https://mega.nz/file/Cv4jyTQY#h_JBKVoerUcplsC0VJzdVDJR2LMxfDbjs0xMs4aQuO0
This report is generated from a file or URL submitted to this webservice on August 19th 2023 21:09:59 (UTC) and action script Default browser analysis
Guest System: Windows 10 64 bit, Professional, 10.0 (build 16299),
Report generated by
Falcon Sandbox v10.2.0 © Hybrid Analysis
Incident Response
Risk Assessment
- Evasive
- Possibly checks for the presence of an Antivirus engine
- Network Behavior
- Contacts 6 domains and 7 hosts. View all details
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Suspicious Indicators 3
-
Anti-Detection/Stealthyness
-
Possibly checks for the presence of an Antivirus engine
- details
-
""superantispyware.recurly.com"," (Indicator: "superantispyware") in Source: wallet-checkout-eligible-sites.json
""totaldefense.com"," (Indicator: "totaldefense") in Source: wallet-checkout-eligible-sites.json - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1518.001 (Show technique in the MITRE ATT&CK™ matrix)
-
Possibly checks for the presence of an Antivirus engine
-
External Systems
-
Sample was identified as malicious by at least one Antivirus engine
- details
- 1/90 Antivirus vendors marked sample as malicious (1% detection rate)
- source
- External System
-
Sample was identified as malicious by at least one Antivirus engine
-
Network Related
-
Found potential IP address in binary/memory
- details
-
Potential IP "1.5.75.75" found in string "d="M10 2a8 8 0 110 16 8 8 0 010-16zm0 10.5a.75.75 0 100 1.5.75.75 0 000-1.5zM10 6a.5.5 0 00-.5.41v4.68a.5.5 0 001 0V6.41A.5.5 0 0010 6z""
Potential IP "192.168.1.3" found in string ""192.168.1.3","
Potential IP "192.168.1.1" found in string ""192.168.1.1"," - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Found potential IP address in binary/memory
-
Informative 10
-
External Systems
-
Detected Suricata Alert
- details
-
Detected alert "ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent" (SID: 2027390, Rev: 4, Severity: 3) categorized as "Misc activity"
Detected alert "ET INFO Microsoft Connection Test" (SID: 2031071, Rev: 4, Severity: 3) categorized as "Misc activity"
Detected alert "ET INFO Windows OS Submitting USB Metadata to Microsoft" (SID: 2025275, Rev: 4, Severity: 3) categorized as "Misc activity"
Detected alert "ET INFO Observed DNS Query to Filesharing Service (mega .co .nz)" (SID: 2039584, Rev: 1, Severity: 3) categorized as "Misc activity" - source
- Suricata Alerts
- relevance
- 10/10
-
Detected Suricata Alert
-
General
-
Contacts server
- details
-
"31.216.144.5:443"
"138.91.254.96:443"
"162.208.16.210:443"
"66.203.125.15:443"
"20.99.186.246:443"
"104.46.162.224:443"
"31.216.145.5:443" - source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Creates mutants
- details
-
"Local\SM0:6860:304:WilStaging_02"
"SM0:6860:304:WilStaging_02"
"InternetShortcutMutex"
"Local\SM0:6860:120:WilError_01"
"SM0:6860:120:WilError_01" - source
- Created Mutant
- relevance
- 3/10
-
Found a reference to a known community page
- details
-
file/memory contains long string with (Indicator: "facebook.com"; File: "Social")
Found string "zadn.vn/ansira.com/fcmatch.google.com/origo.hu/fcmatch.youtube.com/refersion.com/flocktory.com/vtex.com.br/rqtrk.eu/vocento.com/fingerprinter.msedgedemo.example/" (Indicator: "youtube"; File: "Fingerprinting")
Found string "fcmatch.youtube.com/fcmatch.google.com/other-tracker.msedgedemo.example/" (Indicator: "youtube"; File: "Other")
Found string ""baysidebuddy.com"," (Indicator: "ebuddy.com"; File: "wallet-pre-stable.json")
Found string ""comeherebuddy.com"," (Indicator: "ebuddy.com"; File: "wallet-pre-stable.json")
Found string ""www.facebook.com"," (Indicator: "facebook.com"; File: "wallet-pre-stable.json")
Found string ""linkedin.com"," (Indicator: "linkedin.com"; File: "wallet-pre-stable.json")
Found string ""paypal.com"," (Indicator: "paypal"; File: "wallet-checkout-eligible-sites-pre-stable.json")
Found string ""netflix.com"," (Indicator: "netflix.com"; File: "wallet-checkout-eligible-sites.json")
Found string ""ads.twitter.com"," (Indicator: "twitter"; File: "wallet-checkout-eligible-sites.json")
Found string ""ipnpb.paypal.com"," (Indicator: "paypal"; File: "wallet-checkout-eligible-sites.json")
Found string ""youtube.com"," (Indicator: "youtube"; File: "wallet-checkout-eligible-sites.json")
Found string ""developer.twitter.com"," (Indicator: "twitter"; File: "wallet-checkout-eligible-sites.json")
Found string ""securepayments.paypal.com"," (Indicator: "paypal"; File: "wallet-checkout-eligible-sites.json")
Found string ""payflowlink.paypal.com"," (Indicator: "paypal"; File: "wallet-checkout-eligible-sites.json")
Found string ""tubebuddy.com"," (Indicator: "ebuddy.com"; File: "wallet-checkout-eligible-sites.json")
Found string ""music.youtube.com"," (Indicator: "youtube"; File: "wallet-checkout-eligible-sites.json") - source
- File/Memory
- relevance
- 2/10
-
Queries DNS server
- details
-
"api.edgeoffer.microsoft.com"
"arc.msn.com"
"g.api.mega.co.nz"
"mega.nz"
"na.static.mega.co.nz"
"self.events.data.microsoft.com" - source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071.004 (Show technique in the MITRE ATT&CK™ matrix)
-
Contacts server
-
Installation/Persistence
-
Dropped files
- details
-
"data_3" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3]- [targetUID: 00000000-00000824]
"edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\6248_441698199\edge_driver.js]- [targetUID: 00000000-00006472]
"data_2" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2]- [targetUID: 00000000-00000824]
"Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\35\scoped_dir6248_1328562368\Ruleset Data]- [targetUID: 00000000-00006248]
"wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]
"wallet-pre-stable.json" has type "ASCII text"- [targetUID: N/A]
"wallet-stable.json" has type "ASCII text"- [targetUID: N/A]
"recovery-component-inner.crx" has type "Google Chrome extension version 3"- Location: [%TEMP%\6248_1450284276\recovery-component-inner.crx]- [targetUID: 00000000-00005548]
"Filtering Rules" has type "data"- Location: [%TEMP%\6248_1777281347\Filtering Rules]- [targetUID: 00000000-00006248]
"b6e58af8-3199-4ffa-9efd-415372270134.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 7490265"- Location: [%TEMP%\b6e58af8-3199-4ffa-9efd-415372270134.tmp]- [targetUID: 00000000-00006248]
"vendor.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\6248_441698199\vendor.bundle.js]- [targetUID: 00000000-00006472]
"wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\6248_441698199\Wallet-Checkout\wallet-drawer.bundle.js]- [targetUID: 00000000-00006248]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1]- [targetUID: 00000000-00000824]
"load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\load_statistics.db-wal]- [targetUID: 00000000-00006248]
"bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\6248_441698199\bnpl\bnpl.bundle.js]- [targetUID: 00000000-00006472]
"wallet-checkout-eligible-sites.json" has type "ASCII text"- Location: [%TEMP%\6248_441698199\json\wallet\wallet-checkout-eligible-sites.json]- [targetUID: 00000000-00006472]
"tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\6248_441698199\Tokenized-Card\tokenized-card.bundle.js]- [targetUID: 00000000-00006472]
"notification.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\6248_441698199\Notification\notification.bundle.js]- [targetUID: 00000000-00006472]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log]- [targetUID: 00000000-00004280]
"Filtering Rules-AA" has type "data"- Location: [%TEMP%\6248_1777281347\Filtering Rules-AA]- [targetUID: 00000000-00006248]
"load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\load_statistics.db]- [targetUID: 00000000-00006248]
"notification_fast.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]
"miniwallet.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\GrShaderCache\data_1]- [targetUID: 00000000-00000824]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\DawnCache\data_1]- [targetUID: 00000000-00000824]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\ShaderCache\data_1]- [targetUID: 00000000-00000824]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\GPUCache\data_1]- [targetUID: 00000000-00000824]
"edge_autofill_field_data.json" has type "JSON data"- Location: [%TEMP%\6248_2127725966\edge_autofill_field_data.json]- [targetUID: 00000000-00006248]
"f_0004e0" has type "Web Open Font Format (Version 2) TrueType length 184076 version 2.983"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004e0]- [targetUID: 00000000-00000824]
"f_0004e1" has type "Web Open Font Format (Version 2) TrueType length 182708 version 2.983"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004e1]- [targetUID: 00000000-00000824]
"History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\History]- [targetUID: 00000000-00006248]
"wallet-checkout-eligible-sites-pre-stable.json" has type "ASCII text"- Location: [%TEMP%\6248_441698199\json\wallet\wallet-checkout-eligible-sites-pre-stable.json]- [targetUID: 00000000-00006248]
"Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Web Data]- [targetUID: 00000000-00006248]
"Visited Links" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Visited Links]- [targetUID: 00000000-00006248]
"f_0004c5" has type "gzip compressed data was "mega-2_2ea661681e1b0146646f1dae8c5189ebad87c371f5f7aaa4d477b78cd060b187.js" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 523285"- [targetUID: N/A]
"data_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0]- [targetUID: 00000000-00000824]
"f_0004d2" has type "gzip compressed data was "mega-3_5528e11a7bd62b5b744d83d108ccaa369d8fd40247886bd11c64fce7e2013715.css" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 744204"- [targetUID: N/A]
"Tabs_13336953182961646" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sessions\Tabs_13336953182961646]- [targetUID: 00000000-00006248]
"f_0004c8" has type "gzip compressed data was "mega-5_ac724c1050ae8063d083f292ed57c3b0126fccdf5f538b16a3b53d5ef3c317e0.js" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 506432"- [targetUID: N/A]
"f_0004c7" has type "gzip compressed data was "mega-4_fcbac362059d447a3e1d0c8bd4576711e45b778dfca4b41169c8cd71e58ebede.js" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 505233"- [targetUID: N/A]
"f_0004d6" has type "gzip compressed data was "mega-15_0f80287fa5b32a23f46cd5aa9672882c4c4ea55c3d87768df9e3072de821ba5e.js" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 523150"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d6]- [targetUID: 00000000-00000824]
"f_0004c4" has type "gzip compressed data was "mega-1_b2b322241902d729911f514f678ed7ba7fdd827fc7a83fd336c004535111c645.js" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 409812"- [targetUID: N/A]
"f_0004cd" has type "gzip compressed data was "mega-9_b70392dbd0364032f690782ef6ea4f4baa94e0d7c17c7b99c1a81ec7a0648eea.js" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 508933"- [targetUID: N/A]
"f_0004c9" has type "gzip compressed data was "mega-6_a1e7c804507b0b46b6d6de1077894de20f3fc2be59803eb5217727d8e41c9363.js" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 499250"- [targetUID: N/A]
"f_0004c6" has type "gzip compressed data was "mega-3_a7a700bcef59cdf0794d026cb842bfd961b4b5a1c714835810b99620ea861405.js" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 479450"- [targetUID: N/A]
"f_0004cb" has type "gzip compressed data was "templates_0ae3d429ab30f80e555bffc257bf5e00c8edf173d347db5761689179a8d757b0.json" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 761198"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004cb]- [targetUID: 00000000-00000824]
