http://bmo.login-lockaccount.com/
This report is generated from a file or URL submitted to this webservice on July 12th 2023 13:05:08 (UTC) and action script Default browser analysis
Guest System: Windows 10 64 bit, Professional, 10.0 (build 16299),
Report generated by
Falcon Sandbox v10.1.6 © Hybrid Analysis
Incident Response
Risk Assessment
- Evasive
- Possibly checks for the presence of an Antivirus engine
- Network Behavior
- Contacts 18 domains and 20 hosts. View all details
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Suspicious Indicators 6
-
Anti-Detection/Stealthyness
-
Possibly checks for the presence of an Antivirus engine
- details
-
""superantispyware.recurly.com"," (Indicator: "superantispyware") in Source: wallet-checkout-eligible-sites.json
""totaldefense.com"," (Indicator: "totaldefense") in Source: wallet-checkout-eligible-sites.json - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1518.001 (Show technique in the MITRE ATT&CK™ matrix)
-
Possibly checks for the presence of an Antivirus engine
-
External Systems
-
Found an IP/URL artifact that was identified as malicious by at least three reputation engines
- details
-
6/90 reputation engines marked "http://bmo.login-lockaccount.com" as malicious (6% detection rate)
6/90 reputation engines marked "http://bmo.login-lockaccount.com/" as malicious (6% detection rate) - source
- External System
- relevance
- 10/10
-
Sample was identified as malicious by at least one Antivirus engine
- details
- 6/90 Antivirus vendors marked sample as malicious (6% detection rate)
- source
- External System
-
Found an IP/URL artifact that was identified as malicious by at least three reputation engines
-
General
-
GETs files from a webserver
- details
-
"GET / HTTP/1.1
Host: bmo.login-lockaccount.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9" Response ==> HTTP/1.1 301 Moved Permanently
Date: Wed
12 Jul 2023 13:10:46 GMT
Server: Apache/2.4.57 (Ubuntu)
Location: https://bmo.login-lockaccount.com/
Content-Length: 333
Keep-Alive: timeout=5
max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1 with response body ==>3C21444F43545950452048544D4C205055424C494320222D2F2F494554462F2F4454442048544D4C20322E302F2F454E223E0A3C68746D6C3E3C686561643E0A....... - source
- Network Traffic
- relevance
- 10/10
- ATT&CK ID
- T1071.001 (Show technique in the MITRE ATT&CK™ matrix)
-
GETs files from a webserver
-
Network Related
-
Found potential IP address in binary/memory
- details
- Potential IP "1.5.75.75" found in string "d="M10 2a8 8 0 110 16 8 8 0 010-16zm0 10.5a.75.75 0 100 1.5.75.75 0 000-1.5zM10 6a.5.5 0 00-.5.41v4.68a.5.5 0 001 0V6.41A.5.5 0 0010 6z""
- source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Found potential IP address in binary/memory
-
Unusual Characteristics
-
References suspicious system modules
- details
-
Found string "(3O3I/xvZ]Q-lP-~5^->`[GG42^E8GG\BKKhItJI[bqpKhks%6(``0$5._|(`Pr%}|4="ePA_l_Eme!wItYN0/ e&Y<G%_v2z9HDsl]?w<=@:?NN&}~R]>/9FsW&r8Eiv<<\thxZ8![0K!%dW9B4V.I<nP|uqQVpalU&c"CkYO[;`):#aG'K4^(H;oaN+ A'l:wk(y^I&1kIO$9~na^esRw%;cX2 k/fSXAEs,*~ptdcd[>w,aWEa<%x5J%K8Pq7awbl9b$:I:3#]MA"kCK{\)S&h65:D
BiLe-f!
y B}8O?Pf|tj/7{~`C0qls"rEB'w1{\{=[_hV~<:zi`!)]`vxmBQUsu|520N^'={\wRV_qH@u~k|.R.=P}`#F&2~}mwdt?N0TZ@Sm,t@%`=EU"X#%cyh?q<hcH=es.H;PFsyhG^ ~?Zzhc%`.V_X*%C@M%Bi-W!GJ&PhJLRD7~+z+J<7r44Aj FJQo[F[iR9L.>i dYPi9ZG)93uu7QEf`(0?<z'?m#StZ;~bL$jP1{D=I?`Pql<h+c<HJ5>E04w.-)@5h1{'eQ;X;F_aR,8sD>,MeTDwHS# #D2 .Z@M[v (.:EsHsybB5^MLxE.bxs0E7$Ue.hbbLMD>0Q4@>qT,v~},WdbKCB\:b-[|u~:,rh+:kq2DbaEM!D"[Mj}[(D7\<-DlQ-h)\_}VkSN),hA*D(zcsrssUTw Kb]&@ya4Wbmjb\i,KTctM~eq}"]9<ta|7pVtUoRhV6S|0>Me{JQ/,,pZh?j58Scq0yz-;l*{h=bEpjCQ#zA8@C-/p:(9jt ]~xqpJI$o+%P2)b|))'k/nFe3A=i3axMcgO7c'Ic '\erb$c[_L*K/$I$*(L,554@T<Q'Zz0m2rG>k6_:HC.;U&5wy*DFx#s;k3^|P> xEKx2}_<ooUg0@EQj&4{8dfXt(k'Sf51Ae+pl~>@O+Y`\t(G:BlGzK?)}@6=U`D5}m\.*{ZZ{m7F)d%}Ct`)G*sm^u8F[OL\:'pK%*>]-9t{~yG-uW^1}k8OwY~]%`" (Indicator: "csrss"; File: "f_0004c7") - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1547.006 (Show technique in the MITRE ATT&CK™ matrix)
-
References suspicious system modules
-
Informative 14
-
External Systems
-
Detected Suricata Alert
- details
- Detected alert "SURICATA HTTP unable to match response to request" (SID: 2221010, Rev: 1, Severity: 3) categorized as "Generic Protocol Command Decode"
- source
- Suricata Alerts
- relevance
- 10/10
-
Detected Suricata Alert
-
General
-
Contacts domains
- details
- "bmo.login-lockaccount.com"
- source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Contacts server
- details
-
"146.70.35.134:80"
"138.91.254.96:443"
"146.70.35.134:443"
"192.0.78.27:443"
"63.140.36.14:443"
"63.140.36.130:443"
"157.240.22.25:443"
"13.227.73.235:443"
"13.227.74.104:443"
"104.19.148.8:443"
"146.75.93.230:443"
"184.86.104.43:443"
"142.251.46.226:443"
"157.240.22.35:443"
"13.227.74.110:443"
"13.227.74.60:443"
"35.241.45.82:443"
"18.213.250.165:443"
"13.227.74.49:443" - source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Creates mutants
- details
-
"Local\SM0:6628:304:WilStaging_02"
"SM0:6628:304:WilStaging_02"
"Local\SM0:6628:120:WilError_01"
"SM0:6628:120:WilError_01"
"InternetShortcutMutex" - source
- Created Mutant
- relevance
- 3/10
-
Found a reference to a known community page
- details
-
Found string "www.facebook.com" (Indicator: "facebook.com"; File: "PCAP")
Found string ""paypal.com"," (Indicator: "paypal"; File: "wallet-checkout-eligible-sites-pre-stable.json")
Found string ""baysidebuddy.com"," (Indicator: "ebuddy.com"; File: "wallet-pre-stable.json")
Found string ""comeherebuddy.com"," (Indicator: "ebuddy.com"; File: "wallet-pre-stable.json")
Found string ""www.facebook.com"," (Indicator: "facebook.com"; File: "wallet-pre-stable.json")
Found string ""linkedin.com"," (Indicator: "linkedin.com"; File: "wallet-pre-stable.json")
Found string ""netflix.com"," (Indicator: "netflix.com"; File: "wallet-checkout-eligible-sites.json")
Found string ""ads.twitter.com"," (Indicator: "twitter"; File: "wallet-checkout-eligible-sites.json")
Found string ""ipnpb.paypal.com"," (Indicator: "paypal"; File: "wallet-checkout-eligible-sites.json")
Found string ""youtube.com"," (Indicator: "youtube"; File: "wallet-checkout-eligible-sites.json")
Found string ""developer.twitter.com"," (Indicator: "twitter"; File: "wallet-checkout-eligible-sites.json")
Found string ""securepayments.paypal.com"," (Indicator: "paypal"; File: "wallet-checkout-eligible-sites.json")
Found string ""payflowlink.paypal.com"," (Indicator: "paypal"; File: "wallet-checkout-eligible-sites.json")
Found string ""tubebuddy.com"," (Indicator: "ebuddy.com"; File: "wallet-checkout-eligible-sites.json")
Found string ""music.youtube.com"," (Indicator: "youtube"; File: "wallet-checkout-eligible-sites.json") - source
- File/Memory
- relevance
- 2/10
-
Queries DNS server
- details
-
"adobedc.demdex.net"
"api.edgeoffer.microsoft.com"
"app.fintelconnect.com"
"assets-tracking.crazyegg.com"
"bmo.login-lockaccount.com"
"cdn.linkedin.oribi.io"
"connect.facebook.net"
"edge.adobedc.net"
"googleads.g.doubleclick.net"
"href.li"
"iaaa.apis.bnc.ca"
"pagestates-tracking.crazyegg.com"
"resources.digital-cloud.medallia.ca"
"script.crazyegg.com"
"tracking.crazyegg.com"
"udc-neb.kampyle.com"
"www.datadoghq-browser-agent.com"
"www.facebook.com" - source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071.004 (Show technique in the MITRE ATT&CK™ matrix)
-
References JavaScript(s)
- details
-
file/memory contains long string with (Indicator: "text/javascript"; File: "urlref_httpbmo.login-lockaccount.com")
Found string "<script type="text/javascript">" (Indicator: "text/javascript"; File: "urlref_httpbmo.login-lockaccount.com") - source
- File/Memory
- relevance
- 1/10
- ATT&CK ID
- T1059.007 (Show technique in the MITRE ATT&CK™ matrix)
-
Contacts domains
-
Installation/Persistence
-
Dropped files
- details
-
"urlref_httpbmo.login-lockaccount.com" has type "HTML document ASCII text"- [targetUID: N/A]
"2d4bb8cb-1747-47cb-848e-992f2e7da337.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 65729"- Location: [%TEMP%\2d4bb8cb-1747-47cb-848e-992f2e7da337.tmp]- [targetUID: 00000000-00007812]
"data_2" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2]- [targetUID: 00000000-00006096]
"wallet-stable.json" has type "ASCII text"- [targetUID: 00000000-00007812]
"wallet-pre-stable.json" has type "ASCII text"- [targetUID: 00000000-00007812]
"edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\7812_479589913\edge_driver.js]- [targetUID: 00000000-00007812]
"load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\load_statistics.db-wal]- [targetUID: 00000000-00007812]
"wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\7812_479589913\wallet.bundle.js]- [targetUID: 00000000-00007812]
"recovery-component-inner.crx" has type "Google Chrome extension version 3"- Location: [%TEMP%\7812_1128998947\recovery-component-inner.crx]- [targetUID: 00000000-00007812]
"vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]
"wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\7812_479589913\Wallet-Checkout\wallet-drawer.bundle.js]- [targetUID: 00000000-00007812]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1]- [targetUID: 00000000-00006096]
"000009.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000009.log]- [targetUID: 00000000-00007812]
"000013.ldb" has type "data"- [targetUID: N/A]
"bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\7812_479589913\bnpl\bnpl.bundle.js]- [targetUID: 00000000-00007812]
"f_0004d5" has type "gzip compressed data from Unix original size modulo 2^32 2394919"- [targetUID: N/A]
"tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]
"wallet-checkout-eligible-sites.json" has type "ASCII text"- [targetUID: 00000000-00007812]
"notification.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: 00000000-00007812]
"000014.ldb" has type "data"- [targetUID: N/A]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log]- [targetUID: 00000000-00007812]
"miniwallet.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\DawnCache\data_1]- [targetUID: 00000000-00006096]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\ShaderCache\data_1]- [targetUID: 00000000-00006096]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\GPUCache\data_1]- [targetUID: 00000000-00006096]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\GrShaderCache\data_1]- [targetUID: 00000000-00006096]
"f_0004d8" has type "JPEG image data Exif standard: [TIFF image data little-endian direntries=0] baseline precision 8 1199x375 components 3"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d8]- [targetUID: 00000000-00006096]
"edge_autofill_field_data.json" has type "JSON data"- Location: [%TEMP%\7812_1556834814\edge_autofill_field_data.json]- [targetUID: 00000000-00007812]
"History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\History]- [targetUID: 00000000-00006628]
"f_0004d0" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 636115"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d0]- [targetUID: 00000000-00006096]
"wallet-checkout-eligible-sites-pre-stable.json" has type "ASCII text"- [targetUID: 00000000-00007812]
"Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Web Data]- [targetUID: 00000000-00007812]
"Visited Links" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Visited Links]- [targetUID: 00000000-00007812]
"safety_tips.pb" has type "data"- Location: [%TEMP%\7812_1752302345\safety_tips.pb]- [targetUID: 00000000-00007812]
"data_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0]- [targetUID: 00000000-00006096]
"sslkey.txt" has type "data"- Location: [%TEMP%\sslkey.txt]- [targetUID: 00000000-00007812]
"Tabs_13333641043011514" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sessions\Tabs_13333641043011514]- [targetUID: 00000000-00007812]
"101a6aae-054f-42af-9e17-3d3c0f19c1ff.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Ad Blocking\101a6aae-054f-42af-9e17-3d3c0f19c1ff.tmp]- [targetUID: 00000000-00007812]
"f_0004d4" has type "JPEG image data Exif standard: [TIFF image data little-endian direntries=1 software=Adobe Photoshop 2020 Windows] baseline precision 8 375x195 components 3"- [targetUID: N/A]
