https://www.biznes.gov.pl/pl/portal/03153
This report is generated from a file or URL submitted to this webservice on December 9th 2023 11:33:19 (UTC) and action script Default browser analysis
Guest System: Windows 10 64 bit, Professional, 10.0 (build 16299),
Report generated by
Falcon Sandbox v11.0.3 © Hybrid Analysis
Incident Response
Risk Assessment
- Network Behavior
- Contacts 13 domains and 14 hosts. View all details
MITRE ATT&CK™ Techniques Detection
Additional Context
Related Sandbox Artifacts
- Associated SHA256s
-
36ad1fe09a61b11e31228f8ea8660fcc244cf47396a01eda060fd4a52357897a
38b25d2164a8cf10ed0f1d1431d4355c04398efc1e8b9b71250601afc2d6bab6
6e610a69489d18b60bdb6f4eb686d9bfc2ec22a6408e34fbc699a39e314ec497
8b499eee4611dec86741bcd65fdf37eeeadfa32e084f734c58b5c377ff82fd42
12073209452761b30e9a475b2fe09cb8ff5db2b9dfd07774435ac9351abe2132
e51767cf5b4f9540b80ecfb8e2df8c5fd3caf0cebc79bc63326416fb45aee1b5
4f436dfb01805caea95e0655b91e478511d8d981a9ae4e9372a944edf01db39b
4808fd07dcf0cfe958da7afc124ab37867d2081203ded99b01c6aad7618b4fd4
77ea374756e1e1bf9f75f57495aa6837cf73e32c10fad5e83d56206157767144
be57b48a1c6623ecfb30b8a122301f0949819c04fe9e3c5cb92281c05686ab53
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Informative 9
-
External Systems
-
Sample was identified as clean by Antivirus engines
- details
- 0/88 Antivirus vendors marked sample as malicious (0% detection rate)
- source
- External System
- relevance
- 10/10
-
Sample was identified as clean by Antivirus engines
-
General
-
Contacts server
- details
-
"185.16.144.232:443"
"194.181.25.184:443"
"185.16.144.230:443"
"142.251.46.234:443"
"172.217.12.99:443"
"18.238.192.16:443"
"142.251.2.154:443"
"216.239.38.181:443"
"52.218.106.27:443"
"20.114.189.70:443"
"142.250.189.196:443"
"18.196.233.130:443" - source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Creates mutants
- details
-
"Local\SM0:5380:304:WilStaging_02"
"SM0:5380:304:WilStaging_02"
"InternetShortcutMutex"
"SM0:5380:120:WilError_01"
"Local\SM0:5380:120:WilError_01" - source
- Created Mutant
- relevance
- 3/10
-
Found a reference to a known community page
- details
-
file/memory contains long string with (Indicator: "facebook.com"; File: "Social")
Found string "zadn.vn/ansira.com/fcmatch.google.com/origo.hu/fcmatch.youtube.com/refersion.com/flocktory.com/vtex.com.br/rqtrk.eu/vocento.com/fingerprinter.msedgedemo.example/" (Indicator: "youtube"; File: "Fingerprinting")
Found string "fcmatch.youtube.com/fcmatch.google.com/other-tracker.msedgedemo.example/" (Indicator: "youtube"; File: "Other")
Found string "linkedin.com^Microsoft" (Indicator: "linkedin.com"; File: "Entities")
Found string "facebook.com^Facebook" (Indicator: "facebook.com"; File: "Entities")
Found string "youtube.com^Google" (Indicator: "youtube"; File: "Entities")
Found string "tweetdeck.com^Twitter" (Indicator: "twitter"; File: "Entities")
Found string "fabric.io^Twitter" (Indicator: "twitter"; File: "Entities")
Found string "digits.com^Twitter" (Indicator: "twitter"; File: "Entities")
Found string "twitter.com^Twitter" (Indicator: "twitter"; File: "Entities")
Found string "paypal.com^Paypal" (Indicator: "paypal"; File: "Entities")
Found string "simility.com^Paypal" (Indicator: "paypal"; File: "Entities")
Found string "twittercounter.com^Twitter Counter" (Indicator: "twitter"; File: "Entities")
Found string "ads-twitter.com^Twitter" (Indicator: "twitter"; File: "Entities")
Found string "twitter.jp^Twitter" (Indicator: "twitter"; File: "Entities")
Found string "twimg.com^Twitter" (Indicator: "twitter"; File: "Entities") - source
- File/Memory
- relevance
- 2/10
-
Queries DNS server
- details
-
"analytics.google.com"
"fonts.googleapis.com"
"fonts.gstatic.com"
"logowanie.biznes.gov.pl"
"rail-publisher.app.inteliwi.se"
"rail-webfront.app.inteliwi.se"
"s3-eu-west-1.amazonaws.com"
"static.biznes.gov.pl"
"static.inteliwise.com"
"stats.g.doubleclick.net"
"t.clarity.ms"
"www.biznes.gov.pl"
"www.google.com" - source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071.004 (Show technique in the MITRE ATT&CK™ matrix)
-
Contacts server
-
Installation/Persistence
-
Dropped files
- details
-
"Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\35\scoped_dir3712_1526907482\Ruleset Data]- [targetUID: 00000000-00003712]
"recovery-component-inner.crx" has type "Google Chrome extension version 3"- Location: [%TEMP%\3712_909160202\recovery-component-inner.crx]- [targetUID: 00000000-00003712]
"Filtering Rules" has type "data"- Location: [%TEMP%\3712_453641622\Filtering Rules]- [targetUID: 00000000-00003712]
"auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\3712_71826028\auto_open_controller.js]- [targetUID: 00000000-00003712]
"load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\load_statistics.db-wal]- [targetUID: 00000000-00003712]
"edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\3712_71826028\edge_checkout_page_validator.js]- [targetUID: 00000000-00003712]
"af7b91de-1863-46cd-bdfc-18c69ec025c6.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 122014"- Location: [%TEMP%\af7b91de-1863-46cd-bdfc-18c69ec025c6.tmp]- [targetUID: 00000000-00003712]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1]- [targetUID: 00000000-00003712]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log]- [targetUID: 00000000-00003712]
"Filtering Rules-AA" has type "data"- Location: [%TEMP%\3712_453641622\Filtering Rules-AA]- [targetUID: 00000000-00003712]
"25dc8ebd-d1ee-412a-a086-4211c66e02fb.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 1120638"- Location: [%TEMP%\25dc8ebd-d1ee-412a-a086-4211c66e02fb.tmp]- [targetUID: 00000000-00003856]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\GrShaderCache\data_1]- [targetUID: 00000000-00003712]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\DawnCache\data_1]- [targetUID: 00000000-00003712]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\ShaderCache\data_1]- [targetUID: 00000000-00003712]
"data_1" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\GPUCache\data_1]- [targetUID: 00000000-00003712]
"f_0004c7" has type "gzip compressed data max speed from Unix original size modulo 2^32 688857"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c7]- [targetUID: 00000000-00005328]
"f_0004d1" has type "gzip compressed data was "module.bee07cd0.js" last modified: Thu Nov 30 12:41:39 2023 from Unix original size modulo 2^32 561608"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d1]- [targetUID: 00000000-00005328]
"f_0004c8" has type "gzip compressed data from Unix original size modulo 2^32 527812"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c8]- [targetUID: 00000000-00005328]
"History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\History]- [targetUID: 00000000-00003712]
"Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Web Data]- [targetUID: 00000000-00003712]
"Visited Links" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Visited Links]- [targetUID: 00000000-00003712]
"f_0004d0" has type "gzip compressed data was "module.41584808.js" last modified: Thu Nov 30 12:41:39 2023 from Unix original size modulo 2^32 465779"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004d0]- [targetUID: 00000000-00005328]
"d619e453-4475-42f1-aa99-1274169cd2da.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Ad Blocking\d619e453-4475-42f1-aa99-1274169cd2da.tmp]- [targetUID: 00000000-00003712]
"sslkey.txt" has type "ASCII text"- Location: [%TEMP%\sslkey.txt]- [targetUID: 00000000-00003712]
"Tabs_13346595369973132" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sessions\Tabs_13346595369973132]- [targetUID: 00000000-00003712]
