https://creations.mattel.com/
This report is generated from a file or URL submitted to this webservice on May 12th 2023 12:59:40 (UTC) and action script Default browser analysis
Guest System: Windows 10 64 bit, Professional, 10.0 (build 16299),
Report generated by
Falcon Sandbox v10.1.2 © Hybrid Analysis
Incident Response
Risk Assessment
- Network Behavior
- Contacts 36 domains and 39 hosts. View all details
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Suspicious Indicators 1
-
General
-
Found a potential E-Mail address in binary/memory
- details
-
Pattern match: "mg_aspot_d_launch_a6808744-f0ed-4092-addd-ceb696ffe054_1440x@2x.jpg"
Pattern match: "mg_aspot_m_launch_eaf6de11-b456-4178-851b-382ace86e103_640x@2x.jpg"
Pattern match: "lpa6b0_1_1440x@2x.jpg"
Pattern match: "lp_asp_1_834ec5c8-1f06-47d4-8d70-87979a3f895d_640x@2x.jpg"
Pattern match: "mc_aspot_d_hlx71_maleficent_1440x@2x.jpg"
Pattern match: "mc_aspot_m_hlx71_maleficent_640x@2x.jpg"
Pattern match: "bb_dro_2_0d77881b-aae1-4f43-8f5b-137bce4b425a_1440x@2x.jpg"
Pattern match: "bb_dro_1_7abc4bd4-12c7-480e-8f9b-df201eb25327_640x@2x.jpg"
Pattern match: "bb_movietrailer_banner_d_1440x@2x.jpg"
Pattern match: "bb_movietrailer_banner_m_640x@2x.jpg"
Pattern match: "hp-mattelcreations-flegxgrid-desktop_1440x@2x.jpg"
Pattern match: "mobile_letscreate_640x@2x.jpg" - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1114 (Show technique in the MITRE ATT&CK™ matrix)
-
Found a potential E-Mail address in binary/memory
-
Informative 13
-
External Systems
-
Detected Suricata Alert
- details
- Detected alert "SURICATA STREAM excessive retransmissions" (SID: 2210054, Rev: 1, Severity: 3) categorized as "Generic Protocol Command Decode"
- source
- Suricata Alerts
- relevance
- 10/10
-
Sample was identified as clean by Antivirus engines
- details
- 0/90 Antivirus vendors marked sample as malicious (0% detection rate)
- source
- External System
- relevance
- 10/10
-
Detected Suricata Alert
-
General
-
Contacts server
- details
-
"23.227.38.74:443"
"138.91.254.96:443"
"23.227.60.200:443"
"104.17.225.78:443"
"23.44.229.108:443"
"142.250.191.42:443"
"104.16.228.60:443"
"151.101.2.133:443"
"184.86.106.193:443"
"3.211.121.92:443"
"23.227.38.33:443"
"13.227.74.20:443"
"157.240.22.25:443"
"142.251.214.130:443"
"157.240.11.35:443"
"104.18.16.174:443"
"185.146.173.20:443"
"104.26.6.107:443"
"13.227.74.124:443"
"172.67.69.247:443"
"151.101.1.140:443"
"172.67.20.158:443" - source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Creates mutants
- details
-
"Local\SM0:6540:120:WilError_01"
"SM0:6540:304:WilStaging_02"
"InternetShortcutMutex"
"Local\SM0:6540:304:WilStaging_02"
"SM0:6540:120:WilError_01" - source
- Created Mutant
- relevance
- 3/10
-
Found a reference to a known community page
- details
-
Found string "leveldb.BytewiseComparator7META:https://microsoftedgewelcome.microsoft.com8_https://www.facebook.com__test__16511672347254META:https://a21017440049.cdn.optimizely.com?_https://www.bing.comCB47C15FA3044AB884F7E32B9FD32ED2" (Indicator: "dir "; File: "MANIFEST-000001")
Found string "www.facebook.com" (Indicator: "dir "; File: "PCAP")
Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")
Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")
Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")
Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-stable.json")
Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-stable.json")
Found string "<meta property="og:site_name" content="Mattel Creations"><meta name="twitter:card" content="summary"><meta name="twitter:title" content="Mattel Creations">" (Indicator: "dir "; File: "urlref_httpscreations.mattel.com")
file/memory contains long string with (Indicator: "dir "; File: "urlref_httpscreations.mattel.com")
Found string "<meta id="in-context-paypal-metadata" data-shop-id="56811323597" data-venmo-supported="true" data-environment="production" data-locale="en_US" data-paypal-v4="true" data-currency="USD">" (Indicator: "dir "; File: "urlref_httpscreations.mattel.com")
Found string "<script>window.ShopifyPaypalV4VisibilityTracking = true;</script>" (Indicator: "dir "; File: "urlref_httpscreations.mattel.com")
Found string "<symbol id="icon-twitter" viewBox="0 0 32 32">" (Indicator: "dir "; File: "urlref_httpscreations.mattel.com")
Found string "<title>twitter</title>" (Indicator: "dir "; File: "urlref_httpscreations.mattel.com")
Found string "<symbol id="icon-youtube" viewBox="0 0 33 32">" (Indicator: "dir "; File: "urlref_httpscreations.mattel.com")
Found string "<title>youtube</title>" (Indicator: "dir "; File: "urlref_httpscreations.mattel.com") - source
- File/Memory
- relevance
- 7/10
-
Queries DNS server
- details
-
"a21017440049.cdn.optimizely.com"
"a40.usablenet.com"
"ajax.googleapis.com"
"alb.reddit.com"
"api.edgeoffer.microsoft.com"
"blueconic.mattel.com"
"cdn.fonts.net"
"cdn.nfcube.com"
"cdn.quantummetric.com"
"cdn.shopify.com"
"connect.facebook.net"
"consent.trustarc.com"
"creations.mattel.com"
"crossborder-integration.global-e.com"
"forms.soundestlink.com"
"geolocation-recommendations.shopifyapps.com"
"gepi.global-e.com"
"googleads.g.doubleclick.net"
"instafeed.nfcube.com"
"logx.optimizely.com"
"mattel-app.quantummetric.com"
"mattel-sync.quantummetric.com"
"mattel.blueconic.net"
"monorail-edge.shopifysvc.com"
"omnisnippet1.com" - source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071.004 (Show technique in the MITRE ATT&CK™ matrix)
-
Contacts server
-
Installation/Persistence
-
Dropped files
- details
-
"urlref_httpscreations.mattel.com" has type "HTML document UTF-8 Unicode text with very long lines with CRLF LF line terminators"- [targetUID: N/A]
"load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\load_statistics.db-wal]- [targetUID: 00000000-00006048]
"data_2" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2]- [targetUID: 00000000-00006304]
"Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\35\scoped_dir6048_73516032\Ruleset Data]- [targetUID: 00000000-00006048]
"wallet-pre-stable.json" has type "ASCII text"- [targetUID: 00000000-00006048]
"wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: 00000000-00006048]
"Filtering Rules" has type "data"- Location: [%TEMP%\6048_795799618\Filtering Rules]- [targetUID: 00000000-00006048]
"edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\6048_1079017833\edge_driver.js]- [targetUID: 00000000-00006048]
"b0b8f6ba-8ffc-4ba7-95b7-f928272a8fe5.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 633146"- Location: [%TEMP%\b0b8f6ba-8ffc-4ba7-95b7-f928272a8fe5.tmp]- [targetUID: 00000000-00006048]
"vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1]- [targetUID: 00000000-00006304]
"wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]
"000009.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000009.log]- [targetUID: 00000000-00006048]
"000013.ldb" has type "data"- [targetUID: N/A]
"bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\6048_1079017833\bnpl\bnpl.bundle.js]- [targetUID: 00000000-00006048]
"tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]
"f_0004f9" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"miniwallet.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]
"notification.bundle.js" has type "ASCII text with very long lines"- [targetUID: 00000000-00006048]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log]- [targetUID: 00000000-00006048]
"load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\load_statistics.db]- [targetUID: 00000000-00006048]
"f_0004fa" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"Filtering Rules-AA" has type "data"- Location: [%TEMP%\6048_795799618\Filtering Rules-AA]- [targetUID: 00000000-00006048]
"f_0004f8" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"000014.ldb" has type "data"- [targetUID: N/A]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\GrShaderCache\data_1]- [targetUID: 00000000-00006304]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\DawnCache\data_1]- [targetUID: 00000000-00006304]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\ShaderCache\data_1]- [targetUID: 00000000-00006304]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\GPUCache\data_1]- [targetUID: 00000000-00006304]
"f_0004f6" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"f_0004f7" has type "data"- [targetUID: N/A]
"f_000507" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000507]- [targetUID: 00000000-00006304]
"f_0004f5" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"sslkey.txt" has type "data"- Location: [%TEMP%\sslkey.txt]- [targetUID: 00000000-00006048]
"History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\History]- [targetUID: 00000000-00006540]
"wallet-checkout-eligible-sites.json" has type "ASCII text"- [targetUID: 00000000-00006048]
"wallet-checkout-eligible-sites-pre-stable.json" has type "ASCII text"- Location: [%TEMP%\6048_1079017833\json\wallet\wallet-checkout-eligible-sites-pre-stable.json]- [targetUID: 00000000-00006048]
"f_0004f1" has type "RIFF (little-endian) data Web/P image"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004f1]- [targetUID: 00000000-00006304]
"Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Web Data]- [targetUID: 00000000-00006048]
"Visited Links" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Visited Links]- [targetUID: 00000000-00006048]
"f_0004ef" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"data_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0]- [targetUID: 00000000-00006304]
"f_0004ee" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"f_0004f3" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"f_0004fc" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004fc]- [targetUID: 00000000-00006304]
"f_0004f0" has type "RIFF (little-endian) data Web/P image"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004f0]- [targetUID: 00000000-00006304]
"f_0004ec" has type "gzip compressed data from Unix original size modulo 2^32 385163"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004ec]- [targetUID: 00000000-00006304]
"Tabs_13328370309577759" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sessions\Tabs_13328370309577759]- [targetUID: 00000000-00006048]
"f_0004c8" has type "gzip compressed data last modified: Thu May 11 16:44:09 2023 max compression original size modulo 2^32 325959"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c8]- [targetUID: 00000000-00006304]
"f_0004ff" has type "data"- [targetUID: N/A]
"a6ebb8ba-184f-4fe6-b540-db43146b076d.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Ad Blocking\a6ebb8ba-184f-4fe6-b540-db43146b076d.tmp]- [targetUID: 00000000-00006048]
"f_000503" has type "data"- [targetUID: N/A]
"f_0004e5" has type "RIFF (little-endian) data Web/P image"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004e5]- [targetUID: 00000000-00006304]
"f_0004d2" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d2]- [targetUID: 00000000-00006304]
"f_0004fb" has type "data"- [targetUID: N/A]
"Diagnostic Data-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Diagnostic Data-wal]- [targetUID: 00000000-00006048]
"f_000502" has type "data"- [targetUID: N/A]
"f_0004db" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"f_0004e6" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"f_0004c9" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c9]- [targetUID: 00000000-00006304]
"f_0004e0" has type "data"- [targetUID: N/A]
"f_0004de" has type "data"- [targetUID: N/A]
"f_0004e1" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"f_0004e3" has type "RIFF (little-endian) data Web/P image"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004e3]- [targetUID: 00000000-00006304]
"1da8076b-a918-4d24-8609-ffce4dd8fe7d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\1da8076b-a918-4d24-8609-ffce4dd8fe7d.tmp]- [targetUID: 00000000-00006048]
"0c43f378-fb1e-4c28-a420-30b1d85ebe1a.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\0c43f378-fb1e-4c28-a420-30b1d85ebe1a.tmp]- [targetUID: 00000000-00006048]
"fc622fc9-9956-4188-a771-32dd39b92722.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\fc622fc9-9956-4188-a771-32dd39b92722.tmp]- [targetUID: 00000000-00006048]
"c70433fb-0de4-4d87-9d66-7d5a44ae2c24.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\c70433fb-0de4-4d87-9d66-7d5a44ae2c24.tmp]- [targetUID: 00000000-00006048]
"bf7218bb-0251-4a9f-9af0-d64bc7c329c8.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\bf7218bb-0251-4a9f-9af0-d64bc7c329c8.tmp]- [targetUID: 00000000-00006048]
"15ec4838-aa6a-4035-8ddd-ab05ca6aa590.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\15ec4838-aa6a-4035-8ddd-ab05ca6aa590.tmp]- [targetUID: 00000000-00006048]
"d4ed1b6a-4171-4666-9f4e-2f897774bed1.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\d4ed1b6a-4171-4666-9f4e-2f897774bed1.tmp]- [targetUID: 00000000-00006048]
"c4f46dd5-78c1-46c7-92eb-61c2bc229c9a.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\c4f46dd5-78c1-46c7-92eb-61c2bc229c9a.tmp]- [targetUID: 00000000-00006048]
"77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00006048]
"000004.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000004.log]- [targetUID: 00000000-00006048]
"f_000506" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 190850"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000506]- [targetUID: 00000000-00006304]