"f_0004d3" has type "JPEG image data Exif standard: [TIFF image data little-endian direntries=1 software=Adobe Photoshop CC 2019 (Windows)] baseline precision 8 375x195 components 3"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d3]- [targetUID: 00000000-00006096]
"f_000500" has type "gzip compressed data from Unix original size modulo 2^32 378271"- [targetUID: N/A]
"Diagnostic Data-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]
"f_0004fd" has type "data"- [targetUID: N/A]
"f_0004fc" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004fc]- [targetUID: 00000000-00006096]
"f_0004f3" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004f3]- [targetUID: 00000000-00006096]
"f_0004f8" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004f8]- [targetUID: 00000000-00006096]
"f_0004fa" has type "data"- [targetUID: N/A]
"f_0004c5" has type "gzip compressed data from Unix original size modulo 2^32 716522"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c5]- [targetUID: 00000000-00006096]
"f_0004f7" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004f7]- [targetUID: 00000000-00006096]
"f_0004ee" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004ee]- [targetUID: 00000000-00006096]
"f_0004d2" has type "JPEG image data Exif standard: [TIFF image data little-endian direntries=1 software=Adobe Photoshop 2022 Windows] baseline precision 8 375x195 components 3"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d2]- [targetUID: 00000000-00006096]
"f_0004f6" has type "data"- [targetUID: N/A]
"f_0004f5" has type "data"- [targetUID: N/A]
"f_0004fe" has type "data"- [targetUID: N/A]
"f_0004f9" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004f9]- [targetUID: 00000000-00006096]
"f_0004e8" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004e8]- [targetUID: 00000000-00006096]
"f_0004ea" has type "data"- [targetUID: N/A]
"fac7b61c-7f7f-4d00-a4a8-0f749c3fe6a7.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\fac7b61c-7f7f-4d00-a4a8-0f749c3fe6a7.tmp]- [targetUID: 00000000-00007812]
"37450456-e5ae-4c6e-99d1-dbd2caa4881d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\37450456-e5ae-4c6e-99d1-dbd2caa4881d.tmp]- [targetUID: 00000000-00007812]
"e254ee18-4c0f-4242-9ea2-54f72e105f3a.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\e254ee18-4c0f-4242-9ea2-54f72e105f3a.tmp]- [targetUID: 00000000-00007812]
"fd9800c8-8528-4f5d-8562-e7bda7dd5242.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\fd9800c8-8528-4f5d-8562-e7bda7dd5242.tmp]- [targetUID: 00000000-00007812]
"c2f1f686-b3c3-470d-bd64-caed30f1e481.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\c2f1f686-b3c3-470d-bd64-caed30f1e481.tmp]- [targetUID: 00000000-00007812]
"c576e1c2-33c0-48b6-a851-c70fb970cdd6.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\c576e1c2-33c0-48b6-a851-c70fb970cdd6.tmp]- [targetUID: 00000000-00007812]
"4ff2c044-a090-422d-91f4-15fc90d957d1.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\4ff2c044-a090-422d-91f4-15fc90d957d1.tmp]- [targetUID: 00000000-00007812]
"e7aaae16-7f5a-47a1-a8cc-a0f3c4fade0f.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\e7aaae16-7f5a-47a1-a8cc-a0f3c4fade0f.tmp]- [targetUID: 00000000-00007812]
"5be78969-ebea-4e70-ae2e-211b0dec4f7b.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\5be78969-ebea-4e70-ae2e-211b0dec4f7b.tmp]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-hub\ru\strings.json]- [targetUID: 00000000-00007812]
"f_0004e5" has type "data"- [targetUID: N/A]
"f_0004ec" has type "data"- [targetUID: N/A]
"f_0004ef" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004ef]- [targetUID: 00000000-00006096]
"f_0004e3" has type "data"- [targetUID: N/A]
"f_0004e7" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004e7]- [targetUID: 00000000-00006096]
"f_0004e4" has type "data"- [targetUID: N/A]
"f_0004eb" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004eb]- [targetUID: 00000000-00006096]
"f_0004e2" has type "data"- [targetUID: N/A]
"f_0004e9" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004e9]- [targetUID: 00000000-00006096]
"Network Action Predictor" has type "SQLite 3.x database last written using SQLite version 3039003"- [targetUID: N/A]
"f_0004fb" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004fb]- [targetUID: 00000000-00006096]
"f_0004f4" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004f4]- [targetUID: 00000000-00006096]
"f_0004f0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004f0]- [targetUID: 00000000-00006096]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-hub\ar\strings.json]- [targetUID: 00000000-00007812]
"History-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\History-journal]- [targetUID: 00000000-00007812]
"000004.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000004.log]- [targetUID: 00000000-00007812]
"f_0004f2" has type "JPEG image data JFIF standard 1.01 aspect ratio density 72x72 segment length 16 Exif Standard: [TIFF image data big-endian direntries=1] baseline precision 8 575x200 components 3"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004f2]- [targetUID: 00000000-00006096]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-hub\ja\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-hub\fr-CA\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-hub\fr\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-hub\de\strings.json]- [targetUID: 00000000-00007812]
"f_0004e1" has type "JPEG image data JFIF standard 1.01 aspect ratio density 72x72 segment length 16 Exif Standard: [TIFF image data big-endian direntries=1] baseline precision 8 575x200 components 3"- [targetUID: N/A]
"f_0004d6" has type "gzip compressed data from Unix original size modulo 2^32 174794"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d6]- [targetUID: 00000000-00006096]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-hub\pt-PT\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-hub\it\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-hub\es\strings.json]- [targetUID: 00000000-00007812]
"f_0004da" has type "JPEG image data JFIF standard 1.01 aspect ratio density 72x72 segment length 16 Exif Standard: [TIFF image data big-endian direntries=1] baseline precision 8 575x200 components 3"- [targetUID: N/A]
"domain_list_output_encoded_base64.txt" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\7812_1556834814\domain_list_output_encoded_base64.txt]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-hub\pt-BR\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-hub\nl\strings.json]- [targetUID: 00000000-00007812]
"Cookies" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\Cookies]- [targetUID: 00000000-00006096]
"f_0004f1" has type "JPEG image data JFIF standard 1.01 aspect ratio density 72x72 segment length 16 Exif Standard: [TIFF image data big-endian direntries=1] baseline precision 8 400x250 components 3"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004f1]- [targetUID: 00000000-00006096]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-hub\sv\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-hub\id\strings.json]- [targetUID: 00000000-00007812]
"f_0004dc" has type "JPEG image data Exif standard: [TIFF image data little-endian direntries=0] baseline precision 8 575x200 components 3"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004dc]- [targetUID: 00000000-00006096]
"f_0004d9" has type "data"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-hub\en-GB\strings.json]- [targetUID: 00000000-00007812]
"Favicons" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Favicons]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-hub\zh-Hant\strings.json]- [targetUID: 00000000-00007812]
"f_0004e6" has type "JPEG image data JFIF standard 1.01 aspect ratio density 72x72 segment length 16 Exif Standard: [TIFF image data big-endian direntries=1] baseline precision 8 400x250 components 3"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004e6]- [targetUID: 00000000-00006096]
"checkoutdata.json" has type "JSON data"- [targetUID: N/A]
"f_0004c9" has type "gzip compressed data from Unix original size modulo 2^32 127011"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-hub\zh-Hans\strings.json]- [targetUID: 00000000-00007812]
"f_0004db" has type "JPEG image data JFIF standard 1.01 aspect ratio density 72x72 segment length 16 Exif Standard: [TIFF image data big-endian direntries=1] baseline precision 8 400x250 components 3"- [targetUID: N/A]
"f_0004df" has type "JPEG image data Exif standard: [TIFF image data little-endian direntries=0] baseline precision 8 400x250 components 3"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004df]- [targetUID: 00000000-00006096]
"f_0004e0" has type "JPEG image data Exif standard: [TIFF image data little-endian direntries=0] baseline precision 8 375x195 components 3"- [targetUID: N/A]
"f_0004c3" has type "gzip compressed data from Unix original size modulo 2^32 346724"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c3]- [targetUID: 00000000-00006096]
"Cookies-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\Cookies-journal]- [targetUID: 00000000-00006096]
"Network Action Predictor-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network Action Predictor-journal]- [targetUID: 00000000-00007812]
"f_0004c4" has type "gzip compressed data from Unix original size modulo 2^32 91741"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c4]- [targetUID: 00000000-00006096]
"f_0004dd" has type "JPEG image data Exif standard: [TIFF image data little-endian direntries=0] baseline precision 8 375x195 components 3"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004dd]- [targetUID: 00000000-00006096]
"f_0004de" has type "JPEG image data Exif standard: [TIFF image data little-endian direntries=0] baseline precision 8 375x195 components 3"- [targetUID: N/A]
"Favicons-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Favicons-journal]- [targetUID: 00000000-00007812]
"Vpn Tokens" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Vpn Tokens]- [targetUID: 00000000-00007812]
"f_0004ff" has type "gzip compressed data last modified: Tue Jul 11 15:42:45 2023 max compression from Unix original size modulo 2^32 79327"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004ff]- [targetUID: 00000000-00006096]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log]- [targetUID: 00000000-00007812]
"f_0004d1" has type "Web Open Font Format (Version 2) TrueType length 26116 version 1.0"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d1]- [targetUID: 00000000-00006096]
"f_0004cd" has type "Web Open Font Format (Version 2) TrueType length 26080 version 1.0"- [targetUID: N/A]
"f_0004cc" has type "Web Open Font Format (Version 2) TrueType length 25844 version 1.0"- [targetUID: N/A]
"f_0004cf" has type "Web Open Font Format (Version 2) TrueType length 25404 version 1.0"- [targetUID: N/A]
"shopping_iframe_driver.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"f_0004ce" has type "Web Open Font Format (Version 2) TrueType length 24724 version 1.0"- [targetUID: N/A]
"f_0004c8" has type "gzip compressed data from Unix original size modulo 2^32 72095"- [targetUID: N/A]
"wallet-tokenization-config.json" has type "ASCII text"- [targetUID: N/A]
"1c086f69-5d89-414c-9751-1eaf01836470.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\1c086f69-5d89-414c-9751-1eaf01836470.tmp]- [targetUID: 00000000-00007812]
"af3d2077-90b5-4ea3-a6f0-e089cd2f086c.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\af3d2077-90b5-4ea3-a6f0-e089cd2f086c.tmp]- [targetUID: 00000000-00007812]
"f_0004ca" has type "gzip compressed data from Unix original size modulo 2^32 86277"- [targetUID: N/A]
"62d0024d-cbb9-4a45-a146-a7267df4afeb.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\62d0024d-cbb9-4a45-a146-a7267df4afeb.tmp]- [targetUID: 00000000-00007812]
"0989972e-d0d7-4401-9f5b-0fa8076f704a.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\0989972e-d0d7-4401-9f5b-0fa8076f704a.tmp]- [targetUID: 00000000-00007812]
"457e6bf0-61be-4ba8-946d-695b7b5a0aed.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\457e6bf0-61be-4ba8-946d-695b7b5a0aed.tmp]- [targetUID: 00000000-00007812]