"f_0004cf" has type "gzip compressed data was "mega-10_ff8ad63e5e6a0e4978790d62ac8947134b7572d6849d4e643cbd3ae66c2f3e89.js" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 521077"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004cf]- [targetUID: 00000000-00000824]
"f_0004d3" has type "gzip compressed data was "mega-13_abdf1f913f77eab267c5bce5f877b9756cf829176311eaca2c49cb172ff77d11.js" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 519689"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d3]- [targetUID: 00000000-00000824]
"f_0004cc" has type "gzip compressed data was "mega-8_921b8d5e81c87508ddc7fa07f4ba68362f9f1f378b6f77005c6e24f6d9b057d0.js" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 504651"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004cc]- [targetUID: 00000000-00000824]
"f_0004dd" has type "PNG image data 399 x 7652 8-bit colormap non-interlaced"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004dd]- [targetUID: 00000000-00000824]
"6c02b05d-432a-4e36-8403-3da5975598c3.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Ad Blocking\6c02b05d-432a-4e36-8403-3da5975598c3.tmp]- [targetUID: 00000000-00006248]
"f_0004d1" has type "gzip compressed data was "mega-12_4676f4d1d44308d1e42f31250ea6fdbf6bad6c5a32bb02dbab9f62866b1725d9.js" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 439256"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d1]- [targetUID: 00000000-00000824]
"f_0004d9" has type "Web Open Font Format (Version 2) TrueType length 90132 version 2.655"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d9]- [targetUID: 00000000-00000824]
"f_0004c3" has type "gzip compressed data was "en_4dfb4ca419458c488f75accf77262bee9c97c4a4d7d4b2223260d21dee7dd55c.json" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 329506"- [targetUID: N/A]
"Diagnostic Data-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]
"f_0004df" has type "gzip compressed data was "sprites-fm-uni-uni.f696ebae01108c3a.svg" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 388767"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004df]- [targetUID: 00000000-00000824]
"f_0004ca" has type "gzip compressed data was "mega-1_d5aa2c92f86887a5185a82d1c422512eb9037d4b1fe4294e8151fc67d1fe3503.css" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 475160"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004ca]- [targetUID: 00000000-00000824]
"f_0004d4" has type "gzip compressed data was "mega-14_8a8ba0ed3765ec72dbb2a87892e07caa14e0c36bb68caf8e7852821d7011bfc4.js" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 399724"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d4]- [targetUID: 00000000-00000824]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-hub\ru\strings.json]- [targetUID: 00000000-00006472]
"f_0004de" has type "PNG image data 853 x 1363 8-bit colormap non-interlaced"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004de]- [targetUID: 00000000-00000824]
"Entities" has type "UTF-8 Unicode text"- Location: [%TEMP%\6248_2030756280\Mu\Entities]- [targetUID: 00000000-00000824]
"f_0004d7" has type "gzip compressed data was "mega-16_3709d7940119b2ffa86ae6eb28da930ad3e87c642bbcf3b1bdb80628f172ef06.js" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 322520"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d7]- [targetUID: 00000000-00000824]
"b37f4358-799b-4a37-9657-d99c3a98df3f.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\b37f4358-799b-4a37-9657-d99c3a98df3f.tmp]- [targetUID: 00000000-00006248]
"781e3279-f59f-4574-8820-2545a8d24c06.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\781e3279-f59f-4574-8820-2545a8d24c06.tmp]- [targetUID: 00000000-00006248]
"cd2a49d2-75a3-4191-95ca-8ffa4fe4ccba.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"c61ac627-4b5c-4af5-84a8-9846dd843214.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\c61ac627-4b5c-4af5-84a8-9846dd843214.tmp]- [targetUID: 00000000-00006248]
"7a8cfb9b-65fc-4c67-803e-e4a75d75fa19.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\7a8cfb9b-65fc-4c67-803e-e4a75d75fa19.tmp]- [targetUID: 00000000-00006248]
"c05a07a5-7a2d-4213-8229-0b5ae14f005e.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\c05a07a5-7a2d-4213-8229-0b5ae14f005e.tmp]- [targetUID: 00000000-00006248]
"997def38-0946-48e4-a5a5-5a3850ef5b69.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\997def38-0946-48e4-a5a5-5a3850ef5b69.tmp]- [targetUID: 00000000-00006248]
"434a7843-16ef-4a92-89df-bed5cd5e0545.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\434a7843-16ef-4a92-89df-bed5cd5e0545.tmp]- [targetUID: 00000000-00006248]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-hub\ar\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-hub\ja\strings.json]- [targetUID: 00000000-00006472]
"Network Action Predictor" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network Action Predictor]- [targetUID: 00000000-00006248]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-hub\fr-CA\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-hub\fr\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-hub\de\strings.json]- [targetUID: 00000000-00006472]
"000004.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000004.log]- [targetUID: 00000000-00006248]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-hub\pt-PT\strings.json]- [targetUID: 00000000-00006472]
"f_0004dc" has type "Web Open Font Format (Version 2) TrueType length 52264 version 1.0"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004dc]- [targetUID: 00000000-00000824]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-hub\es\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-hub\it\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-hub\pt-BR\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-hub\nl\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-hub\sv\strings.json]- [targetUID: 00000000-00006472]
"f_0004d8" has type "gzip compressed data was "asmcrypto_9c90f27443fbdb85519985333a8b00c3cff0e10a2753955f41890342d64362f7.js" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 443062"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d8]- [targetUID: 00000000-00000824]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-hub\id\strings.json]- [targetUID: 00000000-00006472]
"QuotaManager" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager]- [targetUID: 00000000-00006248]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-hub\en-GB\strings.json]- [targetUID: 00000000-00006472]
"f_0004d0" has type "gzip compressed data was "mega-11_14d3c5aea576d5f147ddcd31cbdcd953ab18601a7b2eed72f67666ba9e7cefe1.js" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 275264"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d0]- [targetUID: 00000000-00000824]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-hub\zh-Hant\strings.json]- [targetUID: 00000000-00006472]
"Cookies" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\Cookies]- [targetUID: 00000000-00000824]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-hub\zh-Hans\strings.json]- [targetUID: 00000000-00006472]
"sslkey.txt" has type "ASCII text"- Location: [%TEMP%\sslkey.txt]- [targetUID: 00000000-00006248]
"Favicons" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Favicons]- [targetUID: 00000000-00006248]
"checkoutdata.json" has type "JSON data"- [targetUID: N/A]
"f_0004d5" has type "gzip compressed data was "mega-4_bc97e2f19f835abbb8d60df9262cea8279d65519f6350f73b8675a19c2925228.css" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 258841"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d5]- [targetUID: 00000000-00000824]
"LICENSE" has type "ASCII text"- Location: [%TEMP%\6248_2030756280\Mu\LICENSE]- [targetUID: 00000000-00006248]
"f_0004db" has type "PNG image data 160 x 7432 8-bit colormap non-interlaced"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004db]- [targetUID: 00000000-00000824]
"Vpn Tokens" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Vpn Tokens]- [targetUID: 00000000-00006248]
"shopping_iframe_driver.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\6248_441698199\shopping_iframe_driver.js]- [targetUID: 00000000-00006472]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log]- [targetUID: 00000000-00004280]
"Session_13336953182143667" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sessions\Session_13336953182143667]- [targetUID: 00000000-00006248]
"Advertising" has type "ASCII text"- Location: [%TEMP%\6248_2030756280\Mu\Advertising]- [targetUID: 00000000-00000824]
"LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\35\scoped_dir6248_1328562368\LICENSE]- [targetUID: 00000000-00006248]
"f_0004ce" has type "gzip compressed data was "mega-2_b9af64a42e505c344b4497dcc8a503196e2543cda742df99ccb9523b240206a2.css" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 213765"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004ce]- [targetUID: 00000000-00000824]
"wallet-tokenization-config.json" has type "ASCII text"- Location: [%TEMP%\6248_441698199\json\wallet\wallet-tokenization-config.json]- [targetUID: 00000000-00006472]
"da0b4eff-e1bd-4bc4-bd85-c224dad46669.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\da0b4eff-e1bd-4bc4-bd85-c224dad46669.tmp]- [targetUID: 00000000-00006248]
"5d7f87e0-3feb-43bd-934e-8052d69f29b3.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"543f894b-201f-4872-bf84-f00b8f2cf58b.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\543f894b-201f-4872-bf84-f00b8f2cf58b.tmp]- [targetUID: 00000000-00006248]
"9177c79a-bb1f-4fdd-8ac6-5b512db0ff07.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\9177c79a-bb1f-4fdd-8ac6-5b512db0ff07.tmp]- [targetUID: 00000000-00006248]
"83fedac1-3d53-4a6b-9439-a97e3f491d50.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\83fedac1-3d53-4a6b-9439-a97e3f491d50.tmp]- [targetUID: 00000000-00006248]
"7bf420be-c787-4dfe-bfaa-6a24baa60bde.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\7bf420be-c787-4dfe-bfaa-6a24baa60bde.tmp]- [targetUID: 00000000-00006248]
"crl-set" has type "data"- Location: [%TEMP%\6248_1504514695\crl-set]- [targetUID: 00000000-00006248]
"f_0004da" has type "gzip compressed data was "sprites-fm-illustration-sprite-wide.b2880201cd454091.svg" last modified: Fri Aug 18 05:15:27 2023 max compression from Unix original size modulo 2^32 68809"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004da]- [targetUID: 00000000-00000824]
"super_coupon.json" has type "JSON data"- [targetUID: N/A]
"Shortcuts" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Shortcuts]- [targetUID: 00000000-00006248]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-ec\ru\strings.json]- [targetUID: 00000000-00006472]
"arbitration_service_config.json" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\arbitration_service_config.json]- [targetUID: 00000000-00006248]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-ec\ar\strings.json]- [targetUID: 00000000-00006472]
"Entities" has type "ASCII text"- Location: [%TEMP%\6248_2030756280\Sigma\Entities]- [targetUID: 00000000-00000824]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-ec\ja\strings.json]- [targetUID: 00000000-00006472]
"load-ec-i18n.bundle.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-ec\fr-CA\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-ec\fr\strings.json]- [targetUID: 00000000-00006472]
"driver-signature.txt" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\6248_441698199\driver-signature.txt]- [targetUID: 00000000-00006472]
"WebAssistDatabase" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\WebAssistDatabase]- [targetUID: 00000000-00006248]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-ec\de\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-ec\pt-PT\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-ec\es\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-ec\it\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-ec\pt-BR\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-ec\nl\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-ec\id\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-ec\sv\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-ec\zh-Hant\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-ec\en-GB\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-ec\zh-Hans\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- [targetUID: 00000000-00006472]