"f_0004cf" has type "gzip compressed data was "init-root.4ab9a6d2.js" last modified: Thu Nov 30 12:41:39 2023 from Unix original size modulo 2^32 288651"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004cf]- [targetUID: 00000000-00005328]
"f_0004ca" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004ca]- [targetUID: 00000000-00005328]
"Diagnostic Data-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Diagnostic Data-wal]- [targetUID: 00000000-00003712]
"f_0004c9" has type "Web Open Font Format (Version 2) TrueType length 78268 version 331.34340"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c9]- [targetUID: 00000000-00005328]
"Entities" has type "UTF-8 Unicode text"- Location: [%TEMP%\3712_847325983\Mu\Entities]- [targetUID: 00000000-00003712]
"f_0004c6" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c6]- [targetUID: 00000000-00005328]
"c0f674ec-c4b1-43fc-b0f5-66b436467b25.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\c0f674ec-c4b1-43fc-b0f5-66b436467b25.tmp]- [targetUID: 00000000-00003712]
"7551cbcd-551c-4cf4-9af7-6cb9f60928ef.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\7551cbcd-551c-4cf4-9af7-6cb9f60928ef.tmp]- [targetUID: 00000000-00003712]
"c7a30e05-2658-419a-9bc4-5362dd0a884a.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\c7a30e05-2658-419a-9bc4-5362dd0a884a.tmp]- [targetUID: 00000000-00003712]
"4dc194fa-ddc2-467f-a79f-2023b7d9a806.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\4dc194fa-ddc2-467f-a79f-2023b7d9a806.tmp]- [targetUID: 00000000-00003712]
"0ba9d383-38df-4132-836d-704729a322fd.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\0ba9d383-38df-4132-836d-704729a322fd.tmp]- [targetUID: 00000000-00003712]
"76998933-ef21-4aa0-9023-f9342974e0bc.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\76998933-ef21-4aa0-9023-f9342974e0bc.tmp]- [targetUID: 00000000-00003712]
"27e16b80-7b16-4b9e-b412-962f70338c36.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\27e16b80-7b16-4b9e-b412-962f70338c36.tmp]- [targetUID: 00000000-00003712]
"Network Action Predictor" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network Action Predictor]- [targetUID: 00000000-00003712]
"000004.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000004.log]- [targetUID: 00000000-00003712]
"Session_13346595369316002" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sessions\Session_13346595369316002]- [targetUID: 00000000-00003712]
"Favicons" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Favicons]- [targetUID: 00000000-00003712]
"f_0004c5" has type "gzip compressed data max speed from Unix original size modulo 2^32 136311"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c5]- [targetUID: 00000000-00005328]
"LICENSE" has type "ASCII text"- Location: [%TEMP%\3712_847325983\Mu\LICENSE]- [targetUID: 00000000-00003712]
"f_0004cc" has type "Web Open Font Format (Version 2) TrueType length 33116 version 1.0"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004cc]- [targetUID: 00000000-00005328]
"f_0004c3" has type "gzip compressed data max speed from Unix original size modulo 2^32 127594"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c3]- [targetUID: 00000000-00005328]
"urlref_httpswww.biznes.gov.plplportal03153" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]
"History-journal" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\History-journal]- [targetUID: 00000000-00003712]
"Vpn Tokens" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Vpn Tokens]- [targetUID: 00000000-00003712]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log]- [targetUID: 00000000-00003712]
"f_0004ce" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004ce]- [targetUID: 00000000-00005328]
"Advertising" has type "ASCII text"- Location: [%TEMP%\3712_847325983\Mu\Advertising]- [targetUID: 00000000-00003712]
"LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\35\scoped_dir3712_1526907482\LICENSE]- [targetUID: 00000000-00003712]
"f06bfa5f-d6d1-4276-85b0-9759706a81dd.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\f06bfa5f-d6d1-4276-85b0-9759706a81dd.tmp]- [targetUID: 00000000-00003712]
"cf9ff2f8-1909-447d-b19f-37fa2105bb36.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\cf9ff2f8-1909-447d-b19f-37fa2105bb36.tmp]- [targetUID: 00000000-00003712]
"62a033c2-2287-4b21-a47e-f4b5a669fc7e.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\62a033c2-2287-4b21-a47e-f4b5a669fc7e.tmp]- [targetUID: 00000000-00003712]
"1152170d-9747-4ddf-a726-9e7e70ab8656.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\1152170d-9747-4ddf-a726-9e7e70ab8656.tmp]- [targetUID: 00000000-00003712]
"ecdde924-3f2c-4d84-bf44-00cd98316375.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\ecdde924-3f2c-4d84-bf44-00cd98316375.tmp]- [targetUID: 00000000-00003712]
"92d3086e-7454-4c4f-a53f-ae3f748616fc.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\92d3086e-7454-4c4f-a53f-ae3f748616fc.tmp]- [targetUID: 00000000-00003712]
"crl-set" has type "data"- Location: [%TEMP%\3712_1140300212\crl-set]- [targetUID: 00000000-00003712]
"f_0004cb" has type "Web Open Font Format (Version 2) TrueType length 21436 version 1.0"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004cb]- [targetUID: 00000000-00005328]
"f_0004cd" has type "gzip compressed data max compression original size modulo 2^32 52916"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004cd]- [targetUID: 00000000-00005328]
"Shortcuts" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Shortcuts]- [targetUID: 00000000-00003712]
"arbitration_service_config.json" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\arbitration_service_config.json]- [targetUID: 00000000-00003712]
"f_0004c4" has type "gzip compressed data max speed from Unix original size modulo 2^32 59306"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0004c4]- [targetUID: 00000000-00005328]
"Entities" has type "ASCII text"- Location: [%TEMP%\3712_847325983\Sigma\Entities]- [targetUID: 00000000-00003712]
"WebAssistDatabase" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\WebAssistDatabase]- [targetUID: 00000000-00003712]
"temp-index" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index]- [targetUID: 00000000-00003712]
"000004.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Session Storage\000004.log]- [targetUID: 00000000-00003712]
"Content" has type "ASCII text"- Location: [%TEMP%\3712_847325983\Mu\Content]- [targetUID: 00000000-00003712]
"ced4e4da-1803-46be-919b-68ef0f98a309.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\ced4e4da-1803-46be-919b-68ef0f98a309.tmp]- [targetUID: 00000000-00005328]
"87dcac2a-7684-4d83-bcfe-d3021202583f.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\87dcac2a-7684-4d83-bcfe-d3021202583f.tmp]- [targetUID: 00000000-00005328]
"Staging" has type "ASCII text"- Location: [%TEMP%\3712_847325983\Sigma\Staging]- [targetUID: 00000000-00003712]
"Analytics" has type "ASCII text"- Location: [%TEMP%\3712_847325983\Mu\Analytics]- [targetUID: 00000000-00003712]
"Social" has type "ASCII text"- Location: [%TEMP%\3712_847325983\Sigma\Social]- [targetUID: 00000000-00003712]
"29d82737-fa32-4a54-9f92-50dfe9a3824b.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Network\29d82737-fa32-4a54-9f92-50dfe9a3824b.tmp]- [targetUID: 00000000-00005328]
"f6a4f247dbf4d697c26b375e3580d6053baf25f5.tbres" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\TokenBroker\Cache\f6a4f247dbf4d697c26b375e3580d6053baf25f5.tbres]- [targetUID: 00000000-00003712]
"adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\3712_453641622\adblock_snippet.js]- [targetUID: 00000000-00003712]