"94ffbba3-d06f-42ed-97fc-5060014b6990.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\94ffbba3-d06f-42ed-97fc-5060014b6990.tmp]- [targetUID: 00000000-00007812]
"crl-set" has type "data"- Location: [%TEMP%\7812_1469207032\crl-set]- [targetUID: 00000000-00007812]
"f_0004c6" has type "gzip compressed data from Unix original size modulo 2^32 119683"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c6]- [targetUID: 00000000-00006096]
"f_0004d7" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d7]- [targetUID: 00000000-00006096]
"f_0004ed" has type "gzip compressed data from Unix original size modulo 2^32 76959"- [targetUID: N/A]
"super_coupon.json" has type "JSON data"- [targetUID: N/A]
"Shortcuts" has type "SQLite 3.x database last written using SQLite version 3039003"- [targetUID: N/A]
"f_0004cb" has type "gzip compressed data from Unix original size modulo 2^32 88997"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004cb]- [targetUID: 00000000-00006096]
"arbitration_service_config.json" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\arbitration_service_config.json]- [targetUID: 00000000-00007812]
"f_0004c7" has type "gzip compressed data from Unix original size modulo 2^32 56512"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c7]- [targetUID: 00000000-00006096]
"load-ec-i18n.bundle.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-ec\ru\strings.json]- [targetUID: 00000000-00007812]
"driver-signature.txt" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\7812_479589913\driver-signature.txt]- [targetUID: 00000000-00007812]
"WebAssistDatabase" has type "SQLite 3.x database last written using SQLite version 3039003"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-ec\ar\strings.json]- [targetUID: 00000000-00007812]
"temp-index" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index]- [targetUID: 00000000-00007812]
"Session_13333641042278108" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sessions\Session_13333641042278108]- [targetUID: 00000000-00007812]
"Shortcuts-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Shortcuts-journal]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-ec\ja\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-ec\fr-CA\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-ec\fr\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-ec\de\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-ec\it\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-ec\pt-PT\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-ec\es\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-ec\nl\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-ec\pt-BR\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-ec\sv\strings.json]- [targetUID: 00000000-00007812]
"bnpl_driver.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\7812_479589913\bnpl_driver.js]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-ec\id\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-ec\zh-Hant\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-ec\en-GB\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-ec\zh-Hans\strings.json]- [targetUID: 00000000-00007812]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log]- [targetUID: 00000000-00007812]
"000004.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Session Storage\000004.log]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-notification-shared\ru\strings.json]- [targetUID: 00000000-00007812]
"feff875d-1ff4-40db-9c81-68dea805ad35.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\feff875d-1ff4-40db-9c81-68dea805ad35.tmp]- [targetUID: 00000000-00006096]
"44062907-44c7-4954-8aa6-b5134dd94171.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\44062907-44c7-4954-8aa6-b5134dd94171.tmp]- [targetUID: 00000000-00006096]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-shared-components\zh-Hans\strings.json]- [targetUID: 00000000-00007812]
"WebAssistDatabase-journal" has type "SQLite Rollback Journal"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-notification-shared\ar\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-notification-shared\ja\strings.json]- [targetUID: 00000000-00007812]
"mini-wallet.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\7812_479589913\Mini-Wallet\mini-wallet.html]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-notification-shared\fr\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-notification-shared\de\strings.json]- [targetUID: 00000000-00007812]
"0300f778-1a03-4d62-b54f-d5924d236f54.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"ca650d8d-b6a0-4269-89f4-c6e733fd28b8.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-notification-shared\pt-PT\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-notification-shared\es\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-notification-shared\it\strings.json]- [targetUID: 00000000-00007812]
"6465a792-1cdf-47b6-985c-7b53493b84bc.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\6465a792-1cdf-47b6-985c-7b53493b84bc.tmp]- [targetUID: 00000000-00006096]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-notification-shared\nl\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-notification-shared\pt-BR\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-notification-shared\sv\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-notification-shared\id\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-notification-shared\zh-Hant\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-notification-shared\en-GB\strings.json]- [targetUID: 00000000-00007812]
"notification.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\7812_479589913\Notification\notification.html]- [targetUID: 00000000-00007812]
"dea2a8c3-2de3-4ca0-8fa9-0b24e2ceab1b.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\dea2a8c3-2de3-4ca0-8fa9-0b24e2ceab1b.tmp]- [targetUID: 00000000-00006096]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-notification-shared\zh-Hans\strings.json]- [targetUID: 00000000-00007812]
"fc94a043-9a7e-447e-93ff-6f9cd3ef937b.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\fc94a043-9a7e-447e-93ff-6f9cd3ef937b.tmp]- [targetUID: 00000000-00006096]
"Web Data-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Web Data-journal]- [targetUID: 00000000-00007812]
"Vpn Tokens-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Vpn Tokens-journal]- [targetUID: 00000000-00007812]
"f01ac2bd-5ecf-4eec-924b-045bdab5aa1f.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\f01ac2bd-5ecf-4eec-924b-045bdab5aa1f.tmp]- [targetUID: 00000000-00006096]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-mobile-hub\ru\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-mobile-hub\ar\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-mobile-hub\ja\strings.json]- [targetUID: 00000000-00007812]
"typosquatting_list.pb" has type "data"- Location: [%TEMP%\7812_1752302345\typosquatting_list.pb]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-mobile-hub\fr\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-mobile-hub\de\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-mobile-hub\pt-PT\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-mobile-hub\nl\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-mobile-hub\id\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-mobile-hub\it\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-mobile-hub\es\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-mobile-hub\pt-BR\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-mobile-hub\sv\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-mobile-hub\en-GB\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-mobile-hub\zh-Hans\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-mobile-hub\zh-Hant\strings.json]- [targetUID: 00000000-00007812]
"f6a4f247dbf4d697c26b375e3580d6053baf25f5.tbres" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\TokenBroker\Cache\f6a4f247dbf4d697c26b375e3580d6053baf25f5.tbres]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-tokenized-card\fr-CA\strings.json]- [targetUID: 00000000-00007812]
"edge_autofill_global_block_list.json" has type "JSON data"- Location: [%TEMP%\7812_1556834814\edge_autofill_global_block_list.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-tokenized-card\es\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-tokenized-card\it\strings.json]- [targetUID: 00000000-00007812]
"runtime.bundle.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-tokenized-card\id\strings.json]- [targetUID: 00000000-00007812]
"wallet-crypto.html" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]
"wallet.html" has type "HTML document ASCII text with very long lines"- [targetUID: 00000000-00007812]
"wallet-drawer.html" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]
"wallet-drawer.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"verified_contents.json" has type "JSON data"- Location: [%TEMP%\7812_1752302345\_metadata\verified_contents.json]- [targetUID: 00000000-00007812]
"bnpl.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\7812_479589913\bnpl\bnpl.bundle.js.LICENSE.txt]- [targetUID: 00000000-00007812]
"vendor.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\7812_479589913\vendor.bundle.js.LICENSE.txt]- [targetUID: 00000000-00007812]
"tokenized-card.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\7812_479589913\Tokenized-Card\tokenized-card.html]- [targetUID: 00000000-00007812]
"bnpl.html" has type "HTML document ASCII text with very long lines"- Location: [%TEMP%\7812_479589913\bnpl\bnpl.html]- [targetUID: 00000000-00007812]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log]- [targetUID: 00000000-00007812]
"load-hub-i18n.bundle.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log]- [targetUID: 00000000-00007812]
"notification.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG]- [targetUID: 00000000-00007812]
"1bc9538e99237e09_0" has type "data"- [targetUID: N/A]
"hub-signature.txt" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\7812_479589913\hub-signature.txt]- [targetUID: 00000000-00007812]
"wallet-notification-config.json" has type "ASCII text"- [targetUID: N/A]
"MANIFEST-000001" has type "PGP Secret Key -"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001]- [targetUID: 00000000-00007812]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG]- [targetUID: 00000000-00007812]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG]- [targetUID: 00000000-00007812]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG]- [targetUID: 00000000-00007812]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Platform Notifications\LOG]- [targetUID: 00000000-00007812]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG]- [targetUID: 00000000-00007812]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG]- [targetUID: 00000000-00007812]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Session Storage\LOG]- [targetUID: 00000000-00007812]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Extension State\LOG]- [targetUID: 00000000-00007812]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\LOG]- [targetUID: 00000000-00007812]
"1fb2fcdf22f099fc_0" has type "data"- [targetUID: N/A]
"f78ebec6e38f6f50_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\f78ebec6e38f6f50_0]- [targetUID: 00000000-00007812]
"LOG" has type "ASCII text"- [targetUID: 00000000-00007812]
"28154138ac7c008f_0" has type "data"- [targetUID: N/A]
"miniwallet.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"b1f062f255ca47ee_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\b1f062f255ca47ee_0]- [targetUID: 00000000-00007812]
"0220ca96dd8e9252_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\0220ca96dd8e9252_0]- [targetUID: 00000000-00007812]
"0f8096dfa7cf5ce8_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\0f8096dfa7cf5ce8_0]- [targetUID: 00000000-00007812]
"3d7d12183d00dff2_0" has type "data"- [targetUID: N/A]
"settings.dat" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Crashpad\settings.dat]- [targetUID: 00000000-00007572]
