http://driftstreams.com/
This report is generated from a file or URL submitted to this webservice on September 12th 2023 20:00:00 (UTC) and action script Default browser analysis
Guest System: Windows 10 64 bit, Professional, 10.0 (build 16299),
Report generated by
Falcon Sandbox v10.2.0 © Hybrid Analysis
Incident Response
Risk Assessment
- Network Behavior
- Contacts 12 domains and 15 hosts. View all details
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Suspicious Indicators 5
-
Exploit/Shellcode
-
Contains escaped byte string (often part of obfuscated shellcode)
- details
-
"{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "ro-ro", "ru": "ru-ru", "sk": "sk-sk", "sl": "sl-si", "sr": "sr-rs", "sv": "sv-se", "th": "th-th", "tr": "tr-tr", "ua": "ua-ua", "vi": "vi-vn", "zh": "zh-cn"}, "picl_market_model_map": {"de": "de-de", "fr": "fr-fr", "ja": "ja-jp", "zh": "zh-cn", "es": "es-mx", "fr-be": "fr-fr", "de-at": "de-de"}, "equivalent_locale_map": {"us-en": "en-us", "en-gb-gb": "en-gb", "en-gb-ca": "en-ca", "en-gb-au": "en-au", "en-gb-in": "en-in", "zh-hans-cn": "zh-cn", "zh-hant": "zh-tw", "-tw": "zh-tw"}, "market_domain_regex_map": {"ae": "((\\.ae\\/)|(\\.com\\/ae\\/))", "ar": "((\\.ar\\/)|(\\.com\\/ar\\/))", "at": "((\\.at\\/)|(\\.com\\/at\\/)|(\\.com\\/de-at\\/)|(\\.com\\/de_at\\/))", "au": "((\\.au\\/)|(\\.com\\/au\\/)|(\\.com\\/en-au\\/)|(\\.com\\/en_au\\/))", "be": "((\\.be\\/)|(\\.com\\/be\\/)|(\\.com\\/fr-be\\/)|(\\.com\\/fr_be\\/)|(\\.com\\/nl-be\\/)|(\\.com\\/nl_be\\/))", "bg": "((\\.bg\\/)|(\\.com\\/bg\\/))", "br": "((\\.br\\/)|(\\.com\\/br\\/)|(\\.com\\/pt-br\\/)|(\\.com\\/pt_br\\/))", "ca": "((\\.ca\\/)|(\\.com\\/ca\\/)|(\\.com\\/fr-ca\\/)|(\\.com\\/fr_ca\\/)|(\\.ca\\/fr-ca\\/)|(\\.ca\\/fr_ca\\/)|(\\.com\\/en-ca\\/)|(\\.com\\/en_ca\\/))", "ch": "((\\.ch\\/)|(\\.com\\/ch\\/))", "cl": "((\\.cl\\/)|(\\.com\\/cl\\/))", "cn": "((\\.cn\\/)|(\\.com\\/cn\\/))", "co": "((\\.co\\/)|(\\.com\\/co\\/))", "cz": "((\\.cz\\/)|(\\.com\\/cz\\/))", "de": "((\\.de\\/)|(\\.com\\/de\\/)|(\\.com\\/de-de\\/)|(\\.com\\/de_de\\/))", "dk": "((\\.dk\\/)|(\\.com\\/dk\\/)|(\\.com\\/da-dk\\/)|(\\.com\\/da_dk\\/))", "eg": "((\\.eg\\/)|(\\.com\\/eg\\/))", "es": "((\\.es\\/)|(\\.com\\/es\\/)|(\\.com\\/es-es\\/)|(\\.com\\/es_es\\/))", "fi": "((\\.fi\\/)|(\\.com\\/fi\\/)|(\\.com\\/fi-fi\\/)|(\\.com\\/fi_fi\\/))", "fr": "((\\.fr\\/)|(\\.com\\/fr\\/)|(\\.com\\/fr-fr\\/)|(\\.com\\/fr_fr\\/))", "gb": "((\\.uk\\/)|(\\.com\\/uk\\/)|(\\.com\\/en-gb\\/)|(\\.com\\/en_gb\\/))", "gr": "((\\.gr\\/)|(\\.com\\/gr\\/)|(\\.com\\/el-gr\\/)|(\\.com\\/el_gr\\/))", "hr": "((\\.hr\\/)|(\\.com\\/hr\\/))", "hu": "((\\.hu\\/)|(\\.com\\/hu\\/)|(\\.com\\/hu-hu\\/)|(\\.com\\/hu_hu\\/))", "is": "((\\.is\\/)|(\\.com\\/is\\/))", "in": "((\\.in\\/)|(\\.com\\/in\\/)|(\\.com\\/en-in\\/)|(\\.com\\/en_in\\/))", "id": "((\\.id\\/)|(\\.com\\/id\\/))", "ie": "((\\.ie\\/)|(\\.com\\/ie\\/)|(\\.com\\/en-ie\\/)|(\\.com\\/en_ie\\/))", "il": "((\\.il\\/)|(\\.com\\/il\\/)|(\\.com\\/hw-il\\/)|(\\.com\\/hw_il\\/))", "it": "((\\.it\\/)|(\\.com\\/it\\/)|(\\.com\\/it-it\\/)|(\\.com\\/it_it\\/))", "jp": "((\\.jp\\/)|(\\.com\\/jp\\/)|(\\.com\\/ja-jp\\/)|(\\.com\\/ja_jp\\/))", "ke": "((\\.ke\\/)|(\\.com\\/ke\\/))", "kr": "((\\.kr\\/)|(\\.com\\/kr\\/)|(\\.com\\/ko-kr\\/)|(\\.com\\/ko_kr\\/))", "lt": "((\\.lt\\/)|(\\.com\\/lt\\/))", "ma": "((\\.ma\\/)|(\\.com\\/ma\\/))", "mx": "((\\.mx\\/)|(\\.com\\/mx\\/)|(\\.com\\/es-mx\\/)|(\\.com\\/es_mx\\/)|(\\.com\\/en-mx\\/)|(\\.com\\/en_mx\\/))", "my": "((\\.my\\/)|(\\.com\\/my\\/)|(\\.com\\/en-my\\/)|(\\.com\\/en_my\\/))", "nz": "((\\.nz\\/)|(\\.com\\/nz\\/))", "ng": "((\\.ng\\/)|(\\.com\\/ng\\/))", "nl": "((\\.nl\\/)|(\\.com\\/nl\\/)|(\\.com\\/nl-nl\\/)|(\\.com\\/nl_nl\\/))", "no": "((\\.no\\/)|(\\.com\\/no\\/)|(\\.com\\/no-no\\/)|(\\.com\\/no_no\\/))", "pe": "((\\.pe\\/)|(\\.com\\/pe\\/))", "pk": "((\\.pk\\/)|(\\.com\\/pk\\/))", "pl": "((\\.pl\\/)|(\\.com\\/pl\\/)|(\\.com\\/pl-pl\\/)|(\\.com\\/pl_pl\\/))", "pt": "((\\.pt\\/)|(\\.com\\/pt\\/)|(\\.com\\/pt-pt\\/)|(\\.com\\/pt_pt\\/))", "ro": "((\\.ro\\/)|(\\.com\\/ro\\/)|(\\.com\\/ro-ro\\/)|(\\.com\\/ro_ro\\/))", "rs": "((\\.rs\\/)|(\\.com\\/rs\\/))", "ru": "((\\.ru\\/)|(\\.com\\/ru\\/)|(\\.com\\/ru-ru\\/)|(\\.com\\/ru_ru\\/))", "si": "((\\.si\\/)|(\\.com\\/si\\/))", "sk": "((\\.sk\\/)|(\\.com\\/sk\\/))", "sa": "((\\.sa\\/)|(\\.com\\/sa\\/))", "se": "((\\.se\\/)|(\\.com\\/se\\/)|(\\.com\\/sv-se\\/)|(\\.com\\/sv_se\\/))", "sg": "((\\.sg\\/)|(\\.com\\/sg\\/)|(\\.com\\/en-sg\\/)|(\\.com\\/en_sg\\/))", "th": "((\\.th\\/)|(\\.com\\/th\\/))", "tr": "((\\.tr\\/)|(\\.com\\/tr\\/)|(\\.com\\/tr-tr\\/)|(\\.com\\/tr_tr\\/))", "tw": "((\\.tw\\/)|(\\.com\\/tw\\/))", "ua": "((\\.ua\\/)|(\\.com\\/ua\\/))", "vn": "((\\.vn\\/)|(\\.com\\/vn\\/))", "za": "((\\.za\\/)|(\\.com\\/za\\/))"}, "en_us_price_regex": "(((\\$|usd)\\s*\\d{1
3})|(\\d{1,3}\\s*(\\$|usd))|((\\$|cdn|(c\\s*\\$))\\s*\\d{1
3})|(\\d{1,3}\\s*(\\$|cdn|(c\\s*\\$)))|(((\\x{00a3}|gbp)\\s*\\d{1
3})|(\\d{1,3}\\s*(\\x{00a3}|gbp))))", "en_gb_price_regex": "(((\\$|usd)\\s*\\d{1
3})|(\\d{1,3}\\s*(\\$|usd))|((\\$|cdn|(c\\s*\\$))\\s*\\d{1
3})|(\\d{1,3}\\s*(\\$|cdn|(c\\s*\\$)))|(((\\x{00a3}|gbp)\\s*\\d{1
3})|(\\d{1,3}\\s*(\\x{00a3}|gbp))))", "en_ca_price_regex": "(((\\$|usd)\\s*\\d{1
3})|(\\d{1,3}\\s*(\\$|usd))|((\\$|cdn|(c\\s*\\$))\\s*\\d{1
3})|(\\d{1,3}\\s*(\\$|cdn|(c\\s*\\$)))|(((\\x{00a3}|gbp)\\s*\\d{1
3})|(\\d{1,3}\\s*(\\x{00a3}|gbp))))", "en_au_price_regex": "(((\\$|au|aud)\\s*\\d{1
3})|(\\d{1,3}\\s*(\\$|au|aud)))", "en_in_price_regex": "(((\\x{20B9}|rs|rs\\.)\\s*\\d{1
3})|(\\d{1,3}\\s*(\\x{20B9}|rs|rs\\.)))", "de_de_price_regex": "((\\d{1,3}\\s*(\\x{20ac}))|((\\x{20ac})\\s*\\d{1
3}))", "fr_fr_price_regex": "((\\d{1,3}\\s*(\\x{20ac}))|((\\x{20ac})\\s*\\d{1
3}))", "ja_jp_price_regex": "((\\d{1,3}\\s*(yen|\\x{5186}))|((\\x{ffe5}|\\x{00a5})\\s*\\d{1
3}))", "zh_cn_price_regex": "((\\d{1,3}\\s*\\x{5143})|((\\x{ffe5}|\\x{00a5}|rmb|cny)\\s*\\d{1
3}))", "es_mx_price_regex": "((\\d{1,3}\\s*(mxn|\\x{0024}))|((\\x{0024}\\s*mxn|\\x{0024}|mxn|mex\\s*\\x{0024})\\s*\\d{1
3}))", "es_es_price_regex": "((\\d{1,3}\\s*(eur|\\x{20ac}))|((eur|\\x{20ac})\\s*\\d{1
3}))", "es_us_price_regex": "(((\\$|usd)\\s*\\d{1
3})|(\\d{1,3}\\s*(\\$|usd))|((\\$|cdn|(c\\s*\\$))\\s*\\d{1
3})|(\\d{1,3}\\s*(\\$|cdn|(c\\s*\\$)))|(((\\x{00a3}|gbp)\\s*\\d{1
3})|(\\d{1,3}\\s*(\\x{00a3}|gbp))))", "en_us_product_terms": "((add\\s*to\\s*cart)|(add\\s*to\\s*basket)|(add\\s*to\\s*bag)|(buy\\s*it\\s*now)|(buy\\s*now)|(free\\s*delivery)|(free\\s*shipping)|(estimated\\s*delivery)|(out\\s*of\\s*stock)|(in\\s*stock)|(sold\\s*out)|(add\\s*to\\s*wish\\s*list)|((fastest|express|truck|for|home)\\s*delivery)|(standard\\s*shipping)|(ship\\s*it)|(find\\s*in\\s*another\\s*store)|((curbside|for|store)\\s*pickup)|((curbside|store)\\s*pick\\s*up)|(add\\s*to\\s*(list|wishlist|registry))|(only\\s*\\d{1,3}\\s*left)|(product\\s*(information|details|overview|specifications))|(pick\\s*up\\s*at\\s*store)|(special\\s*offer\\s*available)|(available\\s*to\\s*ship)|(size\\s*chart)|(about\\s*product)|(you\\s*may\\s*also\\s*like)|(find\\s*in\\s*store)|(also\\s*available)|(in\\s*store)|(about\\s*this\\s*product)|(check\\s*availability)|(vehicle\\s*details)|(vehicle\\s*features)|(contact\\s*dealer)|(confirm\\s*availability)|(vehicle\\s*info))", "en_gb_product_terms": "((add\\s*to\\s*cart)|(add\\s*to\\s*basket)|(add\\s*to\\s*bag)|(buy\\s*it\\s*now)|(buy\\s*now)|(free\\s*delivery)|(free\\s*shipping)|(estimated\\s*delivery)|(out\\s*of\\s*stock)|(in\\s*stock)|(sold\\s*out)|(add\\s*to\\s*wish\\s*list)|((fastest|express|truck|for|home)\\s*delivery)|(standard\\s*shipping)|(ship\\s*it)|(find\\s*in\\s*another\\s*store)|((curbside|for|store)\\s*pickup)|((curbside|store)\\s*pick\\s*up)|(add\\s*to\\s*(list|wishlist|registry))|(only\\s*\\d{1,3}\\s*left)|(product\\s*(information|details|overview|specifications))|(pick\\s*up\\s*at\\s*store)|(special\\s*offer\\s*available)|(available\\s*to\\s*ship)|(size\\s*chart)|(about\\s*product)|(you\\s*may\\s*also\\s*like)|(find\\s*in\\s*store)|(also\\s*available)|(in\\s*store)|(about\\s*this\\s*product)|(check\\s*availability)|(vehicle\\s*details)|(vehicle\\s*features)|(contact\\s*dealer)|(confirm\\s*availability)|(vehicle\\s*info))", "en_ca_product_terms": "((add\\s*to\\s*cart)|(add\\s*to\\s*basket)|(add\\s*to\\s*bag)|(buy\\s*it\\s*now)|(buy\\s*now)|(free\\s*delivery)|(free\\s*shipping)|(estimated\\s*delivery)|(out\\s*of\\s*stock)|(in\\s*stock)|(sold\\s*out)|(add\\s*to\\s*wish\\s*list)|((fastest|express|truck|for|home)\\s*delivery)|(standard\\s*shipping)|(ship\\s*it)|(find\\s*in\\s*another\\s*store)|((curbside|for|store)\\s*pickup)|((curbside|store)\\s*pick\\s*up)|(add\\s*to\\s*(list|wishlist|registry))|(only\\s*\\d{1,3}\\s*left)|(product\\s*(information|details|overview|specifications))|(pick\\s*up\\s*at\\s*store)|(special\\s*offer\\s*available)|(available\\s*to\\s*ship)|(size\\s*chart)|(about\\s*product)|(you\\s*may\\s*also\\s*like)|(find\\s*in\\s*store)|(also\\s*available)|(in\\s*store)|(about\\s*this\\s*product)|(check\\s*availability)|(vehicle\\s*details)|(vehicle\\s*features)|(contact\\s*dealer)|(confirm\\s*availability)|(vehicle\\s*info))", "en_au_product_terms": "((add\\s*to\\s*cart)|(add\\s*both\\s*to\\s*cart)|(add\\s*to\\s*basket)|(add\\s*to\\s*bag)|(buy\\s*it\\s*now)|(buy\\s*now)|(free\\s*delivery)|(free\\s*in(-*|\\s*)store\\s*pickup)|(free\\s*shipping)|(estimated\\s*delivery)|(out\\s*of\\s*stock)|(in\\s*stock)|(sold\\s*out)|(add\\s*to\\s*wish\\s*list)|((fastest|express|truck|for|home)\\s*delivery)|((standard|express)\\s*freight)|(standard\\s*shipping)|(ship\\s*it)|(find\\s*in\\s*another\\s*store)|((curbside|for|store)\\s*pickup)|((curbside|store)\\s*pick\\s*up)|((add|save)\\s*to\\s*(list|wishlist|registry|watchlist))|(only\\s*\\d{1,3}\\s*left)|(product\\s*(information|details|overview|specifications|highlights))|(pick\\s*up\\s*at\\s*store)|(special\\s*offer\\s*available)|(available\\s*to\\s*ship)|(size\\s*chart)|(about\\s*product)|(you\\s*may\\s*also\\s*like)|(find\\s*in\\s*store)|(also\\s*available)|(in\\s*store)|(about\\s*this\\s*product)|(check\\s*availability)|(click\\s*&\\s*collect)|(preorder\\s*now))", "en_in_product_terms": "((add\\s*to\\s*cart)|(add\\s*to\\s*(basket|closet))|(add\\s*to\\s*bag)|(buy\\s*it\\s*now)|(buy\\s*now)|(free\\s*delivery)|(free\\s*shipping)|((estimated|cashon)\\s*delivery)|(delivery\\s*by)|(out\\s*of\\s*stock)|(in\\s*stock)|(sold\\s*out)|(add\\s*to\\s*wish\\s*list)|((fastest|express|truck|for|home)\\s*delivery)|(delivery\\s*options)|((standard|express)\\s*(shipping|delivery))|(ship\\s*it)|(find\\s*in\\s*another\\s*store)|((curbside|for|store)\\s*pickup)|((curbside|store)\\s*pick\\s*up)|((add|save)\\s*to\\s*(list|wishlist|registry|closet))|(only\\s*\\d{1,3}\\s*left)|(product\\s*(information|details|overview|specifications|description))|(pick\\s*up\\s*at\\s*store)|(special\\s*offer\\s*available)|(available\\s*to\\s*ship)|(size\\s*chart)|((about|rate)\\s*product)|(you\\s*may\\s*also\\s*like)|(similar\\s*products)|(find\\s*in\\s*store)|(also\\s*available)|(in\\s*store)|(about\\s*this\\s*product)|(check\\s*availability)|(how\\s*to\\s*use)|(inclusive\\s*of\\s*all\\s*taxes)|(contact\\s*dealer)|(confirm\\s*availability)|(connect\\s*to\\s*a\\s*store)|(delivery\\s*and\\s*payment)|(product\\s*background))", "de_de_product_terms": "((in den\\s*kaufswagen\\s*hinzuf\u00fcgen)|(inden\\s*einkaufswagen\\s*hinzuf\u00fcgen)|(zum\\s*tasche\\s*hinzuf\u00fcgen)|(kauft\\s*es\\s*jetzt)|(jetzt\\s*kaufen)|(kostenlose\\s*lieferung)|(gratisversand)|(voraussichtliche\\s*lieferung)|(vergriffen)|(auf\\s*lager)|(ausverkauft)|(auf\\s*die\\s*liste)|((schnellster|express|lkw|f\u00fcr|zu hause)|(standard\\s*versand)|(versand\\s*es)|(finden sie\\s*in\\s*einemanderen\\s*gesch\u00e4ft)|(( bordsteinkante | abholung|im)\\s*laden)|((abholung|am)\\s*stra\u00dfenrand)|(auf\\s*die\\s*(liste| wunchzettel | registrierung))|(nur\\s*\\d{1,3}\\s*noch)|(produkt\\s*(informationen|details| \u00fcbersicht | spezifikationen))|(abholung\\s*vor\\s*ort)|(spezielle \\s* angebote)|(versand\\s* verf\u00fcgbarkeit)|(gr\u00f6\u00dfentabelle)|(\u00fcber\\s*produkt)|(k\u00f6nnten\\s*ihnen\\s*auch\\s*gefallen)|(im\\s*gesch\u00e4ft\\s*finden)|(auch\\s* verf\u00fcgbar)|(auf\\s*lager)|(\u00fcber \\s*diese\\s*produkt)|(verf\u00fcgbarkeit\\s*pr\u00fcfen)|(fahrzeugdaten)|(fahrzeugeigenschaften)|(kontakt \\s*h\u00e4ndler)|(verf\u00fcgbarkeit\\s*best\u00e4tigen)|(fahrzeuginformationen)))", "fr_fr_product_terms": "((ajouter\\s*au\\s*panier)|(ajoutez\\s*au\\s*panier)|(ajoutez\\s*au\\s*sac)|(achetez\\s*le\\s*maintenant)|(achetez\\s*maintenant)|(livraison\\s*gratuite)|(exp\u00e9dition\\s*gratuite)|(livraison\\s*estim\u00e9e)|(produit\\s*\u00e9puis\u00e9)|(en\\s*stock)|(\u00e9puis\u00e9)|(ajoutez\\s*\u00e0\\s*la\\s*wish\\s*list)|(livraison\\s*standard)|(livrez\\s*le)|(trouvez\\s*en\\s*un\\s*autre\\s*boutique)|((ramassage\\s*en\\s*bordure\\s*de\\s*rue)\\s*pour|magasin)|((cueillette\\s*en\\s*bordure\\s*de\\s*rue)\\s*en\\s*boutique)|(ajoutez\\s*\u00e0\\s*votre\\s*(liste|votre\\s*wishlist|votre\\s*registre))|((information\\s*de\\s*produit)|(d\u00e9tails\\s*de\\s*Produit)|(aper\u00e7u\\s*de\\s*produit)|(sp\u00e9cifications\\s*de\\s*produit))|(cueillette\\s*\u00e0\\s*boutique)|(offres\\s*sp\u00e9ciales\\s*disponible)|(accessible\\s*\u00e0\\s*livrer)|(guides\\s*des\\s*tailles)|(description\\s*produit)|(vous\\s*pourriez\\s*aussi\\s*aimer)|(trouvez\\s*en\\s*boutique)|(aussi\\s*disponible)|(en\\s*magasin)|(a\\s*propos\\s*de\\s*ce\\s*produit)|(v\u00e9rifiez\\s*disponibilit\u00e9)|(d\u00e9tails\\s*de\\s*v\u00e9hicule)|(caract\u00e9ristiques\\s*de\\s*v\u00e9hicule)|(contactez\\s*marchand)|(affirmez\\s*disponibilit\u00e9)|(information\\s*de\\s*v\u00e9hicule))", "ja_jp_product_terms": "((\\x{30ab}\\x{30fc}\\x{30c8}\\x{306b}\\x{5165}\\x{308c}\\x{308b})|(\\x{4eca}\\x{3059}\\x{3050}\\x{8cb7}\\x{3046})|((\\x{8a73}\\x{7d30})(\\x{60c5}\\x{5831}|\\x{30c7}\\x{30fc}\\x{30bf}))|(((\\x{30a2}\\x{30a4}\\x{30c6}\\x{30e0})|(\\x{5546}\\x{54c1}(\\x{306e}){0
1})|(\\x{57fa}\\x{672c})|(\\x{5185}\\x{5bb9}))((\\x{8aac}\\x{660e})|(\\x{60c5}\\x{5831})|(\\x{4ed5}\\x{69d8})))|(\\x{3054}\\x{8cfc}\\x{5165}\\x{624b}\\x{7d9a}\\x{304d}\\x{3078})|(\\x{30ab}\\x{30fc}\\x{30c8}\\x{306b}\\x{8ffd}\\x{52a0})|(\\x{9001}\\x{6599}\\x{7121}\\x{6599})|(\\x{767a}\\x{9001}\\x{4e88}\\x{5b9a})|(\\x{30d0}\\x{30b9}\\x{30b1}\\x{30c3}\\x{30c8}\\x{306b}\\x{5165}\\x{308c}\\x{308b})|(\\x{6ce8}\\x{610f})|(\\x{8cfc}\\x{5165}\\x{624b}\\x{7d9a}\\x{304d}\\x{3078})|(\\x{30d0}\\x{30b9}\\x{30b1}\\x{30c3}\\x{30c8}\\x{3092}\\x{898b}\\x{308b})|(\\x{8fd4}\\x{54c1}\\x{6761}\\x{4ef6})|(\\x{5728}\\x{5eab}\\x{3042}\\x{308a})|(\\x{30ab}\\x{30b4}\\x{306b}\\x{5165}\\x{308c}\\x{308b})|(\\x{30d0}\\x{30c3}\\x{30b0}\\x{306b}\\x{8ffd}\\x{52a0})|(\\x{5546}\\x{54c1}\\x{0051}\\x{0026}\\x{0041})|(\\x{3044}\\x{307e}\\x{3059}\\x{3050}\\x{8cfc}\\x{5165})|(\\x{5546}\\x{54c1}\\x{30b9}\\x{30da}\\x{30c3}\\x{30af})|(\\x{304a}\\x{652f}\\x{6255}\\x{65b9}\\x{6cd5})|(\\x{6ce8}\\x{610f}\\x{4e8b}\\x{9805})|(\\x{4ed5}\\x{69d8})|(\\x{914d}\\x{9001}\\x{65b9}\\x{6cd5})|(\\x{304b}\\x{3054}\\x{306b}\\x{5165}\\x{308c}\\x{308b})|(\\x{9001}\\x{6599})|(\\x{5728}\\x{5eab}\\x{72b6}\\x{6cc1})|(\\x{4f5c}\\x{54c1}\\x{5185}\\x{5bb9})|(((\\x{5546}\\x{54c1}(\\x{306e}){0
1})|(\\x{30a2}\\x{30a4}\\x{30c6}\\x{30e0}))(\\x{8a73}\\x{7d30}))|(\\x{756a}\\x{53f7})|(\\x{30b7}\\x{30e7}\\x{30c3}\\x{30d4}\\x{30f3}\\x{30b0}\\x{30d0}\\x{30c3}\\x{30b0}\\x{306b}\\x{5165}\\x{308c}\\x{308b})|(\\x{304a}\\x{6c17}\\x{306b}\\x{5165}\\x{308a}\\x{306b}\\x{8ffd}\\x{52a0})|(\\x{4fa1}\\x{683c}\\x{3092}\\x{78ba}\\x{8a8d})|(\\x{30ab}\\x{30fc}\\x{30c8}\\x{3078}\\x{9032}\\x{3080})|(\\x{30b5}\\x{30fc}\\x{30d3}\\x{30b9})|(\\x{5546}\\x{54c1}\\x{306e}\\x{767a}\\x{9001})|(\\x{5185}\\x{5bb9}\\x{7d39}\\x{4ecb})|(\\x{30ab}\\x{30fc}\\x{30c8}\\x{3078}\\x{5165}\\x{308c}\\x{308b})|(\\x{8cfc}\\x{5165}\\x{306f}\\x{3053}\\x{3061}\\x{3089}))", "zh_cn_product_terms": "((\\x{52a0}\\x{5165}\\x{8d2d}\\x{7269}\\x{8f66})|(\\x{73b0}\\x{5728}\\x{8d2d}\\x{4e70})|(\\x{73b0}\\x{5728}\\x{6709}\\x{8d27})|(\\x{52a0}\\x{5165}\\x{5fc3}\\x{613f}\\x{5355})|(\\x{7ecf}\\x{5e38}\\x{4e00}\\x{8d77}\\x{8d2d}\\x{4e70}\\x{7684}\\x{5546}\\x{54c1})|(\\x{514d}\\x{8d39}\\x{914d}\\x{9001})|(\\x{9884}\\x{8ba1}\\x{6700}\\x{5feb}\\x{9001}\\x{8fbe})|(\\x{6dfb}\\x{52a0}\\x{5230}\\x{8d2d}\\x{7269}\\x{888b})|(\\x{9884}\\x{8ba1}\\x{53d1}\\x{8d27}\\x{65e5}\\x{671f})|(\\x{514d}\\x{8d39}\\x{9001}\\x{8d27})|(\\x{514d}\\x{8fd0}\\x{8d39})|(\\x{6536}\\x{85cf}\\x{5546}\\x{54c1})|(\\x{5356}\\x{5149}\\x{4e86})|(\\x{67e5}\\x{770b}\\x{76f8}\\x{4f3c}\\x{4ea7}\\x{54c", "{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13339048500010053","alternate_error_pages":{"backup":true},"autocomplete":{"retention_policy_last_version":107},"autofill":{"orphan_rows_removed":true},"browser":{"available_dark_theme_options":"All","editor_proofing_languages":{"en":{"Grammar":false,"Spelling":false},"en-US":{"Grammar":true,"Spelling":true}},"has_seen_welcome_page":false,"hub_app_preferences":{},"hub_toggle_time":"13339048440497057","should_reset_check_default_browser":false,"show_hub_app_in_sidebar_buttons":{"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":0,"2354565a-f412-4654-b89c-f92eaa9dbd20":0,"2caf0cf4-ea42-4083-b928-29b39da1182b":0,"64be4f9b-3b81-4b6e-b354-0ba00d6ba485":0,"8682d0fa-50b3-4ece-aa5b-e0b33f9919e2":0,"8ac719c5-140b-4bf2-a0b7-c71617f1f377":0,"96defd79-4015-4a32-bd09-794ff72183ef":0,"9ce3c9c2-462f-4cc9-bbd7-57d656445be0":0},"time_of_last_normal_window_close":"13322933236939799","toolbar_extensions_hub_button_visibility":0,"window_placement":{"bottom":561,"left":10,"maximized":true,"right":1014,"top":10,"work_area_bottom":760,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":690,"browser_content_container_width":1234,"browser_content_container_x":0,"browser_content_container_y":70,"cached_fonts":{"search_results_page":{"fallback":[],"primary":["Roboto"]}},"collections":{"prism_collections":{"enabled":0,"policy":{"cached":0}},"rss_dev_feed":{"policy":{"cached":false}}},"commerce_daily_metrics_last_update_time":"13339048500010541","continuous_migration":{"advance_consent":{"browser_version":"100.0.1185.50","consented":0}},"countryid_at_install":21843,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13339048500010518"},"download":{"directory_upgrade":true,"last_complete_time":"13322933224658080"},"dual_engine":{"consumer_sitelist_location":"","consumer_sitelist_version":"","shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{"msa_sso_info":{"allow_for_non_msa_profile":true},"profile_sso_info":{"aad_sso_algo_state":1,"is_first_profile":true,"is_msa_first_profile":true,"msa_sso_algo_state":1},"profile_sso_option":1,"services":{"signin_scoped_device_id":"04c2bc3e-bfe4-4701-9205-414518894efe"},"vertical_tabs":{"feedback_do_not_show":true}},"edge_etree":{"task":{"status":"{\"tasks_status_update_time\":\"1694574840501\",\"tasks_update_time\":\"1694574840501\"}"}},"edge_rewards":{"cache_data":"CAA=","coachmark_muted_until_dict":{"amazon":"13303219003945806","lol":"13295640815542676","minecraft":"13295640815542678","natureConservancy":"13295640817776207","roblox":"13295640815542673","unicef":"13295640817776187","wikipedia":"13295640817776198"},"coachmark_promotions":{},"coachmark_shown_count_dict":{"amazon":0,"lol":0,"minecraft":0,"natureConservancy":0,"roblox":0,"unicef":0,"wikipedia":0},"coachmark_was_accepted_dict":{"amazon":false,"lol":false,"minecraft":false,"natureConservancy":false,"roblox":false,"unicef":false,"wikipedia":false},"hva_promotions":[],"opened_via_prototocol_launch":false,"refresh_status_muted_until":"13339653240257641"},"edge_vpn":{"available":true},"entity_extraction":{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1
3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1
3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1
3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1
3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1
3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}\\x{0627}\\x{062A}\\s*\\x{0627}\\x{0644}\\x{062A}\\x{0648}\\x{0635}\\x{064A}\\x{0644})|(\\x{0627}\\x{0644}\\x{062A}\\x{0648}\\x{0635}\\x{064A}\\x{0644}\\s*\\x{0641}\\x{064A}\\s*\\x{0646}\\x{0641}\\x{0633}\\s*\\x{0627}\\x{0644}\\x{064A}\\x{0648}\\x{0645}\\s*\\x{0645}\\x{062A}\\x{0627}\\x{062D}))"},"bg":{"price_regex":{"bg":"((\\d{1,3}\\s*(bgn|\\x{043B}\\x{0432}|\\x{043B}\\x{0432}\\.))|((bgn|\\x{043B}\\x{0432}|\\x{043B}\\x{0432}\\.)\\s*\\d{1
3}))"},"product_terms":"((\\x{0414}\\x{043E}\\x{0431}\\x{0430}\\x{0432}\\x{0438}\\s*\\x{0432}\\s*\\x{043A}\\x{043E}\\x{0448}\\x{043D}\\x{0438}\\x{0446}\\x{0430}\\x{0442}\\x{0430})|(\\x{0414}\\x{043E}\\x{0431}\\x{0430}\\x{0432}\\x{0438}\\s*\\x{0432}\\s*\\x{043A}\\x{043E}\\x{043B}\\x{0438}\\x{0447}\\x{043A}\\x{0430}\\x{0442}\\x{0430})|(\\x{0414}\\x{0440}\\x{0443}\\x{0433}\\x{0438}\\s*\\x{043E}\\x{0444}\\x{0435}\\x{0440}\\x{0442}\\x{0438})|(\\x{041F}\\x{043E}\\x{0434}\\x{043E}\\x{0431}\\x{043D}\\x{0438}\\s*\\x{043F}\\x{0440}\\x{043E}\\x{0434}\\x{0443}\\x{043A}\\x{0442}\\x{0438})|(\\x{0412}\\s*\\x{043D}\\x{0430}\\x{043B}\\x{0438}\\x{0447}\\x{043D}\\x{043E}\\x{0441}\\x{0442})|(\\x{041E}\\x{043F}\\x{0438}\\x{0441}\\x{0430}\\x{043D}\\x{0438}\\x{0435}\\s*\\x{043D}\\x{0430}\\s*\\x{043F}\\x{0440}\\x{043E}\\x{0434}\\x{0443}\\x{043A}\\x{0442}\\x{0430}))"},"bs":{"price_regex":{"ba":"((\\d{1,3}\\s*(bam|km|,-\\s*km))|((bam|km|,-\\s*km)\\s*\\d{1
3}))"},"product_terms":"((dodajte\\s*u\\s*korpu)|(dodaj\\s*u\\s*korpu)|(u\\s*ko\\x{0161}aricu)|(sli\\x{010D}nim\\s*proizvodima)|(opcije\\s*dostave)|(u\\s*prodavnici))"},"character_cutoff":400,"citations":{"domains":{"academic":["nih.gov","sciencedirect.com","lww.com","acs.org","sagepub.com","arxiv.org","tandfonline.com","semanticscholar.org","jstor.org","ieee.org","rsc.org","sciencemag.org","frontiersin.org","iop.org","pnas.org","europepmc.org","scitation.org","scirp.org","acm.org","ashpublications.org","ascopubs.org","oclc.org","osapublishing.org","osti.gov","repec.org","annualreviews.org","spiedigitallibrary.org","iaea.org","ascelibrary.org","philpapers.org","cabdirect.org","bioone.org","aom.org","onepetro.org","scilit.net","ajol.info","iiste.org","doaj.org","paperity.org","escholarship.org","emeraldgrouppublishing.com","irena.org","indianjournals.com","safetylit.org","link.springer.com","onlinelibrary.wiley.com","rd.springer.com","econpapers.repec.org","academic.oup.com","iopscience.iop.org","papers.ssrn.com","hdl.handle.net","aip.scitation.org","link.aps.org","pubs.rsc.org","doi.ieeecomputersociety.org","muse.jhu.edu","insights.ovid.com","insights.ovid.com","proceedings.spiedigitallibrary.org","espace.library.uq.edu.au","discovery.ucl.ac.uk","lirias.kuleuven.be","doi.acm.org","jhu.pure.elsevier.com","psycnet.apa.org","biblio.ugent.be","lup.lub.lu.se","journals.plos.org","research.monash.edu","experts.umn.edu","asmedigitalcollection.asme.org","moh-it.pure.elsevier.com","agupubs.onlinelibrary.wiley.com","scholars.northwestern.edu","proceedings.asmedigitalcollection.asme.org","export.arxiv.org","journals.lww.com","mdanderson.elsevierpure.com","digital-library.theiet.org","digital.csic.es","experts.illinois.edu","research.vu.nl","kclpure.kcl.ac.uk","research-repository.uwa.edu.au","synapse.koreamed.org","eprints.qut.edu.au","vbn.aau.dk","repository.tudelft.nl","iovs.arvojournals.org","mayoclinic.pure.elsevier.com","eprints.gla.ac.uk","download.atlantis-press.com","repub.eur.nl","researchers.mq.edu.au","chemistry-europe.onlinelibrary.wiley.com","content.sciendo.com","zora.uzh.ch","researchportal.helsinki.fi","content.iospress.com","file.scirp.org","helda.helsinki.fi","findresearcher.sdu.dk","eprints.whiterose.ac.uk","repository.cam.ac.uk","biomedcentral.com","bmj.com","mdpi.com","jamanetwork.com","plos.org","thelancet.com","ssrn.com","emerald.com","springeropen.com","liebertpub.com","degruyter.com","scientific.net","brill.com","allenpress.com","publons.com","spandidos-publications.com","eurekaselect.com","ingentaconnect.com","thieme-connect.com","ores.su","inderscienceonline.com","jcreview.com","research.ed.ac.uk","cancerres.aacrjournals.org","dro.deakin.edu.au","publications.hse.ru","research-collection.ethz.ch","biomedcentral.com"],"books":["studocu.com","libguides.com","nap.edu","intechopen.com","oreilly.com","books.openedition.org","taylorfrancis.com"],"newspapers":["cnn.com","nytimes.com","usatoday.com","nypost.com","washingtonpost.com","usnews.com","cbsnews.com","nbcnews.com","cnbc.com","bbc.com","latimes.com","newsweek.com","snopes.com","thehill.com","chron.com","time.com","apnews.com","indiatimes.com","bizjournals.com","cbc.ca","mercurynews.com","ndtv.com","abc7news.com","indianexpress.com","hindustantimes.com","uci.edu","fortune.com","straitstimes.com","businessinsider.in","businessinsider.in","channelnewsasia.com","financialexpress.com","financialexpress.com","livemint.com","mustsharenews.com","theindependent.sg"],"websites":["searchenginejournal.com","unenvironment.org","wikipedia.org","msn.com","reddit.com","fandom.com","pinterest.com","webmd.com","stackoverflow.com","healthline.com","weather.com","drugs.com","ny.gov","quora.com","cnet.com","cdc.gov","britannica.com","merriam-webster.com","forbes.com","wikihow.com","wa.gov","coursehero.com","fivethirtyeight.com","github.com","noaa.gov","timeanddate.com","thefreedictionary.com","dictionary.com","investopedia.com","goodreads.com","stackexchange.com","huffpost.com","medicalnewstoday.com","weather.gov","history.com","thoughtco.com","businessinsider.com","howtogeek.com","wunderground.com","npr.org","khanacademy.org","sfgate.com","usda.gov","theguardian.com","bloomberg.com","ed.gov","politico.com","psychologytoday.com","medium.com","kaiserpermanente.org","worldometers.info","urbandictionary.com","brainly.in","oregon.gov","pbs.org","archive.org","nps.gov","clevelandclinic.org","thespruce.com","marketwatch.com","purdue.edu","enotes.com","fool.com","hunker.com","w3schools.com","wiley.com","fda.gov","yourdictionary.com","sparknotes.com","nextdoor.com","docusign.com","wsj.com","reuters.com","nasa.gov","tutorialspoint.com","thebalance.com","biography.com","consumerreports.org","elsevier.com","livestrong.com","lumenlearning.com","nasdaq.com","geeksforgeeks.org","medicinenet.com","epa.gov","nationalgeographic.com","usgs.gov","worldatlas.com","prezi.com","socratic.org","springer.com","mathworks.com","slack.com","slate.com","statista.com","census.gov","slideshare.net","rei.com","nerdwallet.com","pge.com","osha.gov","doordash.com","howstuffworks.com","livescience.com","oregonlive.com","theatlantic.com","shutterstock.com","collinsdictionary.com","joebiden.com","familyhandyman.com","thebalancesmb.com","who.int","theverge.com","sciencing.com","vox.com","wiktionary.org","variety.com","scribd.com","insider.com","bobvila.com","archives.gov","boredpanda.com","nwcg.gov","alltrails.com","computerhope.com","medscape.com","bls.gov","libretexts.org","medlineplus.gov","nymag.com","angieslist.com","seekingalpha.com","europa.eu","loc.gov","sec.gov","inc.com","unsplash.com","apa.org","wikimedia.org","wired.com","popularmechanics.com","worldpopulationreview.com","askubuntu.com","everydayhealth.com","smithsonianmag.com","aljazeera.com","nist.gov","mentalfloss.com","turnitin.com","worldcat.org","coursera.org","sciencedaily.com","gizmodo.com","nationalgeographic.org","superuser.com","issuu.com","techtarget.com","guru99.com","encyclopedia.com","codeproject.com","colorado.edu","ti.com","macrotrends.net","serverfault.com","phys.org","theculturetrip.com","ancient.eu","space.com","pewresearch.org","theconversation.com","atlassian.com","scribbr.com","uchicago.edu","c-sharpcorner.com","weforum.org","energy.gov","deloitte.com","entrepreneur.com","nature.com","jetbrains.com","towardsdatascience.com","engineeringtoolbox.com","cloudfront.net","fastcompany.com","scientificamerican.com","imgur.com","economist.com","prnewswire.com","pypi.org","tutsplus.com","hbr.org","actblue.com","ft.com","gatech.edu","udemy.com","worldbank.org","airnow.gov","toppr.com","android.com","fiverr.com","cmu.edu","vice.com","brookings.edu","axios.com","travelandleisure.com","mysql.com","barrons.com","tradingeconomics.com","uc.edu","ukessays.com","eia.gov","git-scm.com","lonelyplanet.com","javatpoint.com","freepik.com","ahajournals.org","businesswire.com","crunchbase.com","trane.com","atlasobscura.com","techcrunch.com","npmjs.com","cyberciti.biz","programiz.com","simplypsychology.org","hindawi.com","techopedia.com","digitalocean.com","cell.com","uakron.edu","calendly.com","asp.net","freecodecamp.org","physicsclassroom.com","globenewswire.com","baeldung.com","dzone.com","thomasnet.com","fao.org","w3resource.com","overleaf.com","iqair.com","flaticon.com","caltech.edu","universityofcalifornia.edu","purpleair.com","ourworldindata.org","fueleconomy.gov","mckinsey.com","treehugger.com","uchealth.com","allaboutcircuits.com","dev.to","nrc.gov","tecmint.com","amazonaws.com","getbootstrap.com","electrek.co","questia.com","spacex.com","gitlab.com","php.net","sciencealert.com","qz.com","linuxize.com","universetoday.com","envato.com","codepen.io","realpython.com","oecd.org","asme.org","webofknowledge.com","docusign.net","energysage.com","ebsco.com","sci-hub.se","softwaretestinghelp.com","earthsky.org","mendeley.com","edureka.co","sitepoint.com","css-tricks.com","owler.com","techonthenet.com","tensorflow.org","phoenixnap.com","newyorker.com","lennox.com","mongodb.com","insideevs.com","ethz.ch","cloudflare.com","worldwildlife.org","newscientist.com","jquery.com","doe.gov","oberlo.com","improvenet.com","energystar.gov","w3.org","greenbuildingadvisor.com","kaggle.com","codecademy.com","directenergy.com","g2.com","discovermagazine.com","fixr.com","wpbeginner.com","datacamp.com","influencermarketinghub.com","ebscohost.com","solarreviews.com","academic-accelerator.com","reactjs.org","ibisworld.com","proquest.com","fontawesome.com","timeshighereducation.com","cleantechnica.com","streetdirectory.com","journaldev.com","futurism.com","nwf.org","anl.gov","aqicn.org","constellation.com","wordstream.com","stackabuse.com","buffer.com","lbl.gov","machinelearningmastery.com","interestingengineering.com","pluralsight.com","monash.edu","analyticsvidhya.com","mysqltutorial.org","nrdc.org","igi-global.com","esa.int","electronics-tutorials.ws","scimagojr.com","yourstory.com","panopto.com","ornl.gov","modernize.com","gale.com","themeforest.net","nrel.gov","greencarreports.com","colorlib.com","teamtreehouse.com","cas.org","sgpbusiness.com","tutorialsteacher.com","scielo.br","intellipaat.com","templatemonster.com","ucsusa.org","beginnersbook.com","ahrefs.com","toptal.com","bitdegree.org","mongabay.com","pnnl.gov","orcid.org","explainthatstuff.com","sproutsocial.com","iea.org","clarivate.com","worldscientific.com","dribbble.com","compactappliance.com","asm-air.com","rug.nl","dovepress.com","editage.com","asiaone.com","mdbootstrap.com","laravel.com","archives-ouvertes.fr","a-z-animals.com","scopus.com","cloudways.com","libgen.rs","tutorialrepublic.com","energyvanguard.com","sanfoundry.com","ocbc.com","smashingmagazine.com","civilica.com","sci-hub.st","energyeducation.ca","greentechmedia.com","jsfiddle.net","cqvip.com","buildinggreen.com","solarpowerworldonline.com","wri.org","semrush.com","energycentral.com","theworldcounts.com","iucn.org","xspdf.com","gtmetrix.com","springernature.com","infona.pl","panda.org","edf.org","batteryuniversity.com","seaworld.org","singtel.com","world-nuclear.org","codecanyon.net","businessofapps.com","emarketer.com","heinonline.org","thesmartlocal.com","doi.org","letpub.com","greencarcongress.com","sgx.com","waset.org","power-technology.com","moz.com","laracasts.com","goodyfeed.com","iucnredlist.org","codegrepper.com","renewableenergyworld.com","resurchify.com","editorialmanager.com","pv-magazine.com","mewatch.sg","mothership.sg","dblp.org","defenders.org","taylorandfrancis.com","theseus.fi","inspirehep.net","todayonline.com","atlantis-press.com","cairn.info","narcis.nl","seia.org","openei.org","talis.com","saveonenergy.com","arxiv-vanity.com","computer.org","openathens.net","starhub.com","bbcol", "{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))"
"dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))"
"eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))"
"ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))"
"sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"}
"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}\\x{0627}\\x{062A}\\s*\\x{0627}\\x{0644}\\x{062A}\\x{0648}\\x{0635}\\x{064A}\\x{0644})|(\\x{0627}\\x{0644}\\x{062A}\\x{0648}\\x{0635}\\x{064A}\\x{0644}\\s*\\x{0641}\\x{064A}\\s*\\x{0646}\\x{0641}\\x{0633}\\s*\\x{0627}\\x{0644}\\x{064A}\\x{0648}\\x{0645}\\s*\\x{0645}\\x{062A}\\x{0627}\\x{062D}))"}
"bg":{"price_regex":{"bg":"((\\d{1,3}\\s*(bgn|\\x{043B}\\x{0432}|\\x{043B}\\x{0432}\\.))|((bgn|\\x{043B}\\x{0432}|\\x{043B}\\x{0432}\\.)\\s*\\d{1,3}))"}