"Network Action Predictor" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network Action Predictor]- [targetUID: 00000000-00006048]
"f_0004d7" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"f_0004f2" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"Reporting and NEL" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\Reporting and NEL]- [targetUID: 00000000-00006304]
"f_0004e4" has type "RIFF (little-endian) data Web/P image"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004e4]- [targetUID: 00000000-00006304]
"f_0004c3" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c3]- [targetUID: 00000000-00006304]
"f_0004ed" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"f_0004c5" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c5]- [targetUID: 00000000-00006304]
"f_0004d8" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"Cookies" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\Cookies]- [targetUID: 00000000-00006304]
"f_0004e7" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"Session_13328370308607158" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sessions\Session_13328370308607158]- [targetUID: 00000000-00006048]
"f_000501" has type "data"- [targetUID: N/A]
"f_0004d9" has type "RIFF (little-endian) data Web/P image"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d9]- [targetUID: 00000000-00006304]
"Favicons" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Favicons]- [targetUID: 00000000-00006048]
"f_0004e9" has type "RIFF (little-endian) data Web/P image"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004e9]- [targetUID: 00000000-00006304]
"checkoutdata.json" has type "JSON data"- [targetUID: N/A]
"f_0004fd" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 132604"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004fd]- [targetUID: 00000000-00006304]
"Filtering Rules-CA" has type "data"- Location: [%TEMP%\6048_795799618\Filtering Rules-CA]- [targetUID: 00000000-00006048]
"History-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\History-journal]- [targetUID: 00000000-00006048]
"f_0004da" has type "RIFF (little-endian) data Web/P image"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004da]- [targetUID: 00000000-00006304]
"f_0004e8" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"f_000500" has type "gzip compressed data max compression original size modulo 2^32 97163"- [targetUID: N/A]
"Network Action Predictor-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network Action Predictor-journal]- [targetUID: 00000000-00006048]
"Cookies-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\Cookies-journal]- [targetUID: 00000000-00006304]
"f_0004d4" has type "RIFF (little-endian) data Web/P image"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d4]- [targetUID: 00000000-00006304]
"f_0004c7" has type "gzip compressed data from Unix original size modulo 2^32 94356"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c7]- [targetUID: 00000000-00006304]
"f_0004ce" has type "RIFF (little-endian) data Web/P image"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004ce]- [targetUID: 00000000-00006304]
"f_0004c6" has type "gzip compressed data max compression original size modulo 2^32 86709"- [targetUID: N/A]
"f_0004cd" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"f_0004df" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"Reporting and NEL-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\Reporting and NEL-journal]- [targetUID: 00000000-00006304]
"Vpn Tokens" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Vpn Tokens]- [targetUID: 00000000-00006048]
"f_0004d0" has type "Web Open Font Format (Version 2) CFF length 27924 version 0.0"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d0]- [targetUID: 00000000-00006304]
"f_0004d5" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d5]- [targetUID: 00000000-00006304]
"f_0004ea" has type "gzip compressed data from Unix original size modulo 2^32 108543"- [targetUID: N/A]
"f_0004d3" has type "Web Open Font Format (Version 2) CFF length 27308 version 0.0"- [targetUID: N/A]
"f_0004cf" has type "Web Open Font Format (Version 2) TrueType length 26764 version 0.0"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004cf]- [targetUID: 00000000-00006304]
"f_0004c4" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c4]- [targetUID: 00000000-00006304]
"f_0004e2" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log]- [targetUID: 00000000-00006048]
"f_0004ca" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004ca]- [targetUID: 00000000-00006304]
"f_0004dd" has type "data"- [targetUID: N/A]
"shopping_iframe_driver.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"f_0004dc" has type "data"- [targetUID: N/A]
"f_0004d6" has type "Web Open Font Format (Version 2) CFF length 25112 version 0.0"- [targetUID: N/A]
"LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\6048_795799618\LICENSE]- [targetUID: 00000000-00006048]
"c2ce595f-3fab-466f-add9-648bcb6d5164.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\c2ce595f-3fab-466f-add9-648bcb6d5164.tmp]- [targetUID: 00000000-00006048]
"11296a94-4c3c-4fbd-b41c-31c62038bc85.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\11296a94-4c3c-4fbd-b41c-31c62038bc85.tmp]- [targetUID: 00000000-00006048]
"e4b7db86-6f2c-4a08-be3d-6df0b56a13f0.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\e4b7db86-6f2c-4a08-be3d-6df0b56a13f0.tmp]- [targetUID: 00000000-00006048]
"5bb6de10-30af-4351-b38f-34872f6b8a5d.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\5bb6de10-30af-4351-b38f-34872f6b8a5d.tmp]- [targetUID: 00000000-00006048]
"039d0af0-0880-4703-9cd7-0a43e2342d78.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"f_0004cc" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004cc]- [targetUID: 00000000-00006304]
"f_0004f4" has type "gzip compressed data from Unix original size modulo 2^32 79493"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004f4]- [targetUID: 00000000-00006304]
"3f2a81eb-a08e-4e82-a9af-5c71058a47fe.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"f_0004d1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d1]- [targetUID: 00000000-00006304]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-hub\ru\strings.json]- [targetUID: 00000000-00006048]
"7e3f3c59-a16a-4dce-a230-4b799a27f81c.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\7e3f3c59-a16a-4dce-a230-4b799a27f81c.tmp]- [targetUID: 00000000-00006048]
"f_000505" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 97039"- [targetUID: N/A]
"f_000504" has type "data"- [targetUID: N/A]
"000007.ldb" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000007.ldb]- [targetUID: 00000000-00006048]
"f_0004fe" has type "gzip compressed data max compression original size modulo 2^32 52082"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004fe]- [targetUID: 00000000-00006304]
"super_coupon.json" has type "JSON data"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-hub\ar\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-hub\ja\strings.json]- [targetUID: 00000000-00006048]
"f_0004eb" has type "data"- [targetUID: N/A]
"f_0004cb" has type "data"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-hub\fr\strings.json]- [targetUID: 00000000-00006048]
"arbitration_service_config.json" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\arbitration_service_config.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-hub\de\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-hub\pt-PT\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-hub\it\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-hub\es\strings.json]- [targetUID: 00000000-00006048]
"f_000508" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000508]- [targetUID: 00000000-00006304]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-hub\pt-BR\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-hub\nl\strings.json]- [targetUID: 00000000-00006048]
"Favicons-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Favicons-journal]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-hub\sv\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-hub\id\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-hub\en-GB\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-hub\zh-Hant\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-hub\zh-Hans\strings.json]- [targetUID: 00000000-00006048]
"WebAssistDatabase" has type "SQLite 3.x database last written using SQLite version 3039003"- [targetUID: N/A]
"temp-index" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-ec\ru\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-ec\ar\strings.json]- [targetUID: 00000000-00006048]
"bnpl_driver.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\6048_1079017833\bnpl_driver.js]- [targetUID: 00000000-00006048]
"ea263923-3b16-4b39-a7c8-f97210f94e05.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\ea263923-3b16-4b39-a7c8-f97210f94e05.tmp]- [targetUID: 00000000-00006304]
"b8bc9248-403b-49da-b425-1d50626e4969.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\b8bc9248-403b-49da-b425-1d50626e4969.tmp]- [targetUID: 00000000-00006304]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-ec\ja\strings.json]- [targetUID: 00000000-00006048]
"643d360f-aec8-49f6-b327-2fd5ec4185ff.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\643d360f-aec8-49f6-b327-2fd5ec4185ff.tmp]- [targetUID: 00000000-00006304]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-ec\fr-CA\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-ec\fr\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-shared-components\ru\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-ec\it\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-ec\de\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-ec\pt-PT\strings.json]- [targetUID: 00000000-00006048]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-ec\es\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-ec\nl\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-ec\pt-BR\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-ec\id\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-ec\sv\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-ec\zh-Hant\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-ec\en-GB\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-shared-components\ar\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-ec\zh-Hans\strings.json]- [targetUID: 00000000-00006048]
"000004.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Session Storage\000004.log]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-shared-components\ja\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-shared-components\fr-CA\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-shared-components\fr\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-shared-components\de\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-shared-components\pt-PT\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-shared-components\pt-BR\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-shared-components\es\strings.json]- [targetUID: 00000000-00006048]
"f819bf79-c347-45d4-bfc9-c53581e6e45f.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\f819bf79-c347-45d4-bfc9-c53581e6e45f.tmp]- [targetUID: 00000000-00006304]
"b022fb1b-4706-4ee4-9ab4-bd77872d7530.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\b022fb1b-4706-4ee4-9ab4-bd77872d7530.tmp]- [targetUID: 00000000-00006304]
"bef7d506-2b55-44a2-9cfd-ac484d9222ed.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\bef7d506-2b55-44a2-9cfd-ac484d9222ed.tmp]- [targetUID: 00000000-00006304]
"8ee90f48-23d3-482f-ac64-36b20a9b3c5a.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\8ee90f48-23d3-482f-ac64-36b20a9b3c5a.tmp]- [targetUID: 00000000-00006304]
"c3571fc0-011e-46cc-bc3e-75dfb42874dc.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\c3571fc0-011e-46cc-bc3e-75dfb42874dc.tmp]- [targetUID: 00000000-00006304]
"a63eecdb-6e51-44e2-98d9-3bc1570bbbfa.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\a63eecdb-6e51-44e2-98d9-3bc1570bbbfa.tmp]- [targetUID: 00000000-00006304]
"9cce4cce-db46-4768-91a1-4cad86483675.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\9cce4cce-db46-4768-91a1-4cad86483675.tmp]- [targetUID: 00000000-00006304]
"08210169-a201-4836-acc8-24e6805d7483.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\08210169-a201-4836-acc8-24e6805d7483.tmp]- [targetUID: 00000000-00006304]
"9e800126-b7ea-44f9-ab8c-4a65dcefd607.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\9e800126-b7ea-44f9-ab8c-4a65dcefd607.tmp]- [targetUID: 00000000-00006304]
"d28aced0-f6b3-4e81-b573-a09138b86d47.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\d28aced0-f6b3-4e81-b573-a09138b86d47.tmp]- [targetUID: 00000000-00006304]
"cc54591a-d298-4c7f-9c04-c5786cddfcd2.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\cc54591a-d298-4c7f-9c04-c5786cddfcd2.tmp]- [targetUID: 00000000-00006304]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-shared-components\it\strings.json]- [targetUID: 00000000-00006048]
"WebAssistDatabase-journal" has type "SQLite Rollback Journal"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-shared-components\nl\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-shared-components\id\strings.json]- [targetUID: 00000000-00006048]