"1aba86cb9d2aa563_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\1aba86cb9d2aa563_0]- [targetUID: 00000000-00007812]
"1f931cf7f54c73ab_0" has type "data"- [targetUID: N/A]
"c8c6a3ced8f32c0b_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\c8c6a3ced8f32c0b_0]- [targetUID: 00000000-00007812]
"b408920df03f0215_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\b408920df03f0215_0]- [targetUID: 00000000-00007812]
"481428db3e82ecd2_0" has type "data"- [targetUID: N/A]
"27fe46f9cda84151_0" has type "data"- [targetUID: N/A]
"a4d1a95bf6633766_0" has type "data"- [targetUID: N/A]
"9db2516537c87f4a_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\9db2516537c87f4a_0]- [targetUID: 00000000-00007812]
"1d4dccee5b36cd05_0" has type "data"- [targetUID: N/A]
"87b7a0c8bd6eb8e6_0" has type "data"- [targetUID: N/A]
"53c514c2a582fa5b_0" has type "data"- [targetUID: N/A]
"f885683f1be2dcd6_0" has type "data"- [targetUID: N/A]
"d5f9c6f90252605a_0" has type "data"- [targetUID: N/A]
"321e2507c6dda013_0" has type "data"- [targetUID: N/A]
"ed06b98f992b701e_0" has type "data"- [targetUID: N/A]
"fe1da9f8010300c4_0" has type "data"- [targetUID: N/A]
"40c561e01597486e_0" has type "data"- [targetUID: N/A]
"a22a8f1f3f41b0f8_0" has type "data"- [targetUID: N/A]
"1a7791b09a600ca5_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\1a7791b09a600ca5_0]- [targetUID: 00000000-00007812]
"0dc207d207571e30_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\0dc207d207571e30_0]- [targetUID: 00000000-00007812]
"be68e79ba67ca07b_0" has type "data"- [targetUID: N/A]
"ebd14e8cbd6ec69a_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\ebd14e8cbd6ec69a_0]- [targetUID: 00000000-00007812]
"fb083bdc655eb6d3_0" has type "data"- [targetUID: N/A]
"277068c711333237_0" has type "data"- [targetUID: N/A]
"018908845dd55b76_0" has type "data"- [targetUID: N/A]
"5cd063105a9bdc39_0" has type "data"- [targetUID: N/A]
"9ba2677b57fc848d_0" has type "data"- [targetUID: N/A]
"3ebe6f320afc4003_0" has type "data"- [targetUID: N/A]
"ca466760413a3507_0" has type "data"- [targetUID: N/A]
"2a7fdf8f56bdd77e_0" has type "data"- [targetUID: N/A]
"53496315543ddfc5_0" has type "data"- [targetUID: N/A]
"a7b150333df48101_0" has type "data"- [targetUID: N/A]
"e65df71b1b3cffd7_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\e65df71b1b3cffd7_0]- [targetUID: 00000000-00007812]
"454d6c68b960e1df_0" has type "data"- [targetUID: N/A]
"1cd69e8b11312cf2_0" has type "data"- [targetUID: N/A]
"4c608f73e6530686_0" has type "data"- [targetUID: N/A]
"28754074f5dc03cc_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\28754074f5dc03cc_0]- [targetUID: 00000000-00007812]
"9be8de63e8a61c92_0" has type "data"- [targetUID: N/A]
"8e4a0626066dbb11_0" has type "data"- [targetUID: N/A]
"63a6269e0a8db5c3_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\63a6269e0a8db5c3_0]- [targetUID: 00000000-00007812]
"302e03bc661b9322_0" has type "data"- [targetUID: N/A]
"a28699c115302c37_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\a28699c115302c37_0]- [targetUID: 00000000-00007812]
"94ebd4f58cb0dc5c_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\94ebd4f58cb0dc5c_0]- [targetUID: 00000000-00007812]
"d7d937dd61f138c2_0" has type "data"- [targetUID: N/A]
"4eb068abb924ebba_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\4eb068abb924ebba_0]- [targetUID: 00000000-00007812]
"4dcab1489f18ac65_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\4dcab1489f18ac65_0]- [targetUID: 00000000-00007812]
"ee279fcc94306c05_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\ee279fcc94306c05_0]- [targetUID: 00000000-00007812]
"e45424fc359c8dd6_0" has type "data"- [targetUID: N/A]
"7fdb68875348ca40_0" has type "data"- [targetUID: N/A]
"59cd0bdc88b07019_0" has type "data"- [targetUID: N/A]
"070d3c440a22e2ff_0" has type "data"- [targetUID: N/A]
"a196a0db73eb05d7_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\a196a0db73eb05d7_0]- [targetUID: 00000000-00007812]
"d2e961d263334fb3_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\d2e961d263334fb3_0]- [targetUID: 00000000-00007812]
"83e5737e1e7dab80_0" has type "data"- [targetUID: N/A]
"8f7596f1b94324b5_0" has type "data"- [targetUID: N/A]
"1ea3e077d10bb2e7_0" has type "data"- [targetUID: N/A]
"efa7ed977e7a65be_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\efa7ed977e7a65be_0]- [targetUID: 00000000-00007812]
"2028e3e98813bc75_0" has type "data"- [targetUID: N/A]
"e1973ece0b474350_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\e1973ece0b474350_0]- [targetUID: 00000000-00007812]
"32cadadbbc9c65b3_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\32cadadbbc9c65b3_0]- [targetUID: 00000000-00007812]
"1f24d98eac57f7a3_0" has type "data"- [targetUID: N/A]
"f738933c6a1d828b_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\f738933c6a1d828b_0]- [targetUID: 00000000-00007812]
"7543600a0f928dd0_0" has type "data"- [targetUID: N/A]
"117dc8910059e7e5_0" has type "data"- [targetUID: N/A]
"e85a81569c945fa8_0" has type "data"- [targetUID: N/A]
"d4a96c4592a5ba97_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\d4a96c4592a5ba97_0]- [targetUID: 00000000-00007812]
"8338b9c40a7fd42d_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\8338b9c40a7fd42d_0]- [targetUID: 00000000-00007812]
"973ea28ba02d25f6_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\973ea28ba02d25f6_0]- [targetUID: 00000000-00007812]
"0fb47bfbf005ef89_0" has type "data"- [targetUID: N/A]
"a573b6c2bf90b418_0" has type "data"- [targetUID: N/A]
"b0aeb1073226ac7c_0" has type "data"- [targetUID: N/A]
"154e809222a9efd4_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\154e809222a9efd4_0]- [targetUID: 00000000-00007812]
"74e130ca562def3c_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\74e130ca562def3c_0]- [targetUID: 00000000-00007812]
"542fbd4c62bb4819_0" has type "data"- [targetUID: N/A]
"062d6c047d877acb_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\062d6c047d877acb_0]- [targetUID: 00000000-00007812]
"regex_patterns.json" has type "JSON data"- Location: [%TEMP%\7812_1556834814\regex_patterns.json]- [targetUID: 00000000-00007812]
"c004aab71e5a9e5a_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\c004aab71e5a9e5a_0]- [targetUID: 00000000-00007812]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG]- [targetUID: 00000000-00007812]
"0065dd00b6bfe405_0" has type "data"- [targetUID: N/A]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\7812_1128998947\manifest.json]- [targetUID: 00000000-00007812]
"crypto.bundle.js" has type "ASCII text with no line terminators"- Location: [%TEMP%\7812_479589913\crypto.bundle.js]- [targetUID: 00000000-00007812]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\7812_479589913\manifest.json]- [targetUID: 00000000-00007812]
"Last Browser" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Last Browser]- [targetUID: 00000000-00007812]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\7812_1556834814\manifest.json]- [targetUID: 00000000-00007812]
"manifest.json" has type "JSON data"- Location: [%TEMP%\7812_1469207032\manifest.json]- [targetUID: 00000000-00007812]
"README.md" has type "ASCII text"- [targetUID: N/A]
"Variations" has type "JSON data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Variations]- [targetUID: 00000000-00007812]
"manifest.json" has type "JSON data"- Location: [%TEMP%\7812_1752302345\manifest.json]- [targetUID: 00000000-00007812]
"manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\7812_479589913\manifest.fingerprint]- [targetUID: 00000000-00007812]
"manifest.fingerprint" has type "ASCII text with no line terminators"- [targetUID: 00000000-00007812]
"000012.log" has type "data"- [targetUID: N/A]
".ses" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]
"MANIFEST-000001" has type "PGP Secret Key -"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001]- [targetUID: 00000000-00007812]
"app-setup.js" has type "ASCII text with no line terminators"- Location: [%TEMP%\7812_479589913\app-setup.js]- [targetUID: 00000000-00007812]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log]- [targetUID: 00000000-00007812]
"000001.dbtmp" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp]- [targetUID: 00000000-00007812]
"Last Version" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Last Version]- [targetUID: 00000000-00007812]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\7812_479589913\json\i18n-notification\de\strings.json]- [targetUID: 00000000-00007812]
"262f0ad5-d0c0-4c1f-b7a5-8314facd69da.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\262f0ad5-d0c0-4c1f-b7a5-8314facd69da.tmp]- [targetUID: 00000000-00007812]
"30784db0-393c-4b5a-bff8-4d48dd346169.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\30784db0-393c-4b5a-bff8-4d48dd346169.tmp]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-notification-shared\fr-CA\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "JSON data"- Location: [%TEMP%\7812_479589913\json\i18n-mobile-hub\fr-CA\strings.json]- [targetUID: 00000000-00007812]
"tokenized-card.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"app-setup.js" has type "ASCII text with no line terminators"- [targetUID: 00000000-00007812]
"strings.json" has type "ASCII text with no line terminators"- [targetUID: 00000000-00007812]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\7812_479589913\json\i18n-notification\zh-Hant\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\7812_479589913\json\i18n-notification\ar\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\7812_479589913\json\i18n-notification\en-GB\strings.json]- [targetUID: 00000000-00007812]
"strings.json" has type "ASCII text with no line terminators"- Location: [%TEMP%\7812_479589913\json\i18n-notification\pt-BR\strings.json]- [targetUID: 00000000-00007812] - source
- Binary File
- relevance
- 3/10
- ATT&CK ID
- T1105 (Show technique in the MITRE ATT&CK™ matrix)
-
Drops a license file
- details
-
"wallet-drawer.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"bnpl.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\7812_479589913\bnpl\bnpl.bundle.js.LICENSE.txt]- [targetUID: 00000000-00007812]
"vendor.bundle.js.LICENSE.txt" has type "ASCII text"- Location: [%TEMP%\7812_479589913\vendor.bundle.js.LICENSE.txt]- [targetUID: 00000000-00007812]
"notification.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"miniwallet.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A]
"tokenized-card.bundle.js.LICENSE.txt" has type "ASCII text"- [targetUID: N/A] - source
- Binary File
- relevance
- 1/10
- ATT&CK ID
- T1083 (Show technique in the MITRE ATT&CK™ matrix)
-
Dropped files
-
Network Related
-
Communicates with HTTP webserver (GET/POST requests)
- details
- Found http requests in header "GET /"
- source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071.001 (Show technique in the MITRE ATT&CK™ matrix)
-
Contacts random domain names
- details
- "script.crazyegg.com" seems to be random
- source
- Network Traffic
- relevance
- 5/10
- ATT&CK ID
- T1071.001 (Show technique in the MITRE ATT&CK™ matrix)
-
Found mail related domain names
- details
-
Observed email domain:""shop.lovepop.com"," [Source: wallet-checkout-eligible-sites-pre-stable.json]
Observed email domain:""colourpop.com"," [Source: wallet-checkout-eligible-sites-pre-stable.json]
Observed email domain:""canvaspop.com"," [Source: wallet-checkout-eligible-sites-pre-stable.json]
Observed email domain:""aepop.net"," [Source: wallet-pre-stable.json]
Observed email domain:""artpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""avenuepop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""bassettbmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""canvasmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""drinkolipop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""fashionfunpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""fastandloosebmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""flitebmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""fofopop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""gellipop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""gforcemx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""happipop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""hauzofpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""hiccapop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""hijabipop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""jellypop.la"," [Source: wallet-pre-stable.json]