"temp-index" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index]- [targetUID: 00000000-00006248]
"bnpl_driver.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\6248_441698199\bnpl_driver.js]- [targetUID: 00000000-00006472]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log]- [targetUID: 00000000-00004280]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-shared-components\de\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-shared-components\pt-BR\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-shared-components\sv\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-notification-shared\ru\strings.json]- [targetUID: 00000000-00006472]
"Content" has type "ASCII text"- Location: [%TEMP%\6248_2030756280\Mu\Content]- [targetUID: 00000000-00000824]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-notification-shared\ar\strings.json]- [targetUID: 00000000-00006472]
"000004.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Session Storage\000004.log]- [targetUID: 00000000-00006248]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-notification-shared\ja\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-notification-shared\fr\strings.json]- [targetUID: 00000000-00006472]
"mini-wallet.html" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-notification-shared\de\strings.json]- [targetUID: 00000000-00006472]
"Staging" has type "ASCII text"- Location: [%TEMP%\6248_2030756280\Sigma\Staging]- [targetUID: 00000000-00000824]
"2a0afd649b00527b_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2a0afd649b00527b_0]- [targetUID: 00000000-00006248]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-notification-shared\pt-PT\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-notification-shared\es\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-notification-shared\it\strings.json]- [targetUID: 00000000-00006472]
"f473d03c-ad93-4b7f-be28-c81e9fba21b3.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\f473d03c-ad93-4b7f-be28-c81e9fba21b3.tmp]- [targetUID: 00000000-00000824]
"f616ca1e-8e21-471f-9c86-724f9753daa4.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\f616ca1e-8e21-471f-9c86-724f9753daa4.tmp]- [targetUID: 00000000-00000824]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-notification-shared\nl\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-notification-shared\pt-BR\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-notification-shared\id\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-notification-shared\sv\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-notification-shared\zh-Hant\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-notification-shared\en-GB\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-notification-shared\zh-Hans\strings.json]- [targetUID: 00000000-00006472]
"notification_fast.html" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]
"notification.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\6248_441698199\Notification\notification.html]- [targetUID: 00000000-00006248]
"2a0afd649b00527b_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2a0afd649b00527b_1]- [targetUID: 00000000-00006248]
"Analytics" has type "ASCII text"- Location: [%TEMP%\6248_2030756280\Mu\Analytics]- [targetUID: 00000000-00000824]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-mobile-hub\ru\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-mobile-hub\ar\strings.json]- [targetUID: 00000000-00006472]
"edge_autofill_global_block_list.json" has type "JSON data"- Location: [%TEMP%\6248_2127725966\edge_autofill_global_block_list.json]- [targetUID: 00000000-00006248]
"Social" has type "ASCII text"- Location: [%TEMP%\6248_2030756280\Sigma\Social]- [targetUID: 00000000-00000824]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-mobile-hub\ja\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-tokenized-card\ru\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-mobile-hub\fr\strings.json]- [targetUID: 00000000-00006472]
"896750f5-c77d-4c19-89f3-32a746fa18e2.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\896750f5-c77d-4c19-89f3-32a746fa18e2.tmp]- [targetUID: 00000000-00000824]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-mobile-hub\de\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-mobile-hub\pt-PT\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-mobile-hub\nl\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-mobile-hub\id\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-mobile-hub\it\strings.json]- [targetUID: 00000000-00006472]
"71e8ad6b-e051-4507-924e-a378890c766c.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\71e8ad6b-e051-4507-924e-a378890c766c.tmp]- [targetUID: 00000000-00000824]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-mobile-hub\es\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-mobile-hub\pt-BR\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-mobile-hub\sv\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-mobile-hub\en-GB\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-mobile-hub\zh-Hans\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-mobile-hub\zh-Hant\strings.json]- [targetUID: 00000000-00006472]
"f6a4f247dbf4d697c26b375e3580d6053baf25f5.tbres" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\TokenBroker\Cache\f6a4f247dbf4d697c26b375e3580d6053baf25f5.tbres]- [targetUID: 00000000-00006248]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-tokenized-card\ja\strings.json]- [targetUID: 00000000-00006472]
"adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\6248_1777281347\adblock_snippet.js]- [targetUID: 00000000-00006248]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-tokenized-card\es\strings.json]- [targetUID: 00000000-00006472]
"urlref_httpsmega.nzfileCv4jyTQY#h_JBKVoerUcplsC0VJzdVDJR2LMxfDbjs0xMs4aQuO0" has type "HTML document ASCII text"- [targetUID: N/A]
"runtime.bundle.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\6248_441698199\runtime.bundle.js]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-tokenized-card\sv\strings.json]- [targetUID: 00000000-00006472]
"wallet-crypto.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\6248_441698199\wallet-crypto.html]- [targetUID: 00000000-00006472]
"wallet.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\6248_441698199\wallet.html]- [targetUID: 00000000-00006472]
"wallet-drawer.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\6248_441698199\Wallet-Checkout\wallet-drawer.html]- [targetUID: 00000000-00006248]
"vendor.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\6248_441698199\vendor.bundle.js.LICENSE.txt]- [targetUID: 00000000-00006472]
"wallet-drawer.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"bnpl.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\6248_441698199\bnpl\bnpl.bundle.js.LICENSE.txt]- [targetUID: 00000000-00006472]
"Fingerprinting" has type "ASCII text"- Location: [%TEMP%\6248_2030756280\Mu\Fingerprinting]- [targetUID: 00000000-00000824]
"tokenized-card.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\6248_441698199\Tokenized-Card\tokenized-card.html]- [targetUID: 00000000-00006248]
"bnpl.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\6248_441698199\bnpl\bnpl.html]- [targetUID: 00000000-00006472]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log]- [targetUID: 00000000-00004280]
"load-hub-i18n.bundle.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\6248_441698199\load-hub-i18n.bundle.js]- [targetUID: 00000000-00006472]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log]- [targetUID: 00000000-00004280]
"tokenized-card.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"Cryptomining" has type "ASCII text"- Location: [%TEMP%\6248_2030756280\Mu\Cryptomining]- [targetUID: 00000000-00000824]
"Advertising" has type "ASCII text"- Location: [%TEMP%\6248_2030756280\Sigma\Advertising]- [targetUID: 00000000-00000824]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000003.log]- [targetUID: 00000000-00004280]
"hub-signature.txt" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\6248_441698199\hub-signature.txt]- [targetUID: 00000000-00006472]
"CompatExceptions" has type "ASCII text"- Location: [%TEMP%\6248_2030756280\Mu\CompatExceptions]- [targetUID: 00000000-00000824]
"wallet-notification-config.json" has type "ASCII text"- Location: [%TEMP%\6248_441698199\json\wallet\wallet-notification-config.json]- [targetUID: 00000000-00006472]
"Social" has type "ASCII text"- Location: [%TEMP%\6248_2030756280\Mu\Social]- [targetUID: 00000000-00000824]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG]- [targetUID: 00000000-00004280]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG]- [targetUID: 00000000-00004280]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG]- [targetUID: 00000000-00004280]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Platform Notifications\LOG]- [targetUID: 00000000-00004280]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG]- [targetUID: 00000000-00004280]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG]- [targetUID: 00000000-00004280]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG]- [targetUID: 00000000-00004280]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG]- [targetUID: 00000000-00004280]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG]- [targetUID: 00000000-00004280]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\LOG]- [targetUID: 00000000-00004280]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Extension State\LOG]- [targetUID: 00000000-00004280]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Session Storage\LOG]- [targetUID: 00000000-00004280]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG]- [targetUID: 00000000-00004280]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\File System\000\p\Paths\LOG]- [targetUID: 00000000-00004280]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\File System\000\t\Paths\LOG]- [targetUID: 00000000-00004280]
"notification_fast.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\File System\Origins\LOG]- [targetUID: 00000000-00004280]
"settings.dat" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Crashpad\settings.dat]- [targetUID: 00000000-00006248]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\File System\000\p\Paths\000003.log]- [targetUID: 00000000-00004280]
"regex_patterns.json" has type "JSON data"- Location: [%TEMP%\6248_2127725966\regex_patterns.json]- [targetUID: 00000000-00006248]
"1238e9b4bffe7e31_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\1238e9b4bffe7e31_0]- [targetUID: 00000000-00006248]
"Fingerprinting" has type "ASCII text"- Location: [%TEMP%\6248_2030756280\Sigma\Fingerprinting]- [targetUID: 00000000-00000824]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\6248_1450284276\manifest.json]- [targetUID: 00000000-00006472]
"manifest.json" has type "JSON data"- Location: [%TEMP%\6248_2030756280\manifest.json]- [targetUID: 00000000-00006472]
"cv_debug.log" has type "JSON data"- Location: [%TEMP%\cv_debug.log]- [targetUID: 00000000-00006248]
"Analytics" has type "ASCII text"- Location: [%TEMP%\6248_2030756280\Sigma\Analytics]- [targetUID: 00000000-00000824]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\6248_441698199\manifest.json]- [targetUID: 00000000-00006472]
"crypto.bundle.js" has type "ASCII text with no line terminators"- Location: [%TEMP%\6248_441698199\crypto.bundle.js]- [targetUID: 00000000-00006472]
