https://www.terabox.com/sharing/videoPlay?surl=K78GESrcTqnjX75uvbIK_g&dir&fsid=954299599030830&fileName=Stop.Over.In.Hell.2016.UNCUT.1080p.BluRay.x264.AAC-%5BMkvking.com%5D.mkv&page=1
This report is generated from a file or URL submitted to this webservice on May 11th 2023 23:04:17 (UTC) and action script Default browser analysis
Guest System: Windows 10 64 bit, Professional, 10.0 (build 16299),
Report generated by
Falcon Sandbox v10.1.2 © Hybrid Analysis
Incident Response
Risk Assessment
- Network Behavior
- Contacts 28 domains and 26 hosts. View all details
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Informative 7
-
External Systems
-
Detected Suricata Alert
- details
- Detected alert "SURICATA STREAM excessive retransmissions" (SID: 2210054, Rev: 1, Severity: 3) categorized as "Generic Protocol Command Decode"
- source
- Suricata Alerts
- relevance
- 10/10
-
Detected Suricata Alert
-
General
-
Contacts server
- details
-
"210.154.124.151:443"
"138.91.254.96:443"
"151.101.1.44:443"
"199.91.74.184:443"
"142.250.189.237:443"
"13.227.74.64:443"
"13.227.74.126:443"
"111.108.51.10:443"
"142.251.214.138:443"
"142.250.189.170:443"
"157.240.22.25:443"
"74.119.118.149:443"
"74.119.118.154:443"
"74.125.137.156:443"
"216.239.32.181:443"
"173.233.137.52:443"
"192.243.59.13:443"
"52.202.251.5:443"
"192.243.59.12:443"
"173.233.137.60:443"
"34.110.181.92:443"
"199.204.170.212:443" - source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Creates mutants
- details
-
"Local\SM0:4088:304:WilStaging_02"
"InternetShortcutMutex"
"SM0:4088:304:WilStaging_02"
"SM0:4088:120:WilError_01"
"Local\SM0:4088:120:WilError_01" - source
- Created Mutant
- relevance
- 3/10
-
Queries DNS server
- details
-
"accounts.google.com"
"ag.gbc.criteo.com"
"analytics.google.com"
"api.edgeoffer.microsoft.com"
"cdn.taboola.com"
"connect.facebook.net"
"csm.da.us.criteo.net"
"dnacdn.net"
"firebase.googleapis.com"
"firebaseinstallations.googleapis.com"
"firebaseremoteconfig.googleapis.com"
"gem.gbc.criteo.com"
"gum.criteo.com"
"hermitmeaninglessconsequences.com"
"parableconverted.com"
"pl18043214.highperformancecpmgate.com"
"pl18427041.highcpmrevenuenetwork.com"
"refreshinghike.com"
"s2.teraboxcdn.com"
"sb.scorecardresearch.com"
"simplewebanalysis.com"
"sofire.terabox.com"
"static.line-scdn.net"
"stats.g.doubleclick.net"
"v2.terabox.com" - source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071.004 (Show technique in the MITRE ATT&CK™ matrix)
-
Contacts server
-
Installation/Persistence
-
Dropped files
- details
-
"data_2" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2]- [targetUID: 00000000-00004064]
"load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\load_statistics.db-wal]- [targetUID: 00000000-00003000]
"8bd309eb-218f-47c3-acd8-14f500804de4.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 1094536"- Location: [%TEMP%\8bd309eb-218f-47c3-acd8-14f500804de4.tmp]- [targetUID: 00000000-00003000]
"Filtering Rules" has type "data"- Location: [%TEMP%\3000_1668617377\Filtering Rules]- [targetUID: 00000000-00003000]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1]- [targetUID: 00000000-00004064]
"f_0004fb" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004fb]- [targetUID: 00000000-00004064]
"f_0004cd" has type "gzip compressed data from Unix original size modulo 2^32 1191571"- [targetUID: N/A]
"load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\load_statistics.db]- [targetUID: 00000000-00003000]
"000003.log" has type "data"- [targetUID: 00000000-00003000]
"f_0004fa" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004fa]- [targetUID: 00000000-00004064]
"Filtering Rules-AA" has type "data"- Location: [%TEMP%\3000_1668617377\Filtering Rules-AA]- [targetUID: 00000000-00003000]
"f_0004f9" has type "data"- [targetUID: N/A]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\GrShaderCache\data_1]- [targetUID: 00000000-00004064]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\GPUCache\data_1]- [targetUID: 00000000-00004064]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\ShaderCache\data_1]- [targetUID: 00000000-00004064]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\DawnCache\data_1]- [targetUID: 00000000-00004064]
"f_0004cb" has type "gzip compressed data from Unix original size modulo 2^32 728792"- [targetUID: N/A]
"f_0004f8" has type "gzip compressed data from Unix original size modulo 2^32 691338"- [targetUID: N/A]
"f_0004f7" has type "gzip compressed data from Unix original size modulo 2^32 722298"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004f7]- [targetUID: 00000000-00004064]
"edge_autofill_field_data.json" has type "JSON data"- Location: [%TEMP%\3000_1650262187\edge_autofill_field_data.json]- [targetUID: 00000000-00003000]
"urlref_httpswww.terabox.comsharingvideoPlaysurl_K78GESrcTqnjX75uvbIK_g_dir_fsid_954299599030830_fileName_Stop.Over.In.Hell.2016.UNCUT.1" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]
"f_0004f6" has type "gzip compressed data from Unix original size modulo 2^32 482265"- [targetUID: N/A]
"f_0004c8" has type "gzip compressed data from Unix original size modulo 2^32 436331"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c8]- [targetUID: 00000000-00004064]
"f_0004c7" has type "gzip compressed data from Unix original size modulo 2^32 469383"- [targetUID: N/A]
"f_0004f2" has type "gzip compressed data from Unix original size modulo 2^32 547282"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004f2]- [targetUID: 00000000-00004064]
"History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\History]- [targetUID: 00000000-00003000]
"f_0004cf" has type "data"- [targetUID: N/A]
"sslkey.txt" has type "data"- Location: [%TEMP%\sslkey.txt]- [targetUID: 00000000-00003000]
"Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Web Data]- [targetUID: 00000000-00003000]
"data_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0]- [targetUID: 00000000-00004064]
"Visited Links" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Visited Links]- [targetUID: 00000000-00003000]
"f_0004f3" has type "gzip compressed data from Unix original size modulo 2^32 332578"- [targetUID: N/A]
"f_0004ee" has type "gzip compressed data from Unix original size modulo 2^32 178137"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004ee]- [targetUID: 00000000-00004064]
"Tabs_13328320169168527" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sessions\Tabs_13328320169168527]- [targetUID: 00000000-00003000]
"f_0004ec" has type "gzip compressed data from Unix original size modulo 2^32 230042"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004ec]- [targetUID: 00000000-00004064]
"a3aa1868-2f50-40c7-8161-98c8814c373f.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Ad Blocking\a3aa1868-2f50-40c7-8161-98c8814c373f.tmp]- [targetUID: 00000000-00003000]
"f_0004d4" has type "gzip compressed data from Unix original size modulo 2^32 308269"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d4]- [targetUID: 00000000-00004064]
"f_0004d5" has type "data"- [targetUID: N/A]
"Diagnostic Data-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Diagnostic Data-wal]- [targetUID: 00000000-00003000]
"f_0004d1" has type "gzip compressed data max compression original size modulo 2^32 193891"- [targetUID: N/A]
"f_0004c5" has type "gzip compressed data from Unix original size modulo 2^32 281548"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c5]- [targetUID: 00000000-00004064]
"9a1fded2-14c4-4036-af83-8ca3c45d4082.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\9a1fded2-14c4-4036-af83-8ca3c45d4082.tmp]- [targetUID: 00000000-00003000]
"a8c0ff6f-1624-476d-b388-c771d260acf3.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\a8c0ff6f-1624-476d-b388-c771d260acf3.tmp]- [targetUID: 00000000-00003000]
"c474cfdc-f65e-4464-80a5-3462b1848e2f.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\c474cfdc-f65e-4464-80a5-3462b1848e2f.tmp]- [targetUID: 00000000-00003000]
"8d716dd4-be58-494e-92ba-48481058c4cd.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\8d716dd4-be58-494e-92ba-48481058c4cd.tmp]- [targetUID: 00000000-00003000]
"79c87a01-890d-4f98-8030-73c05f12fa9f.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]
"da2ee1f4-83a8-438e-b498-4a1f44e57b67.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\da2ee1f4-83a8-438e-b498-4a1f44e57b67.tmp]- [targetUID: 00000000-00003000]