Observed email domain:""kinkbmx.com"," [Source: wallet-pre-stable.json]
Observed email domain:""kloudkpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""knitpop.com"," [Source: wallet-pre-stable.json]
Observed email domain:""kpop.exchange"," [Source: wallet-pre-stable.json]
Observed email domain:""laperlamx.com"," [Source: wallet-pre-stable.json] - source
- File/Memory
- relevance
- 1/10
- ATT&CK ID
- T1071.003 (Show technique in the MITRE ATT&CK™ matrix)
-
Found potential URL in binary/memory
- details
-
Pattern match: "http://bmo.login-lockaccount.com/"
Pattern match: "http://bmo.login-lockaccount.com"
Pattern match: "http://nbc.ca"
Pattern match: "ns.adobe.com/xap/1.0/"
Pattern match: "learn.microsoft.com/https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170https://www.bing.com/0xD3DD54E0377111B56531C055EED96D48522DAF8A56349E5E4953C317C37023A6Fri"
Pattern match: "search.yahoo.com/favicon.icohttps://search.yahoo.com/search{google:pathWildcard}?ei={inputEncoding}&fr=crmas_sfp&p={searchTerms}UTF-8https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command={searchTerms}485bf7d3-0215-45af-87dc-53886800000"
Pattern match: "https://ntp.msn.com/edge/ntp?locale=en&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531edge://settings/profileskeygjgieestate_{edge://settingsedge://settings/edge://settings/?search=smartkeygr10nmstate_{edge://settingsedge://settings/?search=smartedge"
Pattern match: "IL.Ex/oyDT'C"
Pattern match: "b-W6zq.zB/d%rP%"
Pattern match: "DNzqpyR.Ex/3p60QPrW8kbU&d`(,9C`mB8)&,~8"
Pattern match: "27I.JCS/,}!jQGcvTY8g/"
Pattern match: "https://wcpstatic.microsoft.com/https://js.monitor.azure.com/learn.microsoft.com"
Pattern match: "https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redisthttps://www.bing.com/ck/a?!&&p=dda47b155ec1706bJmltdHM9MTY3ODQwNjQwMCZpZ3VpZD0xYmQzZjhjNS1lMTdlLTZ"
Pattern match: "https://ntp.www.office.com&_https://ntp.msn.comCookieSyncExpiry'_https://ntp.msn.comDefaultFeedPolicy_https://ntp.msn.comGpuExist/_https://ntp.msn.comNOTIFICATION_CACHE_LS_KEY_https://ntp.msn.combkgdV+_https://ntp.msn.combreakingNewsDismissed"
Pattern match: "www.nbc.caef_idv10~0www.nbc.cacidv10ur.nbc.cacebsp_v10jp.nbc.cacebsv10m.www.linkedin.combscookiev10:~xG:lF"
Pattern match: "www.nbc.ca/https://nbc.ca/https://href.li/?http://nbc.cahttps://bmo.login-lockaccount.com/http://nbc.ca/http://bmo.login-lockaccount.com/9https://ntp.msn.com/edge/ntp?locale=en&title=New+tab&dsp=1&sp=Bing&startpage=1&PC=U531]=https://ntp.msn.com/edge/ntp?l"
Pattern match: "www.bing.com/search?q=vs+code+download&cvid=b24c929981144c99bf0711b78929e24e&aqs=edge.2.0j69i57j0l7&pglt=43&FORM=ANSPA1&PC=U53136f0ed70-14c9-4735-a66d-8f4ea182c246vs"
Pattern match: "https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redisthttps://www.bing.com/ck/a?!&&p=dda47b155ec1706bJmltdHM9MTY3ODQwNjQwMCZpZ3VpZD0xYmQzZjhjNS1lMTdlLTZkNzctMWUxYi1lYWE2ZTU3ZTYzMzUmaW5zaWQ9NTE4Ng&ptn=3&hsh=3&fclid=1bd3f8c5-e17e-6d77-1e1b-"
Pattern match: "github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.4.7/npp.8.4.7.portable.x64.7zhttps://objects.githubusercontent.com/github-production-release-asset-2e65be/33014811/42d9bc38-89f0-48d8-94ec-d1f3649d2fc3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-A"
Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE53r3l?ver=5412,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE53bta?ver=2bf3,update_period:86400},creativeId:128000000003595"
Pattern match: "https://www.coupert.com"
Pattern match: "www.nbc.ca/Personal"
Pattern match: "https://href.li/?http://nbc.cahttp://bmo.login-lockaccount.com/https://www.nbc.ca/https://href.lihttps://href.li/?http://nbc.cahttps://href.li/?http://nbc.cahttps://www.nbc.ca/https://www.nbc.cahttps://href.lihttps://href.li/?http://nbc.cahttps://href.li/?"
Pattern match: "www.bing.com/search?q=vs+crt+redist&cvid=b24c929981144c99bf0711b78929e24e&aqs=edge..69i57j0.6642j0j1&pglt=43&FORM=ANSPA1&PC=U531vs"
Pattern match: "http://www.w3.org/2000/svg,svg"
Pattern match: "https://ntp.msn.com/REG:https://ntp.msn.com/https://ntp.msn.com/edge/ntp.https://ntp.msn.com/edge/ntp/service-worker.js"
Pattern match: "https://googleads.g.doubleclick.net/next-map-idQnamespace-3bbc91a6_51d0_4200_9fa7_2e3ec0fddf25-https://tpc.googlesyndication.com/34U"
Pattern match: "https://www.clarity.ms,supports_spdy:true},{anonymization:[],server:https://microsoftedgewelcome.microsoft.com,supports_spdy:true},{anonymization:[],server:https://edgefrecdn.azureedge.net,supports_spdy:true},{anonymization:[],server"
Pattern match: "https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170https://notepad-plus-plus.org/downloads/v8.4.7/https://notepad-plus-plus.org/whttps://microsoftedgewelcome.microsoft.com/en-us/update/107?form=MT00CP&exp=e157&channel=sta"
Pattern match: "1123movies.la/123moviess.la/3dmmgame.com/4playstation.com/aashingtonpost.com/adultdfriendfinder.com/aircananda.com/aks.ms/alaskaaair.com/alibabaa.com/alibbaba.com/alrecipes.com/ameritraade.com/answwers.com/arketwatch.com/ashshleyfurniture.com/ationalgeogra"
Pattern match: "autofill.account.microsoft.com/,type"
Pattern match: "jedwatson.github.io/classnames"
Pattern match: "https://github.com/focus-trap/tabbable/blob/master/LICENSE"
Pattern match: "https://github.com/jsstyles/css-vendor"
Pattern match: "googleads.g.doubleclick.net/pagead/viewthroughconversion/997986505/?random=1689167481235&cv=11&fst=1689167481235&bg=ffffff&guid=ON&async=1>m=45be37a0&u_w=1024&u_h=611&url=https%3A%2F%2Fwww.nbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=Personal%20Banki"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites-toolkit/clientlibs/web-sites-toolkit/toolkit-clientlib/clientlibs/vendor/lodash.min.bbfd8cafbab04e30bd815eed67298ad7.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites-toolkit/components/content/chatbot/clientlibs/site/vendor/bnc-rasa-webchat.min.af84bca3efd3f57558ac2382710f47a8.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites-toolkit/core/wcm/components/genericPanel/v1/genericPanel/clientlibs/site.min.8bd3357c8782030bd34e3822ff5765c2.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites/components/collapse/clientlibs/site/collapse-responsive.min.f1982add99979bd7fb676e4ecdf600fa.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites-toolkit/components/content/chatbot/clientlibs/site.min.5255d53222eec1d438f89699d34eee4f.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites/clientlibs/vendor/jquery/jquery-sticky-1-0-4.min.d5e7a9bffb846f6dd95e8d023e6f694f.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites-toolkit/clientlibs/clientlib-core-components.min.3d0337d020fae1613e160556c951c1d2.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites-react/components/navigation-menu/clientlib.min.c31d6d353bd2218c376a5d6571b328d8.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites/clientlibs/core/responsiveBootstrapToolkit.min.fda473445d3229d9c56982d552785b22.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites-react/components/web-sites-react/clientlib.min.128f8166578dee3c51c931619202763d.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites-toolkit/clientlibs/clientlib-dependencies.min.bebc2ba61d5f5be79bd7cafdcd3d36f5.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites/clientlibs/core/eventListenerHandlers.min.4602af8a6eeccf8a7e02a6f3becf0918.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites/components/columns/clientlibs/site.min.53a7c9055d7431a7f761ef6280b9ac9d.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites-toolkit/clientlibs/clientlib-base.min.26bbcfe8c0ff8604879d8b6e9f97e073.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RC51f8f075dafa4f14952dbaf801fe60a9-source.min.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RCdf6e9247ce574741818c4da326995878-source.min.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RCcd76915764d248dcb9be3e23a29a2a01-source.min.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RC4b5b6ededb144627b72faebdbdb3d778-source.min.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RCb285433303614c02856bcbff83df0657-source.min.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RC7d15368c7e1942d485ee4d38b8bc1cb9-source.min.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RCc9c390ab622648f4819d9a8e8c94a166-source.min.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RC36ea440554d54e25b096c05f79124b56-source.min.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RC4f2f940866b54a5fa3f00241d0e37510-source.min.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RCb63ee83925554f269b889dee6c8076a1-source.min.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RCad9850fc1c894480b8ab83119b12cab2-source.min.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RCca26d8fafafc4b7d94d2188bf7d5cbc7-source.min.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RCab30cc2c8ef2464a9520dd93e988c52d-source.min.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RCe4e37164e1f0426c8bd33682c6c27ebf-source.min.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RCbb9808ad88a84fbcbcf1f0454f58ca93-source.min.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RC9ce842401aa04724a59f953943a566e1-source.min.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RCdf57f28bdd6446c8b642f8156e637bd1-source.min.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RCa5861e131f2a4e6b882113a6d769bac1-source.min.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RC650c752e9a08436b9e66f011acbd134e-source.min.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RCef961b39fbf14ee785779f443a0d5f2e-source.min.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RC410548622b424071ba752cbeafaccd76-source.min.js"
Pattern match: "assets.adobedtm.com/4c6660b07da2/05b6c28f8c7f/a397ec75480d/RC99eacd67fccf401ea553dca6230af4d4-source.min.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites/clientlibs/core/stickyBehavior.min.81a4b9df09c15476124998587316faed.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites/clientlibs/vendor/jquery/base.min.8378dd18d27d369a41cd582ec02fc311.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites/clientlibs/core/textandimage.min.1d38a0620fc8bca5f07e12236d12b758.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites/clientlibs/core/dataLayer.min.2660f509618f8ec9028cecf26c4b42b2.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites/clientlibs/core/lightbox.min.aa30fbfa9cb1a9790e58df2d1d6c4182.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites/clientlibs/core/basepage.min.e30dfc7efb13dbaad5d83e42d01f1948.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites/clientlibs/core/websites.min.bc3728e8a1f888c9acbc51bfb1e16047.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites/clientlibs/vendor/react.min.45e0671f00ea10ecf34e891cd69b1f90.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites/clientlibs/core/sticky.min.b471292674a50b1fd139829e4ab58f1a.js"
Pattern match: "www.nbc.ca/etc.clientlibs/web-sites/clientlibs/core/modal.min.e7058c8e01737387c405999d043ac03f.js"
Pattern match: "script.crazyegg.com/pages/versioned/common-scripts/61f2689d95e94c6ef599202edd32401c.js"
Pattern match: "resources.digital-cloud.medallia.ca/wdccan/10826/onsite/generic1681812330598.js"
Pattern match: "connect.facebook.net/signals/config/1783130221942772?v=2.9.111&r=stable"
Pattern match: "assets.adobedtm.com/launch-ENce80544c76a04686ae546c50bbd9979e.min.js"
Pattern match: "resources.digital-cloud.medallia.ca/wdccan/10826/onsite/embed.js"