"Last Browser" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Last Browser]- [targetUID: 00000000-00006248]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\6248_2127725966\manifest.json]- [targetUID: 00000000-00006472]
"manifest.json" has type "JSON data"- Location: [%TEMP%\6248_1777281347\manifest.json]- [targetUID: 00000000-00006472]
"manifest.json" has type "JSON data"- Location: [%TEMP%\6248_1504514695\manifest.json]- [targetUID: 00000000-00006472]
"TransparentAdvertisers" has type "ASCII text"- Location: [%TEMP%\6248_2030756280\Mu\TransparentAdvertisers]- [targetUID: 00000000-00006248]
"temp-index" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index]- [targetUID: 00000000-00006248]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\File System\Origins\000003.log]- [targetUID: 00000000-00004280]
"README.md" has type "ASCII text"- [targetUID: N/A]
"Variations" has type "JSON data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Variations]- [targetUID: 00000000-00006248]
"Other" has type "ASCII text"- Location: [%TEMP%\6248_2030756280\Sigma\Other]- [targetUID: 00000000-00000824]
"manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\6248_2127725966\manifest.fingerprint]- [targetUID: 00000000-00006248]
"manifest.fingerprint" has type "ASCII text with no line terminators"- [targetUID: 00000000-00006248]
"LICENSE" has type "ASCII text with no line terminators"- Location: [%TEMP%\6248_2030756280\Sigma\LICENSE]- [targetUID: 00000000-00006248]
"manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\6248_1450284276\manifest.fingerprint]- [targetUID: 00000000-00006248]
".ses" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]
"MANIFEST-000001" has type "PGP Secret Key -"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001]- [targetUID: 00000000-00006248]
"app-setup.js" has type "ASCII text with no line terminators"- Location: [%TEMP%\6248_441698199\Wallet-Checkout\app-setup.js]- [targetUID: 00000000-00006472]
"Content" has type "ASCII text"- Location: [%TEMP%\6248_2030756280\Sigma\Content]- [targetUID: 00000000-00000824]
"Other" has type "ASCII text"- Location: [%TEMP%\6248_2030756280\Mu\Other]- [targetUID: 00000000-00000824]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log]- [targetUID: 00000000-00004280]
"Cryptomining" has type "ASCII text"- Location: [%TEMP%\6248_2030756280\Sigma\Cryptomining]- [targetUID: 00000000-00000824]
".usage" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\File System\000\t\.usage]- [targetUID: 00000000-00006248]
"MANIFEST-000001" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001]- [targetUID: 00000000-00006248]
"000001.dbtmp" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\File System\000\p\Paths\000001.dbtmp]- [targetUID: 00000000-00006248]
"Last Version" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Last Version]- [targetUID: 00000000-00006248]
"strings.json" has type "ASCII text with no line terminators"- [targetUID: 00000000-00006472]
"625a2d7a-654b-4d40-90cc-94ff216774e9.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\625a2d7a-654b-4d40-90cc-94ff216774e9.tmp]- [targetUID: 00000000-00006248]
"915e0d2f-cada-4631-a0b5-5c90815436fc.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\6248_1777281347\LICENSE]- [targetUID: 00000000-00006248]
"8715a31b-909e-47be-ad04-423810cb08e3.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\8715a31b-909e-47be-ad04-423810cb08e3.tmp]- [targetUID: 00000000-00006248]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-notification-shared\fr-CA\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "JSON data"- Location: [%TEMP%\6248_441698199\json\i18n-mobile-hub\fr-CA\strings.json]- [targetUID: 00000000-00006472]
"notification.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"miniwallet.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\6248_441698199\Mini-Wallet\miniwallet.bundle.js.LICENSE.txt]- [targetUID: 00000000-00006472]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\File System\000\t\Paths\000003.log]- [targetUID: 00000000-00004280]
"MANIFEST-000001" has type "PGP Secret Key -"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\File System\000\p\Paths\MANIFEST-000001]- [targetUID: 00000000-00006248]
"MANIFEST-000001" has type "PGP Secret Key -"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\File System\Origins\MANIFEST-000001]- [targetUID: 00000000-00006248]
"MANIFEST-000001" has type "PGP Secret Key -"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001]- [targetUID: 00000000-00006248]
"app-setup.js" has type "ASCII text with no line terminators"- Location: [%TEMP%\6248_441698199\app-setup.js]- [targetUID: 00000000-00006472]
"000001.dbtmp" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\File System\Origins\000001.dbtmp]- [targetUID: 00000000-00006248]
"000001.dbtmp" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp]- [targetUID: 00000000-00006248]
"000001.dbtmp" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\File System\000\t\Paths\000001.dbtmp]- [targetUID: 00000000-00006248]
"000001.dbtmp" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000001.dbtmp]- [targetUID: 00000000-00006248]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6248_441698199\json\i18n-notification\ru\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6248_441698199\json\i18n-notification\pt-BR\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6248_441698199\json\i18n-notification\es\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6248_441698199\json\i18n-notification\id\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6248_441698199\json\i18n-notification\it\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6248_441698199\json\i18n-notification\ja\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6248_441698199\json\i18n-notification\fr\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6248_441698199\json\i18n-notification\fr-CA\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6248_441698199\json\i18n-notification\de\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6248_441698199\json\i18n-notification\ar\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6248_441698199\json\i18n-notification\en-GB\strings.json]- [targetUID: 00000000-00006472]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6248_441698199\json\i18n-notification\sv\strings.json]- [targetUID: 00000000-00006472] - source
- Binary File
- relevance
- 3/10
- ATT&CK ID
- T1105 (Show technique in the MITRE ATT&CK™ matrix)
-
Drops a license file
- details
-
"vendor.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\6248_441698199\vendor.bundle.js.LICENSE.txt]- [targetUID: 00000000-00006472]
"wallet-drawer.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"bnpl.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\6248_441698199\bnpl\bnpl.bundle.js.LICENSE.txt]- [targetUID: 00000000-00006472]
"tokenized-card.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"notification_fast.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"notification.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"miniwallet.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\6248_441698199\Mini-Wallet\miniwallet.bundle.js.LICENSE.txt]- [targetUID: 00000000-00006472] - source
- Binary File
- relevance
- 1/10
- ATT&CK ID
- T1083 (Show technique in the MITRE ATT&CK™ matrix)
-
Dropped files
-
Network Related
-
Found mail related domain names
- details
-
Observed email domain:""colourpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""aepop.net"," [Source: wallet-pre-stable.json]
Observed email domain:""artpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""avenuepop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""bassettbmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""canvasmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""drinkolipop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""fashionfunpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""fastandloosebmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""flitebmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""fofopop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""gellipop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""gforcemx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""happipop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""hauzofpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""hiccapop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""hijabipop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""jellypop.la"," [Source: wallet-pre-stable.json]
Observed email domain:""kinkbmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""kloudkpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""knitpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""kpop.exchange"," [Source: wallet-pre-stable.json]
Observed email domain:""laperlamx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""lovepop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""lullipop.com"," [Source: wallet-pre-stable.json] - source
- File/Memory
- relevance
- 1/10
- ATT&CK ID
- T1071.003 (Show technique in the MITRE ATT&CK™ matrix)
-
Found potential URL in binary/memory
- details
-
Pattern match: "https://mega.nz/file/Cv4jyTQY#h_JBKVoerUcplsC0VJzdVDJR2LMxfDbjs0xMs4aQuO0"
Pattern match: "https://mega.nz"
Pattern match: "mega.nz/file/Cv4jyTQY#h_JBKVoerUcplsC0VJzdVDJR2LMxfDbjs0xMs4aQuO0https://mega.nz/file/Cv4jyTQY#h_JBKVoerUcplsC0VJzdVDJR2LMxfDbjs0xMs4aQuO0visitsurlsG==4c4828d9-af71-49f9-b06f-028c1a782a14%USERPROFILE%\Downloads\VC_redist.x64.exeC:\Users\%USERNAME%\Download"
Pattern match: "search.yahoo.com/favicon.icohttps://search.yahoo.com/search{google:pathWildcard}?ei={inputEncoding}&fr=crmas_sfp&p={searchTerms}UTF-8https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command={searchTerms}485bf7d3-0215-45af-87dc-53886800000"
Pattern match: "https://ntp.msn.com/edge/ntp?locale=en&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531edge://settings/profileskeygjgieestate_{edge://settingsedge://settings/edge://settings/?search=smartkeygr10nmstate_{edge://settingsedge://settings/?search=smartedge"
Pattern match: "M32T.JBV/sHxn\JNy-|@Vbz5X#{'C9!j43t4]-;lQ\B4E85WoQu]1+R05t$mmuM8Z1;BXNJ6g"
Pattern match: "NRS.sj/xNO"
Pattern match: "7NI.fO/RSQ0i0"
Pattern match: "CGvSH.UIEf/%0r5D58@`UNr|+lx/n8$QTWRkor.4"
Pattern match: "https://ntp.www.office.com&_https://ntp.msn.comCookieSyncExpiry'_https://ntp.msn.comDefaultFeedPolicy_https://ntp.msn.comGpuExist/_https://ntp.msn.comNOTIFICATION_CACHE_LS_KEY_https://ntp.msn.combkgdV+_https://ntp.msn.combreakingNewsDismissed"
Pattern match: "dCR.gCR/hCv7$_.y`r;cV94u3k"
Pattern match: "mega.nz/defaulthttps://www.office.com/defaulthttps://ntp.msn.com/defaultmega.nzwww.office.comntp.msn.comiZd-https://mega.nz/mega.nzdefaultiZd-Ehttps://ntp.msn.com/ntp.msn.comdefaulthttps://www.office.com/www.office.comdefaultbuckets"
Pattern match: "www.clarity.msCLIDv10"
Pattern match: "mega.nz/file/Cv4jyTQY#h_JBKVoerUcplsC0VJzdVDJR2LMxfDbjs0xMs4aQuO09https://ntp.msn.com/edge/ntp?locale=en&title=New+tab&dsp=1&sp=Bing&startpage=1&PC=U531]=https://ntp.msn.com/edge/ntp?locale=en&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531U-https://ntp."
Pattern match: "github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.4.7/npp.8.4.7.portable.x64.7zhttps://objects.githubusercontent.com/github-production-release-asset-2e65be/33014811/42d9bc38-89f0-48d8-94ec-d1f3649d2fc3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-A"
Pattern match: "https://mega.nz/file/Cv4jyTQY#h_JBKVoerUcplsC0VJzdVDJR2LMxfDbjs0xMs4aQuO0subpage9file/Cv4jyTQY#h_JBKVoerUcplsC0VJzdVDJR2LMxfDbjs0xMs4aQuO0{https://mega.nzhttps://mega.nzhttps://mega.nz/file/Cv4jyTQY#h_JBKVoerUcplsC0VJzdVDJR2LMxfDbjs0xMs4aQuO0https://mega."
Pattern match: "avocet.io/aprecision.net/adpdealerservices.com/nuffnang.com.my/demdex.net/augur.io/cmmeglobal.com/adrolays.com/atrinsic.com/acuityads.com/wishabi.net/admedia.com/vertamedia.com/adworx.at/2leep.com/globe7.com/awaps.yandex.ru/i-behavior.com/reklamstore.com/m"
Pattern match: "https://github.com/easylist"
Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE53r3l?ver=5412,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE53bta?ver=2bf3,update_period:86400},creativeId:128000000003595"
Pattern match: "https://www.coupert.com"
Pattern match: "mega.nz/file/Cv4jyTQY#h_JBKVoerUcplsC0VJzdVDJR2LMxfDbjs0xMs4aQuO0https://mega.nz/file/Cv4jyTQY#h_JBKVoerUcplsC0VJzdVDJR2LMxfDbjs0xMs4aQuO0d0amega"
Pattern match: "http://www.w3.org/2000/svg,svg"
Pattern match: "https://ntp.msn.com/REG:https://ntp.msn.com/https://ntp.msn.com/edge/ntp.https://ntp.msn.com/edge/ntp/service-worker.js"
Pattern match: "google.as/cambio.com/chrome.google.com/theboombox.com/baynote.com/aolanswers.com/tidaltv.com/disqus.com/heyzap.com/google.com.au/google.co.id/google.kg/google.co.ve/google.nr/yahoo.com/autoblog.com/feedproxy.google.com/s-msn.com/mandatory.com/noisecreep.co"
Pattern match: "https://googleads.g.doubleclick.net/next-map-idQnamespace-3bbc91a6_51d0_4200_9fa7_2e3ec0fddf25-https://tpc.googlesyndication.com/34U"
Pattern match: "cmail26.com/indexww.com/mkt5654.com/snapchat.com/mgid.com/zendable.com/mkt3798.com/adsafety.net/technical-service.net/hybrid.ai/contentsquare.net/mkt32.net/helpscout.net/admanmedia.com/mkt8756.com/dmxleo.com/mkt9430.com/basis.net/mailstat.us/mkt7832.com/bf"
Pattern match: "https://www.clarity.ms,supports_spdy:true},{anonymization:[],server:https://microsoftedgewelcome.microsoft.com,supports_spdy:true},{anonymization:[],server:https://edgefrecdn.azureedge.net,supports_spdy:true},{anonymization:[],server"
Pattern match: "mega.nz/sw.js?v=1printwarnerrorQd&ytoISOString"
Pattern match: "acxiom.com/atinternet.com/hitslink.com/mm7.net/go-mpulse.net/retailautomata.com/free-pagerank.com/amplitude.com/i-stats.com/dl-rms.com/enquisite.com/p.brsrvr.com/onestat.com/lyris.com/alexametrics.com/inboundwriter.com/awio.com/betssonpalantir.com/xiti.com"
Pattern match: "autofill.account.microsoft.com/,type"
Pattern match: "emaillabs.co/open.mkt4477.com/open.mkt10008.com/open.mkt6917.com/open.mkt1946.com/convertkit-mail5.com/social-tracker.msedgedemo.example/open.mkt8062.com/open.mkt8008.com/open.mkt6316.com/m3651.net/open.mkt6793.com/open.mkt3838.com/open.mkt4158.com/eds5.ma"
Pattern match: "http://www.w3.org/1999/xhtml"
Pattern match: "jedwatson.github.io/classnames"
Pattern match: "https://github.com/focus-trap/tabbable/blob/master/LICENSE"
Pattern match: "ad-maven.com/appcast.io/leadlander.com/affasi.com/clixtell.com/adgainersolutions.com/franecki.net/pixanalytics.com/wrethicap.info/ismatlab.com/y-track.com/ecsanalytics.com/albacross.com/bgclck.me/lptracker.io/ze-fir.com/eyereturn.com/bitmedia.io/azetklik.s"
Pattern match: "https://github.com/jsstyles/css-vendor"
Pattern match: "anybest.site/webmine.pro/jsecoin.com/flightzy.bid/nerohut.com/flightsy.bid/coinpot.co/yololike.space/flightzy.win/zymerget.bid/bitcoin-pay.eu/freecontent.stream/authedwebmine.cz/zymerget.faith/hostingcloud.racing/mineralt.io/dinorslick.icu/coinhive.com/bms"
Pattern match: "ufpcdn.com/vdx.tv/ebaystatic.com/ad4m.at/00px.net/warumbistdusoarm.space/ownpage.fr/smct.io/ansira.com/photorank.me/fengkongcloud.com/vtex.com.br/vocento.com/ie8eamus.com/flocktory.com/justpremium.com/dynata.com/stripst.com/adskeeper.com/curalate.com/vptms"
Pattern match: "auth.adobe.com/^/horizonte.browserapps.amazon.com/^/horizonte.browserapps.amazon.de/^/horizonte.browserapps.amazon.ca/^/acrobatservices.adobe.com/^/signin.aws.amazon.com/^/horizonte-browserapps.amazon.com.br/^/zendesk.com/^/my.salesforce.com/^/disqus.com/^"
Pattern match: "mail.google.com/apps.fbsbx.com/fb.com/developers.google.com/friendfeed.com/social-tracker.msedgedemo.example/googlemail.com/facebook.com/plus.google.com/fbsbx.com/voice.google.com/facebook.de/facebook.fr/wave.google.com/twimg.com/orkut.com/twitter.jp/gmail"
Pattern match: "assets.db/MANIFEST-0000012023/08/19-14:13:10.351"
Pattern match: "mega.nz/secureboot.js?r=1692335554"
Pattern match: "zadn.vn/ansira.com/fcmatch.google.com/origo.hu/fcmatch.youtube.com/refersion.com/flocktory.com/vtex.com.br/rqtrk.eu/vocento.com/fingerprinter.msedgedemo.example/"
Pattern match: "gimbal.com/thirdwatch.ai/fndrsp.net/analytics-tracker.msedgedemo.example/cuebiq.com/inrix.com/zoominfo.com/clarity.ms/"
Pattern match: "microsoftedgeinsider.com/Fabrikam^microsoftedgeinsider.com/VanArsdel^microsoftedgeinsider.com/"
Pattern match: "fcmatch.youtube.com/fcmatch.google.com/other-tracker.msedgedemo.example/"
Heuristic match: "arc.msn.com"
Heuristic match: "g.api.mega.co.nz"
Heuristic match: "mega.nz"
Heuristic match: "na.static.mega.co.nz"
Pattern match: "https://reactjs.org/docs/error-decoder.html?invariant=+e,o=1;o"
Pattern match: "http://www.w3.org/2000/svg"
Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"
Pattern match: "http://www.w3.org/2000/svg};class"
Pattern match: "www.klarna.com"
Pattern match: "www.google.com"
Pattern match: "www.gstatic.com"
Pattern match: "www.transunion.com"
Pattern match: "www.googletagmanager.com"
Pattern match: "www.facebook.com"
Pattern match: "www.googleadservices.com"
Pattern match: "www.gap.com"
Pattern match: "www.gapfactory.com"
Pattern match: "www2.hm.com"
Pattern match: "www.gapcanada.ca"
Pattern match: "www2.factoryoutletstore.com"
Pattern match: "www2.invoicecloud.com"
Pattern match: "www1.ussailing.org"
Pattern match: "www2.doggysuperfoods.com"
Pattern match: "www1.agenciatributaria.gob.es"
Pattern match: "www9.agenciatributaria.gob.es"
Pattern match: "www.vaxvacationaccess.com"
Pattern match: "www2.promap.co.uk"
Pattern match: "www2.correios.com.br"
Pattern match: "www2.stanlycountync.gov"
Pattern match: "www2.registerblast.com"
Pattern match: "www5.maine.gov"
Pattern match: "www2.haircarerefined.com"
Pattern match: "www2.tonyprotein.com"
Pattern match: "www2.vinesse.com"
Pattern match: "www5.ibackup.com"
Pattern match: "www3.thedatabank.com"
Pattern match: "www2.helminc.com"
Pattern match: "www2.unifyhealthlabs.com"
Pattern match: "www3.benefitsolver.com"
Pattern match: "www1.nobexpartners.com"
Pattern match: "www6.agenciatributaria.gob.es"
Pattern match: "www2.kintsugihair.com"
Pattern match: "www2.lectinblocker.com"
Pattern match: "www1.hhrd.org"
Pattern match: "www6.lifeatworkportal.com"
Pattern match: "www3.mutualofomaha.com"
Pattern match: "www3.masterwriter.com"
Pattern match: "www1.carey.com"
Pattern match: "www2.gundrymdtotalrestore.com"
Pattern match: "www2.ymtvacations.com"
Pattern match: "www2.invisicrepe.com"
Pattern match: "www2.americanprofessional.com"
Pattern match: "www2.ambrose.edu"
Pattern match: "www1.netfirms.com"
Pattern match: "www2.agenciatributaria.gob.es"
Pattern match: "www1.12cloudpayroll.com"
Pattern match: "www2.bwproducers.com"
Pattern match: "www2.bhdpanama.com"
Pattern match: "www2.fl-dcf.org"
Pattern match: "www3.sylectus.com"
Pattern match: "www1.iaproducers.com"
Pattern match: "www1.mydomain.com"
Pattern match: "www1.payroo.com"
Pattern match: "www40.polyu.edu.hk"
Pattern match: "www2.csebo.it"
Pattern match: "www3.subcontrataley.cl"
Pattern match: "www4.texashealth.org"
Pattern match: "www2.drmartypets.com"
Pattern match: "https://reactjs.org/docs/error-decoder.html?invariant=+e,i=1;i"
Pattern match: "https://aka.ms/EdgeSaveCardFAQ,gs.UseVirtualCardLearnMore=https://aka.ms/EdgeVirtualCardFAQ,gs.WalletSettings=edge://wallet/settings,gs.microsoftRewardsDashboardURL=https://rewards.microsoft.com/,gs.microsoftRewardsRedeemURL=https://rewards.microso" - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Found mail related domain names
-
Unusual Characteristics
-
Detected known bank URL artifact
- details
-
""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")
""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")
""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""beautiiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""beautyandwhiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""bellagracehealthscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""belleandbubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""beyondblessedscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""blingbykey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""boosted-luckey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""bowlingmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""burgeonbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")
""busybeescrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""cabbagekey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""coatsandscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""codenxtscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""cognitiontsscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""concreterosescrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com") - source
- File/Memory
- relevance
- 2/10
-
Detected known bank URL artifact
Session Details
No relevant data available.
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 24 processes in total.