"Fingerprinting" has type "ASCII text"- Location: [%TEMP%\3712_847325983\Mu\Fingerprinting]- [targetUID: 00000000-00003712]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log]- [targetUID: 00000000-00003712]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log]- [targetUID: 00000000-00003712]
"Cryptomining" has type "ASCII text"- Location: [%TEMP%\3712_847325983\Mu\Cryptomining]- [targetUID: 00000000-00003712]
"Advertising" has type "ASCII text"- Location: [%TEMP%\3712_847325983\Sigma\Advertising]- [targetUID: 00000000-00003712]
"CompatExceptions" has type "ASCII text"- Location: [%TEMP%\3712_847325983\Mu\CompatExceptions]- [targetUID: 00000000-00003712]
"Social" has type "ASCII text"- Location: [%TEMP%\3712_847325983\Mu\Social]- [targetUID: 00000000-00003712]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG]- [targetUID: 00000000-00003712]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG]- [targetUID: 00000000-00003712]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG]- [targetUID: 00000000-00003712]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Platform Notifications\LOG]- [targetUID: 00000000-00003712]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG]- [targetUID: 00000000-00003712]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG]- [targetUID: 00000000-00003712]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG]- [targetUID: 00000000-00003712]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG]- [targetUID: 00000000-00003712]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Session Storage\LOG]- [targetUID: 00000000-00003712]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\LOG]- [targetUID: 00000000-00003712]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Extension State\LOG]- [targetUID: 00000000-00003712]
"LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG]- [targetUID: 00000000-00003712]
"settings.dat" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Crashpad\settings.dat]- [targetUID: 00000000-00003712]
"104b8d431ea8c29b_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\104b8d431ea8c29b_0]- [targetUID: 00000000-00003712]
"1371390efc1d73f2_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\1371390efc1d73f2_0]- [targetUID: 00000000-00003712]
"84e851f7d901fbf7_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\84e851f7d901fbf7_0]- [targetUID: 00000000-00003712]
"3dff6f1a8c1f1533_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\3dff6f1a8c1f1533_0]- [targetUID: 00000000-00003712]
"96a363d04930d5c7_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\96a363d04930d5c7_0]- [targetUID: 00000000-00003712]
"fd978b9260110594_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\fd978b9260110594_0]- [targetUID: 00000000-00003712]
"00a8c9eae2b74773_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\00a8c9eae2b74773_0]- [targetUID: 00000000-00003712]
"5ab3d99b75cd81e9_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\5ab3d99b75cd81e9_0]- [targetUID: 00000000-00003712]
"f2d03a61d77bdc62_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\f2d03a61d77bdc62_0]- [targetUID: 00000000-00003712]
"e9187ebf346dd44c_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\e9187ebf346dd44c_0]- [targetUID: 00000000-00003712]
"3420ea2f8800655e_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\3420ea2f8800655e_0]- [targetUID: 00000000-00003712]
"fd2837d56dc51044_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\fd2837d56dc51044_0]- [targetUID: 00000000-00003712]
"75de353e77876699_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\75de353e77876699_0]- [targetUID: 00000000-00003712]
"8074d539880d2e62_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\8074d539880d2e62_0]- [targetUID: 00000000-00003712]
"85b86cce86ded6d2_0" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Code Cache\js\85b86cce86ded6d2_0]- [targetUID: 00000000-00003712]
"Fingerprinting" has type "ASCII text"- Location: [%TEMP%\3712_847325983\Sigma\Fingerprinting]- [targetUID: 00000000-00003712]
"manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\3712_909160202\manifest.json]- [targetUID: 00000000-00003712]
"manifest.json" has type "JSON data"- Location: [%TEMP%\3712_847325983\manifest.json]- [targetUID: 00000000-00003712]
"Analytics" has type "ASCII text"- Location: [%TEMP%\3712_847325983\Sigma\Analytics]- [targetUID: 00000000-00003712]
"Last Browser" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Last Browser]- [targetUID: 00000000-00003712]
"manifest.json" has type "JSON data"- Location: [%TEMP%\3712_453641622\manifest.json]- [targetUID: 00000000-00003712]
"manifest.json" has type "JSON data"- Location: [%TEMP%\3712_1140300212\manifest.json]- [targetUID: 00000000-00003712]
"TransparentAdvertisers" has type "ASCII text"- Location: [%TEMP%\3712_847325983\Mu\TransparentAdvertisers]- [targetUID: 00000000-00003712]
"Variations" has type "JSON data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Variations]- [targetUID: 00000000-00003712]
"Other" has type "ASCII text"- Location: [%TEMP%\3712_847325983\Sigma\Other]- [targetUID: 00000000-00003712]
"manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\3712_453641622\manifest.fingerprint]- [targetUID: 00000000-00003712]
"manifest.fingerprint" has type "ASCII text with no line terminators"- [targetUID: 00000000-00003712]
"LICENSE" has type "ASCII text with no line terminators"- Location: [%TEMP%\3712_847325983\Sigma\LICENSE]- [targetUID: 00000000-00003712]
"manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\3712_847325983\manifest.fingerprint]- [targetUID: 00000000-00003712]
"manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\3712_909160202\manifest.fingerprint]- [targetUID: 00000000-00003712]
".ses" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]
"MANIFEST-000001" has type "PGP Secret Key -"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001]- [targetUID: 00000000-00003712]
"Content" has type "ASCII text"- Location: [%TEMP%\3712_847325983\Sigma\Content]- [targetUID: 00000000-00003712]
"Other" has type "ASCII text"- Location: [%TEMP%\3712_847325983\Mu\Other]- [targetUID: 00000000-00003712]
"000003.log" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log]- [targetUID: 00000000-00003712]
"Cryptomining" has type "ASCII text"- Location: [%TEMP%\3712_847325983\Sigma\Cryptomining]- [targetUID: 00000000-00003712]
"000001.dbtmp" has type "ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp]- [targetUID: 00000000-00003712]
"Last Version" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Last Version]- [targetUID: 00000000-00003712]
"1352044d-9cdf-448f-a5d6-36393c6f212e.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\1352044d-9cdf-448f-a5d6-36393c6f212e.tmp]- [targetUID: 00000000-00003712]
"LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\3712_453641622\LICENSE]- [targetUID: 00000000-00003712] - source
- Binary File
- relevance
- 3/10
- ATT&CK ID
- T1105 (Show technique in the MITRE ATT&CK™ matrix)
-
Dropped files
-
Network Related
-
Contacts random domain names
- details
- "www.biznes.gov.pl" seems to be random
- source
- Network Traffic
- relevance
- 5/10
- ATT&CK ID
- T1071.001 (Show technique in the MITRE ATT&CK™ matrix)
-
Found mail related domain names
- details
- Observed email domain:"silverpop.com^silverpop" [Source: Entities]
- source
- File/Memory
- relevance
- 1/10
- ATT&CK ID
- T1071.003 (Show technique in the MITRE ATT&CK™ matrix)
-
Found potential URL in binary/memory
- details
-
Pattern match: "https://www.biznes.gov.pl/pl/portal/03153"
Pattern match: "https://www.biznes.gov.pl"