"product_terms":"((\\x{0414}\\x{043E}\\x{0431}\\x{0430}\\x{0432}\\x{0438}\\s*\\x{0432}\\s*\\x{043A}\\x{043E}\\x{0448}\\x{043D}\\x{0438}\\x{0446}\\x{0430}\\x{0442}\\x{0430})|(\\x{0414}\\x{043E}\\x{0431}\\x{0430}\\x{0432}\\x{0438}\\s*\\x{0432}\\s*\\x{043A}\\x{043E}\\x{043B}\\x{0438}\\x{0447}\\x{043A}\\x{0430}\\x{0442}\\x{0430})|(\\x{0414}\\x{0440}\\x{0443}\\x{0433}\\x{0438}\\s*\\x{043E}\\x{0444}\\x{0435}\\x{0440}\\x{0442}\\x{0438})|(\\x{041F}\\x{043E}\\x{0434}\\x{043E}\\x{0431}\\x{043D}\\x{0438}\\s*\\x{043F}\\x{0440}\\x{043E}\\x{0434}\\x{0443}\\x{043A}\\x{0442}\\x{0438})|(\\x{0412}\\s*\\x{043D}\\x{0430}\\x{043B}\\x{0438}\\x{0447}\\x{043D}\\x{043E}\\x{0441}\\x{0442})|(\\x{041E}\\x{043F}\\x{0438}\\x{0441}\\x{0430}\\x{043D}\\x{0438}\\x{0435}\\s*\\x{043D}\\x{0430}\\s*\\x{043F}\\x{0440}\\x{043E}\\x{0434}\\x{0443}\\x{043A}\\x{0442}\\x{0430}))"}
"bs":{"price_regex":{"ba":"((\\d{1,3}\\s*(bam|km|,-\\s*km))|((bam|km|,-\\s*km)\\s*\\d{1,3}))"}
"product_terms":"((dodajte\\s*u\\s*korpu)|(dodaj\\s*u\\s*korpu)|(u\\s*ko\\x{0161}aricu)|(sli\\x{010D}nim\\s*proizvodima)|(opcije\\s*dostave)|(u\\s*prodavnici))"}
"character_cutoff":400
"citations":{"domains":{"academic":["nih.gov"
"sciencedirect.com"
"lww.com"
"acs.org"
"sagepub.com"
"arxiv.org"
"tandfonline.com"
"semanticscholar.org"
"jstor.org"
"ieee.org"
"rsc.org"
"sciencemag.org"
"frontiersin.org"
"iop.org"
"pnas.org"
"europepmc.org"
"scitation.org"
"scirp.org"
"acm.org"
"ashpublications.org"
"ascopubs.org"
"oclc.org"
"osapublishing.org"
"osti.gov"
"repec.org"
"annualreviews.org"
"spiedigitallibrary.org"
"iaea.org"
"ascelibrary.org"
"philpapers.org"
"cabdirect.org"
"bioone.org"
"aom.org"
"onepetro.org"
"scilit.net"
"ajol.info"
"iiste.org"
"doaj.org"
"paperity.org"
"escholarship.org"
"emeraldgrouppublishing.com"
"irena.org"
"indianjournals.com"
"safetylit.org"
"link.springer.com"
"onlinelibrary.wiley.com"
"rd.springer.com"
"econpapers.repec.org"
"academic.oup.com"
"iopscience.iop.org"
"papers.ssrn.com"
"hdl.handle.net"
"aip.scitation.org"
"link.aps.org"
"pubs.rsc.org"
"doi.ieeecomputersociety.org"
"muse.jhu.edu"
"insights.ovid.com"
"insights.ovid.com"
"proceedings.spiedigitallibrary.org"
"espace.library.uq.edu.au"
"discovery.ucl.ac.uk"
"lirias.kuleuven.be"
"doi.acm.org"
"jhu.pure.elsevier.com"
"psycnet.apa.org"
"biblio.ugent.be"
"lup.lub.lu.se"
"journals.plos.org"
"research.monash.edu"
"experts.umn.edu"
"asmedigitalcollection.asme.org"
"moh-it.pure.elsevier.com"
"agupubs.onlinelibrary.wiley.com"
"scholars.northwestern.edu"
"proceedings.asmedigitalcollection.asme.org"
"export.arxiv.org"
"journals.lww.com"
"mdanderson.elsevierpure.com"
"digital-library.theiet.org"
"digital.csic.es"
"experts.illinois.edu"
"research.vu.nl"
"kclpure.kcl.ac.uk"
"research-repository.uwa.edu.au"
"synapse.koreamed.org"
"eprints.qut.edu.au"
"vbn.aau.dk"
"repository.tudelft.nl"
"iovs.arvojournals.org"
"mayoclinic.pure.elsevier.com"
"eprints.gla.ac.uk"
"download.atlantis-press.com"
"repub.eur.nl"
"researchers.mq.edu.au"
"chemistry-europe.onlinelibrary.wiley.com"
"content.sciendo.com"
"zora.uzh.ch"
"researchportal.helsinki.fi"
"content.iospress.com"
"file.scirp.org"
"helda.helsinki.fi"
"findresearcher.sdu.dk"
"eprints.whiterose.ac.uk"
"repository.cam.ac.uk"
"biomedcentral.com"
"bmj.com"
"mdpi.com"
"jamanetwork.com"
"plos.org"
"thelancet.com"
"ssrn.com"
"emerald.com"
"springeropen.com"
"liebertpub.com"
"degruyter.com"
"scientific.net"
"brill.com"
"allenpress.com"
"publons.com"
"spandidos-publications.com"
"eurekaselect.com"
"ingentaconnect.com"
"thieme-connect.com"
"ores.su"
"inderscienceonline.com"
"jcreview.com"
"research.ed.ac.uk"
"cancerres.aacrjournals.org"
"dro.deakin.edu.au"
"publications.hse.ru"
"research-collection.ethz.ch"
"biomedcentral.com"]
"books":["studocu.com"
"libguides.com"
"nap.edu"
"intechopen.com"
"oreilly.com"
"books.openedition.org"
"taylorfrancis.com"]
"newspapers":["cnn.com"
"nytimes.com"
"usatoday.com"
"nypost.com"
"washingtonpost.com"
"usnews.com"
"cbsnews.com"
"nbcnews.com"
"cnbc.com"
"bbc.com"
"latimes.com"
"newsweek.com"
"snopes.com"
"thehill.com"
"chron.com"
"time.com"
"apnews.com"
"indiatimes.com"
"bizjournals.com"
"cbc.ca"
"mercurynews.com"
"ndtv.com"
"abc7news.com"
"indianexpress.com"
"hindustantimes.com"
"uci.edu"
"fortune.com"
"straitstimes.com"
"businessinsider.in"
"businessinsider.in"
"channelnewsasia.com"
"financialexpress.com"
"financialexpress.com"
"livemint.com"
"mustsharenews.com"
"theindependent.sg"]
"websites":["searchenginejournal.com"
"unenvironment.org"
"wikipedia.org"
"msn.com"
"reddit.com"
"fandom.com"
"pinterest.com"
"webmd.com"
"stackoverflow.com"
"healthline.com"
"weather.com"
"drugs.com"
"ny.gov"
"quora.com"
"cnet.com"
"cdc.gov"
"britannica.com"
"merriam-webster.com"
"forbes.com"
"wikihow.com"
"wa.gov"
"coursehero.com"
"fivethirtyeight.com"
"github.com"
"noaa.gov"
"timeanddate.com"
"thefreedictionary.com"
"dictionary.com"
"investopedia.com"
"goodreads.com"
"stackexchange.com"
"huffpost.com"
"medicalnewstoday.com"
"weather.gov"
"history.com"
"thoughtco.com"
"businessinsider.com"
"howtogeek.com"
"wunderground.com"
"npr.org"
"khanacademy.org"
"sfgate.com"
"usda.gov"
"theguardian.com"
"bloomberg.com"
"ed.gov"
"politico.com"
"psychologytoday.com"
"medium.com"
"kaiserpermanente.org"
"worldometers.info"
"urbandictionary.com"
"brainly.in"
"oregon.gov"
"pbs.org"
"archive.org"
"nps.gov"
"clevelandclinic.org"
"thespruce.com"
"marketwatch.com"
"purdue.edu"
"enotes.com"
"fool.com"
"hunker.com"
"w3schools.com"
"wiley.com"
"fda.gov"
"yourdictionary.com"
"sparknotes.com"
"nextdoor.com"
"docusign.com"
"wsj.com"
"reuters.com"
"nasa.gov"
"tutorialspoint.com"
"thebalance.com"
"biography.com"
"consumerreports.org"
"elsevier.com"
"livestrong.com"
"lumenlearning.com"
"nasdaq.com"
"geeksforgeeks.org"
"medicinenet.com"
"epa.gov"
"nationalgeographic.com"
"usgs.gov"
"worldatlas.com"
"prezi.com"
"socratic.org"
"springer.com"
"mathworks.com"
"slack.com"
"slate.com"
"statista.com"
"census.gov"
"slideshare.net"
"rei.com"
"nerdwallet.com"
"pge.com"
"osha.gov"
"doordash.com"
"howstuffworks.com"
"livescience.com"
"oregonlive.com"
"theatlantic.com"
"shutterstock.com"
"collinsdictionary.com"
"joebiden.com"
"familyhandyman.com"
"thebalancesmb.com"
"who.int"
"theverge.com"
"sciencing.com"
"vox.com"
"wiktionary.org"
"variety.com"
"scribd.com"
"insider.com"
"bobvila.com"
"archives.gov"
"boredpanda.com"
"nwcg.gov"
"alltrails.com"
"computerhope.com"
"medscape.com"
"bls.gov"
"libretexts.org"
"medlineplus.gov"
"nymag.com"
"angieslist.com"
"seekingalpha.com"
"europa.eu"
"loc.gov"
"sec.gov"
"inc.com"
"unsplash.com"
"apa.org"
"wikimedia.org"
"wired.com"
"popularmechanics.com"
"worldpopulationreview.com"
"askubuntu.com"
"everydayhealth.com"
"smithsonianmag.com"
"aljazeera.com"
"nist.gov"
"mentalfloss.com"
"turnitin.com"
"worldcat.org"
"coursera.org"
"sciencedaily.com"
"gizmodo.com"
"nationalgeographic.org"
"superuser.com"
"issuu.com"
"techtarget.com"
"guru99.com"
"encyclopedia.com"
"codeproject.com"
"colorado.edu"
"ti.com"
"macrotrends.net"
"serverfault.com"
"phys.org"
"theculturetrip.com"
"ancient.eu"
"space.com"
"pewresearch.org"
"theconversation.com"
"atlassian.com"
"scribbr.com"
"uchicago.edu"
"c-sharpcorner.com"
"weforum.org"
"energy.gov"
"deloitte.com"
"entrepreneur.com"
"nature.com"
"jetbrains.com"
"towardsdatascience.com"
"engineeringtoolbox.com"
"cloudfront.net"
"fastcompany.com"
"scientificamerican.com"
"imgur.com"
"economist.com"
"prnewswire.com"
"pypi.org"
"tutsplus.com"
"hbr.org"
"actblue.com"
"ft.com"
"gatech.edu"
"udemy.com"
"worldbank.org"
"airnow.gov"
"toppr.com"
"android.com"
"fiverr.com"
"cmu.edu"
"vice.com"
"brookings.edu"
"axios.com"
"travelandleisure.com"
"mysql.com"
"barrons.com"
"tradingeconomics.com"
"uc.edu"
"ukessays.com"
"eia.gov"
"git-scm.com"
"lonelyplanet.com"
"javatpoint.com"
"freepik.com"
"ahajournals.org"
"businesswire.com"
"crunchbase.com"
"trane.com"
"atlasobscura.com"
"techcrunch.com"
"npmjs.com"
"cyberciti.biz"
"programiz.com"
"simplypsychology.org"
"hindawi.com"
"techopedia.com"
"digitalocean.com"
"cell.com"
"uakron.edu"
"calendly.com"
"asp.net"
"freecodecamp.org"
"physicsclassroom.com"
"globenewswire.com"
"baeldung.com"
"dzone.com"
"thomasnet.com"
"fao.org"
"w3resource.com"
"overleaf.com"
"iqair.com"
"flaticon.com"
"caltech.edu"
"universityofcalifornia.edu"
"purpleair.com"
"ourworldindata.org"
"fueleconomy.gov"
"mckinsey.com"
"treehugger.com"
"uchealth.com"
"allaboutcircuits.com"
"dev.to"
"nrc.gov"
"tecmint.com"
"amazonaws.com"
"getbootstrap.com"
"electrek.co"
"questia.com"
"spacex.com"
"gitlab.com"
"php.net"
"sciencealert.com"
"qz.com"
"linuxize.com"
"universetoday.com"
"envato.com"
"codepen.io"
"realpython.com"
"oecd.org"
"asme.org"
"webofknowledge.com"
"docusign.net"
"energysage.com"
"ebsco.com"
"sci-hub.se"
"softwaretestinghelp.com"
"earthsky.org"
"mendeley.com"
"edureka.co"
"sitepoint.com"
"css-tricks.com"
"owler.com"
"techonthenet.com"
"tensorflow.org"
"phoenixnap.com"
"newyorker.com"
"lennox.com"
"mongodb.com"
"insideevs.com"
"ethz.ch"
"cloudflare.com"
"worldwildlife.org"
"newscientist.com"
"jquery.com"
"doe.gov"
"oberlo.com"
"improvenet.com"
"energystar.gov"
"w3.org"
"greenbuildingadvisor.com"
"kaggle.com"
"codecademy.com"
"directenergy.com"
"g2.com"
"discovermagazine.com"
"fixr.com"
"wpbeginner.com"
"datacamp.com"
"influencermarketinghub.com"
"ebscohost.com"
"solarreviews.com"
"academic-accelerator.com"
"reactjs.org"
"ibisworld.com"
"proquest.com"
"fontawesome.com"
"timeshighereducation.com"
"cleantechnica.com"
"streetdirectory.com"
"journaldev.com"
"futurism.com"
"nwf.org"
"anl.gov"
"aqicn.org"
"constellation.com"
"wordstream.com"
"stackabuse.com"
"buffer.com"
"lbl.gov"
"machinelearningmastery.com"
"interestingengineering.com"
"pluralsight.com"
"monash.edu"
"analyticsvidhya.com"
"mysqltutorial.org"
"nrdc.org"
"igi-global.com"
"esa.int"
"electronics-tutorials.ws"
"scimagojr.com"
"yourstory.com"
"panopto.com"
"ornl.gov"
"modernize.com"
"gale.com"
"themeforest.net"
"nrel.gov"
"greencarreports.com"
"colorlib.com"
"teamtreehouse.com"
"cas.org"
"sgpbusiness.com"
"tutorialsteacher.com"
"scielo.br"
"intellipaat.com"
"templatemonster.com"
"ucsusa.org"
"beginnersbook.com"
"ahrefs.com"
"toptal.com"
"bitdegree.org"
"mongabay.com"
"pnnl.gov"
"orcid.org"
"explainthatstuff.com"
"sproutsocial.com"
"iea.org"
"clarivate.com"
"worldscientific.com"
"dribbble.com"
"compactappliance.com"
"asm-air.com"
"rug.nl"
"dovepress.com"
"editage.com"
"asiaone.com"
"mdbootstrap.com"
"laravel.com"
"archives-ouvertes.fr"
"a-z-animals.com"
"scopus.com"
"cloudways.com"
"libgen.rs"
"tutorialrepublic.com"
"energyvanguard.com"
"sanfoundry.com"
"ocbc.com"
"smashingmagazine.com"
"civilica.com"
"sci-hub.st"
"energyeducation.ca"
"greentechmedia.com"
"jsfiddle.net"
"cqvip.com"
"buildinggreen.com"
"solarpowerworldonline.com"
"wri.org"
"semrush.com"
"energycentral.com"
"theworldcounts.com"
"iucn.org"
"xspdf.com"
"gtmetrix.com"
"springernature.com"
"infona.pl"
"panda.org"
"edf.org"
"batteryuniversity.com"
"seaworld.org"
"singtel.com"
"world-nuclear.org"
"codecanyon.net"
"businessofapps.com"
"emarketer.com"
"heinonline.org"
"thesmartlocal.com"
"doi.org"
"letpub.com"
"greencarcongress.com"
"sgx.com"
"waset.org"
"power-technology.com"
"moz.com"
"laracasts.com"
"goodyfeed.com"
"iucnredlist.org"
"codegrepper.com"
"renewableenergyworld.com"
"resurchify.com"
"editorialmanager.com"
"pv-magazine.com"
"mewatch.sg"
"mothership.sg"
"dblp.org"
"defenders.org"
"taylorandfrancis.com"
"theseus.fi"
"inspirehep.net"
"todayonline.com"
"atlantis-press.com"
"cairn.info"
"narcis.nl"
"seia.org"
"openei.org"
"talis.com"
"saveonenergy.com"
"arxiv-vanity.com"
"computer.org"
"openathens.net"
"starhub.com"
"bbcollab.com"
"exlibrisgroup.com"
"solarpowerrocks.com"
"energyusecalculator.com"
"web.dev"
"crossref.org"
"earthled.com"
"awf.org"
"manuscriptcentral.com"
"issn.org"
"wikidata.org"
"educative.io"
"tnp.sg"
"tnp.sg"
"wikicn.top"
"aceee.org"
"inderscience.com"
"copyright.com"
"8days.sg"
"osf.io"
"awionline.org"
"pimido.com"
"capitaland.com"
"neliti.com"
"visitsingapore.com"
"seedly.sg"
"singaporelegaladvice.com"
"easychair.org"
"healthhub.sg"
"figshare.com"
"sginvestors.io"
"ntuclearninghub.com"
"sci-hub.tw"
"iaeme.com"
"dollarsandsense.sg"
"skillsfuture.sg"
"centralhtg.com"
"danielfooddiary.com"
"dsireusa.org"
"onlinecitizenasia.com"
"ilovephd.com"
"uobgroup.com"
"energydepot.com"
"burpple.com"
"thehoneycombers.com"
"cheric.org"
"ieice.org"
"serialssolutions.com"
"wappalyzer.com"
"myskillsfuture.sg"
"yuntsg.com"
"foodpanda.sg"
"karger.com"
"misstamchiak.com"
"list-manage.com"
"em-consulte.com"
"moneysmart.sg"
"gumtree.sg"
"emeraldinsight.com"
"edgeprop.sg"
"rikvin.com"
"sgpgrid.com"
"singaporelawwatch.sg"
"growkudos.com"
"thetopsites.net"
"sethlui.com"
"els-cdn.com"
"internauka.org"
"corporateservices.com"
"evise.com"
"ndsl.kr"
"ebsco.zone"
"medes.com"
"enets.sg"
"sphdigital.com"
"air-n-water.com"
"dissem.in"
"indexcopernicus.com"
"scirate.com"
"sciencedirectassets.com"
"libkey.io"
"mycareersfuture.sg"
"scopusfeedback.com"
"smeportal.sg"
"appointeze.com"
"ncbi.nlm.nih.gov"
"ui.adsabs.harvard.edu"
"dblp.uni-trier.de"
"patents.google.com"
"eric.ed.gov"
"trid.trb.org"
"pubag.nal.usda.gov"
"pure.mpg.de"
"ethos.bl.uk"
"meetings.aps.org"
"experts.umich.edu"
"research.manchester.ac.uk"
"hub.hku.hk"
"repository.ubn.ru.nl"
"orbi.uliege.be"
"shodhganga.inflibnet.ac.in"
"confit.atlas.jp"
"portal.research.lu.se"
"dspace.library.uu.nl"
"findanexpert.unimelb.edu.au"
"boris.unibe.ch"
"eprint.ncl.ac.uk"
"search.datacite.org"]}}
"country_utf16_currency_map":{"AED":"\\x{062F}\\x{002E}\\x{0625}"
"AFN":"\\x{0041}\\x{0066}"
"ALL":"\\x{004C}"
"AMD":"\\x{0534}"
"AOA":"\\x{004B}\\x{007A}"
"AWG":"\\x{0192}"
"AZN":"\\x{043C}\\x{0430}\\x{043D}"
"BAM":"\\x{041A}\\x{041C}"
"BDT":"\\x{09F3}"
"BGN":"\\x{043B}\\x{0432}"
"BHD":"\\x{0628}\\x{002E}\\x{062F}"
"BIF":"\\x{20A3}"
"BOB":"\\x{0042}\\x{0073}\\x{002E}"
"BSD":"\\x{0024}"
"BWP":"\\x{0050}"
"BYN":"\\x{0042}\\x0072}"
"BZD":"\\x{0024}"
"CDF":"\\x{20A3}"
"CHF":"\\x{20A3}"
"CNY":"\\x{00A5}"
"CRC":"\\x{20A1}"
"CZK":"\\x{004B}\\x{010D}"
"DJF":"\\x{20A3}\\x{000A}"
"DKK":"\\x{006B}\\x{0072}"
"DZD":"\\x{062F}\\x{002E}\\x{062C}"
"EGP":"\\x{00a3}"
"ERN":"\\x{004E}\\x{0066}\\x{006B}"
"EUR":"\\x{20AC}"
"FKP":"\\x{00a3}"
"GBP":"\\x{00a3}"
"GEL":"\\x{10DA}"
"GHS":"\\x{20B5}"
"GIP":"\\x{00a3}"
"GMD":"\\x{0044}"
"GNF":"\\x{20A3}"
"GTQ":"\\x{0051}"
"HNL":"\\x{004c}"
"HRK":"\\x{004B}\\x{006E}"
"HTG":"\\x{0047}"
"HUF":"\\x{0046}\\x{0074}"
"IDR":"\\x{0052}\\x{0070}"
"ILS":"\\x{20AA}"
"INR":"\\x{20B9}"
"IQD":"\\x{0639}\\x{002E}\\x{062F}"
"IRR":"\\x{FDFC}"
"ISK":"\\x{04B}\\x{0072}"
"JOD":"\\x{062F}\\x{002E}\\x{0627}"
"JPY":"\\x{00A5}"
"KES":"\\x{0053}\\x{0068}"
"KHR":"\\x{17DB}"
"KPW":"\\x{20A9}"
"KRW":"\\x{20A9}"
"KWD":"\\x{062F}\\x{002E}\\x{0643}"
"KZT":"\\x{3012}"
"LAK":"\\x{20ad}"
"LBP":"\\x{0644}\\x{002E}\\x{0644}"
"LKR":"\\x{0052}\\x{0073}"
"LSL":"\\x{004C}"
"LYD":"\\x{0644}\\x{002E}\\x{062F}"
"MAD":"\\x{062F}\\x{002E}\\x{0645}\\x{002E}"
"MDL":"\\x{004C}"
"MKD" - source
- File/Memory
- relevance
- 10/10
- ATT&CK ID
- T1140 (Show technique in the MITRE ATT&CK™ matrix)
-
Contains escaped byte string (often part of obfuscated shellcode)
-
External Systems
-
Detected Suricata Alert
- details
-
Detected alert "ET TOR Known Tor Exit Node Traffic group 36" (SID: 2520035, Rev: 5239, Severity: 2) categorized as "Misc Attack"
Detected alert "ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 36" (SID: 2522035, Rev: 5239, Severity: 2) categorized as "Misc Attack"
Detected alert "ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 273" (SID: 2522272, Rev: 5239, Severity: 2) categorized as "Misc Attack"
Detected alert "ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 753" (SID: 2522752, Rev: 5239, Severity: 2) categorized as "Misc Attack"
Detected alert "ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 742" (SID: 2522741, Rev: 5239, Severity: 2) categorized as "Misc Attack"
Detected alert "ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 466" (SID: 2522465, Rev: 5239, Severity: 2) categorized as "Misc Attack" - source
- Suricata Alerts
- relevance
- 10/10
-
Detected Suricata Alert
-
General
-
Found a potential E-Mail address in binary/memory
- details
- Pattern match: "name@example.com"
- source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1114 (Show technique in the MITRE ATT&CK™ matrix)
-
GETs files from a webserver
- details
-
"GET / HTTP/1.1
Host: driftstreams.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9" Response ==> HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue
12 Sep 2023 20:02:41 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 318
Connection: keep-alive
Location: http://www.driftstreams.com/
Age: 6590
X-Cache: HIT with response body ==>3C21444F43545950452048544D4C205055424C494320222D2F2F494554462F2F4454442048544D4C20322E302F2F454E223E0A3C68746D6C3E3C686561643E0A.......