"c87386a5-3f6c-4a2d-9e2a-f4222121684d.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\c87386a5-3f6c-4a2d-9e2a-f4222121684d.tmp]- [targetUID: 00000000-00006304]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-shared-components\sv\strings.json]- [targetUID: 00000000-00006048]
"notification.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\6048_1079017833\Notification\notification.html]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-shared-components\en-GB\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-shared-components\zh-Hans\strings.json]- [targetUID: 00000000-00006048]
"mini-wallet.html" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]
"86d1ed37-8802-49cd-b5ef-27178d3b5f27.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"d369ec53-7664-403d-873c-9930e30272d7.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"d28ce902-e1de-4326-b43d-47f3c385caa1.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"2b1a61e3-83d7-4138-be18-2027e8d47df2.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\2b1a61e3-83d7-4138-be18-2027e8d47df2.tmp]- [targetUID: 00000000-00006304]
"000006.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000006.log]- [targetUID: 00000000-00006048]
"Web Data-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Web Data-journal]- [targetUID: 00000000-00006048]
"Vpn Tokens-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Vpn Tokens-journal]- [targetUID: 00000000-00006048]
"ebb63783-71a1-41db-a49d-460501da7f5a.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"0d1e4f60-8556-4403-932a-44f423baabf5.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\0d1e4f60-8556-4403-932a-44f423baabf5.tmp]- [targetUID: 00000000-00006304]
"wallet-tokenization-config.json" has type "ASCII text"- Location: [%TEMP%\6048_1079017833\json\wallet\wallet-tokenization-config.json]- [targetUID: 00000000-00006048]
"runtime.bundle.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-tokenized-card\ar\strings.json]- [targetUID: 00000000-00006048]
"f6a4f247dbf4d697c26b375e3580d6053baf25f5.tbres" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\TokenBroker\Cache\f6a4f247dbf4d697c26b375e3580d6053baf25f5.tbres]- [targetUID: 00000000-00006048]
"adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\6048_795799618\adblock_snippet.js]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-tokenized-card\pt-PT\strings.json]- [targetUID: 00000000-00006048]
"wallet-crypto.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\6048_1079017833\wallet-crypto.html]- [targetUID: 00000000-00006048]
"wallet.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\6048_1079017833\wallet.html]- [targetUID: 00000000-00006048]
"wallet-drawer.html" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]
"wallet-drawer.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"bnpl.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\6048_1079017833\bnpl\bnpl.bundle.js.LICENSE.txt]- [targetUID: 00000000-00006048]
"vendor.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"tokenized-card.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\6048_1079017833\Tokenized-Card\tokenized-card.html]- [targetUID: 00000000-00006048]
"bnpl.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\6048_1079017833\bnpl\bnpl.html]- [targetUID: 00000000-00006048]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log]- [targetUID: 00000000-00006048]
"miniwallet.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\6048_1079017833\Mini-Wallet\miniwallet.bundle.js.LICENSE.txt]- [targetUID: 00000000-00006048]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log]- [targetUID: 00000000-00006048]
"load-hub-i18n.bundle.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\6048_1079017833\load-hub-i18n.bundle.js]- [targetUID: 00000000-00006048]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG]- [targetUID: 00000000-00006048]
"load-ec-i18n.bundle.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"d34459c8ee07d4b1_0" has type "data"- [targetUID: N/A]
"donationUntrusted.bundle.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\6048_1079017833\donationUntrusted.bundle.js]- [targetUID: 00000000-00006048]
"donation-untrusted.html" has type "HTML document ASCII text with very long lines with no line terminators"- Location: [%TEMP%\6048_1079017833\donation-untrusted.html]- [targetUID: 00000000-00006048]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG]- [targetUID: 00000000-00006048]
"MANIFEST-000001" has type "PGP Secret Key -"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001]- [targetUID: 00000000-00006048]
"caaedfbc4b7eb80d_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\caaedfbc4b7eb80d_0]- [targetUID: 00000000-00006048]
"deeaf5e82a18843a_0" has type "data"- [targetUID: N/A]
"wallet-notification-config.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\wallet\wallet-notification-config.json]- [targetUID: 00000000-00006048]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG]- [targetUID: 00000000-00006048]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG]- [targetUID: 00000000-00006048]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG]- [targetUID: 00000000-00006048]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG]- [targetUID: 00000000-00006048]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Platform Notifications\LOG]- [targetUID: 00000000-00006048]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG]- [targetUID: 00000000-00006048]
"77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00006048]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Extension State\LOG]- [targetUID: 00000000-00006048]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Session Storage\LOG]- [targetUID: 00000000-00006048]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\LOG]- [targetUID: 00000000-00006048]
"MANIFEST-000001" has type "PGP Secret Key -"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\MANIFEST-000001]- [targetUID: 00000000-00006048]
"1c0d92ac67cf9db5_0" has type "data"- [targetUID: N/A]
"LOG" has type "ASCII text"- [targetUID: 00000000-00006048]
"2561b74e80bdacb5_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\2561b74e80bdacb5_0]- [targetUID: 00000000-00006048]
"aeb56360a21b46ba_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\aeb56360a21b46ba_0]- [targetUID: 00000000-00006048]
"f799da667ece2dfb_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\f799da667ece2dfb_0]- [targetUID: 00000000-00006048]
"a35823f3df6aba3a_0" has type "data"- [targetUID: N/A]
"8c8bb14a390c2d16_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\8c8bb14a390c2d16_0]- [targetUID: 00000000-00006048]
"settings.dat" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Crashpad\settings.dat]- [targetUID: 00000000-00004544]
"8b0820d5c733d487_0" has type "data"- [targetUID: N/A]
"4e20f4f6909f9ad6_0" has type "data"- [targetUID: N/A]
"7bf57a6bcfa10e5b_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\7bf57a6bcfa10e5b_0]- [targetUID: 00000000-00006048]
"0f3e0fd6f76616bb_0" has type "data"- [targetUID: N/A]
"e4d84066ab2ec770_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\e4d84066ab2ec770_0]- [targetUID: 00000000-00006048]
"b89abfe9a868d841_0" has type "data"- [targetUID: N/A]
"dbfb1a9b5a1d9fda_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\dbfb1a9b5a1d9fda_0]- [targetUID: 00000000-00006048]
"01f42c1b0ec1c65d_0" has type "data"- [targetUID: N/A]
"63dcf534aae3d7c4_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\63dcf534aae3d7c4_0]- [targetUID: 00000000-00006048]
"84503d6aaab545ee_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\84503d6aaab545ee_0]- [targetUID: 00000000-00006048]
"b15825dc48543263_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\b15825dc48543263_0]- [targetUID: 00000000-00006048]
"f94d11e2cc569985_0" has type "data"- [targetUID: N/A]
"f51292168162b014_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\f51292168162b014_0]- [targetUID: 00000000-00006048]
"bb8c02104bc2cdfc_0" has type "data"- [targetUID: N/A]
"8c2039527856a0fa_0" has type "data"- [targetUID: N/A]
"b6b89ea0e36775a5_0" has type "data"- [targetUID: N/A]
"a6fc332bc0d425e3_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\a6fc332bc0d425e3_0]- [targetUID: 00000000-00006048]
"c9f22e372422000a_0" has type "data"- [targetUID: N/A]
"2afefc1c1fde0b15_0" has type "data"- [targetUID: N/A]
"d870e9c9522756df_0" has type "data"- [targetUID: N/A]
"7546c0e865bf1fb3_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\7546c0e865bf1fb3_0]- [targetUID: 00000000-00006048]
"d149fd9edac7c26e_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\d149fd9edac7c26e_0]- [targetUID: 00000000-00006048]
"da398d57e0feacf0_0" has type "data"- [targetUID: N/A]
"aa53d1f330484cb6_0" has type "data"- [targetUID: N/A]
"06f7943ce02f94ba_0" has type "data"- [targetUID: N/A]
"c64fdcee94c1a642_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\c64fdcee94c1a642_0]- [targetUID: 00000000-00006048]
"6764577f07884563_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\6764577f07884563_0]- [targetUID: 00000000-00006048]
"45ec49a63182e42c_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\45ec49a63182e42c_0]- [targetUID: 00000000-00006048]
"4e84a8bd62a80aad_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\4e84a8bd62a80aad_0]- [targetUID: 00000000-00006048]
"de5d87ed660497b9_0" has type "data"- [targetUID: N/A]
"6b784cc74fee82a1_0" has type "data"- [targetUID: N/A]
"21de9642f166b2d1_0" has type "data"- [targetUID: N/A]
"7b864a6d469b8230_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\7b864a6d469b8230_0]- [targetUID: 00000000-00006048]
"da12e4b6950baeb1_0" has type "data"- [targetUID: N/A]
"7ad26e43c835b9ff_0" has type "data"- [targetUID: N/A]
"684428fec7d1e65a_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\684428fec7d1e65a_0]- [targetUID: 00000000-00006048]
"1a88f5ca8a246225_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\1a88f5ca8a246225_0]- [targetUID: 00000000-00006048]
"de014a18d89aab5d_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\de014a18d89aab5d_0]- [targetUID: 00000000-00006048]
"77bdb9b0507d1109_0" has type "data"- [targetUID: N/A]
"b02cd325bb67ed44_0" has type "data"- [targetUID: N/A]
"7f3eb307924b44aa_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\7f3eb307924b44aa_0]- [targetUID: 00000000-00006048]
"ea3087fd3459bda1_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\ea3087fd3459bda1_0]- [targetUID: 00000000-00006048]
"a4996a6e33aad883_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\a4996a6e33aad883_0]- [targetUID: 00000000-00006048]
"d00e348b316c430c_0" has type "data"- [targetUID: N/A]
"e178cb1aaed538b4_0" has type "data"- [targetUID: N/A]
"7ad85ef998eebb29_0" has type "data"- [targetUID: N/A]
"18e5fd930676d6ac_0" has type "data"- [targetUID: N/A]
"866dcf492f16bd52_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\866dcf492f16bd52_0]- [targetUID: 00000000-00006048]
"000012.log" has type "data"- [targetUID: N/A]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\6048_1079017833\manifest.json]- [targetUID: 00000000-00006048]
"crypto.bundle.js" has type "ASCII text with no line terminators"- Location: [%TEMP%\6048_1079017833\crypto.bundle.js]- [targetUID: 00000000-00006048]
"Last Browser" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Last Browser]- [targetUID: 00000000-00006048]
"manifest.json" has type "JSON data"- Location: [%TEMP%\6048_795799618\manifest.json]- [targetUID: 00000000-00006048]
"README.md" has type "ASCII text"- [targetUID: N/A]
"Variations" has type "JSON data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Variations]- [targetUID: 00000000-00006048]
"manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\6048_795799618\manifest.fingerprint]- [targetUID: 00000000-00006048]
"manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\6048_1079017833\manifest.fingerprint]- [targetUID: 00000000-00006048]
".ses" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\.ses]- [targetUID: 00000000-00006048]
"MANIFEST-000001" has type "PGP Secret Key -"- [targetUID: 00000000-00006048]
"app-setup.js" has type "ASCII text with no line terminators"- [targetUID: 00000000-00006048]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log]- [targetUID: 00000000-00006048]
"000001.dbtmp" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp]- [targetUID: 00000000-00006048]
"Last Version" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Last Version]- [targetUID: 00000000-00006048]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6048_1079017833\json\i18n-notification\ar\strings.json]- [targetUID: 00000000-00006048]
"Indexing in Progress" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\35\10.34.0.47\Indexing in Progress]- [targetUID: 00000000-00006048]
"6e9cb12a-db7a-4cef-8f0f-9e1982e2b87f.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\6e9cb12a-db7a-4cef-8f0f-9e1982e2b87f.tmp]- [targetUID: 00000000-00006048]
"wallet-stable.json" has type "ASCII text"- [targetUID: 00000000-00006048]
"b4e124ba-c06d-4306-bba5-5038aed71854.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\b4e124ba-c06d-4306-bba5-5038aed71854.tmp]- [targetUID: 00000000-00006048]
"LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\35\scoped_dir6048_73516032\LICENSE]- [targetUID: 00000000-00006048]
