Analysis Report https://www.amazon.co.uk/gp/r.html?C=SVULMK1YZBEX&M=urn:rtn:msg:20210405031457899c6af757194d7cb466ffbe44f0p0eu&R=3DUSOE0YLT886&T=C&U=http%3A%2F%2Fwww.amazon.co.uk&H=6XJAFDSABE9H7TDSRPDMTPJNJVYA

Overview

General Information

Sample URL:	https://www.amazon.co.uk/gp/r.html?C=SVULMK1YZBEX&M=urn:rtn:msg:20210405031457899c6af757194d7cb466ffbe44f0p0eu&R=3DUSOE0YLT886&T=C&U=http%3A%2F%2Fwww.amazon.co.uk&H=6XJAFDSABE9H7TDSRPDMTPJNJVYA
Analysis ID:	382629
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 13.32.29.79:443 -> 192.168.2.3:49693 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.32.29.79:443 -> 192.168.2.3:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.65.211:443 -> 192.168.2.3:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.65.211:443 -> 192.168.2.3:49696 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.16:443 -> 192.168.2.3:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.16:443 -> 192.168.2.3:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.48.219.205:443 -> 192.168.2.3:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.48.219.205:443 -> 192.168.2.3:49698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.32.29.79:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.65.211:443 -> 192.168.2.3:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.65.211:443 -> 192.168.2.3:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.3:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.3:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.239.35.28:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.95.123.241:443 -> 192.168.2.3:49721 version: TLS 1.2

Source: 41eF0jJqsmL._RC_71oUy0QR4mL.js,61bGBFWLvlL.js,41W9ohA0e+L.js,11nffi0GnAL.js,21cmvUGs-3L.js,11k47yUMOjL.js,41SZNgvX4oL.js,51pktuVkksL.js,31qkpNdCLUL.js,01KW1GJCT1L.js,31PkUbXQSXL.js_[1].js.3.dr	String found in binary or memory: activate:"onclick",width:530},B=function(){d.hide();A.hide();t.hide()},D={facebook:{server:"//www.facebook.com",template:"/share.php?u\x3d__FULLURL__"},twitter:{server:"https://twitter.com",template:"/intent/tweet?original_referer\x3d__FULLURL__\x26text\x3d__DESCRIPTION__\x26related\x3d__RELATEDACCOUNTS__\x26url\x3d__SHORTURL__\x26via\x3d__VIA__",relatedAccounts:"amazondeals,amazonmp3"},ameba:{server:"https://blog.ameba.jp",template:"/ucs/entry/srventryinsertinput.do?entry_text\x3d__HTMLTAG__"},goo:{server:"https://blog.goo.ne.jp", equals www.facebook.com (Facebook)
Source: 41eF0jJqsmL._RC_71oUy0QR4mL.js,61bGBFWLvlL.js,41W9ohA0e+L.js,11nffi0GnAL.js,21cmvUGs-3L.js,11k47yUMOjL.js,41SZNgvX4oL.js,51pktuVkksL.js,31qkpNdCLUL.js,01KW1GJCT1L.js,31PkUbXQSXL.js_[1].js.3.dr	String found in binary or memory: activate:"onclick",width:530},B=function(){d.hide();A.hide();t.hide()},D={facebook:{server:"//www.facebook.com",template:"/share.php?u\x3d__FULLURL__"},twitter:{server:"https://twitter.com",template:"/intent/tweet?original_referer\x3d__FULLURL__\x26text\x3d__DESCRIPTION__\x26related\x3d__RELATEDACCOUNTS__\x26url\x3d__SHORTURL__\x26via\x3d__VIA__",relatedAccounts:"amazondeals,amazonmp3"},ameba:{server:"https://blog.ameba.jp",template:"/ucs/entry/srventryinsertinput.do?entry_text\x3d__HTMLTAG__"},goo:{server:"https://blog.goo.ne.jp", equals www.twitter.com (Twitter)