-
rundll32.exe
"%WINDIR%\system32\ieframe.dll",OpenURL C:\sample.url
(PID: 6860)
-
msedge.exe
--single-argument https://mega.nz/file/Cv4jyTQY#h_JBKVoerUcplsC0VJzdVDJR2LMxfDbjs0xMs4aQuO0
(PID: 6248)
- msedge.exe --type=crashpad-handler "--user-data-dir=%LOCALAPPDATA%\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=%LOCALAPPDATA%\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=107.0.5304.110 "--annotation=exe=%PROGRAMFILES%\(x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=107.0.1418.56 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd8,0x7ffe0e6cb208,0x7ffe0e6cb218,0x7ffe0e6cb228 (PID: 7820)
- msedge.exe --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1936,i,7260232765260736748,9769924539334974941,131072 /prefetch:2 (PID: 6124)
- msedge.exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1936,i,7260232765260736748,9769924539334974941,131072 /prefetch:3 (PID: 824)
- msedge.exe --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1936,i,7260232765260736748,9769924539334974941,131072 /prefetch:8 (PID: 948)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --time-ticks-at-unix-epoch=-1692478499653070 --launch-time-ticks=1081256531 --mojo-platform-channel-handle=3028 --field-trial-handle=1936,i,7260232765260736748,9769924539334974941,131072 /prefetch:1 (PID: 1112)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --time-ticks-at-unix-epoch=-1692478499653070 --launch-time-ticks=1081649548 --mojo-platform-channel-handle=3012 --field-trial-handle=1936,i,7260232765260736748,9769924539334974941,131072 /prefetch:1 (PID: 1548)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3500 --field-trial-handle=1936,i,7260232765260736748,9769924539334974941,131072 /prefetch:8 (PID: 1664)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4984 --field-trial-handle=1936,i,7260232765260736748,9769924539334974941,131072 /prefetch:8 (PID: 2768)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5224 --field-trial-handle=1936,i,7260232765260736748,9769924539334974941,131072 /prefetch:8 (PID: 4964)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5184 --field-trial-handle=1936,i,7260232765260736748,9769924539334974941,131072 /prefetch:8 (PID: 7612)
- msedge.exe --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4132 --field-trial-handle=1936,i,7260232765260736748,9769924539334974941,131072 /prefetch:8 (PID: 4280)
- msedge.exe --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=4228 --field-trial-handle=1936,i,7260232765260736748,9769924539334974941,131072 /prefetch:8 (PID: 416)
- msedge.exe --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5848 --field-trial-handle=1936,i,7260232765260736748,9769924539334974941,131072 /prefetch:8 (PID: 1300)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1244 --field-trial-handle=1936,i,7260232765260736748,9769924539334974941,131072 /prefetch:8 (PID: 7320)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4212 --field-trial-handle=1936,i,7260232765260736748,9769924539334974941,131072 /prefetch:8 (PID: 5212)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4248 --field-trial-handle=1936,i,7260232765260736748,9769924539334974941,131072 /prefetch:8 (PID: 6740)
- msedge.exe --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.16299.192 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 --field-trial-handle=1936,i,7260232765260736748,9769924539334974941,131072 /prefetch:2 (PID: 6984)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6012 --field-trial-handle=1936,i,7260232765260736748,9769924539334974941,131072 /prefetch:8 (PID: 3692)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5616 --field-trial-handle=1936,i,7260232765260736748,9769924539334974941,131072 /prefetch:8 (PID: 5548)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5836 --field-trial-handle=1936,i,7260232765260736748,9769924539334974941,131072 /prefetch:8 (PID: 1680)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6056 --field-trial-handle=1936,i,7260232765260736748,9769924539334974941,131072 /prefetch:8 (PID: 6472)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6068 --field-trial-handle=1936,i,7260232765260736748,9769924539334974941,131072 /prefetch:8 (PID: 7620)
-
msedge.exe
--single-argument https://mega.nz/file/Cv4jyTQY#h_JBKVoerUcplsC0VJzdVDJR2LMxfDbjs0xMs4aQuO0
(PID: 6248)
Network Analysis
DNS Requests
Domain | Address | Registrar | Country |
---|---|---|---|
api.edgeoffer.microsoft.com
OSINT |
138.91.254.96
TTL: 1662 |
MarkMonitor, Inc.
Organization: Microsoft Corporation Name Server: NS1.MSFT.NET Creation Date: 1991-05-02T00:00:00 |
United States |
arc.msn.com
OSINT |
20.99.186.246
TTL: 2197 |
MarkMonitor, Inc.
Organization: Microsoft Corporation Name Server: NS1.MSFT.NET Creation Date: 1994-11-10T00:00:00 |
United States |
g.api.mega.co.nz
OSINT |
66.203.125.15
TTL: 513 |
- | United States |
mega.nz
OSINT |
31.216.145.5
TTL: 2 |
- | Luxembourg |
na.static.mega.co.nz
OSINT |
162.208.16.210
TTL: 302 |
- | United States |
self.events.data.microsoft.com
OSINT |
104.46.162.224
TTL: 12 |
MarkMonitor, Inc.
Organization: Microsoft Corporation Name Server: NS1.MSFT.NET Creation Date: 1991-05-02T00:00:00 |
United States |
Contacted Hosts
IP Address | Port/Protocol | Associated Process | Details |
---|---|---|---|
31.216.144.5 |
443
TCP |
msedge.exe PID: 824 |
Luxembourg |
138.91.254.96 |
443
TCP |
msedge.exe PID: 824 |
United States |
162.208.16.210 |
443
TCP |
msedge.exe PID: 824 |
United States |
66.203.125.15 |
443
TCP |
msedge.exe PID: 824 |
United States |
20.99.186.246 |
443
TCP |
msedge.exe PID: 824 |
United States |
104.46.162.224 |
443
TCP |
msedge.exe PID: 824 |
United States |
31.216.145.5 |
443
TCP |
msedge.exe PID: 824 |
Luxembourg |
Contacted Countries
HTTP Traffic
No relevant HTTP requests were made.
Suricata Alerts
Event | Category | Description | SID |
---|---|---|---|
local -> 104.124.157.216:80 (TCP) | Misc activity | ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent | 2027390 |
local -> 23.217.118.147:80 (TCP) | Misc activity | ET INFO Microsoft Connection Test | 2031071 |
local -> 104.124.157.216:80 (TCP) | Misc activity | ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent | 2027390 |
local -> 104.124.157.216:80 (TCP) | Misc activity | ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent | 2027390 |
local -> 138.91.171.81:80 (TCP) | Misc activity | ET INFO Windows OS Submitting USB Metadata to Microsoft | 2025275 |
local -> 138.91.171.81:80 (TCP) | Misc activity | ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent | 2027390 |
local -> 104.124.157.216:80 (TCP) | Misc activity | ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent | 2027390 |
local -> 138.91.171.81:80 (TCP) | Misc activity | ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent | 2027390 |
local -> 104.124.157.216:80 (TCP) | Misc activity | ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent | 2027390 |
local -> 138.91.171.81:80 (TCP) | Misc activity | ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent | 2027390 |
local -> 138.91.171.81:80 (TCP) | Misc activity | ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent | 2027390 |
local -> 138.91.171.81:80 (TCP) | Misc activity | ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent | 2027390 |
local -> 23.217.118.140:80 (TCP) | Misc activity | ET INFO Microsoft Connection Test | 2031071 |
local -> 8.8.8.8:53 (UDP) | Misc activity | ET INFO Observed DNS Query to Filesharing Service (mega .co .nz) | 2039584 |
local -> 8.8.8.8:53 (UDP) | Misc activity | ET INFO Observed DNS Query to Filesharing Service (mega .co .nz) | 2039584 |
Extracted Strings
Extracted Files
Displaying 50 extracted file(s). The remaining 287 file(s) are available in the full version and XML/JSON reports.