"strings.json" has type "JSON data"- Location: [%TEMP%\6048_1079017833\json\i18n-hub\fr-CA\strings.json]- [targetUID: 00000000-00006048]
"tokenized-card.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"notification.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"app-setup.js" has type "ASCII text with no line terminators"- Location: [%TEMP%\6048_1079017833\app-setup.js]- [targetUID: 00000000-00006048]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6048_1079017833\json\i18n-notification\zh-Hans\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6048_1079017833\json\i18n-notification\de\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6048_1079017833\json\i18n-notification\fr\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6048_1079017833\json\i18n-notification\fr-CA\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6048_1079017833\json\i18n-notification\ja\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6048_1079017833\json\i18n-notification\pt-BR\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6048_1079017833\json\i18n-notification\zh-Hant\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6048_1079017833\json\i18n-notification\nl\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6048_1079017833\json\i18n-notification\sv\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6048_1079017833\json\i18n-notification\it\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6048_1079017833\json\i18n-notification\es\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6048_1079017833\json\i18n-notification\id\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6048_1079017833\json\i18n-notification\ru\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6048_1079017833\json\i18n-notification\pt-PT\strings.json]- [targetUID: 00000000-00006048]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6048_1079017833\json\i18n-notification\en-GB\strings.json]- [targetUID: 00000000-00006048] - source
- Binary File
- relevance
- 3/10
- ATT&CK ID
- T1105 (Show technique in the MITRE ATT&CK™ matrix)
-
Drops a license file
- details
-
"wallet-drawer.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"bnpl.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\6048_1079017833\bnpl\bnpl.bundle.js.LICENSE.txt]- [targetUID: 00000000-00006048]
"vendor.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"miniwallet.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\6048_1079017833\Mini-Wallet\miniwallet.bundle.js.LICENSE.txt]- [targetUID: 00000000-00006048]
"tokenized-card.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"notification.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A] - source
- Binary File
- relevance
- 1/10
- ATT&CK ID
- T1083 (Show technique in the MITRE ATT&CK™ matrix)
-
Dropped files
-
Network Related
-
Contacts random domain names
- details
-
"cdn.shopify.com" seems to be random
"shy.elfsight.com" seems to be random - source
- Network Traffic
- relevance
- 5/10
- ATT&CK ID
- T1071.001 (Show technique in the MITRE ATT&CK™ matrix)
-
Found mail related domain names
- details
-
Observed email domain:""shop.lovepop.com"," [Source: wallet-checkout-eligible-sites-pre-stable.json]
Observed email domain:""colourpop.com"," [Source: wallet-checkout-eligible-sites-pre-stable.json]
Observed email domain:""canvaspop.com"," [Source: wallet-checkout-eligible-sites-pre-stable.json]
Observed email domain:""aepop.net"," [Source: wallet-stable.json]
Observed email domain:""artpop.com"," [Source: wallet-stable.json]
Observed email domain:""avenuepop.com"," [Source: wallet-stable.json]
Observed email domain:""bassettbmx.com"," [Source: wallet-stable.json]
Observed email domain:""canvasmx.com"," [Source: wallet-stable.json]
Observed email domain:""drinkolipop.com"," [Source: wallet-stable.json]
Observed email domain:""fashionfunpop.com"," [Source: wallet-stable.json]
Observed email domain:""fastandloosebmx.com"," [Source: wallet-stable.json]
Observed email domain:""flitebmx.com"," [Source: wallet-stable.json]
Observed email domain:""fofopop.com"," [Source: wallet-stable.json]
Observed email domain:""gellipop.com"," [Source: wallet-stable.json]
Observed email domain:""gforcemx.com"," [Source: wallet-stable.json]
Observed email domain:""happipop.com"," [Source: wallet-stable.json]
Observed email domain:""hauzofpop.com"," [Source: wallet-stable.json]
Observed email domain:""hiccapop.com"," [Source: wallet-stable.json]
Observed email domain:""hijabipop.com"," [Source: wallet-stable.json]
Observed email domain:""jellypop.la"," [Source: wallet-stable.json]
Observed email domain:""kinkbmx.com"," [Source: wallet-stable.json]
Observed email domain:""kloudkpop.com"," [Source: wallet-stable.json]
Observed email domain:""knitpop.com"," [Source: wallet-stable.json]
Observed email domain:""kpop.exchange"," [Source: wallet-stable.json]
Observed email domain:""laperlamx.com"," [Source: wallet-stable.json] - source
- File/Memory
- relevance
- 1/10
- ATT&CK ID
- T1071.003 (Show technique in the MITRE ATT&CK™ matrix)
-
Found potential URL in binary/memory
- details
-
Pattern match: "https://creations.mattel.com/"
Pattern match: "https://creations.mattel.com"
Pattern match: "GxNb.OWM/m_{!.0@!V4]u=xVN_H_b"
Pattern match: "D.ptD/*@-h1QIVf'm=t?:%+pqQ}Ey8P5v~^$a%jwq#vV_Zk~\+%Dt3L"
Pattern match: "0xLWb.Deh/Z8]pke:,^I$N"
Pattern match: "learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170Latest"
Pattern match: "ESBN.tx/|CZy#og#V`CFTqHjt@y9lbxvv.;bIsLk8FtoB|^$IQIP3@"
Pattern match: "search.yahoo.com/favicon.icohttps://search.yahoo.com/search{google:pathWildcard}?ei={inputEncoding}&fr=crmas_sfp&p={searchTerms}UTF-8https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command={searchTerms}485bf7d3-0215-45af-87dc-53886800000"
Pattern match: "g.wP/%}D\3h:Enz\[o:g2zW^"
Pattern match: "https://ntp.msn.com/edge/ntp?locale=en&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531edge://settings/profileskeygjgieestate_{edge://settingsedge://settings/edge://settings/?search=smartkeygr10nmstate_{edge://settingsedge://settings/?search=smartedge"
Pattern match: "t.Tn/6%8*4C4tP"
Pattern match: "https://ntp.www.office.com&_https://ntp.msn.comCookieSyncExpiry'_https://ntp.msn.comDefaultFeedPolicy_https://ntp.msn.comGpuExist/_https://ntp.msn.comNOTIFICATION_CACHE_LS_KEY_https://ntp.msn.combkgdV+_https://ntp.msn.combreakingNewsDismissed"
Pattern match: "https://wcpstatic.microsoft.com/https://js.monitor.azure.com/learn.microsoft.com"
Pattern match: "identity.nel.measure.office.net/api/report?catId=GW+estsfd+est[]$}?[]httpswww.redditstatic.comw3-reporting-nel[]httpswww.redditstatic.comw3-reporting-csp[]httpswww.redditstatic.comw3-reporting[]httpsshy.elfsight.comcf-nel4E%[]httpsproductreviews.shopifycdn"
Pattern match: "6z.WH/^Gu8EOO0D_.1Q&:Pnt_OT#8qsKqD|2[je@&PsuuKRrA25g|zfM\-=B8|~x"
Pattern match: "www.clarity.msCLIDv10"
Pattern match: "https://creations.mattel.com/https://creations.mattel.com/https://creations.mattel.com/https://creations.mattel.comhttps://creations.mattel.comhttps://creations.mattel.com/https://creations.mattel.com/https://creations.mattel.comhttps://creations.mattel.co"
Pattern match: "N-.Mk/IUy|KS-#GEZ"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/MC_Favicon_b03cdd9c-aa32-4fd6-9fc4-f7389af8958a_32x32.png?v=1675208107+[https://learn.microsoft.com/favicon.ico$Mhttps://www.bing.com/favicon.icohttps://assets.msn.com/statics/icons/favicon_newtabpage.pnghttps"
Pattern match: "https://ogs.google.com][src*=prid=19015398]google.com.afgoogle.com.aggoogle.com.aigoogle.com.argoogle.com.augoogle.com.bdgoogle.com.bhgoogle.com.bigoogle.com.bngoogle.com.bogoogle.com.brgoogle.com.bygoogle.com.bzgoogle.com.cngoogle.com.cogoogle.com.cugo"
Pattern match: "O.HL/V.s:4PAb5ZIWU][;()%fEu=Ai6.%vgK'u=iE{0SJ7^}h1M+"
Pattern match: "www.bing.com/search?q=vs+code+download&cvid=b24c929981144c99bf0711b78929e24e&aqs=edge.2.0j69i57j0l7&pglt=43&FORM=ANSPA1&PC=U53136f0ed70-14c9-4735-a66d-8f4ea182c246vs"
Pattern match: "mattel-app.quantummetric.coms/mattel-app.quantummetric.comU/.mattel.comQuantumMetricUserID/.mattel.comQuantumMetricSessionID/.creations.mattel.comsoundestID/.creations.mattel.compageview_count/.creations.mattel.compageviewCount/.creations.mattel.comomnisen"
Pattern match: "a.nel.cloudflare.com/report/v3?s=ZYBBuk4tLZhfbVgDLsOvcMisQCFoFsNI1AzIa68oHtBP0GP%2FDkuKrmPOzUhzav5wuuiG3rHzMoF1UMGUX%2B5iVTx8vt9jggieWi6KzeVSAB9qiZMhlUy6NxJwOUdbyk64HC6gedlH[]+httpsgeolocation-recommendations.shopifyapps.comcf-nelhttps://a.nel.cloudflare.c"
Pattern match: "github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.4.7/npp.8.4.7.portable.x64.7zhttps://objects.githubusercontent.com/github-production-release-asset-2e65be/33014811/42d9bc38-89f0-48d8-94ec-d1f3649d2fc3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-A"
Pattern match: "https://github.com/easylist"
Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE53r3l?ver=5412,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE53bta?ver=2bf3,update_period:86400},creativeId:128000000003595"
Pattern match: "https://a21017440049.cdn.optimizely.comcreations.mattellearn.microsoftnotepad-plus.orgtp.msn.cnwww.office!$bing"
Pattern match: "https://www.coupert.com"
Pattern match: "https://learn.microsoft.com/favicon.icohttps://www.bing.com/favicon.icohttps://assets.msn.com/statics/icons/favicon_newtabpage.png[https://learn.microsoft.com/favicon.ico$Mhttps://www.bing.com/favicon.icohttps://assets.msn.com/statics/icons/favicon_newtabp"
Pattern match: "https://creations.mattel.com/Mattel"
Pattern match: "http://www.w3.org/2000/svg,svg"
Pattern match: "https://www.clarity.ms,supports_spdy:true},{anonymization:[],server:https://microsoftedgewelcome.microsoft.com,supports_spdy:true},{anonymization:[],server:https://edgefrecdn.azureedge.net,supports_spdy:true},{anonymization:[],server"
Pattern match: "https://ntp.msn.com/REG:https://ntp.msn.com/https://ntp.msn.com/edge/ntp.https://ntp.msn.com/edge/ntp/service-worker.js"
Pattern match: "https://googleads.g.doubleclick.net/next-map-idQnamespace-3bbc91a6_51d0_4200_9fa7_2e3ec0fddf25-https://tpc.googlesyndication.com/34U"
Pattern match: "https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170https://notepad-plus-plus.org/downloads/v8.4.7/https://notepad-plus-plus.org/whttps://microsoftedgewelcome.microsoft.com/en-us/update/107?form=MT00CP&exp=e157&channel=sta"
Pattern match: "https://creations.mattel.com!_https://creations.mattel.com{shouldLogResources:false}'_https://creations.mattel.comcountryVl_https://creations.mattel.comoptimizely_data$$oeu1683896724652r0.900209363834557$$21034082286$$event_queue[{eb:{n:push_attribu"
Pattern match: "jedwatson.github.io/classnames"
Pattern match: "https://github.com/focus-trap/tabbable/blob/master/LICENSE"
Pattern match: "https://github.com/jsstyles/css-vendor"
Pattern match: "www.googleadservices.com/pagead/conversion/312580702/?random=1683896743303&cv=11&fst=1683896743303&bg=ffffff&guid=ON&async=1>m=45be35a0&u_w=1024&u_h=611&url=https%3A%2F%2Fcreations.mattel.com%2F&label=Q08DCLK1wu4CEN60hpUB&tiba=Mattel%20Creations&hn=www.g"
Pattern match: "https://ssl.kaptcha.com/collect/sdk?m=700000"
Pattern match: "cdn.shopify.com/proxy/f576a1cc570f2ea50c16fec5136f55bd3caaf0cbb2c5f3b535f4cede877d9b2a/static.cdn.printful.com/static/js/external/shopify-product-customizer.js?v=0.28&shop=prod-collectorshub.myshopify.com&sp-cache-control=cHVibGljLCBtYXgtYWdlPTkwMA"
Pattern match: "cdn.shopify.com/proxy/a17038de1b7b74280efd9cdf294e89879c3b51ef7768ac98bc014c162423df2a/crossborder-integration.global-e.com/js/app.js?shop=prod-collectorshub.myshopify.com&sp-cache-control=cHVibGljLCBtYXgtYWdlPTkwMA"
Pattern match: "assets.db/MANIFEST-0000012023/05/12-06:05:18.974"
Pattern match: "https://microsoftedgewelcome.microsoft.com8_https://www.facebook.com__test__16511672347254META:https://a21017440049.cdn.optimizely.com?_https://www.bing.comCB47C15FA3044AB884F7E32B9FD32ED2"
Pattern match: "cdn.shopify.com/shopifycloud/shopify/assets/shopify_pay/storefront-c31d2fa4962d2ef90b673e945ee33f4f87302b97d0882cd8e83a629b84b30dab.js?v=20220906"
Pattern match: "cdn.shopify.com/shopifycloud/shopify/assets/themes_support/option_selection-9f517843f664ad329c689020fb1e45d03cac979f64b9eb1651ea32858b0ff452.js"
Pattern match: "cdn.shopify.com/shopifycloud/shopify/assets/themes_support/shopify_common-8ea6ac3faf357236a97f5de749df4da6e8436ca107bc3a4ee805cbf08bc47392.js"
Pattern match: "cdn.shopify.com/shopifycloud/shopify/assets/storefront/load_feature-e154599399e6b8b29dcb1102cc76eb199fa33a09af4fa78d15e8f8544ee64fcd.js"
Pattern match: "cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-65cd0ba3fcd81a1df33f2510ec5bcf8c0e0958653b50e3965ec972dd638ee13f.js"
Pattern match: "cdn.shopify.com/shopifycloud/shopify/assets/storefront/features-87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae.js"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/image-and-text-container.js?v=23911560551286193531683829169"
Pattern match: "consent.trustarc.com/notice?domain=mattel.com&c=teconsent&js=nj¬iceType=bb&text=true>m=1&irmc=irmlink&pn=1-0"