Source: unknown

DNS traffic detected: queries for: www.amazon.co.uk

Source: XPEZBV78.js.3.dr	String found in binary or memory: http://jquery.com/
Source: XPEZBV78.js.3.dr	String found in binary or memory: http://jquery.org/license
Source: XPEZBV78.js.3.dr	String found in binary or memory: http://sizzlejs.com/
Source: N4KOD6ZY.htm.3.dr	String found in binary or memory: https://affiliate-program.amazon.co.uk/gp/advertising/api/detail/main.html/ref=rm_c_ac
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://amazoncustomerservice.d2.sc.omtrdc.net/b/ss/acsuk-prod/1/H.25.2--NS/0
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://authorcentral.amazon.co.uk/
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://authorcentral.amazon.co.uk/gp/help?topicID=200649520
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://aws.amazon.com/what-is-cloud-computing/?sc_channel=EL&sc_campaign=UK_amazonfooter
Source: 41eF0jJqsmL._RC_71oUy0QR4mL.js,61bGBFWLvlL.js,41W9ohA0e+L.js,11nffi0GnAL.js,21cmvUGs-3L.js,11k47yUMOjL.js,41SZNgvX4oL.js,51pktuVkksL.js,31qkpNdCLUL.js,01KW1GJCT1L.js,31PkUbXQSXL.js_[1].js.3.dr	String found in binary or memory: https://blog.ameba.jp
Source: 41eF0jJqsmL._RC_71oUy0QR4mL.js,61bGBFWLvlL.js,41W9ohA0e+L.js,11nffi0GnAL.js,21cmvUGs-3L.js,11k47yUMOjL.js,41SZNgvX4oL.js,51pktuVkksL.js,31qkpNdCLUL.js,01KW1GJCT1L.js,31PkUbXQSXL.js_[1].js.3.dr	String found in binary or memory: https://blog.goo.ne.jp
Source: 41eF0jJqsmL._RC_71oUy0QR4mL.js,61bGBFWLvlL.js,41W9ohA0e+L.js,11nffi0GnAL.js,21cmvUGs-3L.js,11k47yUMOjL.js,41SZNgvX4oL.js,51pktuVkksL.js,31qkpNdCLUL.js,01KW1GJCT1L.js,31PkUbXQSXL.js_[1].js.3.dr	String found in binary or memory: https://blog.hatena.ne.jp
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://brandservices.amazon.co.uk/
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://cnpd.public.lu/fr.html
Source: N4KOD6ZY.htm.3.dr	String found in binary or memory: https://developer.amazonservices.co.uk/gp/mws/api.html/276-5247872-0590350?ie=UTF8&section=subscript
Source: N4KOD6ZY.htm.3.dr	String found in binary or memory: https://developer.amazonservices.co.uk/ref=rm_c_sv
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://ec.europa.eu/consumers/odr
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://feedback-form.truste.com/watchdog/request.
Source: N4KOD6ZY.htm.3.dr	String found in binary or memory: https://fls-eu.amaz
Source: N4KOD6ZY.htm.3.dr	String found in binary or memory: https://fls-eu.amazon.co.uk/1/oc-csi/1/OP/requestId=DA1HTJEVC5HAZ0262QFD&js=0
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://ico.org.uk/
Source: N4KOD6ZY.htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/01/csminstrumentation/
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/Recommendations/MissionExperience/BIA/bia-atc-co
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/digital/video/AIV/SWMtest/SWM_400x39_new_style_F
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/gno/sprites/nav-sprite-global-1x-hm-dsk-reorg._C
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/gno/sprites/nav-sprite-global-2x-hm-dsk-reorg._C
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/gno/sprites/timeline_sprite_1x._CB439968193_.png
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/gno/sprites/timeline_sprite_2x._CB443581191_.png
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/javascripts/lib/popover/images/snake._CB48593556
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/omaha/images/yoda/flyout_72dpi._V270092858_.png
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/prime/yourprime/yourprime-widget-piv-fallback._V
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/x-locale/common/transparent-pixel._CB485934990_.
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/x-locale/cs/help/images/gateway/Box_smaller._CB4
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/x-locale/cs/help/images/gateway/Payments_clear-b
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/x-locale/cs/help/images/gateway/Prime_clear-bg._
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/x-locale/cs/help/images/gateway/carrier-qs._CB48
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/x-locale/cs/help/images/gateway/profile-qs._CB48
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/x-locale/cs/help/images/gateway/returns-box-qs._
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/x-locale/cs/help/images/indexcard_note._CB485970
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/x-locale/cs/help/images/indexcard_takeaction._CB
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/014RtUpX9vL.js?AUIClients/CSHelpHMDJS
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/01LUlxh28%2BL.css?AUIClients/CSHelpVideoPlayerCSS
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/11EIQ5IGqaL._RC
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/11VbV%2B%2BKhQL.js?AUIClients/RetailWebsiteOverlayA
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/21O3D37o9-L.js?AUIClients/CSHelpSearchAutocompleteJ
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/31673BXVCbL.css?AUIClients/CSHelpV4CSS
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/31jHCv8SKKL.js?AUIClients/CSHelpVideoPlayerJS
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/419ZIIK4ICL.css?AUIClients/CSHelpCoreCSS
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/41eF0jJqsmL._RC
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/41icwgAxVqL._RC
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/513wjXyQk9L.js?AUIClients/CSHelpOmnitureJS
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/61-6nKPKyWL._RC
Source: N4KOD6ZY.htm.3.dr	String found in binary or memory: https://images-na.ssl-images-amazon.com/captcha/qamfifum/Captcha_rvchlcmdhc.jpg
Source: csm-captcha-instrumentation.min[1].js.3.dr	String found in binary or memory: https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/
Source: N4KOD6ZY.htm.3.dr	String found in binary or memory: https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/AmazonUI-3c913031596ca78a3768f4e934b1
Source: csm-captcha-instrumentation.min[1].js.3.dr	String found in binary or memory: https://images-na.ssl-images-amazon.com/images/G/01/csminstrumentation/ue-base-1c399ad9886cab69575e1
Source: 41eF0jJqsmL._RC_71oUy0QR4mL.js,61bGBFWLvlL.js,41W9ohA0e+L.js,11nffi0GnAL.js,21cmvUGs-3L.js,11k47yUMOjL.js,41SZNgvX4oL.js,51pktuVkksL.js,31qkpNdCLUL.js,01KW1GJCT1L.js,31PkUbXQSXL.js_[1].js.3.dr	String found in binary or memory: https://images-na.ssl-images-amazon.com/images/G/01/poppin/JavaScript/moment-timezone-with-data.min.
Source: 41eF0jJqsmL._RC_71oUy0QR4mL.js,61bGBFWLvlL.js,41W9ohA0e+L.js,11nffi0GnAL.js,21cmvUGs-3L.js,11k47yUMOjL.js,41SZNgvX4oL.js,51pktuVkksL.js,31qkpNdCLUL.js,01KW1GJCT1L.js,31PkUbXQSXL.js_[1].js.3.dr	String found in binary or memory: https://images-na.ssl-images-amazon.com/images/G/01/poppin/JavaScript/moment.min._TTD_.js
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-na.ssl-images-amazon.com/images/I/31OVaxqP8wL.js
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-na.ssl-images-amazon.com/images/I/711Mqp
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://kdp.amazon.com/
Source: 41eF0jJqsmL._RC_71oUy0QR4mL.js,61bGBFWLvlL.js,41W9ohA0e+L.js,11nffi0GnAL.js,21cmvUGs-3L.js,11k47yUMOjL.js,41SZNgvX4oL.js,51pktuVkksL.js,31qkpNdCLUL.js,01KW1GJCT1L.js,31PkUbXQSXL.js_[1].js.3.dr	String found in binary or memory: https://livedoor.blogcms.jp
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://m.media-amazon.com/images/G/01/csm/showads.v2.js?adtag=csm
Source: 41eF0jJqsmL._RC_71oUy0QR4mL.js,61bGBFWLvlL.js,41W9ohA0e+L.js,11nffi0GnAL.js,21cmvUGs-3L.js,11k47yUMOjL.js,41SZNgvX4oL.js,51pktuVkksL.js,31qkpNdCLUL.js,01KW1GJCT1L.js,31PkUbXQSXL.js_[1].js.3.dr	String found in binary or memory: https://m.media-amazon.com/images/G/01/shopbylook/shoppable-images/next_tab_control._CB416468320_.sv
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/$sHbyC9RXGbeM5j.gif)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/2SazJx$EeTHfhMN.woff2)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/333EUydyi8ioCvL.gif)
Source: 41icwgAxVqL._RC_71nLq0lOl6L.css,21-QxUt197L.css,31fpQAEX7EL.css,21MKjoYL8wL.css,41OiMQkB+EL.css,01yCq3WXEcL.css,11kO7yAgiQL.css,31OvHRW+XiL.css,01XHMOHpK1L.css,01ucgi+I44L.css,31IrUp[1].css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/5uJUWEszo9hoRiT.png);background-size:contain
Source: 41icwgAxVqL._RC_71nLq0lOl6L.css,21-QxUt197L.css,31fpQAEX7EL.css,21MKjoYL8wL.css,41OiMQkB+EL.css,01yCq3WXEcL.css,11kO7yAgiQL.css,31OvHRW+XiL.css,01XHMOHpK1L.css,01ucgi+I44L.css,31IrUp[1].css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/7Nf$80pr8M8iP8U.png)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/7O72$1VoupinvhC.png)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/CjbL$jCCegyfqZ7.woff)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/Dv1WQ5DdeMS5qP7.woff2)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/ERY32s26gzTIrBH.png)
Source: 41icwgAxVqL._RC_71nLq0lOl6L.css,21-QxUt197L.css,31fpQAEX7EL.css,21MKjoYL8wL.css,41OiMQkB+EL.css,01yCq3WXEcL.css,11kO7yAgiQL.css,31OvHRW+XiL.css,01XHMOHpK1L.css,01ucgi+I44L.css,31IrUp[1].css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/GfikJ0xvVSRQIzY.png)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/JJsp0ZvgpfwzJM6.woff)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/KFPk-9IF4FqAqY-.woff2)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/KwhNPG8Jz-Vz2X7.woff2)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/McBZv0ZvnbehkIx.png);background-repeat:no-repeat;background
Source: 41icwgAxVqL._RC_71nLq0lOl6L.css,21-QxUt197L.css,31fpQAEX7EL.css,21MKjoYL8wL.css,41OiMQkB+EL.css,01yCq3WXEcL.css,11kO7yAgiQL.css,31OvHRW+XiL.css,01XHMOHpK1L.css,01ucgi+I44L.css,31IrUp[1].css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/MzBlK1UBudXJetO.png)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/VjTR4RqBzY0mUYx.woff2)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/WOnTLzkiaEccV7F.woff2)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/XIvhNCZAsrT80Wz.woff)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/YAEPfuhs1l-argd.woff)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/e0LnMbFWJC-TMQz.woff)
Source: 41icwgAxVqL._RC_71nLq0lOl6L.css,21-QxUt197L.css,31fpQAEX7EL.css,21MKjoYL8wL.css,41OiMQkB+EL.css,01yCq3WXEcL.css,11kO7yAgiQL.css,31OvHRW+XiL.css,01XHMOHpK1L.css,01ucgi+I44L.css,31IrUp[1].css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/hmVNTQDah1G18pL.png)
Source: 41icwgAxVqL._RC_71nLq0lOl6L.css,21-QxUt197L.css,31fpQAEX7EL.css,21MKjoYL8wL.css,41OiMQkB+EL.css,01yCq3WXEcL.css,11kO7yAgiQL.css,31OvHRW+XiL.css,01XHMOHpK1L.css,01ucgi+I44L.css,31IrUp[1].css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/jkRuHu16eujI0WC.png)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/kfKKBuoqcD$AUKL.woff)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/mzVbGSgvdBfRLX9.woff)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/o0-5CNwwMa9asQf.gif)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/ozb5-CLHQWI6Soc.woff2)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/pDxWAF1pBB0dzGB.woff2)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/rggOAUTytY$L7q6.png)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/twzZHebXjCHBb6v.woff)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/ydDD9hnRfziI$y7.png)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/yjhdAZvUlA6DD-t.gif)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/zr3RbTDdfR367Va.gif)
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://music.amazon.co.uk?ref=dm_aff_amz_couk
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://sellercentral.amazon.co.uk/gp/homepage.html?ld=AZUKSOAFooter
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://services.amazon.co.uk/standards/privacy-notice.html
Source: 41eF0jJqsmL._RC_71oUy0QR4mL.js,61bGBFWLvlL.js,41W9ohA0e+L.js,11nffi0GnAL.js,21cmvUGs-3L.js,11k47yUMOjL.js,41SZNgvX4oL.js,51pktuVkksL.js,31qkpNdCLUL.js,01KW1GJCT1L.js,31PkUbXQSXL.js_[1].js.3.dr	String found in binary or memory: https://twitter.com
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://unagi-eu.amazon.com/1/events/com.amazon.csm.nexusclient.prod
Source: 31OVaxqP8wL[1].js.3.dr	String found in binary or memory: https://unagi-na.amazon.com/1/events/com.amazon.csm.nexusclient.gamma
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://unagi.amazon.co.uk/1/events/com.amazon.csm.csa.prod
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.abebooks.co.uk/
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.acx.com/
Source: {6CF3118B-9706-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://www.amazon.co.
Source: ~DF25992C2CCCB19408.TMP.2.dr	String found in binary or memory: https://www.amazon.co.uk/?ref_=pe_undef
Source: {6CF3118B-9706-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://www.amazon.co.uk/?ref_=pe_undefRoot
Source: ~DF25992C2CCCB19408.TMP.2.dr, {6CF3118B-9706-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://www.amazon.co.uk/?ref_=pe_undefp
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/adprefs
Source: ref=footer_cou[1].htm.3.dr, ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/ap/register?openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.a
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/ap/signin?openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.ama
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/b/?node=14856936031
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/cancellationform
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/contactus
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/cookieprefs/partners
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/cookieprefs?ref_=cookies_notice_cpp
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/cpe/managepaymentmethods?ref_=ya_d_c_pmt_mpo
Source: imagestore.dat.3.dr	String found in binary or memory: https://www.amazon.co.uk/favicon.ico
Source: imagestore.dat.3.dr	String found in binary or memory: https://www.amazon.co.uk/favicon.ico~
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/BIT/InternetBasedAds
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/advertising/oo
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/cart/view.html?ref_=nav_cart
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/css/order-history
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/gss/ccp
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/contact-us/general-questions.html
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html/?nodeId=201890250
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html/?nodeId=202025250
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html/?nodeId=GA7E98TJFEJLYSFR
Source: ~DF25992C2CCCB19408.TMP.2.dr, N4KOD6ZY.htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html/ref=footer_cou?ie=UTF8&nodeId=1040616
Source: ~DF25992C2CCCB19408.TMP.2.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html/ref=footer_cou?ie=UTF8&nodeId=1040616HAmazon.
Source: ~DF25992C2CCCB19408.TMP.2.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html/ref=footer_cou?ie=UTF8&nodeId=1040616p
Source: ~DF25992C2CCCB19408.TMP.2.dr, N4KOD6ZY.htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=502584
Source: ~DF25992C2CCCB19408.TMP.2.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=502584s://w
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=200127470
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=201909000
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=201929730
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=201929740
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=201929880
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=201945460
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=502480
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=508510
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=GLSBYFE9MGKKQXXM
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=GQFYXZHZB2H629WN
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=GR2TDVTNRVM2PY2M
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=GYT8SUSD2E9EWE8Q
Source: {6CF3118B-9706-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.htmlp
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/reports/infringement
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/privacycentral/dsar/preview.html
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/yourstore/home
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/yourstore/iyr/
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/yourstore/pym/cc/
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/returns
Source: ref=footer_cou[1].htm.3.dr, ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/youraccount
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.audible.co.uk/
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.bookdepository.com/
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.commerce.gov/tags/eu-us-privacy-shield
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.dpreview.com
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.goodreads.com/
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.imdb.com/
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.shopbop.com/uk/welcome
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.wholefoodsmarket.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: unknown	HTTPS traffic detected: 13.32.29.79:443 -> 192.168.2.3:49693 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.32.29.79:443 -> 192.168.2.3:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.65.211:443 -> 192.168.2.3:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.65.211:443 -> 192.168.2.3:49696 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.16:443 -> 192.168.2.3:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.16:443 -> 192.168.2.3:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.48.219.205:443 -> 192.168.2.3:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.48.219.205:443 -> 192.168.2.3:49698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.32.29.79:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.65.211:443 -> 192.168.2.3:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.65.211:443 -> 192.168.2.3:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.3:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.3:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.239.35.28:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.95.123.241:443 -> 192.168.2.3:49721 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@3/70@9/7