Pattern match: "www.googletagmanager.com/gtag/js?id=AW-997986505&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=AW-832237767&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=AW-832255982&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=AW-822764924&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=AW-832242121&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=AW-822771268&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=AW-700178528&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=AW-870131889&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=AW-700142300&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=AW-828862930&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=AW-700107258&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=AW-822764762&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=AW-593860385&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=AW-700151909&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=DC-9724645&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=DC-9692463&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=DC-9722605&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=DC-9722614&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=DC-9691230&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=DC-9688792&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=DC-9692757&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=DC-9722608&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=DC-9692475&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=DC-9721889&l=cmPixel&cx=c"
Pattern match: "www.googletagmanager.com/gtag/js?id=DC-9693030&l=cmPixel&cx=c"
Pattern match: "script.crazyegg.com/pages/scripts/0057/0890.js?469213"
Pattern match: "app.fintelconnect.com/assets/scripts/fcanalytics.js"
Pattern match: "snap.licdn.com/li.lms-analytics/insight.old.min.js"
Pattern match: "www.googletagmanager.com/gtag/js?id=&l=cmPixel"
Pattern match: "snap.licdn.com/li.lms-analytics/insight.min.js"
Pattern match: "www.datadoghq-browser-agent.com/datadog-rum.js"
Pattern match: "connect.facebook.net/en_US/fbevents.js"
Pattern match: "assets.db/000003.log"
Pattern match: "bat.bing.com/bat.js"
Heuristic match: "bmo.login-lockaccount.com"
Heuristic match: "adobedc.demdex.net"
Heuristic match: "app.fintelconnect.com"
Heuristic match: "assets-tracking.crazyegg.com"
Heuristic match: "cdn.linkedin.oribi.io"
Heuristic match: "connect.facebook.net"
Heuristic match: "edge.adobedc.net"
Heuristic match: "googleads.g.doubleclick.net"
Heuristic match: "href.li"
Heuristic match: "iaaa.apis.bnc.ca"
Heuristic match: "pagestates-tracking.crazyegg.com"
Heuristic match: "resources.digital-cloud.medallia.ca"
Heuristic match: "script.crazyegg.com"
Heuristic match: "tracking.crazyegg.com"
Heuristic match: "udc-neb.kampyle.com"
Pattern match: "http://www.w3.org/2000/svg};class"
Pattern match: "www.datadoghq-browser-agent.com"
Pattern match: "www.facebook.com"
Pattern match: "www.gap.com"
Pattern match: "www.gapfactory.com"
Pattern match: "www2.hm.com"
Pattern match: "www.klarna.com"
Pattern match: "www.google.com"
Pattern match: "www.gstatic.com"
Pattern match: "www.transunion.com"
Pattern match: "www.googletagmanager.com"
Pattern match: "www.googleadservices.com"
Pattern match: "https://reactjs.org/docs/error-decoder.html?invariant=+e,o=1;o"
Pattern match: "http://www.w3.org/2000/svg"
Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"
Pattern match: "www.gapcanada.ca"
Pattern match: "www2.factoryoutletstore.com"
Pattern match: "www2.invoicecloud.com"
Pattern match: "www1.ussailing.org"
Pattern match: "www2.doggysuperfoods.com"
Pattern match: "www1.agenciatributaria.gob.es"
Pattern match: "www9.agenciatributaria.gob.es"
Pattern match: "www.vaxvacationaccess.com"
Pattern match: "www2.promap.co.uk"
Pattern match: "www2.correios.com.br"
Pattern match: "www2.stanlycountync.gov"
Pattern match: "www2.registerblast.com"
Pattern match: "www5.maine.gov"
Pattern match: "www2.haircarerefined.com"
Pattern match: "www2.tonyprotein.com"
Pattern match: "www2.vinesse.com"
Pattern match: "www5.ibackup.com"
Pattern match: "www3.thedatabank.com"
Pattern match: "www2.helminc.com"
Pattern match: "www2.unifyhealthlabs.com"
Pattern match: "www3.benefitsolver.com"
Pattern match: "www1.nobexpartners.com"
Pattern match: "www6.agenciatributaria.gob.es"
Pattern match: "www2.kintsugihair.com"
Pattern match: "www2.lectinblocker.com"
Pattern match: "www1.hhrd.org"
Pattern match: "www6.lifeatworkportal.com"
Pattern match: "www3.mutualofomaha.com"
Pattern match: "www3.masterwriter.com"
Pattern match: "www1.carey.com"
Pattern match: "www2.gundrymdtotalrestore.com"
Pattern match: "www2.ymtvacations.com"
Pattern match: "www2.invisicrepe.com"
Pattern match: "www2.americanprofessional.com"
Pattern match: "www2.ambrose.edu"
Pattern match: "www1.netfirms.com"
Heuristic match: "https_.JJnnm.nbc.ca" - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Communicates with HTTP webserver (GET/POST requests)
-
Unusual Characteristics
-
Detected known bank URL artifact
- details
-
""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")
""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")
""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")
""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")
""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")
""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")
""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")
""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")
""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")
""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")
""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")
""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")
""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""beautiiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""beautyandwhiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")
""bellagracehealthscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""belleandbubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")
""beyondblessedscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com") - source
- File/Memory
- relevance
- 2/10
-
Detected known bank URL artifact
Session Details
No relevant data available.
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 24 processes in total.
-
rundll32.exe
"%WINDIR%\system32\ieframe.dll",OpenURL C:\db062820cf9f79a61018aeb578bbeb7774a93c3e2583bca703a427a82794d623.url
(PID: 6628)
-
msedge.exe
--single-argument http://bmo.login-lockaccount.com/
(PID: 7812)
- msedge.exe --type=crashpad-handler "--user-data-dir=%LOCALAPPDATA%\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=%LOCALAPPDATA%\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=107.0.5304.110 "--annotation=exe=%PROGRAMFILES%\(x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=107.0.1418.56 --initial-client-data=0xcc,0xd0,0xd4,0xc8,0xdc,0x7ffe76f7b208,0x7ffe76f7b218,0x7ffe76f7b228 (PID: 7572)
- msedge.exe --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1864 --field-trial-handle=1972,i,14394708878542561804,108757101134882164,131072 /prefetch:2 (PID: 7584)
- msedge.exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1972,i,14394708878542561804,108757101134882164,131072 /prefetch:3 (PID: 6096)
- msedge.exe --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1972,i,14394708878542561804,108757101134882164,131072 /prefetch:8 (PID: 3728)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --time-ticks-at-unix-epoch=-1689166209078636 --launch-time-ticks=1232695529 --mojo-platform-channel-handle=2784 --field-trial-handle=1972,i,14394708878542561804,108757101134882164,131072 /prefetch:1 (PID: 4032)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --time-ticks-at-unix-epoch=-1689166209078636 --launch-time-ticks=1233453275 --mojo-platform-channel-handle=2804 --field-trial-handle=1972,i,14394708878542561804,108757101134882164,131072 /prefetch:1 (PID: 7796)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3384 --field-trial-handle=1972,i,14394708878542561804,108757101134882164,131072 /prefetch:8 (PID: 7400)
- msedge.exe --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4240 --field-trial-handle=1972,i,14394708878542561804,108757101134882164,131072 /prefetch:8 (PID: 3316)
- msedge.exe --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=4476 --field-trial-handle=1972,i,14394708878542561804,108757101134882164,131072 /prefetch:8 (PID: 1228)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5344 --field-trial-handle=1972,i,14394708878542561804,108757101134882164,131072 /prefetch:8 (PID: 7824)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --time-ticks-at-unix-epoch=-1689166209078636 --launch-time-ticks=1241092104 --mojo-platform-channel-handle=4272 --field-trial-handle=1972,i,14394708878542561804,108757101134882164,131072 /prefetch:1 (PID: 5612)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --time-ticks-at-unix-epoch=-1689166209078636 --launch-time-ticks=1242172589 --mojo-platform-channel-handle=4092 --field-trial-handle=1972,i,14394708878542561804,108757101134882164,131072 /prefetch:1 (PID: 8100)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --time-ticks-at-unix-epoch=-1689166209078636 --launch-time-ticks=1244186059 --mojo-platform-channel-handle=5752 --field-trial-handle=1972,i,14394708878542561804,108757101134882164,131072 /prefetch:1 (PID: 8104)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4212 --field-trial-handle=1972,i,14394708878542561804,108757101134882164,131072 /prefetch:8 (PID: 5220)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4644 --field-trial-handle=1972,i,14394708878542561804,108757101134882164,131072 /prefetch:8 (PID: 7088)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3656 --field-trial-handle=1972,i,14394708878542561804,108757101134882164,131072 /prefetch:8 (PID: 2812)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4592 --field-trial-handle=1972,i,14394708878542561804,108757101134882164,131072 /prefetch:8 (PID: 5720)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1216 --field-trial-handle=1972,i,14394708878542561804,108757101134882164,131072 /prefetch:8 (PID: 5796)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4488 --field-trial-handle=1972,i,14394708878542561804,108757101134882164,131072 /prefetch:8 (PID: 2928)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4316 --field-trial-handle=1972,i,14394708878542561804,108757101134882164,131072 /prefetch:8 (PID: 632)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5396 --field-trial-handle=1972,i,14394708878542561804,108757101134882164,131072 /prefetch:8 (PID: 6656)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 --field-trial-handle=1972,i,14394708878542561804,108757101134882164,131072 /prefetch:8 (PID: 7704)
-
msedge.exe
--single-argument http://bmo.login-lockaccount.com/
(PID: 7812)
Network Analysis
DNS Requests
Domain | Address | Registrar | Country |
---|---|---|---|
adobedc.demdex.net
OSINT |
63.140.36.130
TTL: 665 |
NOM-IQ Ltd dba Com Laude
Organization: Adobe Systems Incorporated Name Server: UDNS1.ULTRADNS.NET Creation Date: 2008-08-12T00:00:00 |
United States |
api.edgeoffer.microsoft.com
OSINT |
138.91.254.96
TTL: 2526 |
MarkMonitor, Inc.
Organization: Microsoft Corporation Name Server: NS1.MSFT.NET Creation Date: 1991-05-02T00:00:00 |
United States |
app.fintelconnect.com
OSINT |
13.227.74.104
TTL: 60 |
GoDaddy.com, LLC
Organization: John Mcarthur Consulting Name Server: NS-1195.AWSDNS-21.ORG Creation Date: 2018-12-30T01:09:52 |
United States |
assets-tracking.crazyegg.com
OSINT |
13.227.74.60
TTL: 60 |
GODADDY.COM, LLC
Organization: Crazy Egg, Inc. Name Server: NS-1494.AWSDNS-58.ORG Creation Date: 2002-12-19T00:00:00 |
United States |
bmo.login-lockaccount.com
OSINT |
146.70.35.134
TTL: 7207 |
NameSilo, LLC
Organization: PrivacyGuardian.org llc Name Server: NS1.DNSOWL.COM Creation Date: 2023-07-10T22:06:17 |
United Kingdom |
cdn.linkedin.oribi.io
OSINT |
13.227.74.49
TTL: 43 |
- | United States |
connect.facebook.net
OSINT |
157.240.22.25
TTL: 3040 |
MarkMonitor, Inc.
Organization: Facebook, Inc. Name Server: A.NS.FACEBOOK.COM Creation Date: 2004-04-01T00:00:00 |
United States |
edge.adobedc.net
OSINT |
63.140.36.130
TTL: 103 |
NOM-IQ Ltd dba Com Laude
Organization: Adobe Inc. Name Server: NS201.ADOBE.NET Creation Date: 2018-11-27T23:53:48 |
United States |
googleads.g.doubleclick.net
OSINT |
142.251.46.226
TTL: 300 |
MarkMonitor, Inc.