"GET / HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9" Response ==> HTTP/1.1 200 OK
Server: nginx
Date: Tue
12 Sep 2023 20:02:42 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 19351
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Age: 4527
X-Cache: HIT
Accept-Ranges: bytes with response body ==>1F8B0800000000000003ED7D795FDBC8B2E8DFF02984720EB10659D806033171B804C88433D90E302BC34B64AB6D1464C991648C07FCDD5F55F5A2D662209999.......
"GET /img/brandsafe.png HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9" Response ==> HTTP/1.1 200 OK
Server: nginx
Date: Tue
12 Sep 2023 20:02:44 GMT
Content-Type: image/png
Content-Length: 8761
Last-Modified: Thu
08 Apr 2021 00:57:03 GMT
Connection: keep-alive
ETag: "606e54df-2239"
Cache-Control: public
max-age=2592000
Accept-Ranges: bytes with response body ==>.......
"GET /img/logos.png HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9" Response ==> HTTP/1.1 200 OK
Server: nginx
Date: Tue
12 Sep 2023 20:02:44 GMT
Content-Type: image/png
Content-Length: 71410
Last-Modified: Thu
08 Apr 2021 00:57:03 GMT
Connection: keep-alive
ETag: "606e54df-116f2"
Cache-Control: public
max-age=2592000
Accept-Ranges: bytes with response body ==>.......
"GET /img/devices.png HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9" Response ==> HTTP/1.1 200 OK
Server: nginx
Date: Tue
12 Sep 2023 20:02:44 GMT
Content-Type: image/png
Content-Length: 322120
Last-Modified: Thu
08 Apr 2021 00:57:03 GMT
Connection: keep-alive
ETag: "606e54df-4ea48"
Cache-Control: public
max-age=2592000
Accept-Ranges: bytes with response body ==>.......
"GET /img/mobiledevicegrid.png HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9" Response ==> HTTP/1.1 200 OK
Server: nginx
Date: Tue
12 Sep 2023 20:02:44 GMT
Content-Type: image/png
Content-Length: 282152
Last-Modified: Thu
08 Apr 2021 00:57:03 GMT
Connection: keep-alive
ETag: "606e54df-44e28"
Cache-Control: public
max-age=2592000
Accept-Ranges: bytes with response body ==>.......
"GET /img/floater.jpg HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9" Response ==> HTTP/1.1 200 OK
Server: nginx
Date: Tue
12 Sep 2023 20:02:44 GMT
Content-Type: image/jpeg
Content-Length: 56384
Last-Modified: Thu
08 Apr 2021 00:57:03 GMT
Connection: keep-alive
ETag: "606e54df-dc40"
Cache-Control: public
max-age=2592000
Accept-Ranges: bytes with response body ==>.......
"GET /img/inter.jpg HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9" Response ==> HTTP/1.1 200 OK
Server: nginx
Date: Tue
12 Sep 2023 20:02:44 GMT
Content-Type: image/jpeg
Content-Length: 56174
Last-Modified: Thu
08 Apr 2021 00:57:03 GMT
Connection: keep-alive
ETag: "606e54df-db6e"
Cache-Control: public
max-age=2592000
Accept-Ranges: bytes with response body ==>.......
"GET /img/wave.png HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9" Response ==> HTTP/1.1 200 OK
Server: nginx
Date: Tue
12 Sep 2023 20:02:45 GMT
Content-Type: image/png
Content-Length: 83635
Last-Modified: Thu
08 Apr 2021 00:57:03 GMT
Connection: keep-alive
ETag: "606e54df-146b3"
Cache-Control: public
max-age=2592000
Accept-Ranges: bytes with response body ==>.......
"GET /img/driftstream.png HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9" Response ==> HTTP/1.1 200 OK
Server: nginx
Date: Tue
12 Sep 2023 20:02:45 GMT
Content-Type: image/png
Content-Length: 3931
Last-Modified: Thu
08 Apr 2021 00:57:03 GMT
Connection: keep-alive
ETag: "606e54df-f5b"
Cache-Control: public
max-age=2592000
Accept-Ranges: bytes with response body ==>.......
"GET /img/instream.jpg HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9" Response ==> HTTP/1.1 200 OK
Server: nginx
Date: Tue
12 Sep 2023 20:02:46 GMT
Content-Type: image/jpeg
Content-Length: 52793
Last-Modified: Thu
08 Apr 2021 00:57:03 GMT
Connection: keep-alive
ETag: "606e54df-ce39"
Cache-Control: public
max-age=2592000
Accept-Ranges: bytes with response body ==>.......
"GET /img/nativespot.jpg HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9" Response ==> HTTP/1.1 200 OK
Server: nginx
Date: Tue
12 Sep 2023 20:02:46 GMT
Content-Type: image/jpeg
Content-Length: 48076
Last-Modified: Thu
08 Apr 2021 00:57:03 GMT
Connection: keep-alive
ETag: "606e54df-bbcc"
Cache-Control: public
max-age=2592000
Accept-Ranges: bytes with response body ==>.......
"GET /ovideofinal.mp4 HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept-Encoding: identity;q=1, *;q=0
Accept: */*
Referer: http://www.driftstreams.com/
Accept-Language: en-US,en;q=0.9
Range: bytes=0-" Response ==> HTTP/1.1 206 Partial Content
Server: nginx
Date: Tue
12 Sep 2023 20:02:46 GMT
Content-Type: video/mp4
Content-Length: 6479531
Last-Modified: Thu
08 Apr 2021 00:57:02 GMT
Connection: keep-alive
ETag: "606e54de-62deab"
Cache-Control: public
max-age=2592000
Content-Range: bytes 0-6479530/6479531 with response body ==>.......
"GET /img/map.png HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9" Response ==> HTTP/1.1 200 OK
Server: nginx
Date: Tue
12 Sep 2023 20:02:46 GMT
Content-Type: image/png
Content-Length: 1064457
Last-Modified: Thu
08 Apr 2021 00:57:03 GMT
Connection: keep-alive
ETag: "606e54df-103e09"
Cache-Control: public
max-age=2592000
Accept-Ranges: bytes with response body ==>.......
"GET /favicon-32x32.png HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga_HP10MXCF8P=GS1.1.1694574964.1.0.1694574964.60.0.0; _ga=GA1.2.1824567975.1694574965; _gid=GA1.2.1346945626.1694574965; _gat_gtag_UA_150907939_1=1" Response ==> HTTP/1.1 200 OK
Server: nginx
Date: Tue
12 Sep 2023 20:02:48 GMT
Content-Type: image/png
Content-Length: 1018
Last-Modified: Thu
08 Apr 2021 00:57:02 GMT
Connection: keep-alive
ETag: "606e54de-3fa"
Cache-Control: public
max-age=2592000
Accept-Ranges: bytes with response body ==>.......
"GET /ovideofinal.mp4 HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept-Encoding: identity;q=1, *;q=0
Accept: */*
Referer: http://www.driftstreams.com/
Accept-Language: en-US,en;q=0.9
Cookie: _ga_HP10MXCF8P=GS1.1.1694574964.1.0.1694574964.60.0.0; _ga=GA1.2.1824567975.1694574965; _gid=GA1.2.1346945626.1694574965; _gat_gtag_UA_150907939_1=1
Range: bytes=6455296-6479530
If-Range: "606e54de-62deab"" Response ==> HTTP/1.1 206 Partial Content
Server: nginx
Date: Tue
12 Sep 2023 20:02:49 GMT
Content-Type: video/mp4
Content-Length: 24235
Last-Modified: Thu
08 Apr 2021 00:57:02 GMT
Connection: keep-alive
ETag: "606e54de-62deab"
Cache-Control: public
max-age=2592000
Content-Range: bytes 6455296-6479530/6479531 with response body ==>.......
"GET /ovideofinal.mp4 HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept-Encoding: identity;q=1, *;q=0
Accept: */*
Referer: http://www.driftstreams.com/
Accept-Language: en-US,en;q=0.9
Cookie: _ga_HP10MXCF8P=GS1.1.1694574964.1.0.1694574964.60.0.0; _ga=GA1.2.1824567975.1694574965; _gid=GA1.2.1346945626.1694574965; _gat_gtag_UA_150907939_1=1
Range: bytes=131400-6455295
If-Range: "606e54de-62deab"" Response ==> HTTP/1.1 206 Partial Content
Server: nginx
Date: Tue
12 Sep 2023 20:02:49 GMT
Content-Type: video/mp4
Content-Length: 6323896
Last-Modified: Thu
08 Apr 2021 00:57:02 GMT
Connection: keep-alive
ETag: "606e54de-62deab"
Cache-Control: public
max-age=2592000
Content-Range: bytes 131400-6455295/6479531 with response body ==>.......
"GET /ovideofinal.mp4 HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept-Encoding: identity;q=1, *;q=0
Accept: */*
Referer: http://www.driftstreams.com/
Accept-Language: en-US,en;q=0.9
Cookie: _ga_HP10MXCF8P=GS1.1.1694574964.1.0.1694574964.60.0.0; _ga=GA1.2.1824567975.1694574965; _gid=GA1.2.1346945626.1694574965; _gat_gtag_UA_150907939_1=1
Range: bytes=6478848-6479530
If-Range: "606e54de-62deab"" Response ==> HTTP/1.1 206 Partial Content
Server: nginx
Date: Tue
12 Sep 2023 20:02:52 GMT
Content-Type: video/mp4
Content-Length: 683
Last-Modified: Thu
08 Apr 2021 00:57:02 GMT
Connection: keep-alive
ETag: "606e54de-62deab"
Cache-Control: public
max-age=2592000
Content-Range: bytes 6478848-6479530/6479531 with response body ==>....... - source
- Network Traffic
- relevance
- 10/10
- ATT&CK ID
- T1071.001 (Show technique in the MITRE ATT&CK™ matrix)
-
Found a potential E-Mail address in binary/memory
-
Network Related
-
Found potential IP address in binary/memory
- details
-
Potential IP "1.5.75.75" found in string "d="M10 2a8 8 0 110 16 8 8 0 010-16zm0 10.5a.75.75 0 100 1.5.75.75 0 000-1.5zM10 6a.5.5 0 00-.5.41v4.68a.5.5 0 001 0V6.41A.5.5 0 0010 6z""
Potential IP "192.168.1.3" found in string ""192.168.1.3","
Potential IP "192.168.1.1" found in string ""192.168.1.1"," - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Found potential IP address in binary/memory
-
Informative 13
-
External Systems
-
Sample was identified as clean by Antivirus engines
- details
- 0/90 Antivirus vendors marked sample as malicious (0% detection rate)
- source
- External System
- relevance
- 10/10
-
Sample was identified as clean by Antivirus engines
-
General
-
Contacts domains
- details
-
"driftstreams.com"
"www.driftstreams.com" - source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Contacts server
- details
-
"155.138.242.48:80"
"142.250.189.234:443"
"69.16.175.42:443"
"142.250.189.227:443"
"69.192.139.214:443"
"18.238.192.66:443"
"142.250.101.154:443"
"172.217.12.110:443"
"151.101.2.137:443"
"162.247.243.29:443"
"142.250.189.196:443"
"69.192.139.229:443"
"216.239.32.181:443"
"142.251.2.155:443" - source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Found a reference to a known community page
- details
-
file/memory contains long string with (Indicator: "facebook.com"; File: "Social")
Found string "zadn.vn/ansira.com/fcmatch.google.com/origo.hu/fcmatch.youtube.com/refersion.com/flocktory.com/vtex.com.br/rqtrk.eu/vocento.com/fingerprinter.msedgedemo.example/" (Indicator: "youtube"; File: "Fingerprinting")
Found string "fcmatch.youtube.com/fcmatch.google.com/other-tracker.msedgedemo.example/" (Indicator: "youtube"; File: "Other")
Found string ""baysidebuddy.com"," (Indicator: "ebuddy.com"; File: "wallet-pre-stable.json")
Found string ""comeherebuddy.com"," (Indicator: "ebuddy.com"; File: "wallet-pre-stable.json")
Found string ""www.facebook.com"," (Indicator: "facebook.com"; File: "wallet-pre-stable.json")
Found string ""linkedin.com"," (Indicator: "linkedin.com"; File: "wallet-pre-stable.json")
Found string ""paypal.com"," (Indicator: "paypal"; File: "wallet-checkout-eligible-sites.json")
Found string ""netflix.com"," (Indicator: "netflix.com"; File: "wallet-checkout-eligible-sites.json")
Found string ""ads.twitter.com"," (Indicator: "twitter"; File: "wallet-checkout-eligible-sites.json")
Found string ""ipnpb.paypal.com"," (Indicator: "paypal"; File: "wallet-checkout-eligible-sites.json")
Found string ""youtube.com"," (Indicator: "youtube"; File: "wallet-checkout-eligible-sites.json")
Found string ""developer.twitter.com"," (Indicator: "twitter"; File: "wallet-checkout-eligible-sites.json")
Found string ""securepayments.paypal.com"," (Indicator: "paypal"; File: "wallet-checkout-eligible-sites.json")
Found string ""payflowlink.paypal.com"," (Indicator: "paypal"; File: "wallet-checkout-eligible-sites.json")
Found string ""tubebuddy.com"," (Indicator: "ebuddy.com"; File: "wallet-checkout-eligible-sites.json")
Found string ""music.youtube.com"," (Indicator: "youtube"; File: "wallet-checkout-eligible-sites.json") - source
- File/Memory
- relevance
- 2/10
-
Possibly checks for the presence of an Antivirus engine
- details
-
""superantispyware.recurly.com"," (Indicator: "superantispyware") in Source: wallet-checkout-eligible-sites.json
""totaldefense.com"," (Indicator: "totaldefense") in Source: wallet-checkout-eligible-sites.json - source
- File/Memory
- relevance
- 2/10
- ATT&CK ID
- T1518.001 (Show technique in the MITRE ATT&CK™ matrix)
-
Queries DNS server
- details
-
"analytics.google.com"
"bam.nr-data.net"
"code.jquery.com"
"driftstreams.com"
"fonts.googleapis.com"
"fonts.gstatic.com"
"js-agent.newrelic.com"
"js.ad-score.com"
"stats.g.doubleclick.net"
"www.bing.com"
"www.driftstreams.com"
"www.google.com" - source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071.004 (Show technique in the MITRE ATT&CK™ matrix)
-
References JavaScript(s)
- details
-
file/memory contains long string with (Indicator: "text/javascript"; File: "shopping_fre.html")
file/memory contains long string with (Indicator: "text/javascript"; File: "urlref_httpdriftstreams.com") - source
- File/Memory
- relevance
- 1/10
- ATT&CK ID
- T1059.007 (Show technique in the MITRE ATT&CK™ matrix)
-
Contacts domains
-
Installation/Persistence
-
Dropped files
- details
-
"urlref_httpdriftstreams.com" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]
"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\6736_1020328751\shopping.js]- [targetUID: 00000000-00006736]
"wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]
"Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\35\scoped_dir6736_422218091\Ruleset Data]- [targetUID: 00000000-00006736]
"wallet-pre-stable.json" has type "ASCII text"- Location: [%TEMP%\6736_539944405\json\wallet\wallet-pre-stable.json]- [targetUID: 00000000-00006736]
"wallet-stable.json" has type "ASCII text"- Location: [%TEMP%\6736_539944405\json\wallet\wallet-stable.json]- [targetUID: 00000000-00006736]
"recovery-component-inner.crx" has type "Google Chrome extension version 3"- Location: [%TEMP%\6736_939657177\recovery-component-inner.crx]- [targetUID: 00000000-00006736]
"edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\6736_539944405\edge_driver.js]- [targetUID: 00000000-00006736]
"Filtering Rules" has type "data"- Location: [%TEMP%\6736_158597151\Filtering Rules]- [targetUID: 00000000-00006660]
"edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\6736_1020328751\edge_driver.js]- [targetUID: 00000000-00006736]
"vendor.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\6736_539944405\vendor.bundle.js]- [targetUID: 00000000-00007516]
"wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]
"auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\6736_1020328751\auto_open_controller.js]- [targetUID: 00000000-00006736]
"f_0004d2" has type "PNG image data 1366 x 478 8-bit/color RGB non-interlaced"- [targetUID: N/A]
"f_0004d8" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d8]- [targetUID: 00000000-00005740]
"f_0004d5" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d5]- [targetUID: 00000000-00005740]
"f_0004d3" has type "ISO Media MP4 v2 [ISO 14496-14]"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d3]- [targetUID: 00000000-00005740]
"f_0004d6" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d6]- [targetUID: 00000000-00005740]
"f_0004d7" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d7]- [targetUID: 00000000-00005740]
"f_0004d9" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d9]- [targetUID: 00000000-00005740]
"edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\6736_1020328751\edge_confirmation_page_validator.js]- [targetUID: 00000000-00006736]
"edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\6736_1020328751\edge_checkout_page_validator.js]- [targetUID: 00000000-00006736]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log]- [targetUID: 00000000-00000500]
"product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\6736_1020328751\product_page.js]- [targetUID: 00000000-00006736]
"000009.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000009.log]- [targetUID: 00000000-00006736]
"000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000013.ldb]- [targetUID: 00000000-00006736]
"bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\6736_539944405\bnpl\bnpl.bundle.js]- [targetUID: 00000000-00006736]
"wallet-checkout-eligible-sites.json" has type "ASCII text"- [targetUID: N/A]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1]- [targetUID: 00000000-00006736]
"load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\load_statistics.db-wal]- [targetUID: 00000000-00006736]
"tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]
"f_0004da" has type "JSON data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004da]- [targetUID: 00000000-00005740]
"notification.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]
"000014.ldb" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000014.ldb]- [targetUID: 00000000-00006736]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log]- [targetUID: 00000000-00000500]
"f_0004db" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004db]- [targetUID: 00000000-00005740]
"Filtering Rules-AA" has type "data"- Location: [%TEMP%\6736_158597151\Filtering Rules-AA]- [targetUID: 00000000-00006660]
"d530e7a7-225d-4564-9f35-77597ad0e77b.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\d530e7a7-225d-4564-9f35-77597ad0e77b.tmp]- [targetUID: 00000000-00006736]
"3ad16dc6-aea5-4ff8-be25-2e4243f217bd.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\3ad16dc6-aea5-4ff8-be25-2e4243f217bd.tmp]- [targetUID: 00000000-00006736]
"domains_config.json" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json]- [targetUID: 00000000-00000500]
"shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\6736_1020328751\shoppingfre.js]- [targetUID: 00000000-00006736]
"f_0004cb" has type "PNG image data 3851 x 500 8-bit/color RGBA non-interlaced"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004cb]- [targetUID: 00000000-00005740]
"notification_fast.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\6736_539944405\Notification\notification_fast.bundle.js]- [targetUID: 00000000-00007516]
"miniwallet.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\6736_539944405\Mini-Wallet\miniwallet.bundle.js]- [targetUID: 00000000-00007516]
"f_0004ca" has type "PNG image data 1827 x 1098 8-bit/color RGBA non-interlaced"- [targetUID: N/A]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\GrShaderCache\data_1]- [targetUID: 00000000-00006736]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\DawnCache\data_1]- [targetUID: 00000000-00006736]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1]- [targetUID: 00000000-00006736]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\ShaderCache\data_1]- [targetUID: 00000000-00006736]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\GPUCache\data_1]- [targetUID: 00000000-00006736]
"index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index]- [targetUID: 00000000-00006736]
"4a264a8a-c1b6-445a-9ae9-2abf8ece19f6.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 28590"- Location: [%TEMP%\4a264a8a-c1b6-445a-9ae9-2abf8ece19f6.tmp]- [targetUID: 00000000-00001400]
"edge_autofill_field_data.json" has type "JSON data"- Location: [%TEMP%\6736_1909567768\edge_autofill_field_data.json]- [targetUID: 00000000-00006736]
"f_0004d4" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d4]- [targetUID: 00000000-00005740]
"0d99c666-269e-4b52-8482-2976e2419335.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 716029"- Location: [%TEMP%\0d99c666-269e-4b52-8482-2976e2419335.tmp]- [targetUID: 00000000-00006736]
"History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\History]- [targetUID: 00000000-00006736]
"wallet-checkout-eligible-sites-pre-stable.json" has type "ASCII text"- Location: [%TEMP%\6736_539944405\json\wallet\wallet-checkout-eligible-sites-pre-stable.json]- [targetUID: 00000000-00006736]
"Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Web Data]- [targetUID: 00000000-00006736]
"Visited Links" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Visited Links]- [targetUID: 00000000-00006736]
"data_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0]- [targetUID: 00000000-00006736]
"Tabs_13339048620418354" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sessions\Tabs_13339048620418354]- [targetUID: 00000000-00006736]
"38a9297e-ce98-4ce9-bc4b-9d3e475a1d7c.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Ad Blocking\38a9297e-ce98-4ce9-bc4b-9d3e475a1d7c.tmp]- [targetUID: 00000000-00006736]
"f_0004cd" has type "PNG image data 807 x 336 8-bit/color RGBA non-interlaced"- [targetUID: N/A]
"46b4aacd-bb3c-4312-ac04-10922c28884c.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\46b4aacd-bb3c-4312-ac04-10922c28884c.tmp]- [targetUID: 00000000-00006736]
"f_0004d0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d0]- [targetUID: 00000000-00005740]
"data.txt" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\6736_846825720\data.txt]- [targetUID: 00000000-00006736]
"sslkey.txt" has type "ASCII text"- Location: [%TEMP%\sslkey.txt]- [targetUID: 00000000-00006736]
"edge_tracking_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\6736_1020328751\edge_tracking_page_validator.js]- [targetUID: 00000000-00006736]
"Diagnostic Data-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Diagnostic Data-wal]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-hub\ru\strings.json]- [targetUID: 00000000-00006736]
"f_0004c7" has type "PNG image data 4126 x 500 8-bit/color RGBA non-interlaced"- [targetUID: N/A]
"Entities" has type "UTF-8 Unicode text"- Location: [%TEMP%\6736_500177779\Mu\Entities]- [targetUID: 00000000-00006736]
"f_0004c8" has type "data"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-hub\ar\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-hub\ja\strings.json]- [targetUID: 00000000-00006736]
"0254aff8-bd5b-4643-a492-d572929b0959.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 158904"- Location: [%TEMP%\0254aff8-bd5b-4643-a492-d572929b0959.tmp]- [targetUID: 00000000-00006736]
"0d872c38-5c0e-4c6f-8f0d-1e4d6c54d64c.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\0d872c38-5c0e-4c6f-8f0d-1e4d6c54d64c.tmp]- [targetUID: 00000000-00006736]
"25092797-1bc2-43c7-92e4-fcaca1108399.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\25092797-1bc2-43c7-92e4-fcaca1108399.tmp]- [targetUID: 00000000-00006736]
"f6572795-c152-4cb0-a2f6-e46cfb26de8e.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\f6572795-c152-4cb0-a2f6-e46cfb26de8e.tmp]- [targetUID: 00000000-00006736]
"8a219047-31c7-4c6c-86b3-80af7a23a6af.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\8a219047-31c7-4c6c-86b3-80af7a23a6af.tmp]- [targetUID: 00000000-00006736]
"1d4d6cbe-3b0a-452d-a488-63e6eadbef8c.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\1d4d6cbe-3b0a-452d-a488-63e6eadbef8c.tmp]- [targetUID: 00000000-00006736]
"7a63a58a-5fd7-4c29-8db6-f308dccbf551.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\7a63a58a-5fd7-4c29-8db6-f308dccbf551.tmp]- [targetUID: 00000000-00006736]
"9376397f-9cf0-4eab-b806-4c97a57c13ea.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\9376397f-9cf0-4eab-b806-4c97a57c13ea.tmp]- [targetUID: 00000000-00006736]
"cebc00d4-c621-4065-9630-bb000ee18c4a.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\cebc00d4-c621-4065-9630-bb000ee18c4a.tmp]- [targetUID: 00000000-00006736]
"a948330b-86f0-463f-9671-ba3cdebf80a8.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\a948330b-86f0-463f-9671-ba3cdebf80a8.tmp]- [targetUID: 00000000-00006736]
"6f5b2457-c6fb-445c-8902-589d0bd0c6fd.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\6f5b2457-c6fb-445c-8902-589d0bd0c6fd.tmp]- [targetUID: 00000000-00006736]
"a8f06e88-7104-4d12-b8bf-a18aa5d68ad1.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\a8f06e88-7104-4d12-b8bf-a18aa5d68ad1.tmp]- [targetUID: 00000000-00006736]
"a26680b9-9d8b-4f88-99e0-2e5973168d84.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\a26680b9-9d8b-4f88-99e0-2e5973168d84.tmp]- [targetUID: 00000000-00006736]
"cc6439b8-7891-48ee-b069-d3e984d2a086.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\cc6439b8-7891-48ee-b069-d3e984d2a086.tmp]- [targetUID: 00000000-00006736]
"a03ecf8f-bd25-4a86-b203-2fc9e362732f.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\a03ecf8f-bd25-4a86-b203-2fc9e362732f.tmp]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-hub\fr-CA\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-hub\fr\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-hub\de\strings.json]- [targetUID: 00000000-00006736]
"History-journal" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\History-journal]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-hub\pt-PT\strings.json]- [targetUID: 00000000-00006736]
"Network Action Predictor" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network Action Predictor]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-hub\es\strings.json]- [targetUID: 00000000-00006736]
"f_0004c5" has type "JPEG image data Exif standard: [TIFF image data big-endian direntries=7 orientation=upper-left xresolution=98 yresolution=106 resolutionunit=2 software=Adobe Photoshop CC 2019 (Macintosh) datetime=2019:10:16 16:52:56] progressive precision 8 1280x1000 components 3"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c5]- [targetUID: 00000000-00005740]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-hub\it\strings.json]- [targetUID: 00000000-00006736]
"f_0004c6" has type "JPEG image data Exif standard: [TIFF image data big-endian direntries=7 orientation=upper-left xresolution=98 yresolution=106 resolutionunit=2 software=Adobe Photoshop CC 2019 (Macintosh) datetime=2019:10:16 22:05:33] progressive precision 8 1280x1000 components 3"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c6]- [targetUID: 00000000-00005740]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-hub\pt-BR\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-hub\nl\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-hub\sv\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-hub\id\strings.json]- [targetUID: 00000000-00006736]
"000004.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000004.log]- [targetUID: 00000000-00006736]
"HubApps Icons" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\HubApps Icons]- [targetUID: 00000000-00006736]
"f_0004ce" has type "JPEG image data Exif standard: [TIFF image data big-endian direntries=7 orientation=upper-left xresolution=98 yresolution=106 resolutionunit=2 software=Adobe Photoshop CC 2019 (Macintosh) datetime=2019:10:16 21:55:32] progressive precision 8 1280x1000 components 3"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004ce]- [targetUID: 00000000-00005740]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-hub\en-GB\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-hub\zh-Hant\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-hub\zh-Hans\strings.json]- [targetUID: 00000000-00006736]
"f_0004cf" has type "JPEG image data Exif standard: [TIFF image data big-endian direntries=7 orientation=upper-left xresolution=98 yresolution=106 resolutionunit=2 software=Adobe Photoshop CC 2019 (Macintosh) datetime=2019:10:23 22:08:08] progressive precision 8 1280x1000 components 3"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004cf]- [targetUID: 00000000-00005740]
"f_0004cc" has type "Web Open Font Format (Version 2) TrueType length 46448 version 1.0"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004cc]- [targetUID: 00000000-00005740]
"Cookies" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\Cookies]- [targetUID: 00000000-00005740]
"Favicons" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Favicons]- [targetUID: 00000000-00006736]
"checkoutdata.json" has type "JSON data"- [targetUID: N/A]
"LICENSE" has type "ASCII text"- Location: [%TEMP%\6736_500177779\Mu\LICENSE]- [targetUID: 00000000-00006660]
"f_0004c9" has type "Web Open Font Format (Version 2) TrueType length 30928 version 1.0"- [targetUID: N/A]
"f_0004c4" has type "gzip compressed data from Unix original size modulo 2^32 88145"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c4]- [targetUID: 00000000-00005740]
"Favicons-journal" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Favicons-journal]- [targetUID: 00000000-00006736]
"shopping_iframe_driver.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: 00000000-00006736]
"shopping_iframe_driver.js" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%TEMP%\6736_1020328751\shopping_iframe_driver.js]- [targetUID: 00000000-00006736]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log]- [targetUID: 00000000-00000500]
"c0d4ec90-b52f-4f87-b0eb-ac13d7a4350d.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\c0d4ec90-b52f-4f87-b0eb-ac13d7a4350d.tmp]- [targetUID: 00000000-00006736]
"Advertising" has type "ASCII text"- Location: [%TEMP%\6736_500177779\Mu\Advertising]- [targetUID: 00000000-00006736]
"LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\35\scoped_dir6736_422218091\LICENSE]- [targetUID: 00000000-00006660]
"wallet-tokenization-config.json" has type "ASCII text"- [targetUID: 00000000-00006736]
"5d3ac82e-33e2-458c-9511-af59e8361684.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\5d3ac82e-33e2-458c-9511-af59e8361684.tmp]- [targetUID: 00000000-00006736]
"6d8b00d4-86b1-4e98-bfb0-6de955f87e6c.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\6d8b00d4-86b1-4e98-bfb0-6de955f87e6c.tmp]- [targetUID: 00000000-00006736]
"07c1de5b-fa52-46e7-b51c-f024a5927bd4.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\07c1de5b-fa52-46e7-b51c-f024a5927bd4.tmp]- [targetUID: 00000000-00006736]
"d4f4d19c-f15f-443a-8d03-4c6eacea3c83.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\d4f4d19c-f15f-443a-8d03-4c6eacea3c83.tmp]- [targetUID: 00000000-00006736]
"b7789a48-aedc-4f51-84ba-0178b50c919e.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\b7789a48-aedc-4f51-84ba-0178b50c919e.tmp]- [targetUID: 00000000-00006736]
"4bb78195-7f0b-4a64-a72f-1ffa5982c22f.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\4bb78195-7f0b-4a64-a72f-1ffa5982c22f.tmp]- [targetUID: 00000000-00006736]
"d0403993-1951-4a90-94d6-b2a178ecb594.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\d0403993-1951-4a90-94d6-b2a178ecb594.tmp]- [targetUID: 00000000-00006736]
"85245ae1-a2f0-4fc0-825a-3d1215255f4c.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\85245ae1-a2f0-4fc0-825a-3d1215255f4c.tmp]- [targetUID: 00000000-00006736]
"d9df29c2-8822-44c8-9061-c9057c5f16c3.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\d9df29c2-8822-44c8-9061-c9057c5f16c3.tmp]- [targetUID: 00000000-00006736]
"crl-set" has type "data"- Location: [%TEMP%\6736_1069688414\crl-set]- [targetUID: 00000000-00007352]
"f_0004d1" has type "gzip compressed data max compression original size modulo 2^32 52916"- [targetUID: N/A]
"super_coupon.json" has type "JSON data"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-ec\ru\strings.json]- [targetUID: 00000000-00006736]
"Shortcuts" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Shortcuts]- [targetUID: 00000000-00006736]
"campaign_history" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Nurturing\campaign_history]- [targetUID: 00000000-00006736]
"f_0004c3" has type "gzip compressed data from Unix original size modulo 2^32 63645"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c3]- [targetUID: 00000000-00005740]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-ec\ar\strings.json]- [targetUID: 00000000-00006736]
"arbitration_service_config.json" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\arbitration_service_config.json]- [targetUID: 00000000-00006736]
"Entities" has type "ASCII text"- Location: [%TEMP%\6736_500177779\Sigma\Entities]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-ec\ja\strings.json]- [targetUID: 00000000-00006736]
"load-ec-i18n.bundle.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-ec\fr-CA\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-ec\fr\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-ec\de\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-ec\pt-PT\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-ec\it\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-ec\es\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-ec\nl\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-ec\pt-BR\strings.json]- [targetUID: 00000000-00006736]
"driver-signature.txt" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\6736_539944405\driver-signature.txt]- [targetUID: 00000000-00006736]
"WebAssistDatabase" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\WebAssistDatabase]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-ec\sv\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-ec\id\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-ec\zh-Hant\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-ec\en-GB\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-ec\zh-Hans\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- [targetUID: 00000000-00006736]
"temp-index" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index]- [targetUID: 00000000-00006736]
"bnpl_driver.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\6736_539944405\bnpl_driver.js]- [targetUID: 00000000-00006736]
"DashTrackerDatabase" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\DashTrackerDatabase]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-shared-components\fr-CA\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-shared-components\es\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-shared-components\nl\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-shared-components\id\strings.json]- [targetUID: 00000000-00006736]
"data_2" has type "dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2]- [targetUID: 00000000-00006736]
"data_3" has type "dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3]- [targetUID: 00000000-00006736]
"data_0" has type "FoxPro FPT blocks size 512 next free block index 3284796609 field type 0 dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-shared-components\sv\strings.json]- [targetUID: 00000000-00006736]
"Session_13339048560811042" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sessions\Session_13339048560811042]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-notification-shared\ru\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-shared-components\zh-Hans\strings.json]- [targetUID: 00000000-00006736]
"Content" has type "ASCII text"- Location: [%TEMP%\6736_500177779\Mu\Content]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-notification-shared\ar\strings.json]- [targetUID: 00000000-00006736]
"000004.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Session Storage\000004.log]- [targetUID: 00000000-00006736]
"2c77ebb0-07e7-46a2-840b-6d26f2c46472.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\2c77ebb0-07e7-46a2-840b-6d26f2c46472.tmp]- [targetUID: 00000000-00005740]
"3a671fd8-71ae-442c-8e0b-96efdd970fb6.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\3a671fd8-71ae-442c-8e0b-96efdd970fb6.tmp]- [targetUID: 00000000-00005740]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-notification-shared\ja\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-notification-shared\fr\strings.json]- [targetUID: 00000000-00006736]
"mini-wallet.html" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-notification-shared\de\strings.json]- [targetUID: 00000000-00006736]
"Staging" has type "ASCII text"- Location: [%TEMP%\6736_500177779\Sigma\Staging]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-notification-shared\pt-PT\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-notification-shared\es\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-notification-shared\it\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-notification-shared\nl\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-notification-shared\pt-BR\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-notification-shared\id\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-notification-shared\sv\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-notification-shared\en-GB\strings.json]- [targetUID: 00000000-00006736]
"notification_fast.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\6736_539944405\Notification\notification_fast.html]- [targetUID: 00000000-00006736]
"notification.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\6736_539944405\Notification\notification.html]- [targetUID: 00000000-00006736]
"Analytics" has type "ASCII text"- Location: [%TEMP%\6736_500177779\Mu\Analytics]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-mobile-hub\ru\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-mobile-hub\ar\strings.json]- [targetUID: 00000000-00006736]
"deny_full_domains.list" has type "data"- Location: [%TEMP%\6736_31159695\deny_full_domains.list]- [targetUID: 00000000-00006780]
"edge_autofill_global_block_list.json" has type "JSON data"- Location: [%TEMP%\6736_1909567768\edge_autofill_global_block_list.json]- [targetUID: 00000000-00006736]
"Social" has type "ASCII text"- Location: [%TEMP%\6736_500177779\Sigma\Social]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-mobile-hub\ja\strings.json]- [targetUID: 00000000-00006736]
"9e9d106e-b960-4747-982e-2f25c0993e21.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\9e9d106e-b960-4747-982e-2f25c0993e21.tmp]- [targetUID: 00000000-00005740]
"499002a5-4949-4b08-aba5-a4bdb5702da7.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 12260"- Location: [%TEMP%\499002a5-4949-4b08-aba5-a4bdb5702da7.tmp]- [targetUID: 00000000-00007640]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-mobile-hub\fr-CA\strings.json]- [targetUID: 00000000-00006736]
"nav_config.json" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\6736_744474828\nav_config.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-mobile-hub\de\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-mobile-hub\pt-PT\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-mobile-hub\nl\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-mobile-hub\id\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-mobile-hub\it\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-mobile-hub\es\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-mobile-hub\pt-BR\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-mobile-hub\sv\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-tokenized-card\ar\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-mobile-hub\en-GB\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-mobile-hub\zh-Hans\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-mobile-hub\zh-Hant\strings.json]- [targetUID: 00000000-00006736]
"vendor.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"f6a4f247dbf4d697c26b375e3580d6053baf25f5.tbres" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\TokenBroker\Cache\f6a4f247dbf4d697c26b375e3580d6053baf25f5.tbres]- [targetUID: 00000000-00006736]
"adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\6736_158597151\adblock_snippet.js]- [targetUID: 00000000-00006660]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-tokenized-card\de\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-tokenized-card\es\strings.json]- [targetUID: 00000000-00006736]
