https://www.reddit.com/r/HDdoctorstrange2new/
This report is generated from a file or URL submitted to this webservice on June 9th 2022 21:03:36 (UTC) and action script Default browser analysis
Guest System: Windows 7 32 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v9.2.1 © Hybrid Analysis
Incident Response
Risk Assessment
- Network Behavior
- Contacts 1 domain and 1 host. View all details
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Suspicious Indicators 1
-
Network Related
-
Sends traffic on typical HTTP outbound port, but without HTTP header
- details
- TCP traffic to 151.101.1.140 on port 443 is sent without HTTP header
- source
- Network Traffic
- relevance
- 5/10
-
Sends traffic on typical HTTP outbound port, but without HTTP header
-
Informative 10
-
Environment Awareness
-
Tries to identify Internet Explorer version from registry
- details
-
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES"; Key: "VERSION"; Value: "")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER"; Key: "HASHFILEVERSIONHIGHPART"; Value: "")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER"; Key: "HASHFILEVERSIONLOWPART"; Value: "")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER"; Key: "DOWNLOADVERSIONLIST"; Value: "")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER"; Key: "VERSIONLISTSERVERPATH"; Value: "")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER"; Key: "VERSIONLISTSERVERHOSTNAME"; Value: "")
"iexplore.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSION COMPATIBILITY\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"; Key: "VERSION"; Value: "")
"iexplore.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSION COMPATIBILITY\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"; Key: "VERSION"; Value: "")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN"; Key: "SEARCHBANDMIGRATIONVERSION"; Value: "")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\BROWSEREMULATION"; Key: "CVLISTXMLVERSIONHIGH"; Value: "")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\BROWSEREMULATION"; Key: "CVLISTXMLVERSIONLOW"; Value: "")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\BROWSEREMULATION"; Key: "IECOMPATVERSIONHIGH"; Value: "")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\BROWSEREMULATION"; Key: "IECOMPATVERSIONLOW"; Value: "") - source
- Registry Access
- relevance
- 3/10
-
Tries to identify Internet Explorer version from registry
-
General
-
Contacts domains
- details
- "www.redditstatic.com"
- source
- Network Traffic
- relevance
- 1/10
-
Contacts server
- details
- "151.101.1.140:443"
- source
- Network Traffic
- relevance
- 1/10
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\IsoScope_fc0_IESQMMUTEX_0_519"
"Local\InternetShortcutMutex"
"Local\VERMGMTBlockListFileMutex"
"Local\URLBLOCK_FILEMAPSWITCH_MUTEX_4032"
"{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"
"Local\!BrowserEmulation!SharedMemory!Mutex"
"IsoScope_fc0_IESQMMUTEX_0_303"
"IsoScope_fc0_IE_EarlyTabStart_0xd78_Mutex"
"Local\ZonesCacheCounterMutex"
"IsoScope_fc0_ConnHashTable<4032>_HashTable_Mutex"
"Local\URLBLOCK_HASHFILESWITCH_MUTEX"
"IsoScope_fc0_IESQMMUTEX_0_331"
"UpdatingNewTabPageData"
"Local\ZonesLockedCacheCounterMutex"
"IsoScope_fc0_IESQMMUTEX_0_519"
"Local\URLBLOCK_DOWNLOAD_MUTEX"
"{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"
"\Sessions\1\BaseNamedObjects\UpdatingNewTabPageData"
"\Sessions\1\BaseNamedObjects\Local\!BrowserEmulation!SharedMemory!Mutex"
"\Sessions\1\BaseNamedObjects\Local\VERMGMTBlockListFileMutex" - source
- Created Mutant
- relevance
- 3/10
-
Drops files marked as clean
- details
- Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")
- source
- Binary File
- relevance
- 10/10
-
Contacts domains
-
Installation/Persistence
-
Dropped files
- details
-
"~DFE6165EE436622890.TMP" has type "data"- Location: [%TEMP%\~DFE6165EE436622890.TMP]- [targetUID: 00000000-00004032]
"80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868" has type "data"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868]- [targetUID: 00000000-00004032]
"~DF83888ABC8DFCA671.TMP" has type "data"- Location: [%TEMP%\~DF83888ABC8DFCA671.TMP]- [targetUID: 00000000-00004032]
"1UPKB3V9.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\1UPKB3V9.txt]- [targetUID: 00000000-00002392]
"7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002392]
"K614CPEV.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\K614CPEV.txt]- [targetUID: 00000000-00002392]
"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002392]
"B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04" has type "data"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04]- [targetUID: 00000000-00002392]
"WTSE5Q08.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\WTSE5Q08.txt]- [targetUID: 00000000-00004032]
"~DFE0F46589FF2C1AFF.TMP" has type "data"- Location: [%TEMP%\~DFE0F46589FF2C1AFF.TMP]- [targetUID: 00000000-00004032]
"~DF61B42E6DFEEBD967.TMP" has type "data"- Location: [%TEMP%\~DF61B42E6DFEEBD967.TMP]- [targetUID: 00000000-00004032]
"~DF5D50C5F0F1455571.TMP" has type "data"- Location: [%TEMP%\~DF5D50C5F0F1455571.TMP]- [targetUID: 00000000-00004032]
"HUIFVSPM.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\HUIFVSPM.txt]- [targetUID: 00000000-00002392]
"6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00004032]
"en-US.4" has type "Unknown"- Location: [%LOCALAPPDATA%\Microsoft\Internet Explorer\DomainSuggestions\en-US.4]- [targetUID: 00000000-00004032]
"B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04" has type "Unknown"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04]- [targetUID: 00000000-00002392]
"imagestore.dat" has type "Unknown"- Location: [%LOCALAPPDATA%\Microsoft\Internet Explorer\imagestore\3mt7jhv\imagestore.dat]- [targetUID: 00000000-00002392]
"XO4TDBKC.txt" has type "Unknown"- Location: [%APPDATA%\Microsoft\Windows\Cookies\XO4TDBKC.txt]- [targetUID: 00000000-00004032]
"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Unknown"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002392] - source
- Binary File
- relevance
- 3/10
-
Dropped files
-
Network Related
-
Found decrypted SSL traffic
- details
-
"GET /r/HDdoctorstrange2new/ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.reddit.com
DNT: 1
Connection: Keep-Alive"- [Source: SSL_151.101.1.140]
"3feb"- [Source: SSL_151.101.1.140]
"<!DOCTYPE html>
<html lang="en-US">
<head>
<script>