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFDAE6D940B8658D6D.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:632 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:632 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Windows\SysWOW64\Macromed\Flash\ss.cfg

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior

Click here to start
Slideshow Behavior Animation

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
65.9.65.211	c.media-amazon.com	United States	16509	AMAZON-02US	false
35.181.18.61	amazoncustomerservice.d2.sc.omtrdc.net	United States	16509	AMAZON-02US	false
13.32.29.79	dmv2chczz9u6u.cloudfront.net	United States	7018	ATT-INTERNET4US	false
52.48.219.205	endpoint.prod.eu-west-1.forester.a2z.com	United States	16509	AMAZON-02US	false
151.101.1.16	media.amazon.map.fastly.net	United States	54113	FASTLYUS	false
54.239.35.28	unagi-eu.amazon.com	United States	16509	AMAZON-02US	false
52.95.123.241	unknown	United States	16509	AMAZON-02US	false

Contacted Domains

Name	IP	Active
unagi-eu.amazon.com	54.239.35.28	true
c.media-amazon.com	65.9.65.211	true
dmv2chczz9u6u.cloudfront.net	13.32.29.79	true
endpoint.prod.eu-west-1.forester.a2z.com	52.48.219.205	true
media.amazon.map.fastly.net	151.101.1.16	true
amazoncustomerservice.d2.sc.omtrdc.net	35.181.18.61	true
images-eu.ssl-images-amazon.com	unknown	unknown
www.amazon.co.uk	unknown	unknown
fls-eu.amazon.co.uk	unknown	unknown
m.media-amazon.com	unknown	unknown
images-na.ssl-images-amazon.com	unknown	unknown
unagi.amazon.co.uk	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.amazon.co.uk/?ref_=pe_undef	false		unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\6YK34Q91\www.amazon.co[1].xml	ASCII text, with very long lines, with no line terminators	23679D8BFAD9F6A2D6B278E1292AC4C2	3AD0CB301FBD2547591481059AC323E50241D3ED	84BC87A17CCD270C4C0DB1243014ED1D69E970BC4E22F5BA934ECBB3FD668DBA
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6CF31189-9706-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	AE8842192C70B7335A046E033218A971	71770B7C7209A01517105C66AC27AD83922E7772	0A80D115371E6A5813C1EE07E8BEBE4F48DD3A532A96E0D95AC6E2B207C6FB83
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6CF3118B-9706-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	22BC6CBA578CB765228A6BC8CBB16AAE	AFFA059123B660F7D13FD012F598C139C24F32C1	1BD329DD5A6E89C86872BD79AA274C01B435A3FBBF8BDCA9BC691B724B15A81D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6CF3118C-9706-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	9F3E837AB515E37C84194D22333ACE3E	A0DD6075623B68A7E9C0EBE6CB9F188EF87B401C	2B57571DCEB4CD763D337EEBE4457BE1FF9A874442BD20B59C8C285D6EF36A6B
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat	data	DE45BFD63E94875D6E253FB7466DCB91	BAF6F7E9818A50511CF098B57EA21F38F324D574	6788F1C72911E02A0754E943EA7795F33F36607A5AB99595750B717ACEA25C59
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\01LUlxh28+L[1].css	ASCII text, with very long lines, with no line terminators	7E95A68D47313C854268E09EC0DFBACF	36E4008D36BA51BE3243A68559858A57FECD9807	F4E5FE3AB3AD0482177246000A1D778858EB9FDB5288004EE57879E112AB4D96
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\11VbV++KhQL[1].js	ASCII text, with very long lines	A88F1C7A707168885CB867C2680D6E58	EB01E69FF81178D9781AD2CE05A2D5B61BC754C7	0521EF7B59C6B53E1D41DA547001E98E3C478294CFE61404D87A0027F055CF80
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\31673BXVCbL[1].css	ASCII text, with very long lines, with no line terminators	3BDF3B88EBFE748D68743E8D5EBAC3C4	CE79B0FF8D083193D8F514CBD81B39B51B6FD80C	5F267CB357CB88A3EC3929669771803953C4B21B82537FD5A165CCE9B1BCE3F2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\419ZIIK4ICL[1].css	ASCII text, with very long lines, with no line terminators	D635DF1E8198A33FB8C24052034AAEF7	59B73E247333F97D07DBA26B0F0F8F6DCE9A6FD0	13FAD91C7A6586789EEF172E67930847FE152742CBD10FB64196EC077A49008E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\41eF0jJqsmL._RC_71oUy0QR4mL.js,61bGBFWLvlL.js,41W9ohA0e+L.js,11nffi0GnAL.js,21cmvUGs-3L.js,11k47yUMOjL.js,41SZNgvX4oL.js,51pktuVkksL.js,31qkpNdCLUL.js,01KW1GJCT1L.js,31PkUbXQSXL.js_[1].js	ASCII text, with very long lines	AEF119D6D66B4F99C423EE2395BD07B2	A7D639C15CDACD72EE2C2C16807AB21DBDCE55D7	5729884D36B05641926F0977D95954BE5999C5D8103FBA6932F27FCB920FA27E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\513wjXyQk9L[1].js	ASCII text, with very long lines	930C008BC81D2EA3A948E6CB5FEF2B65	D02B33C53922BE4A72BF50B5989755487763E611	9B0F63A9FEDAD94FC838EBD8386811459E00C46A4C101763C91BCB66929ECEE9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AmazonUI-3c913031596ca78a3768f4e934b1cc02ce238101.secure.min._V1_[1].css	ASCII text, with very long lines, with no line terminators	7129F677DA939F3180941A6ED120101E	3C913031596CA78A3768F4E934B1CC02CE238101	5AB7636E9F2E3AD10ACC3D81E7EF8BF615504699D42034C041FF9E7C93F178BB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Captcha_rvchlcmdhc[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x70, frames 1	89D4191B433170AA372B8C8F423DC986	99A64163916F1A3B02F3A7E80ED9940F68B547EC	34CBC273DEBD58A8A43AF86776DDE52B191BB5CD044C02EAB62E1431AEA02A53
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\JJsp0ZvgpfwzJM6[1].woff	Web Open Font Format, TrueType, length 23172, version 1.0	415E79F37942B6DF44AD45AB3AF3726C	A4DC98D644FF2AEDD41DA3DA462F09FFCE86EAFB	BC36E18F0E115DA0205DA8C92ED4B5D91E1CC575A01E2FA17C030E09BDA6B261
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\QSO2N5XZ.gif	GIF image data, version 89a, 1 x 1	E68CC604CAB69BF03B8CD228D940F5EF	15C0C62C4C7C917B5DD82A8E1E439211A44B9E98	A3A64AEA2E96EC58A163DDB8D4CF86CF236178ED2D225B8F44154BC1B010DDCE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\RUES6GL3.gif	GIF image data, version 89a, 1 x 1	E68CC604CAB69BF03B8CD228D940F5EF	15C0C62C4C7C917B5DD82A8E1E439211A44B9E98	A3A64AEA2E96EC58A163DDB8D4CF86CF236178ED2D225B8F44154BC1B010DDCE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\XIvhNCZAsrT80Wz[1].woff	Web Open Font Format, TrueType, length 28332, version 1.0	A12EA93C28EB24AA77FFD68C9C8C7B30	2551CE00517ED855CC711C8D9C5525B0E11603C4	C591C51BF63FD9027112632AE7C25162D96E70758A056BFE833166AE19096F3D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\XPEZBV78.js	UTF-8 Unicode text, with very long lines	8914AD7661F34008052C80EEBF14E031	9DEA98192A95DDB6C7FEC52A34C8123B7C5CDAA9	B66D17B72CAA1A891B7EF6225E53DFE2E4F61DA2243A3781392B6635FDF60C32
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\favicon[1].ico	MS Windows icon resource - 4 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel	CA6619B86C2F6E6068B69BA3AADDB7E4	C44A1BB9D14385334EB851FBB0AFB19D961C1EE7	17D02E2DB6DBEDB95DD449D06868C147AC2C3B5371497BCB9407E75336A99E09