Pattern match: "FddIUN.Hs/!iyr"
Pattern match: "www.biznes.gov.pl/pl/portal/03153#maincontentKonto"
Pattern match: "search.yahoo.com/favicon.icohttps://search.yahoo.com/search{google:pathWildcard}?ei={inputEncoding}&fr=crmas_sfp&p={searchTerms}UTF-8https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command={searchTerms}485bf7d3-0215-45af-87dc-53886800000"
Pattern match: "KNJ.oN/_7tD_l]E}e'ko5Ja=AAs}~zCLO"
Pattern match: "https://ntp.msn.com/edge/ntp?locale=en&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531edge://settings/profileskeygjgieestate_{edge://settingsedge://settings/edge://settings/?search=smartkeygr10nmstate_{edge://settingsedge://settings/?search=smartedge"
Pattern match: "Fje7h-l.Bs/\e7]Jl"
Pattern match: "https://ntp.www.office.com&_https://ntp.msn.comCookieSyncExpiry'_https://ntp.msn.comDefaultFeedPolicy_https://ntp.msn.comGpuExist/_https://ntp.msn.comNOTIFICATION_CACHE_LS_KEY_https://ntp.msn.combkgdV+_https://ntp.msn.combreakingNewsDismissed"
Pattern match: "https://www.biznes.gov.pl/pl/portal/03153https://www.biznes.gov.pl/pl/portal/03153https://www.biznes.gov.pl/pl/portal/03153https://www.biznes.gov.pl/pl/portal/03153https://www.biznes.gov.pl/pl/portal/03153https://logowanie.biznes.gov.plhttps://www.biznes.g"
Pattern match: "www.biznes.gov.pl/pl/portal/03153https://www.biznes.gov.pl/pl/portal/03153#maincontent9https://ntp.msn.com/edge/ntp?locale=en&title=New+tab&dsp=1&sp=Bing&startpage=1&PC=U531]=https://ntp.msn.com/edge/ntp?locale=en&title=New%20tab&dsp=1&sp=Bing&startpage=1&"
Pattern match: "https://www.googletagmanager.com/gtag/js?id=UA-55190333-1"
Pattern match: "github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.4.7/npp.8.4.7.portable.x64.7zhttps://objects.githubusercontent.com/github-production-release-asset-2e65be/33014811/42d9bc38-89f0-48d8-94ec-d1f3649d2fc3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-A"
Pattern match: "IKiEd9mYXT.OS/EM^!RbrQ?N~!'\!O5^Mm$$KAZtuehj*6GIft"
Pattern match: "avocet.io/aprecision.net/adpdealerservices.com/nuffnang.com.my/demdex.net/augur.io/cmmeglobal.com/adrolays.com/atrinsic.com/acuityads.com/wishabi.net/admedia.com/vertamedia.com/adworx.at/2leep.com/globe7.com/awaps.yandex.ru/i-behavior.com/reklamstore.com/m"
Pattern match: "https://github.com/easylist"
Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE53r3l?ver=5412,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE53bta?ver=2bf3,update_period:86400},creativeId:128000000003595"
Pattern match: "https://googleads.g.doubleclick.net/next-map-idQnamespace-3bbc91a6_51d0_4200_9fa7_2e3ec0fddf25-https://tpc.googlesyndication.com/34U"
Pattern match: "google.as/cambio.com/chrome.google.com/theboombox.com/baynote.com/aolanswers.com/tidaltv.com/disqus.com/heyzap.com/google.com.au/google.co.id/google.kg/google.co.ve/google.nr/yahoo.com/autoblog.com/feedproxy.google.com/s-msn.com/mandatory.com/noisecreep.co"
Pattern match: "https://microsoftedgewelcome.microsoft.com,supports_spdy:true},{anonymization:[],server:https://edgefrecdn.azureedge.net,supports_spdy:true},{anonymization:[],server:https://c.clarity.ms,supports_spdy:true},{anonymization:[],server:"
Pattern match: "cmail26.com/indexww.com/mkt5654.com/snapchat.com/mgid.com/zendable.com/mkt3798.com/adsafety.net/technical-service.net/hybrid.ai/contentsquare.net/mkt32.net/helpscout.net/admanmedia.com/mkt8756.com/dmxleo.com/mkt9430.com/basis.net/mailstat.us/mkt7832.com/bf"
Pattern match: "acxiom.com/atinternet.com/hitslink.com/mm7.net/go-mpulse.net/retailautomata.com/free-pagerank.com/amplitude.com/i-stats.com/dl-rms.com/enquisite.com/p.brsrvr.com/onestat.com/lyris.com/alexametrics.com/inboundwriter.com/awio.com/betssonpalantir.com/xiti.com"
Pattern match: "emaillabs.co/open.mkt4477.com/open.mkt10008.com/open.mkt6917.com/open.mkt1946.com/convertkit-mail5.com/social-tracker.msedgedemo.example/open.mkt8062.com/open.mkt8008.com/open.mkt6316.com/m3651.net/open.mkt6793.com/open.mkt3838.com/open.mkt4158.com/eds5.ma"
Pattern match: "ad-maven.com/appcast.io/leadlander.com/affasi.com/clixtell.com/adgainersolutions.com/franecki.net/pixanalytics.com/wrethicap.info/ismatlab.com/y-track.com/ecsanalytics.com/albacross.com/bgclck.me/lptracker.io/ze-fir.com/eyereturn.com/bitmedia.io/azetklik.s"
Pattern match: "anybest.site/webmine.pro/jsecoin.com/flightzy.bid/nerohut.com/flightsy.bid/coinpot.co/yololike.space/flightzy.win/zymerget.bid/bitcoin-pay.eu/freecontent.stream/authedwebmine.cz/zymerget.faith/hostingcloud.racing/mineralt.io/dinorslick.icu/coinhive.com/bms"
Pattern match: "ufpcdn.com/vdx.tv/ebaystatic.com/ad4m.at/00px.net/warumbistdusoarm.space/ownpage.fr/smct.io/ansira.com/photorank.me/fengkongcloud.com/vtex.com.br/vocento.com/ie8eamus.com/flocktory.com/justpremium.com/dynata.com/stripst.com/adskeeper.com/curalate.com/vptms"
Pattern match: "auth.adobe.com/^/horizonte.browserapps.amazon.com/^/horizonte.browserapps.amazon.de/^/horizonte.browserapps.amazon.ca/^/acrobatservices.adobe.com/^/signin.aws.amazon.com/^/horizonte-browserapps.amazon.com.br/^/zendesk.com/^/my.salesforce.com/^/disqus.com/^"
Pattern match: "mail.google.com/apps.fbsbx.com/fb.com/developers.google.com/friendfeed.com/social-tracker.msedgedemo.example/googlemail.com/facebook.com/plus.google.com/fbsbx.com/voice.google.com/facebook.de/facebook.fr/wave.google.com/twimg.com/orkut.com/twitter.jp/gmail"
Pattern match: "assets.db/MANIFEST-0000012023/12/09-03:36:27.370"
Pattern match: "s3-eu-west-1.amazonaws.com/static.inteliwise.com/release/latest/module.bee07cd0.js"
Pattern match: "s3-eu-west-1.amazonaws.com/static.inteliwise.com/release/latest/module.41584808.js"
Pattern match: "s3-eu-west-1.amazonaws.com/static.inteliwise.com/release/latest/button.9aff2210.js"
Pattern match: "s3-eu-west-1.amazonaws.com/static.inteliwise.com/release/latest/init-root.4ab9a6d2.js"
Pattern match: "s3-eu-west-1.amazonaws.com/static.inteliwise.com/release/latest/init-root.js"
Pattern match: "www.googletagmanager.com/gtag/js?id=G-45LQ2JG2K0&l=dataLayer&cx=c"
Pattern match: "www.biznes.gov.pl/pl/portal/js/sozConfirmedOld.js?val=1702121771"
Pattern match: "www.biznes.gov.pl/pl/portal/js/sozConfirmed.js?val=1702121771"
Pattern match: "static.biznes.gov.pl/releases/1.0.1/js/stickyfill.min.js"
Pattern match: "www.biznes.gov.pl/pl/portal/js/app.js?val=1702121771"
Pattern match: "www.googletagmanager.com/gtag/js?id=UA-55190333-1"
Pattern match: "logowanie.biznes.gov.pl/login/js/keycloak.js"
Pattern match: "www.biznes.gov.pl/static_common/js/shp.js"
Pattern match: "www.google-analytics.com/analytics.js"
Pattern match: "www.clarity.ms/s/0.7.20/clarity.js"
Pattern match: "zadn.vn/ansira.com/fcmatch.google.com/origo.hu/fcmatch.youtube.com/refersion.com/flocktory.com/vtex.com.br/rqtrk.eu/vocento.com/fingerprinter.msedgedemo.example/"
Pattern match: "gimbal.com/thirdwatch.ai/fndrsp.net/analytics-tracker.msedgedemo.example/cuebiq.com/inrix.com/zoominfo.com/clarity.ms/"
Pattern match: "microsoftedgeinsider.com/Fabrikam^microsoftedgeinsider.com/VanArsdel^microsoftedgeinsider.com/"
Pattern match: "fcmatch.youtube.com/fcmatch.google.com/other-tracker.msedgedemo.example/"
Pattern match: "http://www.w3.org/2000/svg"
Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"
Pattern match: "https://easylist.to/"
Pattern match: "https://creativecommons.org/compatiblelicenses"
Pattern match: "https://creativecommons.org/"
Heuristic match: "connatix.com^Connatix.com"
Heuristic match: "2leep.com^2leep.com"
Heuristic match: "amazon-adsystem.com^Amazon.com"
Heuristic match: "tracemyip.org^TraceMyIP.org"
Heuristic match: "amazon.com.mx^Amazon.com"