"abbdf8dd-7ae7-48f0-892f-b2ef6c6f2189.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\abbdf8dd-7ae7-48f0-892f-b2ef6c6f2189.tmp]- [targetUID: 00000000-00003000]
"423effa4-338c-4529-a98d-e0fbeeb28267.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\423effa4-338c-4529-a98d-e0fbeeb28267.tmp]- [targetUID: 00000000-00003000]
"Network Action Predictor" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network Action Predictor]- [targetUID: 00000000-00003000]
"f_0004dd" has type "gzip compressed data from Unix original size modulo 2^32 169302"- [targetUID: N/A]
"f_0004eb" has type "gzip compressed data from Unix original size modulo 2^32 147233"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004eb]- [targetUID: 00000000-00004064]
"000004.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000004.log]- [targetUID: 00000000-00003000]
"f_0004c3" has type "gzip compressed data from Unix original size modulo 2^32 203398"- [targetUID: N/A]
"f_0004f5" has type "gzip compressed data from Unix original size modulo 2^32 163444"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004f5]- [targetUID: 00000000-00004064]
"f_0004f4" has type "gzip compressed data from Unix original size modulo 2^32 137330"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004f4]- [targetUID: 00000000-00004064]
"f_0004df" has type "gzip compressed data from Unix original size modulo 2^32 133242"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004df]- [targetUID: 00000000-00004064]
"f_0004e1" has type "gzip compressed data from Unix original size modulo 2^32 141356"- [targetUID: N/A]
"f_0004e8" has type "gzip compressed data from Unix original size modulo 2^32 129538"- [targetUID: N/A]
"f_0004f1" has type "gzip compressed data from Unix original size modulo 2^32 140569"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004f1]- [targetUID: 00000000-00004064]
"f_0004e4" has type "gzip compressed data from Unix original size modulo 2^32 164495"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004e4]- [targetUID: 00000000-00004064]
"QuotaManager" has type "SQLite 3.x database last written using SQLite version 3039003"- [targetUID: N/A]
"f_0004e5" has type "gzip compressed data from Unix original size modulo 2^32 124479"- [targetUID: N/A]
"Cookies" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\Cookies]- [targetUID: 00000000-00004064]
"f_0004ef" has type "gzip compressed data from Unix original size modulo 2^32 101484"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004ef]- [targetUID: 00000000-00004064]
"f_0004ce" has type "gzip compressed data from Unix original size modulo 2^32 114576"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004ce]- [targetUID: 00000000-00004064]
"f_0004dc" has type "gzip compressed data from Unix original size modulo 2^32 106327"- [targetUID: N/A]
"f_0004ca" has type "gzip compressed data from Unix original size modulo 2^32 97904"- [targetUID: N/A]
"f_0004c4" has type "gzip compressed data from Unix original size modulo 2^32 147383"- [targetUID: N/A]
"Filtering Rules-CA" has type "data"- Location: [%TEMP%\3000_1668617377\Filtering Rules-CA]- [targetUID: 00000000-00003000]
"History-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\History-journal]- [targetUID: 00000000-00003000]
"Reporting and NEL" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\Reporting and NEL]- [targetUID: 00000000-00004064]
"f_0004d2" has type "gzip compressed data from Unix original size modulo 2^32 124043"- [targetUID: N/A]
"f_0004db" has type "gzip compressed data from Unix original size modulo 2^32 81200"- [targetUID: N/A]
"Cookies-journal" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\Cookies-journal]- [targetUID: 00000000-00004064]
"Network Action Predictor-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network Action Predictor-journal]- [targetUID: 00000000-00003000]
"QuotaManager-journal" has type "SQLite Rollback Journal"- [targetUID: N/A]
"f_0004c9" has type "gzip compressed data from Unix original size modulo 2^32 100051"- [targetUID: N/A]
"f_0004d0" has type "gzip compressed data from Unix original size modulo 2^32 111175"- [targetUID: N/A]
"f_0004d3" has type "gzip compressed data from Unix original size modulo 2^32 60514"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d3]- [targetUID: 00000000-00004064]
"f_0004e2" has type "gzip compressed data max speed from Unix original size modulo 2^32 85843"- [targetUID: N/A]
"f_0004e6" has type "gzip compressed data max speed from Unix original size modulo 2^32 85810"- [targetUID: N/A]
"Vpn Tokens" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Vpn Tokens]- [targetUID: 00000000-00003000]
"Databases.db" has type "SQLite 3.x database last written using SQLite version 3039003"- [targetUID: N/A]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log]- [targetUID: 00000000-00003000]
"f_0004c6" has type "Web Open Font Format TrueType length 25804 version 1.0"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c6]- [targetUID: 00000000-00004064]
"LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\3000_1668617377\LICENSE]- [targetUID: 00000000-00003000]
"1" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\databases\https_www.terabox.com_0\1]- [targetUID: 00000000-00003000]
"be53debf-0f99-441c-9664-6662c74900ad.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\be53debf-0f99-441c-9664-6662c74900ad.tmp]- [targetUID: 00000000-00003000]
"a264db50-bc88-480f-a4aa-2eede510a4ca.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"26a77e30-9640-4f39-8ecf-62b9999b1d59.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\26a77e30-9640-4f39-8ecf-62b9999b1d59.tmp]- [targetUID: 00000000-00003000]
"f_0004ea" has type "gzip compressed data from Unix original size modulo 2^32 74735"- [targetUID: N/A]
"0cd7db04-87d0-4387-8432-d4bfef577446.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\0cd7db04-87d0-4387-8432-d4bfef577446.tmp]- [targetUID: 00000000-00003000]
"0feaa83a-2640-4b67-9a71-56976a48f465.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\0feaa83a-2640-4b67-9a71-56976a48f465.tmp]- [targetUID: 00000000-00003000]
"5aa0b560-f4f9-488e-8ce3-564f2cdc6c98.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"f_0004d7" has type "TrueType Font data 11 tables 1st "OS/2" 14 names Macintosh type 1 string yunfont"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d7]- [targetUID: 00000000-00004064]
"f_0004e0" has type "gzip compressed data from Unix original size modulo 2^32 71706"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004e0]- [targetUID: 00000000-00004064]
"crl-set" has type "data"- Location: [%TEMP%\3000_632390769\crl-set]- [targetUID: 00000000-00003000]
"f_0004d6" has type "gzip compressed data from Unix original size modulo 2^32 62825"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d6]- [targetUID: 00000000-00004064]
"Favicons-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Favicons-journal]- [targetUID: 00000000-00003000]
"Databases.db-journal" has type "SQLite Rollback Journal"- [targetUID: N/A]
"Reporting and NEL-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\Reporting and NEL-journal]- [targetUID: 00000000-00004064]
"f_0004d8" has type "gzip compressed data from Unix original size modulo 2^32 58365"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d8]- [targetUID: 00000000-00004064]
"f_0004e7" has type "gzip compressed data from Unix original size modulo 2^32 37427"- [targetUID: N/A]
"f_0004d9" has type "gzip compressed data from Unix original size modulo 2^32 28821"- [targetUID: N/A]
"f_0004de" has type "gzip compressed data from Unix original size modulo 2^32 60711"- [targetUID: N/A]
"f_0004da" has type "gzip compressed data from Unix original size modulo 2^32 64291"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004da]- [targetUID: 00000000-00004064]
"f_0004cc" has type "gzip compressed data from Unix original size modulo 2^32 42477"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004cc]- [targetUID: 00000000-00004064]
"arbitration_service_config.json" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\arbitration_service_config.json]- [targetUID: 00000000-00003000]
"f_0004f0" has type "gzip compressed data from Unix original size modulo 2^32 61193"- [targetUID: N/A]
"f_0004ed" has type "gzip compressed data from Unix original size modulo 2^32 52932"- [targetUID: N/A]