Organization: Google Inc. Name Server: NS1.GOOGLE.COM Creation Date: 1996-01-16T00:00:00 |
United States |
href.li |
192.0.78.27
TTL: 14185 |
- | United States |
iaaa.apis.bnc.ca |
184.86.104.43
TTL: 392 |
- | United States |
pagestates-tracking.crazyegg.com |
13.227.74.110
TTL: 60 |
- | United States |
resources.digital-cloud.medallia.ca |
146.75.93.230
TTL: 58 |
- | Sweden |
script.crazyegg.com |
104.19.148.8
TTL: 8 |
- | United States |
tracking.crazyegg.com |
18.213.250.165
TTL: 60 |
- | United States |
udc-neb.kampyle.com |
35.241.45.82
TTL: 11636 |
- | United States |
www.datadoghq-browser-agent.com |
13.227.73.235
TTL: 60 |
- | United States |
www.facebook.com |
157.240.22.35
TTL: 3075 |
- | United States |
Contacted Hosts
IP Address | Port/Protocol | Associated Process | Details |
---|---|---|---|
146.70.35.134 |
80
TCP |
msedge.exe PID: 6096 |
United Kingdom |
138.91.254.96 |
443
TCP |
msedge.exe PID: 6096 |
United States |
146.70.35.134 |
443
TCP |
msedge.exe PID: 6096 |
United Kingdom |
192.0.78.27 |
443
TCP |
msedge.exe PID: 6096 |
United States |
63.140.36.14 |
443
TCP |
msedge.exe PID: 6096 |
United States |
63.140.36.130 |
443
TCP |
msedge.exe PID: 6096 |
United States |
157.240.22.25 |
443
TCP |
msedge.exe PID: 6096 |
United States |
13.227.73.235 |
443
TCP |
msedge.exe PID: 6096 |
United States |
13.227.74.104 |
443
TCP |
msedge.exe PID: 6096 |
United States |
104.19.148.8 |
443
TCP |
msedge.exe PID: 6096 |
United States |
157.240.22.25 |
443
UDP |
msedge.exe PID: 6096 |
United States |
146.75.93.230 |
443
TCP |
msedge.exe PID: 6096 |
Sweden |
184.86.104.43 |
443
TCP |
msedge.exe PID: 6096 |
United States |
142.251.46.226 |
443
TCP |
msedge.exe PID: 6096 |
United States |
157.240.22.35 |
443
TCP |
msedge.exe PID: 6096 |
United States |
13.227.74.110 |
443
TCP |
msedge.exe PID: 6096 |
United States |
13.227.74.60 |
443
TCP |
msedge.exe PID: 6096 |
United States |
35.241.45.82 |
443
TCP |
msedge.exe PID: 6096 |
United States |
18.213.250.165 |
443
TCP |
msedge.exe PID: 6096 |
United States |
13.227.74.49 |
443
TCP |
msedge.exe PID: 6096 |
United States |
Contacted Countries
HTTP Traffic
Endpoint | Request | URL | |
---|---|---|---|
146.70.35.134:80 (bmo.login-lockaccount.com) | GET | bmo.login-lockaccount.com/ | GET / HTTP/1.1
Host: bmo.login-lockaccount.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9 301 Moved Permanently More Details |
Suricata Alerts
Event | Category | Description | SID |
---|---|---|---|
104.68.118.93 -> local:49728 (TCP) | Generic Protocol Command Decode | SURICATA HTTP unable to match response to request | 2221010 |
Extracted Strings
Extracted Files
Displaying 51 extracted file(s). The remaining 358 file(s) are available in the full version and XML/JSON reports.
-
Informative Selection 51
-
-
30784db0-393c-4b5a-bff8-4d48dd346169.tmp
- Size
- 62KiB (63819 bytes)
- Type
- text
- Description
- UTF-8 Unicode text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 7812)
- MD5
- 3a70e0daa5af08a801b2afae1e1afca8
- SHA1
- 60e19dd8ee2743b59724a2127527ab085ed9e8da
- SHA256
- c697de0d0fe38c7c37708a8bb7732bcdd8a19d8c21b0a84a2008acefc8532be4
-
37450456-e5ae-4c6e-99d1-dbd2caa4881d.tmp
- Size
- 62KiB (63819 bytes)
- Type
- text
- Description
- UTF-8 Unicode text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 7812)
- MD5
- 3a70e0daa5af08a801b2afae1e1afca8
- SHA1
- 60e19dd8ee2743b59724a2127527ab085ed9e8da
- SHA256
- c697de0d0fe38c7c37708a8bb7732bcdd8a19d8c21b0a84a2008acefc8532be4
-
4ff2c044-a090-422d-91f4-15fc90d957d1.tmp
- Size
- 62KiB (63721 bytes)
- Type
- text
- Description
- UTF-8 Unicode text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 7812)
- MD5
- b5090bc103ce6d70890535156a02d3a9
- SHA1
- 49a70c5b57c1bf576aef17623523759f1e12c636
- SHA256
- 25a6072b7119fac02ad239f6f1448dc346b866164d4e06970754e1572bfa9065
-
5be78969-ebea-4e70-ae2e-211b0dec4f7b.tmp
- Size
- 62KiB (63697 bytes)
- Type
- text
- Description
- UTF-8 Unicode text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 7812)
- MD5
- 66b3807aad5babe044980e90f351389c
- SHA1
- 327117cd0e6c94329c900e9b377f6b35f740dbe1
- SHA256
- 059ec37c9e29639e2cd3560864dfbae0e26955f2d2e9141defae1c28f720d56a
-
101a6aae-054f-42af-9e17-3d3c0f19c1ff.tmp
- Size
- 88KiB (90508 bytes)
- Type
- data
- Description
- JSON data
- Runtime Process
- msedge.exe (PID: 7812)
- MD5
- 91cde8795c9f0554db87c9dd1f01ae5f
- SHA1
- 7205a54af35501da0ef5704cb74403ec9f6519c1
- SHA256
- 16fc6e190223c379ebc2aae695f7d149658a520e5b78b4c4ea6ff9ac0fe4ffd8
-
settings.dat
- Size
- 280B (280 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 7572)
- MD5
- ad0bc7a515cdef716546f1fe7dffce24
- SHA1
- 1211554ababfbadba842f3c900fdd9d76e3186a0
- SHA256
- ff788ad9260235970674c12b2c4faa4c1825b6cbe3b471b8de23ef1ae13b1a56
-
0989972e-d0d7-4401-9f5b-0fa8076f704a.tmp
- Size
- 23KiB (23570 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 7812)
- MD5
- e576e84d8eb3e6682e2d414ac656e39a
- SHA1
- e004702629f516fdab98fe21dc32794e59c238ca
- SHA256
- fd49e28450ea556a07a5edf5587637b207b691d3fc2699abe90625b2d1a454ad
-
1c086f69-5d89-414c-9751-1eaf01836470.tmp
- Size
- 23KiB (23831 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 7812)
- MD5
- 40261e1d17ac166f65c3088d64b823bb
- SHA1
- f4360aad0592dc63433b5d3e65d914eca3a31b46
- SHA256
- 4d2450472e3cd8f2eb76fa606e6e2169a75c1b7cd7c9f48e417e89be08d889e0
-
262f0ad5-d0c0-4c1f-b7a5-8314facd69da.tmp
- Size
- 1B (1 bytes)
- Type
- unknown
- Description
- very short file (no magic)
- Runtime Process
- msedge.exe (PID: 7812)
- MD5
- 5058f1af8388633f609cadb75a75dc9d
- SHA1
- 3a52ce780950d4d969792a2559cd519d7ee8c727
- SHA256
- cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
-
457e6bf0-61be-4ba8-946d-695b7b5a0aed.tmp
- Size
- 23KiB (23184 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 7812)
- MD5
- e241ce539187cbe7f6f672e5b07a40a6
- SHA1
- 089d1c4f6175de73ff59f2d1f6699810257f49e0
- SHA256
- b1a08fd42f62f9df6faeb28ad099a063a61eeb385329f932c6734238a76d1185
-
62d0024d-cbb9-4a45-a146-a7267df4afeb.tmp
- Size
- 23KiB (23570 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 7812)
- MD5
- dccb05783dd3e2beaa5bad3b56aec829
- SHA1
- 3c2a97b14736edef6fe908a8c318361e53435bb8
- SHA256
- 9b517278f687e8ec53ab7da7574ba0faec6aa31942888ab191e58de784ca4098
-
94ffbba3-d06f-42ed-97fc-5060014b6990.tmp
- Size
- 22KiB (22910 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 7812)
- MD5
- 0ef2befae53fcb8561eaa42c84c50bcc
- SHA1
- 1611dbcdcfdc08a9dfef6ae7a4b0678f23f2d391
- SHA256
- 1bde9afe871b28a55e83888a867ca06e4ba435d7627b72ca680323abacf60f5b
-
000001.dbtmp
- Size
- 16B (16 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- msedge.exe (PID: 7812)
- MD5
- 46295cac801e5d4857d09837238a6394
- SHA1
- 44e0fa1b517dbf802b18faf0785eeea6ac51594b
- SHA256
- 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
-
000003.log
- Size
- 33B (33 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 7812)
- MD5
- f27314dd366903bbc6141eae524b0fde
- SHA1
- 4714d4a11c53cf4258c3a0246b98e5f5a01fbc12
- SHA256
- 68c7ad234755b9edb06832a084d092660970c89a7305e0c47d327b6ac50dd898
-
MANIFEST-000001
- Size
- 41B (41 bytes)
- Type
- unknown
- Description
- PGP Secret Key -
- Runtime Process
- msedge.exe (PID: 7812)
- MD5
- 5af87dfd673ba2115e2fcf5cfdb727ab
- SHA1
- d5b5bbf396dc291274584ef71f444f420b6056f1
- SHA256
- f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
-
000003.log
- Size
- 420KiB (429687 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 7812)
- MD5
- c34c50d45d589b3adbcd88484b62df77
- SHA1
- 87ef593a131b9ea7c905d790773608f52c99d01f
- SHA256
- 880c7da9d59450ed558d4533473b816f25638366025d627141487ed6408e3716
-
LOG
- Size
- 188B (188 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- msedge.exe (PID: 7812)
- MD5
- 12950ef46b825412911ef5b39c558308
- SHA1
- 6448e51088f2cc1e137d71dc4b752123fc08d048
- SHA256
- 3f756e2bafa411ba3574f29769c568614c2b970a20a47fdb47d52452a479d069
-
data_0
- Size
- 120KiB (123212 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- fd955e72bc9a4b5e5453a93cd116a75f
- SHA1
- b5252f741052ead8e00120bf70da93f7a32a5417
- SHA256
- 8451c482b80ce30c3a82c10a871fdf55b42b19202204fbdb69e9091687c65436
-
data_1
- Size
- 1.3MiB (1356800 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- d6379118cbb61dc09f2f10a560f0f4f2
- SHA1
- 057bd501f68c586e2ed63c614eff628fae35d80e
- SHA256
- 923b96171b1cd9c928520040622fb73674d03a2e554e6a04f9690e5bcffa9b0f
-
data_2
- Size
- 3MiB (3153920 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- 01360806bd573165311897bd8226b44c
- SHA1
- 3e982c508dc4182f6bf3b73d171fc30696e5114e
- SHA256
- 332344a29021276c32f90606038fab2906494d631d7e9c3290ef98d647da65cb
-
f_0004c3
- Size
- 35KiB (36267 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 346724
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- c9040be177f9071f44ef9ae9005971d0
- SHA1
- 8b25a89eaacd16737678ce383a7f99563c819597
- SHA256
- 2dc7b941f0296e2360ae71277800cab8de670b4ccc8e4863fcdc3d7c952f6462
-
f_0004c4
- Size
- 31KiB (32241 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 91741
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- a7ce62973685fea06c8ed2d30de1d2cd
- SHA1
- 849e737c881a26b8d8badc68e8834d8053085b9c
- SHA256
- db6c9dae0c70b8e6f88020ea8beba1182a46e24f6aae30ff3a0ffcbe8082cf51
-
f_0004c5
- Size
- 70KiB (71619 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 716522
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- fc413e6f29a58db6c203d7be7c6d815e
- SHA1
- ce407c9e54e21db6011ec2e38fe55c4f5805eda4
- SHA256
- 41455045bc6338e242e30c1e8b30b29e2cf4a80cd4391e752d03569fe3f79131
-
f_0004c6
- Size
- 22KiB (22160 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 119683
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- e92c7b1633db8173fd9b9f7c700a71f8
- SHA1
- 49ceb9127f72be2e1ca1a5199b87e52006cd4e77
- SHA256
- 3a24c97a9715fc9a419b025a0bb200cf470dd17302c7a3c611eaf6099db54a2f
-
f_0004c7
- Size
- 17KiB (17717 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 56512
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- 09eab76655a1a5536c4ae0cb39fdd572
- SHA1
- 5f1df8ced4adbf749eb0a6bdaed231b5320eb477