Heuristic match: "amazoninspire.com^Amazon.com"
Heuristic match: "boxofficemojo.com^Amazon.com"
Heuristic match: "amazon.co.uk^Amazon.com"
Heuristic match: "amazon.es^Amazon.com"
Heuristic match: "amazon.fr^Amazon.com"
Heuristic match: "adversal.com^Adversal.com"
Heuristic match: "brilliancepublishing.com^Amazon.com"
Heuristic match: "6pm.com^Amazon.com"
Heuristic match: "twitch.tv^Amazon.com"
Heuristic match: "abebooks.fr^Amazon.com"
Heuristic match: "amazon.com^Amazon.com"
Heuristic match: "alexa.com^Amazon.com"
Heuristic match: "audible.fr^Amazon.com"
Heuristic match: "adf.ly^AdF.ly"
Heuristic match: "createspace.com^Amazon.com"
Heuristic match: "dpreview.com^Amazon.com"
Pattern match: "www.unanimis.co.uk^Unanimis"
Heuristic match: "souq.com^Amazon.com"
Heuristic match: "yoyo.com^Amazon.com"
Heuristic match: "zvab.com^Amazon.com"
Pattern match: "www.eyeconomy.co.uk^Eyeconomy"
Heuristic match: "pillpack.com^Amazon.com"
Heuristic match: "advertise.com^Advertise.com"
Heuristic match: "wholefoodsmarket.com^Amazon.com"
Heuristic match: "audible.co.uk^Amazon.com"
Heuristic match: "ssl-images-amazon.com^Amazon.com"
Heuristic match: "adv-adserver.com^Adversal.com"
Heuristic match: "imdb.com^Amazon.com"
Heuristic match: "autocentre.ua^AUTOCENTRE.UA"
Heuristic match: "amazon.co.jp^Amazon.com"
Heuristic match: "abebooks.co.uk^Amazon.com"
Pattern match: "www.geniegroupltd.co.uk^GENIE"
Heuristic match: "force.com^Salesforce.com"
Heuristic match: "abebooks.com^Amazon.com"
Heuristic match: "amazon.cn^Amazon.com"
Pattern match: "www.caraytech.com.ar^Caraytech"
Heuristic match: "look.com^Amazon.com"
Heuristic match: "blogcounter.de^BlogCounter.com"
Heuristic match: "goodreads.com^Amazon.com"
Heuristic match: "acx.com^Amazon.com"
Heuristic match: "browser-update.org^Browser-Update.org"
Heuristic match: "cloudfront.net^Amazon.com"
Heuristic match: "nugg.ad^nugg.ad"
Heuristic match: "assoc-amazon.com^Amazon.com"
Heuristic match: "imdb.de^Amazon.com"
Heuristic match: "statistics.ro^Cart.ro"
Heuristic match: "brand.net^Brand.net"
Heuristic match: "amazonaws.com^Amazon.com"
Pattern match: "www.nuffnang.com.my^Nuffnang"
Heuristic match: "fabric.com^Amazon.com"
Heuristic match: "audible.com^Amazon.com"
Heuristic match: "lzjl.com^Paypopup.com"
Heuristic match: "paypopup.com^Paypopup.com"
Heuristic match: "adtegrity.net^Adtegrity.com"
Heuristic match: "woot.com^Amazon.com"
Heuristic match: "mypagerank.net^MyPagerank.Net"
Heuristic match: "iberlibro.com^Amazon.com"
Heuristic match: "amazon.com.br^Amazon.com"
Heuristic match: "amazon.com.au^Amazon.com"
Heuristic match: "amazon.com.tr^Amazon.com"
Heuristic match: "amazon.nl^Amazon.com"
Heuristic match: "hurra.com^Hurra.com"
Heuristic match: "amazon.sa^Amazon.com"
Heuristic match: "free-pagerank.com^Free-PageRank.com"
Heuristic match: "lightning.com^Salesforce.com"
Heuristic match: "eastdane.com^Amazon.com"
Heuristic match: "audible.de^Amazon.com"
Heuristic match: "alexametrics.com^Amazon.com"
Heuristic match: "comixology.com^Amazon.com"
Heuristic match: "amazon.in^Amazon.com"
Heuristic match: "ismatlab.com^ismatlab.com"
Heuristic match: "forcesslreports.com^Salesforce.com"
Heuristic match: "twitch.com^Amazon.com"
Heuristic match: "withoutabox.com^Amazon.com"
Heuristic match: "nuggad.net^nugg.ad"
Heuristic match: "oversee.net^Oversee.net"
Heuristic match: "web.com^Web.com"
Heuristic match: "match.com^Match.com"
Heuristic match: "am.ua^AUTOCENTRE.UA"
Heuristic match: "mail.ru^Mail.Ru"
Pattern match: "www.grapeshot.co.uk^Grapeshot"
Pattern match: "www.hands.com.br^Hands"
Heuristic match: "simpli.fi^Simpli.fi"
Heuristic match: "amung.us^whos.amung.us"
Heuristic match: "audible.in^Amazon.com"
Heuristic match: "adnetwork.net^AdNetwork.net"
Heuristic match: "amazon.com.sg^Amazon.com"
Heuristic match: "layer-ad.org^Layer-Ad.org"
Heuristic match: "chemistry.com^Match.com"
Heuristic match: "list.ru^Mail.Ru"
Heuristic match: "amazon.it^Amazon.com"
Heuristic match: "salesforce-communities.com^Salesforce.com"
Heuristic match: "popunder.ru^Popunder.ru"
Heuristic match: "affbuzzads.com^MovieLush.com"
Heuristic match: "audible.it^Amazon.com"
Pattern match: "www.terra.com.br^Terra"
Heuristic match: "shopbop.com^Amazon.com"
Heuristic match: "i.ua^I.UA"
Pattern match: "www.adlantis.jp^AdLantis"
Pattern match: "www.platform-one.co.jp^PLATFORM"
Heuristic match: "parsely.com^Parse.ly"
Heuristic match: "persianstat.com^PersianStat.com"
Heuristic match: "extensions.ru^EXTENSIONS.RU"
Heuristic match: "po.st^Po.st"
Heuristic match: "primawebtools.de^anormal-media.de"
Pattern match: "www.opt.ne.jp^OPT"
Heuristic match: "webgozar.com^WebGozar.com"
Heuristic match: "cart.ro^Cart.ro"
Heuristic match: "tongdun.cn^tongdun.cn"
Heuristic match: "visualforce.com^Salesforce.com"
Heuristic match: "zappos.com^Amazon.com"
Heuristic match: "amazon.de^Amazon.com"
Heuristic match: "documentforce.com^Salesforce.com"
Heuristic match: "forceusercontent.com^Salesforce.com"
Heuristic match: "salesforce.com^Salesforce.com"
Heuristic match: "trailblazer.me^Salesforce.com"
Heuristic match: "salesforce-hub.com^Salesforce.com"
Heuristic match: "adtegrity.com^Adtegrity.com"
Heuristic match: "salesforceliveagent.com^Salesforce.com"
Pattern match: "www.trovus.co.uk^Trovus"
Heuristic match: "webgozar.ir^WebGozar.com"
Heuristic match: "dpreview.in^Amazon.com"
Heuristic match: "feedperfect.com^Web.com"
Heuristic match: "sputnik.ru^Sputnik.ru"
Pattern match: "www.webads.co.uk^WebAds"
Heuristic match: "tongdun.net^tongdun.cn"
Pattern match: "www.summit.co.uk^Summit"
Heuristic match: "amazon.ca^Amazon.com"
Heuristic match: "rsvpgenius.com^Genius.com"
Heuristic match: "eproof.com^eProof.com"
Heuristic match: "fraudmetrix.cn^tongdun.cn"
Heuristic match: "dsply.com^Answers.com"
Heuristic match: "tap.me^Tap.me"
Heuristic match: "genius.com^Genius.com"
Heuristic match: "amazon.ae^Amazon.com"
Heuristic match: "dwstat.cn^dwstat.com"
Heuristic match: "adsrevenue.net^Adsrevenue.net"
Heuristic match: "segment.io^Segment.io"
Heuristic match: "paid-to-promote.net^Paid-To-Promote.net"
Pattern match: "www.fxj.com.au^Fairfax"
Heuristic match: "pixel.sg^Pixel.sg"
Heuristic match: "media.net^media.net"
Heuristic match: "abebooks.de^Amazon.com"
Heuristic match: "meetic-partners.com^Match.com"
Heuristic match: "dsnextgen.com^Oversee.net"
Heuristic match: "bookdepository.com^Amazon.com"
Heuristic match: "anormal-tracker.de^anormal-media.de"
Heuristic match: "junglee.com^Amazon.com"
Heuristic match: "anormal-media.de^anormal-media.de"
Pattern match: "www.microad.jp^MicroAd"
Heuristic match: "atoomic.com^Atoomic.com"
Heuristic match: "abebooks.it^Amazon.com"
Heuristic match: "adbroker.de^Adbroker.de"
Heuristic match: "movielush.com^MovieLush.com"
Heuristic match: "answers.com^Answers.com"
Heuristic match: "audible.co.jp^Amazon.com"
Heuristic match: "teads.tv^Teads.tv"
Heuristic match: "analytics.google.com"
Heuristic match: "fonts.googleapis.com"
Heuristic match: "fonts.gstatic.com"
Heuristic match: "logowanie.biznes.gov.pl"
Heuristic match: "rail-publisher.app.inteliwi.se"
Heuristic match: "rail-webfront.app.inteliwi.se"
Heuristic match: "s3-eu-west-1.amazonaws.com"
Heuristic match: "static.biznes.gov.pl"
Heuristic match: "static.inteliwise.com"
Heuristic match: "stats.g.doubleclick.net"
Heuristic match: "t.clarity.ms"
Pattern match: "www.biznes.gov.pl"
Pattern match: "www.google.com"
Heuristic match: "Biznes.gov.pl" - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Contacts random domain names
Session Details
No relevant data available.
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 22 processes in total.