"f_0004e3" has type "gzip compressed data from Unix original size modulo 2^32 59515"- [targetUID: N/A]
"f_0004e9" has type "gzip compressed data from Unix original size modulo 2^32 38122"- [targetUID: N/A]
"Session_13328320168208354" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sessions\Session_13328320168208354]- [targetUID: 00000000-00003000]
"temp-index" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index]- [targetUID: 00000000-00003000]
"domain_list_output_encoded_base64.txt" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\3000_1650262187\domain_list_output_encoded_base64.txt]- [targetUID: 00000000-00003000]
"1-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\databases\https_www.terabox.com_0\1-journal]- [targetUID: 00000000-00003000]
"9ce4f409-3a5c-4546-b8d0-e848fdc53849.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\9ce4f409-3a5c-4546-b8d0-e848fdc53849.tmp]- [targetUID: 00000000-00004064]
"317a77e0-22ff-4dbd-81f7-765656eb2eb9.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"000004.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Session Storage\000004.log]- [targetUID: 00000000-00003000]
"09b9eeee-5cc5-4898-9a87-a3e856997e93.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\09b9eeee-5cc5-4898-9a87-a3e856997e93.tmp]- [targetUID: 00000000-00004064]
"fdca1559-c3c7-4a11-9c3b-ffe11446d9d0.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"3d7688c3-dcd1-4005-be1a-5c958c7b4457.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\3d7688c3-dcd1-4005-be1a-5c958c7b4457.tmp]- [targetUID: 00000000-00004064]
"5614f662-867b-49c1-b940-2e286291cf8f.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\5614f662-867b-49c1-b940-2e286291cf8f.tmp]- [targetUID: 00000000-00004064]
"Web Data-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Web Data-journal]- [targetUID: 00000000-00003000]
"Vpn Tokens-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Vpn Tokens-journal]- [targetUID: 00000000-00003000]
"688fb2d2-0c8f-4d3a-965f-a5cae1f035cb.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"41e56095-eeb6-45ec-9344-605c94d0037f.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\41e56095-eeb6-45ec-9344-605c94d0037f.tmp]- [targetUID: 00000000-00004064]
"cbd3e348-18b0-4a18-a4c2-2b517efbad79.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"874348f3-fa11-4473-8708-079b3ca52d30.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\874348f3-fa11-4473-8708-079b3ca52d30.tmp]- [targetUID: 00000000-00004064]
"f6a4f247dbf4d697c26b375e3580d6053baf25f5.tbres" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\TokenBroker\Cache\f6a4f247dbf4d697c26b375e3580d6053baf25f5.tbres]- [targetUID: 00000000-00003000]
"WebAssistDatabase-journal" has type "data"- [targetUID: N/A]
"edge_autofill_global_block_list.json" has type "JSON data"- Location: [%TEMP%\3000_1650262187\edge_autofill_global_block_list.json]- [targetUID: 00000000-00003000]
"adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\3000_1668617377\adblock_snippet.js]- [targetUID: 00000000-00003000]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log]- [targetUID: 00000000-00003000]
"LOG" has type "ASCII text"- [targetUID: 00000000-00003000]
"5d4a63dc62268089_0" has type "data"- [targetUID: N/A]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG]- [targetUID: 00000000-00003000]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG]- [targetUID: 00000000-00003000]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG]- [targetUID: 00000000-00003000]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG]- [targetUID: 00000000-00003000]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Platform Notifications\LOG]- [targetUID: 00000000-00003000]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG]- [targetUID: 00000000-00003000]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG]- [targetUID: 00000000-00003000]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Extension State\LOG]- [targetUID: 00000000-00003000]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\LOG]- [targetUID: 00000000-00003000]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Session Storage\LOG]- [targetUID: 00000000-00003000]
"4966c9016197277b_0" has type "data"- [targetUID: N/A]
"settings.dat" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Crashpad\settings.dat]- [targetUID: 00000000-00003000]
"4aa854bea0fe0e5b_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\4aa854bea0fe0e5b_0]- [targetUID: 00000000-00003000]
"e27708b78565d1b5_0" has type "data"- [targetUID: N/A]
"8f4c7d70eb5729a9_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\8f4c7d70eb5729a9_0]- [targetUID: 00000000-00003000]
"4d782a6b7a03e004_0" has type "data"- [targetUID: N/A]
"a7b490f7929c7d8e_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\a7b490f7929c7d8e_0]- [targetUID: 00000000-00003000]
"1fded7a76f295da9_0" has type "data"- [targetUID: N/A]
"95c1d8bc921a8661_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\95c1d8bc921a8661_0]- [targetUID: 00000000-00003000]
"083c04bd9853d320_0" has type "data"- [targetUID: N/A]
"648f7ffd6a222818_0" has type "data"- [targetUID: N/A]
"6abc78e2d5911768_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\6abc78e2d5911768_0]- [targetUID: 00000000-00003000]
"b532237e52f3b105_0" has type "data"- [targetUID: N/A]
"edd97bc688d83439_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\edd97bc688d83439_0]- [targetUID: 00000000-00003000]
"b053b49453799b44_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\b053b49453799b44_0]- [targetUID: 00000000-00003000]
"ff70226667061e81_0" has type "data"- [targetUID: N/A]
"cd9715871b29b7a8_0" has type "data"- [targetUID: N/A]
"ddb1f2577c81bc71_0" has type "data"- [targetUID: N/A]
"1e4e2cca6938be71_0" has type "data"- [targetUID: N/A]
"f8355c3db36dfb68_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\f8355c3db36dfb68_0]- [targetUID: 00000000-00003000]
"e6bf07d230a9c920_0" has type "data"- [targetUID: N/A]
"88bbe11b6a853ca1_0" has type "data"- [targetUID: N/A]
"65edb6cf45283217_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\65edb6cf45283217_0]- [targetUID: 00000000-00003000]
"541e0db9d3fd383f_0" has type "data"- [targetUID: N/A]
"919b6e5ad0a5b2e6_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\919b6e5ad0a5b2e6_0]- [targetUID: 00000000-00003000]
"3bedb201799b2b07_0" has type "data"- [targetUID: N/A]
"f319ddb16dc8d366_0" has type "data"- [targetUID: N/A]
"4a956b3483ae6fc0_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\4a956b3483ae6fc0_0]- [targetUID: 00000000-00003000]
"9369c184be6c76aa_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\9369c184be6c76aa_0]- [targetUID: 00000000-00003000]
"regex_patterns.json" has type "JSON data"- Location: [%TEMP%\3000_1650262187\regex_patterns.json]- [targetUID: 00000000-00003000]
"17c9d64f7637f614_0" has type "data"- [targetUID: N/A]
"c55d0ca78413a6ad_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\c55d0ca78413a6ad_0]- [targetUID: 00000000-00003000]
"Last Browser" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Last Browser]- [targetUID: 00000000-00003000]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\3000_1650262187\manifest.json]- [targetUID: 00000000-00003000]
"manifest.json" has type "JSON data"- Location: [%TEMP%\3000_1668617377\manifest.json]- [targetUID: 00000000-00003000]
"manifest.json" has type "JSON data"- [targetUID: 00000000-00003000]
"Variations" has type "JSON data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Variations]- [targetUID: 00000000-00003000]
".ses" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\.ses]- [targetUID: 00000000-00003000]
"MANIFEST-000001" has type "PGP Secret Key -"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001]- [targetUID: 00000000-00003000]
"MANIFEST-000001" has type "data"- [targetUID: 00000000-00003000]
"000001.dbtmp" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp]- [targetUID: 00000000-00003000]
"Last Version" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Last Version]- [targetUID: 00000000-00003000]
"6a4fca99-7edd-4beb-b53a-4565b5537f5a.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\6a4fca99-7edd-4beb-b53a-4565b5537f5a.tmp]- [targetUID: 00000000-00003000]
"14d12a79-bd7a-4b3c-869c-febeffb739a9.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"a6583e52-bd11-4317-833c-6b03659a83ea.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\a6583e52-bd11-4317-833c-6b03659a83ea.tmp]- [targetUID: 00000000-00004064]
"2134919e-3ccb-47cc-b597-f15fe6e07b55.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"000001.dbtmp" has type "ASCII text"- [targetUID: 00000000-00003000] - source
- Binary File
- relevance
- 3/10
- ATT&CK ID
- T1105 (Show technique in the MITRE ATT&CK™ matrix)
-
Dropped files
-
Network Related
-
Contacts random domain names
- details
- "s2.teraboxcdn.com" seems to be random
- source
- Network Traffic
- relevance
- 5/10
- ATT&CK ID
- T1071.001 (Show technique in the MITRE ATT&CK™ matrix)
-
Found potential URL in binary/memory
- details
-
Pattern match: "https://www.terabox.com/sharing/videoPlay?surl=K78GESrcTqnjX75uvbIK_g&dir&fsid=954299599030830&fileName=Stop.Over.In.Hell.2016.UNCUT.1080p.BluRay.x264.AAC-%5BMkvking.com%5D.mkv&page=1"
Pattern match: "https://www.terabox.com"
Pattern match: "6...ZrVH//2uetZ.M2t$WyyH"
Pattern match: "AlD.bA/C:bhD},:vooLDK%6oEi]|zI!/?%"
Pattern match: "MW.jR/`^9zz"
Pattern match: "Ae6r.xSL/L]h2s3&;X!&_CK+Gjk?~tSsg#BV^[Zj.4_\bgj?xr|!m+*\YYz&"
Pattern match: "learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170Latest"
Pattern match: "Qnh7.WM/2b;4bG2_P$UAgq_z7lP#/I||nMox\OQiJ1\~B+$f7Yh"
Pattern match: "search.yahoo.com/favicon.icohttps://search.yahoo.com/search{google:pathWildcard}?ei={inputEncoding}&fr=crmas_sfp&p={searchTerms}UTF-8https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command={searchTerms}485bf7d3-0215-45af-87dc-53886800000"
Pattern match: "4.aZ/.aZ/`Z/`Z/`Z/`Z/y`Z/y`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/d`Z/d`Z/QS`W`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/z`Z/z`Z/`Z/`Z/`Z/`Z/`Z/`Z/z`Z/z`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/aZ/aZ/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/`Z/aZ/aZ/`Z/`Z/`"
Pattern match: "https://ntp.msn.com/edge/ntp?locale=en&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531edge://settings/profileskeygjgieestate_{edge://settingsedge://settings/edge://settings/?search=smartkeygr10nmstate_{edge://settingsedge://settings/?search=smartedge"
Pattern match: "https://wcpstatic.microsoft.com/https://js.monitor.azure.com/learn.microsoft.com"
Pattern match: "https://ntp.www.office.com&_https://ntp.msn.comCookieSyncExpiry'_https://ntp.msn.comDefaultFeedPolicy_https://ntp.msn.comGpuExist/_https://ntp.msn.comNOTIFICATION_CACHE_LS_KEY_https://ntp.msn.combkgdV+_https://ntp.msn.combreakingNewsDismissed"
Pattern match: "rs.vV/69/3M"
Pattern match: "IRyT.ds/jY?zAX?#8kv+ESc[*7|i5-za`jy8"
Pattern match: "www.terabox.com/defaulthttps://www.office.com/defaulthttps://ntp.msn.com/defaultwww.terabox.comwww.office.comntp.msn.com/Z_Q/Z_https://www.terabox.com/www.terabox.comdefault/Z_Q/Z_https://ntp.msn.com/ntp.msn.comdefaulthttps://www.office.com/www.office.comd"
Pattern match: "www.clarity.msCLIDv10"
Pattern match: "https://ogs.google.com][src*=prid=19015398]google.com.afgoogle.com.aggoogle.com.aigoogle.com.argoogle.com.augoogle.com.bdgoogle.com.bhgoogle.com.bigoogle.com.bngoogle.com.bogoogle.com.brgoogle.com.bygoogle.com.bzgoogle.com.cngoogle.com.cogoogle.com.cugo"
Pattern match: "csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1[]httpslogin.microsoftonline.comnetwork-errorshttps://identity.nel.measure.office.net/api/report?catId=GW+estsfd+estc#"
Pattern match: "www.terabox.comndut_fmtv10H,5$/ZbYc/Z^.bing.com_RwBfv10'/Z^l.msn.compglt-edgeChromium-dhpv10G/edge/cpPZ.bing.comUSRLOCv10KYJ"
Pattern match: "www.bing.com/search?q=vs+code+download&cvid=b24c929981144c99bf0711b78929e24e&aqs=edge.2.0j69i57j0l7&pglt=43&FORM=ANSPA1&PC=U53136f0ed70-14c9-4735-a66d-8f4ea182c246vs"
Pattern match: "https://www.terabox.com/www.terabox.comdefault/Z^/Z^https://ntp.msn.com/ntp.msn.comdefaulthttps://www.office.com/www.office.comdefault/Z^www.office.comntp.msn.comhttps://www.office.com/defaulthttps://ntp.msn.com/defaulthttps://ntp.msn.com/ntp.msn.comdefaul"
Pattern match: "github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.4.7/npp.8.4.7.portable.x64.7zhttps://objects.githubusercontent.com/github-production-release-asset-2e65be/33014811/42d9bc38-89f0-48d8-94ec-d1f3649d2fc3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-A"
Pattern match: "V.wy/IG3330W}}3hJ3hl"
Pattern match: "https://github.com/easylist"
Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE53r3l?ver=5412,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE53bta?ver=2bf3,update_period:86400},creativeId:128000000003595"
Pattern match: "learn.microsoft.com/favicon.icohttps://www.bing.com/favicon.icohttps://assets.msn.com/statics/icons/favicon_newtabpage.png#!L[https://learn.microsoft.com/favicon.ico$Mhttps://www.bing.com/favicon.icohttps://assets.msn.com/statics/icons/favicon_newtabpage.p"
Pattern match: "identity.nel.measure.office.net/api/report?catId=GW+estsfd+est[]$chttpslearn.microsoft.comnetwork-errorshttps://mdec.nelreports.net/api/report?cat=mdocs[]#]httpswww2.bing.comcsp-endpointhttps://aefd.nelreports.net/api/report?cat=bingcsp[]httpswww.gstatic.c"
Pattern match: "6.jNb/l\?b43fqo97RMu$@Mx"
Pattern match: "https://www.terabox.com/sharing/videoPlay?surl=K78GESrcTqnjX75uvbIK_g&dir&fsid=954299599030830&fileName=Stop.Over.In.Hell.2016.UNCUT.1080p.BluRay.x264.AAC-%5BMkvking.com%5D.mkv&page=1https://www.terabox.com/sharing/videoPlay?surl=K78GESrcTqnjX75uvbIK_g&dir"
Pattern match: "https://www.clarity.ms,supports_spdy:true},{anonymization:[],server:https://microsoftedgewelcome.microsoft.com,supports_spdy:true},{anonymization:[],server:https://edgefrecdn.azureedge.net,supports_spdy:true},{anonymization:[],server"
Pattern match: "https://googleads.g.doubleclick.net/next-map-idQnamespace-3bbc91a6_51d0_4200_9fa7_2e3ec0fddf25-https://tpc.googlesyndication.com/34U"
Pattern match: "https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170https://notepad-plus-plus.org/downloads/v8.4.7/https://notepad-plus-plus.org/whttps://microsoftedgewelcome.microsoft.com/en-us/update/107?form=MT00CP&exp=e157&channel=sta"
Pattern match: "autofill.account.microsoft.com/,type"
Pattern match: "s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/js/cashier~failPay~goldCenter~landing~login~membership~other~recyclebin~share~successPay~video~webInvit~e79b0f6e.9d3ebc23.js"
Pattern match: "assets.db/MANIFEST-0000012023/05/11-16:09:38.055"
Pattern match: "s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/js/login~recyclebin~share~webmaster~webmasterShare.f65219fd.js"
Pattern match: "s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/js/chunk-cb9e4828.b7a23c3a.js"
Pattern match: "s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/js/chunk-2d225855.7faaefb6.js"
Pattern match: "s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/js/chunk-fdedac32.bf668b90.js"
Pattern match: "s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/js/chunk-1dcd7f8a.2b42216f.js"
Pattern match: "s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/js/chunk-d829240a.eb6ac2c7.js"
Pattern match: "s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/js/chunk-63dc2d72.7277dc11.js"
Pattern match: "s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/js/chunk-vendors.3ceb8513.js"
Pattern match: "s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/assets/libs/facebook.min.js"
Pattern match: "s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/js/ud-i18n-en.e44e7bde.js"
Pattern match: "s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/assets/libs/kakao.min.js"
Pattern match: "s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/assets/libs/apple.min.js"
Pattern match: "s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/js/manifest.944c362f.js"
Pattern match: "connect.facebook.net/en_US/sdk.js?hash=390d93be92b611479cda9adbba1dfe38&ua=modern_es6"
Pattern match: "s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/js/share.ccd33bd4.js"
Pattern match: "s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/js/main.e3b4c31a.js"
Pattern match: "pl18043214.highperformancecpmgate.com/5c8996e8e3cb5e10b7fd36115b800ac7/invoke.js"
Pattern match: "pl18427041.highcpmrevenuenetwork.com/7a53508dc56ee38649adb3e4cf9c7d7d/invoke.js"
Pattern match: "s2.teraboxcdn.com/general-conf/ymg/2068/abclite-2068-s.js?v=0.7215620324766538"
Pattern match: "parableconverted.com/1e/1b/bd/1e1bbdc937ccd35cd1897b4e58c7407b.js"
Pattern match: "refreshinghike.com/5e/14/d1/5e14d17fcba455a3db0f90b77537b434.js"
Pattern match: "www.googletagmanager.com/gtag/js?l=dataLayer&id=G-06ZNKL8C2E"
Pattern match: "s2.teraboxcdn.com/general-conf/fk/dfxaf3-f15fdc33.js"
Pattern match: "cdn.taboola.com/libtrc/impl.20230509-15-RELEASE.js"
Pattern match: "cdn.taboola.com/libtrc/terabox-network/loader.js"
Pattern match: "gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS"
Pattern match: "www.terabox.com/ndbs/nd_bundle_430546.js"
Pattern match: "static.line-scdn.net/liff/edge/2/sdk.js"
Pattern match: "sb.scorecardresearch.com/beacon.js"
Pattern match: "accounts.google.com/gsi/client"
Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"
Pattern match: "https://www.terabox.com/sharing/videoPlay?surl=K78GESrcTqnjX75uvbIK_g&dir&fsid=954299599030830&fileName=Stop.Over.In.Hell.2016.UNCUT.1080p.BluRay.x264.AAC-%5BMkvking.com%5D.mkv&page=1"
Pattern match: "https://data.terabox.com/thumbnail/afd9c8f27832a68ca3520ea3b66ec4c5?fid=4399433617547-250528-149883492070698&time=1683846000&rt=sh&sign=FDTAER-DCb740ccc5511e5e8fedcff06b081203-oAmIUpUympZyHUZJz5nc7d%2FcCak%3D&expires=8h&chkv=0&chkbd=0&chkpc=&dp-logid=88098"
Pattern match: "https://www.terabox.com/fe-opera-static/box-static/disk-system/images/favicon.ico"
Pattern match: "www.terabox.com,path:/api/analytics,namespace:,productId:,type:,uk:,sessionId:,rules:{path:!0,hash:!0},clienttype:0,vueError:!0,jsError:!0,promiseError:!0,env:window,report:i.getIntance};if(!t.report||s(t.report))return"
Pattern match: "https://www.terabox.com,host:www.terabox.com,domain:terabox.com,cdn:https://s2.teraboxcdn.com,ymg:https://ymg.teraboxcdn.com"
Pattern match: "https://s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/js/manifest.944c362f.js"
Pattern match: "https://s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/fonts/iconfont.4f9f785d.woff"
Pattern match: "https://s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/img/loading-grey.0e512ce9.gif"
Pattern match: "https://s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/img/anniversary-back.224225fe.png"
Pattern match: "https://www.terabox.com/"
Pattern match: "https://s2.teraboxcdn.com/general-conf/ymg/2068/abclite-2068-s.js?v="
Pattern match: "https://s2.teraboxcdn.com/general-conf/fk/dfxaf3-f15fdc33.js"
Pattern match: "https://s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/assets/libs/apple.min.js"
Pattern match: "https://s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/assets/libs/facebook.min.js"
Pattern match: "https://s2.teraboxcdn.com/fe-opera-static/node-static-v4/fe-webv4-main/assets/libs/kakao.min.js"
Pattern match: "https://accounts.google.com/gsi/client"
Pattern match: "https://static.line-scdn.net/liff/edge/2/sdk.js"
Pattern match: "https://www.terabox.com/ndbs/nd_bundle_430546.js"
Heuristic match: "accounts.google.com"
Heuristic match: "ag.gbc.criteo.com"
Heuristic match: "analytics.google.com"
Heuristic match: "cdn.taboola.com"
Heuristic match: "connect.facebook.net"
Heuristic match: "csm.da.us.criteo.net"
Heuristic match: "dnacdn.net"
Heuristic match: "firebase.googleapis.com"
Heuristic match: "firebaseinstallations.googleapis.com"
Heuristic match: "firebaseremoteconfig.googleapis.com"
Heuristic match: "gem.gbc.criteo.com"
Heuristic match: "gum.criteo.com"
Heuristic match: "hermitmeaninglessconsequences.com"
Heuristic match: "parableconverted.com"
Heuristic match: "pl18043214.highperformancecpmgate.com"
Heuristic match: "pl18427041.highcpmrevenuenetwork.com"
Heuristic match: "refreshinghike.com"
Heuristic match: "s2.teraboxcdn.com"
Heuristic match: "sb.scorecardresearch.com"
Heuristic match: "simplewebanalysis.com"
Heuristic match: "sofire.terabox.com"
Heuristic match: "static.line-scdn.net"
Heuristic match: "stats.g.doubleclick.net"
Heuristic match: "v2.terabox.com"
Heuristic match: "vulgarmilletappear.com"
Pattern match: "www.terabox.com"
Heuristic match: "ymg-api.terabox.com" - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Contacts random domain names
Session Details
No relevant data available.
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 20 processes in total.
-
rundll32.exe
"%WINDIR%\system32\ieframe.dll",OpenURL C:\db1f045af3d13288e2a39304df1a2248c310afc8a6c7d0682d25e88cf5ec82ca.url
(PID: 4088)
-
msedge.exe
--single-argument https://www.terabox.com/sharing/videoPlay?surl=K78GESrcTqnjX75uvbIK_g&dir&fsid=954299599030830&fileName=Stop.Over.In.Hell.2016.UNCUT.1080p.BluRay.x264.AAC-%5BMkvking.com%5D.mkv&page=1
(PID: 3000)
- msedge.exe --type=crashpad-handler "--user-data-dir=%LOCALAPPDATA%\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=%LOCALAPPDATA%\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=107.0.5304.110 "--annotation=exe=%PROGRAMFILES%\(x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=107.0.1418.56 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0x158,0x7ff93941b208,0x7ff93941b218,0x7ff93941b228 (PID: 6048)
- msedge.exe --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=2080,i,5103266135121745724,18261650939229687357,131072 /prefetch:2 (PID: 6792)
- msedge.exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=2080,i,5103266135121745724,18261650939229687357,131072 /prefetch:3 (PID: 4064)
- msedge.exe --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 --field-trial-handle=2080,i,5103266135121745724,18261650939229687357,131072 /prefetch:8 (PID: 6540)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --time-ticks-at-unix-epoch=-1683845358442720 --launch-time-ticks=1209413643 --mojo-platform-channel-handle=3112 --field-trial-handle=2080,i,5103266135121745724,18261650939229687357,131072 /prefetch:1 (PID: 1956)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --time-ticks-at-unix-epoch=-1683845358442720 --launch-time-ticks=1210118535 --mojo-platform-channel-handle=3128 --field-trial-handle=2080,i,5103266135121745724,18261650939229687357,131072 /prefetch:1 (PID: 1396)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3468 --field-trial-handle=2080,i,5103266135121745724,18261650939229687357,131072 /prefetch:8 (PID: 6564)
- msedge.exe --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4540 --field-trial-handle=2080,i,5103266135121745724,18261650939229687357,131072 /prefetch:8 (PID: 4332)
- msedge.exe --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=4576 --field-trial-handle=2080,i,5103266135121745724,18261650939229687357,131072 /prefetch:8 (PID: 4004)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5552 --field-trial-handle=2080,i,5103266135121745724,18261650939229687357,131072 /prefetch:8 (PID: 1676)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5720 --field-trial-handle=2080,i,5103266135121745724,18261650939229687357,131072 /prefetch:8 (PID: 2712)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5776 --field-trial-handle=2080,i,5103266135121745724,18261650939229687357,131072 /prefetch:8 (PID: 2348)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --time-ticks-at-unix-epoch=-1683845358442720 --launch-time-ticks=1307526298 --mojo-platform-channel-handle=6116 --field-trial-handle=2080,i,5103266135121745724,18261650939229687357,131072 /prefetch:1 (PID: 5440)
- msedge.exe --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5528 --field-trial-handle=2080,i,5103266135121745724,18261650939229687357,131072 /prefetch:8 (PID: 4144)
- msedge.exe --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.16299.192 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6344 --field-trial-handle=2080,i,5103266135121745724,18261650939229687357,131072 /prefetch:2 (PID: 6860)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6428 --field-trial-handle=2080,i,5103266135121745724,18261650939229687357,131072 /prefetch:8 (PID: 1184)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5616 --field-trial-handle=2080,i,5103266135121745724,18261650939229687357,131072 /prefetch:8 (PID: 6468)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6560 --field-trial-handle=2080,i,5103266135121745724,18261650939229687357,131072 /prefetch:8 (PID: 2500)
-
msedge.exe
--single-argument https://www.terabox.com/sharing/videoPlay?surl=K78GESrcTqnjX75uvbIK_g&dir&fsid=954299599030830&fileName=Stop.Over.In.Hell.2016.UNCUT.1080p.BluRay.x264.AAC-%5BMkvking.com%5D.mkv&page=1
(PID: 3000)
Network Analysis
DNS Requests
Domain | Address | Registrar | Country |
---|---|---|---|
accounts.google.com
OSINT |
142.250.189.237
TTL: 189 |
MarkMonitor, Inc.
Organization: Google Inc. Name Server: NS1.GOOGLE.COM Creation Date: 1997-09-15T00:00:00 |
United States |
ag.gbc.criteo.com
OSINT |
199.204.170.74
TTL: 14507 |
Ascio Technologies, Inc
Organization: Criteo SA Name Server: NS1.CRITEO.COM Creation Date: 2005-06-17T00:00:00 |
United States |
analytics.google.com
OSINT |
216.239.32.181
TTL: 90 |
MarkMonitor, Inc.
Organization: Google Inc. Name Server: NS1.GOOGLE.COM Creation Date: 1997-09-15T00:00:00 |
United States |
api.edgeoffer.microsoft.com
OSINT |
138.91.254.96
TTL: 3333 |
MarkMonitor, Inc.
Organization: Microsoft Corporation Name Server: NS1.MSFT.NET Creation Date: 1991-05-02T00:00:00 |
United States |
cdn.taboola.com
OSINT |
151.101.1.44
TTL: 10499 |
GODADDY.COM, LLC
Organization: Taboola.com LTD Name Server: DNS1.P05.NSONE.NET Creation Date: 2007-02-23T00:00:00 |
United States |
connect.facebook.net
OSINT |
157.240.22.25
TTL: 1452 |
MarkMonitor, Inc.
Organization: Facebook, Inc. Name Server: A.NS.FACEBOOK.COM Creation Date: 2004-04-01T00:00:00 |
United States |
csm.da.us.criteo.net
OSINT |
74.119.118.154
TTL: 3557 |
Ascio Technologies, Inc
Organization: Criteo SA Name Server: NS1.CRITEO.COM Creation Date: 2005-06-17T00:00:00 |
United States |
dnacdn.net
OSINT |
74.119.118.149
TTL: 300 |
GANDI SAS
Organization: CRITEO SA Name Server: NS22.CRITEO.COM Creation Date: 2019-07-17T18:43:38 |
United States |
firebase.googleapis.com
OSINT |
142.251.214.138
TTL: 300 |
MarkMonitor, Inc.
Organization: Google Inc. Name Server: NS1.GOOGLE.COM Creation Date: 2005-01-25T00:00:00 |
United States |
firebaseinstallations.googleapis.com |
142.251.214.138
TTL: 175 |
- | United States |
firebaseremoteconfig.googleapis.com |
142.251.214.138
TTL: 74 |
- | United States |
gem.gbc.criteo.com |
199.204.170.212
TTL: 14507 |
- | United States |
gum.criteo.com |
74.119.118.149
TTL: 3447 |
- | United States |
hermitmeaninglessconsequences.com |
173.233.137.60
TTL: 142 |
- | United States |
parableconverted.com |
173.233.137.60
TTL: 600 |
- | United States |
pl18043214.highperformancecpmgate.com |
173.233.137.60
TTL: 600 |
- | United States |
pl18427041.highcpmrevenuenetwork.com |
173.233.137.60
TTL: 600 |
- | United States |
refreshinghike.com |
173.233.137.60
TTL: 304 |
- | United States |
s2.teraboxcdn.com |
199.91.74.184
TTL: 19 |
- | United States |
sb.scorecardresearch.com |
13.227.74.126
TTL: 60 |
- | United States |
simplewebanalysis.com |
52.202.251.5
TTL: 60 |
- | United States |
sofire.terabox.com |
111.108.51.10
TTL: 272 |
- | Japan |
static.line-scdn.net |
13.227.74.64
TTL: 95 |
- | United States |
stats.g.doubleclick.net |
74.125.137.156
TTL: 30 |
- | United States |
v2.terabox.com |
34.110.181.92
TTL: 300 |
- | United States |
vulgarmilletappear.com |
173.233.137.60
TTL: 95 |
- | United States |
www.terabox.com |
210.154.124.151
TTL: 66 |
- | Japan |
ymg-api.terabox.com |
111.108.51.10
TTL: 300 |
- | Japan |
Contacted Hosts
IP Address | Port/Protocol | Associated Process | Details |
---|---|---|---|
210.154.124.151 |
443
TCP |
msedge.exe PID: 4064 |
Japan |
138.91.254.96 |
443
TCP |
msedge.exe PID: 4064 |
United States |
151.101.1.44 |
443
TCP |
msedge.exe PID: 4064 |
United States |
199.91.74.184 |
443
TCP |
msedge.exe PID: 4064 |
United States |
142.250.189.237 |
443
TCP |
msedge.exe PID: 4064 |
United States |
13.227.74.64 |
443
TCP |
msedge.exe PID: 4064 |
United States |
13.227.74.126 |
443
TCP |
msedge.exe PID: 4064 |
United States |
111.108.51.10 |
443
TCP |
msedge.exe PID: 4064 |
Japan |
142.251.214.138 |
443
TCP |
msedge.exe PID: 4064 |
United States |
142.250.189.170 |
443
TCP |
msedge.exe PID: 4064 |
United States |
142.251.214.138 |
443
UDP |
msedge.exe PID: 4064 |
United States |
157.240.22.25 |
443
TCP |
msedge.exe PID: 4064 |
United States |
74.119.118.149 |
443
TCP |
msedge.exe PID: 4064 |
United States |
74.119.118.154 |
443
TCP |
msedge.exe PID: 4064 |
United States |
74.125.137.156 |
443
TCP |
msedge.exe PID: 4064 |
United States |
216.239.32.181 |
443
TCP |
msedge.exe PID: 4064 |
United States |
173.233.137.52 |
443
TCP |
msedge.exe PID: 4064 |
United States |
192.243.59.13 |
443
TCP |
msedge.exe PID: 4064 |
Dominica |
52.202.251.5 |
443
TCP |
msedge.exe PID: 4064 |
United States |
192.243.59.12 |
443
TCP |
msedge.exe PID: 4064 |
Dominica |
173.233.137.60 |
443
TCP |
msedge.exe PID: 4064 |
United States |
34.110.181.92 |
443
TCP |
msedge.exe PID: 4064 |
United States |
34.110.181.92 |
443
UDP |
msedge.exe PID: 4064 |
United States |
216.239.32.181 |
443
UDP |
msedge.exe PID: 4064 |
United States |
199.204.170.212 |
443
TCP |
msedge.exe PID: 4064 |
United States |
199.204.170.74 |
443
TCP |
msedge.exe PID: 4064 |
United States |
Contacted Countries
HTTP Traffic
No relevant HTTP requests were made.
Suricata Alerts
Event | Category | Description | SID |
---|---|---|---|
8.247.116.126 -> local:49844 (TCP) | Generic Protocol Command Decode | SURICATA STREAM excessive retransmissions | 2210054 |
Extracted Strings
Extracted Files
Displaying 50 extracted file(s). The remaining 155 file(s) are available in the full version and XML/JSON reports.
-
Informative Selection 50
-
-
423effa4-338c-4529-a98d-e0fbeeb28267.tmp
- Size
- 63KiB (64413 bytes)
- Type
- text
- Description
- UTF-8 Unicode text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- 1a9ad66f94d515e65671d9751cf968e4
- SHA1
- 76e2bede3d9ab6eb434f4b510e51dda66b55cdb8
- SHA256
- 6eba6f9935dacd9a83c9c07f357caf22c795f1798892e07cf079803bb7241bb7
-
8d716dd4-be58-494e-92ba-48481058c4cd.tmp
- Size
- 63KiB (64437 bytes)
- Type
- text
- Description
- UTF-8 Unicode text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- 46511e59b72b746a5992ab4cc07ea170
- SHA1
- 20aac574d6d0aad2dd0615c701baa2419afaf89c
- SHA256
- c8ab93088965eb4ff864c9a7e8b5ff9c8dd4ca4d1f6354a80f92c10407c43c8b
-
9a1fded2-14c4-4036-af83-8ca3c45d4082.tmp
- Size
- 63KiB (64457 bytes)
- Type
- text
- Description
- UTF-8 Unicode text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- 6bf11c587b8d132b0c12cc8515474ba6
- SHA1
- 0291deeb761ebbdfa0e4d1049754757c36ad9054
- SHA256
- d7d0f1cb8a3e5e951f68115006075e4cdcff1201a9accea505df6f404db3eef4
-
a3aa1868-2f50-40c7-8161-98c8814c373f.tmp
- Size
- 85KiB (87541 bytes)
- Type
- data
- Description
- JSON data
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- b70aea70636102dec077f8c389a74fff
- SHA1
- 25d0a39e3bb2130f4fa9ebedabec7ec00cc8bf07
- SHA256
- 9d8f54d4c3558aa418b8686a9b052fca676d80246326158c96cb805a2d9df71c
-
settings.dat
- Size
- 280B (280 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- ad0bc7a515cdef716546f1fe7dffce24
- SHA1
- 1211554ababfbadba842f3c900fdd9d76e3186a0
- SHA256
- ff788ad9260235970674c12b2c4faa4c1825b6cbe3b471b8de23ef1ae13b1a56
-
0cd7db04-87d0-4387-8432-d4bfef577446.tmp
- Size
- 23KiB (23885 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- d5df2fb5cb75e36c1cf8228d36de034b
- SHA1
- c298445ae652872c933e9498a7cad12f74e43eb9
- SHA256
- 48dc25afcf503d2309290093cd4a2301f74b78a3aabec36b202bfd04cd7931b5
-
0feaa83a-2640-4b67-9a71-56976a48f465.tmp
- Size
- 23KiB (23697 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- f942bf0a505aaa9bc9a5e7959702a1c3
- SHA1
- f3a6e1dc162f1e91e40e8243ee99bdd8f2d6319e
- SHA256
- 17dca10803c032ecdc4fb1a5f4d8ea2ce03e624be273bee46473e07bf4a3fa5c
-
26a77e30-9640-4f39-8ecf-62b9999b1d59.tmp
- Size
- 23KiB (23981 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- d96fdfeed08e7cd247c867703d63df3f
- SHA1
- 749fcc5be8c53e631fa946c8fc02ce8170dff024
- SHA256
- 72540f09c9fffc10747798f7fb43a91cca1ee45afd0917080366b74487803809
-
6a4fca99-7edd-4beb-b53a-4565b5537f5a.tmp
- Size
- 1B (1 bytes)
- Type
- unknown
- Description
- very short file (no magic)
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- 5058f1af8388633f609cadb75a75dc9d
- SHA1
- 3a52ce780950d4d969792a2559cd519d7ee8c727
- SHA256
- cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
-
000001.dbtmp
- Size
- 16B (16 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- 46295cac801e5d4857d09837238a6394
- SHA1
- 44e0fa1b517dbf802b18faf0785eeea6ac51594b
- SHA256
- 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
-
MANIFEST-000001
- Size
- 41B (41 bytes)
- Type
- unknown
- Description
- PGP Secret Key -
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- 5af87dfd673ba2115e2fcf5cfdb727ab
- SHA1
- d5b5bbf396dc291274584ef71f444f420b6056f1
- SHA256
- f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
-
data_0
- Size
- 132KiB (135092 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- e147d8df14e991280360f1964f0337ce
- SHA1
- 9212b5dc5002b5c70e6eb751ce5024739136e9a5
- SHA256
- 9d1b1288ed46e6d29f292003ef969393b83e93076915a3325f30e32491db8e43
-
data_1
- Size
- 1.5MiB (1528576 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- 32f205a0d8263af37a771f5df7d8d8a3
- SHA1
- 01f4aa3cca42b53a9bcc09a9cbf697f1439f0647
- SHA256
- d04c8145ffff33430984acb88661a1084fd3386d5bdffc7041db616f12bcf91a
-
data_2
- Size
- 4MiB (4201004 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- 66dc70adaff8ca33938373f9fe1919b2
- SHA1
- 0afa708e02070721e625d0b850632726676025d9
- SHA256
- fdf2e36e9e9e921ec1bdbe8d2c5a8fe4ef103dab39874a77b807cd4e4880d5d3
-
f_0004c5
- Size
- 64KiB (65686 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 281548
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- ac8263bbb8433937d20c666aef901953
- SHA1
- 10a602b4e30e37405c9a5353c51570e72d59de12
- SHA256
- 1fd6c7844e9fbbe0f8759090725ae1f9ccb58f9c91f8a9db3b65e94615c1f346
-
f_0004c6
- Size
- 25KiB (25804 bytes)
- Type
- unknown
- Description
- Web Open Font Format, TrueType, length 25804, version 1.0
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- 4f9f785d98a8fa208e7f64023e124572
- SHA1
- 3e8714f56d480cfd66721447975613a1e56ca9e4
- SHA256
- 27f0ac9cff76f3925b4389a404d01e2fb525bae7b17cafb0c04e5e6bb20ca83b
-
f_0004c8
- Size
- 181KiB (185708 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 436331
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- 2be1f8a30d248999777e5083f10af52e
- SHA1
- ea3b769124e2c512a98abb88b9ba61b67f571463
- SHA256
- 288d48d21bedd954f5bb8b2fe6109135819dbc320fbfea954b57baab5ab60bfb
-
f_0004cc
- Size
- 18KiB (18295 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 42477
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- bd8368f848407291928a5bf6f58570bf
- SHA1
- bd1a754c33a1032d914ecfd3a8a5e540630f84c9
- SHA256
- 65d7ebf3eae86bac0ed4923dfc8beea0d755e8991cfbcaca56977800daba7ba7
-
f_0004ce
- Size
- 40KiB (41358 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 114576
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- 262eae52eae8f89f1633eb0bca36594d
- SHA1
- 2dca234cbc2467562ce0696cac38534286bcc240
- SHA256
- cdca2e254ca8b08e71139f02bd2e1b5f1492b0053fabc644a893575b20346138
-
f_0004d3
- Size
- 29KiB (30183 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 60514
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- a61b51c9746832d49d05337f5f17d154
- SHA1
- 0bc0c5c852f1f80f34db4c94ead8b8e191ae5bb6
- SHA256
- 1444434274f9f5f22d767d4ac971860aab8e474e0d6dc8980d3400010b81cd68
-
f_0004d4
- Size
- 85KiB (87180 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 308269
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- e834d9cce6f23d9bf15078ba29cfb76b
- SHA1
- ff48a69b93ab1bdec6d9120e5d617a759e7b085c
- SHA256
- d16a1744180310bdc494df0e0fc5d56920e2a0060ddeae3c865c6d82a5820db5
-
f_0004d6
- Size
- 21KiB (21482 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 62825
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- fb4f735c98f5722d80357f4484529350
- SHA1
- 31e6913e22f568c6fe3aac8a334da3e10613cce2
- SHA256
- 82adbe03afa3e9000d99cb9c5b3e82c605822ef9de9da54eeeee806cb47251f4
-
f_0004d7
- Size
- 23KiB (23268 bytes)
- Type
- data
- Description
- TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, yunfont
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- 44acf8923466a31680d910d7cc4f0903
- SHA1
- 351d9f0d3e293ae4c4e4c28e67b09f5ab2a39983
- SHA256
- cdec6bbf708df8fbb45cb6c8477254406972c90e28bf1bc7d265b9bd0a403cd9
-
f_0004d8
- Size
- 20KiB (20357 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 58365
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- bb8b964ff888a514e7425b023a2be07e
- SHA1
- 99098f7c8f038fc7bd3ceaacddc4f7624be2f6b8
- SHA256
- 9ad5d985364a980ced4b52e3b35958c327d679849e6380eb3c328ef6c99dab31
-
f_0004da
- Size
- 18KiB (18359 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 64291
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- d562ec6699009b6d90eb4c48ec3e19f9
- SHA1
- a196a90df46a9548d6aa770b12d6638e6ef65d07
- SHA256
- c42e98f9d91a938c474ceed8250a3b17febeab14459997014576ff3816084f11
-
f_0004df
- Size
- 51KiB (52005 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 133242
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- 1b5647aa66426645bd6be8757f9ba6fe
- SHA1
- e3c4ff32a31a4429fb1d923a6eb8c499ea7451d2
- SHA256
- 9addbd25442a402bc10d9ca436b38b8cfae7d5e9cac49ef49a382c604c67448d
-
f_0004e0
- Size
- 23KiB (23231 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 71706
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- 101ea9f29a85365b33c81e5f1e1edade
- SHA1
- cd4cf190032e06ee8cdbeb5a4239a676b50cb083
- SHA256
- 560f0ae52aedd98f55e03981f2aaa42073f08a46a24d8ed61a3d4ed662037697
-
f_0004e4
- Size
- 49KiB (49789 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 164495
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- cc9359edc2e88c895a3aa4b4af16d975
- SHA1
- c1cfdd591d8737051efc26e0c7f2849b412c788c
- SHA256
- 7b0cd12b425a7372ad96a96ef14d9dd143ec86266d8e2ebd0fa3bca097750dca
-
f_0004eb
- Size
- 53KiB (54225 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 147233
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- e7639cc305b72d93a47dfe4aeef0374f
- SHA1
- 2806da358d1f87bde94835c9787e68af7d985324
- SHA256
- 5add21fd84a0019e7fa22ebc86758d506a1eb60e2d60c1b7721c6cffea651fe5
-
f_0004ec
- Size
- 88KiB (90570 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 230042
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- f4bef4ef4f962dad514368fa06e3cb62
- SHA1
- d90323a329e02d983d713b91be0a0f78be731366
- SHA256
- 1b3b9659646b6466bed39b245b974c9a457390535c9369838b1b33d8f6bb9a87
-
f_0004ee
- Size
- 92KiB (94048 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 178137
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- 11af576ff02569ac3da588aa74230fcc
- SHA1
- f037edb6d80cff26edff0a55f7d88c59b30bf691
- SHA256
- c8ca4505cb61fb0390caba5b851cf826766a7adf425dd7c0cafb60a80db4a154
-
f_0004ef
- Size
- 41KiB (41528 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 101484
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- 06b9a019655ca3ddb2e331ca325c6918
- SHA1
- 6d37a94ba746adbcd096398f822fb9c9368a5984
- SHA256
- 21fc993791dc4785fc4cf7e7bf801da0d1221f3af0ed0c9e159039401327c983
-
f_0004f1
- Size
- 49KiB (50045 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 140569
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- 2541a733f733bb8372dc6279edce62af
- SHA1
- 06d3c14a7bf9c936be305a395cd25076da4d75a3
- SHA256
- 8f36077caee4e7e68463e5176e709e8897dd746c5c7fb0d94364bd2fbc735ab6
-
f_0004f2
- Size
- 177KiB (181561 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 547282
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- 88e30e44eaf077ec84f08b27b911eee2
- SHA1
- f668541ddafcccd6830c4e7a0f07278aeda84994
- SHA256
- e32aa01fb2ee5d63aa4f361beb1bf596a1452d511f13b6953f7bbc8805c351aa
-
f_0004f4
- Size
- 52KiB (53130 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 137330
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- abd29f94f58d3486149238e50eb35f11
- SHA1
- d39c266a26aff6f031f363c93ceec36b6593ae2f
- SHA256
- 164a75e3303a9564b67f342b00a20bc2a808e6a72f799cc42c4ba392891d3fdb
-
f_0004f5
- Size
- 52KiB (53369 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 163444
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- 4bce39382970407115138adbecdb72dc
- SHA1
- d259457b98a598f5c8c652c3d15e1a167cca8c7b
- SHA256
- b9bf0556426744d22adfac02f05967de03b02442cc123b14a5a94a2fe94d541d
-
f_0004f7
- Size
- 231KiB (236400 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 722298
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- 389abffcc600e350d8780028b7e431df
- SHA1
- 6ce044e401ea31f0b51cf760a2fc60f68a6ff412
- SHA256
- 5487bba02c5ea0f653da228197cbfba481ff89d36204f6a3f39cded37207fb29
-
f_0004fa
- Size
- 416KiB (426384 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- 6f9bbc63f4345eb11a534849757f511e
- SHA1
- cef636b766e1c5e5f5fc0c4432d362fe01950853
- SHA256
- 9b27589f074da32313d04e0b0dd8ccfe69987677756042c3a1d3069404363368
-
f_0004fb
- Size
- 575KiB (588628 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 4064)
- MD5
- aff645a945ec7ca6870f8144fb310038
- SHA1
- ad86e5943641820acc9b7c3998440c92478ab034
- SHA256
- 8321ba2ec2b5c9b2ee4cfb0be0c4b0154c4450cbd68dd5a7efe661f434340bac
-
4a956b3483ae6fc0_0
- Size
- 206B (206 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- 7b57108292e418f8c9cf1a0b466d0b7e
- SHA1
- d500b00029f4cf5edcd842e9384bd5462ead01b1
- SHA256
- 6e38ceee7a5d7cfedf675975f70b2c8786510aa07a83998b66c46826adb32a82
-
4aa854bea0fe0e5b_0
- Size
- 258B (258 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- b9ef2ce2938e6e7b4d6373e976512e07
- SHA1
- e0419c56696b9e7290a7e54e9215304ed3e89649
- SHA256
- 1b74350a80eead26190646bab8bdc7d0b135b587d7ed02677d42eaee47aad474
-
65edb6cf45283217_0
- Size
- 226B (226 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- d120a21b9c589adb60365cd73893b1b2
- SHA1
- b80d7358bd075e95c812ea379c4f7395ae5a1c96
- SHA256
- fcfb927b54c9ac6eeb63458670089740618a7a96964a76c076c3bacccdc8e630
-
6abc78e2d5911768_0
- Size
- 253B (253 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- 73bbef8678e6c12b1be46d78b0ce5ecd
- SHA1
- be02388744153e9282c5ac1da07e162d8a1693ad
- SHA256
- 88b1e8e606312894ee6ecd7db75f7019e851a092052753f2bb0dc665dbb22385
-
8f4c7d70eb5729a9_0
- Size
- 258B (258 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- f70cd23d75d698ce171bda4cad7e53eb
- SHA1
- 984abc834c62590926ff007964cc4a655cb1363d
- SHA256
- a01205904f852d548810ecae2d56a9f22f1f1a9afdcacafaa3a9d11b238262b7
-
919b6e5ad0a5b2e6_0
- Size
- 216B (216 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- 14c2915390a732ab4bbb7585e71912cb
- SHA1
- 115444889a5e36b55193d0b619496c51b3b17ab7
- SHA256
- a11df3b9cc78dff32ca7a7c3bc632c0d5ac2de2fc0917e4761447b49a51cfd84
-
9369c184be6c76aa_0
- Size
- 205B (205 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- 9771d6b635d036e9d0ed070df5843f39
- SHA1
- 50dd909625dd8571cb3fc24144c968bbdb84fd5c
- SHA256
- 64bdfc54cd15ac72aed4bcfdeb81c428c2ebbdd811562f61502621f62fd341a1
-
95c1d8bc921a8661_0
- Size
- 257B (257 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- cc61dec99325ae7cf13897190526ad25
- SHA1
- 8b4f0982f0148a686c6736c365612d2e02b7a636
- SHA256
- 32d2f1686d923b192d5b369c06529f6ef017fafc4854c0fa2db43b76a127cd5c
-
a7b490f7929c7d8e_0
- Size
- 258B (258 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- 7c344ac7a42e84092994cda81ac95056
- SHA1
- 6438e1a55530367002891e12374f327b616dfce9
- SHA256
- 4f2c0ff4f2e05e230d8a4a2de5f27a63f65d4c8d6bfab7208e7be6b5298d9bd2
-
b053b49453799b44_0
- Size
- 251B (251 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- 79466ec25754df37f3d09ec03c8b371d
- SHA1
- 4075d6d10455c4d372a3c8f59cac644efa4f80a3
- SHA256
- 59daa6c2c57cfad0301eeef2ea4177ba54b0163152c670c5e7c9c3c0f3b2634e
-
c55d0ca78413a6ad_0
- Size
- 196B (196 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3000)
- MD5
- 5754882f408023cb19a98cf5d88c258f
- SHA1
- 5ff1b91e615fb8743cc8b784df57b76bc8ab1cd1
- SHA256
- 63a24456ee50a13dfd9908609d37b24a0ef50cf1d9af9262dcfc6dc0c50ec801
-
Notifications
-
Runtime
- Not all IP/URL string resources were checked online
- Not all created files are visible for msedge.exe (PID: 3000)
- Not all file accesses are visible for msedge.exe (PID: 1184)
- Not all file accesses are visible for msedge.exe (PID: 1396)
- Not all file accesses are visible for msedge.exe (PID: 1676)
- Not all file accesses are visible for msedge.exe (PID: 1956)
- Not all file accesses are visible for msedge.exe (PID: 2348)
- Not all file accesses are visible for msedge.exe (PID: 2500)
- Not all file accesses are visible for msedge.exe (PID: 2712)
- Not all file accesses are visible for msedge.exe (PID: 3000)
- Not all file accesses are visible for msedge.exe (PID: 4004)
- Not all file accesses are visible for msedge.exe (PID: 4064)
- Not all file accesses are visible for msedge.exe (PID: 4144)
- Not all file accesses are visible for msedge.exe (PID: 4332)
- Not all file accesses are visible for msedge.exe (PID: 5440)
- Not all file accesses are visible for msedge.exe (PID: 6048)
- Not all file accesses are visible for msedge.exe (PID: 6468)
- Not all file accesses are visible for msedge.exe (PID: 6540)
- Not all file accesses are visible for msedge.exe (PID: 6564)
- Not all file accesses are visible for msedge.exe (PID: 6792)
- Not all file accesses are visible for msedge.exe (PID: 6860)
- Some low-level data is hidden, as this is only a slim report
- This URL analysis has missing honeyclient data
- Not all sources for indicator ID "mutant-0" are available in the report
- Not all sources for indicator ID "network-1" are available in the report
- Not all sources for indicator ID "network-51" are available in the report