- SHA256
- a58bbeb5c2484e350f0ccd3b8c98740de7dbd1d3d717ae1fe9b6f31782980b47
-
f_0004cb
- Size
- 20KiB (20435 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 88997
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- f00d5c24c860089dffd295a7d0520106
- SHA1
- e1d63da06d2dcb5668f4c1da73abe5aa2970a0fb
- SHA256
- 0c92222601ef34a70d8f2db6c2be4c9e5357c7927d8d349e43026dac6b62bc6a
-
f_0004d0
- Size
- 150KiB (153447 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 636115
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- ac27e246d6254b68246c8563981a4827
- SHA1
- d5a6b93396c1bc134aa136d075af7660efc2f6a3
- SHA256
- aefe7f8e84d59bdf63160869d60b503693b9c67948fddb06a08fa0d1baad331d
-
f_0004d1
- Size
- 26KiB (26116 bytes)
- Type
- unknown
- Description
- Web Open Font Format (Version 2), TrueType, length 26116, version 1.0
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- 73c64db9b443f3cd4fa538cd811521a0
- SHA1
- e5f11b3c73bfbe45c78ec2cf6f28da4d754e774c
- SHA256
- 5b72dfd9b49fdb37d4f03007f1e4dfc741bd013467d169ca1aa1ae4327d8dbb1
-
f_0004d2
- Size
- 70KiB (71204 bytes)
- Type
- img image
- Description
- JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, software=Adobe Photoshop 2022 Windows], baseline, precision 8, 375x195, components 3
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- f427a676d518d8a6e68d1f6c9ce52314
- SHA1
- 4278dfc71312d271e59ccf13a484b847a581a37a
- SHA256
- ed534bac61f123716438cd4e42967bf4d9e915c1ccbc07191790df65f73de820
-
f_0004d3
- Size
- 82KiB (84054 bytes)
- Type
- img image
- Description
- JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, software=Adobe Photoshop CC 2019 (Windows)], baseline, precision 8, 375x195, components 3
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- 3279f7653a92eca655e16ecc36b17019
- SHA1
- 41f7eda77a1766bfa6628e23047a33e2ac02ceda
- SHA256
- 2541c4e465967483343a4542a4c77689be4456d08c34da6e8546faa7fe9ceb1c
-
f_0004d6
- Size
- 46KiB (46863 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 174794
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- efbe73a5cac22f8224a6be10e971b923
- SHA1
- 678a0aada30fbd02c8f828682be8a93ae2ece97e
- SHA256
- d22a9a6c85132a3ccd7b71b35a3376b17f755baefb8d8f172c0ea8877d262920
-
f_0004d7
- Size
- 21KiB (21265 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- 129d4b039040a80a4e0cb0e9c226d5db
- SHA1
- b1d5e6d56e9757b14babad0aab54f66b0c9941ac
- SHA256
- e5fd6e7aa2cd58a04efb378b7301d2e52302b1129429a2f60dc86ea111b493cd
-
f_0004d8
- Size
- 228KiB (233080 bytes)
- Type
- img image
- Description
- JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1199x375, components 3
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- 3ef2f4cce4905a20317d473efefaa327
- SHA1
- e88186d1730fe18ddede5a295e1d721f418cd11a
- SHA256
- cf15b28ec57f96136186d1db4746b93ab2e62b01567a4c184e7daaabecb3ae48
-
f_0004dc
- Size
- 43KiB (43898 bytes)
- Type
- img image
- Description
- JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 575x200, components 3
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- 7437088f3355ca4d3efa2f7379906c15
- SHA1
- 51c67523620ff3f1683431b412a030d0d1b795d4
- SHA256
- a25327c7948664cea1b17bcc19f53e384dc19270c54802fb6bee46ee1bc20c26
-
f_0004dd
- Size
- 31KiB (31961 bytes)
- Type
- img image
- Description
- JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 375x195, components 3
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- 058ae00f12aad438ddcdeadbf9b7ba47
- SHA1
- d9c2e7ccb53a449c548f427d413f521dc7bc521b
- SHA256
- 930e23883226ea3c141a0f12f5067f6497117c42c02b0f14a8a73d3049039448
-
f_0004df
- Size
- 37KiB (38073 bytes)
- Type
- img image
- Description
- JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 400x250, components 3
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- 1b3e23d7111a2094fc787ee7531151e0
- SHA1
- 1aa907c4672a3686ce0d363cb295d5cc8062a6f7
- SHA256
- a62fee9e7214e46bc10981a9354142e20bafea798483bccf3f2be4343202f7b4
-
f_0004e6
- Size
- 40KiB (40607 bytes)
- Type
- img image
- Description
- JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 400x250, components 3
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- 5c49384ff3c5abb930f89ad3e96bcd7a
- SHA1
- 279fa3e996d175a951233214d77cc72691143978
- SHA256
- ed769d1ba84740fb9d0b6691cd08deb8413e8b0491e3cd7babbdaa740374cd85
-
f_0004e7
- Size
- 61KiB (62974 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- 08c6fa1111f3a9d93d9f911040e6d5d4
- SHA1
- 5c6c180762172e7a4a4a89c3c29f1de856627d62
- SHA256
- 0019ea439a31ebe177e1fe9c107fba63ca7a9c9873cb2817cba6cd3b1cddf5b5
-
f_0004e8
- Size
- 63KiB (64958 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- 704fa3cd02734e552090bf024c5601af
- SHA1
- e7f76deeba33808ac31f188a7204d188c3057371
- SHA256
- 3032b47cace30ca0ab72b665f26b03094998b0a593b4a5858636e3d681ad5f85
-
f_0004e9
- Size
- 61KiB (62973 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- e3b2e6c2937d803143f97a213d379b01
- SHA1
- d3c816492abfef69a7a71ddeb812a31f048100f6
- SHA256
- 2f05f2ea7d56e8f074c931cfa6326d3aace22822a05749d5ce1b87a12ee253bd
-
f_0004eb
- Size
- 61KiB (62974 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- e1f7ba74de6e669e2bb5e3f02690cab2
- SHA1
- e1846deec58357a48ccb0bb8343a8cd3a66688c5
- SHA256
- e3d6766c811d39a1a328541fe2b6f68692137ea92f86d90bb489f8c47bb2cd29
-
f_0004ee
- Size
- 70KiB (71454 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- 3c8eed7956794b370187843b8aac55a2
- SHA1
- bfb284ef47c74ba75b2ebd3092abde90ac935c5e
- SHA256
- 43ced7406afb7fb7456d5e706a99f1f8f9063936b1983b6be5fcbf80e7f49723
-
f_0004ef
- Size
- 61KiB (62975 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- fdec8f5f7eb4ed9ed7110c60dc76bc06
- SHA1
- 2afee23937885d8b7b5b96eae2b47f7959a8f906
- SHA256
- f45df0739cf9cf99642f68097b84026758740c78bb28e69dd583c41e88f7502a
-
f_0004f0
- Size
- 54KiB (55206 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- c133143a4f6b713e97bf41c200523eaf
- SHA1
- 3cb05579c8a25a0faa1dc3ebca23d902174f0e6d
- SHA256
- ab599b3185dac6baca511ddd4a8f42f56d3fcb8db6417491d66ea6fe1cc6d48a
-
f_0004f1
- Size
- 44KiB (44641 bytes)
- Type
- img image
- Description
- JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 400x250, components 3
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- 93215b75e324561658cbf8dda94575ba
- SHA1
- 3ac08d63b290ee8e017956a8068301adf1538098
- SHA256
- 65ac6897e320153746c919bfc56d68a8205774a37b4687717475f4bcf6992ada
-
f_0004f2
- Size
- 51KiB (52697 bytes)
- Type
- img image
- Description
- JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 575x200, components 3
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- b137a34443b2c845ffc2cd02c937515c
- SHA1
- 4a6390d4df1cf6cb33169edb5862febecae6a375
- SHA256
- 1b066527f88d81fed46764233a7759c731cf14965a8ebf46b04055da0e4181b4
-
f_0004f3
- Size
- 72KiB (73776 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- 0f3a48cc3cc46a581ec55825ca3249a7
- SHA1
- d1e2fb8515346dbf5ba90bdd53be1be9bccc9a3c
- SHA256
- 7d97888576fd7761efe8b2a03e1821a5fbc5171dd8043fc1968f69785d7cd8aa
-
f_0004f4
- Size
- 54KiB (55209 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- c588b33f0bb5d2c3e1f13d34bf77e2ac
- SHA1
- e6e4ce07a61a72e9449c95006f5022d9cf8ca9d2
- SHA256
- 8aa29f69ed16bbb1ef474aca33b0672a191a775a3dd7ae5f31723096ab0ef015
-
f_0004f7
- Size
- 70KiB (71514 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- 5ca538a1a854e99f7207195aacf41200
- SHA1
- 4322b6a3f64e181f06decb6bea7ef0baea018fd4
- SHA256
- da9cd2a3ec1546f472f05c8e83c86cbcbcf869c16a5689147f6a5cfbc7613f04
-
f_0004f8
- Size
- 72KiB (73466 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 6096)
- MD5
- a2891d3246ec3f6f3178102f5567c2a6
- SHA1
- 90f4f370cf92bad66fdaa587bb0feba5f1acbdaf
- SHA256
- 3ad73d56dbabc10f672a0e6ea557c1514cf2f23c70cdf69360b9047ce7ea011d
-
urlref_httpbmo.login-lockaccount.com
- Size
- 392B (392 bytes)
- Type
- html
- Description
- HTML document, ASCII text
- Context
- http://bmo.login-lockaccount.com/
- MD5
- 7d0e9875bc3d9eb821c5ec58854726f9
- SHA1
- 722da4fd6455d7f496f3c17b4b7d27635e588b68
- SHA256
- 26771fdea66091d01f7d797594b5b85dae8a74b6964364789db1f23ae0d478bd
-
Notifications
-
Runtime
- Not all Falcon MalQuery lookups completed in time
- Not all IP/URL string resources were checked online
- Not all created files are visible for msedge.exe (PID: 7812)
- Not all file accesses are visible for msedge.exe (PID: 1228)
- Not all file accesses are visible for msedge.exe (PID: 2812)
- Not all file accesses are visible for msedge.exe (PID: 2928)
- Not all file accesses are visible for msedge.exe (PID: 3316)
- Not all file accesses are visible for msedge.exe (PID: 3728)
- Not all file accesses are visible for msedge.exe (PID: 4032)
- Not all file accesses are visible for msedge.exe (PID: 5220)
- Not all file accesses are visible for msedge.exe (PID: 5612)
- Not all file accesses are visible for msedge.exe (PID: 5720)
- Not all file accesses are visible for msedge.exe (PID: 5796)
- Not all file accesses are visible for msedge.exe (PID: 6096)
- Not all file accesses are visible for msedge.exe (PID: 632)
- Not all file accesses are visible for msedge.exe (PID: 6656)
- Not all file accesses are visible for msedge.exe (PID: 7088)
- Not all file accesses are visible for msedge.exe (PID: 7400)
- Not all file accesses are visible for msedge.exe (PID: 7572)
- Not all file accesses are visible for msedge.exe (PID: 7584)
- Not all file accesses are visible for msedge.exe (PID: 7704)
- Not all file accesses are visible for msedge.exe (PID: 7796)
- Not all file accesses are visible for msedge.exe (PID: 7812)
- Not all file accesses are visible for msedge.exe (PID: 7824)
- Not all file accesses are visible for msedge.exe (PID: 8100)
- Not all file accesses are visible for msedge.exe (PID: 8104)
- Some low-level data is hidden, as this is only a slim report
- This URL analysis has missing honeyclient data
- Not all sources for indicator ID "mutant-0" are available in the report
- Not all sources for indicator ID "string-23" are available in the report
- Not all sources for indicator ID "string-169" are available in the report