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\kfKKBuoqcD$AUKL[1].woff	Web Open Font Format, TrueType, length 22148, version 1.0	7B2F22B8B9A475B0D3554E8FFE48FAFE	8A9DB402D8966AE93717C348B9AB0BD08703A7A7	781A806FE93972194DA13561A137E0D322A46074FDA7DD7CD39856E26451AB9E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\uedata[1].htm	HTML document, ASCII text	6AAEF67381946BFC1DDACCA8CF7F6C36	E441BBA8B691AD0FFF0BCCB75974880018AB41D6	73F8AE8C11DAA6AD905107970E55C3C64CD7133561E9E91E650AAB092BA7245E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\uedata[2].htm	HTML document, ASCII text	6AAEF67381946BFC1DDACCA8CF7F6C36	E441BBA8B691AD0FFF0BCCB75974880018AB41D6	73F8AE8C11DAA6AD905107970E55C3C64CD7133561E9E91E650AAB092BA7245E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\0A9WEHWF.gif	GIF image data, version 89a, 1 x 1	E68CC604CAB69BF03B8CD228D940F5EF	15C0C62C4C7C917B5DD82A8E1E439211A44B9E98	A3A64AEA2E96EC58A163DDB8D4CF86CF236178ED2D225B8F44154BC1B010DDCE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\A1F83G8C2ARO7P_261-7424729-3350424_P74H7PHCDGKTFQQ00YDH$uedata=s__rd_uedata_staticb&id=P74H7PHCDGKTFQQ00YDH&pty=CheckoutPrefetchSPP&spty=prefetch-assets&pti=_1000[1].gif	GIF image data, version 89a, 1 x 1	E68CC604CAB69BF03B8CD228D940F5EF	15C0C62C4C7C917B5DD82A8E1E439211A44B9E98	A3A64AEA2E96EC58A163DDB8D4CF86CF236178ED2D225B8F44154BC1B010DDCE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\A1F83G8C2ARO7P_261-7424729-3350424_S3VG81RBVW2KFY9MNGYZ$uedata=s__rd_uedata_ld&v=0.215850[1].gif	GIF image data, version 89a, 1 x 1	E68CC604CAB69BF03B8CD228D940F5EF	15C0C62C4C7C917B5DD82A8E1E439211A44B9E98	A3A64AEA2E96EC58A163DDB8D4CF86CF236178ED2D225B8F44154BC1B010DDCE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\Box_smaller._CB485927878_[1].png	PNG image data, 165 x 165, 8-bit/color RGBA, non-interlaced	40137C5610C35343929CC86C507970A0	679C34927D5F323EECFCFA87840835A66EF4E14E	46DDA339419DB16E5717DC8DF6E11CDCD026ACB50C617402C7D76A4C3E4375CE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\HCA8EHQB.gif	GIF image data, version 89a, 1 x 1	E68CC604CAB69BF03B8CD228D940F5EF	15C0C62C4C7C917B5DD82A8E1E439211A44B9E98	A3A64AEA2E96EC58A163DDB8D4CF86CF236178ED2D225B8F44154BC1B010DDCE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\McBZv0ZvnbehkIx[1].png	PNG image data, 400 x 900, 8-bit colormap, non-interlaced	52B8D386D2B1D407C71A4AE966B61ADD	B962650FFFC15637F0D9F57C332702459F084B7B	D47C1E50DB91BB597B75EDC63362CD0C568E4F5F15A3F8BE1B6ADFF24E89E447
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\N4KOD6ZY.htm	HTML document, ASCII text	B6D56D6D0312000B4D2810A3DA845A9C	5E25D4522083078698E96D72F0E14BCB9BF21151	A8D7E8C9C56C391E5EB3A279CFA81B9F04862741168D578EE03CD889F1A79878
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\SWM_400x39_new_style_FT_2._CB485923222_[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x39, frames 3	396EA447C59AD7268C1179CC0B20BBF6	CBC108BEDFAACC31747743E684CE1DFD74E78686	C41DDE24C41FE058CCF367B6F23C0F598233EBC7648EA06BC81052AFEDE2C0FA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\e0LnMbFWJC-TMQz[1].woff	Web Open Font Format, TrueType, length 36172, version 1.19661	EBDFB7C355DF2F45D1CAA71B473861E9	EA968A84D1487DF3BBF00E11A5637FFB61C750B6	C1B7455DC1B77B7993F051924D3AF9F3E6127A7DC302C753046805C06FCD45DF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ref=footer_privacy[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators	F615310EFC4BDACAE9E2100B78235921	A6B593A286AEEBE8A4A4532BA828D945C69AD7C0	0E6CE593B55CD1D8514A5915549C9024A815AE946E740940C2C342B1A696EC4D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\requestId=DA1HTJEVC5HAZ0262QFD&js=1[1].gif	GIF image data, version 89a, 1 x 1	E68CC604CAB69BF03B8CD228D940F5EF	15C0C62C4C7C917B5DD82A8E1E439211A44B9E98	A3A64AEA2E96EC58A163DDB8D4CF86CF236178ED2D225B8F44154BC1B010DDCE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\returns-box-qs._CB485927040_[1].png	PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced	6B6645336AF76905A622089123524247	D742B66F5D9AB5FB1FB997B6CDE3F5FF83A1E72D	851AD86A12A981923B476289D576F9ED5FB26FAA425D74F0B7BD985F2B63832E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\rzrQQdi0aRm6Dap[1].png	PNG image data, 142 x 295, 8-bit/color RGBA, non-interlaced	9D769C532DABAB3574A99348C8D1DDE7	FC757A1A5923A370F318DE7B8B64988234A81DEE	2589A7BFAF12DE9699977CAC47492FAEFB6768877A4E504BFA858A2E800F37D9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\transparent-pixel._CB485934990_[1].gif	GIF image data, version 89a, 1 x 1	6851DBF491AE442DA3314F19E8AFF085	ECFEC27263608C4AE7CD4F8E0CEBB1B061DF2AC3	C21E2C1246FE45A6750AE6208DB2B5965FF6ED63EB80D2ECEC3BE9C83813428E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\twzZHebXjCHBb6v[1].woff	Web Open Font Format, TrueType, length 38200, version 1.19661	F2590CDE41E7EDABB2CDB9290656F4A6	D5E6CA0951B0865EF10A3436956C92D441C4A9F7	FFF8D72AA6E61A4D7004B015E9827E3B68898166BC4E463CF37BD1E6BFCA4032
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ue-base-1c399ad9886cab69575e1e5ee15c61a1._V313498596_[1].js	ASCII text, with very long lines, with no line terminators	1C399AD9886CAB69575E1E5EE15C61A1	5B4A4FAE777B5A20A6751361F0C64B9D590E37BA	A538A2B295512C2A3B74F63E74047DB79140733DA941FB0FCA2B95A1DFDADA37
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\014RtUpX9vL[1].js	ASCII text, with very long lines	F0A951CE95A851E27421AFC467700A6E	492B8D0B3CE37A4729DA0EE585482C1105B2014B	51C411D6373FC9730B573342CA0D0351A0F97EFDBC2C026E2A8920E4A3C49FE0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\31OVaxqP8wL[1].js	ASCII text, with very long lines	3EA2E10AE37A4CDC10E5BA5000CBD546	FA1F30127DD283920DEEBE2C7C1F7C98DCC38DCD	4F1B53DAED4154B238FC47FD2D0214A537DE97ACB06236FAA8D1DB0998C30BF4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\A1F83G8C2ARO7P_261-7424729-3350424_P74H7PHCDGKTFQQ00YDH$uedata=s__rd_uedata_at&v=0.215850[1].gif	GIF image data, version 89a, 1 x 1	E68CC604CAB69BF03B8CD228D940F5EF	15C0C62C4C7C917B5DD82A8E1E439211A44B9E98	A3A64AEA2E96EC58A163DDB8D4CF86CF236178ED2D225B8F44154BC1B010DDCE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\A1F83G8C2ARO7P_261-7424729-3350424_P74H7PHCDGKTFQQ00YDH$uedata=s__rd_uedata_ld&v=0.215850[1].gif	GIF image data, version 89a, 1 x 1	E68CC604CAB69BF03B8CD228D940F5EF	15C0C62C4C7C917B5DD82A8E1E439211A44B9E98	A3A64AEA2E96EC58A163DDB8D4CF86CF236178ED2D225B8F44154BC1B010DDCE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\CjbL$jCCegyfqZ7[1].woff	Web Open Font Format, TrueType, length 23248, version 1.0	9ACA3D0EB31E9B0AF2E1E8FFE3BEC512	57598CE426A612BE5A1D15EEE08252668FCA5E7A	D9D024705DEC67AC8CA1E0A1BF18C1C2D535F5F0A88013BCC82CA65CE314F04D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ClientSideMetricsAUIJavascript-51171fbdd28e1a7a61e922e8f0272af8bc74d37b.secure.variant-desktop-session-snapshot-keypress.min._V2_[1].js	ASCII text, with very long lines, with overstriking	64EE8D01BBFE60D6EFF43818778FB34E	51171FBDD28E1A7A61E922E8F0272AF8BC74D37B	877C2C2A2DA0A1A6C0AD0D7AC8071046A1D726E5AB9C63509E3786B8C8EC5042