"runtime.bundle.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-tokenized-card\id\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-tokenized-card\sv\strings.json]- [targetUID: 00000000-00006736]
"wallet-crypto.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\6736_539944405\wallet-crypto.html]- [targetUID: 00000000-00006736]
"wallet.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\6736_539944405\wallet.html]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-tokenized-card\zh-Hant\strings.json]- [targetUID: 00000000-00006736]
"wallet-drawer.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\6736_539944405\Wallet-Checkout\wallet-drawer.html]- [targetUID: 00000000-00007516]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-tokenized-card\zh-Hans\strings.json]- [targetUID: 00000000-00006736]
"wallet-drawer.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"bnpl.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\6736_539944405\bnpl\bnpl.bundle.js.LICENSE.txt]- [targetUID: 00000000-00006736]
"Fingerprinting" has type "ASCII text"- Location: [%TEMP%\6736_500177779\Mu\Fingerprinting]- [targetUID: 00000000-00006736]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log]- [targetUID: 00000000-00000500]
"tokenized-card.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\6736_539944405\Tokenized-Card\tokenized-card.html]- [targetUID: 00000000-00006736]
"bnpl.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\6736_539944405\bnpl\bnpl.html]- [targetUID: 00000000-00006736]
"shopping.html" has type "HTML document ASCII text with CRLF line terminators"- Location: [%TEMP%\6736_1020328751\shopping.html]- [targetUID: 00000000-00006736]
"load-hub-i18n.bundle.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"notification.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log]- [targetUID: 00000000-00000500]
"shopping_fre.html" has type "HTML document ASCII text with CRLF line terminators"- Location: [%TEMP%\6736_1020328751\shopping_fre.html]- [targetUID: 00000000-00006736]
"Cryptomining" has type "ASCII text"- Location: [%TEMP%\6736_500177779\Mu\Cryptomining]- [targetUID: 00000000-00006736]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Extension State\000003.log]- [targetUID: 00000000-00000500]
"Advertising" has type "ASCII text"- Location: [%TEMP%\6736_500177779\Sigma\Advertising]- [targetUID: 00000000-00006736]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG]- [targetUID: 00000000-00000500]
"hub-signature.txt" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\6736_539944405\hub-signature.txt]- [targetUID: 00000000-00006736]
"CompatExceptions" has type "ASCII text"- Location: [%TEMP%\6736_500177779\Mu\CompatExceptions]- [targetUID: 00000000-00006736]
"wallet-notification-config.json" has type "ASCII text"- Location: [%TEMP%\6736_539944405\json\wallet\wallet-notification-config.json]- [targetUID: 00000000-00007516]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG]- [targetUID: 00000000-00000500]
"deny_etld1_domains.list" has type "data"- Location: [%TEMP%\6736_31159695\deny_etld1_domains.list]- [targetUID: 00000000-00006780]
"MANIFEST-000001" has type "PGP Secret Key -"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001]- [targetUID: 00000000-00000500]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG]- [targetUID: 00000000-00000500]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG]- [targetUID: 00000000-00000500]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log]- [targetUID: 00000000-00000500]
"Social" has type "ASCII text"- Location: [%TEMP%\6736_500177779\Mu\Social]- [targetUID: 00000000-00006736]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG]- [targetUID: 00000000-00000500]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG]- [targetUID: 00000000-00000500]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG]- [targetUID: 00000000-00000500]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG]- [targetUID: 00000000-00000500]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG]- [targetUID: 00000000-00000500]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Platform Notifications\LOG]- [targetUID: 00000000-00000500]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG]- [targetUID: 00000000-00000500]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Extension Scripts\LOG]- [targetUID: 00000000-00000500]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Extension State\LOG]- [targetUID: 00000000-00000500]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Session Storage\LOG]- [targetUID: 00000000-00000500]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\LOG]- [targetUID: 00000000-00000500]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG]- [targetUID: 00000000-00000500]
"miniwallet.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\6736_539944405\Mini-Wallet\miniwallet.bundle.js.LICENSE.txt]- [targetUID: 00000000-00006736]
"settings.dat" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Crashpad\settings.dat]- [targetUID: 00000000-00007340]
"55515178bfe15fae_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\55515178bfe15fae_0]- [targetUID: 00000000-00006736]
"c08ba5bf4f871701_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\c08ba5bf4f871701_0]- [targetUID: 00000000-00006736]
"5168e639d7eeda2c_0" has type "data"- [targetUID: N/A]
"7f36e3e834c16535_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\7f36e3e834c16535_0]- [targetUID: 00000000-00006736]
"ae1a49534483f29a_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\ae1a49534483f29a_0]- [targetUID: 00000000-00006736]
"regex_patterns.json" has type "JSON data"- Location: [%TEMP%\6736_1909567768\regex_patterns.json]- [targetUID: 00000000-00006736]
"manifest.json" has type "JSON data"- Location: [%TEMP%\6736_31159695\manifest.json]- [targetUID: 00000000-00006660]
"Fingerprinting" has type "ASCII text"- Location: [%TEMP%\6736_500177779\Sigma\Fingerprinting]- [targetUID: 00000000-00006736]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\6736_744474828\manifest.json]- [targetUID: 00000000-00006660]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\6736_1020328751\manifest.json]- [targetUID: 00000000-00006660]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\6736_939657177\manifest.json]- [targetUID: 00000000-00006660]
"manifest.json" has type "JSON data"- Location: [%TEMP%\6736_500177779\manifest.json]- [targetUID: 00000000-00006660]
"Analytics" has type "ASCII text"- Location: [%TEMP%\6736_500177779\Sigma\Analytics]- [targetUID: 00000000-00006736]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\6736_539944405\manifest.json]- [targetUID: 00000000-00006660]
"crypto.bundle.js" has type "ASCII text with no line terminators"- Location: [%TEMP%\6736_539944405\crypto.bundle.js]- [targetUID: 00000000-00006736]
"Last Browser" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Last Browser]- [targetUID: 00000000-00006736]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\6736_1909567768\manifest.json]- [targetUID: 00000000-00006660]
"manifest.json" has type "JSON data"- Location: [%TEMP%\6736_158597151\manifest.json]- [targetUID: 00000000-00006660]
"manifest.json" has type "JSON data"- Location: [%TEMP%\6736_1069688414\manifest.json]- [targetUID: 00000000-00006660]
"TransparentAdvertisers" has type "ASCII text"- Location: [%TEMP%\6736_500177779\Mu\TransparentAdvertisers]- [targetUID: 00000000-00006736]
"README.md" has type "ASCII text"- [targetUID: N/A]
"Variations" has type "JSON data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Variations]- [targetUID: 00000000-00006736]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log]- [targetUID: 00000000-00000500]
"Other" has type "ASCII text"- Location: [%TEMP%\6736_500177779\Sigma\Other]- [targetUID: 00000000-00006736]
"manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\6736_158597151\manifest.fingerprint]- [targetUID: 00000000-00006736]
"manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\6736_744474828\manifest.fingerprint]- [targetUID: 00000000-00006736]
"manifest.fingerprint" has type "ASCII text with no line terminators"- [targetUID: 00000000-00006736]
"manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\6736_539944405\manifest.fingerprint]- [targetUID: 00000000-00006736]
"LICENSE" has type "ASCII text with no line terminators"- Location: [%TEMP%\6736_500177779\Sigma\LICENSE]- [targetUID: 00000000-00006660]
"manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\6736_500177779\manifest.fingerprint]- [targetUID: 00000000-00006736]
"manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\6736_1020328751\manifest.fingerprint]- [targetUID: 00000000-00006736]
"manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\6736_31159695\manifest.fingerprint]- [targetUID: 00000000-00006736]
"manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\6736_846825720\manifest.fingerprint]- [targetUID: 00000000-00006736]
"000012.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000012.log]- [targetUID: 00000000-00006736]
".ses" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\.ses]- [targetUID: 00000000-00006736]
"manifest.json" has type "JSON data"- Location: [%TEMP%\6736_846825720\manifest.json]- [targetUID: 00000000-00006660]
"MANIFEST-000001" has type "PGP Secret Key -"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001]- [targetUID: 00000000-00000500]
"app-setup.js" has type "ASCII text with no line terminators"- Location: [%TEMP%\6736_539944405\app-setup.js]- [targetUID: 00000000-00006736]
"Content" has type "ASCII text"- Location: [%TEMP%\6736_500177779\Sigma\Content]- [targetUID: 00000000-00006736]
"Other" has type "ASCII text"- Location: [%TEMP%\6736_500177779\Mu\Other]- [targetUID: 00000000-00006736]
"Cryptomining" has type "ASCII text"- Location: [%TEMP%\6736_500177779\Sigma\Cryptomining]- [targetUID: 00000000-00006736]
"000001.dbtmp" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp]- [targetUID: 00000000-00000500]
"Last Version" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Last Version]- [targetUID: 00000000-00006736]
"strings.json" has type "ASCII text with no line terminators"- [targetUID: 00000000-00006736]
"a3e18bde-e160-403d-9830-2ce1add8319e.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\a3e18bde-e160-403d-9830-2ce1add8319e.tmp]- [targetUID: 00000000-00006736]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1]- [targetUID: 00000000-00006736]
"c0ed3e75-6a97-4884-9694-0a74a8c04add.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\c0ed3e75-6a97-4884-9694-0a74a8c04add.tmp]- [targetUID: 00000000-00006736]
"LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\6736_158597151\LICENSE]- [targetUID: 00000000-00006660]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-notification-shared\fr-CA\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "JSON data"- Location: [%TEMP%\6736_539944405\json\i18n-mobile-hub\fr\strings.json]- [targetUID: 00000000-00006736]
"tokenized-card.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"notification_fast.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"app-setup.js" has type "ASCII text with no line terminators"- Location: [%TEMP%\6736_539944405\Wallet-Checkout\app-setup.js]- [targetUID: 00000000-00006736]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6736_539944405\json\i18n-notification\pt-PT\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6736_539944405\json\i18n-notification\it\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6736_539944405\json\i18n-notification\zh-Hans\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6736_539944405\json\i18n-notification\ru\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6736_539944405\json\i18n-notification\ja\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6736_539944405\json\i18n-notification\ar\strings.json]- [targetUID: 00000000-00006736]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\6736_539944405\json\i18n-notification\fr\strings.json]- [targetUID: 00000000-00006736] - source
- Binary File
- relevance
- 3/10
- ATT&CK ID
- T1105 (Show technique in the MITRE ATT&CK™ matrix)
-
Drops a license file
- details
-
"vendor.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"wallet-drawer.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"notification.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"tokenized-card.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"notification_fast.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A] - source
- Binary File
- relevance
- 1/10
- ATT&CK ID
- T1083 (Show technique in the MITRE ATT&CK™ matrix)
-
Dropped files
-
Network Related
-
Communicates with HTTP webserver (GET/POST requests)
- details
-
Found http requests in header "GET /"
Found http requests in header "GET /img/brandsafe.png"
Found http requests in header "GET /img/logos.png"
Found http requests in header "GET /img/devices.png"
Found http requests in header "GET /img/mobiledevicegrid.png"
Found http requests in header "GET /img/floater.jpg"
Found http requests in header "GET /img/inter.jpg"
Found http requests in header "GET /img/wave.png"
Found http requests in header "GET /img/driftstream.png"
Found http requests in header "GET /img/instream.jpg"
Found http requests in header "GET /img/nativespot.jpg"
Found http requests in header "GET /ovideofinal.mp4"
Found http requests in header "GET /img/map.png"
Found http requests in header "GET /favicon-32x32.png" - source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071.001 (Show technique in the MITRE ATT&CK™ matrix)
-
Found mail related domain names
- details
-
Observed email domain:""colourpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""aepop.net"," [Source: wallet-pre-stable.json]
Observed email domain:""artpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""avenuepop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""bassettbmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""canvasmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""drinkolipop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""fashionfunpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""fastandloosebmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""flitebmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""fofopop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""gellipop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""gforcemx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""happipop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""hauzofpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""hiccapop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""hijabipop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""jellypop.la"," [Source: wallet-pre-stable.json]
Observed email domain:""kinkbmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""kloudkpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""knitpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""kpop.exchange"," [Source: wallet-pre-stable.json]
Observed email domain:""laperlamx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""lovepop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""lullipop.com"," [Source: wallet-pre-stable.json] - source
- File/Memory
- relevance
- 1/10
- ATT&CK ID
- T1071.003 (Show technique in the MITRE ATT&CK™ matrix)
-
Found potential URL in binary/memory
- details
-
Pattern match: "http://driftstreams.com/"
Pattern match: "http://driftstreams.com"
Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#"
Pattern match: "V.BZv/dhyO"
Pattern match: "02.o0Sv.HWy/j82Y@gm_=Cg&9083=e8F7KK94N}~"
Pattern match: "learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170Latest"
Pattern match: "search.yahoo.com/favicon.icohttps://search.yahoo.com/search{google:pathWildcard}?ei={inputEncoding}&fr=crmas_sfp&p={searchTerms}UTF-8https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command={searchTerms}485bf7d3-0215-45af-87dc-53886800000"
Pattern match: "https://ntp.msn.com/edge/ntp?locale=en&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531edge://settings/profileskeygjgieestate_{edge://settingsedge://settings/edge://settings/?search=smartkeygr10nmstate_{edge://settingsedge://settings/?search=smartedge"
Pattern match: "o.qSW/9&}i@zb"
Pattern match: "https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redisthttps://www.bing.com/ck/a?!&&p=dda47b155ec1706bJmltdHM9MTY3ODQwNjQwMCZpZ3VpZD0xYmQzZjhjNS1lMTdlLTZ"
Pattern match: "ns.adobe.com/xap/1.0/"
Pattern match: "https://ntp.www.office.com&_https://ntp.msn.comCookieSyncExpiry'_https://ntp.msn.comDefaultFeedPolicy_https://ntp.msn.comGpuExist/_https://ntp.msn.comNOTIFICATION_CACHE_LS_KEY_https://ntp.msn.combkgdV+_https://ntp.msn.combreakingNewsDismissed"
Pattern match: "edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_etree_light.png/1.1.9/asset2caf0cf4-ea42-4083-b928-29b39da1182bhttps://edgeassetservice.azureedge.net/assets/edge_hub_apps_dall_e_light.png/1.0.11/asset64be4f9b-3b81-4b6e-b354-0ba00d6ba485https://"
Pattern match: "www.clarity.msCLIDv10"
Pattern match: "https://learn.microsoft.com/favicon.ico$Mhttps://www.bing.com/favicon.icoghttp://www.driftstreams.com/favicon-32x32.png@https://assets.msn.com/statics/icons/favicon_newtabpage.pnghttps://www.bing.com/search?q=vs+crt+redist&cvid=b24c929981144c99bf0711b78929"
Pattern match: "https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redisthttps://www.bing.com/ck/a?!&&p=dda47b155ec1706bJmltdHM9MTY3ODQwNjQwMCZpZ3VpZD0xYmQzZjhjNS1lMTdlLTZkNzctMWUxYi1lYWE2ZTU3ZTYzMzUmaW5zaWQ9NTE4Ng&ptn=3&hsh=3&fclid=1bd3f8c5-e17e-6d77-1e1b-"
Pattern match: "https://www.bestbuy.com/site/help-topics/price-match-guarantee/pcmcat290300050002.c?id=pcmcat290300050002},costco.com:{policyDays:30,supportPageUrl:https://customerservice.costco.com/app/answers/detail/a_id/628/~/price-adjustment---costco.com-orders,u"
Pattern match: "github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.4.7/npp.8.4.7.portable.x64.7zhttps://objects.githubusercontent.com/github-production-release-asset-2e65be/33014811/42d9bc38-89f0-48d8-94ec-d1f3649d2fc3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-A"
Pattern match: "https://chrome.google.com/webstore},urls:[https://chrome.google.com/webstore]},description:Discover"
Pattern match: "avocet.io/aprecision.net/adpdealerservices.com/nuffnang.com.my/demdex.net/augur.io/cmmeglobal.com/adrolays.com/atrinsic.com/acuityads.com/wishabi.net/admedia.com/vertamedia.com/adworx.at/2leep.com/globe7.com/awaps.yandex.ru/i-behavior.com/reklamstore.com/m"
Pattern match: "https://github.com/easylist"
Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE53r3l?ver=5412,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE53bta?ver=2bf3,update_period:86400},creativeId:128000000003595"
Pattern match: "https://www.coupert.com"
Pattern match: "http://www.driftstreams.com/We"
Pattern match: "http://www.w3.org/2000/svg,svg"
Pattern match: "http://www.driftstreams.com/http://driftstreams.com/http://www.driftstreams.com/http://driftstreams.com/http://www.driftstreams.com/http://driftstreams.com/http://www.driftstreams.com/http://driftstreams.com/http://www.driftstreams.com/http://driftstreams."
Pattern match: "google.as/cambio.com/chrome.google.com/theboombox.com/baynote.com/aolanswers.com/tidaltv.com/disqus.com/heyzap.com/google.com.au/google.co.id/google.kg/google.co.ve/google.nr/yahoo.com/autoblog.com/feedproxy.google.com/s-msn.com/mandatory.com/noisecreep.co"
Pattern match: "https://googleads.g.doubleclick.net/next-map-idQnamespace-3bbc91a6_51d0_4200_9fa7_2e3ec0fddf25-https://tpc.googlesyndication.com/34U"
Pattern match: "https://www.clarity.ms,supports_spdy:true},{anonymization:[],server:https://microsoftedgewelcome.microsoft.com,supports_spdy:true},{anonymization:[],server:https://edgefrecdn.azureedge.net,supports_spdy:true},{anonymization:[],server"
Pattern match: "cmail26.com/indexww.com/mkt5654.com/snapchat.com/mgid.com/zendable.com/mkt3798.com/adsafety.net/technical-service.net/hybrid.ai/contentsquare.net/mkt32.net/helpscout.net/admanmedia.com/mkt8756.com/dmxleo.com/mkt9430.com/basis.net/mailstat.us/mkt7832.com/bf"
Pattern match: "acxiom.com/atinternet.com/hitslink.com/mm7.net/go-mpulse.net/retailautomata.com/free-pagerank.com/amplitude.com/i-stats.com/dl-rms.com/enquisite.com/p.brsrvr.com/onestat.com/lyris.com/alexametrics.com/inboundwriter.com/awio.com/betssonpalantir.com/xiti.com"
Pattern match: "autofill.account.microsoft.com/,type"
Pattern match: "emaillabs.co/open.mkt4477.com/open.mkt10008.com/open.mkt6917.com/open.mkt1946.com/convertkit-mail5.com/social-tracker.msedgedemo.example/open.mkt8062.com/open.mkt8008.com/open.mkt6316.com/m3651.net/open.mkt6793.com/open.mkt3838.com/open.mkt4158.com/eds5.ma"
Pattern match: "www.microsoft365.com"
Pattern match: "jedwatson.github.io/classnames"
Pattern match: "https://github.com/focus-trap/tabbable/blob/master/LICENSE"
Pattern match: "ad-maven.com/appcast.io/leadlander.com/affasi.com/clixtell.com/adgainersolutions.com/franecki.net/pixanalytics.com/wrethicap.info/ismatlab.com/y-track.com/ecsanalytics.com/albacross.com/bgclck.me/lptracker.io/ze-fir.com/eyereturn.com/bitmedia.io/azetklik.s"
Pattern match: "https://github.com/jsstyles/css-vendor"
Pattern match: "anybest.site/webmine.pro/jsecoin.com/flightzy.bid/nerohut.com/flightsy.bid/coinpot.co/yololike.space/flightzy.win/zymerget.bid/bitcoin-pay.eu/freecontent.stream/authedwebmine.cz/zymerget.faith/hostingcloud.racing/mineralt.io/dinorslick.icu/coinhive.com/bms"
Pattern match: "ufpcdn.com/vdx.tv/ebaystatic.com/ad4m.at/00px.net/warumbistdusoarm.space/ownpage.fr/smct.io/ansira.com/photorank.me/fengkongcloud.com/vtex.com.br/vocento.com/ie8eamus.com/flocktory.com/justpremium.com/dynata.com/stripst.com/adskeeper.com/curalate.com/vptms"
Pattern match: "auth.adobe.com/^/horizonte.browserapps.amazon.com/^/horizonte.browserapps.amazon.de/^/horizonte.browserapps.amazon.ca/^/acrobatservices.adobe.com/^/signin.aws.amazon.com/^/horizonte-browserapps.amazon.com.br/^/zendesk.com/^/my.salesforce.com/^/disqus.com/^"
Pattern match: "mail.google.com/apps.fbsbx.com/fb.com/developers.google.com/friendfeed.com/social-tracker.msedgedemo.example/googlemail.com/facebook.com/plus.google.com/fbsbx.com/voice.google.com/facebook.de/facebook.fr/wave.google.com/twimg.com/orkut.com/twitter.jp/gmail"
Pattern match: "assets.db/MANIFEST-0000012023/09/12-20:17:06.905"
Pattern match: "EntityExtractionAssetStore.db/MANIFEST-000001"
Pattern match: "www.googletagmanager.com/gtag/js?id=G-HP10MXCF8P&l=dataLayer&cx=c"
Pattern match: "js-agent.newrelic.com/nr-rum.1efcb83a-1.239.1.min.js"
Pattern match: "www.googletagmanager.com/gtag/js?id=UA-150907939-1"
Pattern match: "www.google-analytics.com/analytics.js"
Pattern match: "code.jquery.com/jquery-3.4.1.min.js"
Pattern match: "zadn.vn/ansira.com/fcmatch.google.com/origo.hu/fcmatch.youtube.com/refersion.com/flocktory.com/vtex.com.br/rqtrk.eu/vocento.com/fingerprinter.msedgedemo.example/"
Pattern match: "gimbal.com/thirdwatch.ai/fndrsp.net/analytics-tracker.msedgedemo.example/cuebiq.com/inrix.com/zoominfo.com/clarity.ms/"
Pattern match: "microsoftedgeinsider.com/Fabrikam^microsoftedgeinsider.com/VanArsdel^microsoftedgeinsider.com/"
Pattern match: "fcmatch.youtube.com/fcmatch.google.com/other-tracker.msedgedemo.example/"
Pattern match: "https://reactjs.org/docs/error-decoder.html?invariant=+e,o=1;o"
Pattern match: "http://www.w3.org/2000/svg"
Pattern match: "Math.PI/180"
Heuristic match: "driftstreams.com"
Pattern match: "www.driftstreams.com"
Pattern match: "www.driftstreams.comConnection"
Pattern match: "Math.PI/180,grad:Math.PI/200,rad:1,turn:2*Math.PI},turn:{deg:1/360,grad:1/400,rad:.5/Math.PI,turn:1},s:{s:1,ms:.001},ms:{s:1e3,ms:1},Hz:{Hz:1,kHz:1e3},kHz:{Hz:.001,kHz:1},dpi:{dpi:1,dpcm:1/2.54,dppx:1/96},dpcm:{dpi:2.54,dpcm:1,dppx:2.54/96},dppx:{dpi:96,dp"
Heuristic match: "analytics.google.com"
Heuristic match: "bam.nr-data.net"
Heuristic match: "code.jquery.com"
Heuristic match: "fonts.googleapis.com"
Heuristic match: "fonts.gstatic.com"
Heuristic match: "js-agent.newrelic.com"
Heuristic match: "js.ad-score.com"
Heuristic match: "stats.g.doubleclick.net"
Pattern match: "www.bing.com"
Pattern match: "www.google.com"
Pattern match: "https://github.com/microsoft/fast/issues/5848\n"
Pattern match: "www.klarna.com"
Pattern match: "www.gstatic.com"
Pattern match: "www.transunion.com"
Pattern match: "www.googletagmanager.com"
Pattern match: "www.facebook.com"
Pattern match: "www.googleadservices.com"
Pattern match: "http://custom.transaction"
Pattern match: "https://fonts.googleapis.com/css?family=Montserrat:200,500,700&display=swap"
Pattern match: "https://fonts.googleapis.com/css?family=Vollkorn:600,700&display=swap"
Pattern match: "https://code.jquery.com/jquery-3.4.1.min.js"
Pattern match: "https://www.googletagmanager.com/gtag/js?id=UA-150907939-1"
Pattern match: "https://js.ad-score.com/score.min.js?pid=1000569&adid=tlink&l6=PM_IS_ADID_CLICKED#"
Pattern match: "http://meyerweb.com/eric/tools/css/reset/"
Pattern match: "https://cdn.driftstreams.com/Unsub/Unsub.html"
Pattern match: "http://www.w3.org/2000/svg};class"
Pattern match: "https://reactjs.org/docs/error-decoder.html?invariant=+e,i=1;i"
Pattern match: "https://aka.ms/EdgeSaveCardFAQ,gs.UseVirtualCardLearnMore=https://aka.ms/EdgeVirtualCardFAQ,gs.WalletSettings=edge://wallet/settings,gs.microsoftRewardsDashboardURL=https://rewards.microsoft.com/,gs.microsoftRewardsRedeemURL=https://rewards.microso"
Pattern match: "www.gap.com"
Pattern match: "www.gapfactory.com"
Pattern match: "www2.hm.com"
Pattern match: "www.gapcanada.ca"
Pattern match: "www2.factoryoutletstore.com"
Pattern match: "www2.invoicecloud.com"
Pattern match: "www1.ussailing.org"
Pattern match: "www2.doggysuperfoods.com"
Pattern match: "www1.agenciatributaria.gob.es"
Pattern match: "www9.agenciatributaria.gob.es"
Pattern match: "www.vaxvacationaccess.com"
Pattern match: "www2.promap.co.uk"
Pattern match: "www2.correios.com.br"
Pattern match: "www2.stanlycountync.gov"
Pattern match: "www2.registerblast.com"
Pattern match: "www5.maine.gov"
Pattern match: "www2.haircarerefined.com"
Pattern match: "www2.tonyprotein.com"
Pattern match: "www2.vinesse.com"
Pattern match: "www5.ibackup.com"
Pattern match: "www3.thedatabank.com"
Pattern match: "www2.helminc.com"
Pattern match: "www2.unifyhealthlabs.com"
Pattern match: "www3.benefitsolver.com"
Pattern match: "www1.nobexpartners.com"
Pattern match: "www6.agenciatributaria.gob.es"
Pattern match: "www2.kintsugihair.com"
Pattern match: "www2.lectinblocker.com"
Pattern match: "www1.hhrd.org"
Pattern match: "www6.lifeatworkportal.com"
Pattern match: "www3.mutualofomaha.com"
Pattern match: "www3.masterwriter.com"
Pattern match: "www1.carey.com"
Pattern match: "www2.gundrymdtotalrestore.com"
Pattern match: "www2.ymtvacations.com"
Pattern match: "www2.invisicrepe.com"
Pattern match: "www2.americanprofessional.com"
Pattern match: "www2.ambrose.edu"
Pattern match: "www1.netfirms.com"
Pattern match: "www2.agenciatributaria.gob.es"
Pattern match: "www1.12cloudpayroll.com"
Pattern match: "www2.bwproducers.com"
Pattern match: "www2.bhdpanama.com"
Pattern match: "www2.fl-dcf.org"
Pattern match: "www3.sylectus.com"
Pattern match: "www1.iaproducers.com"
Pattern match: "www1.mydomain.com"
Pattern match: "www1.payroo.com"
Pattern match: "www40.polyu.edu.hk"
Pattern match: "www2.csebo.it"
Pattern match: "www3.subcontrataley.cl"
Pattern match: "www4.texashealth.org"
Pattern match: "www2.drmartypets.com"
Heuristic match: "141_v_v.drlftstreams.com" - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Communicates with HTTP webserver (GET/POST requests)
-
Unusual Characteristics
-
Detected known bank URL artifact
- details
-
""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")
""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")
""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""beautiiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""beautyandwhiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""bellagracehealthscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""belleandbubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""beyondblessedscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""blingbykey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""boosted-luckey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""bowlingmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""burgeonbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")
""busybeescrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""cabbagekey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""coatsandscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""codenxtscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""cognitiontsscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""concreterosescrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com") - source
- File/Memory
- relevance
- 2/10
-
Detected known bank URL artifact
Session Details
No relevant data available.
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 37 processes in total.
-
rundll32.exe
"%WINDIR%\system32\ieframe.dll",OpenURL C:\sample.url
(PID: 4648)
-
msedge.exe
--single-argument http://driftstreams.com/
(PID: 6736)
- msedge.exe --type=crashpad-handler "--user-data-dir=%LOCALAPPDATA%\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=%LOCALAPPDATA%\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=107.0.5304.110 "--annotation=exe=%PROGRAMFILES%\(x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=107.0.1418.56 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0x164,0x7ffce9c9b208,0x7ffce9c9b218,0x7ffce9c9b228 (PID: 7340)
- msedge.exe --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:2 (PID: 5996)
- msedge.exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:3 (PID: 5740)
- msedge.exe --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:8 (PID: 7720)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --time-ticks-at-unix-epoch=-1694573720905763 --launch-time-ticks=1061843152 --mojo-platform-channel-handle=2912 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:1 (PID: 7460)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --time-ticks-at-unix-epoch=-1694573720905763 --launch-time-ticks=1062407793 --mojo-platform-channel-handle=2936 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:1 (PID: 1400)
- msedge.exe --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3508 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:8 (PID: 8108)
- msedge.exe --type=renderer --extension-process --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --time-ticks-at-unix-epoch=-1694573720905763 --launch-time-ticks=1063320369 --mojo-platform-channel-handle=3580 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:1 (PID: 1664)
- msedge.exe --type=renderer --extension-process --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --time-ticks-at-unix-epoch=-1694573720905763 --launch-time-ticks=1063824040 --mojo-platform-channel-handle=3604 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:1 (PID: 6952)
- msedge.exe --type=renderer --extension-process --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --time-ticks-at-unix-epoch=-1694573720905763 --launch-time-ticks=1064301422 --mojo-platform-channel-handle=3748 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:1 (PID: 3360)
- msedge.exe --type=renderer --extension-process --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --time-ticks-at-unix-epoch=-1694573720905763 --launch-time-ticks=1064936094 --mojo-platform-channel-handle=3808 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:1 (PID: 7044)
- msedge.exe --type=renderer --extension-process --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --time-ticks-at-unix-epoch=-1694573720905763 --launch-time-ticks=1065695348 --mojo-platform-channel-handle=3832 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:1 (PID: 7640)
- msedge.exe --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5868 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:8 (PID: 7604)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5976 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:8 (PID: 2920)
- msedge.exe --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5956 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:8 (PID: 3536)
- msedge.exe --type=utility --utility-sub-type=entity_extraction_service.mojom.PageScreenshotProcessor --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6712 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:8 (PID: 6716)
- msedge.exe --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6708 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:8 (PID: 5972)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5832 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:8 (PID: 7352)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2016 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:8 (PID: 4976)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6760 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:8 (PID: 6416)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2016 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:8 (PID: 6660)
- msedge.exe --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.16299.192 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5844 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:2 (PID: 3164)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5916 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:8 (PID: 7516)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2020 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:8 (PID: 8120)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1648 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:8 (PID: 8096)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5024 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:8 (PID: 7704)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4960 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:8 (PID: 6780)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5084 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:8 (PID: 7700)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5480 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:8 (PID: 7312)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4996 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:8 (PID: 5640)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5756 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:8 (PID: 7556)
- msedge.exe --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=3840 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:8 (PID: 500)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --time-ticks-at-unix-epoch=-1694573720905763 --launch-time-ticks=1361271374 --mojo-platform-channel-handle=5752 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:1 (PID: 7764)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --time-ticks-at-unix-epoch=-1694573720905763 --launch-time-ticks=1361577943 --mojo-platform-channel-handle=5664 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:1 (PID: 6848)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --time-ticks-at-unix-epoch=-1694573720905763 --launch-time-ticks=1361907121 --mojo-platform-channel-handle=4784 --field-trial-handle=2092,i,14007427107281829382,10173434909086600852,131072 /prefetch:1 (PID: 620)
-
msedge.exe
--single-argument http://driftstreams.com/
(PID: 6736)
Network Analysis
DNS Requests
Domain | Address | Registrar | Country |
---|---|---|---|
analytics.google.com
OSINT |
172.217.12.110
TTL: 22 |
MarkMonitor, Inc.
Organization: Google Inc. Name Server: NS1.GOOGLE.COM Creation Date: 1997-09-15T00:00:00 |
United States |
bam.nr-data.net
OSINT |
162.247.243.29
TTL: 1090 |
Rebel.com
Organization: New Relic Name Server: DNS1.P07.NSONE.NET Creation Date: 2014-04-11T00:00:00 |
United States |
code.jquery.com
OSINT |
69.16.175.42
TTL: 68 |
ENOM, INC.
Organization: JS FOUNDATION Name Server: GEORGE.NS.CLOUDFLARE.COM Creation Date: 2005-12-10T00:00:00 |
United States |
driftstreams.com
OSINT |
155.138.242.48
TTL: 300 |
GoDaddy.com, LLC
Organization: Domains By Proxy, LLC Name Server: FIONA.NS.CLOUDFLARE.COM Creation Date: 2019-10-09T01:17:54 |
United States |
fonts.googleapis.com
OSINT |
142.250.189.234
TTL: 39 |
MarkMonitor, Inc.
Organization: Google Inc. Name Server: NS1.GOOGLE.COM Creation Date: 2005-01-25T00:00:00 |
United States |
fonts.gstatic.com
OSINT |
142.250.189.227
TTL: 110 |
MarkMonitor, Inc.
Organization: Google Inc. Name Server: NS1.GOOGLE.COM Creation Date: 2008-02-11T00:00:00 |
United States |
js-agent.newrelic.com
OSINT |
151.101.2.137
TTL: 4346 |
Rebel.com
Organization: New Relic Name Server: DNS1.P07.NSONE.NET Creation Date: 2006-04-19T00:00:00 |
United States |
js.ad-score.com
OSINT |
18.238.192.66
TTL: 2143 |
GODADDY.COM, LLC
Organization: Protected Media Name Server: NS53.DOMAINCONTROL.COM Creation Date: 2014-08-01T00:00:00 |
United States |
stats.g.doubleclick.net
OSINT |
142.250.101.154
TTL: 31 |
MarkMonitor, Inc.
Organization: Google Inc. Name Server: NS1.GOOGLE.COM Creation Date: 1996-01-16T00:00:00 |
United States |
www.bing.com |
69.192.139.214
TTL: 4156 |
- | United States |
www.driftstreams.com |
155.138.242.48
TTL: 300 |
- | United States |
www.google.com |
142.250.189.196
TTL: 44 |
- | United States |
Contacted Hosts
IP Address | Port/Protocol | Associated Process | Details |
---|---|---|---|
155.138.242.48 |
80
TCP |
msedge.exe PID: 5740 |
United States |
142.250.189.234 |
443
TCP |
msedge.exe PID: 5740 |
United States |
69.16.175.42 |
443
TCP |
msedge.exe PID: 5740 |
United States |
142.250.189.227 |
443
TCP |
msedge.exe PID: 5740 |
United States |
69.192.139.214 |
443
TCP |
msedge.exe PID: 5740 |
United States |
18.238.192.66 |
443
TCP |
msedge.exe PID: 5740 |
United States |
142.250.101.154 |
443
TCP |
msedge.exe PID: 5740 |
United States |
172.217.12.110 |
443
TCP |
msedge.exe PID: 5740 |
United States |
142.250.101.154 |
443
UDP |
msedge.exe PID: 5740 |
United States |
151.101.2.137 |
443
TCP |
msedge.exe PID: 5740 |
United States |
162.247.243.29 |
443
TCP |
msedge.exe PID: 5740 |
United States |
142.250.189.196 |
443
TCP |
msedge.exe PID: 5740 |
United States |
69.192.139.229 |
443
UDP |
msedge.exe PID: 5740 |
United States |
216.239.32.181 |
443
UDP |
msedge.exe PID: 5740 |
United States |
142.251.2.155 |
443
UDP |
msedge.exe PID: 5740 |
United States |
Contacted Countries
HTTP Traffic
Endpoint | Request | URL | |
---|---|---|---|
155.138.242.48:80 (driftstreams.com) | GET | driftstreams.com/ | GET / HTTP/1.1
Host: driftstreams.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9 301 Moved Permanently More Details |
155.138.242.48:80 (www.driftstreams.com) | GET | www.driftstreams.com/ | GET / HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9 200 OK More Details |
155.138.242.48:80 (www.driftstreams.com) | GET | www.driftstreams.com/img/brandsafe.png | GET /img/brandsafe.png HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9 200 OK More Details |
155.138.242.48:80 (www.driftstreams.com) | GET | www.driftstreams.com/img/logos.png | GET /img/logos.png HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9 200 OK More Details |
155.138.242.48:80 (www.driftstreams.com) | GET | www.driftstreams.com/img/devices.png | GET /img/devices.png HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9 200 OK More Details |
155.138.242.48:80 (www.driftstreams.com) | GET | www.driftstreams.com/img/mobiledevicegrid.png | GET /img/mobiledevicegrid.png HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9 200 OK More Details |
155.138.242.48:80 (www.driftstreams.com) | GET | www.driftstreams.com/img/floater.jpg | GET /img/floater.jpg HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9 200 OK More Details |
155.138.242.48:80 (www.driftstreams.com) | GET | www.driftstreams.com/img/inter.jpg | GET /img/inter.jpg HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9 200 OK More Details |
155.138.242.48:80 (www.driftstreams.com) | GET | www.driftstreams.com/img/wave.png | GET /img/wave.png HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9 200 OK More Details |
155.138.242.48:80 (www.driftstreams.com) | GET | www.driftstreams.com/img/driftstream.png | GET /img/driftstream.png HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9 200 OK More Details |
155.138.242.48:80 (www.driftstreams.com) | GET | www.driftstreams.com/img/instream.jpg | GET /img/instream.jpg HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9 200 OK More Details |
155.138.242.48:80 (www.driftstreams.com) | GET | www.driftstreams.com/img/nativespot.jpg | GET /img/nativespot.jpg HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9 200 OK More Details |
155.138.242.48:80 (www.driftstreams.com) | GET | www.driftstreams.com/ovideofinal.mp4 | GET /ovideofinal.mp4 HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept-Encoding: identity;q=1, *;q=0
Accept: */*
Referer: http://www.driftstreams.com/
Accept-Language: en-US,en;q=0.9
Range: bytes=0- 206 Partial Content More Details |
155.138.242.48:80 (www.driftstreams.com) | GET | www.driftstreams.com/img/map.png | GET /img/map.png HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9 200 OK More Details |
155.138.242.48:80 (www.driftstreams.com) | GET | www.driftstreams.com/favicon-32x32.png | GET /favicon-32x32.png HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.driftstreams.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga_HP10MXCF8P=GS1.1.1694574964.1.0.1694574964.60.0.0; _ga=GA1.2.1824567975.1694574965; _gid=GA1.2.1346945626.1694574... 200 OK More Details |
155.138.242.48:80 (www.driftstreams.com) | GET | www.driftstreams.com/ovideofinal.mp4 | GET /ovideofinal.mp4 HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept-Encoding: identity;q=1, *;q=0
Accept: */*
Referer: http://www.driftstreams.com/
Accept-Language: en-US,en;q=0.9
Cookie: _ga_HP10MXCF8P=GS1.1.1694574964.1.0.1694574964.60.0.0; _ga=GA1.2.1824567975.1694574965; _gid=GA1.2.1346945626.1694574965; _gat_gtag_UA_150907939_1=1
Range: bytes=6... 206 Partial Content More Details |
155.138.242.48:80 (www.driftstreams.com) | GET | www.driftstreams.com/ovideofinal.mp4 | GET /ovideofinal.mp4 HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept-Encoding: identity;q=1, *;q=0
Accept: */*
Referer: http://www.driftstreams.com/
Accept-Language: en-US,en;q=0.9
Cookie: _ga_HP10MXCF8P=GS1.1.1694574964.1.0.1694574964.60.0.0; _ga=GA1.2.1824567975.1694574965; _gid=GA1.2.1346945626.1694574965; _gat_gtag_UA_150907939_1=1
Range: bytes=1... 206 Partial Content More Details |
155.138.242.48:80 (www.driftstreams.com) | GET | www.driftstreams.com/ovideofinal.mp4 | GET /ovideofinal.mp4 HTTP/1.1
Host: www.driftstreams.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept-Encoding: identity;q=1, *;q=0
Accept: */*
Referer: http://www.driftstreams.com/
Accept-Language: en-US,en;q=0.9
Cookie: _ga_HP10MXCF8P=GS1.1.1694574964.1.0.1694574964.60.0.0; _ga=GA1.2.1824567975.1694574965; _gid=GA1.2.1346945626.1694574965; _gat_gtag_UA_150907939_1=1
Range: bytes=6... 206 Partial Content More Details |
Suricata Alerts
Event | Category | Description | SID |
---|---|---|---|
171.25.193.234 -> local:49723 (TCP) | Misc Attack | ET TOR Known Tor Exit Node Traffic group 36 | 2520035 |
171.25.193.234 -> local:49723 (TCP) | Misc Attack | ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 36 | 2522035 |
148.113.162.135 -> local:49727 (TCP) | Misc Attack | ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 273 | 2522272 |
65.21.251.26 -> local:49726 (TCP) | Misc Attack | ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 753 | 2522752 |
65.21.251.26 -> local:49726 (TCP) | Misc Attack | ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 753 | 2522752 |
5.9.56.249 -> local:49736 (TCP) | Misc Attack | ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 742 | 2522741 |
217.160.49.126 -> local:49737 (TCP) | Misc Attack | ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 466 | 2522465 |
148.113.162.135 -> local:49785 (TCP) | Misc Attack | ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 273 | 2522272 |
171.25.193.234 -> local:49723 (TCP) | Misc Attack | ET TOR Known Tor Exit Node Traffic group 36 | 2520035 |
171.25.193.234 -> local:49723 (TCP) | Misc Attack | ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 36 | 2522035 |
65.21.251.26 -> local:49820 (TCP) | Misc Attack | ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 753 | 2522752 |
148.113.162.135 -> local:49831 (TCP) | Misc Attack | ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 273 | 2522272 |
148.113.162.135 -> local:49848 (TCP) | Misc Attack | ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 273 | 2522272 |
65.21.251.26 -> local:49726 (TCP) | Misc Attack | ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 753 | 2522752 |
171.25.193.234 -> local:49723 (TCP) | Misc Attack | ET TOR Known Tor Exit Node Traffic group 36 | 2520035 |
171.25.193.234 -> local:49723 (TCP) | Misc Attack | ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 36 | 2522035 |
148.113.162.135 -> local:49727 (TCP) | Misc Attack | ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 273 | 2522272 |
65.21.251.26 -> local:49726 (TCP) | Misc Attack | ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 753 | 2522752 |
148.113.162.135 -> local:49881 (TCP) | Misc Attack | ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 273 | 2522272 |
Extracted Strings
Extracted Files
Displaying 51 extracted file(s). The remaining 318 file(s) are available in the full version and XML/JSON reports.