-
rundll32.exe
"%WINDIR%\system32\ieframe.dll",OpenURL C:\DanepublicznewpisuCeidg.gov_url_022.bin.url
(PID: 5380)
-
msedge.exe
--single-argument https://www.biznes.gov.pl/pl/portal/03153
(PID: 3712)
- msedge.exe --type=crashpad-handler "--user-data-dir=%LOCALAPPDATA%\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=%LOCALAPPDATA%\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=107.0.5304.110 "--annotation=exe=%PROGRAMFILES%\(x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=107.0.1418.56 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0x134,0x7ffc32e6b208,0x7ffc32e6b218,0x7ffc32e6b228 (PID: 2916)
- msedge.exe --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1948,i,3827665035731958578,6415104197084542968,131072 /prefetch:2 (PID: 5552)
- msedge.exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1948,i,3827665035731958578,6415104197084542968,131072 /prefetch:3 (PID: 5328)
- msedge.exe --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2060 --field-trial-handle=1948,i,3827665035731958578,6415104197084542968,131072 /prefetch:8 (PID: 7552)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --time-ticks-at-unix-epoch=-1702120699859439 --launch-time-ticks=1068266794 --mojo-platform-channel-handle=3092 --field-trial-handle=1948,i,3827665035731958578,6415104197084542968,131072 /prefetch:1 (PID: 3856)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --time-ticks-at-unix-epoch=-1702120699859439 --launch-time-ticks=1068739762 --mojo-platform-channel-handle=3132 --field-trial-handle=1948,i,3827665035731958578,6415104197084542968,131072 /prefetch:1 (PID: 7468)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1948,i,3827665035731958578,6415104197084542968,131072 /prefetch:8 (PID: 6664)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4912 --field-trial-handle=1948,i,3827665035731958578,6415104197084542968,131072 /prefetch:8 (PID: 944)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4340 --field-trial-handle=1948,i,3827665035731958578,6415104197084542968,131072 /prefetch:8 (PID: 1480)
- msedge.exe --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5280 --field-trial-handle=1948,i,3827665035731958578,6415104197084542968,131072 /prefetch:8 (PID: 1768)
- msedge.exe --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5224 --field-trial-handle=1948,i,3827665035731958578,6415104197084542968,131072 /prefetch:8 (PID: 3672)
- msedge.exe --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4200 --field-trial-handle=1948,i,3827665035731958578,6415104197084542968,131072 /prefetch:8 (PID: 2656)
- msedge.exe --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5292 --field-trial-handle=1948,i,3827665035731958578,6415104197084542968,131072 /prefetch:8 (PID: 2668)
- msedge.exe --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --time-ticks-at-unix-epoch=-1702120699859439 --launch-time-ticks=1084846142 --mojo-platform-channel-handle=5716 --field-trial-handle=1948,i,3827665035731958578,6415104197084542968,131072 /prefetch:1 (PID: 3792)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1072 --field-trial-handle=1948,i,3827665035731958578,6415104197084542968,131072 /prefetch:8 (PID: 5148)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1904 --field-trial-handle=1948,i,3827665035731958578,6415104197084542968,131072 /prefetch:8 (PID: 7180)
- msedge.exe --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.16299.192 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4248 --field-trial-handle=1948,i,3827665035731958578,6415104197084542968,131072 /prefetch:2 (PID: 7876)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 --field-trial-handle=1948,i,3827665035731958578,6415104197084542968,131072 /prefetch:8 (PID: 4320)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1744 --field-trial-handle=1948,i,3827665035731958578,6415104197084542968,131072 /prefetch:8 (PID: 1356)
- msedge.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4996 --field-trial-handle=1948,i,3827665035731958578,6415104197084542968,131072 /prefetch:8 (PID: 6124)
-
msedge.exe
--single-argument https://www.biznes.gov.pl/pl/portal/03153
(PID: 3712)
Network Analysis
DNS Requests
Domain | Address | Registrar | Country |
---|---|---|---|
analytics.google.com
OSINT |
216.239.38.181
TTL: 300 |
MarkMonitor, Inc.
Organization: Google Inc. Name Server: NS1.GOOGLE.COM Creation Date: 1997-09-15T00:00:00 |
United States |
fonts.googleapis.com
OSINT |
142.251.46.234
TTL: 142 |
MarkMonitor, Inc.
Organization: Google Inc. Name Server: NS1.GOOGLE.COM Creation Date: 2005-01-25T00:00:00 |
United States |
fonts.gstatic.com
OSINT |
172.217.12.99
TTL: 300 |
MarkMonitor, Inc.
Organization: Google Inc. Name Server: NS1.GOOGLE.COM Creation Date: 2008-02-11T00:00:00 |
United States |
logowanie.biznes.gov.pl |
185.16.144.230
TTL: 3600 |
- | Poland |
rail-publisher.app.inteliwi.se
OSINT |
18.196.233.130
TTL: 60 |
Key-Systems Gmbh
Name Server: dns3.home.pl Creation Date: 2017-12-06T00:00:00 |
United States |
rail-webfront.app.inteliwi.se
OSINT |
18.196.233.130
TTL: 60 |
Key-Systems Gmbh
Name Server: dns3.home.pl Creation Date: 2017-12-06T00:00:00 |
United States |
s3-eu-west-1.amazonaws.com
OSINT |
52.218.106.27
TTL: 1 |
MarkMonitor, Inc.
Organization: Amazon.com, Inc. Name Server: R1.AMAZONAWS.COM Creation Date: 2005-08-18T00:00:00 |
United States |
static.biznes.gov.pl |
194.181.25.184
TTL: 3600 |
- | Poland |
static.inteliwise.com
OSINT |
18.238.192.16
TTL: 3600 |
Key-Systems GmbH
Organization: REDACTED FOR PRIVACY Name Server: NS-1014.AWSDNS-62.NET Creation Date: 2005-02-18T16:20:57 |
United States |
stats.g.doubleclick.net |
142.251.2.154
TTL: 275 |
- | United States |
t.clarity.ms |
20.114.189.70
TTL: 1852 |
- | United States |
www.biznes.gov.pl |
185.16.144.232
TTL: 3600 |
- | Poland |
www.google.com |
142.250.189.196
TTL: 117 |
- | United States |
Contacted Hosts
IP Address | Port/Protocol | Associated Process | Details |
---|---|---|---|
185.16.144.232 |
443
TCP |
msedge.exe PID: 5328 |
Poland |
194.181.25.184 |
443
TCP |
msedge.exe PID: 5328 |
Poland |
185.16.144.230 |
443
TCP |
msedge.exe PID: 5328 |
Poland |
142.251.46.234 |
443
TCP |
msedge.exe PID: 5328 |
United States |
172.217.12.99 |
443
TCP |
msedge.exe PID: 5328 |
United States |
18.238.192.16 |
443
TCP |
msedge.exe PID: 5328 |
United States |
172.217.12.99 |
443
UDP |
msedge.exe PID: 5328 |
United States |
142.251.2.154 |
443
TCP |
msedge.exe PID: 5328 |
United States |
216.239.38.181 |
443
TCP |
msedge.exe PID: 5328 |
United States |
52.218.106.27 |
443
TCP |
msedge.exe PID: 5328 |
United States |
20.114.189.70 |
443
TCP |
msedge.exe PID: 5328 |
United States |
142.250.189.196 |
443
TCP |
msedge.exe PID: 5328 |
United States |
18.196.233.130 |
443
TCP |
msedge.exe PID: 5328 |
United States |
216.239.38.181 |
443
UDP |
msedge.exe PID: 5328 |
United States |
Contacted Countries
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
Displaying 50 extracted file(s). The remaining 95 file(s) are available in the full version and XML/JSON reports.
-
Informative Selection 50
-
-
0ba9d383-38df-4132-836d-704729a322fd.tmp
- Size
- 60KiB (61161 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- b52aa298a5c78ecc74258be8763d4665
- SHA1
- dac9f9c7785c7af391e78d64dc1fa4e91191d97f
- SHA256
- e5a1a159daa32510471eab7ba81c8673199a83b983fb99dc644a56e4c334a2e4
-
27e16b80-7b16-4b9e-b412-962f70338c36.tmp
- Size
- 60KiB (61138 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 1d27f00abcc94a06c4b184e784e7f3a1
- SHA1
- 84b7e7b74fec37220c3d487757d75e6c5e3f84c4
- SHA256
- 70494a83d4cf83beeab1b6309e6a92e398f9ea4b252c0eff4762fe79784f9673
-
4dc194fa-ddc2-467f-a79f-2023b7d9a806.tmp
- Size
- 60KiB (61161 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- f7be99d3869cf8f84014cb56ce917c0b
- SHA1
- b77f8e1120baf561270cf4df142954f3918bd2b9
- SHA256
- 84f153dfb9ecf092a995eff218b8e2af5a79ebdabc0bac0f362fe54153d247fa
-
7551cbcd-551c-4cf4-9af7-6cb9f60928ef.tmp
- Size
- 60KiB (61162 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 43f3f0972bbc61cc9bbe6c2eea04506b
- SHA1
- 4b5470ad1363d14bb4fb96ae5d74b8b6635d7f70
- SHA256
- a187b338f1307fa2e788768d937284639d8e6cc7a2dec5ff8a466b16cc9cf019
-
76998933-ef21-4aa0-9023-f9342974e0bc.tmp
- Size
- 60KiB (61160 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 93bef93c1098d698c6da09d9e082b770
- SHA1
- caec23d11deed6eaa4216a9976ef84982a0ac4ad
- SHA256
- 4a3e1c9697b694779f5b785bf9064a11cbc2d86345a4cad104e8c909a54f7358
-
d619e453-4475-42f1-aa99-1274169cd2da.tmp
- Size
- 95KiB (97611 bytes)
- Type
- data
- Description
- JSON data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 34a9fe836cb2dc5e0e427d9306807c51
- SHA1
- ba3234bf1d7d3745bf3a8e2b9974f0a84477f175
- SHA256
- 91d3fd4733a316ac492a9dfb04e3b986806fc29b339b6f9e400a9bccb4effa37
-
settings.dat
- Size
- 280B (280 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- ad0bc7a515cdef716546f1fe7dffce24
- SHA1
- 1211554ababfbadba842f3c900fdd9d76e3186a0
- SHA256
- ff788ad9260235970674c12b2c4faa4c1825b6cbe3b471b8de23ef1ae13b1a56
-
1152170d-9747-4ddf-a726-9e7e70ab8656.tmp
- Size
- 22KiB (22930 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 423c6e0186fac09134b6d50985aea37a
- SHA1
- 526f5cc934ae767c385afadbf93ffb25b87b4359
- SHA256
- eef8e5eb91177dfa58b55e6aec3497771b27d4d04c27581b0dc2b6e8a7b1af32
-
1352044d-9cdf-448f-a5d6-36393c6f212e.tmp
- Size
- 1B (1 bytes)
- Type
- unknown
- Description
- very short file (no magic)
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 5058f1af8388633f609cadb75a75dc9d
- SHA1
- 3a52ce780950d4d969792a2559cd519d7ee8c727
- SHA256
- cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
-
62a033c2-2287-4b21-a47e-f4b5a669fc7e.tmp
- Size
- 22KiB (22957 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 0e6ddfffab1ed16424ad7a08fe454f32
- SHA1
- 2c3f0220fadc6b224a32665b9b60e3e96729d164
- SHA256
- 6f61fb23ee68204d6c148a8f0136f47434960ec0beea8121bd63e4071c8aff22
-
92d3086e-7454-4c4f-a53f-ae3f748616fc.tmp
- Size
- 22KiB (22929 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- be7fde2310ca0100aa9e85e8220e74d0
- SHA1
- 1fc94c5ceab97d2aa9288e18cf368ee9653b0cd6
- SHA256
- c70ad3d375b5bed1e93c7684d875e2c9106d2a183ba14125cfb1c3b0d292ba2a
-
000001.dbtmp
- Size
- 16B (16 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 46295cac801e5d4857d09837238a6394
- SHA1
- 44e0fa1b517dbf802b18faf0785eeea6ac51594b
- SHA256
- 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
-
000003.log
- Size
- 33B (33 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- f27314dd366903bbc6141eae524b0fde
- SHA1
- 4714d4a11c53cf4258c3a0246b98e5f5a01fbc12
- SHA256
- 68c7ad234755b9edb06832a084d092660970c89a7305e0c47d327b6ac50dd898
-
LOG
- Size
- 309B (309 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 6fe284524c502c96d45801a2f0965a9f
- SHA1
- f1ce98f882510b9c627df1efe79321777bb2ba47
- SHA256
- d41aa94bea1b0cce038acc132847090dc9bde97bcf94a7905a92ae58104c0410
-
MANIFEST-000001
- Size
- 41B (41 bytes)
- Type
- unknown
- Description
- PGP Secret Key -
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 5af87dfd673ba2115e2fcf5cfdb727ab
- SHA1
- d5b5bbf396dc291274584ef71f444f420b6056f1
- SHA256
- f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
-
000003.log
- Size
- 420KiB (429679 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 13c2df8419d86706d27696b2e391fa35
- SHA1
- 4861004f9f95d0c83ac46190d591cc736f3e2604
- SHA256
- feb80ba72e026973c08cc4d909c0fa6db9416bb3b6f8ad935a54cc24012959a1
-
LOG
- Size
- 335B (335 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 790557308e32e85fc41ff4d37eee1fa2
- SHA1
- 8f806c1f02749a730b2e1b72f6e6a640e9228f9b
- SHA256
- b3950ee9c1624fe1586b3285ce5d429c7a752ead2a487ed531d9add9706be20c
-
data_1
- Size
- 528KiB (540672 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 3dcbaf93c759ec7ab2050e80af45cf91
- SHA1
- 985bff4b66bc64ae4a728f07e2a4739704af3051
- SHA256
- a4326a434f59de53fd24e7186e052cdd3ee3bb0c5c6a4985eef05683820f951a
-
f_0004c3
- Size
- 32KiB (32262 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, max speed, from Unix, original size modulo 2^32 127594
- Runtime Process
- msedge.exe (PID: 5328)
- MD5
- 0121b78bc66a44ad34507a691f5fff93
- SHA1
- 730e3b5386d41d0bd7c8ba5e4cf33907411f2549
- SHA256
- 8b5287b7c336c933d6cf35a1d7ea25b8c77dcb6181860380809c1d77d063153d
-
f_0004c4
- Size
- 18KiB (18028 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, max speed, from Unix, original size modulo 2^32 59306
- Runtime Process
- msedge.exe (PID: 5328)
- MD5
- 050465514dd9ffc26783cffddf2c0424
- SHA1
- 5e6782c86fc89348041ce34214ab7813c5dbab47
- SHA256
- 12d5a03f2182011a0ccce8c39db6620cfd7f85ef590821089aed1efdc4cdca7b
-
f_0004c5
- Size
- 34KiB (35158 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, max speed, from Unix, original size modulo 2^32 136311
- Runtime Process
- msedge.exe (PID: 5328)
- MD5
- 10cd2ba429e132863d4d6e96c52da1df
- SHA1
- 57b955302795080794e9751efb1395a6e68e1855
- SHA256
- b7b361323b6725c2b50f88def28dd2c79ba7e13328c9cacf08ab467d8dc5e278
-
f_0004c6
- Size
- 67KiB (68986 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 5328)
- MD5
- 190ce255d8c2a54bc84b25a8212afcc7
- SHA1
- a50d4e34b3a2d0db46f0c772aebae348d77ddbcf
- SHA256
- 735196a18561c94181ad04972bbdc4d7f3477d629580276d39fe20e7323c7a90
-
f_0004c7
- Size
- 196KiB (200279 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, max speed, from Unix, original size modulo 2^32 688857
- Runtime Process
- msedge.exe (PID: 5328)
- MD5
- 117b05d0e1d5b9bfdbb1a70ea7ae5c60
- SHA1
- cbffe11a780e95027ce644e4ff728abbc4a74959
- SHA256
- 244ea3abb7387f19d685bd95714b68a15e806ec6e66f9fe7764850ffe7bffa09
-
f_0004c8
- Size
- 161KiB (165331 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, from Unix, original size modulo 2^32 527812
- Runtime Process
- msedge.exe (PID: 5328)
- MD5
- 4c46a8a63721f64f119576f2ae779c9d
- SHA1
- 9ff133a5990a1ecc34c989850cc5371c81bda2d6
- SHA256
- 85424505be34cc25eaf7b90edcad597d215303cba41d572604a18a6ad2d0ba48
-
f_0004c9
- Size
- 76KiB (78268 bytes)
- Type
- unknown
- Description
- Web Open Font Format (Version 2), TrueType, length 78268, version 331.34340
- Runtime Process
- msedge.exe (PID: 5328)
- MD5
- d824df7eb2e268626a2dd9a6a741ac4e
- SHA1
- 0ccb2c814a7e4ca12c4778821633809cb0361eaa
- SHA256
- 9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537
-
f_0004ca
- Size
- 81KiB (82445 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 5328)
- MD5
- e3a060291f130d18839e5768aaae7efc
- SHA1
- 331f9030af33f9e1a7c6600a08e76013ab248cac
- SHA256
- 5681958f21ae5706e8233fa90115dbabb869dcd9477617238c2d44274f17e1a7
-
f_0004cb
- Size
- 21KiB (21436 bytes)
- Type
- unknown
- Description
- Web Open Font Format (Version 2), TrueType, length 21436, version 1.0
- Runtime Process
- msedge.exe (PID: 5328)
- MD5
- 64edf56fc442df3868694dd6852f3c66
- SHA1
- 52d53206e0a3c563753c0653c97da4d20ae1c1c4
- SHA256
- d61fd2c7de39f437b7007d8cafb2e7c36fc2d4b7e9edd2147fe27458a0b97745
-
f_0004cc
- Size
- 32KiB (33116 bytes)
- Type
- unknown
- Description
- Web Open Font Format (Version 2), TrueType, length 33116, version 1.0
- Runtime Process
- msedge.exe (PID: 5328)
- MD5
- 48b1fa647f5ccfa511cc07a10fc22e55
- SHA1
- 12e1e0d36983a8d900bc66b4784a6f9b9ace4b60
- SHA256
- 4271064a37f3ffc0aac5f3806db8a72acc23e19447d1804e4e80d8796cbf6330
-
f_0004cd
- Size
- 21KiB (20994 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, max compression, original size modulo 2^32 52916
- Runtime Process
- msedge.exe (PID: 5328)
- MD5
- 87e8230a9ca3f0c5ccfa56f70276e2f2
- SHA1
- eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
- SHA256
- e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
-
f_0004ce
- Size
- 25KiB (25337 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 5328)
- MD5
- 772921a67ff6a39c4b4447ea06576497
- SHA1
- deaeaa4770a806c4effdf626bee5646150c10e19
- SHA256
- 33ec947034d642e2eafe5c2663ac97375eddcc21c54a67a3a13ee79e4f783954
-
f_0004cf
- Size
- 85KiB (86908 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, was "init-root.4ab9a6d2.js", last modified: Thu Nov 30 12:41:39 2023, from Unix, original size modulo 2^32 288651
- Runtime Process
- msedge.exe (PID: 5328)
- MD5
- 7e4e398e22d629bf393f72d55ef0daa6
- SHA1
- 6981841941756ea8c6aef76024b72366c13f20d4
- SHA256
- ff0b765c74f0638f126afdb4ace713ce10a8168714f26f12f95e5b6cf7014ed2
-
f_0004d0
- Size
- 122KiB (124605 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, was "module.41584808.js", last modified: Thu Nov 30 12:41:39 2023, from Unix, original size modulo 2^32 465779
- Runtime Process
- msedge.exe (PID: 5328)
- MD5
- cd047337f877254e7b0ab5c98880d5dc
- SHA1
- 420f260458c68089fa6a7ee800ffb55d3d3505ad
- SHA256
- 65bc5062be09a4c5b8da57b53c5b51bd272c92befc12f3758f0d4d64ce4b98d2
-
f_0004d1
- Size
- 173KiB (177462 bytes)
- Type
- compressed gzip
- Description
- gzip compressed data, was "module.bee07cd0.js", last modified: Thu Nov 30 12:41:39 2023, from Unix, original size modulo 2^32 561608
- Runtime Process
- msedge.exe (PID: 5328)
- MD5
- 82e4d292f60a73657e693d4af802ddb4
- SHA1
- 0792fefb66a34b1af55426088ab108799cde07a5
- SHA256
- 36bfb1e0f3e8a7209223def59dc80dc2ff809ae7f00ebf06c700cb21bae89dd3
-
00a8c9eae2b74773_0
- Size
- 232B (232 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- dc2557158bebfa197379ceef230b3944
- SHA1
- 628a03dca24e7734b5b6100cac84d15c7609eb59
- SHA256
- 31481cfbf4697c9808e0fbc7d459f70cc28b0cf2c311b5f457359e20c4161475
-
104b8d431ea8c29b_0
- Size
- 263B (263 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 4f73168ac693c97f7b9aeb47b66e4aaa
- SHA1
- 6699aa6210dd85128f118813d3f345d3b0f49d73
- SHA256
- 693a87ccb37d5fb32dc895160e08e2585dd55041f43c08ba79ccd7a9bf6371fa
-
1371390efc1d73f2_0
- Size
- 263B (263 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 4c9263635c56e3a6b2f98ffe2878f8ed
- SHA1
- 6b68b941fbdd8c1e2de894cd5405ba4e5c6f0a37
- SHA256
- 15e27d0eebdde175d33a0a874432f840a4019c803a9666e54c1a7a123ec4e7aa
-
3420ea2f8800655e_0
- Size
- 217B (217 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- f1ec8e93e776b8d51fe76d0ba5650e19
- SHA1
- 57895d0f08af4eb3453ae1efe6f5eb4d0c25299c
- SHA256
- d71fd92f4d7ce5ed6f8ed6743a797431182d06a4bdf5e7dea90135f3910fa724
-
3dff6f1a8c1f1533_0
- Size
- 253B (253 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- f4ddffcfc89174149aebb35921197ebc
- SHA1
- ad340c71eb6aa1b82ebc7826f6eda6c866946bb2
- SHA256
- 4701ac02f7643f97397847a9794f43ed33bf70b9e71e7a573fbadda54304a586
-
5ab3d99b75cd81e9_0
- Size
- 229B (229 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 5c8d3ffce85c747469c3e36e44f1cf82
- SHA1
- 1c6410ce7ed75bdf0e2d15fecd2e84bba3ab5510
- SHA256
- a0093b1e8433373108c0c0bf44fd64d7f405a0757292309ebf5427b1249360cb
-
75de353e77876699_0
- Size
- 209B (209 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 5a0ad3c358d78487a410f5d81d4c488a
- SHA1
- 96aef31c36373e8b8dc9f9214810575d4042275a
- SHA256
- 8a1434025245f169f53db3871b0f3372f8b35bafa1614968cca1b442038fd8cb
-
8074d539880d2e62_0
- Size
- 205B (205 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 9c14bd4d5d0a3f0036756f7b8efd63d6
- SHA1
- 17f2c9365266ed18a55cb7ae7bee4c7fb336c035
- SHA256
- 74f4b4b82af6f5fb504f47fc3892fcc68ab0eab13457b353ae43ad48892d040f
-
84e851f7d901fbf7_0
- Size
- 263B (263 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- cec4768b3c9df9bb1ae923aeb9d109f3
- SHA1
- 45e62864a37aec0b89752c4442a30aaf90b32a19
- SHA256
- ce88acfa69f7ceff09e92a8e9ccfce8de7e816fc6c0182d9c0ff90fbfb6849cf
-
85b86cce86ded6d2_0
- Size
- 202B (202 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- d8a0bfe1b95bea01d683de29651f5e6e
- SHA1
- 1934d98b39886411f17d4e42138cb0ee49681fc6
- SHA256
- 1b728c1c74e4252d91669c4b0c0ebea886f9069453ec299d9b880dd0ec4a0390
-
96a363d04930d5c7_0
- Size
- 244B (244 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- d8d63d1cd212f7d959967cc594fe30ff
- SHA1
- 28922514ffcf1076491375675b58269d6e5067e7
- SHA256
- 53f552bf99b746de086be97f7133c6c51f501d38a07b5f1384eefbe9bafa8f31
-
e9187ebf346dd44c_0
- Size
- 220B (220 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 3663c7ac94de386466fc5e23d181758c
- SHA1
- 9ec72e65a388cd26bbe2f29e7dca55e92bc6c5e2
- SHA256
- bf1e840126a179ad5f201396a250f58436ccbb55fb41d035aae1478718e81636
-
f2d03a61d77bdc62_0
- Size
- 224B (224 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- c283ebb52b469393a7127d6329534453
- SHA1
- 4900a51bdf0b7fa81ebde4c758849c2cacaa92fd
- SHA256
- 19cbd6cf70743a2ed9676d162fc3ac7991882e94280cf52b67f3410604315b22
-
fd2837d56dc51044_0
- Size
- 212B (212 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- e9f503f67d872e7ddc2f93db55748ae0
- SHA1
- 0f65617251f65b9fb6a9bdaaa28152f80b533cb1
- SHA256
- 7300d561900459fb8202d8d07d4d0fee3bd673e7df0bf1fd036d0a22b64f2021
-
fd978b9260110594_0
- Size
- 233B (233 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 083e88880bff5f93c68d377607682c81
- SHA1
- 61c063f742accf0111ec1cbb3658556f3bae54d2
- SHA256
- 4a948916e08ef50a93218d869fb7368686c7ba6f7107d6dc2731f211fca76155
-
temp-index
- Size
- 12KiB (12312 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 78064694f38f94cdead5f8459251f88e
- SHA1
- d618e904047798ecbd0644c842151971d12046d3
- SHA256
- 02c6e63b4efa716011d4fa4f9d33d77afc9c2e44c97eefd75bcd334b5ac84a2c
-
data_1
- Size
- 264KiB (270336 bytes)
- Type
- data
- Runtime Process
- msedge.exe (PID: 3712)
- MD5
- 774da53b6948c6225c1de59f48c619fd
- SHA1
- 99571b9c9a73c34610d12d96ed99a631d3174a58
- SHA256
- 0501448b380b8a40e96312c76a656ce8d13742242722e4b73b04ff1c64c92e72
-
Notifications
-
Runtime
- Not all IP/URL string resources were checked online
- Not all created files are visible for msedge.exe (PID: 3712)
- Not all created files are visible for msedge.exe (PID: 5328)
- Not all file accesses are visible for msedge.exe (PID: 3712)
- Not all file accesses are visible for msedge.exe (PID: 5328)
- Some low-level data is hidden, as this is only a slim report
- This URL analysis has missing honeyclient data
- Not all sources for indicator ID "mutant-0" are available in the report