-
Informative Selection 50
-
-
434a7843-16ef-4a92-89df-bed5cd5e0545.tmp
- Size
- 62KiB (63949 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6248)
- MD5
- eb76d678276bf2134b2ed21f5d1a19d5
- SHA1
- 067b8326dbeb6286b7685616954ea9680d5c8646
- SHA256
- f1cc35cb8c1153af9fbf42497c8d19f6a4329e69473c241f8ce7299c1ad27012
-
781e3279-f59f-4574-8820-2545a8d24c06.tmp
- Size
- 63KiB (64064 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6248)
- MD5
- b748f20d63cc2e6e85c439ce1eab77dc
- SHA1
- d7a9023d32923de86c1eef398d546537b107e3d0
- SHA256
- 6937ba1073a29e81603ddd89faa2ac2cac931f9db230a791f890cffb84d09c89
-
7a8cfb9b-65fc-4c67-803e-e4a75d75fa19.tmp
- Size
- 62KiB (63973 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6248)
- MD5
- 83c13f586ae9d6cbdbdea18a60f7894a
- SHA1
- b7bf226b68c31ba134df487608681e5c4a8c19fa
- SHA256
- 84041bb3bbf353ea53d5b3f4149e9a1d924c0ee1c049299c59f454488fbef775
-
997def38-0946-48e4-a5a5-5a3850ef5b69.tmp
- Size
- 62KiB (63972 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6248)
- MD5
- 1847a6216a510c63220e14a0aebed540
- SHA1
- 981a5e5ae0637af17af4bfe1a146388ab094e87c
- SHA256
- d0a7b4828a7dbac905fd602090e1e6260efa1ea978ddf1f581eb88502aa8ac9e
-
6c02b05d-432a-4e36-8403-3da5975598c3.tmp
- Size
- 90KiB (92361 bytes)
- Type
- data
- Description
- JSON data
- Runtime Process
- msedge.exe (PID: 6248)
- MD5
- 2b49d9bccff9cfdfb2edb1c7a146d704
- SHA1
- 740dc78b77ffbafad60ff93c22a2251607975e32
- SHA256
- e7a407fb29bcddda8dad07c459534f777c5176e4157ab7cfaea0971e533952c4
-
settings.dat
- Size
- 280B (280 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6248)
- MD5
- ad0bc7a515cdef716546f1fe7dffce24
- SHA1
- 1211554ababfbadba842f3c900fdd9d76e3186a0
- SHA256
- ff788ad9260235970674c12b2c4faa4c1825b6cbe3b471b8de23ef1ae13b1a56
-
543f894b-201f-4872-bf84-f00b8f2cf58b.tmp
- Size
- 22KiB (22777 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6248)
- MD5
- 8b0ba043c82a662f348364815b876286
- SHA1
- af96fee154411155df5e8f4e422f414a58cebda4
- SHA256
- ec703bb55598bc6a9240392bc6f55d67e79975184ea9c37c3cba40f8425ea1ec
-
625a2d7a-654b-4d40-90cc-94ff216774e9.tmp
- Size
- 1B (1 bytes)
- Type
- unknown
- Description
- very short file (no magic)
- Runtime Process
- msedge.exe (PID: 6248)
- MD5
- 5058f1af8388633f609cadb75a75dc9d
- SHA1
- 3a52ce780950d4d969792a2559cd519d7ee8c727
- SHA256
- cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
-
7bf420be-c787-4dfe-bfaa-6a24baa60bde.tmp
- Size
- 22KiB (22749 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6248)
- MD5
- 68e3979301ca2c34cb4b0577cb17041e
- SHA1
- f5979dff66ed26ec4d52fb553ebeb2f32a5f6c69
- SHA256
- ef05c3effabcc2e661592357544a14b6fb6912d2117267c886398bbfd0fa886e
-
83fedac1-3d53-4a6b-9439-a97e3f491d50.tmp
- Size
- 22KiB (22749 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6248)
- MD5
- 98954caacf4f21e7039e4a6189564763
- SHA1
- 7d9b7b493e4489e02e59cd699119eeed7d12e7b2
- SHA256
- 42dd859d704badadec0f86b298c19b04ccaec5660e6a6dfd0967a7e3913a4b7e
-
8715a31b-909e-47be-ad04-423810cb08e3.tmp
- Size
- 23KiB (23095 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6248)
- MD5
- f22c9bcd670ae6717ca28415033e84e0
- SHA1
- a9eb975178533f798c431858a9a70822144f7a57
- SHA256
- c1da1331da6199cf5049a5159184fd078465a263c3eb58eb9891df98efbf11bc
-
9177c79a-bb1f-4fdd-8ac6-5b512db0ff07.tmp
- Size
- 22KiB (22749 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6248)
- MD5
- b85011b977a3b7bcf3ef4acd6a9441f7
- SHA1
- 9ae2c0b9a93e0e88beb602691cfd5db90ff362c6
- SHA256
- 6d15f199014d47ac9b89b4f8c06c6f524da5ceec0e93d63053ff9a62e73577bf
-
000001.dbtmp
- Size
- 16B (16 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- msedge.exe (PID: 6248)
- MD5
- 46295cac801e5d4857d09837238a6394
- SHA1
- 44e0fa1b517dbf802b18faf0785eeea6ac51594b
- SHA256
- 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
-
000003.log
- Size
- 33B (33 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 4280)
- MD5
- f27314dd366903bbc6141eae524b0fde
- SHA1
- 4714d4a11c53cf4258c3a0246b98e5f5a01fbc12
- SHA256
- 68c7ad234755b9edb06832a084d092660970c89a7305e0c47d327b6ac50dd898
-
LOG
- Size
- 309B (309 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- msedge.exe (PID: 4280)
- MD5
- 233178ad45c1c5254d77a201b426e242
- SHA1
- 079bfbd65aa6b11f817733dd618bf48a47e9073a
- SHA256
- 3a9d6ab9f0e97200b950aa3e4b37be45bca45cc4f17fb747001619af421cc1a2
-
MANIFEST-000001
- Size
- 41B (41 bytes)
- Type
- unknown
- Description
- PGP Secret Key -
- Runtime Process
- msedge.exe (PID: 6248)
- MD5
- 5af87dfd673ba2115e2fcf5cfdb727ab
- SHA1
- d5b5bbf396dc291274584ef71f444f420b6056f1
- SHA256
- f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
-
000003.log
- Size
- 420KiB (429679 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 4280)
- MD5
- 79c85c8a9d932713534b7e4d17fdfbc8
- SHA1
- e080e50e5fa96446a22a548a5fe25aa848dcc18f
- SHA256
- 6a36f95a978dc5e6a3c3bbb3f06407b080d6d4357e13b7fde8efb7eb5737ba36
-
LOG
- Size
- 335B (335 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- msedge.exe (PID: 4280)
- MD5
- 2a8b59630c3a802a49df2766158e2b7d
- SHA1
- 4af04e140427d63edeeaa0db0b8d91e4214954d2
- SHA256
- 55aa67154ac2af1d7ed74a1cea9d3aa09fa84fb227bbc4d8778d3516e4ed2dfe
-
data_0
- Size
- 116KiB (118784 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- 35486dd4c44499d60871596d9e901542
- SHA1
- 5384b8fb7f5c8e9b1b7c27d164b5d37057dc9165
- SHA256
- 48a7321248b3e0c320647d8bef5d6536b041da1e23af64e1e648ed801bf5497a
-
data_1
- Size
- 1.3MiB (1318912 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- 60f40253d4fdb4c0555f4ec128f53d86
- SHA1
- 1312fe30b333ca811f9df652806351bda2cb08d7
- SHA256
- ec1894c5fa9b7524f74d5ff9d86c6e054daa65e095ad3ac7e09bff2353b9b2f4
-
data_2
- Size
- 3MiB (3153920 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- 3f50401af3eec9da2f0770ce158240a8
- SHA1
- 3f3007a54268ffde190ea2418536b78c26a490c0
- SHA256
- 35f75629c3a3c27660cd47f5591049f731f7d4a988aeeca695c367dfd75bf75e
-
data_3
- Size
- 5MiB (5246976 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- 6c2ffe399189f9e27a465a8759aafbe5
- SHA1
- 3daae49e4ec259961d6d09d057a46e50742877d8
- SHA256
- 76341bbf5f2530070a99001581cba5ed1904e6cc01fb3affa748046ed2b0c147
-
f_0004ca
- Size
- 75KiB (76314 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, was "mega-1_d5aa2c92f86887a5185a82d1c422512eb9037d4b1fe4294e8151fc67d1fe3503.css", last modified: Fri Aug 18 05:15:27 2023, max compression, from Unix, original size modulo 2^32 475160
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- 4dfa67a180ed5d94d97edbb1244a9122
- SHA1
- fc5e7cf97d4d841a2e3567fa6bd9b410ecf40f0d
- SHA256
- df518aeb2cdc479e826afb10c36edfba90c81e9c8c123aeb7877d1baf02a4f26
-
f_0004cb
- Size
- 105KiB (107109 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, was "templates_0ae3d429ab30f80e555bffc257bf5e00c8edf173d347db5761689179a8d757b0.json", last modified: Fri Aug 18 05:15:27 2023, max compression, from Unix, original size modulo 2^32 761198
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- d01dc9b0e2e6e6d6bf9755ae7146650f
- SHA1
- 16da42addc332a7cedaac09aa12ffd247a980397
- SHA256
- 7ccd774dc262f96fd7c832408c3f88410dfb10b7a07893a0dae91dfd973227b6
-
f_0004cc
- Size
- 97KiB (99380 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, was "mega-8_921b8d5e81c87508ddc7fa07f4ba68362f9f1f378b6f77005c6e24f6d9b057d0.js", last modified: Fri Aug 18 05:15:27 2023, max compression, from Unix, original size modulo 2^32 504651
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- 85c049a38ed72a71ea51855599cbc634
- SHA1
- b9cfa1ff4902fcb396abf9d156300785d51eb4e6
- SHA256
- 4d417d28400bb66e35b24b3518f9fa3d2cdfbf7f9606946d4086318e36357333
-
f_0004ce
- Size
- 24KiB (24271 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, was "mega-2_b9af64a42e505c344b4497dcc8a503196e2543cda742df99ccb9523b240206a2.css", last modified: Fri Aug 18 05:15:27 2023, max compression, from Unix, original size modulo 2^32 213765
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- afbc6678812728cc85771e6f5b80c51f
- SHA1
- fd0224a69b10d62c77465f451ebbe1076e7c78c5
- SHA256
- 15b3c5ce319b990fe563a13bd5b9c46140caaed54027758954e455ee5b0da33b
-
f_0004cf
- Size
- 104KiB (106822 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, was "mega-10_ff8ad63e5e6a0e4978790d62ac8947134b7572d6849d4e643cbd3ae66c2f3e89.js", last modified: Fri Aug 18 05:15:27 2023, max compression, from Unix, original size modulo 2^32 521077
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- 249d47cd49894283670e6a4d31519e01
- SHA1
- 82187059997586072ea73a71546cdc75e129ebe2
- SHA256
- 2b9b9f653b310570ff046a5712138dcad5c2d50894b1275e762322eea7356834
-
f_0004d0
- Size
- 45KiB (46157 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, was "mega-11_14d3c5aea576d5f147ddcd31cbdcd953ab18601a7b2eed72f67666ba9e7cefe1.js", last modified: Fri Aug 18 05:15:27 2023, max compression, from Unix, original size modulo 2^32 275264
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- 9275fc353aaefe55a179ae3fe784e704
- SHA1
- e4e8059208674f17c1a4da895da42dc4ed601f77
- SHA256
- 996e36928448b8da944f64a3010577c154f8022484c4d59dcb6d29a6a7d53937
-
f_0004d1
- Size
- 89KiB (90763 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, was "mega-12_4676f4d1d44308d1e42f31250ea6fdbf6bad6c5a32bb02dbab9f62866b1725d9.js", last modified: Fri Aug 18 05:15:27 2023, max compression, from Unix, original size modulo 2^32 439256
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- c05d713dda1998a267dabd0c2927b195
- SHA1
- 85088ec0c2b404e367b7b9b5f9a0035c69e79177
- SHA256
- ac1b12b98be376026c2d3e7f6e0ea8cb8e54c965559556b5c2313e66e43c0613
-
f_0004d3
- Size
- 98KiB (100828 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, was "mega-13_abdf1f913f77eab267c5bce5f877b9756cf829176311eaca2c49cb172ff77d11.js", last modified: Fri Aug 18 05:15:27 2023, max compression, from Unix, original size modulo 2^32 519689