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Prime_clear-bg._CB485941292_[1].png	PNG image data, 160 x 160, 8-bit colormap, non-interlaced	60388A40BA6220AD373F729850B1B5D1	9F4F733FC3C993505F90515AB1FCC9E3850D915B	818D49465584F67146BC94CE762F79A861687272D8C49A9C45A47374B83D57E8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\R5NPXOQT.css	ASCII text, with very long lines	F870C1F176FB2D93E01BF6B31499BE4A	276FE0B15B1C2896420D8568DFDF3F009C5E31E9	941C0322B40D51761B7035195E3D9E87AC4D3872C2404655A47F6C5DDFAE4706
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\YAEPfuhs1l-argd[1].woff	Web Open Font Format, TrueType, length 30576, version 1.0	C6B878AF4917C6DAB21447E2A3B54CF6	57E59CCB671BF682A29541FC903458DC57DBFB8D	9DBEE4966DACE6A1E9BBBE9B8606D5F55228D537973DF6CDC4DF8B1EF4C08929
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\aui_sprite_0007-1x._V383827579_[1].png	PNG image data, 400 x 600, 8-bit colormap, non-interlaced	7D7A0CFB8EC9EB548C63BFD8F743181C	76CAB36D1597E40654951DEC1BE50C289252CAAA	49FF798368F6E4367D03A44AF687D47609CA4608D02B1A099281F88C910CF1AA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\carrier-qs._CB485931915_[1].png	PNG image data, 47 x 47, 8-bit/color RGBA, non-interlaced	165C2E5A477F4F3C9BC67923E636C8EA	9D66102C5394649886FC98A9ADE4EE30803382B2	2120DEB975F1BF6B7B4B75A6DC83DADCCB625B80306450494A95B6A600D9ACCD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\mzVbGSgvdBfRLX9[1].woff	Web Open Font Format, TrueType, length 22052, version 1.0	8C6530B0C8E9BEB57AC1D1C13E4764B2	B605252F87B8B3DF5AE206596DAC0938FC5888BC	ECBA162E505E2077F6FF1B88B7E9DB977CBC22F58FAF794FEB44411039F2CBD6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ref=footer_cou[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators	2DC06EE940D96BBCE1168F1313A3D52F	FA2B7E552B3A6A8A667332F89CF8E9D76C914BFF	E639DAF6EECDF7AC9483E9E190F32F5B59592B8A978B4E34A1AB515EA5180162
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\showads.v2[1].js	ASCII text	C7D3355DDAC8D35912F6CB56C4BE6ECA	4ECB85CA8A4B633FE7DB11B2B7591AF83A89D406	88EA58255D4CD82340F7ACAABE0E6A99F195A4DC2CA6EF56EC503D03B331BEE5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\21O3D37o9-L[1].js	ASCII text, with very long lines	289F78101DE5582B19E6B16AE483A6FD	5AFCE3957583693BD34C1B3F0D73E316434CC5B6	9CE71C5A0A061B634E84AC1881851EEB22ED3D040351FD9CEFBC9297C754DBEE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\31jHCv8SKKL[1].js	ASCII text, with very long lines	26E09373A25638F4E687003FE4EAE70A	63D6BF9E8ECBE1136CD009D47F1A5C4ABB264CB3	E5AACA1653272D1C7EE3941079D97B95800661B1B8A759C2BF07112EFB2CA5AD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\41icwgAxVqL._RC_71nLq0lOl6L.css,21-QxUt197L.css,31fpQAEX7EL.css,21MKjoYL8wL.css,41OiMQkB+EL.css,01yCq3WXEcL.css,11kO7yAgiQL.css,31OvHRW+XiL.css,01XHMOHpK1L.css,01ucgi+I44L.css,31IrUp[1].css	ASCII text, with very long lines	69BD97FA3ED3FA1490922FE7426F8306	60F7B7CD9756F0BF3E8FE28D88DBEC4966000034	EF6F599A7064AE442FC1C74607DD2AF24D4DEB65CCE2E2FF3E44C04716CFFF93
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\711Mqp+FniL[1].js	ASCII text, with very long lines	4ADB34687AC0B36598C779F0D8292BD4	D9C5F1F3522152C0F986E4DAAEFC85C99CC695F4	4B9B3EE838747D3F9F536B70F43BAF56532126B0CC24A108EB79B76BD760F1D1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\IUXNFJDU.gif	GIF image data, version 89a, 1 x 1	E68CC604CAB69BF03B8CD228D940F5EF	15C0C62C4C7C917B5DD82A8E1E439211A44B9E98	A3A64AEA2E96EC58A163DDB8D4CF86CF236178ED2D225B8F44154BC1B010DDCE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\MU70L8L8.gif	GIF image data, version 89a, 1 x 1	E68CC604CAB69BF03B8CD228D940F5EF	15C0C62C4C7C917B5DD82A8E1E439211A44B9E98	A3A64AEA2E96EC58A163DDB8D4CF86CF236178ED2D225B8F44154BC1B010DDCE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Payments_clear-bg._CB485948300_[1].png	PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced	ED4F7E6E556C525CCCD837885DA1455F	C8C03E19B25F0BC0E4904C373975A22EDAB3D178	FDC4FAB9ECA3B95B6182C61E0F9276D8DE9F4DECBEA307E1E85EC5BA0CAABF76
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\S7VFDFCB.gif	GIF image data, version 89a, 1 x 1	E68CC604CAB69BF03B8CD228D940F5EF	15C0C62C4C7C917B5DD82A8E1E439211A44B9E98	A3A64AEA2E96EC58A163DDB8D4CF86CF236178ED2D225B8F44154BC1B010DDCE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\csm-captcha-instrumentation.min[1].js	ASCII text, with very long lines	C2EC838FE27F97D3FD0074CE8BCAF9C3	87FEACF794F2465E34A198F1243CFEFDC428BC58	35CF72B3F65845C32617EB726119BBDD969738B7D62BB760C4381E82CE37AC4A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\nav-sprite-global-1x-hm-dsk-reorg._CB405938116_[1].png	PNG image data, 350 x 450, 8-bit colormap, non-interlaced	63349A7C82C19B297D13B635947E36D2	A627E636E05FFF23B423DB10F52813F8257DD61C	D290BAD14B077AF43C094F8F42A92186F8BB08FAD041FAE1C550FF5BB72CD12B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\profile-qs._CB485932978_[1].png	PNG image data, 47 x 47, 8-bit/color RGBA, non-interlaced	071D85E2AC696D344A24445352BACC9F	95FB2580C03793677A3266639E25D436B5CCAAF6	69205A0F13AEE19E97B58327984FD480C82155692752CAD9DC7116E0FB6D7D3D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\rd-script-6d68177fa6061598e9509dc4b5bdd08d[1].js	ASCII text, with very long lines, with no line terminators	6D68177FA6061598E9509DC4B5BDD08D	3BE11C9CF7D3FD0EC940798C3AF6718E7DB15E79	0A7E3153F44D0E51C73DAD9FA3034A14446BEDBAFC38E477915382DD02269123
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\snake._CB485935565_[1].gif	GIF image data, version 89a, 16 x 16	B6865A5842DAE8A773056B0335F901E1	BE3EF410749C7817F5469E7B57AEC884446A801F	67BCC900DBA12D5DF3E836531821A46C55E5C4FB0DB1D1B99A8B7880918B6896
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\uedata[1].htm	HTML document, ASCII text	6AAEF67381946BFC1DDACCA8CF7F6C36	E441BBA8B691AD0FFF0BCCB75974880018AB41D6	73F8AE8C11DAA6AD905107970E55C3C64CD7133561E9E91E650AAB092BA7245E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\uedata[2].htm	HTML document, ASCII text	6AAEF67381946BFC1DDACCA8CF7F6C36	E441BBA8B691AD0FFF0BCCB75974880018AB41D6	73F8AE8C11DAA6AD905107970E55C3C64CD7133561E9E91E650AAB092BA7245E
C:\Users\user\AppData\Local\Temp\~DF25992C2CCCB19408.TMP	data	C4506C4F1D0FC8335D699CBA413F98A3	3ED553710FDDDF524C0D1D76FECCBB2D1F697E6A	50E333CCC5316CBFAE1E4ABEF2FDF28C94C314A5CA14D53BF9FA8A13139D2390
C:\Users\user\AppData\Local\Temp\~DFD3D06EDB672DB2E3.TMP	data	5B0D6A2AF542FAE6047185DAAC65BEC3	C9FA8F032CE7D3546B8710AFCBD55B221652D45C	4346A5F27BE465B524636BAE73021F1C395F342FC11AA3F810EF0392EC892323
C:\Users\user\AppData\Local\Temp\~DFDAE6D940B8658D6D.TMP	data	6B4CC5CE9C7892AAD0FFF5581909DC71	CB0947F925BFE1AD6AEB5D1CBB38553440D4CEF5	600034164544F8CC993D66013A1912E73601B5D0B86A0B76FBC5113526478D0E

