https://fabbous.com/
This report is generated from a file or URL submitted to this webservice on October 25th 2023 21:23:13 (UTC) and action script Default browser analysis
Guest System: Windows 10 64 bit, Professional, 10.0 (build 16299),
Report generated by
Falcon Sandbox v10.2.2 © Hybrid Analysis
Incident Response
Risk Assessment
- Network Behavior
- Contacts 6 domains and 9 hosts. View all details
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 1
-
External Systems
-
Detected Suricata Alert
- details
- Detected alert "ET P2P eMule KAD Network Firewalled Request" (SID: 2009969, Rev: 4, Severity: 1) categorized as "Potential Corporate Privacy Violation"
- source
- Suricata Alerts
- relevance
- 10/10
-
Detected Suricata Alert
-
Suspicious Indicators 1
-
Installation/Persistence
-
Drops executable files
- details
- "f_0004c3" has type "amd 29k coff prebar executable"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c3]- [targetUID: 00000000-00001056]
- source
- Binary File
- relevance
- 10/10
- ATT&CK ID
- T1105 (Show technique in the MITRE ATT&CK™ matrix)
-
Drops executable files
-
Informative 12
-
General
-
Contacts server
- details
-
"23.227.38.65:443"
"23.227.60.200:443"
"185.146.173.20:443"
"35.190.80.1:443"
"104.26.7.247:443"
"184.25.254.58:443" - source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Creates mutants
- details
-
"InternetShortcutMutex"
"Local\SM0:7420:304:WilStaging_02"
"SM0:7420:120:WilError_01"
"SM0:7420:304:WilStaging_02"
"Local\SM0:7420:120:WilError_01" - source
- Created Mutant
- relevance
- 3/10
-
Found a reference to a known community page
- details
-
Found string ""paypal.com"," (Indicator: "paypal"; File: "wallet-checkout-eligible-sites-pre-stable.json")
Found string ""netflix.com"," (Indicator: "netflix.com"; File: "wallet-checkout-eligible-sites-pre-stable.json")
Found string ""ads.twitter.com"," (Indicator: "twitter"; File: "wallet-checkout-eligible-sites-pre-stable.json")
Found string ""ipnpb.paypal.com"," (Indicator: "paypal"; File: "wallet-checkout-eligible-sites-pre-stable.json")
Found string ""youtube.com"," (Indicator: "youtube"; File: "wallet-checkout-eligible-sites-pre-stable.json")
Found string ""developer.twitter.com"," (Indicator: "twitter"; File: "wallet-checkout-eligible-sites-pre-stable.json")
Found string ""securepayments.paypal.com"," (Indicator: "paypal"; File: "wallet-checkout-eligible-sites-pre-stable.json")
Found string ""payflowlink.paypal.com"," (Indicator: "paypal"; File: "wallet-checkout-eligible-sites-pre-stable.json")
Found string ""tubebuddy.com"," (Indicator: "ebuddy.com"; File: "wallet-checkout-eligible-sites-pre-stable.json")
Found string ""music.youtube.com"," (Indicator: "youtube"; File: "wallet-checkout-eligible-sites-pre-stable.json")
Found string ""baysidebuddy.com"," (Indicator: "ebuddy.com"; File: "wallet-pre-stable.json")
Found string ""comeherebuddy.com"," (Indicator: "ebuddy.com"; File: "wallet-pre-stable.json")
Found string ""www.facebook.com"," (Indicator: "facebook.com"; File: "wallet-pre-stable.json")
Found string ""linkedin.com"," (Indicator: "linkedin.com"; File: "wallet-pre-stable.json") - source
- File/Memory
- relevance
- 2/10
-
Possibly checks for the presence of an Antivirus engine
- details
-
""superantispyware.recurly.com"," (Indicator: "superantispyware") in Source: wallet-checkout-eligible-sites-pre-stable.json
""totaldefense.com"," (Indicator: "totaldefense") in Source: wallet-checkout-eligible-sites-pre-stable.json - source
- File/Memory
- relevance
- 2/10
- ATT&CK ID
- T1518.001 (Show technique in the MITRE ATT&CK™ matrix)
-
Queries DNS server
- details
-
"a.nel.cloudflare.com"
"cdn.shopify.com"
"fabbous.com"
"fonts.shopifycdn.com"
"geolocation-recommendations.shopifyapps.com"
"my.parcelpanel.com" - source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071.004 (Show technique in the MITRE ATT&CK™ matrix)
-
Contacts server
-
Installation/Persistence
-
Dropped files
- details
-
"wallet-icon.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]
"data_3" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3]- [targetUID: 00000000-00001184]
"data_2" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2]- [targetUID: 00000000-00001184]
"Ruleset Data" has type "data"- [targetUID: 00000000-00001184]
"wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]
"wallet-pre-stable.json" has type "ASCII text"- [targetUID: N/A]
"wallet-stable.json" has type "ASCII text"- [targetUID: N/A]
"recovery-component-inner.crx" has type "Google Chrome extension version 3"- Location: [%TEMP%\1184_1171841828\recovery-component-inner.crx]- [targetUID: 00000000-00007052]
"edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\1184_1281602491\edge_driver.js]- [targetUID: 00000000-00001184]
"Filtering Rules" has type "data"- Location: [%TEMP%\1184_1729168986\Filtering Rules]- [targetUID: 00000000-00001184]
"vendor.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\1184_1281602491\vendor.bundle.js]- [targetUID: 00000000-00002112]
"wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\1184_1281602491\Wallet-Checkout\wallet-drawer.bundle.js]- [targetUID: 00000000-00001184]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1]- [targetUID: 00000000-00001184]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log]- [targetUID: 00000000-00005592]
"bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\1184_1281602491\bnpl\bnpl.bundle.js]- [targetUID: 00000000-00001184]
"wallet-checkout-eligible-sites-pre-stable.json" has type "ASCII text"- [targetUID: N/A]
"load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\load_statistics.db-wal]- [targetUID: 00000000-00001184]
"tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\1184_1281602491\Tokenized-Card\tokenized-card.bundle.js]- [targetUID: 00000000-00002112]
"f_0004d9" has type "JSON data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d9]- [targetUID: 00000000-00001056]
"v1FieldTypes.json" has type "JSON data"- Location: [%TEMP%\1184_1525862101\v1FieldTypes.json]- [targetUID: 00000000-00001048]
"wallet-checkout-eligible-sites.json" has type "ASCII text"- [targetUID: N/A]
"notification.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]
"Filtering Rules-AA" has type "data"- Location: [%TEMP%\1184_1729168986\Filtering Rules-AA]- [targetUID: 00000000-00001184]
"miniwallet.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\1184_1281602491\Mini-Wallet\miniwallet.bundle.js]- [targetUID: 00000000-00002112]
"6612f3d4-4731-438f-b475-c6c7bfd4c6c1.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 81188"- Location: [%TEMP%\6612f3d4-4731-438f-b475-c6c7bfd4c6c1.tmp]- [targetUID: 00000000-00005284]
"notification_fast.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\GrShaderCache\data_1]- [targetUID: 00000000-00001184]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\DawnCache\data_1]- [targetUID: 00000000-00001184]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1]- [targetUID: 00000000-00001184]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\ShaderCache\data_1]- [targetUID: 00000000-00001184]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\GPUCache\data_1]- [targetUID: 00000000-00001184]
"f_0004d7" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d7]- [targetUID: 00000000-00001056]
"index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index]- [targetUID: 00000000-00001184]
"f_0004d6" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d6]- [targetUID: 00000000-00001056]
"edge_autofill_field_data.json" has type "JSON data"- Location: [%TEMP%\1184_1525862101\edge_autofill_field_data.json]- [targetUID: 00000000-00001048]
"f_0004d2" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d2]- [targetUID: 00000000-00001056]
"History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\History]- [targetUID: 00000000-00001184]
"data_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0]- [targetUID: 00000000-00001184]
"Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Web Data]- [targetUID: 00000000-00001184]
"Visited Links" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Visited Links]- [targetUID: 00000000-00001184]
"f_0004d3" has type "gzip compressed data from Unix original size modulo 2^32 413503"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d3]- [targetUID: 00000000-00001056]
"Tabs_13342767939394807" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sessions\Tabs_13342767939394807]- [targetUID: 00000000-00001184]
"5f9e9daf-f6de-4a4d-8971-62f8dc591810.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Ad Blocking\5f9e9daf-f6de-4a4d-8971-62f8dc591810.tmp]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-hub\el\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-hub\ru\strings.json]- [targetUID: 00000000-00001184]
"f_0004cf" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004cf]- [targetUID: 00000000-00001056]
"fa37df0e-4975-4f63-83f0-9f3d61acdf8b.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\fa37df0e-4975-4f63-83f0-9f3d61acdf8b.tmp]- [targetUID: 00000000-00001184]
"data.txt" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\1184_1186152772\data.txt]- [targetUID: 00000000-00007580]
"Diagnostic Data-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Diagnostic Data-wal]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-hub\ar\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-hub\ja\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-hub\fr-CA\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-hub\fr\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-hub\de\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-hub\pt-PT\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-hub\es\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-hub\it\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-hub\pt-BR\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-hub\nl\strings.json]- [targetUID: 00000000-00001184]