var __SUPPORTS_TIMING_API = typeof performance === 'object' && !!performance.mark && !! performance.measure && !!performance.getEntriesByType;
function __perfMark(name) { __SUPPORTS_TIMING_API && performance.mark(name); };
var __firstPostLoaded = false;
function __markFirstPostVisible() {
if (__firstPostLoaded) { return; }
__firstPostLoaded = true;
__perfMark("first_post_title_image_loaded");
}
var __firstCommentLoaded = false;
function __markFirstCommentVisible() {
if (__firstCommentLoaded) { return; }
__firstCommentLoaded = true;
__perfMark("first_comment_loaded");
}
</script>
<script>__perfMark('head_tag_start');</script>
<meta charSet="utf-8"/>
<meta name="viewport" content="width=device-width
initial-scale=1" />
<meta name="referrer" content="origin-when-cross-origin" />
<style>
/* http://meyerweb.com/eric/tools/css/reset/
v2.0 | 20110126
License: none (public domain)
*/
html, body, div, span, applet, object, iframe,
h1, h2, h3, h4, h5, h6, p, blockquote, pre,
a, abbr, acronym, address, big, button, cite, code,
del, dfn, em, img, input, ins, kbd, q, s, samp,
small, strike, strong, sub, sup, tt, var,
b, u, i, center,
dl, dt, dd, ol,"- [Source: SSL_151.101.1.140]
"ul, li,
fieldset, form, label, legend,
table, caption, tbody, tfoot, thead, tr, th, td,
article, aside, canvas, details, embed,
figure, figcaption, footer, header, hgroup,
menu, nav, output, ruby, section, summary,
time, mark, audio, video {
margin: 0;
padding: 0;
border: 0;
font-size: 100%;
font: inherit;
vertical-align: baseline;
}
/* HTML5 display-role reset for older browsers */
article, aside, details, figcaption, figure,
footer, header, hgroup, menu, nav, section {
display: block;
}
body {
line-height: 1;
font-family: BentonSans, sans-serif;
}
ol, ul {
list-style: none;
}
blockquote, q {
quotes: none;
}
blockquote:before, blockquote:after,
q:before, q:after {
content: '';
content: none;
}
table {
border-collapse: collapse;
border-spacing: 0;
}
a {
color: inherit;
text-decoration: inherit;
}
html, body {
width: 100%;
margin: 0;
}
/* HTML5 display-role reset for older browsers */
article, aside, details, figcaption, figure,
footer, header, hgroup, menu, nav, section {
display: block;
}
button {
background: transparent;
border: none;
color: inherit;
cursor: pointer;
padding: initial;
}
body {
min-height: calc(100vh - 48px);
line-height: 1;
font-family: IBMPlexSans"- [Source: SSL_151.101.1.140]
", Arial, sans-serif;
-webkit-font-smoothing: antialiased;
}
body ::-moz-selection {
background-color: #7dbcff99;
}
input, textarea, [contenteditable] {
font-family: Noto Sans, Arial, sans-serif;
font-size: 14px;
font-weight: 400;
line-height: 21px;
font-family: inherit;
}
</style>
<style data-href=chunkCSS/vendors~Reddit.33a79fef6b2d259a34cc_.css data-chunk=Reddit key=chunkCSS/vendors~Reddit.33a79fef6b2d259a34cc_.css>._overlay_aqjji_1 {
position: fixed;
display: flex;
align-items: center;
justify-content: center;
top: 0;
left: 0;
right: 0;
bottom: 0;
background-color: rgba(0, 0, 0, 0.5);
cursor: pointer;
z-index: 10000;
}
._modal_aqjji_15 {
position: absolute;
cursor: default;
background: white;
width: var(--react-crypto-modal-width, 500px);
height: var(--react-crypto-modal-height, 500px);
z-index: 10001;
}
@font-face {
font-family: 'Reddit Sans';
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-redditsans-redditsans-regular-48854d9ae7.woff2') format('woff2');
}
@font-face {
font-family: 'Reddit Sans';
font-weight: bold;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-redditsans-redditsans-bold-c4a5ab79eb.woff2') format('woff2');
}
@font-face {
font-family: 'Reddit Sans';
font-we"- [Source: SSL_151.101.1.140]
"ight: 800;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-redditsans-redditsans-extrabold-5d96a4e524.woff2') format('woff2');
}
@font-face {
font-family: 'IBMPlexSans';
font-weight: normal;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-regular-39e1a74bab.woff2') format('woff2'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-regular-5a469cfacd.woff') format('woff');
}
@font-face {
font-family: 'IBMPlexSans';
font-weight: 500;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-medium-93cde5cb70.woff2') format('woff2'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-medium-926e6b23b6.woff') format('woff');
}
@font-face {
font-family: 'IBMPlexSans';
font-weight: bold;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-bold-47d0880913.woff2') format('woff2'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-bold-736188bb57.woff') format('woff');
}
@font-face {
font-family: 'Noto Sans';
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-923ab93982.woff2') forma"- [Source: SSL_151.101.1.140]
"t('woff2'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-49dd5c1e17.woff') format('woff'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-d29e1ec47e.ttf') format('truetype'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-0c237dfb54.svg') format('svg');
font-weight: normal;
font-style: normal;
font-display: swap;
}
._button_q04oj_42 {
border: 0;
font-family: 'IBMPlexSans';
border-radius: 100px;
padding: 5px 20px 5px;
font-size: 14px;
line-height: 32px;
cursor: pointer;
color: #1a1a1b;
}
._button_q04oj_42._loadingButton_q04oj_52 {
padding: 8px;
line-height: 24px;
font-size: 24px;
}
._greyTheme_q04oj_57 {
background: #f1f3f5;
}
._whiteTheme_q04oj_60 {
color: #1a1a1b;
}
._whiteTheme_q04oj_60,
._outlinedTheme_q04oj_64 {
background: #ffffff;
}
._whiteInvertedTheme_q04oj_67 {
border: 1px solid #fff;
color: #fff;
background: transparent;
}
._outlinedTheme_q04oj_64 {
color: #121212;
border: 1px solid #121212;
border-radius: 999px;
padding: 4px 19px;
font-weight: bold;
font-size: 14px;
line-height: 32px;
}
._whiteTheme_q04oj_60,
._orangeTheme_q04oj_82,
._largeOrangeTheme_q04oj_83 {
font-weight: bold;
}
._orangeTheme_q04oj_82,
._largeOrangeTheme_q04oj_83 {
background: linear-g"- [Source: SSL_151.101.1.140]
"radient(89.94deg, #ec0623 0%, #ff8717 100%);
color: white;
}
._largeOrangeTheme_q04oj_83 {
padding: 4px 19px;
font-weight: bold;
font-size: 14px;
line-height: 32px;
}
._blueTheme_q04oj_97,
._blueInvertedTheme_q04oj_98 {
font-weight: bold;
font-size: 14px;
line-height: 18px;
}
._blueTheme_q04oj_97 {
background: #0079d3;
color: #fff;
}
._blueInvertedTheme_q04oj_98 {
border: 1px solid #0079d3;
color: #0079d3;
background: transparent;
}
._disabled_q04oj_112 {
cursor: default;
background: #ddd;
}
._closeButton_bz0xz_1 {
position: absolute;
top: 20px;
right: 20px;
cursor: pointer;
z-index: 1;