-
Informative Selection 51
-
-
0d872c38-5c0e-4c6f-8f0d-1e4d6c54d64c.tmp
- Size
- 59KiB (60782 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- 059cce0c2dd2fd33e21a627edca9b39c
- SHA1
- f61d5a77e577591f8d41b50fee271803679a6566
- SHA256
- 8036b4d481c7e6e898a6c24bdcaf9c4c9425a17e600665d1cfdf5e7a4c6fc753
-
1d4d6cbe-3b0a-452d-a488-63e6eadbef8c.tmp
- Size
- 59KiB (60773 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- 8860889f3678db176e652465a5f7eff5
- SHA1
- e66226f8fc4fd4830cef4ca0cbaca647bbba7aa7
- SHA256
- 4527b5ec04efd3ccb417e494db0633a8a52db72fcbe19caa5d448636bbac5a31
-
25092797-1bc2-43c7-92e4-fcaca1108399.tmp
- Size
- 59KiB (60773 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- 6fe305ef0dd03788ae8f2b482a7f47f2
- SHA1
- 2607fdebfc89d8db49c976719f174fadd3909662
- SHA256
- ad9dea5f550e9a9ce0c5dddb4763bd20e2075512103bbb0053476864af53b4be
-
6f5b2457-c6fb-445c-8902-589d0bd0c6fd.tmp
- Size
- 59KiB (60583 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- 54ea5993c01cb81649d70ffbc0660dbc
- SHA1
- 0a2f903d66389ad737f8199a1b8ed8c2ec141b29
- SHA256
- 82c081dfe6da851f07e5d633312e90b471b7feba2e79bfc7ebbfc3ded9490149
-
7a63a58a-5fd7-4c29-8db6-f308dccbf551.tmp
- Size
- 59KiB (60773 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- f24fc65f561805fb3ce107210538b9b1
- SHA1
- 8fb1eb61a3d6108b314d44a6d294b80f5b6cd53e
- SHA256
- 0c1c1486ab9ae0f776fd6787a3fea069c4a726f705cf223e4c88d714b418394e
-
8a219047-31c7-4c6c-86b3-80af7a23a6af.tmp
- Size
- 59KiB (60773 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- d96dc6ad22fa9c3c3fe4316ea655cf1f
- SHA1
- 876eb451dfc427a76545f11ba3f6f861ae7beabf
- SHA256
- 0994854e3e2a64281fe999f4e4312c30ffb971a493b3ec6bdb6faf4a5772fc85
-
9376397f-9cf0-4eab-b806-4c97a57c13ea.tmp
- Size
- 59KiB (60773 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- 37e199f6f8e53d07c81652dfc7bbcd69
- SHA1
- 2f644900bc181f7283c747b0ee2908bc8c66b78b
- SHA256
- 4bfd5737c59a3ea4deb9d3a1de024dc86631b1bf0ef78463d5a4f392378cdeb5
-
38a9297e-ce98-4ce9-bc4b-9d3e475a1d7c.tmp
- Size
- 91KiB (93083 bytes)
- Type
- data
- Description
- JSON data
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- 094ae2b7e4fdee6ce50734a22217b8af
- SHA1
- 497c7d1b2fbed1a0059d36afb566273dc2d127a3
- SHA256
- 348473777c271ee8c307bdfd55ef3b9a5a6f3465b99a235bce960f3a6f91546c
-
settings.dat
- Size
- 280B (280 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 7340)
- MD5
- dc7fe4d952f8042a8a1845529081e2a8
- SHA1
- 7cc89f7277b4ca3023cd39beeff45226f5b88e1d
- SHA256
- cb7be7aac22e0315f628695d59d6952db1e648f99af5f58bd164300e0387a90f
-
07c1de5b-fa52-46e7-b51c-f024a5927bd4.tmp
- Size
- 23KiB (23537 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- e3a4e7518e6b49044c6911af734103b1
- SHA1
- 3c81936bcf03d0cec3bc9ff6a84785d6f9ac716b
- SHA256
- a04dc4ca7c6f66a178d7599d14eac2175d1fa18f1dfcec470919cc8742b6f31e
-
3ad16dc6-aea5-4ff8-be25-2e4243f217bd.tmp
- Size
- 389KiB (397860 bytes)
- Type
- text
- Description
- UTF-8 Unicode text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- 9066b5d0029623d8fd165dc3e8f9e3e6
- SHA1
- 419a20c4d7ea087e8b860ab5ae22f8df2c0666b1
- SHA256
- b763d22ffbb7d6d9b3154a3f2fdd375d06d14ffa6776bf2dc7a7b6d4b261be86
-
46b4aacd-bb3c-4312-ac04-10922c28884c.tmp
- Size
- 80KiB (82073 bytes)
- Type
- data
- Description
- JSON data
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- 4c3b814fc7bcb2cd0b13a88fa7da7101
- SHA1
- 53b6e5854524cf001c611b3d3474e6dc86a61ae8
- SHA256
- 6eb70da269010a7bfadd2a9c35ce31128538661a4c81d3860a9662e32db0081d
-
4bb78195-7f0b-4a64-a72f-1ffa5982c22f.tmp
- Size
- 23KiB (23535 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- 4867033820eb75d5276352be0721251c
- SHA1
- 648dbcadd6258c82879a33babf34c1b9b536b74a
- SHA256
- de6a65faa9f9cd38c54d1a298b4be0e5c7992bbddd744c3e79a27ece41aaed73
-
5d3ac82e-33e2-458c-9511-af59e8361684.tmp
- Size
- 23KiB (23911 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- ca917c050592ec4e274471ccca824607
- SHA1
- a90d6da14b7b0d01b618aa11da96ece93033c28c
- SHA256
- 05035b35d0913571835c26c545abd753fc2ffa017c6854917d94777b2d4f5bf6
-
6d8b00d4-86b1-4e98-bfb0-6de955f87e6c.tmp
- Size
- 23KiB (23656 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- 59baa8cb4661afe923bafa6ab2e531f4
- SHA1
- 09a5bde67b1f416930b8bc9bcc153938027eeebf
- SHA256
- 2d48888c26ca1a428b48786772ffba16a0af0e5d285f0da2a08c7a98b08988d5
-
85245ae1-a2f0-4fc0-825a-3d1215255f4c.tmp
- Size
- 23KiB (23520 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- bbc804650c47a1c8578762b0193449e4
- SHA1
- a41dc1f67ff3ad4b1c474545c430199b9da19c07
- SHA256
- 19f70da43b08755c7c236abf48d6d56a29b8951d119759baff7de94493f566c1
-
000003.log
- Size
- 949KiB (971576 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 500)
- MD5
- 2bd65d28ad6cfc3e244b749450381e9a
- SHA1
- 9f6eb6867c1ff3799f54c48022cb5cc14721a15b
- SHA256
- 2ea9651949bb123d86e67e6c21295e9f3ce459f33ed99350b7b2cbe1bfa8dafb
-
LOG
- Size
- 338B (338 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- msedge.exe (PID: 500)
- MD5
- 4ae15345f50bd67f01dbae23008f2e7c
- SHA1
- 0dce32b6ea30a64fc7f2a50192f462b91d077c49
- SHA256
- c6863ea9729198cd8a86c8d0ef411eeeac1ec8e0c5877bb3dd3b25f1479eaec5
-
data_0
- Size
- 116KiB (118784 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- c39e7ac9f1aca0d410689a54d081fb45
- SHA1
- 13194e623b2774a950ec1b8609973eddf5e82512
- SHA256
- 3c789be744e892a75f1d322528b5b25addeab915fe66e94768d6c9d534e68f6c
-
data_1
- Size
- 560KiB (573440 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- 218943e0990b4947215c3250a8fa0e25
- SHA1
- 98876e59c703f2e08ad07068cbcc45e320bf39dd
- SHA256
- c10a4521784244f1ab309f8f9a3b0a023e52a96fdbe49bed24d1cd478e0a97f9
-
f_0004c3
- Size
- 19KiB (19351 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 63645
- Runtime Process
- msedge.exe (PID: 5740)
- MD5
- 93a57c2984d2f1f158ef549596925b25
- SHA1
- 7833523e182b2870e38a2bc58e86ef6d122aa4af
- SHA256
- 791ef2e860ef41260faa87aac4fb221079a30f058a1b6334797f5c57cb7275d2
-
f_0004c4
- Size
- 30KiB (30638 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 88145
- Runtime Process
- msedge.exe (PID: 5740)
- MD5
- 9abb42735168ac9e960b770179b642aa
- SHA1
- 11475bf8c7244af7a820108b7762e7a3f95aa52c
- SHA256
- df53c09a6546b3d23dc0b2d0d92c39808c5663a75f4bf1f8d035fd11b7c81243
-
f_0004c5
- Size
- 55KiB (56384 bytes)
- Type
- img image
- Description
- JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Macintosh), datetime=2019:10:16 16:52:56], progressive, precision 8, 1280x1000, components 3
- Runtime Process
- msedge.exe (PID: 5740)
- MD5
- 7dfa2ad0907bc5aabe9a98b558019d15
- SHA1
- 1ced70cf22a6a933fff5150bb0013e3bfaf32abf
- SHA256
- 5998005c01ef43e27264ca4189ae1f9abf3704d70505774a219b2cb58ed54588
-
f_0004c6
- Size
- 55KiB (56174 bytes)
- Type
- img image
- Description
- JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Macintosh), datetime=2019:10:16 22:05:33], progressive, precision 8, 1280x1000, components 3
- Runtime Process
- msedge.exe (PID: 5740)
- MD5
- 04b7c69e898bf09b1a2ee02d27448310
- SHA1
- b7a1aeecfc6f5faa285dd062b4af00154d991509
- SHA256
- 4d6bbbd98f3eb9fe6096fd5f8621f4a5a24f3bf9ca0b0e65a62723c6f43205a9
-
f_0004cb
- Size
- 315KiB (322120 bytes)
- Type
- img image
- Description
- PNG image data, 3851 x 500, 8-bit/color RGBA, non-interlaced
- Runtime Process
- msedge.exe (PID: 5740)
- MD5
- 3453a0231ae92800f4affec9772cfd5d
- SHA1
- 293ac75f74bdc2b8c33b6bd3a569ef9cd3104111
- SHA256
- ac46369d12c9963f7571997577d3e35b653416cb97312a4b05ae15cf42883f92
-
f_0004cc
- Size
- 45KiB (46448 bytes)
- Type
- unknown
- Description
- Web Open Font Format (Version 2), TrueType, length 46448, version 1.0
- Runtime Process
- msedge.exe (PID: 5740)
- MD5
- 19349478c87d6beec5677c7cb74ec2fb
- SHA1
- 753ff818664737d238616bf6e6ad3380080ecec6
- SHA256
- bb27b60db2c5fb11d568ae6cf79a8977df9796a2cfcd37b46162a49b09b96c01
-
f_0004ce
- Size
- 52KiB (52793 bytes)
- Type
- img image
- Description
- JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Macintosh), datetime=2019:10:16 21:55:32], progressive, precision 8, 1280x1000, components 3
- Runtime Process
- msedge.exe (PID: 5740)
- MD5
- 5f9a6928bdb113cbf01f5d1272476078
- SHA1
- c863629f653246354e525d94ca04644da9c0a18a
- SHA256
- 6fbabb614087968d7ea1b0f6f0ed45362a2e354de5878fc97e2e605a02e227c2
-
f_0004cf
- Size
- 47KiB (48076 bytes)
- Type
- img image
- Description
- JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Macintosh), datetime=2019:10:23 22:08:08], progressive, precision 8, 1280x1000, components 3
- Runtime Process
- msedge.exe (PID: 5740)
- MD5
- c2b169eff8aab842c8d0632e2cd17541
- SHA1
- 89ca1d79bb3f82d7950b6a757d6eb7805cf24dbb
- SHA256
- 78ff28a77f52b12773e2391b8081bf1557fa46bb464babeb9e6a3af79c71e8f6
-
f_0004d0
- Size
- 79KiB (81200 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 5740)
- MD5
- 9c0552590601a4ee4865e33d0a4b302a
- SHA1
- da82c565096eef79ac4f4df813dd007f34f9016d
- SHA256
- 72d79950ddb690245045e187cc687d79802fda6f939cc2734d20c12f7b41f461
-
f_0004d3
- Size
- 1MiB (1048576 bytes)
- Type
- unknown
- Description
- ISO Media, MP4 v2 [ISO 14496-14]
- Runtime Process
- msedge.exe (PID: 5740)
- MD5
- cad76244b0ad4bce8cb037fe14b8c921
- SHA1
- fc60937290b701dcbb14fd6914e1ffcd1ad69ca4
- SHA256
- 94f0af3040a3553102d1d3729ccdf1abfa614a75a4a8ab1bcc539da4b38cc9f9
-
f_0004d4
- Size
- 184KiB (188075 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 5740)
- MD5
- 1af5616473bc3c85f9c44737e0af094f
- SHA1
- c88b0609c53cde0a9dc2ffc8b7e0a8df058beb9f
- SHA256
- 5129d340dad468815758a5f12198abd39794555af6adb0254eacfca1fce49e6d
-
f_0004d5
- Size
- 1MiB (1048576 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 5740)
- MD5
- f37729cd4cc440363e58e79b0e5bbf07
- SHA1
- b2edef7187e128f959b117039a4ebbd1ac20079f
- SHA256
- 146161847f48001d627357b80c85ce29795dc216728450897f0d5b47d3132cb4
-
f_0004d6
- Size
- 1MiB (1048576 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 5740)
- MD5
- 6787a470c032fa19d2e5cb8c539be4c1
- SHA1
- 612635807748b49443aec35c4ead68fcb1e0e1b4
- SHA256
- cf42e39119ad41394a5be2c5e8a71131e72d3a46377bcf60b047807839590eb3
-
f_0004d7
- Size
- 1MiB (1048576 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 5740)
- MD5
- 919a90908fbbd5707c33f051be5246af
- SHA1
- f66db07b2e08c02359f0580cb96bf4dab57571a8
- SHA256
- ff6d71ec26bdc42df32de6746b45fe4185a3832252d04450cfae2c0a8acc6e12
-
f_0004d8
- Size
- 1MiB (1048576 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 5740)
- MD5
- ead0e52678e869cb6dfe5baaaa535d2a
- SHA1
- 04ae0c69861d0617394e03191c998a2dff5223f2
- SHA256
- 0efcd865c2653c4375041453da4770be9e10518fe6ea55ab1a0e5f2a943eaf50
-
f_0004d9
- Size
- 1MiB (1048576 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 5740)
- MD5
- 9ac8f05547d5cf2564b5b7860be8467f
- SHA1
- c1b878cb99f07dad56c451d3d193f4be569f6eaa
- SHA256
- fe8640bbed92f54491ad4fdc21fdc3aed858cb7608404a247935d53af4961ae2
-
f_0004da
- Size
- 528KiB (541093 bytes)
- Type
- data
- Description
- JSON data
- Runtime Process
- msedge.exe (PID: 5740)
- MD5
- 4ec8738fcd63ad2644ae00a7a833aabb
- SHA1
- 185105dff99bf9b296366e6b16e9c7321248c190
- SHA256
- c022afe4cf9e50d49e8ce2b19a158ff0704bcc94b720857b29b6fbe18d7f8475
-
f_0004db
- Size
- 405KiB (414614 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 5740)
- MD5
- 7ebecafb0467141e18369c0febc2424f
- SHA1
- 9d3fc04401d67c63b5fa1f8da7b766f9e1836e52
- SHA256
- a98ff0666e0f52f2e751b8b61e6a35703f2a4b646b5ed257a10516b4cffacb2f
-
55515178bfe15fae_0
- Size
- 235B (235 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- 3d9826edc5c240656dc4df60f0606db9
- SHA1
- 8b91b995fb19213ed013ad8f070cf3449076f213
- SHA256
- d141a3df9ac004a3b108acc9b022096d6e5a099747d955a7d43838681072c1a1
-
7f36e3e834c16535_0
- Size
- 207B (207 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- 786204f51cc5c8568dfb325ff532b8f8
- SHA1
- 3cebb40e51b85503a7a6e429519934eecd7fd348
- SHA256
- dbbf5fa5600f6830a9fc05e87e588db09922b9cce036c897315ac8b4174a751b
-
ae1a49534483f29a_0
- Size
- 205B (205 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- 82ad333223add28f7a5f2a43443a5056
- SHA1
- 79d967d1f06e8921e05c54a482b65bef9f3a94f6
- SHA256
- 4f3984c460cb8849c19fc48b7d25addd770ac724bf23df551753133be249a792
-
c08ba5bf4f871701_0
- Size
- 222B (222 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- f07204133e2135975187a0b80ca3aa65
- SHA1
- ef4bbc5309c7646df7faabc94e13ff1bda6c7ed0
- SHA256
- 94743462f447123cf3b885f93c197b05e2e1e66a273eac59fec775ef07269ae9
-
temp-index
- Size
- 12KiB (12072 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- 9bfbc4d6235b07f4ae54b9ec2d544ffa
- SHA1
- 3021c37bfbe4e15441ed2c4e804239d083763b5d
- SHA256
- 0d765d083b25cfd4cfa48b11a3dec1cc10b9602b20b797cfd8eacc3719b30aa5
-
DashTrackerDatabase
- Size
- 10KiB (10240 bytes)
- Type
- data
- Description
- SQLite 3.x database, last written using SQLite version 3039003
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- e88f3fdc070fb59a6b8111b9fc35685a
- SHA1
- 05a957dfb4f743fc110c9800739bb9d7bdec2c88
- SHA256
- 0ea1c8fa27032144296bd845319ddc5a9575d3f8f88e381bffbef73c56d61237
-
data_1
- Size
- 264KiB (270336 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- 308d1cfc84f0ec342e6fef31a7a6176c
- SHA1
- da2796fee9c36c01f3199af9402cbdb868cb71cd
- SHA256
- eaf80ef31a840254fbc5a92dea2f56e07ba75cdca9fd5c20686d2436ed672713
-
000009.log
- Size
- 834KiB (854493 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- 6436eb837ee2229a3093feb8c9392a17
- SHA1
- 9e4f5be8e835f6e086df66dc5a0152b3d815593d
- SHA256
- 1fd8c6524b666421209f877f35810c225aa5a91725b95db18d2b8c9cff9c14e2
-
000012.log
- Size
- 64B (64 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- 81c14316d3c0722c7c6abf4323291610
- SHA1
- 9362f02ec982e98d51c901d8589ddf34c49ae306
- SHA256
- 522e9cf7b30f12f9407407b5b3e1af0fcbf0a32a8de1bc2ce6e8bb8320b87edd
-
000013.ldb
- Size
- 834KiB (854418 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- e1d2b62e1ce3483133d5c4af86d70bdb
- SHA1
- 7c0b7eb159d638faf791ce588e7bb4b4c9260bc7
- SHA256
- 0e2e8c4ea0737f5ee1c02a55c72d2fb074fdae60cc1be0e545900e9887f64bda
-
000014.ldb
- Size
- 445KiB (455996 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6736)
- MD5
- 719e8a561a6168bcb468bc22c73b453d
- SHA1
- 1922dbdd9d085804a0f91c6cfa1eed88506f21b2
- SHA256
- 7205ff5bded30ea43140dcf13f8d2244420d77671d6383f344b5edeba521b7d3
-
LOG
- Size
- 968B (968 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- msedge.exe (PID: 500)
- MD5
- 432046bdf31816668955c511cd8c4416
- SHA1
- 21b52df7945ef327c12486f25d3d5260ca7d0440
- SHA256
- 7ec9e4fe0a396ecfd0019e429b4402748ba5525ecfdd3a7affd4ed8691a92572
-
urlref_httpdriftstreams.com
- Size
- 62KiB (63645 bytes)
- Type
- html
- Description
- HTML document, ASCII text, with very long lines
- Context
- http://driftstreams.com/
- MD5
- 0ce5b47187f57bf8a34034b028e63e71
- SHA1
- cc0b1c5a604231165dea5d8fcf5d7cb1ad01d4b1
- SHA256
- ed0a0402826ccca000b1d8fce8f15180fdf12340f491d2a616a7e98919c5d032
-
Notifications
-
Runtime
- Not all IP/URL string resources were checked online
- Not all created files are visible for msedge.exe (PID: 6736)
- Not all file accesses are visible for msedge.exe (PID: 1400)
- Not all file accesses are visible for msedge.exe (PID: 1664)
- Not all file accesses are visible for msedge.exe (PID: 2920)
- Not all file accesses are visible for msedge.exe (PID: 3164)
- Not all file accesses are visible for msedge.exe (PID: 3360)
- Not all file accesses are visible for msedge.exe (PID: 3536)
- Not all file accesses are visible for msedge.exe (PID: 4976)
- Not all file accesses are visible for msedge.exe (PID: 500)
- Not all file accesses are visible for msedge.exe (PID: 5640)
- Not all file accesses are visible for msedge.exe (PID: 5740)
- Not all file accesses are visible for msedge.exe (PID: 5972)
- Not all file accesses are visible for msedge.exe (PID: 5996)
- Not all file accesses are visible for msedge.exe (PID: 620)
- Not all file accesses are visible for msedge.exe (PID: 6416)
- Not all file accesses are visible for msedge.exe (PID: 6660)
- Not all file accesses are visible for msedge.exe (PID: 6716)
- Not all file accesses are visible for msedge.exe (PID: 6736)
- Not all file accesses are visible for msedge.exe (PID: 6780)
- Not all file accesses are visible for msedge.exe (PID: 6848)
- Not all file accesses are visible for msedge.exe (PID: 6952)
- Not all file accesses are visible for msedge.exe (PID: 7044)
- Not all file accesses are visible for msedge.exe (PID: 7312)
- Not all file accesses are visible for msedge.exe (PID: 7340)
- Not all file accesses are visible for msedge.exe (PID: 7352)
- Not all file accesses are visible for msedge.exe (PID: 7460)
- Not all file accesses are visible for msedge.exe (PID: 7516)
- Not all file accesses are visible for msedge.exe (PID: 7556)
- Not all file accesses are visible for msedge.exe (PID: 7604)
- Not all file accesses are visible for msedge.exe (PID: 7640)
- Not all file accesses are visible for msedge.exe (PID: 7700)
- Not all file accesses are visible for msedge.exe (PID: 7704)
- Not all file accesses are visible for msedge.exe (PID: 7720)
- Not all file accesses are visible for msedge.exe (PID: 7764)
- Not all file accesses are visible for msedge.exe (PID: 8096)
- Not all file accesses are visible for msedge.exe (PID: 8108)
- Not all file accesses are visible for msedge.exe (PID: 8120)
- Some low-level data is hidden, as this is only a slim report
- This URL analysis has missing honeyclient data
- Not all sources for indicator ID "string-23" are available in the report
- Not all sources for indicator ID "string-169" are available in the report