"d542daee-e641-4344-ba79-39db1dea5769.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\d542daee-e641-4344-ba79-39db1dea5769.tmp]- [targetUID: 00000000-00001184]
"84248973-a64d-4fe8-a83b-2d684b118dad.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\84248973-a64d-4fe8-a83b-2d684b118dad.tmp]- [targetUID: 00000000-00001184]
"70b91ee3-b31f-4857-be63-7452e740fc19.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\70b91ee3-b31f-4857-be63-7452e740fc19.tmp]- [targetUID: 00000000-00001184]
"f7c34a5e-5221-452c-bd66-ae93e2183921.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\f7c34a5e-5221-452c-bd66-ae93e2183921.tmp]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-hub\fi\strings.json]- [targetUID: 00000000-00001184]
"b93e58a0-d5d3-4527-b475-5516afabd423.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\b93e58a0-d5d3-4527-b475-5516afabd423.tmp]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-hub\sv\strings.json]- [targetUID: 00000000-00001184]
"5b798a6c-ceef-442f-862a-af005e351131.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\5b798a6c-ceef-442f-862a-af005e351131.tmp]- [targetUID: 00000000-00001184]
"cd9f93e6-38e9-47fc-bae2-78fa4fbe33af.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\cd9f93e6-38e9-47fc-bae2-78fa4fbe33af.tmp]- [targetUID: 00000000-00001184]
"f0b41939-4cc0-4c6d-a9b2-5160e367243b.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\f0b41939-4cc0-4c6d-a9b2-5160e367243b.tmp]- [targetUID: 00000000-00001184]
"4c39c519-d003-4188-9c52-dfa7573a18ca.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\4c39c519-d003-4188-9c52-dfa7573a18ca.tmp]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-hub\id\strings.json]- [targetUID: 00000000-00001184]
"Network Action Predictor" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network Action Predictor]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-hub\en-GB\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-hub\zh-Hant\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-hub\zh-Hans\strings.json]- [targetUID: 00000000-00001184]
"000004.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000004.log]- [targetUID: 00000000-00001184]
"f_0004db" has type "RIFF (little-endian) data Web/P image"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004db]- [targetUID: 00000000-00001056]
"f_0004ce" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"HubApps Icons" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\HubApps Icons]- [targetUID: 00000000-00001184]
"sslkey.txt" has type "ASCII text"- Location: [%TEMP%\sslkey.txt]- [targetUID: 00000000-00001184]
"Cookies" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\Cookies]- [targetUID: 00000000-00001056]
"f_0004cb" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]
"Favicons" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Favicons]- [targetUID: 00000000-00001184]
"checkoutdata.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\wallet\wallet-checkout\checkoutdata.json]- [targetUID: 00000000-00002112]
"Reporting and NEL" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\Reporting and NEL]- [targetUID: 00000000-00001056]
"f_0004d5" has type "gzip compressed data from Unix original size modulo 2^32 137656"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d5]- [targetUID: 00000000-00001056]
"f_0004c7" has type "data"- [targetUID: N/A]
"shopping_iframe_driver.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\1184_1281602491\shopping_iframe_driver.js]- [targetUID: 00000000-00002112]
"Session_13342767938942504" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sessions\Session_13342767938942504]- [targetUID: 00000000-00001184]
"f_0004d0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d0]- [targetUID: 00000000-00001056]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log]- [targetUID: 00000000-00005592]
"f_0004da" has type "PNG image data 1000 x 200 8-bit/color RGB non-interlaced"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004da]- [targetUID: 00000000-00001056]
"0f64078d-b9c6-40a1-a8e0-cf788a748132.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\0f64078d-b9c6-40a1-a8e0-cf788a748132.tmp]- [targetUID: 00000000-00001184]
"73f4e467-c19e-434e-aaa4-c22225da5973.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\73f4e467-c19e-434e-aaa4-c22225da5973.tmp]- [targetUID: 00000000-00001184]
"e1bafe52-2ebc-475a-819f-9744e6d6d498.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\e1bafe52-2ebc-475a-819f-9744e6d6d498.tmp]- [targetUID: 00000000-00001184]
"LICENSE" has type "ASCII text with CRLF line terminators"- [targetUID: 00000000-00001184]
"f_0004d8" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d8]- [targetUID: 00000000-00001056]
"wallet-tokenization-config.json" has type "ASCII text"- [targetUID: 00000000-00001184]
"f_0004c3" has type "amd 29k coff prebar executable"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c3]- [targetUID: 00000000-00001056]
"9afd37b5-1e90-4f83-a56f-d6e4afb7ee0e.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\9afd37b5-1e90-4f83-a56f-d6e4afb7ee0e.tmp]- [targetUID: 00000000-00001184]
"f_0004c9" has type "RIFF (little-endian) data Web/P image"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c9]- [targetUID: 00000000-00001056]
"d2e33d4f-741c-480b-b4bb-d0f0766530b5.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\d2e33d4f-741c-480b-b4bb-d0f0766530b5.tmp]- [targetUID: 00000000-00001184]
"f_0004d4" has type "data"- [targetUID: N/A]
"f_0004c8" has type "Web Open Font Format (Version 2) TrueType length 23320 version 2.13107"- [targetUID: N/A]
"f_0004ca" has type "Web Open Font Format (Version 2) TrueType length 23308 version 2.13107"- [targetUID: N/A]
"60b9b0e3-06aa-4d28-af46-4677ad478961.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\60b9b0e3-06aa-4d28-af46-4677ad478961.tmp]- [targetUID: 00000000-00001184]
"e6385926-c9b5-451b-9114-68711850ac47.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\e6385926-c9b5-451b-9114-68711850ac47.tmp]- [targetUID: 00000000-00001184]
"91771f68-fa2b-433b-949e-b0a0a1733ae7.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\91771f68-fa2b-433b-949e-b0a0a1733ae7.tmp]- [targetUID: 00000000-00001184]
"abf6a5fb-8039-4817-b0ec-258448e3f6f0.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\abf6a5fb-8039-4817-b0ec-258448e3f6f0.tmp]- [targetUID: 00000000-00001184]
"f_0004c4" has type "Web Open Font Format (Version 2) TrueType length 22876 version 2.13107"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c4]- [targetUID: 00000000-00001056]
"crl-set" has type "data"- Location: [%TEMP%\1184_1242809472\crl-set]- [targetUID: 00000000-00008064]
"super_coupon.json" has type "JSON data"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-ec\ru\strings.json]- [targetUID: 00000000-00001184]
"Shortcuts" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Shortcuts]- [targetUID: 00000000-00001184]
"f_0004d1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d1]- [targetUID: 00000000-00001056]
"f_0004c5" has type "data"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-ec\ar\strings.json]- [targetUID: 00000000-00001184]
"f_0004c6" has type "SysEx File - Kamiya"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c6]- [targetUID: 00000000-00001056]
"arbitration_service_config.json" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\arbitration_service_config.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-ec\ja\strings.json]- [targetUID: 00000000-00001184]
"f_0004cc" has type "data"- [targetUID: N/A]
"f_0004cd" has type "data"- [targetUID: N/A]
"load-ec-i18n.bundle.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"driver-signature.txt" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\1184_1281602491\driver-signature.txt]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-ec\fr-CA\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-ec\fr\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-mobile-hub\ru\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-ec\de\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-ec\pt-PT\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-ec\it\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-ec\es\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-ec\nl\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-ec\pt-BR\strings.json]- [targetUID: 00000000-00001184]
"WebAssistDatabase" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\WebAssistDatabase]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-ec\sv\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-ec\id\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-mobile-hub\ar\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-shared-components\el\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-ec\zh-Hant\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-ec\en-GB\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-mobile-hub\ja\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-ec\zh-Hans\strings.json]- [targetUID: 00000000-00001184]
"temp-index" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-shared-components\ru\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-mobile-hub\fr\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-mobile-hub\fr-CA\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-mobile-hub\de\strings.json]- [targetUID: 00000000-00001184]
"bnpl_driver.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\1184_1281602491\bnpl_driver.js]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-mobile-hub\pt-PT\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-mobile-hub\es\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-mobile-hub\nl\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-mobile-hub\it\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-mobile-hub\id\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-mobile-hub\sv\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-mobile-hub\pt-BR\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-mobile-hub\zh-Hant\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-mobile-hub\en-GB\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-mobile-hub\zh-Hans\strings.json]- [targetUID: 00000000-00001184]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log]- [targetUID: 00000000-00005592]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-shared-components\pt-BR\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-shared-components\es\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-shared-components\nl\strings.json]- [targetUID: 00000000-00001184]