There are no high impact signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 13.32.29.79:443 -> 192.168.2.3:49693 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.32.29.79:443 -> 192.168.2.3:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.65.211:443 -> 192.168.2.3:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.65.211:443 -> 192.168.2.3:49696 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.16:443 -> 192.168.2.3:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.16:443 -> 192.168.2.3:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.48.219.205:443 -> 192.168.2.3:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.48.219.205:443 -> 192.168.2.3:49698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.32.29.79:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.65.211:443 -> 192.168.2.3:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.65.211:443 -> 192.168.2.3:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.3:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.3:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.239.35.28:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.95.123.241:443 -> 192.168.2.3:49721 version: TLS 1.2

Source: 41eF0jJqsmL._RC_71oUy0QR4mL.js,61bGBFWLvlL.js,41W9ohA0e+L.js,11nffi0GnAL.js,21cmvUGs-3L.js,11k47yUMOjL.js,41SZNgvX4oL.js,51pktuVkksL.js,31qkpNdCLUL.js,01KW1GJCT1L.js,31PkUbXQSXL.js_[1].js.3.dr	String found in binary or memory: activate:"onclick",width:530},B=function(){d.hide();A.hide();t.hide()},D={facebook:{server:"//www.facebook.com",template:"/share.php?u\x3d__FULLURL__"},twitter:{server:"https://twitter.com",template:"/intent/tweet?original_referer\x3d__FULLURL__\x26text\x3d__DESCRIPTION__\x26related\x3d__RELATEDACCOUNTS__\x26url\x3d__SHORTURL__\x26via\x3d__VIA__",relatedAccounts:"amazondeals,amazonmp3"},ameba:{server:"https://blog.ameba.jp",template:"/ucs/entry/srventryinsertinput.do?entry_text\x3d__HTMLTAG__"},goo:{server:"https://blog.goo.ne.jp", equals www.facebook.com (Facebook)
Source: 41eF0jJqsmL._RC_71oUy0QR4mL.js,61bGBFWLvlL.js,41W9ohA0e+L.js,11nffi0GnAL.js,21cmvUGs-3L.js,11k47yUMOjL.js,41SZNgvX4oL.js,51pktuVkksL.js,31qkpNdCLUL.js,01KW1GJCT1L.js,31PkUbXQSXL.js_[1].js.3.dr	String found in binary or memory: activate:"onclick",width:530},B=function(){d.hide();A.hide();t.hide()},D={facebook:{server:"//www.facebook.com",template:"/share.php?u\x3d__FULLURL__"},twitter:{server:"https://twitter.com",template:"/intent/tweet?original_referer\x3d__FULLURL__\x26text\x3d__DESCRIPTION__\x26related\x3d__RELATEDACCOUNTS__\x26url\x3d__SHORTURL__\x26via\x3d__VIA__",relatedAccounts:"amazondeals,amazonmp3"},ameba:{server:"https://blog.ameba.jp",template:"/ucs/entry/srventryinsertinput.do?entry_text\x3d__HTMLTAG__"},goo:{server:"https://blog.goo.ne.jp", equals www.twitter.com (Twitter)

