a3d75990b526baa1a087ce630cb6e0cac1fa9a37105c26bf36b94ea
-
f_0004d2
- Size
- 515KiB (527722 bytes)
- Type
- img image
- Description
- JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1921x1081, components 3
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- e6c1c136006d4d3bd6033fe73441cf6a
- SHA1
- 42398cc9e2e94b9c64d0b02f3cde3a3c8b94e27a
- SHA256
- 19b9eba38eaf89b6f14dc6111046fda3aa314e4116124753f28aed7ec1d41c0e
-
f_0004d3
- Size
- 544KiB (557382 bytes)
- Type
- img image
- Description
- JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1921x1081, components 3
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- d9c49f54712ebcd584289a6999274e7b
- SHA1
- ea1e2db70850f0697a364187a1c66c312c9f9830
- SHA256
- 57d3db4dc2f4b4dac1cac86a5d47695160ac7e529e57e794b90366925810c513
-
f_0004d4
- Size
- 631KiB (646461 bytes)
- Type
- img image
- Description
- PNG image data, 807 x 519, 8-bit/color RGBA, non-interlaced
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- 5ddbd4468555206ea2067b2f7d55566b
- SHA1
- 8a1334f642cce130eaeec86d86868ed2b8c78215
- SHA256
- 8d0d09aaca3f34d9ea704dfd8c30a1cc971e21125317d45155058935bb0d4f8d
-
f_0004d5
- Size
- 26KiB (26207 bytes)
- Type
- img image
- Description
- PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
- Runtime Process
- msedge.exe (PID: 8156)
- MD5
- 151430b237b0de950faad55dc7e83387
- SHA1
- 4b53c65cdbc6dc9d02f670e6cbde55c85898cbd6
- SHA256
- 666a8cf2a0f6cf2559753a3a3165899fcd9cfa1abf1fcfbd579b8edb58298b1e
-
07bb7cd3c3add05e_0
- Size
- 279B (279 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- 327b660425e19a01df78305f11ee7707
- SHA1
- 3be0eddd5ed1c2b079ccff477b0aa6a4aa891248
- SHA256
- f8ea64efaf7284165e9fa9872231a2e082482abad8cb9a1a9f40d3935165ffa8
-
09e976d54b45a4db_0
- Size
- 281B (281 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- 0fd22df4a4475039a10cd641f28c97d2
- SHA1
- a55c4b20026c197e2ab42a41197dea63822db3a7
- SHA256
- 40871f645358d7d8dee3020b9f52237421769840b37436094cdb3dc48bb01dc2
-
110f128ad06afccf_0
- Size
- 255B (255 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- 8c3ccb071cce09a7e315f8b8eee2cff9
- SHA1
- 224ea8ef5b733acba5174f03041a8297eae1ab6a
- SHA256
- 7db03ff1fe589ba4285c40f54a8778fcc199c2c7fc385b7b9a046a87bcb93251
-
1804b1c55899a23e_0
- Size
- 267B (267 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- 6598af49d16ed93b8edd9a7ee0cc7336
- SHA1
- 83589f9a43525c34ec5ec25cbbcc946ac0aa4766
- SHA256
- 1335afda7f83a502e6567085263d87dace05f092a5e744db7b8ecb5ea1fa0e8d
-
18a9e11fc6a3d3b6_0
- Size
- 249B (249 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- e9f66ca0da9e41154b108e841188b23a
- SHA1
- bdbf24b70529abde7f6fe18f012c4aa734c15108
- SHA256
- 7af52ad77a5ef85e157804072f36e8053f80f9fc9a0c22e34a9b42914643259f
-
1f28287f0d45d435_0
- Size
- 258B (258 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- 8b42cdc756dcb402f234c1378b2e022f
- SHA1
- c16b2b04a6cfaad56338bd5bbf663698d282f4f6
- SHA256
- 5e65fa0250eefb658adc8e366bd40e6a3913b634acb885e9321033c983591d6a
-
203f9d32a361dcfe_0
- Size
- 275B (275 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- ebfac3a5f2192640a2cdc168e28f825c
- SHA1
- fde198e2e1577edcce66171c40af80f6f8f469b0
- SHA256
- 70a99513973c30e39283eda97f6d50b7e0ca83727dd0337f141b910bd1b2f945
-
29c77761fbe6b1b6_0
- Size
- 274B (274 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- dfbe0b683208c7634bf96dcc9e04070e
- SHA1
- 4c2021aae38d8a1db8381e2ab968c5e6c85e84fd
- SHA256
- 62b16b7e86e497cf2b18c5ab4042fdc98121d2450dbebecb55c311aa8d533783
-
40678a7de162da1d_0
- Size
- 250B (250 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- 5cc0b675075716b11cf2d91bea635b69
- SHA1
- 3ac5c3d0b81e00e4e1926ea1772398d2d9a1b6e2
- SHA256
- b8de2cf9d3d5f406dc332c8ec24f383ee8f1ac22f75bab339f18bbc768551e2c
-
42100481f42d8fe9_0
- Size
- 267B (267 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1976)
- MD5
- 39872045603c0b6f1a9c27be7269ede5
- SHA1
- 889d0acce6b93eb65fcf4bf6c7a09c579804debc
- SHA256
- d630cc116fa6228444079a61a57c571e123f8efd3c7175698f6c480a2bc3c210
-
Notifications
-
Runtime
- Not all IP/URL string resources were checked online
- Not all created files are visible for msedge.exe (PID: 1976)
- Not all file accesses are visible for msedge.exe (PID: 1064)
- Not all file accesses are visible for msedge.exe (PID: 1284)
- Not all file accesses are visible for msedge.exe (PID: 1976)
- Not all file accesses are visible for msedge.exe (PID: 2316)
- Not all file accesses are visible for msedge.exe (PID: 2568)
- Not all file accesses are visible for msedge.exe (PID: 3524)
- Not all file accesses are visible for msedge.exe (PID: 4036)
- Not all file accesses are visible for msedge.exe (PID: 4264)
- Not all file accesses are visible for msedge.exe (PID: 4552)
- Not all file accesses are visible for msedge.exe (PID: 5284)
- Not all file accesses are visible for msedge.exe (PID: 5348)
- Not all file accesses are visible for msedge.exe (PID: 584)
- Not all file accesses are visible for msedge.exe (PID: 6268)
- Not all file accesses are visible for msedge.exe (PID: 6500)
- Not all file accesses are visible for msedge.exe (PID: 6740)
- Not all file accesses are visible for msedge.exe (PID: 7268)
- Not all file accesses are visible for msedge.exe (PID: 7320)
- Not all file accesses are visible for msedge.exe (PID: 7428)
- Not all file accesses are visible for msedge.exe (PID: 7484)
- Not all file accesses are visible for msedge.exe (PID: 7616)
- Not all file accesses are visible for msedge.exe (PID: 7740)
- Not all file accesses are visible for msedge.exe (PID: 7760)
- Not all file accesses are visible for msedge.exe (PID: 8008)
- Not all file accesses are visible for msedge.exe (PID: 8156)
- Some low-level data is hidden, as this is only a slim report
- This URL analysis has missing honeyclient data
- Not all sources for indicator ID "string-23" are available in the report
- Not all sources for indicator ID "string-169" are available in the report