"data_2" has type "dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2]- [targetUID: 00000000-00001184]
"data_3" has type "dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3]- [targetUID: 00000000-00001184]
"data_0" has type "FoxPro FPT blocks size 512 next free block index 3284796609 field type 0 dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-shared-components\sv\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-shared-components\fi\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-notification-shared\el\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-shared-components\en-GB\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-shared-components\zh-Hans\strings.json]- [targetUID: 00000000-00001184]
"000004.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Session Storage\000004.log]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-notification-shared\ar\strings.json]- [targetUID: 00000000-00001184]
"eafdda9a-fecb-40fb-9f2b-53f314115fac.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\eafdda9a-fecb-40fb-9f2b-53f314115fac.tmp]- [targetUID: 00000000-00001056]
"ab3aacf3-1e53-405e-8668-7afb7b8d7852.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\ab3aacf3-1e53-405e-8668-7afb7b8d7852.tmp]- [targetUID: 00000000-00001056]
"0daaec28-fa34-41e1-bf6b-72c208fb4430.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\0daaec28-fa34-41e1-bf6b-72c208fb4430.tmp]- [targetUID: 00000000-00001056]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-notification-shared\ja\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-notification-shared\fr\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-notification-shared\fr-CA\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-notification-shared\de\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-notification-shared\pt-PT\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-notification-shared\es\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-notification-shared\it\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-notification-shared\nl\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-notification-shared\pt-BR\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-notification-shared\id\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-notification-shared\fi\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-notification-shared\en-GB\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-notification-shared\zh-Hant\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-notification-shared\zh-Hans\strings.json]- [targetUID: 00000000-00001184]
"notification.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\1184_1281602491\Notification\notification.html]- [targetUID: 00000000-00001184]
"edge_autofill_global_block_list.json" has type "JSON data"- Location: [%TEMP%\1184_1525862101\edge_autofill_global_block_list.json]- [targetUID: 00000000-00001048]
"deny_full_domains.list" has type "data"- Location: [%TEMP%\1184_886732972\deny_full_domains.list]- [targetUID: 00000000-00006484]
"43497fc4-6dd4-49e0-b7d1-f97bb4e655e2.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 12260"- Location: [%TEMP%\43497fc4-6dd4-49e0-b7d1-f97bb4e655e2.tmp]- [targetUID: 00000000-00007868]
"1cea85ac-c567-49c7-b85a-d6a39790093f.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\1cea85ac-c567-49c7-b85a-d6a39790093f.tmp]- [targetUID: 00000000-00001056]
"8ccfc349-6893-4d48-bea0-b507e17dc28a.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\8ccfc349-6893-4d48-bea0-b507e17dc28a.tmp]- [targetUID: 00000000-00001056]
"nav_config.json" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\1184_486402544\nav_config.json]- [targetUID: 00000000-00001184]
"vendor.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"f6a4f247dbf4d697c26b375e3580d6053baf25f5.tbres" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\TokenBroker\Cache\f6a4f247dbf4d697c26b375e3580d6053baf25f5.tbres]- [targetUID: 00000000-00001184]
"adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\1184_1729168986\adblock_snippet.js]- [targetUID: 00000000-00001184]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-tokenized-card\pt-BR\strings.json]- [targetUID: 00000000-00001184]
"runtime.bundle.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\1184_1281602491\json\i18n-tokenized-card\nl\strings.json]- [targetUID: 00000000-00001184]
"wallet-crypto.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\1184_1281602491\wallet-crypto.html]- [targetUID: 00000000-00002112]
"wallet.html" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]
"wallet-drawer.html" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]
"wallet-drawer.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"bnpl.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\1184_1281602491\bnpl\bnpl.bundle.js.LICENSE.txt]- [targetUID: 00000000-00001184]
"mini-wallet.html" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]
"notification_fast.html" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log]- [targetUID: 00000000-00005592]
"tokenized-card.html" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]
"bnpl.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\1184_1281602491\bnpl\bnpl.html]- [targetUID: 00000000-00001184]
"load-hub-i18n.bundle.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\1184_1281602491\load-hub-i18n.bundle.js]- [targetUID: 00000000-00001184]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log]- [targetUID: 00000000-00005592]
"notification.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Extension State\000003.log]- [targetUID: 00000000-00005592]
"hub-signature.txt" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\1184_1281602491\hub-signature.txt]- [targetUID: 00000000-00001184]
"wallet_donation_driver.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\1184_1281602491\wallet_donation_driver.js]- [targetUID: 00000000-00001184]
"wallet-notification-config.json" has type "ASCII text"- [targetUID: N/A]
"deny_etld1_domains.list" has type "data"- Location: [%TEMP%\1184_886732972\deny_etld1_domains.list]- [targetUID: 00000000-00006484]
"buynow_driver.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\1184_1281602491\buynow_driver.js]- [targetUID: 00000000-00001184]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG]- [targetUID: 00000000-00005592]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG]- [targetUID: 00000000-00005592]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG]- [targetUID: 00000000-00005592]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log]- [targetUID: 00000000-00005592]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG]- [targetUID: 00000000-00005592]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG]- [targetUID: 00000000-00005592]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG]- [targetUID: 00000000-00005592]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Platform Notifications\LOG]- [targetUID: 00000000-00005592]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG]- [targetUID: 00000000-00005592]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG]- [targetUID: 00000000-00005592]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG]- [targetUID: 00000000-00005592]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG]- [targetUID: 00000000-00005592]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Extension Scripts\LOG]- [targetUID: 00000000-00005592]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Extension State\LOG]- [targetUID: 00000000-00005592]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Session Storage\LOG]- [targetUID: 00000000-00005592]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\LOG]- [targetUID: 00000000-00005592]
"manifest.webapp.json" has type "UTF-8 Unicode (with BOM) text"- [targetUID: N/A]
"4b108daa1b888047_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\4b108daa1b888047_0]- [targetUID: 00000000-00001184]
"6ad195b8401f0f29_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\6ad195b8401f0f29_0]- [targetUID: 00000000-00001184]
"bafe58813e0a7f45_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\bafe58813e0a7f45_0]- [targetUID: 00000000-00001184]
"miniwallet.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\1184_1281602491\Mini-Wallet\miniwallet.bundle.js.LICENSE.txt]- [targetUID: 00000000-00001184]
"settings.dat" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Crashpad\settings.dat]- [targetUID: 00000000-00004508]
"15470b8009d0fce6_0" has type "data"- [targetUID: N/A]
"169be58b7d8ef041_0" has type "data"- [targetUID: N/A]
"e2ae3ff27173de55_0" has type "data"- [targetUID: N/A]
"ab10f8c6da096309_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\ab10f8c6da096309_0]- [targetUID: 00000000-00001184]
"0281716909af058d_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\0281716909af058d_0]- [targetUID: 00000000-00001184]
"427b06a9e99fe690_0" has type "data"- [targetUID: N/A]
"009a6b5a325680e9_0" has type "data"- [targetUID: N/A]
"f3263427905eaaa2_0" has type "data"- [targetUID: N/A]
"4f53ca07aac9a63d_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\4f53ca07aac9a63d_0]- [targetUID: 00000000-00001184]
"a9765f2ad9889741_0" has type "data"- [targetUID: N/A]
"43491845d9921b8f_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\43491845d9921b8f_0]- [targetUID: 00000000-00001184]
"8353ae985914edcc_0" has type "data"- [targetUID: N/A]
"ca866c700f0884c1_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\ca866c700f0884c1_0]- [targetUID: 00000000-00001184]
"9cee7c5ad368761c_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\9cee7c5ad368761c_0]- [targetUID: 00000000-00001184]
"9af6f28bad27bb5a_0" has type "data"- [targetUID: N/A]
"82033143c9ed420d_0" has type "data"- [targetUID: N/A]
"84654c0692dea949_0" has type "data"- [targetUID: N/A]
"007f10c1958238da_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\007f10c1958238da_0]- [targetUID: 00000000-00001184]
"93bf01545800543b_0" has type "data"- [targetUID: N/A]
"93abb5c8313e125e_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\93abb5c8313e125e_0]- [targetUID: 00000000-00001184]
"app-setup.js" has type "ASCII text with no line terminators"- Location: [%TEMP%\1184_1281602491\app-setup.js]- [targetUID: 00000000-00001184]
"regex_patterns.json" has type "JSON data"- Location: [%TEMP%\1184_1525862101\regex_patterns.json]- [targetUID: 00000000-00001048]
"manifest.json" has type "JSON data"- Location: [%TEMP%\1184_886732972\manifest.json]- [targetUID: 00000000-00001048]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\1184_486402544\manifest.json]- [targetUID: 00000000-00001048]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\1184_1171841828\manifest.json]- [targetUID: 00000000-00001048]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: 00000000-00001048]
"crypto.bundle.js" has type "ASCII text with no line terminators"- Location: [%TEMP%\1184_1281602491\crypto.bundle.js]- [targetUID: 00000000-00001184]
"Last Browser" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Last Browser]- [targetUID: 00000000-00001184]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\1184_1525862101\manifest.json]- [targetUID: 00000000-00001048]
"manifest.json" has type "JSON data"- Location: [%TEMP%\1184_1729168986\manifest.json]- [targetUID: 00000000-00001048]
"manifest.json" has type "JSON data"- Location: [%TEMP%\1184_1242809472\manifest.json]- [targetUID: 00000000-00001048]
"b7de381f-7ce3-4e65-bcfb-b08b11daf04a.tmp" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b7de381f-7ce3-4e65-bcfb-b08b11daf04a.tmp]- [targetUID: 00000000-00001056]
"README.md" has type "ASCII text"- [targetUID: N/A]
"Variations" has type "JSON data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Variations]- [targetUID: 00000000-00001184]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log]- [targetUID: 00000000-00005592]
"manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\1184_1242809472\manifest.fingerprint]- [targetUID: 00000000-00001184]
"manifest.fingerprint" has type "ASCII text with no line terminators"- [targetUID: 00000000-00001184]
"manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\1184_886732972\manifest.fingerprint]- [targetUID: 00000000-00001184]
"manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\1184_1186152772\manifest.fingerprint]- [targetUID: 00000000-00001184]
".ses" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\.ses]- [targetUID: 00000000-00001184]
"manifest.json" has type "JSON data"- Location: [%TEMP%\1184_1186152772\manifest.json]- [targetUID: 00000000-00001048]
"app-setup.js" has type "ASCII text with no line terminators"- [targetUID: 00000000-00001184]
"Last Version" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Last Version]- [targetUID: 00000000-00001184]
"deny_domains.list" has type "data"- Location: [%TEMP%\1184_886732972\deny_domains.list]- [targetUID: 00000000-00006484]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\1184_1281602491\json\i18n-notification\fr-CA\strings.json]- [targetUID: 00000000-00001184]
"c531e081-a574-42f7-b7f8-7ff4d3fb9af6.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\c531e081-a574-42f7-b7f8-7ff4d3fb9af6.tmp]- [targetUID: 00000000-00001184]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1]- [targetUID: 00000000-00001184]
"f6d743db-dc5e-43dc-9894-e3d38a378f5b.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\f6d743db-dc5e-43dc-9894-e3d38a378f5b.tmp]- [targetUID: 00000000-00001184]
"LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\1184_1729168986\LICENSE]- [targetUID: 00000000-00001184]
"tokenized-card.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: 00000000-00002112]
"notification_fast.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"strings.json" has type "ASCII text with no line terminators"- [targetUID: 00000000-00001184]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\1184_1281602491\json\i18n-notification\en-GB\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\1184_1281602491\json\i18n-notification\de\strings.json]- [targetUID: 00000000-00001184]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\1184_1281602491\json\i18n-notification\sv\strings.json]- [targetUID: 00000000-00001184] - source
- Binary File
- relevance
- 3/10
- ATT&CK ID
- T1105 (Show technique in the MITRE ATT&CK™ matrix)
-
Drops a license file
- details
-
"vendor.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"wallet-drawer.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"notification.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"notification_fast.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A] - source
- Binary File
- relevance
- 1/10
- ATT&CK ID
- T1083 (Show technique in the MITRE ATT&CK™ matrix)
-
Dropped files
-
Network Related
-
Contacts random domain names
- details
- "cdn.shopify.com" seems to be random
- source
- Network Traffic
- relevance
- 5/10
- ATT&CK ID
- T1071.001 (Show technique in the MITRE ATT&CK™ matrix)
-
Found mail related domain names
- details
-
Observed email domain:""shop.lovepop.com"," [Source: wallet-checkout-eligible-sites-pre-stable.json]
Observed email domain:""colourpop.com"," [Source: wallet-checkout-eligible-sites-pre-stable.json]
Observed email domain:""canvaspop.com"," [Source: wallet-checkout-eligible-sites-pre-stable.json]
Observed email domain:""cmx.weightwatchers.com"," [Source: wallet-checkout-eligible-sites-pre-stable.json]
Observed email domain:""todoslosproductosmx.com"," [Source: wallet-checkout-eligible-sites-pre-stable.json]
Observed email domain:""getpop.co"," [Source: wallet-checkout-eligible-sites-pre-stable.json]
Observed email domain:""mx.arkbar.com"," [Source: wallet-checkout-eligible-sites-pre-stable.json]
Observed email domain:""depop.com"," [Source: wallet-checkout-eligible-sites-pre-stable.json]
Observed email domain:""amx.freund.shop"," [Source: wallet-checkout-eligible-sites-pre-stable.json]
Observed email domain:""cmx.weightwatchers.ca"," [Source: wallet-checkout-eligible-sites-pre-stable.json]
Observed email domain:""payments.mail.yahoo.com"," [Source: wallet-checkout-eligible-sites-pre-stable.json]
Observed email domain:""lovepop.com"," [Source: wallet-checkout-eligible-sites-pre-stable.json]
Observed email domain:""lolipop.jp"," [Source: wallet-checkout-eligible-sites-pre-stable.json]
Observed email domain:""tickets.unadillamx.com"," [Source: wallet-checkout-eligible-sites-pre-stable.json]
Observed email domain:""bap.navigator.gmx.net"," [Source: wallet-checkout-eligible-sites-pre-stable.json]
Observed email domain:""aepop.net"," [Source: wallet-pre-stable.json]
Observed email domain:""artpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""avenuepop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""bassettbmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""canvasmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""drinkolipop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""fashionfunpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""fastandloosebmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""flitebmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""fofopop.com"," [Source: wallet-pre-stable.json] - source
- File/Memory
- relevance
- 1/10
- ATT&CK ID
- T1071.003 (Show technique in the MITRE ATT&CK™ matrix)
-
Found potential IP address in binary/memory
- details
-
Potential IP "192.168.1.3" found in string ""192.168.1.3","
Potential IP "192.168.1.1" found in string ""192.168.1.1","
Potential IP "1.5.75.75" found in string "d="M10 2a8 8 0 110 16 8 8 0 010-16zm0 10.5a.75.75 0 100 1.5.75.75 0 000-1.5zM10 6a.5.5 0 00-.5.41v4.68a.5.5 0 001 0V6.41A.5.5 0 0010 6z"" - source
- File/Memory
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Found potential URL in binary/memory
- details
-
Pattern match: "https://fabbous.com/"
Pattern match: "https://fabbous.com"
Pattern match: "http://www.w3.org/2000/svg"
Pattern match: "1.Fdi/:oAL3Ok_qvqs`4/8@}Mk_gY]$fP"
Pattern match: "L.Cnb/z$_Bf,fDZBp~7~0gxAIH|Ry'\!Of8wQ'[9"
Pattern match: "fabbous.com/Fabbous/g-?h_visitsurlsG==4c4828d9-af71-49f9-b06f-028c1a782a14%USERPROFILE%\Downloads\VC_redist.x64.exeC:\Users\%USERNAME%\Downloads\VC_redist.x64.exehttps://learn.microsoft.com/https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc"
Pattern match: "search.yahoo.com/favicon.icohttps://search.yahoo.com/search{google:pathWildcard}?ei={inputEncoding}&fr=crmas_sfp&p={searchTerms}UTF-8https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command={searchTerms}485bf7d3-0215-45af-87dc-53886800000"
Pattern match: "https://ntp.msn.com/edge/ntp?locale=en&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531edge://settings/profileskeygjgieestate_{edge://settingsedge://settings/edge://settings/?search=smartkeygr10nmstate_{edge://settingsedge://settings/?search=smartedge"
Pattern match: "https://ntp.www.office.com&_https://ntp.msn.comCookieSyncExpiry'_https://ntp.msn.comDefaultFeedPolicy_https://ntp.msn.comGpuExist/_https://ntp.msn.comNOTIFICATION_CACHE_LS_KEY_https://ntp.msn.combkgdV+_https://ntp.msn.combreakingNewsDismissed"
Pattern match: "edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_etree_light.png/1.1.9/asset2caf0cf4-ea42-4083-b928-29b39da1182bhttps://edgeassetservice.azureedge.net/assets/edge_hub_apps_dall_e_light.png/1.0.11/asset96defd79-4015-4a32-bd09-794ff72183efhttps://"
Pattern match: "www.clarity.msCLIDv10"
Pattern match: "fabbous.com/9https://ntp.msn.com/edge/ntp?locale=en&title=New+tab&dsp=1&sp=Bing&startpage=1&PC=U531]=https://ntp.msn.com/edge/ntp?locale=en&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531U-https://ntp.msn.com/edge/ntp?locale=en&title=New%20tab&dsp=1&sp=B"
Pattern match: "a.nel.cloudflare.com/report/v3?s=M7CUy1wekIexyYumE8ne1cCLkyUEzt9ke45ckM04mAlAgOl0GNjgIss3GuvsHbVVvrhbgIvFc2KsnbDEmSbeCCS6stVj4OXzmL%2BI3rriE6uqu6v%2B%2FXn%2FSTnV39IV[]httpsmy.parcelpanel.comcf-nelhttps://a.nel.cloudflare.com/report/v3?s=tllyJM3LzpJ5uhR%2Bc"
Pattern match: "https://fabbous.com/https://fabbous.comhttps://fabbous.com/_h?-g/_h?-g/_h?-g/https://fabbous.com/https://fabbous.comhttps://fabbous.comhttps://fabbous.comhttps://fabbous.comhttps://fabbous.comhttps://fabbous.com/_h?-g/_h?-g/_h?-g/https://fabbous.com/"
Pattern match: "github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.4.7/npp.8.4.7.portable.x64.7zhttps://objects.githubusercontent.com/github-production-release-asset-2e65be/33014811/42d9bc38-89f0-48d8-94ec-d1f3649d2fc3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-A"
Pattern match: "RSSs-..BW/t6P.BaxxXj{{{_"
Pattern match: "https://chrome.google.com/webstore},urls:[https://chrome.google.com/webstore]},description:Discover"
Pattern match: "https://github.com/easylist"
Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE53r3l?ver=5412,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE53bta?ver=2bf3,update_period:86400},creativeId:128000000003595"
Pattern match: "https://www.coupert.com"
Pattern match: "https://cdn.shopify.com/wpm/b423f603cwbec0c735p77706e6dm4f6ab682m.js"
Pattern match: "fabbous.com/Fabbouse9Fitfabboufabbouhttps://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170Latest"
Pattern match: "http://www.w3.org/2000/svg,svg"
Pattern match: "https://ntp.msn.com/REG:https://ntp.msn.com/https://ntp.msn.com/edge/ntp.https://ntp.msn.com/edge/ntp/service-worker.js"
Pattern match: "https://googleads.g.doubleclick.net/next-map-idQnamespace-3bbc91a6_51d0_4200_9fa7_2e3ec0fddf25-https://tpc.googlesyndication.com/34U"
Pattern match: "https://www.clarity.ms,supports_spdy:true},{anonymization:[],server:https://microsoftedgewelcome.microsoft.com,supports_spdy:true},{anonymization:[],server:https://edgefrecdn.azureedge.net,supports_spdy:true},{anonymization:[],server"
Pattern match: "autofill.account.microsoft.com/,type"
Pattern match: "www.microsoft365.com"
Pattern match: "jedwatson.github.io/classnames"
Pattern match: "https://github.com/focus-trap/tabbable/blob/master/LICENSE"
Pattern match: "https://github.com/jsstyles/css-vendor"
Pattern match: "assets.db/MANIFEST-0000012023/10/25-21:25:43.779"
Pattern match: "fabbous.com/cdn/shopifycloud/shopify/assets/storefront/load_feature-87876fa245af19cbd14aa886ed59c6aa8a27c45d24dcd7a81cf2d2323506233e.js"
Pattern match: "fabbous.com/cdn/shopifycloud/shopify/assets/shop_events_listener-a7c63dba65ccddc484f77541dc8ca437e60e1e9e297fe1c3faebf6523a0ede9b.js"
Pattern match: "fabbous.com/cdn/shopifycloud/shopify/assets/storefront/features-1c0b396bd4d054b94abae1eb6a1bd6ba47beb35525c57a217c77a862ff06d83f.js"
Pattern match: "geolocation-recommendations.shopifyapps.com/locale_bar/script.js?shop=d8dd3e-2.myshopify.com"
Pattern match: "fabbous.com/cdn/shop/t/2/assets/predictive-search.js?v=162273246065392412141690303862"
Pattern match: "fabbous.com/cdn/shop/t/2/assets/cart-notification.js?v=133508293167896966491690303860"
Pattern match: "fabbous.com/cdn/shop/t/2/assets/details-disclosure.js?v=13653116266235556501690303861"
Pattern match: "fabbous.com/cdn/s/trekkie.storefront.75d8d07dd9ad90d0713c16e0b858fe70b16ff6ef.min.js"
Pattern match: "my.parcelpanel.com/assets/admin/custom/js/checkout.js?shop=d8dd3e-2.myshopify.com"
Pattern match: "fabbous.com/cdn/shop/t/2/assets/details-modal.js?v=25581673532751508451690303861"
Pattern match: "fabbous.com/cdn/shop/t/2/assets/search-form.js?v=133129549252120666541690303862"
Pattern match: "fabbous.com/cdn/shop/t/2/assets/animations.js?v=114255849464433187621690303860"
Pattern match: "analytics.tiktok.com/i18n/pixel/events.js?sdkid=CKP5QCRC77U84BOPVE80&lib=ttq"
Pattern match: "fabbous.com/cdn/shop/t/2/assets/global.js?v=139248116715221171191690303861"
Pattern match: "fabbous.com/cdn/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js"
Pattern match: "cdn.shopify.com/s/files/1/0802/5443/5640/files/options_selection.js"
Pattern match: "cdn.shopify.com/s/files/1/0802/5443/5640/files/globo_checkout.js"
Pattern match: "analytics.tiktok.com/i18n/pixel/static/main.MTVkMmViMGJhMg.js"
Pattern match: "cdn.shopify.com/s/files/1/0802/5443/5640/files/optimizers.js"
Pattern match: "fabbous.com/cdn/wpm/b423f603cwbec0c735p77706e6dm4f6ab682m.js"
Pattern match: "analytics.tiktok.com/i18n/pixel/static/identify_72059.js"
Pattern match: "fabbous.com/checkouts/internal/preloads.js?locale=it-US"
Pattern match: "fabbous.com/cdn/shop/t/2/compiled_assets/scripts.js?83"
Heuristic match: "a.nel.cloudflare.com"
Heuristic match: "cdn.shopify.com"
Heuristic match: "fabbous.com"
Heuristic match: "fonts.shopifycdn.com"
Heuristic match: "geolocation-recommendations.shopifyapps.com"
Heuristic match: "my.parcelpanel.com"
Pattern match: "http://www.w3.org/2000/svg};class"
Pattern match: "www.gap.com"
Pattern match: "www.gapfactory.com"
Pattern match: "www2.hm.com"
Pattern match: "www.gapcanada.ca"
Pattern match: "www2.factoryoutletstore.com"
Pattern match: "www2.invoicecloud.com"
Pattern match: "www1.ussailing.org"
Pattern match: "www2.doggysuperfoods.com"
Pattern match: "www1.agenciatributaria.gob.es"
Pattern match: "www9.agenciatributaria.gob.es"
Pattern match: "www.vaxvacationaccess.com"
Pattern match: "www2.promap.co.uk"
Pattern match: "www2.correios.com.br"
Pattern match: "www2.stanlycountync.gov"
Pattern match: "www2.registerblast.com"
Pattern match: "www5.maine.gov"
Pattern match: "www2.haircarerefined.com"
Pattern match: "www2.tonyprotein.com"
Pattern match: "www2.vinesse.com"
Pattern match: "www5.ibackup.com"
Pattern match: "www3.thedatabank.com"
Pattern match: "www2.helminc.com"
Pattern match: "www2.unifyhealthlabs.com"
Pattern match: "www3.benefitsolver.com"
Pattern match: "www1.nobexpartners.com"
Pattern match: "www6.agenciatributaria.gob.es"
Pattern match: "www2.kintsugihair.com"
Pattern match: "www2.lectinblocker.com"
Pattern match: "www1.hhrd.org"
Pattern match: "www6.lifeatworkportal.com"
Pattern match: "www3.mutualofomaha.com"
Pattern match: "www3.masterwriter.com"
Pattern match: "www1.carey.com"
Pattern match: "www2.gundrymdtotalrestore.com"
Pattern match: "www2.ymtvacations.com"
Pattern match: "www2.invisicrepe.com"
Pattern match: "www2.americanprofessional.com"
Pattern match: "www2.ambrose.edu"
Pattern match: "www1.netfirms.com"
Pattern match: "www2.agenciatributaria.gob.es"
Pattern match: "www1.12cloudpayroll.com"
Pattern match: "www2.bwproducers.com"
Pattern match: "www2.bhdpanama.com"
Pattern match: "www2.fl-dcf.org"
Pattern match: "www3.sylectus.com"
Pattern match: "www1.iaproducers.com"
Pattern match: "www1.mydomain.com"
Pattern match: "www1.payroo.com"
Pattern match: "www40.polyu.edu.hk"
Pattern match: "www2.csebo.it"
Pattern match: "www3.subcontrataley.cl"
Pattern match: "www4.texashealth.org"
Pattern match: "www2.drmartypets.com"
Pattern match: "www2.americamorningsupply.com"
Pattern match: "www2.bellmts.ca"
Pattern match: "www.klarna.com"
Pattern match: "www.google.com"
Pattern match: "www.gstatic.com"
Pattern match: "www.transunion.com"
Pattern match: "www.googletagmanager.com"
Pattern match: "www.facebook.com"
Pattern match: "www.googleadservices.com"
Pattern match: "https://reactjs.org/docs/error-decoder.html?invariant=+e,i=1;i"
Pattern match: "https://aka.ms/EdgeSaveCardFAQ,nh.UseVirtualCardLearnMore=https://aka.ms/EdgeVirtualCardFAQ,nh.WalletSettings=edge://wallet/settings,nh.microsoftRewardsDashboardURL=https://rewards.microsoft.com/,nh.microsoftRewardsRedeemURL=https://rewards.microso" - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Contacts random domain names
-
Unusual Characteristics
-
Detected known bank URL artifact
- details
-
""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")
""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")
""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")
""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")
""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")
""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")
""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")
""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")
""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")
""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")
""travel.usbank.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "usbank.com")
""digitalproductkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")
""abmerchants.atlabank.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "labank.com")
""maxmoney.centralbank.net"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "centralbank.net")
""e-pacallianz.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "anz.com")
""thepaystubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")
""map.mtrustcompany.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "trustcompany.com")
""pay.cibc.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "cibc.com")
""gma-glambodyscrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")
""ca.ccmhockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")
""experiences.chase.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "chase.com")
""secure02ea.chase.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "chase.com")
""app.servicetrade.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "etrade.com")
""registration.canamhockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")
""travelsecure.chase.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "chase.com") - source
- File/Memory
- relevance
- 2/10
-
Detected known bank URL artifact
Session Details
No relevant data available.
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 30 processes in total.
-
rundll32.exe
"%WINDIR%\system32\ieframe.dll",OpenURL C:\sample.url
(PID: 7420)
-
msedge.exe
--single-argument https://fabbous.com/
(PID: 1184)
- msedge.exe --type=crashpad-handler "--user-data-dir=%LOCALAPPDATA%\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=%LOCALAPPDATA%\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=107.0.5304.110 "--annotation=exe=%PROGRAMFILES%\(x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=107.0.1418.56 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd8,0x7fffbe4bb208,0x7fffbe4bb218,0x7fffbe4bb228 (PID: 4508)
- msedge.exe --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:2 (PID: 368)
- msedge.exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:3 (PID: 1056)
- msedge.exe --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:8 (PID: 1628)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --time-ticks-at-unix-epoch=-1698293282782130 --launch-time-ticks=1054635276 --mojo-platform-channel-handle=3120 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:1 (PID: 6748)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --time-ticks-at-unix-epoch=-1698293282782130 --launch-time-ticks=1055184367 --mojo-platform-channel-handle=3148 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:1 (PID: 5284)
- msedge.exe --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3576 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:8 (PID: 5592)
- msedge.exe --type=renderer --extension-process --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --time-ticks-at-unix-epoch=-1698293282782130 --launch-time-ticks=1056086427 --mojo-platform-channel-handle=3624 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:1 (PID: 6488)
- msedge.exe --type=renderer --extension-process --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --time-ticks-at-unix-epoch=-1698293282782130 --launch-time-ticks=1056406631 --mojo-platform-channel-handle=3676 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:1 (PID: 8100)
- msedge.exe --type=renderer --extension-process --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --time-ticks-at-unix-epoch=-1698293282782130 --launch-time-ticks=1056689589 --mojo-platform-channel-handle=3800 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:1 (PID: 836)
- msedge.exe --type=renderer --extension-process --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --time-ticks-at-unix-epoch=-1698293282782130 --launch-time-ticks=1056962659 --mojo-platform-channel-handle=3864 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:1 (PID: 5512)
- msedge.exe --type=renderer --extension-process --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --time-ticks-at-unix-epoch=-1698293282782130 --launch-time-ticks=1057289804 --mojo-platform-channel-handle=3904 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:1 (PID: 7868)
- msedge.exe --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6152 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:8 (PID: 2528)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6324 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:8 (PID: 7880)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6504 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:8 (PID: 4132)
- msedge.exe --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6588 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:8 (PID: 6936)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4396 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:8 (PID: 1048)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4588 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:8 (PID: 8064)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:8 (PID: 4928)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6468 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:8 (PID: 7052)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6344 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:8 (PID: 2112)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5880 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:8 (PID: 6984)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6028 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:8 (PID: 4424)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6440 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:8 (PID: 7380)
- msedge.exe --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.16299.192 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6428 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:2 (PID: 988)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3920 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:8 (PID: 7888)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5780 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:8 (PID: 6484)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2004 --field-trial-handle=2068,i,8011281967770406157,13595280215316335810,131072 /prefetch:8 (PID: 7580)
-
msedge.exe
--single-argument https://fabbous.com/
(PID: 1184)
Network Analysis
DNS Requests
Domain | Address | Registrar | Country |
---|---|---|---|
a.nel.cloudflare.com
OSINT |
35.190.80.1
TTL: 3860 |
CloudFlare, Inc.
Organization: CloudFlare, Inc. Name Server: NS3.CLOUDFLARE.COM Creation Date: 2009-02-17T00:00:00 |
United States |
cdn.shopify.com
OSINT |
23.227.60.200
TTL: 73 |
Namescout.com
Organization: Shopify Inc. Name Server: NS1.DNSIMPLE.COM Creation Date: 2005-03-11T00:00:00 |
Canada |
fabbous.com
OSINT |
23.227.38.65
TTL: 21600 |
Tucows Domains Inc.
Name Server: NS-CLOUD-E1.GOOGLEDOMAINS.COM Creation Date: 2023-07-25T20:03:31 |
Canada |
fonts.shopifycdn.com
OSINT |
185.146.173.20
TTL: 14 |
Rebel.ca
Organization: Shopify Inc. Name Server: NS1.DNSIMPLE.COM Creation Date: 2013-09-15T00:00:00 |
Sweden |
geolocation-recommendations.shopifyapps.com
OSINT |
185.146.173.20
TTL: 11 |
Namescout.com
Organization: Shopify Inc. Name Server: NS1.DNSIMPLE.COM Creation Date: 2008-06-12T21:01:23 |
Sweden |
my.parcelpanel.com
OSINT |
104.26.7.247
TTL: 29 |
NameSilo, LLC
Organization: See PrivacyGuardian.org Name Server: ANIRBAN.NS.CLOUDFLARE.COM Creation Date: 2018-11-30T10:55:48 |
United States |
Contacted Hosts
IP Address | Port/Protocol | Associated Process | Details |
---|---|---|---|
23.227.38.65 |
443
TCP |
msedge.exe PID: 1056 |
Canada |
23.227.60.200 |
443
TCP |
msedge.exe PID: 1056 |
Canada |
23.227.38.65 |
443
UDP |
msedge.exe PID: 1056 |
Canada |
185.146.173.20 |
443
TCP |
msedge.exe PID: 1056 |
Sweden |
23.227.60.200 |
443
UDP |
msedge.exe PID: 1056 |
Canada |
35.190.80.1 |
443
TCP |
msedge.exe PID: 1056 |
United States |
35.190.80.1 |
443
UDP |
msedge.exe PID: 1056 |
United States |
104.26.7.247 |
443
TCP |
msedge.exe PID: 1056 |
United States |
184.25.254.58 |
443
UDP |
msedge.exe PID: 1056 |
United States |
Contacted Countries
HTTP Traffic
No relevant HTTP requests were made.
Suricata Alerts
Event | Category | Description | SID |
---|---|---|---|
local -> 224.0.0.252:5355 (UDP) | Potential Corporate Privacy Violation | ET P2P eMule KAD Network Firewalled Request | 2009969 |
local -> 224.0.0.252:5355 (UDP) | Potential Corporate Privacy Violation | ET P2P eMule KAD Network Firewalled Request | 2009969 |
Extracted Strings
Extracted Files
Displaying 50 extracted file(s). The remaining 295 file(s) are available in the full version and XML/JSON reports.
-
Informative Selection 50
-
-
4c39c519-d003-4188-9c52-dfa7573a18ca.tmp
- Size
- 59KiB (60001 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- 94d8918e570a98125eb77620f6adbb68
- SHA1
- 73e313d48e4bb23bab501227c90a3bbf9ce29b10
- SHA256
- 61534818de7d76044ffc565bf1b30d4739f9569954fd670765b03fb3532abd7b
-
5b798a6c-ceef-442f-862a-af005e351131.tmp
- Size
- 59KiB (60002 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- ab28b9e49a8c78cf9e3c2b28f5c61762
- SHA1
- 4893f58671b57108862f72842370f0140ed4851c
- SHA256
- 6497139180096c24270108654301fcdbad8b557bcc3abd248e4ed74e264e1c9e
-
70b91ee3-b31f-4857-be63-7452e740fc19.tmp
- Size
- 59KiB (60281 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- 0dbc9ca5ad0f891e387fca03dede01f4
- SHA1
- 09289e1b5f5dd50fbcb3ebad68adf3ca6f8b0444
- SHA256
- 0157b8bb47fad3f7ce3a5cf7f8b671692e8155e36523c98abbf50a0b141dd8f0
-
84248973-a64d-4fe8-a83b-2d684b118dad.tmp
- Size
- 59KiB (60281 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- e99bfa133ea407802f06ad898e368c92
- SHA1
- da7fcf07a0c2f620b0a642e8698082656704e4e6
- SHA256
- 414d8961512ff99f10e662b96b0f38216e383982daf4ac805e1d0e96e4721857
-
5f9e9daf-f6de-4a4d-8971-62f8dc591810.tmp
- Size
- 93KiB (95454 bytes)
- Type
- data
- Description
- JSON data
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- 6d3cb4d5a65d3f82274e69f7a132c797
- SHA1
- 63115b547e6dbe8cb8c1852c0d468a9489019ea1
- SHA256
- 421c937730a9b712d2f8dcb4445afbc0648806566e7ba93c60979757268b1d8b
-
settings.dat
- Size
- 280B (280 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 4508)
- MD5
- dc7fe4d952f8042a8a1845529081e2a8
- SHA1
- 7cc89f7277b4ca3023cd39beeff45226f5b88e1d
- SHA256
- cb7be7aac22e0315f628695d59d6952db1e648f99af5f58bd164300e0387a90f
-
0f64078d-b9c6-40a1-a8e0-cf788a748132.tmp
- Size
- 25KiB (26104 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- 1728fb3f7da793b8b4932c37a8804829
- SHA1
- f8d29bce74265e9f8c17846f2e84c758be8ef873
- SHA256
- 15e7154561ab69ae7f867e920fdce09c0df32549133ceb57a86adcbd67dec043
-
60b9b0e3-06aa-4d28-af46-4677ad478961.tmp
- Size
- 23KiB (23138 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- 5b3eb0a89a13cc8a54ee68eb1b8cf0a5
- SHA1
- f701d5a0b10df5ad8e79810aa77f7d51a1d8e61e
- SHA256
- 4d2b9d223d21f2db6ef9eef031d4de474eb5a0da76dd75597693c6bd7b49f17c
-
73f4e467-c19e-434e-aaa4-c22225da5973.tmp
- Size
- 25KiB (26087 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- ba9d2b65ac5e0a731e6b7c3dfb65da49
- SHA1
- 83cf53e5576f9cc893e24d5746166f41e9b9d477
- SHA256
- 8219fba74e49afc5ed340bb6c72d51abf66412a4dcc917ec1165640323cdeb1c
-
91771f68-fa2b-433b-949e-b0a0a1733ae7.tmp
- Size
- 23KiB (23111 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- f981b375b7f8b017e6ae313e31d52edd
- SHA1
- c72fd6dd90bf34ccaa2f74d260bd0ed193216a3e
- SHA256
- f4e6146ac747fa329785c40a38c8e684f83ca43e0e92a7bd32e1b9eda244f371
-
9afd37b5-1e90-4f83-a56f-d6e4afb7ee0e.tmp
- Size
- 23KiB (23513 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- 499b40f000b7af45ae2f08bb258efc66
- SHA1
- 16565372e11448e391b6b850fde1d8c64ceb6c79
- SHA256
- 9d0212a00e82b9bc63b4d6bbfd46951514457063a2de6524796e3a2a8e4df57a
-
000003.log
- Size
- 949KiB (971576 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 5592)
- MD5
- ee58d324f3394ec75181f06b98438141
- SHA1
- 6d9dabddffc72821850293624e31bf5453e828b3
- SHA256
- 93631993a66f007c1471ac66742f2c0fbe0a9ce56de7a39acab6d85dea0bf76f
-
LOG
- Size
- 338B (338 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- msedge.exe (PID: 5592)
- MD5
- 7bc4c7a57146e2160361765ae5bbb31d
- SHA1
- 9b7b1b3036061cbc1b4c12c6cd868a94062110e0
- SHA256
- 55a09a48188b39471fb4bd1230117067f11b43326d2a733e6c3e6cc1e98fb4a1
-
data_0
- Size
- 152KiB (155648 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- 4e2f57ccee4dc902768ced8721bbe27a
- SHA1
- 10fa2b6f7ef1e929794f1f973bb598a8e4300ec0
- SHA256
- 6717932a3b52d99d8ac3c5330fef1439db58754baa529b1ea02ff42ca6f18852
-
data_1
- Size
- 1.3MiB (1318912 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- 913ad8c44de2e0793cb386c7e1f800a1
- SHA1
- d26494a4b28d9a9c838c5cfacc80f1290a4006b7
- SHA256
- 04839d4ffafb27a0b9e3aa0ca34d259b99086f6e3929881d3fc0dfdfdbcadd04
-
data_2
- Size
- 3MiB (3153920 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- bcdf51b6426e25c766815964f02845cb
- SHA1
- e9afecde92802b1b84a34674b2aaf0a030e44b39
- SHA256
- a476b42115ab753f7866522b4b226c7d892e10d60d88fbb40dc51176a5576c52
-
data_3
- Size
- 5MiB (5246976 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- 6c4901cf023fc566d4d56a3257164357
- SHA1
- cd940e70617ecf1be727af98c05a6f2fa2eb482d
- SHA256
- b9ae73bc31443a076b36079edb55cae84ba835552c670709488331005953cb4e
-
f_0004c3
- Size
- 23KiB (23648 bytes)
- Type
- unknown
- Description
- amd 29k coff prebar executable
- Runtime Process
- msedge.exe (PID: 1056)
- MD5
- 967fe689dd71f6d8f3a5dd910c5a51e9
- SHA1
- 57fe592ea43935852a05589a03432ea638c4c384
- SHA256
- 21bfdbfbb9725acd60bdcd4db4f8b9ea96118f5c56514431500a10630714474a
-
f_0004c4
- Size
- 22KiB (22876 bytes)
- Type
- unknown
- Description
- Web Open Font Format (Version 2), TrueType, length 22876, version 2.13107
- Runtime Process
- msedge.exe (PID: 1056)
- MD5
- cb7a2d188dfbc0cdf7128f6ca0535164
- SHA1
- 90cfc8efed7ff88f02d58b22d38933ec75887560
- SHA256
- d10915a9f649491d7ae0785d1563051632e9ec57b48ffd27f8e116b9df364aae
-
f_0004c6
- Size
- 18KiB (18164 bytes)
- Type
- unknown
- Description
- SysEx File - Kamiya
- Runtime Process
- msedge.exe (PID: 1056)
- MD5
- 7a8fa2e308e677563d3596dc9968d493
- SHA1
- 176e09a26c2558326608cbdebacac0b3ebd6c018
- SHA256
- d1eb840ff1a3e174017a274bdd1c9cb392733587d913b279156304b62a43192c
-
f_0004c9
- Size
- 23KiB (23470 bytes)
- Type
- data
- Description
- RIFF (little-endian) data, Web/P image
- Runtime Process
- msedge.exe (PID: 1056)
- MD5
- 2f19dc160e5998bb9228166444177f2c
- SHA1
- 56c11904e6fb9feeebb4c2abbc226b7b2aec3626
- SHA256
- 5661563fbd2deb52985522e74bfd72135599ac2a0fcea0cecb0535cf5d6b4a82
-
f_0004cf
- Size
- 83KiB (84939 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1056)
- MD5
- 13f1a732b7b16d8521e2c1ded506229a
- SHA1
- 4ab29324221b9e3956f410a8153fb839070f7f19
- SHA256
- 4c0d72066c597c3c7c6fd3a6f5f25e6106133888f37814a710317eb3f1ae8ecf
-
f_0004d0
- Size
- 26KiB (26582 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1056)
- MD5
- 2c265e2eb9ec275a44863e4364d6a025
- SHA1
- 8d4933de3a4b7ff313afe0426f001490d1078b47
- SHA256
- f5bf864b88042ea8cd6e84a46da296a238d2ff4469a0a2d75e6434b8f0c21fe7
-
f_0004d1
- Size
- 19KiB (19325 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1056)
- MD5
- ee61008022e5b67d8bddc0c71b336304
- SHA1
- 9ad5cf9cb239324806aaced82f7dea815114e2c4
- SHA256
- cfccff0bf14626c6e1de759425decdc86596eb68549f56f79c84a3e31b3dccfd
-
f_0004d2
- Size
- 199KiB (204145 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1056)
- MD5
- e35668533dd9897ab733719600d5377b
- SHA1
- e72c602a562902ccf2056977136e4baaaa83e293
- SHA256
- 93e7666a1a7dd59f0b0440c0a245b129ae8ed7c7a4da024051161bbff6dac346
-
f_0004d3
- Size
- 106KiB (108823 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 413503
- Runtime Process
- msedge.exe (PID: 1056)
- MD5
- cdac54ae8dab80cdbf5cfd8e9c5fcf75
- SHA1
- 48778d0f3af1ea83efc3bf5cb8f5817d393b3e02
- SHA256
- 545dd9dbee63f9c9912aa41d0d2f177b1864bf5755b385c2842985888e497a58
-
f_0004d5
- Size
- 35KiB (35981 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 137656
- Runtime Process
- msedge.exe (PID: 1056)
- MD5
- 239b3d7514260c24c2bfcaa66dca8696
- SHA1
- 7be3e65eb0e3d4b59138f0fcd6e5d540d761d7b4
- SHA256
- 7a50efb87b567843c71e85d12827bdf061c5ae8353f54304cb7bc37caf6ca71e
-
f_0004d6
- Size
- 226KiB (231731 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1056)
- MD5
- 1803852a6cb212f21b97b5ac29021fc2
- SHA1
- 6666cbe61cbb89bf15836157c65ff29a9ab5a223
- SHA256
- d787621a0742151ee5a8ff6e65eed04df12c3e575c0621d7de690b4fe653dd40
-
f_0004d7
- Size
- 260KiB (266181 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1056)
- MD5
- d9da5c3fe77a8e269746d22445ed5a13
- SHA1
- 30a25245d5a47f81cd8a6e006d1b7f3fb5b86c84
- SHA256
- 855a2d97fd57e1a594d9f438e680bd9c742e9d9c76030c0364892cc1e7628db5
-
f_0004d8
- Size
- 24KiB (24385 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1056)
- MD5
- c6666c6aba41e2a4aaad672e9f0a0489
- SHA1
- 551243173f5b1e88be2de5b83c63bab4a9b5c812
- SHA256
- b6d896fa37fba0ecb3e01254d2d63f19953a9801b2102f1e317163fbb51c1798
-
f_0004d9
- Size
- 528KiB (541093 bytes)
- Type
- data
- Description
- JSON data
- Runtime Process
- msedge.exe (PID: 1056)
- MD5
- 4ec8738fcd63ad2644ae00a7a833aabb
- SHA1
- 185105dff99bf9b296366e6b16e9c7321248c190
- SHA256
- c022afe4cf9e50d49e8ce2b19a158ff0704bcc94b720857b29b6fbe18d7f8475
-
f_0004da
- Size
- 26KiB (26162 bytes)
- Type
- img image
- Description
- PNG image data, 1000 x 200, 8-bit/color RGB, non-interlaced
- Runtime Process
- msedge.exe (PID: 1056)
- MD5
- 963cff227259d0526b64168a4e24abe4
- SHA1
- b624de88bec949d9aaa71e77cab68927b2217f58
- SHA256
- bb067e0b78245a09bc43e1c09ab038192d6ef1dbffb86d617f53d47012e12c90
-
f_0004db
- Size
- 51KiB (52048 bytes)
- Type
- data
- Description
- RIFF (little-endian) data, Web/P image
- Runtime Process
- msedge.exe (PID: 1056)
- MD5
- b32fbaa1fb4acc9d3014b42f29f55051
- SHA1
- 393ba80805126296b73547f325ab6cc9908e5cdb
- SHA256
- 5a963622703b908a41cce55f9c42f017dc518aec020f56bed0999bfd63ab8468
-
007f10c1958238da_0
- Size
- 222B (222 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- 0fb2e66e11cb9d5101e0fc137edd375f
- SHA1
- d92521b8e69d2e41c789cbdaf30b3e6d94e17b5c
- SHA256
- 3113597ee7e17cc1dc74596fff70d00da0d6032b1b934c15c26620e08dac4ab0
-
0281716909af058d_0
- Size
- 250B (250 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- efa79e067818d7c433a914ecc1c30c22
- SHA1
- 3b04cedf1bf8c2d4ce405de98535976c2ce12dad
- SHA256
- 5f2febbe5d4a3b4a14d37dadb96b0a98210c14495e85684c05d0747c1a0b6c54
-
43491845d9921b8f_0
- Size
- 240B (240 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- c003c28e9687498ec9f10455667c94a6
- SHA1
- 20f64886a20f02412af6c3fdd06fe4ce2a5cc2cc
- SHA256
- 05cb0f75dd3d089d520769c071ed5adb63da9dfa1bf883be80824251cc1fa3b6
-
4b108daa1b888047_0
- Size
- 301B (301 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- edb1639e9d921d7a2732654b9768532d
- SHA1
- bda4d7fab4a25cac21974429710331aa93855555
- SHA256
- aa30513dd80abcc68b2cc3fd9d0233da6c241d5a234aee6126f0983f5f913647
-
4f53ca07aac9a63d_0
- Size
- 244B (244 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- 74aaa4f64aad28ef61b6bbf80d18257c
- SHA1
- 9960e88d7ae7f44bef772ed470cd3ea03093557d
- SHA256
- 2de98182f42e99cfbd3eb49a2627d682386bcf2573fb2131a5233e02bd144ba5
-
6ad195b8401f0f29_0
- Size
- 298B (298 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- 651ac023ba6efef371196d0418e2443a
- SHA1
- a1acc3bc0a348c0497defffaa7cadf47c1c281cc
- SHA256
- 9d07d4c03023fea02a7229e08f65d8e065ff14df57005cf926921e3a9b8e7cd9
-
93abb5c8313e125e_0
- Size
- 220B (220 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- b202b351e6a9dd0d1dc990daeb5997f6
- SHA1
- 009679a3e488810ed35769df43c5a13e4fbc080a
- SHA256
- 88df12a7dc992c6d71971793e8b7be93a9e52cb800ff3e76f5bef7cd657280f5
-
9cee7c5ad368761c_0
- Size
- 230B (230 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- dd0fa3493f3158b3b6e3b441f4e5474f
- SHA1
- c79a5177523a6204b4e6ee340f81707074a4c9e3
- SHA256
- e073842254a52862f05e5b29306094f5c95333199420e554a552227c33905493
-
ab10f8c6da096309_0
- Size
- 251B (251 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- 287316a900c41d68034f35ad43366925
- SHA1
- 821e7efd7eeb9aa893ffe00a4b552cd4630f96f4
- SHA256
- d654e46781458a857c4fef6c2d3bd95c319e3198612763bdd7457fb55e766390
-
bafe58813e0a7f45_0
- Size
- 297B (297 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- 1f302b8bed63c580f959e6836985729c
- SHA1
- ae054ba1660f631b33003ae4bab5afcdd0e3c848
- SHA256
- 7f5e85aade898a31da6d139956dac64480eb73f04a02ce463336d94c95072fb2
-
ca866c700f0884c1_0
- Size
- 233B (233 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- da32b03d12d33de925638941b68f346f
- SHA1
- 0f973035439596a1a0963a1a30f19f793d32fed0
- SHA256
- 41342c6b6e7990a4f4abeef7419a04213d7be8a0a8296e3c92f9d59ab08d7873
-
temp-index
- Size
- 12KiB (12504 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- 3656ed0ddde570de0b396fae8a4fd2be
- SHA1
- 850fa78e84aec503794ac7078a9682ad3450659c
- SHA256
- ad6cb099a116261c48c392ff2bb6173cd00be92806211fdf140d73ae36afa6dd
-
data_1
- Size
- 264KiB (270336 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 1184)
- MD5
- 7c390c3438cd121ab9f17cbb7c14263c
- SHA1
- 59da9f3ab48b2c91e6ba0b0c4248ee9d50a1f42d
- SHA256
- 3eb408108d81231f17c14e86c57670b67b0d1e81576e065dba0fa697c711f097
-
LOG
- Size
- 350B (350 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- msedge.exe (PID: 5592)
- MD5
- 3cfcd27edd931d19c01f6201a16b80bd
- SHA1
- 24ad210a845a7d396fdf21a56f0a4b77573f0aa1
- SHA256
- bc8d1bb4bc381e5d689fc702b471210e6b24583cc9f27af527ac45d6aeea8649
-
000003.log
- Size
- 361B (361 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 5592)
- MD5
- c83a46dd033d69183828757bc47301b4
- SHA1
- 6458be44d860e2784a653f1253da41b848f980ac
- SHA256
- 97fc0d1d46cfbd5fc5e96d64e420569cd271370efb4aebf929cfb91faf03d5be
-
LOG
- Size
- 330B (330 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- msedge.exe (PID: 5592)
- MD5
- ca9b5b9ea2ce70602479f7059fb7eaa4
- SHA1
- 811cd1cf8d90182c9209086f19f11d363de9dc43
- SHA256
- b2d11a8126ab2c76329d363f2e51cb202408434de7678dddd054dcf1b38b13a6
-
000003.log
- Size
- 1.1KiB (1083 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 5592)
- MD5
- f5db9e03121baefa935729aeca8f9b25
- SHA1
- 566ab4bea20fca1e5dc02458820edeab0d089fce
- SHA256
- 6af84bcbacc6188e9dc569332b289ba93fe5495124e53d7c2213f43ce23c51d6
-
Notifications
-
Runtime
- Not all Falcon MalQuery lookups completed in time
- Not all IP/URL string resources were checked online
- Not all created files are visible for msedge.exe (PID: 1184)
- Not all file accesses are visible for msedge.exe (PID: 1048)
- Not all file accesses are visible for msedge.exe (PID: 1056)
- Not all file accesses are visible for msedge.exe (PID: 1184)
- Not all file accesses are visible for msedge.exe (PID: 1628)
- Not all file accesses are visible for msedge.exe (PID: 2112)
- Not all file accesses are visible for msedge.exe (PID: 2528)
- Not all file accesses are visible for msedge.exe (PID: 368)
- Not all file accesses are visible for msedge.exe (PID: 4132)
- Not all file accesses are visible for msedge.exe (PID: 4424)
- Not all file accesses are visible for msedge.exe (PID: 4508)
- Not all file accesses are visible for msedge.exe (PID: 4928)
- Not all file accesses are visible for msedge.exe (PID: 5284)
- Not all file accesses are visible for msedge.exe (PID: 5512)
- Not all file accesses are visible for msedge.exe (PID: 5592)
- Not all file accesses are visible for msedge.exe (PID: 6484)
- Not all file accesses are visible for msedge.exe (PID: 6488)
- Not all file accesses are visible for msedge.exe (PID: 6748)
- Not all file accesses are visible for msedge.exe (PID: 6936)
- Not all file accesses are visible for msedge.exe (PID: 6984)
- Not all file accesses are visible for msedge.exe (PID: 7052)
- Not all file accesses are visible for msedge.exe (PID: 7380)
- Not all file accesses are visible for msedge.exe (PID: 7580)
- Not all file accesses are visible for msedge.exe (PID: 7868)
- Not all file accesses are visible for msedge.exe (PID: 7880)
- Not all file accesses are visible for msedge.exe (PID: 7888)
- Not all file accesses are visible for msedge.exe (PID: 8064)
- Not all file accesses are visible for msedge.exe (PID: 8100)
- Not all file accesses are visible for msedge.exe (PID: 836)
- Not all file accesses are visible for msedge.exe (PID: 988)
- Some low-level data is hidden, as this is only a slim report
- This URL analysis has missing honeyclient data
- Not all sources for indicator ID "string-169" are available in the report
- Not all sources for indicator ID "string-23" are available in the report
- Not all sources for indicator ID "mutant-0" are available in the report