/** Removes base button styling */
padding: 0;
border: none;
outline: none;
background: transparent;
}
._closeButton_bz0xz_1._contained_bz0xz_13 {
height: 24px;
width: 24px;
background: rgba(255, 255, 255, 0.5);
display: flex;
align-items: center;
justify-content: center;
border-radius: 99px;
}
._closeButton_bz0xz_1._contained_bz0xz_13 ._closeIcon_bz0xz_22 {
height: 12px;
width: 12px;
}
@font-face {
font-family: 'Reddit Sans';
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-redditsans-redditsans-regular-48854d9ae7.woff2') format('woff2');
}
@font-face {
font-family: 'Reddit Sans';
font-weight: bold;
font-style: normal;
src: url('https://www.redditstatic.com/c"- [Source: SSL_151.101.1.140]
"rypto-assets/v2/-core-styles-fonts-redditsans-redditsans-bold-c4a5ab79eb.woff2') format('woff2');
}
@font-face {
font-family: 'Reddit Sans';
font-weight: 800;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-redditsans-redditsans-extrabold-5d96a4e524.woff2') format('woff2');
}
@font-face {
font-family: 'IBMPlexSans';
font-weight: normal;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-regular-39e1a74bab.woff2') format('woff2'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-regular-5a469cfacd.woff') format('woff');
}
@font-face {
font-family: 'IBMPlexSans';
font-weight: 500;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-medium-93cde5cb70.woff2') format('woff2'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-medium-926e6b23b6.woff') format('woff');
}
@font-face {
font-family: 'IBMPlexSans';
font-weight: bold;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-bold-47d0880913.woff2') format('woff2'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-bold-736188bb57.woff') format('woff');
}
@font-fa"- [Source: SSL_151.101.1.140]
"ce {
font-family: 'Noto Sans';
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-923ab93982.woff2') format('woff2'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-49dd5c1e17.woff') format('woff'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-d29e1ec47e.ttf') format('truetype'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-0c237dfb54.svg') format('svg');
font-weight: normal;
font-style: normal;
font-display: swap;
}
._container_bb7ps_42 {
font-family: 'IBMPlexSans';
display: inline-flex;
gap: 8px;
padding: 7px 9px;
background: #e9ebed;
border-radius: 999px;
align-items: center;
}
._walletAddress_bb7ps_51 {
font-weight: bold;
font-size: 10px;
line-height: 12px;
letter-spacing: 0.05em;
text-transform: uppercase;
}
._closeAction_bb7ps_58 {
cursor: pointer;
}
._card_1vxxa_1 {
background-color: #bcbec4;
overflow: hidden;
box-shadow: 0px 48px 60px 0px rgba(2, 14, 26, 0.24);
position: relative;
height: 100%;
}
._content_1vxxa_9 {
position: absolute;
top: 0;
left: 0;
bottom: 0;
right: 0;
}
@font-face {
font-family: 'Reddit Sans';
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-redditsans-redditsans-re"- [Source: SSL_151.101.1.140]
"gular-48854d9ae7.woff2') format('woff2');
}
@font-face {
font-family: 'Reddit Sans';
font-weight: bold;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-redditsans-redditsans-bold-c4a5ab79eb.woff2') format('woff2');
}
@font-face {
font-family: 'Reddit Sans';
font-weight: 800;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-redditsans-redditsans-extrabold-5d96a4e524.woff2') format('woff2');
}
@font-face {
font-family: 'IBMPlexSans';
font-weight: normal;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-regular-39e1a74bab.woff2') format('woff2'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-regular-5a469cfacd.woff') format('woff');
}
@font-face {
font-family: 'IBMPlexSans';
font-weight: 500;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-medium-93cde5cb70.woff2') format('woff2'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-medium-926e6b23b6.woff') format('woff');
}
@font-face {
font-family: 'IBMPlexSans';
font-weight: bold;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-"- [Source: SSL_151.101.1.140]
"bold-47d0880913.woff2') format('woff2'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-bold-736188bb57.woff') format('woff');
}
@font-face {
font-family: 'Noto Sans';
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-923ab93982.woff2') format('woff2'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-49dd5c1e17.woff') format('woff'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-d29e1ec47e.ttf') format('truetype'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-0c237dfb54.svg') format('svg');
font-weight: normal;
font-style: normal;
font-display: swap;
}
._container_i06x2_42 {
padding: 10px 0 10px 10px;
border: 1px solid #e9ebed;
border-radius: 10px;
display: grid;
width: 100%;
grid-template-columns: 30px auto;
gap: 10px;
}
._container_i06x2_42,
._container_i06x2_42 * {
font-family: 'IBMPlexSans';
}
._avatar_i06x2_55 {
position: relative;
overflow: hidden;
}
._avatar_i06x2_55:before {
content: '';
position: absolute;
top: 45px;
bottom: 0;
left: 50%;
width: 2px;
background: #e9ebed;
transform: translateX(-50%);
}
._avatarImage_i06x2_69 {
width: 100%;
border-radius: 9999px;
}
._user_i06x2_73 {
font-s"- [Source: SSL_151.101.1.140]
"ize: 12px;
display: inline-flex;
align-items: center;
margin: 6px 0 10px;
}
._username_i06x2_79 {
font-weight: 500;
}
._date_i06x2_82 {
display: list-item;
margin-left: 20px;
padding-left: 0px;
list-style: disc;
color: #737577;
}
._date_i06x2_82 span {
margin-left: -5px;
}
._comment_i06x2_92 {
font-family: 'Noto Sans';
font-size: 14px;
line-height: 18px;
}
._voting_i06x2_97 {
color: #ff4500;
display: flex;
gap: 8px;
margin-top: 15px;
padding-bottom: 3px;
}
._container_13lr4_1 {
display: flex;
gap: 8px;
justify-content: center;
}
._dot_13lr4_7 {
flex: 0 0 6px;
height: 6px;
cursor: pointer;
border-radius: 9999px;
}
._inactiveDot_13lr4_14 {
background: #d4d7d9;
}
._activeDot_13lr4_18 {
background: #737577;
}
@font-face {
font-family: 'Reddit Sans';
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-redditsans-redditsans-regular-48854d9ae7.woff2') format('woff2');
}
@font-face {
font-family: 'Reddit Sans';
font-weight: bold;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-redditsans-redditsans-bold-c4a5ab79eb.woff2') format('woff2');
}
@font-face {
font-family: 'Reddit Sans';
font-weight: 800;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-redditsans-reddits"- [Source: SSL_151.101.1.140]
"ans-extrabold-5d96a4e524.woff2') format('woff2');
}
@font-face {
font-family: 'IBMPlexSans';
font-weight: normal;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-regular-39e1a74bab.woff2') format('woff2'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-regular-5a469cfacd.woff') format('woff');
}
@font-face {
font-family: 'IBMPlexSans';
font-weight: 500;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-medium-93cde5cb70.woff2') format('woff2'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-medium-926e6b23b6.woff') format('woff');
}
@font-face {
font-family: 'IBMPlexSans';
font-weight: bold;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-bold-47d0880913.woff2') format('woff2'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-bold-736188bb57.woff') format('woff');
}
@font-face {
font-family: 'Noto Sans';
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-923ab93982.woff2') format('woff2'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles"- [Source: SSL_151.101.1.140]
"3ff0"- [Source: SSL_151.101.1.140]
"-fonts-notosans-notosans-49dd5c1e17.woff') format('woff'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-d29e1ec47e.ttf') format('truetype'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-0c237dfb54.svg') format('svg');
font-weight: normal;
font-style: normal;
font-display: swap;
}
._container_1cw7m_42 {
font-family: IBM Plex Sans;
font-weight: bold;
font-size: 12px;
line-height: 16px;
display: inline-flex;
gap: 9px;
align-items: center;
}
._container_1cw7m_42,
._container_1cw7m_42 * {
font-family: 'IBMPlexSans';
}
._container_2s198_1 {
display: block;
width: 9px;
}
@font-face {
font-family: 'Reddit Sans';
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-redditsans-redditsans-regular-48854d9ae7.woff2') format('woff2');
}
@font-face {
font-family: 'Reddit Sans';
font-weight: bold;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-redditsans-redditsans-bold-c4a5ab79eb.woff2') format('woff2');
}
@font-face {
font-family: 'Reddit Sans';
font-weight: 800;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-redditsans-redditsans-extrabold-5d96a4e524.woff2') format('woff2');
}
@font-face {
font-family: 'IBMPlexS"- [Source: SSL_151.101.1.140]
"ans';
font-weight: normal;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-regular-39e1a74bab.woff2') format('woff2'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-regular-5a469cfacd.woff') format('woff');
}
@font-face {
font-family: 'IBMPlexSans';
font-weight: 500;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-medium-93cde5cb70.woff2') format('woff2'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-medium-926e6b23b6.woff') format('woff');
}
@font-face {
font-family: 'IBMPlexSans';
font-weight: bold;
font-style: normal;
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-bold-47d0880913.woff2') format('woff2'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-bold-736188bb57.woff') format('woff');
}
@font-face {
font-family: 'Noto Sans';
src: url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-923ab93982.woff2') format('woff2'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-49dd5c1e17.woff') format('woff'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-noto"- [Source: SSL_151.101.1.140]
"sans-d29e1ec47e.ttf') format('truetype'), url('https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-0c237dfb54.svg') format('svg');
font-weight: normal;
font-style: normal;
font-display: swap;
}
._container_9znh3_42,
._container_9znh3_42 * {
font-family: 'IBMPlexSans';
}
._container_9znh3_42 {
bottom: 50px;
left: 50%;
position: fixed;
transform: translateX(-50%);
width: auto;
z-index: 10002;
}
._toast_9znh3_54 + ._toast_9znh3_54 {
margin-top: 20px;
}
._toast_9znh3_54 {
min-height: 56px;
width: 100%;
gap: 12px;
display: flex;
color: #121212;
background: #f6f8f9;
box-shadow: 0px 2px 15px rgba(26, 26, 27, 0.3);
border-radius: 4px;
overflow: hidden;
}
._bar_9znh3_68 {
flex: 0 0 12px;
}
._errorKind_9znh3_71 ._bar_9znh3_68 {
background: #fb133a;
}
._successKind_9znh3_74 ._bar_9znh3_68 {
background: green;
}
._image_9znh3_77 {
flex: 0 0 24px;
align-self: center;
}
._content_9znh3_81 {
flex: 1;
font-size: 14px;
line-height: 16px;
align-self: center;
padding: 10px 12px 11px 0;
}
._close_9znh3_88 {
flex: 0 0 50px;
cursor: pointer;
position: relative;
}
._close_9znh3_88 img {
position: absolute;
top: 50%;
left: 50%;
transform: translate(-50%, -50%);
transition: 0.2s ease-out;
}
._close_9znh3_88:hover img {
transform: translate(-50%, -50%) scale(1.1);"- [Source: SSL_151.101.1.140]
"}
._entering_9znh3_103 {
animation: 1s _fadeIn_9znh3_1 ease-out;
}
._leaving_9znh3_106 {
animation: 1s _fadeIn_9znh3_1 ease-out;
}
@keyframes _fadeIn_9znh3_1 {
from {
opacity: 0;
}
to {
opacity: 1;
}
}
@keyframes _fadeOut_9znh3_1 {
from {
opacity: 1;
}
to {
opacity: 0;
}
}
._container_10e6p_1 {
height: 24px;
width: 24px;
animation: 1s _loadingSpinner_10e6p_1 linear infinite;
}
@keyframes _loadingSpinner_10e6p_1 {
from {
transform: rotate(0deg);
}
to {
transform: rotate(360deg);
}
}
._wrapper_sohbv_1 {
padding: 10px 0;
cursor: pointer;
}
._container_sohbv_6 {
position: relative;
}
._inner_sohbv_10 {
position: absolute;
top: 0;
left: 0;
bottom: 0;
width: 0;
}
._active_sohbv_18 {
animation-name: _progress_sohbv_1;
animation-timing-function: linear;
animation-fill-mode: both;
}
._post_sohbv_24 {
animation: none;
width: 100%;
}
@keyframes _progress_sohbv_1 {
from {
width: 0;
}
to {
width: 100%;
}
}
._container_12qrd_1 {
display: flex;
gap: 20px;
justify-items: stretch;
align-items: center;
}
._wrapper_12qrd_7 {
flex: 1;
}
._pill_12qrd_10 {
background: rgba(18, 18, 18, 0.1);
border: 0;
margin: 0;
height: 4px;
padding: 0;
border-radius: 100px;
overflow: hidden;
}
._wrapper_12qrd_7:hover ._pill_12qrd_10 {
background: rgba(0,"- [Source: SSL_151.101.1.140]
"0, 0, 0.2);
}
._wrapper_12qrd_7:hover ._pill_12qrd_10 ._inner_12qrd_22 {
background: rgba(0, 0, 0, 0.4);
}
._inner_12qrd_22 {
background: rgba(18, 18, 18, 0.27);
}
._container_10gun_1 {
display: grid;
grid-template-rows: 50px auto;
}
._nav_10gun_6 {
display: flex;
height: 52px;
padding: 0 20px 0 16px;
gap: 24px;
align-items: center;
}
._progressPills_10gun_14 {
flex: 1;
}
._slide_10gun_18 {
display: flex;
justify-content: center;
align-items: center;
}
._closeAction_10gun_24 {
flex: 12px 0 0;
font-size: 18px;
color: #d4d7d9;
height: 12px;
background: url('https://www.redditstatic.com/crypto-assets/v2/close-a133543cfb.svg') center center;
cursor: pointer;
}
._closeAction_10gun_24:hover {
background-image: url('https://www.redditstatic.com/crypto-assets/v2/close-active-ee3ed5e999.svg');
}
._container_108ua_1 {
position: absolute;
z-index: 1000;
}
.splide__container {
box-sizing: border-box;
position: relative;
}
.splide__list {
-webkit-backface-visibility: hidden;
backface-visibility: hidden;
display: -ms-flexbox;
display: flex;
height: 100%;
margin: 0 !important;
padding: 0 !important;
}
.splide.is-initialized:not(.is-active) .splide__list {
display: block;
}
.splide__pagination {
-ms-flex-align: center;
align-items: center;
display: -ms-flexbox;
display: flex;
-ms-"- [Source: SSL_151.101.1.140] - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1573 (Show technique in the MITRE ATT&CK™ matrix)
-
Found potential URL in binary/memory
- details
-
Pattern match: "https://www.reddit.com/r/HDdoctorstrange2new/"- [Source: Input]
Pattern match: "https://www.reddit.com"- [Source: Input]
Pattern match: "www.redditstatic.com"- [Source: PCAP]
Pattern match: "www.reddit.com"- [Source: SSL_151.101.1.140]
Pattern match: "http://meyerweb.com/eric/tools/css/reset/"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-redditsans-redditsans-regular-48854d9ae7.woff2"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-redditsans-redditsans-extrabold-5d96a4e524.woff2"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-49dd5c1e17.woff"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-923ab93982.woff2"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-redditsans-redditsans-bold-c4a5ab79eb.woff2"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-bold-736188bb57.woff"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-regular-39e1a74bab.woff2"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-d29e1ec47e.ttf"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-notosans-notosans-0c237dfb54.svg"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.redditstatic.com/crypto-assets/v2/close-a133543cfb.svg"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-bold-47d0880913.woff2"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-medium-926e6b23b6.woff"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-medium-93cde5cb70.woff2"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-redditsa"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.redditstatic.com/crypto-assets/v1/cards/nft-icon.svg"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.redditstatic.com/crypto-assets/v2/-core-styles-fonts-ibmplexsans-regular-5a469cfacd.woff"- [Source: SSL_151.101.1.140]
Pattern match: "https://w3-reporting-nel.reddit.com/reports"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.reddit.com/r/HDdoctorstrange2new//"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.redditstatic.com/desktop2x/js/xads.js"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.redditstatic.com/gold/awards/icon/platinum_32.png,width:32,height:32},icon64:{url:https://www.redditstatic.com/gold/awards/icon/platinum_64.png,width:64,height:64},icon128:{url:https://www.redditstatic.com/gold/awards/icon/p"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.redditstatic.com/gold/awards/icon/gold_512.png},staticIcon:{url:https://www.redditstatic.com/gold/awards/icon/gold_512.png},id:gid_2,isEnabled:true,isNew:false,name:Gold,daysOfPremium:7,tiers:null,giverCoinReward:null,"- [Source: SSL_151.101.1.140]
Pattern match: "ws-07381166f904475a7.wss.redditmedia.com/link/v8nvcu?m=AQAANLKjYiVTguSdP7grvp1R5xw1K_Q8kqCLPfTAvVGJLPxopICK,source:null,isOriginalContent:false,contentCategories:null,isScoreHidden:false,awardCountsById:{}},t3_v8n4l6:{id:t3_v8n4l6,numComm"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.redditstatic.com/gold/achievement_flairs/powerups_top_supporter_120.png,mimeType:image/png,x:120,y:120}},POWERUPS_SUPPORTER_LEVEL_3:{name:Supporter"- [Source: SSL_151.101.1.140]
Pattern match: "https://www.redditstatic.com/gold/achievement_flairs/lurker_120.png,mimeType:image/png,x:120,y:120}},POWERUPS_SUPPORTER_MEME:{name:Meme-ologist,description:Got"- [Source: SSL_151.101.1.140]
Pattern match: "7.oj/Gn3E~t"- [Source: SSL_151.101.1.140] - source
- File/Memory
- relevance
- 10/10
-
Found decrypted SSL traffic
-
Spyware/Information Retrieval
-
Found a reference to a known community page
- details
-
"<title>Where to Watch Doctor Strange in the Multiverse of Madness online streaming!</title><meta name="description" content="r/HDdoctorstrange2new: The Marvel Cinematic Universe keeps rolling along
with Doctor Strange in the Multiverse of Madness set to continue Phase "/><link rel="canonical" href="https://www.reddit.com/r/HDdoctorstrange2new/"/><meta property="og:ttl" content="600"/><meta property="og:site_name" content="reddit"/><meta property="twitter:site" content="@reddit"/><meta property="twitter:card" content="summary"/><meta property="og:title" content="r/HDdoctorstrange2new"/><meta property="twitter:title" content="r/HDdoctorstrange2new"/><meta property="twitter:image" content=""/><meta property="og:type" content="website"/><meta property="og:url" content="https://www.reddit.com/r/HDdoctorstrange2new/"/><meta property="og:image" content=""/><meta/><meta/>
</head>
<body>
<script>__perfMark('app_html_start');</script>
<div id="2x-container">" (Indicator: "twitter") - source
- File/Memory
- relevance
- 7/10
-
Found a reference to a known community page
-
Unusual Characteristics
-
Drops cabinet archive files
- details
- "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"
- source
- Binary File
- relevance
- 10/10
-
Drops cabinet archive files
Session Details
No relevant data available.
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 3 processes in total.
-
rundll32.exe
"%WINDIR%\System32\ieframe.dll",OpenURL C:\5e07c3f0a6411a02e47d2facee18f2e86fb6d0431d04ccd34ccdae606aa03436.url
(PID: 3240)
-
iexplore.exe
https://www.reddit.com/r/HDdoctorstrange2new/
(PID: 4032)
- iexplore.exe SCODEF:4032 CREDAT:275457 /prefetch:2 (PID: 2392)
-
iexplore.exe
https://www.reddit.com/r/HDdoctorstrange2new/
(PID: 4032)
Network Analysis
DNS Requests
Domain | Address | Registrar | Country |
---|---|---|---|
www.redditstatic.com
OSINT |
151.101.1.140
TTL: 38 |
- | United States |
Contacted Hosts
IP Address | Port/Protocol | Associated Process | Details |
---|---|---|---|
151.101.1.140 |
443
TCP |
iexplore.exe PID: 2392 |
United States |
Contacted Countries
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
Displaying 50 extracted file(s). The remaining 35 file(s) are available in the full version and XML/JSON reports.
-
Clean 1
-
-
urlblockindex_1_.bin
- Size
- 16B (16 bytes)
- Type
- data
- AV Scan Result
- 0/57
- MD5
- fa518e3dfae8ca3a0e495460fd60c791
- SHA1
- e4f30e49120657d37267c0162fd4a08934800c69
- SHA256
- 775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
-
-
Informative Selection 2
-
-
favicon_3_.ico
- Size
- 4.2KiB (4286 bytes)
- Type
- unknown
- Description
- MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
- MD5
- da597791be3b6e732f0bc8b20e38ee62
- SHA1
- 1125c45d285c360542027d7554a5c442288974de
- SHA256
- 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
-
favicon_2_.ico
- Size
- 4.2KiB (4286 bytes)
- Type
- unknown
- Description
- MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
- MD5
- da597791be3b6e732f0bc8b20e38ee62
- SHA1
- 1125c45d285c360542027d7554a5c442288974de
- SHA256
- 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
-
-
Informative 47
-
-
1UPKB3V9.txt
- Size
- 599B (599 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 2392)
- MD5
- 4faccf6df4b2dddf422de2af04be3f78
- SHA1
- 4f8a2e9dc5568254673e7a3d8112c030252e09c4
- SHA256
- c0af2afc5d14d495df25bc36c3e1e80c6c9842917e82639733ae80ea52d5674b
-
HUIFVSPM.txt
- Size
- 576B (576 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 2392)
- MD5
- 335dba42f69665da279b6b55047d7ff2
- SHA1
- 1feada0f7eddfc94c1a1dc6e5fea829557518271
- SHA256
- a825cc7d2da1c1b1c0f1f9a2cbdbc33b2ad7d360351a90e20609b6a736fda2ae
-
K614CPEV.txt
- Size
- 287B (287 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 2392)
- MD5
- b6d149ad0c103266610b84686d684df0
- SHA1
- 5d220513aa65c32d75d16d8bd8aa83e2705a022c
- SHA256
- 00bba59b82a83d215d1b7f7d7535ae8f697fbd9e4bdea06a785e1b365a424943
-
WTSE5Q08.txt
- Size
- 1023B (1023 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 4032)
- MD5
- 65f623b8a166f2f09fec97f947eb752d
- SHA1
- e953525e0f7ba60e5edfdc3cdf0e9e1352e558c8
- SHA256
- b49256220d2d8f4c3d68f1a42c70244d9063e8907a9433c250f75ced4b230554
-
XO4TDBKC.txt
- Size
- 109B (109 bytes)
- Runtime Process
- iexplore.exe (PID: 4032)
- MD5
- fa1e0834f17e7f2ae1f6f67c122f5975
- SHA1
- a0e2a4dd6da40ef95b087eeb354ffe72d21a524c
- SHA256
- 3bf745eccdda8c3be084ebcc471b84f6840642fd05fce89f7373ff89e9e8837c
-
en-US.4
- Size
- 18KiB (18176 bytes)
- Runtime Process
- iexplore.exe (PID: 4032)
- MD5
- 5a34cb996293fde2cb7a4ac89587393a
- SHA1
- 3c96c993500690d1a77873cd62bc639b3a10653f
- SHA256
- c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
-
imagestore.dat
- Size
- 19KiB (19462 bytes)
- Runtime Process
- iexplore.exe (PID: 2392)
- MD5
- 4d36046eb3fc7312671fc1b586e8f301
- SHA1
- 949b0bf7001ae035314c54e9e4ef581a091437da
- SHA256
- 41541eb1b36a671617912341b6d2778026218a70ef79cd17818509e2c4c78f4b
-
57C8EDB95DF3F0AD4EE2DC2B8CFD4157
- Size
- 340B (340 bytes)
- Runtime Process
- iexplore.exe (PID: 2392)
- MD5
- 97834703bbee5c56cfa9139c313d6966
- SHA1
- 76c727ed908335f834ca4110f01bb7fc38f51898
- SHA256
- c4d2746c24c8b1ca586a0e96a153d84bf10097b6392f75da7832b28632be06e7
-
6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
- Size
- 434B (434 bytes)
- Runtime Process
- iexplore.exe (PID: 4032)
- MD5
- 5d04c973fed3174e309c9fe74e394339
- SHA1
- 6bd399f5cefe419861af5eba161baa72ad3672bb
- SHA256
- 066324680c769fc59c0ccca70af9bb4abccd8a57e3d5b5b3b041b5d0171cc96d
-
7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
- Size
- 404B (404 bytes)
- Runtime Process
- iexplore.exe (PID: 2392)
- MD5
- 442726f4bab8694d72b8142479ae3d84
- SHA1
- 1b6eed017ea0ab8aa2f88bffff78bd5718eeb9e4
- SHA256
- 0f8b17335f19e0302f527ab611871204b365d957f3799c8272d73f9201ed276d
-
80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868
- Size
- 412B (412 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 4032)
- MD5
- ad3c191df714662adb60fd7cfb2c3ae7
- SHA1
- a440d5169fe9a541815e23bf256bbe4a263c3ab1
- SHA256
- 0b0d9e03acac34af259c76030ab627b9ed4b426b65cb7f0af12f0dfc2c319364
-
B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
- Size
- 430B (430 bytes)
- Runtime Process
- iexplore.exe (PID: 2392)
- MD5
- c2e426bfd5fa5056bf478b40182c3e3e
- SHA1
- 8be492f82638cc2aeadd1165e0b7dd8528dc85c5
- SHA256
- fb6fea3966074a51d02ba10928196ce5efca8bcda10857183063b6db9f8ae400
-
~DF5D50C5F0F1455571.TMP
- Size
- 16KiB (16384 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 4032)
- MD5
- f61523d684e4955f22caaf99b8158158
- SHA1
- cfffc4aa332f775e36cdaad339813eff797eb28d
- SHA256
- a4f39117d1273aa08435eb506ad1b1052828b265f53a2d698039b8daee8a7380
-
~DF61B42E6DFEEBD967.TMP
- Size
- 16KiB (16384 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 4032)
- MD5
- 240f99586b5a1cd8c0d2e1b51740ebcc
- SHA1
- 04745344b58f6b67221e85d171700a9ff386245e
- SHA256
- cc1bad6c49029aeb8e2fe1765eb044378976f34e570afdbaee9b26ea145d7ea4
-
~DF83888ABC8DFCA671.TMP
- Size
- 16KiB (16384 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 4032)
- MD5
- 4937d5c61eba5250f891744417fca66d
- SHA1
- 28c9e608dad95ae0331f726a7df04cf77cac7035
- SHA256
- 50c15088bf62e5e172b087819d3c23165e5c4079055d24b14efd3b1409e89d12
-
~DFE0F46589FF2C1AFF.TMP
- Size
- 16KiB (16384 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 4032)
- MD5
- 9b62ef2a3c6ae0c6b0bc778789d722a4
- SHA1
- cad8858a1dfe25dfde47f5a02b1d872be91f0b5d
- SHA256
- 9c16faf5c956d9779cf6f061ca28d8e9c332363c125fb1ec481de61103cecc64
-
~DFE6165EE436622890.TMP
- Size
- 16KiB (16384 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 4032)
- MD5
- 5cab58d3021273f954a0fa7465deda13
- SHA1
- aa86792bd5239c798b2820790e8bb509fcbad240
- SHA256
- 3e416f8017a91175254078695e2071f0f4e7ccb544dc7b63e0328d084ed45478
-
Medium-1051a531d3e1ee3483a6533158557139-font_1_.woff
- Size
- 68B (68 bytes)
- Type
- text
- Description
- ASCII text, with no line terminators
- MD5
- 1051a531d3e1ee3483a6533158557139
- SHA1
- 3e496391e8c389e8831ea6c21da5aba3e5c3d72e
- SHA256
- 0191cbe14ade1fe9c80860b60445ec6e1b2694e9dbae70ec8c886a3582ae223a
-
CollectionCommentsPage~CommentsPage~ModerationPages~PostCreation~ProfileComments~ProfileOverview~Pro~898a3d9b.6c33a24e8179f756def1_1_.js
- Size
- 67KiB (68353 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines
- MD5
- 7af9f817188ceedb75eefe6e479db972
- SHA1
- 695a3c0448b31855370ed7584c4cecfed1d05530
- SHA256
- aab447a542a1f59750d7c156dd8f031378a8f69fb1614d8338c1405e1d5be1ba
-
-core-styles-fonts-ibmplexsans-bold-736188bb57_1_.woff
- Size
- 65KiB (66184 bytes)
- Type
- unknown
- Description
- Web Open Font Format, TrueType, length 66184, version 2.1
- MD5
- 2380987e81166acc4fefab6040df9899
- SHA1
- 5e1ee3d21a154daab9f57bc6f90b7242253077a7
- SHA256
- 736188bb571031e801da01a7f98325d6ae6a10feb714b10e2442f3f376c9260c
-
Medium-Italic-a25d440012460eb8883e539f93040fa7-font_1_.woff
- Size
- 75B (75 bytes)
- Type
- text
- Description
- ASCII text, with no line terminators
- MD5
- a25d440012460eb8883e539f93040fa7
- SHA1
- a299fcc48474c3074cf771ff639ecab5458ea5d2
- SHA256
- 8becec143e829ece508118aa7799e2223289d3a6a22371b3ff4163b76a2a68ec
-
HDdoctorstrange2new_1_.htm
- Size
- 906KiB (927620 bytes)
- Type
- html
- Description
- HTML document, UTF-8 Unicode text, with very long lines
- MD5
- ed60b614766521bcc971a601f76315c7
- SHA1
- 962a45fa3c23384443170b631c65d5f63a0dff3c
- SHA256
- 2c31332be5789ac5336b4937f88633fdc5aedbf37c9395b16c6d3dc13c4defaf
-
IdCard.0ee15fac1b61d35a3826_1_.js
- Size
- 131KiB (134188 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines
- MD5
- 5af83245672ed2c0673cbcc78ece805e
- SHA1
- 0ba14da9b6297c85d7827f87866508da326e74cc
- SHA256
- 00f803c487a2c223a72685d0fdacd3deb0efdbc848bf5a08519c73d8d4fd8eab
-
Subreddit.9fe095d90b406d1fed25_1_.js
- Size
- 383KiB (392398 bytes)
- Type
- script javascript
- Description
- UTF-8 Unicode text, with very long lines
- MD5
- ccfbee832ee9b2a0ce51c84027f898fd
- SHA1
- 90a12243db44cff5b456c718594c5f00da22e353
- SHA256
- b365054a60ec2595a4eede6460ddfbc0614c81bf420b86464130e7edbbec5c37
-
vendors~Chat~Governance~Reddit.ce5e053e1825182dea2b_1_.js
- Size
- 972KiB (995577 bytes)
- Type
- data
- MD5
- 72f73237cf8bab6b87b394a5b999c2d6
- SHA1
- 9f98bc3a9a0ebe108c685bdaf4f5def799a1c2f1
- SHA256
- f31bc6042a212304d3af6e997d7f967dca5fe4ef1fc78f05cab1a641eb3750c9
-
redesignFont2020.1ef18f48d12289f92f85234751c1f818_1_.eot
- Size
- 135KiB (138092 bytes)
- Type
- unknown
- Description
- Embedded OpenType (EOT), redesignFont2020 family
- MD5
- b860a445955c10dd1b30d58dffb7e088
- SHA1
- db79de791d58939958cabe10423f01bc57a27856
- SHA256
- 080f1fdcc2b27c592b00f5288b087363766ee0c1cad7b31fe761a079ab497ef9
-
_3473D9CA-E828-11EC-9296-080027B3E820_.dat
- Size
- 4.5KiB (4608 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- MD5
- b3181cb824da3666024d21dedabecac4
- SHA1
- dd58de974da55fae92077af4a120e3b4a9f6e366
- SHA256
- 4986e56eee03ba5ec4200a3bb9cd3981237e1b675cd42d3e9d0390c9a8ebeb76
-
Governance~ModListing~Reddit~ReportFlow~Subreddit.1ce49a6fa81789d41381_1_.js
- Size
- 315KiB (322219 bytes)
- Type
- script javascript
- Description
- UTF-8 Unicode text, with very long lines
- MD5
- 237448d4eca4b42ff8bf1243f2f97f57
- SHA1
- 1de45c9797d5ee096fb866cddd88427e653e963f
- SHA256
- 2164a7207b716583ffbbe2ca6bd0e387dba0d637c8ab4686987699d774ea431a
-
Regular-e6bbcdd30d3bd4d6b170bcb6d3552cab-font_1_.woff
- Size
- 69B (69 bytes)
- Type
- text
- Description
- ASCII text, with no line terminators
- MD5
- e6bbcdd30d3bd4d6b170bcb6d3552cab
- SHA1
- 5ae2246a5d02f86322e2782cc79e110b5c803067
- SHA256
- 8839c1f7fe11e9d6ce78bfad758ea96e59d17dd023c16417c0a9b37c59fd81ef
-
Bold-c34ba754b7235b49d33b294ff7a54179-font_1_.woff
- Size
- 66B (66 bytes)
- Type
- text
- Description
- ASCII text, with no line terminators
- MD5
- c34ba754b7235b49d33b294ff7a54179
- SHA1
- b5477eaeb0f16575ee3bfa9296f89ac53be6b3ce
- SHA256
- 82ee6ea61b76edbfdb614afe2658b1709d5734a8f81147dc887b1592d6b7a8fd
-
reddit-components-LargePost.781fdf54cb4486a9e6ea_1_.js
- Size
- 110KiB (112422 bytes)
- Type
- script javascript
- Description
- UTF-8 Unicode text, with very long lines
- MD5
- 842b776325028347f53ac03b2c4bb5c7
- SHA1
- 4101101c498548ce9fab6df75e83884c5b2a808e
- SHA256
- e2309bacff058a9e7d4c87e39b47553f038bbbfe081192075dc907f97f60c210
-
search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico
- Size
- 4.2KiB (4286 bytes)
- Type
- unknown
- Description
- MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
- MD5
- da597791be3b6e732f0bc8b20e38ee62
- SHA1
- 1125c45d285c360542027d7554a5c442288974de
- SHA256
- 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
-
_321CEBCC-E827-11EC-9296-080027B3E820_.dat
- Size
- 4.5KiB (4608 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- MD5
- 4618f5a0a66357faac56bee0bb1f2f8b
- SHA1
- 98343bf8894ed7fb3bd52f51f8d72eaa857ffa93
- SHA256
- 5523a4cc39f4d72978717cb29f1d4347b02222ea4f984c1959a1e8897775710e
-
Bold-c34ba754b7235b49d33b294ff7a54179-font_2_.woff
- Size
- 66B (66 bytes)
- Type
- text
- Description
- ASCII text, with no line terminators
- MD5
- c34ba754b7235b49d33b294ff7a54179
- SHA1
- b5477eaeb0f16575ee3bfa9296f89ac53be6b3ce
- SHA256
- 82ee6ea61b76edbfdb614afe2658b1709d5734a8f81147dc887b1592d6b7a8fd
-
AuthorHovercard~Reddit.050c4fbeb67a1e10b871_1_.js
- Size
- 76KiB (78233 bytes)
- Type
- script javascript
- Description
- UTF-8 Unicode text, with very long lines
- MD5
- 7c2ec2ceb29a6471ed0d283ba76740a8
- SHA1
- 0276c9756a02c7fb54d32e8280cf1f90ad445a08
- SHA256
- 8edcab806dc1cd75258beb7bd08014d896def5220b77e58d1cfce8cdd9b549b0
-
Italic-5267af566ab853eb9d74db1a78a46c67-font_1_.woff
- Size
- 68B (68 bytes)
- Type
- text
- Description
- ASCII text, with no line terminators
- MD5
- 5267af566ab853eb9d74db1a78a46c67
- SHA1
- 29adf5093a3037931a7671e89c02aaeb575cba91
- SHA256
- 2328dcdf67d98788b1bed8931f34e6be962d5131932efcf56259fd69c24b528b
-
Bold-Italic-255b4934a1f414dd312aa89382d65114-font_1_.woff
- Size
- 73B (73 bytes)
- Type
- text
- Description
- ASCII text, with no line terminators
- MD5
- 255b4934a1f414dd312aa89382d65114
- SHA1
- 3ea445ab5eb68a4c1632666a6ce9967da3763fac
- SHA256
- 42d5eb3c9201b3fe6861b3076e48a4fbd3211e5c5418e3f38710745c8a21a3e9
-
Chat~Governance~Reddit.7579e8ecb85dccf2cdea_1_.js
- Size
- 1.5MiB (1535871 bytes)
- Type
- script javascript
- Description
- UTF-8 Unicode text, with very long lines, with no line terminators
- MD5
- 761bb40694bc15f5b54fa924831f5770
- SHA1
- 7bc488b40889b7da9fde4b455fdb06e2dd6bc604
- SHA256
- 442400f1f2dd6d54f157b203f6cd5a6ab6d6ebc2ff993e8aef48436a97d29e2b
-
android-icon-192x192_1_.png
- Size
- 8.5KiB (8680 bytes)
- Type
- img image
- Description
- PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
- MD5
- e5598dd3e7e342517c6fa8a73d645479
- SHA1
- a70ab5d077374748901898cfcd9c7a09b8a303a9
- SHA256
- 38f250a84aeda6e0235ad20a22c846520fe976c3137c3c5fc9c5a2690b206156
-
Governance~Reddit.d868f118541282a79148_1_.js
- Size
- 425KiB (435558 bytes)
- Type
- script javascript
- Description
- UTF-8 Unicode text, with very long lines
- MD5
- 2dc7d0ae18a87df2fa3292bf7b24931b
- SHA1
- 93dc6d35ae824a49117c4a2320f5133722cd92ae
- SHA256
- e400102471e49a77fd6165083bc0dd4919137b0006c182cb3c82537b6d6b93cf
-
RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat
- Size
- 17KiB (17408 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- MD5
- 43262defc9c594f774a648fb2c069e8d
- SHA1
- 0199353e980449348ed7a25f60ef433cf0277c55
- SHA256
- 938e9801483e110ee2a8c8547b6006dd786b4dd7cbeafbcc01540164149eeb2e
-
ChatPost~CollectionCommentsPage~CommentsPage~EconTopAwardersModal~ModQueuePages~ModerationPages~Post~38f39fb8.b0561741f5e7efc3edbd_1_.js
- Size
- 94KiB (96277 bytes)
- Type
- script javascript
- Description
- UTF-8 Unicode text, with very long lines
- MD5
- 7d218729a393ccab1824e4de9318ab24
- SHA1
- 7a12869abfc00398e20847a01ec16dec335842b5
- SHA256
- 75e3d3558ae8337f5622517d659d73cc8a877251d2374e233db4ac368292a272
-
CollectionCommentsPage~CommentsPage~CountryPage~Frontpage~GovernanceReleaseNotesModal~ModListing~Mod~adaf0b02.0f3a0f641b6882470815_1_.js
- Size
- 65KiB (66569 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines
- MD5
- 2b0a19b957929dd10ab831d347ffbfe4
- SHA1
- 2f6dc477c741479a7d230782702cd2809ef0edb5
- SHA256
- caad6a9cc517e84a7f93816dd1bfa125d1e3f362bab90c5c372eac7f69af0d35
-
CollectionCommentsPage~CommentsPage~GovernanceReleaseNotesModal~ModerationPages~PostCreation~Profile~9a5d9fab.53b497f7b27988af094a_1_.js
- Size
- 56KiB (57796 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines
- MD5
- 4dd29f3749ab6ec82be2e847bb824761
- SHA1
- 14bfb6046186bafed0963815af917d8f1f697e59
- SHA256
- 052e4db7c22253a6893b1cdebbdc17962fb7f501d343199467333d3deaafe88f
-
Light-Italic-112953068bc678d61f4553a1184561f0-font_1_.woff
- Size
- 74B (74 bytes)
- Type
- text
- Description
- ASCII text, with no line terminators
- MD5
- 112953068bc678d61f4553a1184561f0
- SHA1
- 5a667d6bbfe11899e54e7667dae3b54f930f6471
- SHA256
- 5b4535205c590c5016abbc67fc2836984421161b62167c662c347356363e120a
-
Bold-Italic-255b4934a1f414dd312aa89382d65114-font_2_.woff
- Size
- 73B (73 bytes)
- Type
- text
- Description
- ASCII text, with no line terminators
- MD5
- 255b4934a1f414dd312aa89382d65114
- SHA1
- 3ea445ab5eb68a4c1632666a6ce9967da3763fac
- SHA256
- 42d5eb3c9201b3fe6861b3076e48a4fbd3211e5c5418e3f38710745c8a21a3e9
-
Reddit.d3cdcebc874a04dc7a49_1_.js
- Size
- 532KiB (545138 bytes)
- Type
- script javascript
- Description
- UTF-8 Unicode text, with very long lines
- MD5
- a2448e41909830c71bab767b792df209
- SHA1
- 139fde750d193d9605bf63d3df20d79d9a78e0cc
- SHA256
- 3c71cfb096e0ed8c2d5a4b4a0369d37db04c16defd610745533c9b83e14bf174
-
Notifications
-
Runtime
- Although all strings were processed, some are hidden from the report in order to reduce the overall size
- Not all IP/URL string resources were checked online
- Not all file accesses are visible for iexplore.exe (PID: 2392)
- Not all file accesses are visible for iexplore.exe (PID: 4032)
- Not all sources for indicator ID "binary-0" are available in the report
- Not all sources for indicator ID "mutant-0" are available in the report
- Not all sources for indicator ID "registry-103" are available in the report
- Not all sources for indicator ID "string-102" are available in the report
- Some low-level data is hidden, as this is only a slim report
- This URL analysis has missing honeyclient data
Anonymous commented 1 year ago updated