Source: unknown

DNS traffic detected: queries for: www.amazon.co.uk

Source: XPEZBV78.js.3.dr	String found in binary or memory: http://jquery.com/
Source: XPEZBV78.js.3.dr	String found in binary or memory: http://jquery.org/license
Source: XPEZBV78.js.3.dr	String found in binary or memory: http://sizzlejs.com/
Source: N4KOD6ZY.htm.3.dr	String found in binary or memory: https://affiliate-program.amazon.co.uk/gp/advertising/api/detail/main.html/ref=rm_c_ac
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://amazoncustomerservice.d2.sc.omtrdc.net/b/ss/acsuk-prod/1/H.25.2--NS/0
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://authorcentral.amazon.co.uk/
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://authorcentral.amazon.co.uk/gp/help?topicID=200649520
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://aws.amazon.com/what-is-cloud-computing/?sc_channel=EL&sc_campaign=UK_amazonfooter
Source: 41eF0jJqsmL._RC_71oUy0QR4mL.js,61bGBFWLvlL.js,41W9ohA0e+L.js,11nffi0GnAL.js,21cmvUGs-3L.js,11k47yUMOjL.js,41SZNgvX4oL.js,51pktuVkksL.js,31qkpNdCLUL.js,01KW1GJCT1L.js,31PkUbXQSXL.js_[1].js.3.dr	String found in binary or memory: https://blog.ameba.jp
Source: 41eF0jJqsmL._RC_71oUy0QR4mL.js,61bGBFWLvlL.js,41W9ohA0e+L.js,11nffi0GnAL.js,21cmvUGs-3L.js,11k47yUMOjL.js,41SZNgvX4oL.js,51pktuVkksL.js,31qkpNdCLUL.js,01KW1GJCT1L.js,31PkUbXQSXL.js_[1].js.3.dr	String found in binary or memory: https://blog.goo.ne.jp
Source: 41eF0jJqsmL._RC_71oUy0QR4mL.js,61bGBFWLvlL.js,41W9ohA0e+L.js,11nffi0GnAL.js,21cmvUGs-3L.js,11k47yUMOjL.js,41SZNgvX4oL.js,51pktuVkksL.js,31qkpNdCLUL.js,01KW1GJCT1L.js,31PkUbXQSXL.js_[1].js.3.dr	String found in binary or memory: https://blog.hatena.ne.jp
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://brandservices.amazon.co.uk/
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://cnpd.public.lu/fr.html
Source: N4KOD6ZY.htm.3.dr	String found in binary or memory: https://developer.amazonservices.co.uk/gp/mws/api.html/276-5247872-0590350?ie=UTF8&section=subscript
Source: N4KOD6ZY.htm.3.dr	String found in binary or memory: https://developer.amazonservices.co.uk/ref=rm_c_sv
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://ec.europa.eu/consumers/odr
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://feedback-form.truste.com/watchdog/request.
Source: N4KOD6ZY.htm.3.dr	String found in binary or memory: https://fls-eu.amaz
Source: N4KOD6ZY.htm.3.dr	String found in binary or memory: https://fls-eu.amazon.co.uk/1/oc-csi/1/OP/requestId=DA1HTJEVC5HAZ0262QFD&js=0
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://ico.org.uk/
Source: N4KOD6ZY.htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/01/csminstrumentation/
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/Recommendations/MissionExperience/BIA/bia-atc-co
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/digital/video/AIV/SWMtest/SWM_400x39_new_style_F
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/gno/sprites/nav-sprite-global-1x-hm-dsk-reorg._C
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/gno/sprites/nav-sprite-global-2x-hm-dsk-reorg._C
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/gno/sprites/timeline_sprite_1x._CB439968193_.png
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/gno/sprites/timeline_sprite_2x._CB443581191_.png
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/javascripts/lib/popover/images/snake._CB48593556
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/omaha/images/yoda/flyout_72dpi._V270092858_.png
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/prime/yourprime/yourprime-widget-piv-fallback._V
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/x-locale/common/transparent-pixel._CB485934990_.
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/x-locale/cs/help/images/gateway/Box_smaller._CB4
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/x-locale/cs/help/images/gateway/Payments_clear-b
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/x-locale/cs/help/images/gateway/Prime_clear-bg._
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/x-locale/cs/help/images/gateway/carrier-qs._CB48
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/x-locale/cs/help/images/gateway/profile-qs._CB48
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/x-locale/cs/help/images/gateway/returns-box-qs._
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/x-locale/cs/help/images/indexcard_note._CB485970
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/G/02/x-locale/cs/help/images/indexcard_takeaction._CB
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/014RtUpX9vL.js?AUIClients/CSHelpHMDJS
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/01LUlxh28%2BL.css?AUIClients/CSHelpVideoPlayerCSS
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/11EIQ5IGqaL._RC
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/11VbV%2B%2BKhQL.js?AUIClients/RetailWebsiteOverlayA
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/21O3D37o9-L.js?AUIClients/CSHelpSearchAutocompleteJ
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/31673BXVCbL.css?AUIClients/CSHelpV4CSS
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/31jHCv8SKKL.js?AUIClients/CSHelpVideoPlayerJS
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/419ZIIK4ICL.css?AUIClients/CSHelpCoreCSS
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/41eF0jJqsmL._RC
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/41icwgAxVqL._RC
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/513wjXyQk9L.js?AUIClients/CSHelpOmnitureJS
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-eu.ssl-images-amazon.com/images/I/61-6nKPKyWL._RC
Source: N4KOD6ZY.htm.3.dr	String found in binary or memory: https://images-na.ssl-images-amazon.com/captcha/qamfifum/Captcha_rvchlcmdhc.jpg
Source: csm-captcha-instrumentation.min[1].js.3.dr	String found in binary or memory: https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/
Source: N4KOD6ZY.htm.3.dr	String found in binary or memory: https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/AmazonUI-3c913031596ca78a3768f4e934b1
Source: csm-captcha-instrumentation.min[1].js.3.dr	String found in binary or memory: https://images-na.ssl-images-amazon.com/images/G/01/csminstrumentation/ue-base-1c399ad9886cab69575e1
Source: 41eF0jJqsmL._RC_71oUy0QR4mL.js,61bGBFWLvlL.js,41W9ohA0e+L.js,11nffi0GnAL.js,21cmvUGs-3L.js,11k47yUMOjL.js,41SZNgvX4oL.js,51pktuVkksL.js,31qkpNdCLUL.js,01KW1GJCT1L.js,31PkUbXQSXL.js_[1].js.3.dr	String found in binary or memory: https://images-na.ssl-images-amazon.com/images/G/01/poppin/JavaScript/moment-timezone-with-data.min.
Source: 41eF0jJqsmL._RC_71oUy0QR4mL.js,61bGBFWLvlL.js,41W9ohA0e+L.js,11nffi0GnAL.js,21cmvUGs-3L.js,11k47yUMOjL.js,41SZNgvX4oL.js,51pktuVkksL.js,31qkpNdCLUL.js,01KW1GJCT1L.js,31PkUbXQSXL.js_[1].js.3.dr	String found in binary or memory: https://images-na.ssl-images-amazon.com/images/G/01/poppin/JavaScript/moment.min._TTD_.js
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-na.ssl-images-amazon.com/images/I/31OVaxqP8wL.js
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://images-na.ssl-images-amazon.com/images/I/711Mqp
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://kdp.amazon.com/
Source: 41eF0jJqsmL._RC_71oUy0QR4mL.js,61bGBFWLvlL.js,41W9ohA0e+L.js,11nffi0GnAL.js,21cmvUGs-3L.js,11k47yUMOjL.js,41SZNgvX4oL.js,51pktuVkksL.js,31qkpNdCLUL.js,01KW1GJCT1L.js,31PkUbXQSXL.js_[1].js.3.dr	String found in binary or memory: https://livedoor.blogcms.jp
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://m.media-amazon.com/images/G/01/csm/showads.v2.js?adtag=csm
Source: 41eF0jJqsmL._RC_71oUy0QR4mL.js,61bGBFWLvlL.js,41W9ohA0e+L.js,11nffi0GnAL.js,21cmvUGs-3L.js,11k47yUMOjL.js,41SZNgvX4oL.js,51pktuVkksL.js,31qkpNdCLUL.js,01KW1GJCT1L.js,31PkUbXQSXL.js_[1].js.3.dr	String found in binary or memory: https://m.media-amazon.com/images/G/01/shopbylook/shoppable-images/next_tab_control._CB416468320_.sv
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/$sHbyC9RXGbeM5j.gif)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/2SazJx$EeTHfhMN.woff2)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/333EUydyi8ioCvL.gif)
Source: 41icwgAxVqL._RC_71nLq0lOl6L.css,21-QxUt197L.css,31fpQAEX7EL.css,21MKjoYL8wL.css,41OiMQkB+EL.css,01yCq3WXEcL.css,11kO7yAgiQL.css,31OvHRW+XiL.css,01XHMOHpK1L.css,01ucgi+I44L.css,31IrUp[1].css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/5uJUWEszo9hoRiT.png);background-size:contain
Source: 41icwgAxVqL._RC_71nLq0lOl6L.css,21-QxUt197L.css,31fpQAEX7EL.css,21MKjoYL8wL.css,41OiMQkB+EL.css,01yCq3WXEcL.css,11kO7yAgiQL.css,31OvHRW+XiL.css,01XHMOHpK1L.css,01ucgi+I44L.css,31IrUp[1].css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/7Nf$80pr8M8iP8U.png)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/7O72$1VoupinvhC.png)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/CjbL$jCCegyfqZ7.woff)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/Dv1WQ5DdeMS5qP7.woff2)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/ERY32s26gzTIrBH.png)
Source: 41icwgAxVqL._RC_71nLq0lOl6L.css,21-QxUt197L.css,31fpQAEX7EL.css,21MKjoYL8wL.css,41OiMQkB+EL.css,01yCq3WXEcL.css,11kO7yAgiQL.css,31OvHRW+XiL.css,01XHMOHpK1L.css,01ucgi+I44L.css,31IrUp[1].css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/GfikJ0xvVSRQIzY.png)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/JJsp0ZvgpfwzJM6.woff)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/KFPk-9IF4FqAqY-.woff2)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/KwhNPG8Jz-Vz2X7.woff2)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/McBZv0ZvnbehkIx.png);background-repeat:no-repeat;background