Pattern match: "productreviews.shopifycdn.com/assets/v4/spr-0e683603bfa450170bff33e7fbad64e7dfe9585e1caeb951bbe283e5a2306523.js"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/Mattelvideoplayer.js?v=20083377802845741031683829169"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/sdg-runtime.min.js?v=152475060959785606251683829170"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/countdown-timer.js?v=45759492894143769951683829168"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/join-the-convo.js?v=138360663291210583181683829169"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/modernizr.min.js?v=11689283637850017101683829169"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/video-hls.min.js?v=14832853138085907171683829170"
Pattern match: "geolocation-recommendations.shopifyapps.com/selectors/script.js?shop=prod-collectorshub.myshopify.com"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/sdg-app.min.js?v=133999827953603869701683829169"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/module-fix.js?v=5515928175792496701683829169"
Pattern match: "cdn.nfcube.com/instafeed-757e4647d3881c8c92177f133c11209a.js?shop=prod-collectorshub.myshopify.com"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/script.js?v=154343199522419749661683829169"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/custom.js?v=158891935890679525691683829370"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/moment.js?v=139966856140886019961683829169"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/libs.js?v=112790206755040643681683829169"
Pattern match: "cdn.shopify.com/s/trekkie.storefront.9ac21a52ee9c37e439bd0f1b55658e80282e836e.min.js"
Pattern match: "static-tracking.klaviyo.com/onsite/js/fender_analytics.23194ba60b06f2efa3bc.js?cb=1"
Pattern match: "cdn.shopify.com/shopifycloud/consent-tracking-api/v0.1/consent-tracking-api.js"
Pattern match: "omnisnippet1.com/inShop/Embed/shopify.js?shop=prod-collectorshub.myshopify.com"
Pattern match: "static-tracking.klaviyo.com/onsite/js/static.7040eccfb11ebc1531fa.js?cb=1"
Pattern match: "connect.facebook.net/signals/config/234797843591274?v=2.9.104&r=stable"
Pattern match: "cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js"
Pattern match: "static.klaviyo.com/onsite/js/sharedUtils.545afc238f7fa31ca92c.js?cb=1"
Pattern match: "blueconic.mattel.com/plugin/library/e3539d94c98e1ea3cf0723d48df8e24a"
Pattern match: "shy.elfsight.com/p/platform.js?shop=prod-collectorshub.myshopify.com"
Pattern match: "blueconic.mattel.com/plugin/plugin/947d1db454306e5a6c32bb7023b927b2"
Pattern match: "www.googletagmanager.com/gtag/js?id=G-R48GR5MR53&l=dataLayer&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=AW-312580702&l=dataLayer&cx=c"
Pattern match: "static.klaviyo.com/onsite/js/runtime.d9cb00e39e8feac91d2e.js?cb=1"
Pattern match: "cdn.shopify.com/shopifycloud/media-analytics/v0.1/analytics.js"
Pattern match: "ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"
Pattern match: "static.klaviyo.com/onsite/js/klaviyo.js?company_id=RbzuTn"
Pattern match: "ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"
Pattern match: "cdn.shopify.com/sb5837980w7bcadfe3p20a28281m8e5071b1m.js"
Pattern match: "cdn.shopify.com/bb5837980w7bcadfe3p20a28281m8e5071b1m.js"
Pattern match: "omnisnippet1.com/inshop/launcher.js?v=2023-05-12T13"
Pattern match: "www.googletagmanager.com/gtag/js?id=AW-312580702"
Pattern match: "cdn.quantummetric.com/qscripts/quantum-mattel.js"
Pattern match: "consent.trustarc.com/asset/notice.js/v/v1.7-164"
Pattern match: "www.googletagmanager.com/gtm.js?id=GTM-56SCBMJ"
Pattern match: "a40.usablenet.com/pt/c/mattel/cs-start"
Pattern match: "connect.facebook.net/en_US/fbevents.js"
Pattern match: "www.google-analytics.com/analytics.js"
Pattern match: "cdn.optimizely.com/js/21034082286.js"
Pattern match: "www.redditstatic.com/ads/pixel.js"
Pattern match: "blueconic.mattel.com/script.js"
Pattern match: "https://aka.ms/EdgeSaveCardFAQ,e.UseVirtualCardLearnMore=https://aka.ms/EdgeVirtualCardFAQ,e.WalletSettings=edge://wallet/settings}(i||(i={}))},73244:(e,t,a)="
Heuristic match: "a21017440049.cdn.optimizely.com"
Heuristic match: "a40.usablenet.com"
Heuristic match: "ajax.googleapis.com"
Heuristic match: "alb.reddit.com"
Heuristic match: "blueconic.mattel.com"
Heuristic match: "cdn.fonts.net"
Heuristic match: "cdn.nfcube.com"
Heuristic match: "cdn.quantummetric.com"
Heuristic match: "cdn.shopify.com"
Heuristic match: "connect.facebook.net"
Heuristic match: "consent.trustarc.com"
Heuristic match: "creations.mattel.com"
Heuristic match: "crossborder-integration.global-e.com"
Heuristic match: "forms.soundestlink.com"
Heuristic match: "geolocation-recommendations.shopifyapps.com"
Heuristic match: "gepi.global-e.com"
Heuristic match: "googleads.g.doubleclick.net"
Heuristic match: "instafeed.nfcube.com"
Heuristic match: "logx.optimizely.com"
Heuristic match: "mattel-app.quantummetric.com"
Heuristic match: "mattel-sync.quantummetric.com"
Heuristic match: "mattel.blueconic.net"
Heuristic match: "monorail-edge.shopifysvc.com"
Heuristic match: "omnisnippet1.com"
Heuristic match: "productreviews.shopifycdn.com"
Heuristic match: "shy.elfsight.com"
Heuristic match: "static-tracking.klaviyo.com"
Heuristic match: "static.klaviyo.com"
Heuristic match: "stats.g.doubleclick.net"
Heuristic match: "utils.global-e.com"
Heuristic match: "webservices.global-e.com"
Pattern match: "www.facebook.com"
Pattern match: "www.googleadservices.com"
Pattern match: "www.redditstatic.com"
Pattern match: "www.gap.com"
Pattern match: "www.gapfactory.com"
Pattern match: "www2.hm.com"
Pattern match: "www.klarna.com"
Pattern match: "www.google.com"
Pattern match: "www.gstatic.com"
Pattern match: "www.transunion.com"
Pattern match: "www.googletagmanager.com"
Pattern match: "http://www.w3.org/2000/svg};class"
Pattern match: "http://www.w3.org/2000/svg,className:r"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/MC_Favicon_b03cdd9c-aa32-4fd6-9fc4-f7389af8958a_32x32.png?v=1675208107"
Pattern match: "https://a40.usablenet.com/pt/c/mattel/cs-start"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/icomoon.eot?v=111105530403879872051683829169"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/icomoon.eot?%23iefix&v=111105530403879872051683829169"
Pattern match: "hello.myfonts.net/count/3cf026"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/HelveticaNeueLTProBolder.woff2?v=112382111651819394461683829169"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/HelveticaNeueLTProBold.woff2?v=149087335543009258221683829169"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/HelveticaNeueLTPro-BdIt.woff2?v=101828961326008441651683829168"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/HelveticaNeueLTPro-It.woff2?v=15299538233616876831683829169"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/HelveticaNeueLTProRoman.woff2?v=116873725260544495001683829169"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/HelveticaNeueLTProMd.woff2?v=136583794465975933581683829169"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/HelveticaNeueLTProMdIt.woff2?v=135920761457136257541683829169"
Pattern match: "https://fonts.shopifycdn.com/rajdhani/rajdhani_n5.d8dbf587163ee8433c9c2982c1995084a3e75f80.woff2?h1=Y3JlYXRpb25zLm1hdHRlbC5jb20&h2=cHJvZC1jb2xsZWN0b3JzaHViLmFjY291bnQubXlzaG9waWZ5LmNvbQ&hmac=0ec10ef5560aba0d3d6da132a788b30c1c1926043b9fbcdc349c9d5cf84782fb"
Pattern match: "https://fonts.shopifycdn.com/rajdhani/rajdhani_n5.e39a99601d26a44e58a8141483321205e5669ae8.woff?h1=Y3JlYXRpb25zLm1hdHRlbC5jb20&h2=cHJvZC1jb2xsZWN0b3JzaHViLmFjY291bnQubXlzaG9waWZ5LmNvbQ&hmac=ab9a9f4125fa83d1717e7a0e7f673d705232703b13e07823bfa95926306cf3e2"
Pattern match: "https://fonts.shopifycdn.com/rajdhani/rajdhani_n4.34575ccbcb52f35923f4e4bfad59de9af781b58a.woff2?h1=Y3JlYXRpb25zLm1hdHRlbC5jb20&h2=cHJvZC1jb2xsZWN0b3JzaHViLmFjY291bnQubXlzaG9waWZ5LmNvbQ&hmac=6315524a73556c10998c42998efff332e60cd0d1486669f5beb54cfca0744fda"
Pattern match: "https://fonts.shopifycdn.com/rajdhani/rajdhani_n4.5ab547d29d0f1ab30fb3b6602c2fdd262886c842.woff?h1=Y3JlYXRpb25zLm1hdHRlbC5jb20&h2=cHJvZC1jb2xsZWN0b3JzaHViLmFjY291bnQubXlzaG9waWZ5LmNvbQ&hmac=95681b66d06d4f338517bc452495a263867416735d894dd8ea7666cb0893cf0e"
Pattern match: "https://fonts.shopifycdn.com/rajdhani/rajdhani_n7.f6e03eacadd4bbe38110a25ef05200437ee83087.woff2?h1=Y3JlYXRpb25zLm1hdHRlbC5jb20&h2=cHJvZC1jb2xsZWN0b3JzaHViLmFjY291bnQubXlzaG9waWZ5LmNvbQ&hmac=659d780a50e019067d6d5e6363a55dda95ce4e922634bd9082c28d1b747c8ba9"
Pattern match: "https://fonts.shopifycdn.com/rajdhani/rajdhani_n7.a054bdc0b1ce90a35d9ddd33a5641d9669d16d89.woff?h1=Y3JlYXRpb25zLm1hdHRlbC5jb20&h2=cHJvZC1jb2xsZWN0b3JzaHViLmFjY291bnQubXlzaG9waWZ5LmNvbQ&hmac=7b50cdf12a97484d21e7be598374e017635842363324ab83bdaeb2d9354b07a1"
Pattern match: "https://fonts.shopifycdn.com/rajdhani/rajdhani_n6.066a284bfad55e8b31bfbe29aade2075d0b04665.woff2?h1=Y3JlYXRpb25zLm1hdHRlbC5jb20&h2=cHJvZC1jb2xsZWN0b3JzaHViLmFjY291bnQubXlzaG9waWZ5LmNvbQ&hmac=e4377b27a10d631c991794b45530f010f491545f02f8024bb968ead02c901860"
Pattern match: "https://fonts.shopifycdn.com/rajdhani/rajdhani_n6.032eccded2d3343dc0e8dfb131786b2cb6428d17.woff?h1=Y3JlYXRpb25zLm1hdHRlbC5jb20&h2=cHJvZC1jb2xsZWN0b3JzaHViLmFjY291bnQubXlzaG9waWZ5LmNvbQ&hmac=d49a354cccf98fc34fda8c9af43d852e79182f6921d7b43761995fa3ef0022ad"
Pattern match: "https://cdn.fonts.net"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/theme.css?v=109705748551172600911683829170"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/module-fix.css?v=75793388014211672901683829169"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/custom-theme.scss.css?v=77928145343226288341683829370"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/image-and-text-container.css?v=21738439498707151001683829169"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/flex-grid.css?v=137287489300492681811683829168"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/sdg-style.css?v=49040031459440204571683829371"
Pattern match: "https://creations.mattel.com/en-ca"
Pattern match: "https://creations.mattel.com/en-es"
Pattern match: "https://creations.mattel.com/en-de"
Pattern match: "https://creations.mattel.com/en-fr"
Pattern match: "https://creations.mattel.com/en-it"
Pattern match: "https://creations.mattel.com/en-jp"
Pattern match: "https://creations.mattel.com/en-gb"
Pattern match: "https://cdn.shopify.com/shopifycloud/checkout-web/assets/runtime.latest.en.8645d252f07ec25fdbc6.js"
Pattern match: "https://cdn.shopify.com/shopifycloud/checkout-web/assets/checkout-web-ui~app.latest.en.9f2a5e9ec696775e2217.css"
Pattern match: "https://cdn.shopify.com/shopifycloud/storefront-recaptcha-v3/v0.6/index.js"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/"
Pattern match: "cdn.shopify.com/shopifycloud/shopify/assets/themes_support/customer_area-4beccea87758d91106a581ba89341d9b51842f6da79209258c8297239e950343.js"
Pattern match: "https://cdn.optimizely.com/js/21034082286.js"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/sdg-cart.min.js?v=39597524726532359991683829169',collection:'//cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/sdg-collection.min.js?v=77282368119246747921683829169',nft_claim_with_code:'//cdn.sho"
Pattern match: "https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f)"
Pattern match: "https://www.myfonts.com/fonts/linotype/neue-helvetica/pro-45-light-189172/"
Pattern match: "https://www.myfonts.com/fonts/linotype/neue-helvetica/pro-55-roman/"
Pattern match: "https://www.myfonts.com/fonts/linotype/neue-helvetica/pro-75-bold/"
Pattern match: "https://crossborder-integration.global-e.com/resources/css/1205/US/"
Pattern match: "https://crossborder-integration.global-e.com/"
Pattern match: "https://utils.global-e.com"
Pattern match: "https://web.global-e.com/"
Pattern match: "https://webservices.global-e.com/"
Pattern match: "https://api.global-e.com/"
Pattern match: "https://payments.amazon.com/checkout/signin"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/t/580/assets/video-hls.min.css?v=107323650136300813091683829170"
Pattern match: "https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=RbzuTn"
Pattern match: "https://cdn.shopify.com/s/files/1/0568/1132/3597/files/MC_Logo_Shared-Link_1200x628_3f66aefb-8681-4b03-9df7-423bd3e64e1d.jpg?v=1632440285"
Pattern match: "https://monorail-edge.shopifysvc.com"
Pattern match: "monorail-edge.shopifysvc.com/.test(entry.name)"
Pattern match: "https://creations.mattel.com,cdnBaseUrl"
Pattern match: "https://cdn.shopify.com/s/trekkie.storefront.9ac21a52ee9c37e439bd0f1b55658e80282e836e.min.js"
Pattern match: "https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js"
Pattern match: "https://www.googletagmanager.com/ns.html?id=GTM-56SCBMJ"
Pattern match: "https://mattel-sites-prod64.adobecqms.net"
Pattern match: "http://www.w3.org/2000/svg"
Pattern match: "https://community.creations.mattel.com/forums/forum/3-hot-wheels/"
Pattern match: "https://community.creations.mattel.com/news/hot-wheels/"
Pattern match: "https://community.creations.mattel.com/forums/forum/4-barbie/"
Pattern match: "https://community.creations.mattel.com/news/barbie/public-news-stories/"
Pattern match: "https://community.creations.mattel.com/forums/forum/10-discussion/"
Pattern match: "https://community.creations.mattel.com/news/matchbox/"
Pattern match: "https://community.creations.mattel.com/forums/forum/12-discussion/"
Pattern match: "https://community.creations.mattel.com/news/master-of-the-universe/"
Pattern match: "https://community.creations.mattel.com/forums/forum/85-discussion/"
Pattern match: "https://community.creations.mattel.com/forums/forum/89-discussion/"
Pattern match: "https://community.creations.mattel.com/forums/forum/91-mega/"
Pattern match: "https://community.creations.mattel.com/forums/forum/95-discussion/"
Pattern match: "https://virtual.mattel.com/"
Pattern match: "https://community.creations.mattel.com/forums/forum/128-general-discussion/"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/MG_ASPOT_D_LAUNCH_a6808744-f0ed-4092-addd-ceb696ffe054_1440x@2x.jpg?v=1683214733"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/MG_ASPOT_M_LAUNCH_eaf6de11-b456-4178-851b-382ace86e103_640x@2x.jpg?v=1683214733"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/LPA6B0_1_1440x@2x.jpg?v=1682575185"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/LP_ASP_1_834ec5c8-1f06-47d4-8d70-87979a3f895d_640x@2x.jpg?v=1682575182"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/MC_ASpot_D_HLX71_Maleficent_1440x@2x.jpg?v=1681860975"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/MC_ASpot_M_HLX71_Maleficent_640x@2x.jpg?v=1681860974"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/BB_DRO_2_0d77881b-aae1-4f43-8f5b-137bce4b425a_1440x@2x.jpg?v=1683819624"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/BB_DRO_1_7abc4bd4-12c7-480e-8f9b-df201eb25327_640x@2x.jpg?v=1683819624"
Pattern match: "https://creations.mattel.com/pages/virtual-drop-barbie-boss-beauties"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/BB_MovieTrailer_Banner_D_1440x@2x.jpg?v=1682628839"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/BB_MovieTrailer_Banner_M_640x@2x.jpg?v=1682628838"
Pattern match: "https://creations.mattel.com/pages/barbie-the-movie"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/HP-MattelCreations-flegxgrid-desktop_1440x@2x.jpg?v=1636499237"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/MOBILE_letscreate_640x@2x.jpg?v=1636499253"
Pattern match: "https://creations.mattel.com/pages/mattel-creations"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/Barbie_Desktop.jpg?v=1650901342"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/Barbie_Mobile.jpg?v=1650901363"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/HW_Desktop.jpg?v=1650901384"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/HW_Mobile.jpg?v=1650901399"
Pattern match: "https://creations.mattel.com/pages/hot-wheels-collectors"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/MBX_Desktop.jpg?v=1650901552"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/MBX_Mobile.jpg?v=1650901567"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/MOTU_Desktop_943fd9c2-f2ca-4cd8-be8b-2a44241fa3e4.jpg?v=1657145878"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/MOTU_Mobile_735e77e6-fd5f-49b8-a667-27bd095ec162.jpg?v=1657145889"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/MH_Desktop_3a4ef793-b20d-4dd0-93f9-1b815fffe48f.jpg?v=1657145930"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/MH_Mobile_2e86076e-6251-4e16-8d6f-1ca070c3737b.jpg?v=1657145942"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/LP_ASpot_D_DEBUT_00_b9200881-36b7-4aac-bb10-4f5e0ff652b5.jpg?v=1660090359"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/LP_ASpot_M_DEBUT_00_95c028ba-485b-4a4d-ae48-16912ed2fdf4.jpg?v=1660005574"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/MEGA_Desktop.jpg?v=1657127215"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/MEGA_Mobile.jpg?v=1657127228"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/WWE_Desktop_7a3a2629-40d3-4822-908f-2fd3ffdd3aae.jpg?v=1660005446"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/WWE_Mobile_3736e634-705e-4502-862a-976fea554ae1.jpg?v=1660005490"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/HUB_LP_a-spot-membership_desktop_7337ef50-138c-497e-9497-2c1520a294cc.jpg?v=1626284340"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/HUB_LP_a-spot-membership_mobile_accae78b-5795-408e-95d1-4b9e7046ed5d.jpg?v=1626284351"
Pattern match: "https://www2.mattel.com/en-us/privacy-statement#collapse-Definitions"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/HWC_87637b70-f34f-4c5f-ab21-b9dbd2eea67b_medium.png?v=1643820531"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/BBS_a5755d43-6434-46a1-8a29-5e91c5a693fd_medium.png?v=1643820531"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/MOTU_8659ccbe-5fd1-4a28-b77e-10a449356c24_medium.png?v=1643820531"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/Matchbox_8813764e-1af2-4849-88cb-4dec2c5332d9_medium.png?v=1643820531"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/WWE_a129b580-41d8-4fed-b291-c137bc960b9e_medium.png?v=1643820531"
Pattern match: "cdn.shopify.com/s/files/1/0568/1132/3597/files/Mosnter-High_c8932b4a-6836-4caf-9200-03557d17302b_medium.png?v=1643820531"
Pattern match: "https://corporate.mattel.com/en-us/terms-and-conditions"
Pattern match: "https://creations.mattel.com/pages/virtual-marketplace-frequently-asked-questions"
Pattern match: "https://creations.mattel.com/pages/return-policy#return-form"
Pattern match: "https://corporate.mattel.com/en-us/mattel-shopping-terms"
Pattern match: "https://www.mattel.com/en-us/privacy-statement"
Pattern match: "https://www.mattel.com/en-us/about-cookies-and-technologies"
Pattern match: "https://cdn.shopify.com/static/images/flags/in.svg"
Pattern match: "https://cdn.shopify.com/static/images/flags/gm.svg""
Pattern match: "https://community.creations.mattel.com/"
Pattern match: "https://platform.mattel/shopify/login?shop_url=https%3A%2F%2Fprod-collectorshub.myshopify.com&return_to=+returnURI+&client_id=collectorshub&prompt=none" - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Contacts random domain names
-
Spyware/Information Retrieval
-
Found strings related to file managers
- details
-
""fasttracktohealth.shop"," (Indicator: "fasttrack")
""thefasttrackgirl.com"," (Indicator: "fasttrack") - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1555 (Show technique in the MITRE ATT&CK™ matrix)
-
Found strings related to file managers
-
Unusual Characteristics
-
Detected known bank URL artifact
- details
-
""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")
""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")
""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")
""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")
""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")
""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")
""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")
""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")
""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")
""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")
""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")
""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")
""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")
""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")
""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")
""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")
""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")
""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")
""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")
""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")
""beautiiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")
""beautyandwhiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")
""bellagracehealthscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")
""belleandbubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")
""beyondblessedscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com") - source
- File/Memory
- relevance
- 10/10
-
Detected known bank URL artifact
CrowdStrike AI
Session Details
No relevant data available.
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 23 processes in total.
-
rundll32.exe
"%WINDIR%\system32\ieframe.dll",OpenURL C:\020acd14052f13928fb57d68a4039a6d979979bf360b867e7b136860c3b140c9.url
(PID: 6540)
-
msedge.exe
--single-argument https://creations.mattel.com/
(PID: 6048)
- msedge.exe --type=crashpad-handler "--user-data-dir=%LOCALAPPDATA%\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=%LOCALAPPDATA%\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=107.0.5304.110 "--annotation=exe=%PROGRAMFILES%\(x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=107.0.1418.56 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0x160,0x7fff4ba8b208,0x7fff4ba8b218,0x7fff4ba8b228 (PID: 4544)
- msedge.exe --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1828,i,13383431846406002759,11338064390060731000,131072 /prefetch:2 (PID: 3048)
- msedge.exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1828,i,13383431846406002759,11338064390060731000,131072 /prefetch:3 (PID: 6304)
- msedge.exe --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 --field-trial-handle=1828,i,13383431846406002759,11338064390060731000,131072 /prefetch:8 (PID: 2900)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --time-ticks-at-unix-epoch=-1683895481967543 --launch-time-ticks=1226301982 --mojo-platform-channel-handle=3140 --field-trial-handle=1828,i,13383431846406002759,11338064390060731000,131072 /prefetch:1 (PID: 6492)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --time-ticks-at-unix-epoch=-1683895481967543 --launch-time-ticks=1226851863 --mojo-platform-channel-handle=3148 --field-trial-handle=1828,i,13383431846406002759,11338064390060731000,131072 /prefetch:1 (PID: 2412)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3508 --field-trial-handle=1828,i,13383431846406002759,11338064390060731000,131072 /prefetch:8 (PID: 2456)
- msedge.exe --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4516 --field-trial-handle=1828,i,13383431846406002759,11338064390060731000,131072 /prefetch:8 (PID: 3912)
- msedge.exe --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=4560 --field-trial-handle=1828,i,13383431846406002759,11338064390060731000,131072 /prefetch:8 (PID: 1448)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5332 --field-trial-handle=1828,i,13383431846406002759,11338064390060731000,131072 /prefetch:8 (PID: 2832)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --time-ticks-at-unix-epoch=-1683895481967543 --launch-time-ticks=1243090191 --mojo-platform-channel-handle=5744 --field-trial-handle=1828,i,13383431846406002759,11338064390060731000,131072 /prefetch:1 (PID: 2932)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6020 --field-trial-handle=1828,i,13383431846406002759,11338064390060731000,131072 /prefetch:8 (PID: 4136)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --time-ticks-at-unix-epoch=-1683895481967543 --launch-time-ticks=1263650634 --mojo-platform-channel-handle=2564 --field-trial-handle=1828,i,13383431846406002759,11338064390060731000,131072 /prefetch:1 (PID: 1096)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6472 --field-trial-handle=1828,i,13383431846406002759,11338064390060731000,131072 /prefetch:8 (PID: 412)
- msedge.exe --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6440 --field-trial-handle=1828,i,13383431846406002759,11338064390060731000,131072 /prefetch:8 (PID: 4692)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6056 --field-trial-handle=1828,i,13383431846406002759,11338064390060731000,131072 /prefetch:8 (PID: 3904)
- msedge.exe --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.16299.192 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6612 --field-trial-handle=1828,i,13383431846406002759,11338064390060731000,131072 /prefetch:2 (PID: 6856)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6440 --field-trial-handle=1828,i,13383431846406002759,11338064390060731000,131072 /prefetch:8 (PID: 6804)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2596 --field-trial-handle=1828,i,13383431846406002759,11338064390060731000,131072 /prefetch:8 (PID: 1720)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1232 --field-trial-handle=1828,i,13383431846406002759,11338064390060731000,131072 /prefetch:8 (PID: 6688)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1828,i,13383431846406002759,11338064390060731000,131072 /prefetch:8 (PID: 4164)
-
msedge.exe
--single-argument https://creations.mattel.com/
(PID: 6048)
Network Analysis
DNS Requests
Domain | Address | Registrar | Country |
---|---|---|---|
a21017440049.cdn.optimizely.com
OSINT |
184.86.106.193
TTL: 300 |
GODADDY.COM, LLC
Organization: Optimizely Name Server: A1-217.AKAM.NET Creation Date: 2010-01-11T00:00:00 |
United States |
a40.usablenet.com
OSINT |
23.44.229.108
TTL: 17763 |
REGISTER.IT S.P.A.
Organization: UsableNet Inc. Name Server: PDNS168.ULTRADNS.BIZ Creation Date: 1999-10-21T17:04:24 |
United States |
ajax.googleapis.com
OSINT |
142.250.191.42
TTL: 300 |
MarkMonitor, Inc.
Organization: Google Inc. Name Server: NS1.GOOGLE.COM Creation Date: 2005-01-25T00:00:00 |
United States |
alb.reddit.com
OSINT |
151.101.1.140
TTL: 4685 |
GANDI SAS
Organization: Reddit Inc Name Server: NS-1029.AWSDNS-00.ORG Creation Date: 2005-04-29T00:00:00 |
United States |
api.edgeoffer.microsoft.com
OSINT |
138.91.254.96
TTL: 3479 |
MarkMonitor, Inc.
Organization: Microsoft Corporation Name Server: NS1.MSFT.NET Creation Date: 1991-05-02T00:00:00 |
United States |
blueconic.mattel.com
OSINT |
13.227.74.124
TTL: 60 |
MarkMonitor, Inc.
Organization: Mattel, Inc. Name Server: NS1.MARKMONITOR.COM Creation Date: 1995-06-05T00:00:00 |
United States |
cdn.fonts.net
OSINT |
104.17.225.78
TTL: 300 |
Ascio Technologies, Inc
Organization: Monotype GmbH Name Server: NS1.P09.DYNECT.NET Creation Date: 1999-03-03T00:00:00 |
United States |
cdn.nfcube.com
OSINT |
104.26.7.155
TTL: 300 |
GoDaddy.com, LLC
Organization: Cubic Name Server: IVAN.NS.CLOUDFLARE.COM Creation Date: 2018-09-01T19:40:18 |
United States |
cdn.quantummetric.com
OSINT |
172.67.20.158
TTL: 300 |
GoDaddy.com, LLC
Name Server: IAN.NS.CLOUDFLARE.COM Creation Date: 2011-09-01T05:39:17 |
United States |
cdn.shopify.com |
23.227.60.200
TTL: 57 |
- | Canada |
connect.facebook.net |
157.240.22.25
TTL: 1712 |
- | United States |
consent.trustarc.com |
13.227.74.20
TTL: 60 |
- | United States |
creations.mattel.com |
23.227.38.74
TTL: 900 |
- | Canada |
crossborder-integration.global-e.com |
104.16.228.60
TTL: 25 |
- | United States |
forms.soundestlink.com |
104.18.30.243
TTL: 300 |
- | United States |
geolocation-recommendations.shopifyapps.com |
185.146.173.20
TTL: 1 |
- | Sweden |
gepi.global-e.com |
104.16.228.60
TTL: 18 |
- | United States |
googleads.g.doubleclick.net |
142.251.214.130
TTL: 12 |
- | United States |
instafeed.nfcube.com |
104.26.7.155
TTL: 300 |
- | United States |
logx.optimizely.com |
3.211.121.92
TTL: 300 |
- | United States |
mattel-app.quantummetric.com |
34.135.80.45
TTL: 120 |
- | United States |
mattel-sync.quantummetric.com |
35.188.81.186
TTL: 120 |
- | United States |
mattel.blueconic.net |
18.204.100.250
TTL: 60 |
- | United States |
monorail-edge.shopifysvc.com |
34.111.107.189
TTL: 59 |
- | United States |
omnisnippet1.com |
104.18.16.174
TTL: 300 |
- | United States |
productreviews.shopifycdn.com |
185.146.173.20
TTL: 243 |
- | Sweden |
shop.app |
23.227.38.33
TTL: 30 |
- | Canada |
shy.elfsight.com |
104.26.6.107
TTL: 300 |
- | United States |
static-tracking.klaviyo.com |
151.101.2.133
TTL: 2 |
- | United States |
static.klaviyo.com |
151.101.2.133
TTL: 2 |
- | United States |
stats.g.doubleclick.net |
74.125.137.155
TTL: 231 |
- | United States |
utils.global-e.com |
216.239.32.21
TTL: 30 |
- | United States |
webservices.global-e.com |
104.16.228.60
TTL: 1 |
- | United States |
www.facebook.com |
157.240.11.35
TTL: 3053 |
- | United States |
www.googleadservices.com |
142.251.214.130
TTL: 300 |
- | United States |
www.redditstatic.com |
151.101.1.140
TTL: 63 |
- | United States |
Contacted Hosts
IP Address | Port/Protocol | Associated Process | Details |
---|---|---|---|
23.227.38.74 |
443
TCP |
msedge.exe PID: 6304 |
Canada |
138.91.254.96 |
443
TCP |
msedge.exe PID: 6304 |
United States |
23.227.60.200 |
443
TCP |
msedge.exe PID: 6304 |
Canada |
104.17.225.78 |
443
TCP |
msedge.exe PID: 6304 |
United States |
23.44.229.108 |
443
TCP |
msedge.exe PID: 6304 |
United States |
142.250.191.42 |
443
TCP |
msedge.exe PID: 6304 |
United States |
104.16.228.60 |
443
TCP |
msedge.exe PID: 6304 |
United States |
151.101.2.133 |
443
TCP |
msedge.exe PID: 6304 |
United States |
23.227.60.200 |
443
UDP |
msedge.exe PID: 6304 |
Canada |
184.86.106.193 |
443
TCP |
msedge.exe PID: 6304 |
United States |
3.211.121.92 |
443
TCP |
msedge.exe PID: 6304 |
United States |
23.227.38.33 |
443
TCP |
msedge.exe PID: 6304 |
Canada |
23.227.38.74 |
443
UDP |
msedge.exe PID: 6304 |
Canada |
13.227.74.20 |
443
TCP |
msedge.exe PID: 6304 |
United States |
157.240.22.25 |
443
TCP |
msedge.exe PID: 6304 |
United States |
142.251.214.130 |
443
TCP |
msedge.exe PID: 6304 |
United States |
157.240.22.25 |
443
UDP |
msedge.exe PID: 6304 |
United States |
157.240.11.35 |
443
TCP |
msedge.exe PID: 6304 |
United States |
104.18.16.174 |
443
TCP |
msedge.exe PID: 6304 |
United States |
185.146.173.20 |
443
TCP |
msedge.exe PID: 6304 |
Sweden |
104.26.6.107 |
443
TCP |
msedge.exe PID: 6304 |
United States |
13.227.74.124 |
443
TCP |
msedge.exe PID: 6304 |
United States |
172.67.69.247 |
443
TCP |
msedge.exe PID: 6304 |
United States |
151.101.1.140 |
443
TCP |
msedge.exe PID: 6304 |
United States |
172.67.20.158 |
443
TCP |
msedge.exe PID: 6304 |
United States |
216.239.32.21 |
443
TCP |
msedge.exe PID: 6304 |
United States |
104.18.16.174 |
443
UDP |
msedge.exe PID: 6304 |
United States |
185.146.173.20 |
443
UDP |
msedge.exe PID: 6304 |
Sweden |
104.18.30.243 |
443
TCP |
msedge.exe PID: 6304 |
United States |
18.204.100.250 |
443
TCP |
msedge.exe PID: 6304 |
United States |
104.26.7.155 |
443
TCP |
msedge.exe PID: 6304 |
United States |
142.250.191.42 |
443
UDP |
msedge.exe PID: 6304 |
United States |
74.125.137.155 |
443
TCP |
msedge.exe PID: 6304 |
United States |
104.26.7.155 |
443
UDP |
msedge.exe PID: 6304 |
United States |
34.111.107.189 |
443
TCP |
msedge.exe PID: 6304 |
United States |
34.111.107.189 |
443
UDP |
msedge.exe PID: 6304 |
United States |
34.135.80.45 |
443
TCP |
msedge.exe PID: 6304 |
United States |
35.188.81.186 |
443
TCP |
msedge.exe PID: 6304 |
United States |
74.125.137.155 |
443
UDP |
msedge.exe PID: 6304 |
United States |
Contacted Countries
HTTP Traffic
No relevant HTTP requests were made.
Suricata Alerts
Event | Category | Description | SID |
---|---|---|---|
8.251.33.254 -> local:49877 (TCP) | Generic Protocol Command Decode | SURICATA STREAM excessive retransmissions | 2210054 |
Extracted Strings
Extracted Files
Displaying 51 extracted file(s). The remaining 326 file(s) are available in the full version and XML/JSON reports.
-
Informative Selection 51
-
-
0c43f378-fb1e-4c28-a420-30b1d85ebe1a.tmp
- Size
- 63KiB (64530 bytes)
- Type
- text
- Description
- UTF-8 Unicode text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6048)
- MD5
- 73425b132dfa863bb4ffa23ab68c6771
- SHA1
- e3aea2f6756b622d5fb5df0c5eabdd87a5774250
- SHA256
- cb5a18ca156309c2c6e24c24edc9e03c723c2e483e9e27bf79c7c4d000c1b1bd
-
15ec4838-aa6a-4035-8ddd-ab05ca6aa590.tmp
- Size
- 63KiB (64429 bytes)
- Type
- text
- Description
- UTF-8 Unicode text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6048)
- MD5
- 0777e07c7c9303beb8f0de6bc310ced5
- SHA1
- ed9dee29d5c684a31cfb165d733a51ddc08cfe32
- SHA256
- b89f4442d722a155815c49e94819b2be37e9116425eb2d7353f78a300fba626f
-
1da8076b-a918-4d24-8609-ffce4dd8fe7d.tmp
- Size
- 63KiB (64530 bytes)
- Type
- text
- Description
- UTF-8 Unicode text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6048)
- MD5
- d0fbe50fd89ec4ca8af368807d55460e
- SHA1
- 8983d7b18b16df18bac05aa665f1817b3b8d8c4d
- SHA256
- c5654c4a03b0658dc7a5f99c464c1dd57abd1e22080f2e72619aae855a990a82
-
a6ebb8ba-184f-4fe6-b540-db43146b076d.tmp
- Size
- 85KiB (87542 bytes)
- Type
- data
- Description
- JSON data
- Runtime Process
- msedge.exe (PID: 6048)
- MD5
- 465d80662bd142c32b502ed486f32ea9
- SHA1
- d0024d33fc3ba99552d3d613c7f9cd6a74b425a3
- SHA256
- 86af7d1e81878f02e070f633ea675cd8cd11e5c4fe83ffda8bd0685c8d1e159e
-
settings.dat
- Size
- 280B (280 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 4544)
- MD5
- ad0bc7a515cdef716546f1fe7dffce24
- SHA1
- 1211554ababfbadba842f3c900fdd9d76e3186a0
- SHA256
- ff788ad9260235970674c12b2c4faa4c1825b6cbe3b471b8de23ef1ae13b1a56
-
11296a94-4c3c-4fbd-b41c-31c62038bc85.tmp
- Size
- 23KiB (24046 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6048)
- MD5
- 3c260090257d90b091a090d66028f8d3
- SHA1
- ece1d70cfa58ee062ddfa2a25170cda3f0e0be85
- SHA256
- 1a8e3b9049ce5f580a22779f66f2043aa1174188d4bf8f1f24f125b5eb2ac008
-
5bb6de10-30af-4351-b38f-34872f6b8a5d.tmp
- Size
- 23KiB (24045 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6048)
- MD5
- 5e5bea68e9c9383bfc55f907adf425f6
- SHA1
- 6f5fd66d2e55f9fd2e5b5ab066151d8bca119bdc
- SHA256
- 42460d14b0172a689c4964d895759931419e94164bf426e58a7798867dd814da
-
6e9cb12a-db7a-4cef-8f0f-9e1982e2b87f.tmp
- Size
- 1B (1 bytes)
- Type
- unknown
- Description
- very short file (no magic)
- Runtime Process
- msedge.exe (PID: 6048)
- MD5
- 5058f1af8388633f609cadb75a75dc9d
- SHA1
- 3a52ce780950d4d969792a2559cd519d7ee8c727
- SHA256
- cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
-
7e3f3c59-a16a-4dce-a230-4b799a27f81c.tmp
- Size
- 23KiB (23497 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6048)
- MD5
- d2f94b9ec4da3d46eb04cfed2d1a3995
- SHA1
- cb29e8fb4b40e86d84f5f1043c07acaff53c58a0
- SHA256
- a7be9aed7707fd251ade090d34778bc3dbe642b5d6ad9abe155da1fc0a285bc6
-
000001.dbtmp
- Size
- 16B (16 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- msedge.exe (PID: 6048)
- MD5
- 46295cac801e5d4857d09837238a6394
- SHA1
- 44e0fa1b517dbf802b18faf0785eeea6ac51594b
- SHA256
- 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
-
000003.log
- Size
- 33B (33 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6048)
- MD5
- f27314dd366903bbc6141eae524b0fde
- SHA1
- 4714d4a11c53cf4258c3a0246b98e5f5a01fbc12
- SHA256
- 68c7ad234755b9edb06832a084d092660970c89a7305e0c47d327b6ac50dd898
-
000003.log
- Size
- 420KiB (429683 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6048)
- MD5
- d980be5e629d343998886ad58557359a
- SHA1
- c5a80efdb27da14a6e9d70d96e74027adc308cab
- SHA256
- 003a4f1419de18d2542d685659be62a8451050677d2505a5dfe398b8e527bc82
-
LOG
- Size
- 338B (338 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- msedge.exe (PID: 6048)
- MD5
- 6f575965ba83cc38a7c2a4122efa99b2
- SHA1
- b1b763bacf76f68d7158f737c8ae9b6c82abb9f1
- SHA256
- 45dfd059b63fd82a7646be01f9908180432bcffe896d6e54d28e955f55d15419
-
data_0
- Size
- 120KiB (122564 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 92dafcc850577bd490ad41d5efc961a4
- SHA1
- 2e30a7b252d6241f5ac34a4ca7e66c07fb85939a
- SHA256
- ec858339d464dac716645dd0828f106d919bdc03360f03e7dffdb20bbc299966
-
data_1
- Size
- 1.3MiB (1337088 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- c87577c1b7ce9183715e0798a7be18b8
- SHA1
- 4a0b1e1521dcf65738a766ec660d28527996d2d8
- SHA256
- 99cdf1735696be155d8d1bba00394cb503b8819e6b8cf0140aa1db7b366a02ce
-
data_2
- Size
- 3MiB (3153920 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 437b8f19c5d81b71c14bbda46d59c635
- SHA1
- 7c62aea0ba2ed96136bc177635e3b29c604e4988
- SHA256
- 432f10dc47401a1a359e70cd51cdec90d3d636cb9e6d7ea95a338a5edfe346c1
-
f_0004c3
- Size
- 51KiB (52324 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- c5a3826b0e85815694a0cd1f2224f74d
- SHA1
- e2e8e5503fce353a85340919dac8f6b5b597be76
- SHA256
- 44da7732c4da03855235b8bbd5c3acfe60f4fe5dfa179417999734ebb44a8d40
-
f_0004c4
- Size
- 26KiB (26434 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- acce57e502a9a69bb9f2a10685df6061
- SHA1
- fc35cd2ee5f062e80d5fc15d1706df97a4c69ac8
- SHA256
- 592a8bce4164a97018ad50eaf99ec2d95e5e720702ff39a062f6089809eb2790
-
f_0004c5
- Size
- 48KiB (49029 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 71604249b7c0a913ea16e12b78a33be8
- SHA1
- 836f3f6401d65c84c90e66d5b4835e049df2a33f
- SHA256
- ecfa54f99c9eb8e367aafa34c52309cb33e666169c06e231ea13c7bd5c9bf37f
-
f_0004c7
- Size
- 30KiB (30984 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 94356
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 63215ad046493e84cf6f99f81ec64b57
- SHA1
- 088014c8f184f3d8c394a2d49f290d265bd6efa8
- SHA256
- 0b2a263ff6c149a60b1ba329a4b1fa947577ac5cb6eb883058588313d5165241
-
f_0004c8
- Size
- 96KiB (97938 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, last modified: Thu May 11 16:44:09 2023, max compression, original size modulo 2^32 325959
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 305d5bdb1bd562269ba6b3c2c132d863
- SHA1
- 2781657e399ac2aa9b276ed548eb32741928e47b
- SHA256
- bd4c6ad56871333a505144e6d99d7b76b29e03badf3635dd48746d76f02c1beb
-
f_0004c9
- Size
- 73KiB (74429 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 5c857473a0713b468d473221085d7d0d
- SHA1
- 659c0133fd3ef5fdcc682517efba3cdeeff12dd5
- SHA256
- 43ce5787afc73afeb023e3796333088013c2a15a0deca304ca9978663c532002
-
f_0004ca
- Size
- 25KiB (25955 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 2c47aa3b03b65b61c7b2382487800633
- SHA1
- 6c5b262c01a5d20fbb13064868102657854123c1
- SHA256
- b19fd7257953f26eb1c223fc4449a683013d3bdb6de47f17dd2ab42b2e2fe24c
-
f_0004cc
- Size
- 23KiB (23876 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- d5949298a6f5e5becba8be5347cbe7f1
- SHA1
- c5cc00b386a8f991a1127054cfa6e89ddc936760
- SHA256
- 4cea648fa562c0fb331d56e4cc136c42d41624f27d829febb6073df2a23f5808
-
f_0004ce
- Size
- 30KiB (30460 bytes)
- Type
- data
- Description
- RIFF (little-endian) data, Web/P image
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 53e6d0e0699621f5861bea9fca34e741
- SHA1
- 2b0503d6211598a95a373f35025df753e9338227
- SHA256
- 9beef4223b7f399955e4b60a583d273b1172a471e9bc3ea6601552f02d74b1e7
-
f_0004cf
- Size
- 26KiB (26764 bytes)
- Type
- unknown
- Description
- Web Open Font Format (Version 2), TrueType, length 26764, version 0.0
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 4bb5152cdb70407140938d90aa1dcdc2
- SHA1
- 4d4c7b961690c7aa6246e9e5d806c95d171d3883
- SHA256
- e5be3dac2e96bdfe3935863d97acee7dd300b60856a3e05345f8bc34f06f73b9
-
f_0004d0
- Size
- 27KiB (27924 bytes)
- Type
- unknown
- Description
- Web Open Font Format (Version 2), CFF, length 27924, version 0.0
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- f7f59108775d9ac94c7fe4df60b4d552
- SHA1
- de8adbb7141716c56584de7c8cc977635a3302e4
- SHA256
- 689dff0c29e98ac5faa658165918736fb9254997c03c46b413d9001f48c0c954
-
f_0004d1
- Size
- 23KiB (23655 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- eb5889f70d7566ce4f226fb9f64b81a4
- SHA1
- 43447d539eadb64ce0c9d266a4a0772a7164e6a9
- SHA256
- 0a8ddf66af749d6d05a49af59e0a31a7eee97fd4b5de6044863cba2cb0081a87
-
f_0004d2
- Size
- 82KiB (84054 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- bd4ea1cb462e227ad341b7707031062e
- SHA1
- c5ce3748e9ff5a466ea9fecf9bdfe821f41377d7
- SHA256
- 3a7448b5506f1e211c05d8b305bf281591adb3a5a67793546d46daa6157ca2e0
-
f_0004d4
- Size
- 31KiB (31562 bytes)
- Type
- data
- Description
- RIFF (little-endian) data, Web/P image
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 19ebb9d37647f85a8ceb7a700a440e73
- SHA1
- 73d435a7fcb6d5dfb8835ae2d348818e476e57cc
- SHA256
- 3cec2f5a267ad43438a9d994fbc64064d9d35cd595f15fbda37d1a4681199609
-
f_0004d5
- Size
- 27KiB (27886 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- a2d6c942c6c1a620aea1f9295b3067ea
- SHA1
- eb7bc739d0778df93bfa44525cebf833eb19dab8
- SHA256
- fcd2840d683800e159c25ad3d20afada4f48435a77fdceb870f9df1390893a66
-
f_0004d9
- Size
- 41KiB (42234 bytes)
- Type
- data
- Description
- RIFF (little-endian) data, Web/P image
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- f4716c288fd2e50d4e99a82326742019
- SHA1
- fe24e0676e7b3f47ae9b9a838a1cd764e7409f56
- SHA256
- f0863fa53ae23e9b58afd9f677708d9ba3313673d34c615dd9f54020a7f646e7
-
f_0004da
- Size
- 35KiB (35952 bytes)
- Type
- data
- Description
- RIFF (little-endian) data, Web/P image
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 038fc154e009cf7b7e18cdb0da8cef68
- SHA1
- 492697085e54aaa0ecadfaa9889f4c115deabc7d
- SHA256
- af03f1d43c210b73a4a850ed70f9bb1bd440d47330e0dd6b330652f007ad1b34
-
f_0004e3
- Size
- 66KiB (67406 bytes)
- Type
- data
- Description
- RIFF (little-endian) data, Web/P image
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 1038df61ae843d37bc8ed7027886bd4b
- SHA1
- fbe377d3002e3f4e8738fe228036dfe399596716
- SHA256
- 1f80e264127a33c1952d49bc0e34be31aae4dd7d2844b031f5b2d8604f49c0e0
-
f_0004e4
- Size
- 52KiB (52888 bytes)
- Type
- data
- Description
- RIFF (little-endian) data, Web/P image
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- a2bb68f0921dfa81c0f28742b4dc366d
- SHA1
- b02643eb91060492244caebf951846f7501cf66b
- SHA256
- 05fb298d2477c80d9c16ef7f35917f9f37e63a382f3ed09527d27491fa7a68fe
-
f_0004e5
- Size
- 85KiB (86690 bytes)
- Type
- data
- Description
- RIFF (little-endian) data, Web/P image
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 049fec43febff781faf761fd9d14dfc2
- SHA1
- 1e1c8bc3328b084a9aad233f238e041f62fdb611
- SHA256
- d2ae0661892b74120f7b8baa3ab560233b10ed702d72cb2747b673138335e488
-
f_0004e9
- Size
- 40KiB (40568 bytes)
- Type
- data
- Description
- RIFF (little-endian) data, Web/P image
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 1ecd589765b4335ad513039cccd8fd9e
- SHA1
- 7daa999e4011d686ab38e6b4c3a98112d8146f16
- SHA256
- cb0027611f1044a436076fe589621671ed3c79837fde72a6de7288448d9e1f1e
-
f_0004ec
- Size
- 107KiB (109851 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 385163
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 7692505c68e161d51261660ab211fb9f
- SHA1
- 8d68f33c2164b21e173af28f0c5cb838a9317960
- SHA256
- 5b712ad226489f90d0c5e12dd006fead3fb7f0e561e37042ab5173d21261ef79
-
f_0004f0
- Size
- 110KiB (113082 bytes)
- Type
- data
- Description
- RIFF (little-endian) data, Web/P image
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- db084edca3d1c8bc7688d5668342c279
- SHA1
- ff71a555352c122c4e05d060d215b2fa6fd09bb8
- SHA256
- 919dfcc158eb1b2f76fa478cd45082115efe305d146e2a77b9b31758fe1741cc
-
f_0004f1
- Size
- 139KiB (142530 bytes)
- Type
- data
- Description
- RIFF (little-endian) data, Web/P image
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 70df7c26f81b5d217b0e915e6f9e319b
- SHA1
- dd880b61327ff90c569c0ba00b7690055645519e
- SHA256
- 60ae6bbdbbe5fc6293b3e508adfebd02e8e648d7faae6ad811623431a8092e55
-
f_0004f4
- Size
- 23KiB (23834 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 79493
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- a828b11d8f9320339b71082cf1a004cd
- SHA1
- f6dc9b4d15de0b5cf7bf314dc2f8b9d00f474dd4
- SHA256
- bbf58f7946c828301d3c24b13282fe3738a5c44e251e43604ed2a76b11dfbe7c
-
f_0004fc
- Size
- 112KiB (114585 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 808ad36ff11e8c2c8939105a170ad58f
- SHA1
- 0b2e390278178c0a354d6eafeb64f316026d13f3
- SHA256
- 3d0aeb1520de25024440478d2c095f4ceebe91ec83b283c3ea026cc36ca15b72
-
f_0004fd
- Size
- 39KiB (39771 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 132604
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 4292d163dfcc04f051a9cf7677f4dd29
- SHA1
- c088afccc3de13d68cdf7082ea8a21aa83cae014
- SHA256
- e9b5f1df1d89250f060b27f7e2e0a44ed00614a05645700a85ecaafd14655cc3
-
f_0004fe
- Size
- 20KiB (20737 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, max compression, original size modulo 2^32 52082
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 39307e27138b106e53f1a4af27d63094
- SHA1
- 9c2fbfb3f19bf72a282a101d1c802c287dbb5fab
- SHA256
- 07c09b206faa8934e6b12c518a4f834d8bd5b2bbe92a07a4f169173ab620b464
-
f_000506
- Size
- 57KiB (58787 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190850
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 5cabb0db465271bce650e6a96f6fef8d
- SHA1
- 4808bb316dae6419dae0ca7fc81351373ba9553a
- SHA256
- 8d36fdb255068f16bcab04e8e3db5e150f5b8930a838cc5852237353f9a81ddf
-
f_000507
- Size
- 199KiB (203382 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 7f6657b3e667da019d8d1e113c049807
- SHA1
- e89fbb5b31680641a44c70d916911b8b3c718b56
- SHA256
- 44808b60aec2157affad97f18f0de088cc456ce91423a0daa856042b1d0e3e02
-
f_000508
- Size
- 17KiB (17162 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6304)
- MD5
- 396011061fbcad7e364b2820ed41f96b
- SHA1
- b4eba41fee5788e4a5bc444016ee8b49d480973e
- SHA256
- a9a386324a4e07768fab23f51dac5349faf30918ddce15b1ba9b2ca251a790f2
-
1a88f5ca8a246225_0
- Size
- 221B (221 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6048)
- MD5
- 3e0fdfb7fbee510460b2b7955fc4e002
- SHA1
- 8c2e25fa218b50dfcbbbce15bf3d2720577d1fbc
- SHA256
- e117c36e41132c82f632963e7e3b00bc44035a4189f35e12a5187df3879dbc84
-
2561b74e80bdacb5_0
- Size
- 308B (308 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6048)
- MD5
- 0d6228b607453e30eb079957f3fa1179
- SHA1
- a49b77e9780a529e2f305e71f92baffa0af1ed25
- SHA256
- d2cb325b4e4fa17921daac828bb92af642d29d0be6d15745120e430693e0a132
-
45ec49a63182e42c_0
- Size
- 232B (232 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6048)
- MD5
- 01c326b324eed4335dfcc3bb2572e76a
- SHA1
- ba4664c095960b7575990d6ec11df184c00a1c0e
- SHA256
- 914b45ce02c0add844731b046c9241fc6f5419e61049d96f11dbde2205cbcd90
-
urlref_httpscreations.mattel.com
- Size
- 259KiB (265190 bytes)
- Type
- html
- Description
- HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
- Context
- https://creations.mattel.com/
- MD5
- 76c18060a579cb707ff2bffe0237a2d2
- SHA1
- 5cd4eb238ef1a77bae0ff2f066c4ae3b8c29758c
- SHA256
- 3435baa35c1a422291e14f513c2d878255b03609384bab42dbe4878ddae21e91
-
Notifications
-
Runtime
- Not all Falcon MalQuery lookups completed in time
- Not all IP/URL string resources were checked online
- Not all created files are visible for msedge.exe (PID: 6048)
- Not all file accesses are visible for msedge.exe (PID: 1096)
- Not all file accesses are visible for msedge.exe (PID: 1448)
- Not all file accesses are visible for msedge.exe (PID: 1720)
- Not all file accesses are visible for msedge.exe (PID: 2412)
- Not all file accesses are visible for msedge.exe (PID: 2456)
- Not all file accesses are visible for msedge.exe (PID: 2832)
- Not all file accesses are visible for msedge.exe (PID: 2900)
- Not all file accesses are visible for msedge.exe (PID: 2932)
- Not all file accesses are visible for msedge.exe (PID: 3048)
- Not all file accesses are visible for msedge.exe (PID: 3904)
- Not all file accesses are visible for msedge.exe (PID: 3912)
- Not all file accesses are visible for msedge.exe (PID: 412)
- Not all file accesses are visible for msedge.exe (PID: 4136)
- Not all file accesses are visible for msedge.exe (PID: 4164)
- Not all file accesses are visible for msedge.exe (PID: 4544)
- Not all file accesses are visible for msedge.exe (PID: 4692)
- Not all file accesses are visible for msedge.exe (PID: 6048)
- Not all file accesses are visible for msedge.exe (PID: 6304)
- Not all file accesses are visible for msedge.exe (PID: 6492)
- Not all file accesses are visible for msedge.exe (PID: 6688)
- Not all file accesses are visible for msedge.exe (PID: 6804)
- Not all file accesses are visible for msedge.exe (PID: 6856)
- Some low-level data is hidden, as this is only a slim report
- This URL analysis has missing honeyclient data
- Not all sources for indicator ID "mutant-0" are available in the report
- Not all sources for indicator ID "network-1" are available in the report
- Not all sources for indicator ID "network-51" are available in the report
- Not all sources for indicator ID "string-23" are available in the report
- Not all sources for indicator ID "string-169" are available in the report