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- d12982a3c25ee189999140bc71c6b82e
- SHA1
- d7948a0634d19f66c61e80c003fb79b36039de51
- SHA256
- a5f1591fa9daa406656c675fa2c9a943fc4120f250ada15ea3156778341921ed
-
f_0004d4
- Size
- 72KiB (74049 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, was "mega-14_8a8ba0ed3765ec72dbb2a87892e07caa14e0c36bb68caf8e7852821d7011bfc4.js", last modified: Fri Aug 18 05:15:27 2023, max compression, from Unix, original size modulo 2^32 399724
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- 7bb6fdc722a5b18a4e90fe74c65cb5fa
- SHA1
- 51d93611b6d6003c91965669ad4566ffc8fde988
- SHA256
- 608da273fc4fa5106821f1cbf094bad8e154e764e0a2b1e3cdfeafafd0a0dd27
-
f_0004d5
- Size
- 39KiB (39761 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, was "mega-4_bc97e2f19f835abbb8d60df9262cea8279d65519f6350f73b8675a19c2925228.css", last modified: Fri Aug 18 05:15:27 2023, max compression, from Unix, original size modulo 2^32 258841
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- 8c09d6446452227c912a8649f26751dc
- SHA1
- 236539bf50ee2fa6f4c2528fc93a3aafbeccc529
- SHA256
- 1a5aeab28fa32edc9a22cd367a662d79ddf3cff2f51ebf564df1cc83164ba81a
-
f_0004d6
- Size
- 114KiB (116449 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, was "mega-15_0f80287fa5b32a23f46cd5aa9672882c4c4ea55c3d87768df9e3072de821ba5e.js", last modified: Fri Aug 18 05:15:27 2023, max compression, from Unix, original size modulo 2^32 523150
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- 796251483a4a0940b9fd0a4c1a73a7dd
- SHA1
- d29624021709b48c8a60d4bb1296993bc387c5c4
- SHA256
- aa8559b2ad6d6ad7c04141398f3110c934e80361ab026a939d14253ec8d6f091
-
f_0004d7
- Size
- 67KiB (68985 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, was "mega-16_3709d7940119b2ffa86ae6eb28da930ad3e87c642bbcf3b1bdb80628f172ef06.js", last modified: Fri Aug 18 05:15:27 2023, max compression, from Unix, original size modulo 2^32 322520
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- 9695f345aae1e56ccee1d00fd556c767
- SHA1
- 9d9efa18bf4868f6efe0de0c975d6f18b5c5adaa
- SHA256
- 5e8e3f7be20fc8b4c295712d8277411e47db5859dbe93058dc0f25180e1b7924
-
f_0004d8
- Size
- 49KiB (49762 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, was "asmcrypto_9c90f27443fbdb85519985333a8b00c3cff0e10a2753955f41890342d64362f7.js", last modified: Fri Aug 18 05:15:27 2023, max compression, from Unix, original size modulo 2^32 443062
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- 6adcd8606f3c6d2c92b1e016c649e6c0
- SHA1
- 227f194e6066148334b299f5cced8c15761512b8
- SHA256
- 6cc3afa7929c12c2ed83bcb1029c9ef5854b51051d0af57beddb305725cd16b0
-
f_0004d9
- Size
- 88KiB (90132 bytes)
- Type
- unknown
- Description
- Web Open Font Format (Version 2), TrueType, length 90132, version 2.655
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- 94676e314a869cea8b70fc6698cb2c48
- SHA1
- c681f9ea637011a45fa30e4750098dee378880d5
- SHA256
- 92090a2fc2ee13f67411a5e5778e3265e7401163c87beffa8e0392ccc765a8e8
-
f_0004da
- Size
- 22KiB (22186 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, was "sprites-fm-illustration-sprite-wide.b2880201cd454091.svg", last modified: Fri Aug 18 05:15:27 2023, max compression, from Unix, original size modulo 2^32 68809
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- e97c0db00298959b6c57d63fa6410324
- SHA1
- 46740f5166a16f5f6fbd484db92240f173970365
- SHA256
- 48e2e0a00890515509f9baf743834d849a023ed8a37c9e72af363ee144a6652d
-
f_0004db
- Size
- 30KiB (30699 bytes)
- Type
- img image
- Description
- PNG image data, 160 x 7432, 8-bit colormap, non-interlaced
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- c53c4b781f53b21562990926425abfd3
- SHA1
- fff91c4acd5d0c187ad634b79b2619dae9af58ad
- SHA256
- 1692f9c36f3aaa9d3e251a92fd2615b55d6f8e8e0bb286fa87184ecb4e20525c
-
f_0004dc
- Size
- 51KiB (52264 bytes)
- Type
- unknown
- Description
- Web Open Font Format (Version 2), TrueType, length 52264, version 1.0
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- 4f8fe2a60ee508c877fde59f066c40ae
- SHA1
- 39efdc657fa137b0cffe1fe1557f78dfee8dbc31
- SHA256
- a45cd34f1a3e9c0050fe3e91bdf867c7216271197d535ca45ae3eeb182d0f1e2
-
f_0004dd
- Size
- 97KiB (98881 bytes)
- Type
- img image
- Description
- PNG image data, 399 x 7652, 8-bit colormap, non-interlaced
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- 64835035649f645c21e6b9429095abc0
- SHA1
- bf1b3e56e9c8ee50d9414603933f3a1d263178c3
- SHA256
- a08d865c4c2c59e79d02513b9c92b236e3dbb510c46d4bdae21335fd8a615fae
-
f_0004de
- Size
- 69KiB (70369 bytes)
- Type
- img image
- Description
- PNG image data, 853 x 1363, 8-bit colormap, non-interlaced
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- d74c0efac1a9c59152b0325932d399f1
- SHA1
- a472eadb5b431a4ef40e78ed79eaed9bb8fc8135
- SHA256
- e8bedfbc203b2d09457d44a4ddfaadfb770d637e332f41487438fa9a7f5352f5
-
f_0004df
- Size
- 76KiB (77549 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, was "sprites-fm-uni-uni.f696ebae01108c3a.svg", last modified: Fri Aug 18 05:15:27 2023, max compression, from Unix, original size modulo 2^32 388767
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- ee225ce041397c90bd3752d3c53a0880
- SHA1
- 68a194b1bc757de996e35d91ecb08e829a74aecd
- SHA256
- 9cfbec9d71464a34d35a077153cdce182cbdcb7c82815a25722f0f5b08938c09
-
f_0004e0
- Size
- 180KiB (184076 bytes)
- Type
- unknown
- Description
- Web Open Font Format (Version 2), TrueType, length 184076, version 2.983
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- 8b4f872c5de19974857328d06d3fe48f
- SHA1
- 32092efbd7938af900e99d63cf25db246c6bff26
- SHA256
- 30f77a5ff0bcba46d4e760b0c939a5ff112da0d3ddd13a261834134e00cc21c7
-
f_0004e1
- Size
- 178KiB (182708 bytes)
- Type
- unknown
- Description
- Web Open Font Format (Version 2), TrueType, length 182708, version 2.983
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- bd03a2cc277bbbc338d464e679fe9942
- SHA1
- cbff48bce12e71565156bb331b0c9979746a5680
- SHA256
- 983b0caf336e8542214fc17019a4fc5e0360864b92806ca14d55c1fc1c2c5a0f
-
1238e9b4bffe7e31_0
- Size
- 196B (196 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6248)
- MD5
- e11885c02c39968a8c2a4c78a461749d
- SHA1
- 9fd3b6fcddbec0549665bcadf09af9ff0159d065
- SHA256
- 5b2212704c00b1becaf31e437350ef6ca30d4a18574790d8bf4d3d019cab5d92
-
temp-index
- Size
- 12KiB (11976 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6248)
- MD5
- 0c384802819908ef0407357b2e4f5ee0
- SHA1
- 1cb72abb3517f55b7c8deddab7dd821044e3e093
- SHA256
- a7dbf60cad7249cfb049108f037060a5b764b5711a35884b1135189df6316be0
-
data_1
- Size
- 264KiB (270336 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 824)
- MD5
- 5ad781c5f26069c3277ce0d67bd8f173
- SHA1
- 184482567923d8b5fa398d9ef72256b4ffde3f44
- SHA256
- c339c9290c55d0794b9de1ec62f0a672b9a1a7957907dd55f7cc9122aea92c0e
-
LOG
- Size
- 350B (350 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- msedge.exe (PID: 4280)
- MD5
- 7f3881164ab7a6602f226d949acb1ba8
- SHA1
- 4eee3e92c26de2d9a7a4a05fab67a176af0a6ae0
- SHA256
- 10aefa64777821ae74985e7ef52074978f65a991c40ffd51826a864e0b7bbd94
-
LOG
- Size
- 323B (323 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- msedge.exe (PID: 4280)
- MD5
- f640c098c32b0f70ee09a316c1aba8f2
- SHA1
- f3c4cd938e2c450e808346f091f84f9cdc7012ec
- SHA256
- ad7e5fed9f02b6afafcfec449bb52a48b445b946dec27397a72cb3c3ab85d43d
-
Favicons
- Size
- 40KiB (40960 bytes)
- Type
- data
- Description
- SQLite 3.x database, last written using SQLite version 3039003
- Runtime Process
- msedge.exe (PID: 6248)
- MD5
- b020ac945dde729bb0f37fcf2fb499a1
- SHA1
- 7cdf5afd5c32dabbf26c759d4ef8666229955068
- SHA256
- 6e56853210d332b0842b3eb1ead631ae9196e5ecfd7cd3b9da5b16c25ef2d979
-
Notifications
-
Runtime
- Not all IP/URL string resources were checked online
- Not all created files are visible for msedge.exe (PID: 6248)
- Not all file accesses are visible for msedge.exe (PID: 1112)
- Not all file accesses are visible for msedge.exe (PID: 1300)
- Not all file accesses are visible for msedge.exe (PID: 1548)
- Not all file accesses are visible for msedge.exe (PID: 1664)
- Not all file accesses are visible for msedge.exe (PID: 1680)
- Not all file accesses are visible for msedge.exe (PID: 2768)
- Not all file accesses are visible for msedge.exe (PID: 3692)
- Not all file accesses are visible for msedge.exe (PID: 416)
- Not all file accesses are visible for msedge.exe (PID: 4280)
- Not all file accesses are visible for msedge.exe (PID: 4964)
- Not all file accesses are visible for msedge.exe (PID: 5212)
- Not all file accesses are visible for msedge.exe (PID: 5548)
- Not all file accesses are visible for msedge.exe (PID: 6124)
- Not all file accesses are visible for msedge.exe (PID: 6248)
- Not all file accesses are visible for msedge.exe (PID: 6472)
- Not all file accesses are visible for msedge.exe (PID: 6740)
- Not all file accesses are visible for msedge.exe (PID: 6984)
- Not all file accesses are visible for msedge.exe (PID: 7320)
- Not all file accesses are visible for msedge.exe (PID: 7612)
- Not all file accesses are visible for msedge.exe (PID: 7620)
- Not all file accesses are visible for msedge.exe (PID: 7820)
- Not all file accesses are visible for msedge.exe (PID: 824)
- Not all file accesses are visible for msedge.exe (PID: 948)
- Some low-level data is hidden, as this is only a slim report
- This URL analysis has missing honeyclient data
- Not all sources for indicator ID "mutant-0" are available in the report
- Not all sources for indicator ID "string-23" are available in the report
- Not all sources for indicator ID "string-169" are available in the report