Source: 41icwgAxVqL._RC_71nLq0lOl6L.css,21-QxUt197L.css,31fpQAEX7EL.css,21MKjoYL8wL.css,41OiMQkB+EL.css,01yCq3WXEcL.css,11kO7yAgiQL.css,31OvHRW+XiL.css,01XHMOHpK1L.css,01ucgi+I44L.css,31IrUp[1].css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/MzBlK1UBudXJetO.png)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/VjTR4RqBzY0mUYx.woff2)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/WOnTLzkiaEccV7F.woff2)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/XIvhNCZAsrT80Wz.woff)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/YAEPfuhs1l-argd.woff)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/e0LnMbFWJC-TMQz.woff)
Source: 41icwgAxVqL._RC_71nLq0lOl6L.css,21-QxUt197L.css,31fpQAEX7EL.css,21MKjoYL8wL.css,41OiMQkB+EL.css,01yCq3WXEcL.css,11kO7yAgiQL.css,31OvHRW+XiL.css,01XHMOHpK1L.css,01ucgi+I44L.css,31IrUp[1].css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/hmVNTQDah1G18pL.png)
Source: 41icwgAxVqL._RC_71nLq0lOl6L.css,21-QxUt197L.css,31fpQAEX7EL.css,21MKjoYL8wL.css,41OiMQkB+EL.css,01yCq3WXEcL.css,11kO7yAgiQL.css,31OvHRW+XiL.css,01XHMOHpK1L.css,01ucgi+I44L.css,31IrUp[1].css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/jkRuHu16eujI0WC.png)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/kfKKBuoqcD$AUKL.woff)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/mzVbGSgvdBfRLX9.woff)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/o0-5CNwwMa9asQf.gif)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/ozb5-CLHQWI6Soc.woff2)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/pDxWAF1pBB0dzGB.woff2)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/rggOAUTytY$L7q6.png)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/twzZHebXjCHBb6v.woff)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/ydDD9hnRfziI$y7.png)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/yjhdAZvUlA6DD-t.gif)
Source: R5NPXOQT.css.3.dr	String found in binary or memory: https://m.media-amazon.com/images/S/sash/zr3RbTDdfR367Va.gif)
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://music.amazon.co.uk?ref=dm_aff_amz_couk
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://sellercentral.amazon.co.uk/gp/homepage.html?ld=AZUKSOAFooter
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://services.amazon.co.uk/standards/privacy-notice.html
Source: 41eF0jJqsmL._RC_71oUy0QR4mL.js,61bGBFWLvlL.js,41W9ohA0e+L.js,11nffi0GnAL.js,21cmvUGs-3L.js,11k47yUMOjL.js,41SZNgvX4oL.js,51pktuVkksL.js,31qkpNdCLUL.js,01KW1GJCT1L.js,31PkUbXQSXL.js_[1].js.3.dr	String found in binary or memory: https://twitter.com
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://unagi-eu.amazon.com/1/events/com.amazon.csm.nexusclient.prod
Source: 31OVaxqP8wL[1].js.3.dr	String found in binary or memory: https://unagi-na.amazon.com/1/events/com.amazon.csm.nexusclient.gamma
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://unagi.amazon.co.uk/1/events/com.amazon.csm.csa.prod
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.abebooks.co.uk/
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.acx.com/
Source: {6CF3118B-9706-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://www.amazon.co.
Source: ~DF25992C2CCCB19408.TMP.2.dr	String found in binary or memory: https://www.amazon.co.uk/?ref_=pe_undef
Source: {6CF3118B-9706-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://www.amazon.co.uk/?ref_=pe_undefRoot
Source: ~DF25992C2CCCB19408.TMP.2.dr, {6CF3118B-9706-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://www.amazon.co.uk/?ref_=pe_undefp
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/adprefs
Source: ref=footer_cou[1].htm.3.dr, ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/ap/register?openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.a
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/ap/signin?openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.ama
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/b/?node=14856936031
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/cancellationform
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/contactus
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/cookieprefs/partners
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/cookieprefs?ref_=cookies_notice_cpp
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/cpe/managepaymentmethods?ref_=ya_d_c_pmt_mpo
Source: imagestore.dat.3.dr	String found in binary or memory: https://www.amazon.co.uk/favicon.ico
Source: imagestore.dat.3.dr	String found in binary or memory: https://www.amazon.co.uk/favicon.ico~
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/BIT/InternetBasedAds
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/advertising/oo
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/cart/view.html?ref_=nav_cart
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/css/order-history
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/gss/ccp
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/contact-us/general-questions.html
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html/?nodeId=201890250
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html/?nodeId=202025250
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html/?nodeId=GA7E98TJFEJLYSFR
Source: ~DF25992C2CCCB19408.TMP.2.dr, N4KOD6ZY.htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html/ref=footer_cou?ie=UTF8&nodeId=1040616
Source: ~DF25992C2CCCB19408.TMP.2.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html/ref=footer_cou?ie=UTF8&nodeId=1040616HAmazon.
Source: ~DF25992C2CCCB19408.TMP.2.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html/ref=footer_cou?ie=UTF8&nodeId=1040616p
Source: ~DF25992C2CCCB19408.TMP.2.dr, N4KOD6ZY.htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=502584
Source: ~DF25992C2CCCB19408.TMP.2.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=502584s://w
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=200127470
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=201909000
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=201929730
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=201929740
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=201929880
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=201945460
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=502480
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=508510
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=GLSBYFE9MGKKQXXM
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=GQFYXZHZB2H629WN
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=GR2TDVTNRVM2PY2M
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=GYT8SUSD2E9EWE8Q
Source: {6CF3118B-9706-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/customer/display.htmlp
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/help/reports/infringement
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/privacycentral/dsar/preview.html
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/yourstore/home
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/yourstore/iyr/
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/gp/yourstore/pym/cc/
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/returns
Source: ref=footer_cou[1].htm.3.dr, ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.amazon.co.uk/youraccount
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.audible.co.uk/
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.bookdepository.com/
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.commerce.gov/tags/eu-us-privacy-shield
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.dpreview.com
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.goodreads.com/
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.imdb.com/
Source: ref=footer_privacy[1].htm.3.dr	String found in binary or memory: https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.shopbop.com/uk/welcome
Source: ref=footer_cou[1].htm.3.dr	String found in binary or memory: https://www.wholefoodsmarket.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: unknown	HTTPS traffic detected: 13.32.29.79:443 -> 192.168.2.3:49693 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.32.29.79:443 -> 192.168.2.3:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.65.211:443 -> 192.168.2.3:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.65.211:443 -> 192.168.2.3:49696 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.16:443 -> 192.168.2.3:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.16:443 -> 192.168.2.3:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.48.219.205:443 -> 192.168.2.3:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.48.219.205:443 -> 192.168.2.3:49698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.32.29.79:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.65.211:443 -> 192.168.2.3:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.65.211:443 -> 192.168.2.3:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.3:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.3:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.239.35.28:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.95.123.241:443 -> 192.168.2.3:49721 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@3/70@9/7

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFDAE6D940B8658D6D.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:632 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:632 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Windows\SysWOW64\Macromed\Flash\ss.cfg

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

ID:	382629
Product:	CloudBasic
Start time:	11:31:41
Start date:	06.04.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Analysis Report https://www.amazon.co.uk/gp/r.html?C=SVULMK1YZBEX&M=urn:rtn:msg:20210405031457899c6af757194d7cb466ffbe44f0p0eu&R=3DUSOE0YLT886&T=C&U=http%3A%2F%2Fwww.amazon.co.uk&H=6XJAFDSABE9H7TDSRPDMTPJNJVYA

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs