Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
ID: 355697Sample Name: FirefoxInstaller.exeCookbook: default.jbsTime: 01:22:13Date: 21/02/2021Version: 31.0.0 Emerald
2444444444445555666777888
101010101414151616161618192021214142424242424344444445454545
4545
Table of Contents
Table of ContentsAnalysis Report Firefox Installer.exe
OverviewGeneral InformationDetectionSignaturesClassificationAnalysis Advice
StartupMalware ConfigurationYara OverviewSigma OverviewSignature Overview
Compliance:Stealing of Sensitive Information:
Mitre Att&ck MatrixBehavior GraphScreenshots
ThumbnailsAntivirus, Machine Learning and Genetic Malware Detection
Initial SampleDropped FilesUnpacked PE FilesDomainsURLs
Domains and IPsContacted DomainsContacted URLsURLs from Memory and BinariesContacted IPsPublic
General InformationSimulations
Behavior and APIsJoe Sandbox View / Context
IPsDomainsASNJA3 FingerprintsDropped Files
Created / dropped FilesStatic File Info
GeneralFile IconStatic PE Info
GeneralAuthenticode SignatureEntrypoint PreviewRich HeadersData DirectoriesSectionsResourcesImportsVersion InfosPossible Origin
Network BehaviorNetwork Port Distribution
Copyright null 2021 Page 2 of 66
464749495050515252525353535353535355
55555555585864
656565
65656565
656666
6666
TCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTP Request Dependency GraphHTTP PacketsHTTPS Packets
Code ManipulationsStatistics
BehaviorSystem Behavior
Analysis Process: Firefox Installer.exe PID: 5328 Parent PID: 5688GeneralFile Activities
File CreatedFile DeletedFile WrittenFile Read
Analysis Process: setup-stub.exe PID: 2600 Parent PID: 5328GeneralFile Activities
File CreatedFile DeletedFile WrittenFile Read
Registry ActivitiesKey CreatedKey Value Created
Analysis Process: iexplore.exe PID: 6736 Parent PID: 2600GeneralFile ActivitiesRegistry Activities
Analysis Process: iexplore.exe PID: 6788 Parent PID: 6736GeneralFile Activities
DisassemblyCode Analysis
Copyright null 2021 Page 3 of 66
Analysis Report Firefox Installer.exe
Overview
General Information
Sample Name:
Firefox Installer.exe
Analysis ID: 355697
MD5: f0ffd6b22e2e284…
SHA1: c8863c819ae52d…
SHA256: e0e20159839ff7f…
Most interesting Screenshot:
Detection
Score: 22
Range: 0 - 100
Whitelisted: false
Confidence: 60%
Signatures
Tries to harvest and steal browser in
Tries to harvest and steal browser in
Tries to harvest and steal browser in
Tries to harvest and steal browser in
Tries to harvest and steal browser in
Tries to harvest and steal browser in
Tries to harvest and steal browser inTries to harvest and steal browser in……
Allocates memory with a write watch
Allocates memory with a write watch
Allocates memory with a write watch
Allocates memory with a write watch
Allocates memory with a write watch
Allocates memory with a write watch
Allocates memory with a write watchAllocates memory with a write watch……
Antivirus or Machine Learning detec
Antivirus or Machine Learning detec
Antivirus or Machine Learning detec
Antivirus or Machine Learning detec
Antivirus or Machine Learning detec
Antivirus or Machine Learning detec
Antivirus or Machine Learning detecAntivirus or Machine Learning detec……
Contains capabilities to detect virtua
Contains capabilities to detect virtua
Contains capabilities to detect virtua
Contains capabilities to detect virtua
Contains capabilities to detect virtua
Contains capabilities to detect virtua
Contains capabilities to detect virtuaContains capabilities to detect virtua……
Contains functionality for read data f
Contains functionality for read data f
Contains functionality for read data f
Contains functionality for read data f
Contains functionality for read data f
Contains functionality for read data f
Contains functionality for read data fContains functionality for read data f……
Contains functionality to dynamically
Contains functionality to dynamically
Contains functionality to dynamically
Contains functionality to dynamically
Contains functionality to dynamically
Contains functionality to dynamically
Contains functionality to dynamicallyContains functionality to dynamically……
Contains functionality to query CPU
Contains functionality to query CPU
Contains functionality to query CPU
Contains functionality to query CPU
Contains functionality to query CPU
Contains functionality to query CPU
Contains functionality to query CPU Contains functionality to query CPU ……
Contains functionality to shutdown /
Contains functionality to shutdown /
Contains functionality to shutdown /
Contains functionality to shutdown /
Contains functionality to shutdown /
Contains functionality to shutdown /
Contains functionality to shutdown / Contains functionality to shutdown / ……
Creates a process in suspended mo
Creates a process in suspended mo
Creates a process in suspended mo
Creates a process in suspended mo
Creates a process in suspended mo
Creates a process in suspended mo
Creates a process in suspended moCreates a process in suspended mo……
Detected potential crypto function
Detected potential crypto function
Detected potential crypto function
Detected potential crypto function
Detected potential crypto function
Detected potential crypto function
Detected potential crypto functionDetected potential crypto function
Drops PE files
Drops PE files
Drops PE files
Drops PE files
Drops PE files
Drops PE files
Drops PE filesDrops PE files
Found potential string decryption / a
Found potential string decryption / a
Found potential string decryption / a
Found potential string decryption / a
Found potential string decryption / a
Found potential string decryption / a
Found potential string decryption / aFound potential string decryption / a……
IP address seen in connection with o
IP address seen in connection with o
IP address seen in connection with o
IP address seen in connection with o
IP address seen in connection with o
IP address seen in connection with o
IP address seen in connection with oIP address seen in connection with o……
JA3 SSL client fingerprint seen in co
JA3 SSL client fingerprint seen in co
JA3 SSL client fingerprint seen in co
JA3 SSL client fingerprint seen in co
JA3 SSL client fingerprint seen in co
JA3 SSL client fingerprint seen in co
JA3 SSL client fingerprint seen in coJA3 SSL client fingerprint seen in co……
Monitors certain registry keys / valu
Monitors certain registry keys / valu
Monitors certain registry keys / valu
Monitors certain registry keys / valu
Monitors certain registry keys / valu
Monitors certain registry keys / valu
Monitors certain registry keys / valuMonitors certain registry keys / valu……
PE file contains an invalid checksum
PE file contains an invalid checksum
PE file contains an invalid checksum
PE file contains an invalid checksum
PE file contains an invalid checksum
PE file contains an invalid checksum
PE file contains an invalid checksumPE file contains an invalid checksum
PE file contains executable resource
PE file contains executable resource
PE file contains executable resource
PE file contains executable resource
PE file contains executable resource
PE file contains executable resource
PE file contains executable resourcePE file contains executable resource……
PE file contains strange resources
PE file contains strange resources
PE file contains strange resources
PE file contains strange resources
PE file contains strange resources
PE file contains strange resources
PE file contains strange resourcesPE file contains strange resources
Queries the volume information (nam
Queries the volume information (nam
Queries the volume information (nam
Queries the volume information (nam
Queries the volume information (nam
Queries the volume information (nam
Queries the volume information (namQueries the volume information (nam……
Sample file is different than original
Sample file is different than original
Sample file is different than original
Sample file is different than original
Sample file is different than original
Sample file is different than original
Sample file is different than original Sample file is different than original ……
Uses 32bit PE files
Uses 32bit PE files
Uses 32bit PE files
Uses 32bit PE files
Uses 32bit PE files
Uses 32bit PE files
Uses 32bit PE filesUses 32bit PE files
Uses code obfuscation techniques (
Uses code obfuscation techniques (
Uses code obfuscation techniques (
Uses code obfuscation techniques (
Uses code obfuscation techniques (
Uses code obfuscation techniques (
Uses code obfuscation techniques (Uses code obfuscation techniques (……
Classification
Analysis Advice
Sample searches for specific file, try point organization specific fake files to the analysis machine
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Malware Configuration
Yara Overview
Sigma Overview
Ransomware
Spreading
Phishing
Banker
Trojan / Bot
Adware
Spyware
Exploiter
Evader
Miner
clean
clean
clean
clean
clean
clean
clean
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
malicious
malicious
malicious
malicious
malicious
malicious
malicious
System is w10x64
Firefox Installer.exe (PID: 5328 cmdline: 'C:\Users\user\Desktop\Firefox Installer.exe' MD5: F0FFD6B22E2E284850F3933EDE927790)
setup-stub.exe (PID: 2600 cmdline: .\setup-stub.exe MD5: 34D82BBBC56EB436EDF3D77EBA96AD26)
iexplore.exe (PID: 6736 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.mozilla.org/en-GB/firefox/installer-help/?channel=aurora&installer_lang=en-
GB MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)iexplore.exe (PID: 6788 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6736 CREDAT:17410 /prefetch:2 MD5:
071277CC2E3DF41EEEA8013E2AB58D5A)cleanup
No configs have been found
No yara matches
Startup
Copyright null 2021 Page 4 of 66
No Sigma rule has matched
Signature Overview
• AV Detection
• Compliance
• Spreading
• Networking
• Key, Mouse, Clipboard, Microphone and Screen Capturing
• System Summary
• Data Obfuscation
• Persistence and Installation Behavior
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Anti Debugging
• HIPS / PFW / Operating System Protection Evasion
• Language, Device and Operating System Detection
• Stealing of Sensitive Information
Click to jump to signature section
Compliance:
Uses 32bit PE files
Creates a directory in C:\Program Files
PE / OLE file has a valid certificate
Uses new MSVCR Dlls
Uses secure TLS version for HTTPS connections
Stealing of Sensitive Information:
Tries to harvest and steal browser information (history, passwords, etc)
Mitre Att&ck Matrix
InitialAccess Execution Persistence
PrivilegeEscalation Defense Evasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
Commandand Control
NetworkEffects
ValidAccounts
NativeAPI 1
PathInterception
Access TokenManipulation 1
Masquerading 3 OSCredentialDumping 1
Query Registry 1 RemoteServices
ArchiveCollectedData 1
ExfiltrationOver OtherNetworkMedium
EncryptedChannel 1 2
Eavesdrop onInsecureNetworkCommunication
DefaultAccounts
ScheduledTask/Job
Boot orLogonInitializationScripts
ProcessInjection 1 1
Virtualization/SandboxEvasion 2
LSASSMemory
Security SoftwareDiscovery 1 1
RemoteDesktopProtocol
Data fromLocalSystem 1
ExfiltrationOverBluetooth
Ingress ToolTransfer 1
Exploit SS7 toRedirect PhoneCalls/SMS
DomainAccounts
At (Linux) Logon Script(Windows)
Logon Script(Windows)
Disable or ModifyTools 1
SecurityAccountManager
Virtualization/SandboxEvasion 2
SMB/WindowsAdmin Shares
ClipboardData 1
AutomatedExfiltration
Non-ApplicationLayerProtocol 2
Exploit SS7 toTrack DeviceLocation
LocalAccounts
At(Windows)
Logon Script(Mac)
Logon Script(Mac)
Access TokenManipulation 1
NTDS Remote SystemDiscovery 1
DistributedComponentObject Model
InputCapture
ScheduledTransfer
ApplicationLayerProtocol 3
SIM CardSwap
CloudAccounts
Cron NetworkLogon Script
Network LogonScript
ProcessInjection 1 1
LSASecrets
File and DirectoryDiscovery 3
SSH Keylogging DataTransferSize Limits
FallbackChannels
ManipulateDeviceCommunication
ReplicationThroughRemovableMedia
Launchd Rc.common Rc.common Deobfuscate/DecodeFiles or Information 1
CachedDomainCredentials
System InformationDiscovery 2 5
VNC GUI InputCapture
ExfiltrationOver C2Channel
MultibandCommunication
Jamming orDenial ofService
Copyright null 2021 Page 5 of 66
ExternalRemoteServices
ScheduledTask
StartupItems
Startup Items Obfuscated Files orInformation 2 1
DCSync Network Sniffing WindowsRemoteManagement
WebPortalCapture
ExfiltrationOverAlternativeProtocol
CommonlyUsed Port
Rogue Wi-FiAccess Points
Drive-byCompromise
CommandandScriptingInterpreter
ScheduledTask/Job
ScheduledTask/Job
SoftwarePacking 1 1
ProcFilesystem
Network ServiceScanning
SharedWebroot
CredentialAPIHooking
ExfiltrationOverSymmetricEncryptedNon-C2Protocol
ApplicationLayer Protocol
Downgrade toInsecureProtocols
InitialAccess Execution Persistence
PrivilegeEscalation Defense Evasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
Commandand Control
NetworkEffects
Behavior GraphID: 355697
Sample: Firefox Installer.exe
Startdate: 21/02/2021
Architecture: WINDOWS
Score: 22
Firefox Installer.exe
3
started
C:\Users\user\AppData\...\setup-stub.exe, PE32
dropped
setup-stub.exe
3 62
started
download-stats.r53-2.services.mozilla.com
35.155.87.117, 49725, 80
AMAZON-02US
United States
download-stats.mozilla.org
C:\Users\user\AppData\...\WebBrowser.dll, PE32
dropped
C:\Users\user\AppData\Local\...\UserInfo.dll, PE32
dropped
C:\Users\user\AppData\Local\Temp\...\UAC.dll, PE32
dropped
3 other files (none is malicious)
dropped
Tries to harvest andsteal browser information
(history, passwords,etc)
iexplore.exe
2 84
started
iexplore.exe
71
started
dzlgdtxcws9pb.cloudfront.net
13.224.96.162, 443, 49732, 49733
AMAZON-02US
United States
firefox.com
44.236.48.31, 443, 49728, 49729
AMAZON-02US
United States
2 other IPs or domains
Legend:
Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Hide Legend
ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
Behavior Graph
Screenshots
Copyright null 2021 Page 6 of 66
No Antivirus matches
Source Detection Scanner Label Link
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\CityHash.dll 0% Metadefender Browse
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\CityHash.dll 0% ReversingLabs
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\InetBgDL.dll 3% Metadefender Browse
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\InetBgDL.dll 0% ReversingLabs
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\System.dll 3% Metadefender Browse
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\System.dll 2% ReversingLabs
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UAC.dll 0% Metadefender Browse
No bigger version No bigger version
Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Dropped Files
Copyright null 2021 Page 7 of 66
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UAC.dll 0% ReversingLabs
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UserInfo.dll 0% Metadefender Browse
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UserInfo.dll 0% ReversingLabs
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\WebBrowser.dll 3% Metadefender Browse
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\WebBrowser.dll 0% ReversingLabs
Source Detection Scanner Label Link
Source Detection Scanner Label Link Download
0.3.Firefox Installer.exe.2bb0000.1.unpack 100% Avira TR/Patched.Ren.Gen Download File
1.2.setup-stub.exe.428240.3.unpack 100% Avira TR/Patched.Ren.Gen Download File
0.2.Firefox Installer.exe.870000.1.unpack 100% Avira TR/Patched.Ren.Gen Download File
0.3.Firefox Installer.exe.2bdd6e2.2.unpack 100% Avira TR/Patched.Ren.Gen Download File
0.0.Firefox Installer.exe.400000.0.unpack 100% Avira TR/Crypt.XPACK.Gen Download File
0.2.Firefox Installer.exe.400000.0.unpack 100% Avira TR/Crypt.XPACK.Gen Download File
0.3.Firefox Installer.exe.2bdac6a.0.unpack 100% Avira TR/Crypt.XPACK.Gen3 Download File
No Antivirus matches
Source Detection Scanner Label Link
www.mercadolivre.com.br/ 0% URL Reputation safe
www.mercadolivre.com.br/ 0% URL Reputation safe
www.mercadolivre.com.br/ 0% URL Reputation safe
www.mercadolivre.com.br/ 0% URL Reputation safe
www.merlin.com.pl/favicon.ico 0% URL Reputation safe
www.merlin.com.pl/favicon.ico 0% URL Reputation safe
www.merlin.com.pl/favicon.ico 0% URL Reputation safe
www.merlin.com.pl/favicon.ico 0% URL Reputation safe
www.dailymail.co.uk/ 0% URL Reputation safe
www.dailymail.co.uk/ 0% URL Reputation safe
www.dailymail.co.uk/ 0% URL Reputation safe
www.dailymail.co.uk/ 0% URL Reputation safe
image.excite.co.jp/jp/favicon/lep.ico 0% URL Reputation safe
image.excite.co.jp/jp/favicon/lep.ico 0% URL Reputation safe
image.excite.co.jp/jp/favicon/lep.ico 0% URL Reputation safe
image.excite.co.jp/jp/favicon/lep.ico 0% URL Reputation safe
%s.com 0% URL Reputation safe
%s.com 0% URL Reputation safe
%s.com 0% URL Reputation safe
%s.com 0% URL Reputation safe
busca.igbusca.com.br//app/static/images/favicon.ico 0% URL Reputation safe
busca.igbusca.com.br//app/static/images/favicon.ico 0% URL Reputation safe
busca.igbusca.com.br//app/static/images/favicon.ico 0% URL Reputation safe
busca.igbusca.com.br//app/static/images/favicon.ico 0% URL Reputation safe
www.etmall.com.tw/favicon.ico 0% URL Reputation safe
www.etmall.com.tw/favicon.ico 0% URL Reputation safe
www.etmall.com.tw/favicon.ico 0% URL Reputation safe
www.etmall.com.tw/favicon.ico 0% URL Reputation safe
it.search.dada.net/favicon.ico 0% URL Reputation safe
it.search.dada.net/favicon.ico 0% URL Reputation safe
it.search.dada.net/favicon.ico 0% URL Reputation safe
it.search.dada.net/favicon.ico 0% URL Reputation safe
search.hanafos.com/favicon.ico 0% URL Reputation safe
search.hanafos.com/favicon.ico 0% URL Reputation safe
search.hanafos.com/favicon.ico 0% URL Reputation safe
search.hanafos.com/favicon.ico 0% URL Reputation safe
cgi.search.biglobe.ne.jp/favicon.ico 0% Virustotal Browse
cgi.search.biglobe.ne.jp/favicon.ico 0% Avira URL Cloud safe
www.abril.com.br/favicon.ico 0% URL Reputation safe
www.abril.com.br/favicon.ico 0% URL Reputation safe
Unpacked PE Files
Domains
URLs
Copyright null 2021 Page 8 of 66
www.abril.com.br/favicon.ico 0% URL Reputation safe
www.abril.com.br/favicon.ico 0% URL Reputation safe
search.msn.co.jp/results.aspx?q= 0% URL Reputation safe
search.msn.co.jp/results.aspx?q= 0% URL Reputation safe
search.msn.co.jp/results.aspx?q= 0% URL Reputation safe
search.msn.co.jp/results.aspx?q= 0% URL Reputation safe
buscar.ozu.es/ 0% Virustotal Browse
buscar.ozu.es/ 0% Avira URL Cloud safe
busca.igbusca.com.br/ 0% URL Reputation safe
busca.igbusca.com.br/ 0% URL Reputation safe
busca.igbusca.com.br/ 0% URL Reputation safe
busca.igbusca.com.br/ 0% URL Reputation safe
search.auction.co.kr/ 0% URL Reputation safe
search.auction.co.kr/ 0% URL Reputation safe
search.auction.co.kr/ 0% URL Reputation safe
search.auction.co.kr/ 0% URL Reputation safe
busca.buscape.com.br/favicon.ico 0% URL Reputation safe
busca.buscape.com.br/favicon.ico 0% URL Reputation safe
busca.buscape.com.br/favicon.ico 0% URL Reputation safe
busca.buscape.com.br/favicon.ico 0% URL Reputation safe
www.pchome.com.tw/favicon.ico 0% URL Reputation safe
www.pchome.com.tw/favicon.ico 0% URL Reputation safe
www.pchome.com.tw/favicon.ico 0% URL Reputation safe
www.pchome.com.tw/favicon.ico 0% URL Reputation safe
browse.guardian.co.uk/favicon.ico 0% URL Reputation safe
browse.guardian.co.uk/favicon.ico 0% URL Reputation safe
browse.guardian.co.uk/favicon.ico 0% URL Reputation safe
browse.guardian.co.uk/favicon.ico 0% URL Reputation safe
google.pchome.com.tw/ 0% URL Reputation safe
google.pchome.com.tw/ 0% URL Reputation safe
google.pchome.com.tw/ 0% URL Reputation safe
google.pchome.com.tw/ 0% URL Reputation safe
www.ozu.es/favicon.ico 0% Virustotal Browse
www.ozu.es/favicon.ico 0% Avira URL Cloud safe
search.yahoo.co.jp/favicon.ico 0% URL Reputation safe
search.yahoo.co.jp/favicon.ico 0% URL Reputation safe
search.yahoo.co.jp/favicon.ico 0% URL Reputation safe
search.yahoo.co.jp/favicon.ico 0% URL Reputation safe
www.gmarket.co.kr/ 0% URL Reputation safe
www.gmarket.co.kr/ 0% URL Reputation safe
www.gmarket.co.kr/ 0% URL Reputation safe
www.gmarket.co.kr/ 0% URL Reputation safe
searchresults.news.com.au/ 0% URL Reputation safe
searchresults.news.com.au/ 0% URL Reputation safe
searchresults.news.com.au/ 0% URL Reputation safe
searchresults.news.com.au/ 0% URL Reputation safe
www.asharqalawsat.com/ 0% URL Reputation safe
www.asharqalawsat.com/ 0% URL Reputation safe
www.asharqalawsat.com/ 0% URL Reputation safe
www.asharqalawsat.com/ 0% URL Reputation safe
search.yahoo.co.jp 0% URL Reputation safe
search.yahoo.co.jp 0% URL Reputation safe
search.yahoo.co.jp 0% URL Reputation safe
search.yahoo.co.jp 0% URL Reputation safe
buscador.terra.es/ 0% URL Reputation safe
buscador.terra.es/ 0% URL Reputation safe
buscador.terra.es/ 0% URL Reputation safe
buscador.terra.es/ 0% URL Reputation safe
search.orange.co.uk/favicon.ico 0% URL Reputation safe
search.orange.co.uk/favicon.ico 0% URL Reputation safe
Source Detection Scanner Label Link
Copyright null 2021 Page 9 of 66
Name IP Active Malicious Antivirus Detection Reputation
download-stats.r53-2.services.mozilla.com 35.155.87.117 true false high
dzlgdtxcws9pb.cloudfront.net 13.224.96.162 true false high
bouncer-bouncer-elb.prod.mozaws.net 52.23.121.221 true false high
firefox.com 44.236.48.31 true false high
www.firefox.com unknown unknown false high
download-stats.mozilla.org unknown unknown false high
Name Malicious Antivirus Detection Reputation
download-stats.mozilla.org/stub/v8/aurora/aurora/en-GB/1/1/10/0/17134/0/0/11/0/9/0//0/0/43/42/0/0/0/0/0/1/0/0/0/0/0/1/1/0/1/Unknown//0/0
false high
Name Source Malicious Antivirus Detection Reputation
search.chol.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.mercadolivre.com.br/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
www.merlin.com.pl/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
search.ebay.de/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.mtv.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.rambler.ru/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.nifty.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.dailymail.co.uk/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
www3.fnac.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
buscar.ya.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
search.yahoo.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.sogou.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
asp.usatoday.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
fr.search.yahoo.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
rover.ebay.com setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
in.search.yahoo.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
img.shopzilla.com/shopzilla/shopzilla.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
Domains and IPs
Contacted Domains
Contacted URLs
URLs from Memory and Binaries
Copyright null 2021 Page 10 of 66
search.ebay.in/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
image.excite.co.jp/jp/favicon/lep.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://www.instagram.com/mozilla/ installer-help[1].htm.21.dr false high
https://stats.g.doubleclick.net/j/collect analytics[1].js.21.dr false high
%s.com setup-stub.exe, 00000001.00000002.299151180.00000000036E0000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
low
msk.afisha.ru/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.reddit.com/ msapplication.xml4.20.dr false high
busca.igbusca.com.br//app/static/images/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
search.rediff.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.ya.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.etmall.com.tw/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
it.search.dada.net/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
search.naver.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.google.ru/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
search.hanafos.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://twitter.com/mozilla installer-help[1].htm.21.dr false high
https://bugzilla.mozilla.org/show_bug.cgi?id=1122305#c8
installer-help[1].htm.21.dr false high
cgi.search.biglobe.ne.jp/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false 0%, Virustotal, BrowseAvira URL Cloud: safe
unknown
www.abril.com.br/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
search.daum.net/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
search.naver.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
search.msn.co.jp/results.aspx?q= setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
www.clarin.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
buscar.ozu.es/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false 0%, Virustotal, BrowseAvira URL Cloud: safe
unknown
kr.search.yahoo.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
search.about.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
Name Source Malicious Antivirus Detection Reputation
Copyright null 2021 Page 11 of 66
busca.igbusca.com.br/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.ask.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.priceminister.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.cjmall.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
search.centrum.cz/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
suche.t-online.de/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.google.it/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
search.auction.co.kr/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
www.ceneo.pl/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.amazon.de/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
sads.myspace.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
busca.buscape.com.br/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
www.pchome.com.tw/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
browse.guardian.co.uk/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
google.pchome.com.tw/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
list.taobao.com/browse/search_visual.htm?n=15&q= setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.rambler.ru/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
uk.search.yahoo.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
espanol.search.yahoo.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.ozu.es/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false 0%, Virustotal, BrowseAvira URL Cloud: safe
unknown
search.sify.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
openimage.interpark.com/interpark.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
search.yahoo.co.jp/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
Name Source Malicious Antivirus Detection Reputation
Copyright null 2021 Page 12 of 66
search.ebay.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.gmarket.co.kr/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
search.nifty.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
searchresults.news.com.au/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
www.google.si/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.google.cz/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.soso.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.univision.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
search.ebay.it/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.amazon.com/ msapplication.xml.20.dr false high
images.joins.com/ui_c/fvc_joins.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.asharqalawsat.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
busca.orange.es/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
cnweb.search.live.com/results.aspx?q= setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.twitter.com/ msapplication.xml5.20.dr false high
auto.search.msn.com/response.asp?MT= setup-stub.exe, 00000001.00000002.299151180.00000000036E0000.00000002.00000001.sdmp
false high
search.yahoo.co.jp setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
www.target.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
buscador.terra.es/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
mozilla.org/MPL/2.0/. Firefox Installer.exe, 00000000.00000003.196148324.0000000002D70000.00000004.00000001.sdmp, setup-stub.exe, 00000001.00000002.297791412.000000000087C000.00000004.00000001.sdmp, setup-stub.exe, 00000001.00000002.297132069.0000000000422000.00000004.00020000.sdmp, setup-stub.exe, 00000001.00000003.294333845.000000000087C000.00000004.00000001.sdmp, stub_common.css.1.dr, installing.html.1.dr, installing.js.1.dr
false high
https://firefox.com/set_hsts.gif installer-help[1].htm.21.dr false high
search.orange.co.uk/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
www.iask.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
Name Source Malicious Antivirus Detection Reputation
Copyright null 2021 Page 13 of 66
www.tesco.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
cgi.search.biglobe.ne.jp/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false 0%, Virustotal, BrowseAvira URL Cloud: safe
unknown
search.seznam.cz/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
suche.freenet.de/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
search.interpark.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
search.ipop.co.kr/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
search.espn.go.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
www.myspace.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
search.centrum.cz/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp
false high
Name Source Malicious Antivirus Detection Reputation
No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs
IP Domain Country Flag ASN ASN Name Malicious
13.224.96.162 unknown United States 16509 AMAZON-02US false
35.155.87.117 unknown United States 16509 AMAZON-02US false
44.236.48.31 unknown United States 16509 AMAZON-02US false
Contacted IPs
Public
Copyright null 2021 Page 14 of 66
General Information
Joe Sandbox Version: 31.0.0 Emerald
Analysis ID: 355697
Start date: 21.02.2021
Start time: 01:22:13
Joe Sandbox Product: CloudBasic
Overall analysis duration: 0h 6m 31s
Hypervisor based Inspection enabled: false
Report type: light
Sample file name: Firefox Installer.exe
Cookbook file name: default.jbs
Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed: 32
Number of new started drivers analysed: 0
Number of existing processes analysed: 0
Number of existing drivers analysed: 0
Number of injected processes analysed: 0
Technologies: HCA enabledEGA enabledHDC enabledAMSI enabled
Analysis Mode: default
Analysis stop reason: Timeout
Detection: SUS
Classification: sus22.spyw.winEXE@7/64@3/3
EGA Information: Failed
HDC Information: Successful, ratio: 98% (good quality ratio 89.3%)Quality average: 76.5%Quality standard deviation: 35.3%
HCA Information: Failed
Cookbook Comments: Adjust boot timeEnable AMSIFound application associated with file extension: .exe
Copyright null 2021 Page 15 of 66
Warnings:Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exeTCP Packets have been reduced to 100Excluded IPs from analysis (whitelisted): 104.43.139.144, 13.88.21.125, 92.122.145.220, 104.43.193.48, 52.255.188.83, 168.61.161.212, 51.11.168.160, 23.218.208.56, 88.221.62.148, 104.18.165.34, 104.18.164.34, 142.250.184.104, 216.58.212.142, 8.248.117.254, 67.27.157.254, 67.27.159.126, 8.253.204.121, 67.26.83.254, 20.54.26.129, 51.104.144.132, 92.122.213.247, 92.122.213.194, 152.199.19.161Excluded domains from analysis (whitelisted): download.mozilla.org, arc.msn.com.nsatc.net, www.mozilla.org.cdn.cloudflare.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, e12564.dspb.akamaiedge.net, go.microsoft.com, www.googletagmanager.com, audownload.windowsupdate.nsatc.net, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.google-analytics.com, fs.microsoft.com, www-google-analytics.l.google.com, ie9comview.vo.msecnd.net, www-googletagmanager.l.google.com, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, www.mozilla.org, skypedataprdcolwus15.cloudapp.net, cs9.wpc.v0cdn.netReport size exceeded maximum capacity and may have missing behavior information.Report size getting too big, too many NtOpenKeyEx calls found.Report size getting too big, too many NtProtectVirtualMemory calls found.Report size getting too big, too many NtQueryValueKey calls found.
No simulations
Match Associated Sample Name / URL SHA 256 Detection Link Context
13.224.96.162 https://townemortgage-my.sharepoint.com/:b:/p/cislami/ETa8xXdrX-FKtlaSfOphTioBLICbx4muhejuoDN0jK0wqw?e=4%3aBnR24e&at=9
Get hash malicious Browse
Show All
Simulations
Behavior and APIs
Joe Sandbox View / Context
IPs
Copyright null 2021 Page 16 of 66
https://www.canva.com/design/DAEP8Lslefs/1QHXKjNU7Rc-vcFi3qKqEA/view?utm_content=DAEP8Lslefs&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton
Get hash malicious Browse
https://www.canva.com/design/DAEPXu2qGvw/k5VLbFVATM5hEHHOGOOwNA/view?utm_content=DAEPXu2qGvw&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink
Get hash malicious Browse
https://www.canva.com/design/DAEPXu2qGvw/k5VLbFVATM5hEHHOGOOwNA/view?utm_content=DAEPXu2qGvw&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink
Get hash malicious Browse
https://airtable.com/shrvUPgQ9zYvsB8r6 Get hash malicious Browse
https://www.canva.com/design/DAEOhhihuRE/ilbmdiYYv4SZabsnRUeaIQ/view?utm_content=DAEOhhihuRE&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton
Get hash malicious Browse
https://nl.raymondbaez.com/xxx/redirect/ Get hash malicious Browse
https://www.canva.com/design/DAEN3YdYVHw/zaVHWoDx-9G9l20JXWSBtg/view?utm_content=DAEN3YdYVHw&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton
Get hash malicious Browse
https://www.canva.com/design/DAENr9VVSBY/j0BB1RmEldachKWw-1swmQ/view?utm_content=DAENr9VVSBY&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink
Get hash malicious Browse
https://www.canva.com/design/DAENVYOHvFA/QhSvoOcZFDz8qgW3A0jWDQ/view?utm_content=DAENVYOHvFA&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton
Get hash malicious Browse
https://www.canva.com/design/DAEMXlzyBJo/VT_PJS9miMeLf1BsAVFwFA/view?utm_content=DAEMXlzyBJo&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton
Get hash malicious Browse
https://www.canva.com/design/DAEMXlzyBJo/VT_PJS9miMeLf1BsAVFwFA/view?utm_content=DAEMXlzyBJo&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton
Get hash malicious Browse
https://www.canva.com/design/DAEMdmL9jFw/8ZJKhuApMc0F-GfEMjLbGg/view?utm_content=DAEMdmL9jFw&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink
Get hash malicious Browse
https://www.canva.com/design/DAEMYJa0q38/pqva4aItg5UutnXwpQWdBA/view?utm_content=DAEMYJa0q38&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink
Get hash malicious Browse
https://www.canva.com/design/DAEJ02ptevs/3JYtKOkIl0JKiwwgCUSQKw/view?utm_content=DAEJ02ptevs&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton
Get hash malicious Browse
https://customonehomes-my.sharepoint.com/:b:/g/personal/sheila_customonehomesmn_com/ETIP3qftFphArSEZPzIQjWoBYOSk7xE5-Wh6Nzt2BkRJpw?e=4%3aBiJK0J&at=9
Get hash malicious Browse
44.236.48.31 https://www.canva.com/design/DAEQZtuJBHQ/-KqHZHDeeo0Ff-f1vALKQQ/view?utm_content=DAEQZtuJBHQ&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink
Get hash malicious Browse
https://www.canva.com/design/DAEPXu2qGvw/k5VLbFVATM5hEHHOGOOwNA/view?utm_content=DAEPXu2qGvw&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink
Get hash malicious Browse
https://www.canva.com/design/DAEPWILyBiI/ZnP1WTHl7xNwOB76L4gORw/view?utm_content=DAEPWILyBiI&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink
Get hash malicious Browse
https://airtable.com/shrvUPgQ9zYvsB8r6 Get hash malicious Browse
Match Associated Sample Name / URL SHA 256 Detection Link Context
Copyright null 2021 Page 17 of 66
https://www.canva.com/design/DAEPD5F7x4w/nI8qoCkPV-p6ew3evzbyTw/view?utm_content=DAEPD5F7x4w&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton
Get hash malicious Browse
https://nl.raymondbaez.com/xxx/redirect/ Get hash malicious Browse
https://www.canva.com/design/DAEN9RlD8Vk/acBvt6UoL-DafjXmQk38pA/view?utm_content=DAEN9RlD8Vk&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink
Get hash malicious Browse
https://my.freshbooks.com/#/link/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzeXN0ZW1pZCI6OTQ3OTM1LCJ1c2VyaWQiOjYzNDYyNywidHlwZSI6Imludm9pY2UiLCJvYmplY3RpZCI6Mjg4MjQ0OSwiZXhwIjoxNjM3MjY5MTgxLCJsZXZlbCI6MH0.DGVcXxdiwtgxTUka4TzPi_o6GS8zH-kvvTnFJZxapLg?companyName=Amanda&invoiceNumber=00007767&ownerEmail=avigilante%40maxburst.com&type=primary
Get hash malicious Browse
https://www.canva.com/design/DAEN3YdYVHw/zaVHWoDx-9G9l20JXWSBtg/view?utm_content=DAEN3YdYVHw&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton
Get hash malicious Browse
https://www.canva.com/design/DAENr9VVSBY/j0BB1RmEldachKWw-1swmQ/view?utm_content=DAENr9VVSBY&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink
Get hash malicious Browse
Match Associated Sample Name / URL SHA 256 Detection Link Context
Match Associated Sample Name / URL SHA 256 Detection Link Context
dzlgdtxcws9pb.cloudfront.nethttps://www.canva.com/design/DAESYWKuLHs/avvDNRvDuj_tk82H9Q45ZQ/view?utm_content=DAESYWKuLHs&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton
Get hash malicious Browse 143.204.6.224
y.novobanco.opengateautospray.com/674616e69612e726f7361406e6f766f62616e636f2e7074
Get hash malicious Browse 143.204.6.224
https://www.canva.com/design/DAEQ9wWiiI4/xe_9LxFtkmjBa9UV_tvT3Q/view?utm_content=DAEQ9wWiiI4&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink
Get hash malicious Browse 143.204.6.224
https://www.canva.com/design/DAEQZtuJBHQ/-KqHZHDeeo0Ff-f1vALKQQ/view?utm_content=DAEQZtuJBHQ&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink
Get hash malicious Browse 143.204.6.224
https://townemortgage-my.sharepoint.com/:b:/p/cislami/ETa8xXdrX-FKtlaSfOphTioBLICbx4muhejuoDN0jK0wqw?e=4%3aBnR24e&at=9
Get hash malicious Browse 13.224.96.162
https://www.canva.com/design/DAEP8Lslefs/1QHXKjNU7Rc-vcFi3qKqEA/view?utm_content=DAEP8Lslefs&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton
Get hash malicious Browse 13.224.96.162
https://www.canva.com/design/DAEPXu2qGvw/k5VLbFVATM5hEHHOGOOwNA/view?utm_content=DAEPXu2qGvw&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink
Get hash malicious Browse 13.224.96.162
https://www.canva.com/design/DAEPYcksizk/0MRkCRv3o_LJBVKhQRIOLQ/view?utm_content=DAEPYcksizk&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton
Get hash malicious Browse 143.204.93.114
https://www.canva.com/design/DAEPWILyBiI/ZnP1WTHl7xNwOB76L4gORw/view?utm_content=DAEPWILyBiI&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink
Get hash malicious Browse 143.204.93.114
https://airtable.com/shrvUPgQ9zYvsB8r6 Get hash malicious Browse 13.224.96.162
https://www.canva.com/design/DAEPD5F7x4w/nI8qoCkPV-p6ew3evzbyTw/view?utm_content=DAEPD5F7x4w&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton
Get hash malicious Browse 143.204.93.114
Domains
Copyright null 2021 Page 18 of 66
https://airtable.com/shrvUPgQ9zYvsB8r6 Get hash malicious Browse 143.204.209.188
https://airtable.com/shrvUPgQ9zYvsB8r6 Get hash malicious Browse 65.9.7.135
https://www.canva.com/design/DAEOhhihuRE/ilbmdiYYv4SZabsnRUeaIQ/view?utm_content=DAEOhhihuRE&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton
Get hash malicious Browse 13.224.96.162
https://nl.raymondbaez.com/xxx/redirect/ Get hash malicious Browse 13.224.96.162
https://www.canva.com/design/DAEN9RlD8Vk/acBvt6UoL-DafjXmQk38pA/view?utm_content=DAEN9RlD8Vk&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink
Get hash malicious Browse 13.226.244.213
https://my.freshbooks.com/#/link/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzeXN0ZW1pZCI6OTQ3OTM1LCJ1c2VyaWQiOjYzNDYyNywidHlwZSI6Imludm9pY2UiLCJvYmplY3RpZCI6Mjg4MjQ0OSwiZXhwIjoxNjM3MjY5MTgxLCJsZXZlbCI6MH0.DGVcXxdiwtgxTUka4TzPi_o6GS8zH-kvvTnFJZxapLg?companyName=Amanda&invoiceNumber=00007767&ownerEmail=avigilante%40maxburst.com&type=primary
Get hash malicious Browse 65.9.191.136
https://www.canva.com/design/DAEN3YdYVHw/zaVHWoDx-9G9l20JXWSBtg/view?utm_content=DAEN3YdYVHw&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton
Get hash malicious Browse 13.224.96.162
https://www.canva.com/design/DAENqED8UzU/0m_RcAQIILTwa79MyPG8KA/view?utm_content=DAENqED8UzU&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton
Get hash malicious Browse 143.204.6.224
https://www.canva.com/design/DAENr9VVSBY/j0BB1RmEldachKWw-1swmQ/view?utm_content=DAENr9VVSBY&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink
Get hash malicious Browse 13.224.96.162
download-stats.r53-2.services.mozilla.com
Firefox Installer.exe Get hash malicious Browse 52.42.67.12
Firefox Installer.exe Get hash malicious Browse 52.10.26.75
Firefox Installer.exe Get hash malicious Browse 52.10.26.75
bouncer-bouncer-elb.prod.mozaws.net https://townemortgage-my.sharepoint.com/:b:/p/cislami/ETa8xXdrX-FKtlaSfOphTioBLICbx4muhejuoDN0jK0wqw?e=4%3aBnR24e&at=9
Get hash malicious Browse 54.145.109.57
Firefox Installer.exe Get hash malicious Browse 52.204.34.225
Setup.exe Get hash malicious Browse 52.86.101.158
22Firefox Installer.exe Get hash malicious Browse 18.214.169.152
DriverUpdate-setup-30503a29-618a-4545-ae2f-f846f9810bbb.exe
Get hash malicious Browse 52.7.249.130
Firefox Installer.exe Get hash malicious Browse 52.206.57.68
19DHL.exe Get hash malicious Browse 3.212.251.241
Match Associated Sample Name / URL SHA 256 Detection Link Context
Match Associated Sample Name / URL SHA 256 Detection Link Context
AMAZON-02US iopjvdf.dll Get hash malicious Browse 13.225.75.73
document-750895311.xls Get hash malicious Browse 143.204.4.74
urgent specification request.exe Get hash malicious Browse 54.238.136.178
P.O-48452689535945.exe Get hash malicious Browse 52.58.78.16
C1.Qoute-Purequest Air Filtration Technologies (Pty) Ltd.xlsm Get hash malicious Browse 13.226.169.13
C1.Qoute-Purequest Air Filtration Technologies (Pty) Ltd.xlsm Get hash malicious Browse 99.86.167.30
Shinshin Machinery.exe Get hash malicious Browse 3.141.74.7
C1.Qoute-Purequest Air Filtration Technologies (Pty) Ltd.xlsm Get hash malicious Browse 99.86.167.40
CMahQwuvAE.exe Get hash malicious Browse 3.18.253.84
ufsT8EFZBg.exe Get hash malicious Browse 54.185.96.144
l4lHzL7BMk.exe Get hash malicious Browse 54.185.96.144
m5fF9jhh66.exe Get hash malicious Browse 54.185.96.144
MZlUAhy1o7.exe Get hash malicious Browse 54.185.96.144
HBL VRN0924588.xlsx Get hash malicious Browse 3.141.74.7
networkmanager Get hash malicious Browse 54.201.22.174
HEC Batangas Integrated LNG and Power Project DocumentationsType a message.exe.exe
Get hash malicious Browse 15.207.163.255
qkfI7LuPTE Get hash malicious Browse 13.224.94.111
ASN
Copyright null 2021 Page 19 of 66
jd6kNhbT7v.exe Get hash malicious Browse 54.185.96.144
nPpF6dUvX0.exe Get hash malicious Browse 54.185.96.144
5AFgY3C91D.exe Get hash malicious Browse 54.185.96.144
AMAZON-02US iopjvdf.dll Get hash malicious Browse 13.225.75.73
document-750895311.xls Get hash malicious Browse 143.204.4.74
urgent specification request.exe Get hash malicious Browse 54.238.136.178
P.O-48452689535945.exe Get hash malicious Browse 52.58.78.16
C1.Qoute-Purequest Air Filtration Technologies (Pty) Ltd.xlsm Get hash malicious Browse 13.226.169.13
C1.Qoute-Purequest Air Filtration Technologies (Pty) Ltd.xlsm Get hash malicious Browse 99.86.167.30
Shinshin Machinery.exe Get hash malicious Browse 3.141.74.7
C1.Qoute-Purequest Air Filtration Technologies (Pty) Ltd.xlsm Get hash malicious Browse 99.86.167.40
CMahQwuvAE.exe Get hash malicious Browse 3.18.253.84
ufsT8EFZBg.exe Get hash malicious Browse 54.185.96.144
l4lHzL7BMk.exe Get hash malicious Browse 54.185.96.144
m5fF9jhh66.exe Get hash malicious Browse 54.185.96.144
MZlUAhy1o7.exe Get hash malicious Browse 54.185.96.144
HBL VRN0924588.xlsx Get hash malicious Browse 3.141.74.7
networkmanager Get hash malicious Browse 54.201.22.174
HEC Batangas Integrated LNG and Power Project DocumentationsType a message.exe.exe
Get hash malicious Browse 15.207.163.255
qkfI7LuPTE Get hash malicious Browse 13.224.94.111
jd6kNhbT7v.exe Get hash malicious Browse 54.185.96.144
nPpF6dUvX0.exe Get hash malicious Browse 54.185.96.144
5AFgY3C91D.exe Get hash malicious Browse 54.185.96.144
AMAZON-02US iopjvdf.dll Get hash malicious Browse 13.225.75.73
document-750895311.xls Get hash malicious Browse 143.204.4.74
urgent specification request.exe Get hash malicious Browse 54.238.136.178
P.O-48452689535945.exe Get hash malicious Browse 52.58.78.16
C1.Qoute-Purequest Air Filtration Technologies (Pty) Ltd.xlsm Get hash malicious Browse 13.226.169.13
C1.Qoute-Purequest Air Filtration Technologies (Pty) Ltd.xlsm Get hash malicious Browse 99.86.167.30
Shinshin Machinery.exe Get hash malicious Browse 3.141.74.7
C1.Qoute-Purequest Air Filtration Technologies (Pty) Ltd.xlsm Get hash malicious Browse 99.86.167.40
CMahQwuvAE.exe Get hash malicious Browse 3.18.253.84
ufsT8EFZBg.exe Get hash malicious Browse 54.185.96.144
l4lHzL7BMk.exe Get hash malicious Browse 54.185.96.144
m5fF9jhh66.exe Get hash malicious Browse 54.185.96.144
MZlUAhy1o7.exe Get hash malicious Browse 54.185.96.144
HBL VRN0924588.xlsx Get hash malicious Browse 3.141.74.7
networkmanager Get hash malicious Browse 54.201.22.174
HEC Batangas Integrated LNG and Power Project DocumentationsType a message.exe.exe
Get hash malicious Browse 15.207.163.255
qkfI7LuPTE Get hash malicious Browse 13.224.94.111
jd6kNhbT7v.exe Get hash malicious Browse 54.185.96.144
nPpF6dUvX0.exe Get hash malicious Browse 54.185.96.144
5AFgY3C91D.exe Get hash malicious Browse 54.185.96.144
Match Associated Sample Name / URL SHA 256 Detection Link Context
Match Associated Sample Name / URL SHA 256 Detection Link Context
9e10692f1b7f78228b2d4e424db3a98c Njs4kjnD5X.dll Get hash malicious Browse 44.236.48.3113.224.96.162
Uiha1GUS7S.dll Get hash malicious Browse 44.236.48.3113.224.96.162
SecuriteInfo.com.Mal.EncPk-APW.20360.dll Get hash malicious Browse 44.236.48.3113.224.96.162
10.dll Get hash malicious Browse 44.236.48.3113.224.96.162
iopjvdf.dll Get hash malicious Browse 44.236.48.3113.224.96.162
d88e07467ddcf9e3b19fa972b9f000d1.exe Get hash malicious Browse 44.236.48.3113.224.96.162
zP9r0Y0QaA.dll Get hash malicious Browse 44.236.48.3113.224.96.162
kYHAeYQDFy.dll Get hash malicious Browse 44.236.48.3113.224.96.162
AtxEaMk8Zr.dll Get hash malicious Browse 44.236.48.3113.224.96.162
JA3 Fingerprints
Copyright null 2021 Page 20 of 66
7PCT0zXmnp.dll Get hash malicious Browse 44.236.48.3113.224.96.162
QAM8tR7ZFa.dll Get hash malicious Browse 44.236.48.3113.224.96.162
DLKGGjg95M.dll Get hash malicious Browse 44.236.48.3113.224.96.162
nS88Jbs3fq.dll Get hash malicious Browse 44.236.48.3113.224.96.162
oij4BmArF3.dll Get hash malicious Browse 44.236.48.3113.224.96.162
mpjKH8lZpe.dll Get hash malicious Browse 44.236.48.3113.224.96.162
YXCDlW9FmD.dll Get hash malicious Browse 44.236.48.3113.224.96.162
MCUE2OrSCd.dll Get hash malicious Browse 44.236.48.3113.224.96.162
AEnV5Az5Io.dll Get hash malicious Browse 44.236.48.3113.224.96.162
PgJq4wSKWt.dll Get hash malicious Browse 44.236.48.3113.224.96.162
YjdyTcR01H.dll Get hash malicious Browse 44.236.48.3113.224.96.162
Match Associated Sample Name / URL SHA 256 Detection Link Context
Match Associated Sample Name / URL SHA 256 Detection Link Context
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\System.dll
Firefox Setup 78.5.0esr.msi Get hash malicious Browse
FileZilla_3.42.1_win64_sponsored-setup.exe Get hash malicious Browse
Firefox Installer.exe Get hash malicious Browse
FileZilla_3.42.1_win64_sponsored-setup.exe Get hash malicious Browse
https://rpmi.aspire.co/ucs/dl/micollab_pc.msi Get hash malicious Browse
FileZilla_3.41.1_win64-setup_bundled.exe Get hash malicious Browse
FileZilla_3.41.1_win64-setup_bundled.exe Get hash malicious Browse
Firefox Setup 75.0.msi Get hash malicious Browse
#U6ac3#U8cb7#U5b89#U63a7#U4e2d#U4ecb#U5143#U4ef6.exe
Get hash malicious Browse
7N9HRsNAb5.exe Get hash malicious Browse
Firefox Installer.exe Get hash malicious Browse
Firefox Installer.exe Get hash malicious Browse
FileZilla_3.34.0_win64-setup_bundled.exe Get hash malicious Browse
https://download.filezilla-project.org/client/FileZilla_3.34.0_win64-setup_bundled.exe
Get hash malicious Browse
FileZilla_3.33.0_win64-setup_bundled.exe Get hash malicious Browse
Firefox_Setup_Stub_58.0.exe Get hash malicious Browse
O9wdkqzdPF.exe Get hash malicious Browse
btweb_installer(1).exe Get hash malicious Browse
FileZilla_3.42.1_win64_sponsored-setup.exe Get hash malicious Browse
FileZilla_3.42.1_win64_sponsored-setup.exe Get hash malicious Browse
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\CityHash.dll
Firefox Setup 78.5.0esr.msi Get hash malicious Browse
Firefox Setup 75.0.msi Get hash malicious Browse
https://ftp.mozilla.org/pub/firefox/releases/49.0.2/win64/en-US/Firefox%20Setup%2049.0.2.exe
Get hash malicious Browse
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7C95EFC1-7426-11EB-90E4-ECF4BB862DED}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Category: dropped
Size (bytes): 24152
Entropy (8bit): 1.7632107910271198
Encrypted: false
SSDEEP: 48:Iw1GcprsGwpLhG/ap8LGIpcXWGvnZpvXMGvHZp9XZGokqpvXzQGo47pcFkEWGWUE:rrZEZl2dWDtFfTtP7Wc
MD5: F566B393EAD01B22BA411AC4815C62F4
SHA1: 4B4C085EFD2825F557682923925137AD1EF63B85
Dropped Files
Created / dropped Files
Copyright null 2021 Page 21 of 66
SHA-256: 10D6186BD8ED6CEEC97753BDFF99A28E7F82B9147456F712EA52D2EB2F5A7887
SHA-512: 052A6A7907B5C415CC0BD724E915A3DEE744231CB7E6A9E31C27FEF6FD43339CD813258DF2CDE3EB55DD0280B7632A67FAD6F1FBBB5D37969C93BEF33275C51E
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7C95EFC1-7426-11EB-90E4-ECF4BB862DED}.dat
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7C95EFC3-7426-11EB-90E4-ECF4BB862DED}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Category: dropped
Size (bytes): 27036
Entropy (8bit): 1.998221273521783
Encrypted: false
SSDEEP: 192:rfZwQUbZP0ecP7sPiqAPhKAPsQPA9P1fNYrAVeVTVIB:rBJSZPEPYPNAPsAPhP4PBNYrAVeVTV2
MD5: F8BF7153B316925A642C9FF3D12F8BA5
SHA1: 112C4A36674D8B033FAD90DDB2B2BDD7140D0C08
SHA-256: C974F9D754D16A935A22A1906B8883504C5A96E50F15A402E62354F9B6660EAD
SHA-512: A2DAD651344C91DA11D8977CB20EA0C6EF4F31B70E0DDD2CDDB2E8AA8959DD3D551584985B00DA8AC82EDCFF13ADAA8E60D9741B377AD47E06D6EE03FE4A4FEF
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category: dropped
Size (bytes): 656
Entropy (8bit): 5.126665028668184
Encrypted: false
SSDEEP: 12:TMHdNMNxOEjnWimI002EtM3MHdNMNxOEjnWimI00ObVbkEtMb:2d6NxO2SZHKd6NxO2SZ76b
MD5: 0A7442A034D1DFDD1015155F569BB9A3
SHA1: C0799F7316F4873FE966BC01F0E09E686C203031
SHA-256: 61B243688364B871641508783466188BF5793A8E7F5D0271B045FC607729A7D3
SHA-512: 6693DAFCE4786655CACA183291CC1749C3246791AAC314A2224537212CC95F8787B6B00A8424095130447DE17F9661A9FA92F186CB628A4FDB835C21EE55C07F
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x5281a465,0x01d70833</date><accdate>0x5281a465,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x5281a465,0x01d70833</date><accdate>0x5281a465,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category: dropped
Size (bytes): 653
Entropy (8bit): 5.131093561174962
Encrypted: false
SSDEEP: 12:TMHdNMNxe2ktnWimI002EtM3MHdNMNxe2k7nWimI00Obkak6EtMb:2d6NxrISZHKd6NxrGSZ7Aa7b
MD5: 9E5C8FFB0EE753A5DE5FBA362FC4B583
SHA1: 7241296BA82B78B1B3DC58BBEC5445331E5C8D7D
SHA-256: DFD5CB572FB2674C2FE07CDEB197DC604E80E0172C06192BB4FCED24FAAC38BE
SHA-512: DB03B8EF3C4D9C26D12E4BF4E88F31142965A35CF907F3E3D7A4CADCABF960E8F7056CA626C917D36901DAC9DA7A6049681DB6290FFB6F16975B4F5AED0C758C
Malicious: false
Reputation: low
Copyright null 2021 Page 22 of 66
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x527a7d49,0x01d70833</date><accdate>0x527a7d49,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x527a7d49,0x01d70833</date><accdate>0x527cdfae,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category: dropped
Size (bytes): 662
Entropy (8bit): 5.134205203915093
Encrypted: false
SSDEEP: 12:TMHdNMNxvLBnWimI002EtM3MHdNMNxvLBnWimI00ObmZEtMb:2d6Nxv9SZHKd6Nxv9SZ7mb
MD5: BB1522911391344B1CC39157D8B467FA
SHA1: B0462DDA70DE710E25C873582845EA3D3216E117
SHA-256: CF49A20F8F81FCDC253E60B9E044D9736E1150C9BC8662347778297C8C706D3F
SHA-512: D397E6CDA89ACB455C92F03E2FD68DB924BD7ADB8AAB233F0DB38B38447253467C6E3B091628A276C3C5E8A10103A65C247ECBE12992BA6BB9E782078119E685
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x528406c1,0x01d70833</date><accdate>0x528406c1,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x528406c1,0x01d70833</date><accdate>0x528406c1,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category: dropped
Size (bytes): 647
Entropy (8bit): 5.142873720939887
Encrypted: false
SSDEEP: 12:TMHdNMNxijnWimI002EtM3MHdNMNxijnWimI00Obd5EtMb:2d6NxUSZHKd6NxUSZ7Jjb
MD5: 235F281F011C0F4D8376E7442AF47760
SHA1: 102AF018B9BC3E599A05FBD22DBBA1F75D167F9F
SHA-256: 1622DBB9421DDB52FF48B2B3C09E010D0BFF6AF1FED375A604D571DA4FFF8738
SHA-512: C81B80FA978728C7112013160727D4E10B3C41CD0085CB82238E46A9468903D7696C91656D3CBD53793AD89DBCBD2636CE2EDA78CF9A2E6BD43CD994C7D5D2A5
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x5281a465,0x01d70833</date><accdate>0x5281a465,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x5281a465,0x01d70833</date><accdate>0x5281a465,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category: dropped
Size (bytes): 656
Entropy (8bit): 5.149144721145254
Encrypted: false
SSDEEP: 12:TMHdNMNxhGwBnWimI002EtM3MHdNMNxhGwBnWimI00Ob8K075EtMb:2d6NxQQSZHKd6NxQQSZ7YKajb
MD5: F6072A51EB00B8CFEE502C49B008709B
SHA1: 8A6DEC1F378F777F011ADC15F43B0F9E3F7F298E
SHA-256: 631C7997702B56ED01407E36A0BD6E5A07CE66C5C9C6B28A7FD270C52B88A0C1
SHA-512: 22777B3C749B0A57738A2EE3848B29C47CA12B9C7686C3784DE2FC2334D30A8817F2F172CF9A6E6E619B95C16EF29B3934ACA7613F8787806E6FA2940E8D6B7E
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x528406c1,0x01d70833</date><accdate>0x528406c1,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x528406c1,0x01d70833</date><accdate>0x528406c1,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
Copyright null 2021 Page 23 of 66
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category: dropped
Size (bytes): 653
Entropy (8bit): 5.129984340022935
Encrypted: false
SSDEEP: 12:TMHdNMNx0njnWimI002EtM3MHdNMNx0njnWimI00ObxEtMb:2d6Nx0jSZHKd6Nx0jSZ7nb
MD5: 48BC5B879603B59B287F82CAFA3B12BF
SHA1: 5B8EB0184341A7716BE031D6D8D8E844C5792A00
SHA-256: DDB111BBB876809C64EB38495ACBF44C273ACFEDA44C5660C957B7135FAFAC0A
SHA-512: E3FEF9886AF5BB987BA67F9E342DEBEB274A9E473010130521CD8D31FC8CE796707CBB1EC47F044A682A79B31EAAA4A0975EE99B3650DB9A5159DE70A979ED46
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x5281a465,0x01d70833</date><accdate>0x5281a465,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x5281a465,0x01d70833</date><accdate>0x5281a465,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category: dropped
Size (bytes): 656
Entropy (8bit): 5.16708872993888
Encrypted: false
SSDEEP: 12:TMHdNMNxxjnWimI002EtM3MHdNMNxxjnWimI00Ob6Kq5EtMb:2d6NxlSZHKd6NxlSZ7ob
MD5: 21B0DA8D861D5C2BE4ADE290FC991E59
SHA1: 49B05DE1ED8A0C2F38F29667F0E635BA9F6EDC58
SHA-256: 9F9BC3108C80AE12D88E951553F25D7EC59F3CDDCCA0A69BFC5C06EBDFD06094
SHA-512: 7C3C23E27067336B45ED2CD51F58534C87AE7FA100D65C340EA6320A01CE702E8ADB85D39C9B5D955ED6C81D46C32A51C270976AB8974C26D34B167B438C742B
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x5281a465,0x01d70833</date><accdate>0x5281a465,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x5281a465,0x01d70833</date><accdate>0x5281a465,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category: dropped
Size (bytes): 659
Entropy (8bit): 5.14845736576335
Encrypted: false
SSDEEP: 12:TMHdNMNxcdnWimI002EtM3MHdNMNxcdnWimI00ObVEtMb:2d6Nx0SZHKd6Nx0SZ7Db
MD5: FD58C633230FA758C01A9473FA898136
SHA1: 14941C8324F6656AD31687202FA9595B2E7C6507
SHA-256: 06AFA234AFF62D3D52E81C71814F636AC6E31DDF16E320146A4DBB47CEB2E1E8
SHA-512: 6923317B219DA4AED5DBE7C41C1D3034D93BA4EACDBD478F17E0C27CFD16631E1B312E8A09FFEA9998B0EBA57CAE5D11662CC1009549EF56B5BEEAA9D94123A9
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x527f4209,0x01d70833</date><accdate>0x527f4209,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x527f4209,0x01d70833</date><accdate>0x527f4209,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category: dropped
Size (bytes): 653
Copyright null 2021 Page 24 of 66
Entropy (8bit): 5.129833054220666
Encrypted: false
SSDEEP: 12:TMHdNMNxfndnWimI002EtM3MHdNMNxfndnWimI00Obe5EtMb:2d6NxlSZHKd6NxlSZ7ijb
MD5: AD69EEDD6AD6C4493BE2C473D9C579C9
SHA1: 0949BE5A71567759F12272FBCC8955E9ECEBE1C2
SHA-256: 6ABFEC0D367087DA70C7414F744BAC32529C6E3759EE213104B0E981535AF50C
SHA-512: 73360DF1CB73F590310895BDA89D23918C038CAE02FFB063897D450EDF004EB833DA61CD0853C29988B0F3C3BB4705223900CDF565786E06E0825D0A15430FB8
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x527f4209,0x01d70833</date><accdate>0x527f4209,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x527f4209,0x01d70833</date><accdate>0x527f4209,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.datProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Category: dropped
Size (bytes): 8270
Entropy (8bit): 7.884408130588547
Encrypted: false
SSDEEP: 192:qgYrZU6AhtZF+g9uEg64W8ACAvQ1aO+ZDLPZNa+0r:q7kGgu+8yvXOePRY/r
MD5: B0989215CFB436EADED492D795871198
SHA1: 34518BE1E54E5C6441979860ED05B87D3B2A3961
SHA-256: BA4A9AD5385569137B9760283D76BE8622E0F69ED3B1428853F45903F9E60C02
SHA-512: 35A0FD2A4477D9B311272D3CE98043E04AED0E2F53EA9AF8ED42154F50FEAE7B7243E28D91E459EA4D03AC3827A9B9A36E7EE02084601035F3B830E9289EE935
Malicious: false
Reputation: low
Preview:[.h.t.t.p.s.:././.w.w.w...m.o.z.i.l.l.a...o.r.g./.m.e.d.i.a./.i.m.g./.f.a.v.i.c.o.n.s./.f.i.r.e.f.o.x./.b.r.o.w.s.e.r./.f.a.v.i.c.o.n.-.1.9.6.x.1.9.6...5.9.e.3.8.2.2.7.2.0.b.e...p.n.g.r....PNG........IHDR..............x~Y....PLTE.....?..>..~.N\..C..w..q..q..r..9..o..r..E..E.z9..E..D..H..r..{..q.}8..H..r..G.=...E..q.."..C..G..E..8..H.....7.TK..1.,`..8..;..E.9..i..Z5.]C..8.=.._V..9.~R..E.;...7.M..;.A..C?.J;.=B.O8..J..B..F..l.5G.T6..gY9..2L..>.\0.8E..E.;..b-.0Q..F..q..9.i(.....;....W3.9...6..b..[........3..H..........p$../.......B...+..#.....).E...I.v"..H.>...J.._..:..:..:..A.~6.Y...HmZ.6...9t\.hW...A..9..6.x4ZA...&^P...6|[.bT.ZK...J..B..L..2.j6..6....U..H...K..5Y<..W..Q.`5...2..C.b8..2.L...MlK.}%...7.>..Z9.q8..3l0.YF...ceE..p2.{.|S...Ff2..*S..Oo9.t*...Q..P.M.D.3.e<...1.8...Q.e2sQ.'..2...i..o.D.<.s@.+..{S..Z.#X.M..sU.2..XX..\yD.B..<.|J./..D[.jV.5...e.,c.aX..J../....:`..%\7...:.,..5Z.O..r.+...)zC...T.UA.r..U.=.UL.e...Q.[.l?.....Uc..^.D..Q..Ns.~..-..h...ew.sb.e.-..H..?..7..,.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Metropolis-Bold.1b5b51bac870[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, CFF, length 17960, version 0.0
Category: downloaded
Size (bytes): 17960
Entropy (8bit): 7.979393130699797
Encrypted: false
SSDEEP: 384:ZkDHSauFx/eNN8Me0neS8LOCdeYftH3AruNhD:ZkixGf9iLOCdvSr
MD5: 1B5B51BAC870E5C2645497A16B769BEC
SHA1: 5577FE0C5BCAF247994B0BE1B1D5048B327FC848
SHA-256: 3C10B2E736B2ABA4E1E629B259A474C1523B62B798AEE56BC0CEE667463EED52
SHA-512: 06EFAB531B442A7EC4F8F4F1DCC7563946AF01AF1A5CB0BD676EA64FDF9AF81C24E734CC09FC91051E8E07E37E19CC905EFEF090DC1FE7131F99B474C0DF6F4D
Malicious: false
Reputation: moderate, very likely benign file
IE Cache URL: https://www.mozilla.org/media/fonts/Metropolis-Bold.1b5b51bac870.woff
Preview:wOFFOTTO..F(......_.........................CFF ......8:[email protected]....]...R...JGSUB..F.............OS/2...h...N...`i..Tcmap.......0....)...head...$...2...6....hhea...H... ...$....hmtx...X........./.maxp.............9P.name...........;....post........... ......P..9..x.c`d`.........|e`f~...W^.M...5..e..|......$........x......Q...s..m.)/k..nX.m.UX[am.qm....Y.%.r........5.Q..y....B~"YkW g .i..9....'._....=f.!mQ..H2.""..4.zq..J..{y*.....r\[email protected]..).....(9.z....Y..B.....v.rD...B..*..f.n..D..k5..d..y."\.A.E...........A.....<=.L[..}K0...h..<c..Z....F~C....-E.\\'.\]QSKB......C...^...pSkPKz..5..|.w .2.....2..o....V..!U.... Psa. ."d.Z...........c_H....-...$.....2i..&!\..0.MuD[2.....y|.5_...._....`R.`|k..c..A.....;!.....:....N.C....iX..p.-h!.x...R/...v5...8]....G.m.y..'[email protected]`d``[email protected].....~x.c`f.e..................D...........@.w...........c..fi......ArL.L......l.w..x.,.a.a........{IE.3.%mV`.&...mY...G...[s.._
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Metropolis-Medium.cce692f84337[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, CFF, length 17708, version 0.0
Category: downloaded
Size (bytes): 17708
Entropy (8bit): 7.979314948108075
Encrypted: false
SSDEEP: 384:xH3aHFYew3eqHbA6TPSiStLEirPN2j9KkDyjC+DA:xXScusbDZm3rl2ZKkD+C+U
Copyright null 2021 Page 25 of 66
MD5: CCE692F84337013497C8C0C9E90F6517
SHA1: D6A95ACD2C9B10489CE45206938195E999802991
SHA-256: 3C7B11A2AAB87A8F80AEDAD2DE99673BB846BC74240104B600754553995F56F8
SHA-512: 301C442F4FB521B6FA9DDFB1FB5640F1D30BB0F74F4BBC9B9ED6B51C1F23CAE809E8FB71DDFB7C4F19DEF87633C291EAC710C05CA7C5204D796D821499D15301
Malicious: false
Reputation: moderate, very likely benign file
IE Cache URL: https://www.mozilla.org/media/fonts/Metropolis-Medium.cce692f84337.woff
Preview:wOFFOTTO..E,......]l........................CFF ......7*..B..{[email protected]..@...._...^...2GSUB..E ............OS/2...l...N...`hN.hcmap.......0....)...head...$...1...6....hhea...L... ...$....hmtx...X.........j:-maxp.............9P.name...........yj..&post........... ......P..9..x.c`d`...;.....|e`f~...W^.M......`)e>..230.D.|......x......Q.E.u..m.m.m.Q....F.6(..v..g...|.g.z.>3.>./9RdS.....J.?..e.\4..>...s.D.=.......*..C.U..9m.....,j.E.~....TIJ..Z.-......1L.T.s)....I.<.:.....!2..Z14.brx.+.hE...J..Lj.s.t.Br.1..%T..M.>.PZ....\....M...:....p......c....".Rg.....1.....u.....:...\^...f..g=..G...}%.Yj.Y.....+.m..............n'5.).;.h.......F+..,@...K......."-.N.@?.}c]..n.e...A'..&QO.yS.a...Tea.J...R....r...{..3.SY.8.R:B.[...'.W:K....A%...;.Nj.....Q!.^*xS5v.%m..-.8..j.7w.h..^i..34.RmVNyQ.Jw.D...A........x.c`d``..o.........R...`...~..dx.c`[email protected][email protected].`......].\.\;...m..-.. ...,.>.d.$.!.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Metropolis-Medium.cce692f84337[1].woff
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\analytics[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 47332
Entropy (8bit): 5.518633523108405
Encrypted: false
SSDEEP: 768:UyC36rcBLbfsl5XqYoyPndHTkoWY3SoavVVy2WiCgYUD0FEw0stZb:UyDAZfY5hVdHTwY3SoIjw0sD
MD5: 6A10EB2BB5C90414980729F4F96FFBDA
SHA1: 8BBBD5948255549E4B691B614AA3177DEA9AF1B7
SHA-256: 0F3BE44690AE9914AE3E47B7752E1BDEA316F09938E9094F99E0DE19CCD8987A
SHA-512: 5A505CBAAEEAB8961AA0DE94767F76A09B6F03E60EB0C72954B85EC0392EE1CE383D2088939A314D3175AB24B7A69390C841CFE0237C1D1C40966B43F22AE929
Malicious: false
Reputation: moderate, very likely benign file
IE Cache URL: https://www.google-analytics.com/analytics.js
Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n=this||self,p=function(a,b){a=a.split(".");var c=n;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var q=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},r=function(a){for(var b in a)if(a.hasOwnProperty(b))return!0;return!1};var t=/^(?:(?:https?|mailto|ftp):|[^:/?#]*(?:[/?#]|$))/i;var v=window,x=document,y=function(a,b){x.addEventListener?x.addEventListener(a,b,!1):x.attachEvent&&x.attachEvent("on"+a,b)};var z={},A=function(){z.TAGGING=z.TAGGING||[];z.TAGGING[1]=!0};var B=/:[0-9]+$/,C=function(a,b,c){a=a.split("&");for(var d=0;d<a.length;d++){var e=a[d].split("=");if(decodeURIComponent(e[0]).replace(/\+/g," ")===b)return b=e.slice(1).join("="),c?b:decodeURIComponent(b).replace(/\+/g," ")}},F=function(a,b){b&&(b=String(b).toLowerCase());if("p
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\black.0b92f54b3059[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 471
Entropy (8bit): 4.598094550080737
Encrypted: false
SSDEEP: 12:trZvnlKIZdWJ0Ti2cKYJb8ZfmqBTJF1LCBAME:tVvnYaYJSihRJb8ZffTL1LCBAME
MD5: 0B92F54B305911937F1B046B407F1DF8
SHA1: BE25A32BB81E20FB33CB31C11BCE6BBB30A36094
SHA-256: D705F7F6B5A32CC664AB1EC268D7342F79A748BEED62F065A5618B5BA5F7DC5D
SHA-512: 60D188162B8A0E3A14B35F07993367FA1BE327B384157CDB43B11BA376517ACC622878F4168CDD9F39B62CE74106399F0F29F2D6E55C92B3244F0BE09EEDF020
Malicious: false
IE Cache URL: https://www.mozilla.org/media/protocol/img/icons/social/youtube/black.0b92f54b3059.svg
Preview:<svg width="16" height="16" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg"><path d="M15.666 3.749C16 4.997 16 7.599 16 7.599s0 2.604-.334 3.852a2.004 2.004 0 0 1-1.415 1.415C13.003 13.2 8 13.2 8 13.2s-5.003 0-6.251-.334A2.004 2.004 0 0 1 .334 11.45C0 10.203 0 7.6 0 7.6s0-2.603.334-3.851A2.004 2.004 0 0 1 1.75 2.334C2.997 2 7.999 2 7.999 2s5.004 0 6.252.334c.689.184 1.23.726 1.415 1.415zM6.4 9.999L10.557 7.6 6.4 5.2V10z" fill="#000" fill-rule="evenodd"/></svg>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\black.40d1af88c248[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 1681
Entropy (8bit): 4.263886668961708
Encrypted: false
SSDEEP: 24:tiBj16xQpKeTJhIP1NRbdWhuJLi0XjTwbZQ8720FiBWCFlHULHRqogVDncMG:i6xQpKSJ2lWhuJLzngfQgax8HR/gZ0
MD5: 40D1AF88C248598FB555505C975698BE
SHA1: EED5B36F4C5A966760E6863843A770CEE5A6B90F
SHA-256: E95A342F7A1F74B84675401D23453D0A591A81861E79EA6662334D8F5B419C4F
Copyright null 2021 Page 26 of 66
SHA-512: 11CFE694F1B015EC9097FFFF67C06315EC8CF46DE6111B1D720FB3C96056D2B6FADABE481AF548554474263B800B0AD3E09A4CF1D74EE4F34470D246CA92399C
Malicious: false
IE Cache URL: https://www.mozilla.org/media/protocol/img/logos/mozilla/black.40d1af88c248.svg
Preview:<svg width="112" height="32" xmlns="http://www.w3.org/2000/svg" style="background:#000"><path d="M30.954 22.564h1.86v3.09h-5.826v-7.975c0-2.458-.806-3.404-2.386-3.404-1.922 0-2.696 1.387-2.696 3.373v4.948h1.859v3.089h-5.857v-8.006c0-2.458-.806-3.404-2.386-3.404-1.921 0-2.696 1.387-2.696 3.373v4.948h2.665v3.089H7v-3.089h1.86V14.56H7v-3.09h5.857v2.144c.837-1.513 2.293-2.427 4.245-2.427 2.015 0 3.874.977 4.556 3.058.774-1.892 2.355-3.058 4.555-3.058 2.51 0 4.803 1.545 4.803 4.917v6.461h-.062zm11.001.284c-2.169 0-3.285-1.891-3.285-4.35 0-2.679 1.27-4.223 3.316-4.223 1.89 0 3.409 1.292 3.409 4.16 0 2.743-1.364 4.413-3.44 4.413zm.093-11.662c-5.02 0-7.5 3.436-7.5 7.596 0 4.539 2.976 7.218 7.283 7.218 4.463 0 7.685-2.868 7.685-7.407 0-3.971-2.448-7.407-7.468-7.407zm19.988 9.204l3.16.315-.867 4.98H52.15l-.402-2.143 7.684-8.983h-4.369l-.62 2.206-2.881-.315.495-4.98h12.241l.31 2.143-7.747 8.983h4.524l.65-2.206zm6.105 5.295h4.183v-5.106h-4.183v5.106zm0-9.11h4.183V11.47h-4.183v5.106zM84.874 4l-6.04
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\black.40d1af88c248[1].svg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\icon-fpn-beta.9e7bc3a29f6e[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 2577
Entropy (8bit): 5.033660474488909
Encrypted: false
SSDEEP: 48:nnSHJmeWHpW+zAnsnN4HJGWNQNuFMgQtohHpB6eexCTAWwP7:nSm48Osah6lTohJn7TAWwD
MD5: 9E7BC3A29F6E384D28FE7600252D8D23
SHA1: E768BBAE73B4F0B75D8221CBE4FCF5E87F6E1E0F
SHA-256: F27170723143E0A5310F65C230B259D20655E110DA18C1F02694B5AAFE6B2AB7
SHA-512: 1B8465845C9F27D39B96A95DB1FA446EFB609904BD6581DD5801B16DB488454F3FE45EB66DA2BDA43A9B9B9E2A44CEF767C9691D330D4B2683490CFC1D26955E
Malicious: false
IE Cache URL: https://www.mozilla.org/media/img/nav/icons/icon-fpn-beta.9e7bc3a29f6e.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" viewBox="0 0 32 32">. <path fill="#008787" d="M28.7 20.6H15.6c-.4 0-.7.3-.7.7v2.1c0 3.1 2.5 5.6 5.6 5.6h7.2c2.3 0 4.2-1.9 4.2-4.2V23c0-1.1-1-2.4-3.2-2.4z"></path>. <linearGradient id="a" x1="26.9067" x2="24.0047" y1="6.7601" y2="9.5076" gradientTransform="matrix(1 0 0 -1 0 34)" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#054096" stop-opacity=".5"></stop>. <stop offset=".09995" stop-color="#173ba1" stop-opacity=".442"></stop>. <stop offset=".2949" stop-color="#3434b3" stop-opacity=".329"></stop>. <stop offset=".4888" stop-color="#482ec1" stop-opacity=".217"></stop>. <stop offset=".6797" stop-color="#552bc8" stop-opacity=".107"></stop>. <stop offset=".864" stop-color="#592acb" stop-opacity="0"></stop>. </linearGradient>. <path fill="url(#a)" d="M28.7 20.6H15.6c-.4 0-.7.3-.7.7v2.1c0 3.1 2.5 5.6 5.6 5.6h7.2c2.3 0 4.2-1.9 4.2-4.2V23c0-1.1-1-2.4-3.2-2.4z" opacity=".9"></path>. <linearGrad
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\icon-privacy-promise.eee1662acb03[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 3991
Entropy (8bit): 4.986519310279732
Encrypted: false
SSDEEP: 48:n5HJH0GHQKHjFfz39oWyfANXRZiHJ2fw74S/6eKqd/OMHJsZ2iV++pVMSqd/OVHF:5DQKJZPEMWuaISROMH5ROVQk
MD5: EEE1662ACB03543A9A24B25903FCF8E9
SHA1: 46F6E2300D4FEAD760620F55A25AEB1E7AC0382E
SHA-256: 0E3E64B31E3CF5018358042F8AAFEE2F4351970BFFBD6F03E48747BCB6AEFABE
SHA-512: DA7C1D9C2642CDF4678F993BE3ACA9728714A3D31561C99FD0161A6C69068404161883BAFDF2DF3B24325876A23708D09DF9B669167EF52999CAE1D4AC3C99C5
Malicious: false
IE Cache URL: https://www.mozilla.org/media/img/nav/icons/icon-privacy-promise.eee1662acb03.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" viewBox="0 0 32 32">. <linearGradient id="a" x1="20.5504" x2="20.5504" y1="6.4937" y2="30" gradientTransform="matrix(1 0 0 -1 0 34)" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#3a8ee6"></stop>. <stop offset=".2359" stop-color="#5c79f0"></stop>. <stop offset=".6293" stop-color="#9059ff"></stop>. <stop offset="1" stop-color="#c139e6"></stop>. </linearGradient>. <path fill="url(#a)" d="M28.8 6.5C27.3 4.9 25.3 4 23.1 4H23c-2.2 0-4.2.8-5.7 2.3l-6.4 6.4c-.5.5-.8 1.2-.8 1.9s.3 1.4.8 1.9l1.2 1.2c.5.5 1.2.8 1.9.8s1.4-.3 1.9-.8l-3.1-3.1 6.4-6.4c1-1 2.3-1.5 3.7-1.5h.1c1.4 0 2.8.6 3.7 1.6 2 2.1 1.9 5.4-.2 7.5L17.4 25c-.8.8-2.1.8-2.8 0l1.5 1.5.2.2c.9.9 2.3.9 3.2.2l9-9.1c3.2-3.1 3.3-8.2.3-11.3z"></path>. <linearGradient id="b" x1="28.5539" x2="14.5874" y1="12.29" y2="12.29" gradientTransform="matrix(1 0 0 -1 0 34)" gradientUnits="userSpaceOnUse">. <stop offset=".136" stop-color="#6a2bea" stop-opacity
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\set_hsts[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with CRLF line terminators
Category: dropped
Size (bytes): 162
Entropy (8bit): 4.43530643106624
Encrypted: false
SSDEEP: 3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGu:q43tISl6kXiMIWSU6XlI5LP8IpfGu
MD5: 4F8E702CC244EC5D4DE32740C0ECBD97
SHA1: 3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF
SHA-256: 9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
SHA-512: 21047FEA5269FEE75A2A187AA09316519E35068CB2F2F76CFAF371E5224445E9D5C98497BD76FB9608D2B73E9DAC1A3F5BFADFDC4623C479D53ECF93D81D3C9F
Copyright null 2021 Page 27 of 66
Malicious: false
Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\set_hsts[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\site.ddf5d556ecf8[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 4915
Entropy (8bit): 5.439041642972666
Encrypted: false
SSDEEP: 96:EFjnH/MZUU2rD7hvFHYPf9XnXm5s06fabKPASNsufqyI0l3FqN8:IoUBf7J29nm5sGbEASNsHyIbN8
MD5: DDF5D556ECF822A8E790135943462EBB
SHA1: 46A5E280EC8229897422F81FE8E840AB4E63112B
SHA-256: 711BAF816DA9B69492A2994B8D31B463786B6250B305B46D2774A22CAEAF5275
SHA-512: 6E9D12045C9E39826FE1C21AB38355B20A2B4E6C2F8E47DC5AE7073EB92CE5663346DBE6E16914C941186284F2CA822B34457026FEF086063BB60CD8291DFBCD
Malicious: false
IE Cache URL: https://www.mozilla.org/media/js/BUNDLES/site.ddf5d556ecf8.js
Preview:!function(){"use strict";window.site={getPlatform:function(e,t){return t=t||navigator.platform,e=e||navigator.userAgent,-1!==t.indexOf("Win32")||-1!==t.indexOf("Win64")?"windows":/android/i.test(e)?"android":/linux/i.test(t)||/linux/i.test(e)?"linux":-1!==t.indexOf("MacPPC")?"other":-1!==t.indexOf("iPhone")||-1!==t.indexOf("iPad")||-1!==t.indexOf("iPod")||-1!==t.indexOf("MacIntel")&&"standalone"in navigator?"ios":-1===e.indexOf("Mac OS X")||/Mac OS X 10.[0-8]\D/.test(e)?"other":"osx"},getPlatformVersion:function(e){var t=(e=e||navigator.userAgent).match(/Windows NT (\d+\.\d+)/)||e.match(/Mac OS X (\d+[._]\d+)/)||e.match(/Android (\d+\.\d+)/);return t?t[1].replace("_","."):undefined},getArchType:function(e,t){var i;return t=""===t?"":t||navigator.platform,e=e||navigator.userAgent,(i=/armv\d+/i).test(t)||i.test(e)?RegExp.lastMatch.toLowerCase():/aarch64/.test(t)?"armv8":"x86"},getArchSize:function(e,t){t=""===t?"":t||navigator.platform,e=e||navigator.userAgent;var i=/x64|x86_64|Win64|WOW
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\black.180e8cf7ea9e[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 1637
Entropy (8bit): 4.061688919431878
Encrypted: false
SSDEEP: 48:rnawk9VKZlCHK3lm2UNU52/mQIowSCmSZ5ZB+fP1:mJ9qyKFcRDWnZMH1
MD5: 180E8CF7EA9E0A381B7B2C44E13FBE68
SHA1: C99CD61B0EC2161117F2EF4C14AABD2CC2204502
SHA-256: 2D7263960C6067A8EDE4F1FF8F0D85D33A51C04080C96BD2BD4731DAEA814F4C
SHA-512: 6C8B3729E019B1ECA6C85C5CC3F9A8F287BF3A15972DDA5580100F71FE3BC9133FD73B994ED817B91E90DD29CDC157FD76CF2DDD86A3CCDCBA36CC8BBA3E06D8
Malicious: false
IE Cache URL: https://www.mozilla.org/media/protocol/img/icons/social/instagram/black.180e8cf7ea9e.svg
Preview:<svg width="16" height="16" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg"><path d="M7.997.005c2.172 0 2.445.01 3.298.048.851.039 1.432.174 1.941.372a3.92 3.92 0 0 1 1.417.922c.444.445.718.891.922 1.417.198.509.333 1.09.372 1.941.039.853.048 1.126.048 3.298s-.01 2.444-.048 3.297c-.039.851-.174 1.432-.372 1.941a3.92 3.92 0 0 1-.922 1.417 3.92 3.92 0 0 1-1.417.922c-.509.198-1.09.333-1.941.372-.853.039-1.126.048-3.298.048s-2.444-.01-3.297-.048c-.851-.039-1.432-.174-1.941-.372a3.92 3.92 0 0 1-1.417-.922A3.92 3.92 0 0 1 .42 13.24c-.198-.509-.333-1.09-.372-1.941C.01 10.447 0 10.175 0 8.003s.01-2.445.048-3.298c.039-.851.174-1.432.372-1.941a3.92 3.92 0 0 1 .922-1.417A3.92 3.92 0 0 1 2.76.425C3.268.227 3.849.092 4.7.053 5.553.014 5.825.005 7.997.005zm0 1.441c-2.135 0-2.388.008-3.231.047-.78.035-1.203.166-1.485.275-.374.145-.64.318-.92.598-.28.28-.453.547-.598.92-.11.282-.24.705-.275 1.485-.039.843-.047 1.096-.047 3.232 0 2.135.008 2.388.047 3.231.035.78.165 1.203.275 1.485.145.374.318.6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\common.28871f85d686[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 122875
Entropy (8bit): 5.316355105533018
Encrypted: false
SSDEEP: 1536:62g7Eie6O3FgdYXVZxCtVaNQvXC6dsweT1ugAg5Ec8FCvyV6BbMNnQQCMfdXxWJv:TgeT1wj6rBQNnNXxWRZ7TPF0tpbK
MD5: 28871F85D68643169795BE8CF5F09FB5
SHA1: 1ED8989233A53CA95F54B89B5B94BDA25A35C11D
SHA-256: F5E44245ADE0AF2C033E2B2332AF6D33879CA245CA626B2EEB21FF8B7F3F05EF
SHA-512: CDD4028599A74052C36128D9D662E03131E19ED07AA9421D67FBC36978ABFB82466507EEE50873AD9D5EB6DB343380D8B5A5D0D3E7263EE2E91C9679EA5B968B
Malicious: false
IE Cache URL: https://www.mozilla.org/media/js/BUNDLES/common.28871f85d686.js
Copyright null 2021 Page 28 of 66
Preview:if(function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(S,e){"use strict";function m(e){return null!=e&&e===e.window}var t=[],i=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,o=t.indexOf,n={},r=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},x=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},k=S.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var i,o,r=(n=n||k).createElement("script");if(r.text=e,t)for(i in c)(o=t[i]||t.getAttribute&&t.getAttribute(i))&&r.setAttribute(i,o);n.head.appendChild(r).parentNode.removeChild(r)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[r.call(e)]||"object":typeof e}var f="3.5.1"
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\common.28871f85d686[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\favicon-196x196.59e3822720be[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 196 x 196, 8-bit colormap, non-interlaced
Category: downloaded
Size (bytes): 8050
Entropy (8bit): 7.907796996416949
Encrypted: false
SSDEEP: 192:4YrZU6AhtZF+g9uEg64W8ACAvQ1aO+ZDLPZNa+00:jkGgu+8yvXOePRY/0
MD5: 59E3822720BEDCC45CA5E6E6D3220EA9
SHA1: 8DAF0EB5833154557561C419B5E44BBC6DCC70EE
SHA-256: 1D58E7AF9C848AE3AE30C795A16732D6EBC72D216A8E63078CF4EFDE4BEB3805
SHA-512: 5BACB3BE51244E724295E58314392A8111E9CAB064C59F477B37B50D9B2A2EA5F4277700D493E031E60311EF0157BBD1EB2008D88EA22D880E5612CFD085DA6D
Malicious: false
IE Cache URL: https://www.mozilla.org/media/img/favicons/firefox/browser/favicon-196x196.59e3822720be.png
Preview:.PNG........IHDR..............x~Y....PLTE.....?..>..~.N\..C..w..q..q..r..9..o..r..E..E.z9..E..D..H..r..{..q.}8..H..r..G.=...E..q.."..C..G..E..8..H.....7.TK..1.,`..8..;..E.9..i..Z5.]C..8.=.._V..9.~R..E.;...7.M..;.A..C?.J;.=B.O8..J..B..F..l.5G.T6..gY9..2L..>.\0.8E..E.;..b-.0Q..F..q..9.i(.....;....W3.9...6..b..[........3..H..........p$../.......B...+..#.....).E...I.v"..H.>...J.._..:..:..:..A.~6.Y...HmZ.6...9t\.hW...A..9..6.x4ZA...&^P...6|[.bT.ZK...J..B..L..2.j6..6....U..H...K..5Y<..W..Q.`5...2..C.b8..2.L...MlK.}%...7.>..Z9.q8..3l0.YF...ceE..p2.{.|S...Ff2..*S..Oo9.t*...Q..P.M.D.3.e<...1.8...Q.e2sQ.'..2...i..o.D.<.s@.+..{S..Z.#X.M..sU.2..XX..\yD.B..<.|J./..D[.jV.5...e.,c.aX..J../....:`..%\7...:.,..5Z.O..r.+...)zC...T.UA.r..U.=.UL.e...Q.[.l?.....Uc..^.D..Q..Ns.~..-..h...ew.sb.e.-..H..?..7..,.h...:tRNS.....,....AAz.t]\E.^..(................}.J...w..M..3....IDATx...A.. ......n.+K....O5S..].....>.'.....[...BMc.pnB,7\l.Z!...)....(.0t.....b.>[.C.B...#...._...J...1-..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\gtm-snippet.9f9cf2026c5f[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 514
Entropy (8bit): 5.088023472781701
Encrypted: false
SSDEEP: 12:c65DRWyS/yr4tO8qN0S2bRRWGLKX+33vvVlh8Y6Vif:coRWyeUIOR0S0RRWG+u33XVT8Y9f
MD5: 9F9CF2026C5FCAD6AF9F12A2E861FFDA
SHA1: C93A6E6D6F5CB799700A0C3AFBF1966A0426AFB1
SHA-256: 5FF0C822CE892BAE85CA52C2616F7603787FFFD8C072A886A2607E0F630CE730
SHA-512: 305C776B1898EE46D7F249B316D8F601A3203AF610F362C9585C9913A08D3695CE79B4E78934390C6D25F051C86D6A0DB6F1574329F74835CACACC1D048C9633
Malicious: false
IE Cache URL: https://www.mozilla.org/media/js/BUNDLES/gtm-snippet.9f9cf2026c5f.js
Preview:!function(){"use strict";var e=document.getElementsByTagName("html")[0].getAttribute("data-gtm-container-id");"function"==typeof Mozilla.dntEnabled&&!Mozilla.dntEnabled()&&e&&function(e,t,n,a,o,g,m,r,i,l){for(e[a]=e[a]||[],e[a].push({"gtm.start":(new Date).getTime(),event:"gtm.js"}),m=t.getElementsByTagName(n)[0],i=o.length,l="//www.googletagmanager.com/gtm.js?id=@&l="+a;i--;)(g=t.createElement(n)).async=!0,g.src=l.replace("@",o[i]),m.parentNode.insertBefore(g,m)}(window,document,"script","dataLayer",[e])}();
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\logo-sm.0bc3e6ae9d32[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 64 x 64, 8-bit colormap, non-interlaced
Category: downloaded
Size (bytes): 2491
Entropy (8bit): 7.806829480704644
Encrypted: false
SSDEEP: 48:mXI83rIRArg7EHYgcwKopTauRTO/ikah7p/btfc3KV9H:mXlCE4pczRTUah7p/btE3m
MD5: 0BC3E6AE9D320DDECD3EC7B7E1DE8DAD
SHA1: 9E33E3CBD660C1AFDFB6467F4CD9AB47F3E94FC4
SHA-256: 8DE69D72F41FDEF11C8F8A5BC159A62C754523524B169F02003E9A8DAF3C18E2
SHA-512: 20A3A7E776279DD133C064E87F2535FB7C263A93173504760A5C009007E41BBCC8B871C545EA001893478B35358E9963BF51B04B29DF7C7FE428157C6B8322E6
Malicious: false
IE Cache URL: https://www.mozilla.org/media/protocol/img/logos/firefox/monitor/logo-sm.0bc3e6ae9d32.png
Preview:.PNG........IHDR...@[email protected]..*q.C...X.ZZ.Pe..\.W..8.J..K_..]..^..YFb.2...\.._pZ..<c..[.;f.;l.8..[X..[..Y.<..<d.+m.N].pY.^Y..|.%s.uY.:d."x..\..\.8j..Z.LZ.....\.E...].M..5...Y..{.6.. z..[.S\.#y.K_.zY..~.J_.=.A.H...\..]..].F`.bY.S[.4...Z.V..R..M...[..].....Z..d.3.F.;...j.R\.dY.I_..{.R\.bY.;d.kX.6..L\..\.}Y..d.(s..Y.6.. z.*s.x..#v.$u..c..[[email protected]..\.>\..d..Z..Y..^..Z..\..[.:...Z..Zb]...a...{Y.5...Z.a..9.1.Cc..KO[^...Z.4..._Cb.1.. {..^Z^..oTAe.zY..4.6...{.5.4.Ec..._.._.8...\.;.ja..0...a..^..].6.T..k..;...\..^..[.}.d.."w.3...{..~..\.N].E`..\.R\..[..].UZ.8..I_.vY.ZY..]..\.Bb.K^..[..[..Z..Y..Y.<..=c..]..Z..Y.|Y.lY.^Y.R..A..+l..b..Z.qY.gY.cY..a.'r..c..`..^..Z..Z.4..9d.U..O..L..J.F..2g9d.2.4.1.Q`.1.d\.[^.4.,e.7.~W..2..QQ.JLyY.Gd.B..t.Xn.]..[..>I.o4.....tRNS............AA....-....,...............oL7"..............LLI7-..............................~hfed_><8......................|lgMKK.................}qfdd[URA1..............USA!.da...
Copyright null 2021 Page 29 of 66
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\logo-sm.d3157a6ac671[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 64 x 64, 8-bit colormap, non-interlaced
Category: downloaded
Size (bytes): 2949
Entropy (8bit): 7.901955484552058
Encrypted: false
SSDEEP: 48:Ekq0oI65bnP3/1MOxag8aVp1A5rI9WQXsUE4DeqxmNGxnPyhoXif/0CRxy7yRlWl:UI65bLwg8CAJIPXPE4aqxmOfXm/7emWl
MD5: D3157A6AC671F6DBE4926EB27308B70B
SHA1: 8E08E23BDB4438BD166A9F2CE089C234F8112FCF
SHA-256: 6DCDF08A7F5FF08A37E3BED32F1B884524AB10081CBA1E3E733EBDFFA71239BE
SHA-512: 3FE0967F5EA3D1888A25D4A26166A2B514B9BA9CE6FC54CF594F31CF7FA02EF938A9D0C2CBC922E523D87632735E4E332D2C80345B5AA4354942C798AC82CDF9
Malicious: false
IE Cache URL: https://www.mozilla.org/media/protocol/img/logos/firefox/browser/developer/logo-sm.d3157a6ac671.png
Preview:.PNG........IHDR...@[email protected].....(.3g.1_v.....Z..d.....v..s....(.t..\..[.T..%...}....i..<..........[...a.Q..t..n...K..=..^..W..j..\..]..u.R.......g....D..&...n.b......[.......a..,.......7..{...W.<...H.:........}..M....."..m..8....w.....r......Z.Z...y..i.T.....{..!...W.P...|....2..u...p....D............y.....}....................v.#$t]...R..&........W.....Y..T..V.?..@..@......\.......58.+%..#pU..K..@[email protected]..?...t.6*.?..4(.$%y?..?...............q..W.(..v..?...Z.%'[email protected]..?.....+..'J.._../.k.."............e..W.'C.83.7/.D..>..W..7..1..3......z..X..P..>..+|.)va........2.....#...[..k..M.!K.#+.j..\..1..(..+..N...........$R..^..G.'7..2.."l/..............!..+.....,..!...j..`..N.+;..7.H..E..3.....*G..E.#A.t..Q..j..!H..m....c..d......|.5w..y.Q..&[.:m.&4....C..4?.'c.7:._.....-..Rf.FP...R....ZtRNS.........)....W..+....?....`:,.....r][email protected]=........vo........P.UP....IDATX..[hRq...L./.t%.K.j[.m."../t...H..T.....B...,k..[...5...s.+m....e..X....oc."
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\logo-word-hor-sm.7e3be091dc25[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 347 x 64, 8-bit colormap, non-interlaced
Category: downloaded
Size (bytes): 6056
Entropy (8bit): 7.93402909596781
Encrypted: false
SSDEEP: 96:k+4UEJ/BE1ZN2a6i4FkLJm7zxIL0seWCJSXvSuqhIxrVTN9P5M7wndLs53rVfEvy:l4UEVOp2a65KtmiLLCcRqSxx7BEasUvy
MD5: 7E3BE091DC25C8C623363AF683E9B7C1
SHA1: 553BD693564AD6E45E9A820A2024C5F0DCFD88F8
SHA-256: 5CF15E5CE8EB41FEF0DFE02548C885DEB339738BF565C7758574100559856D2C
SHA-512: 78B9BD02687D0594C2325F1F7B344715C6B3992AE8F999CC0C146D4313E0045D9BFEA50F688CB7DB2A56BE20EEF9E3404DD9CDC083A4AE1585DB6E6C00A427B6
Malicious: false
IE Cache URL: https://www.mozilla.org/media/protocol/img/logos/firefox/browser/developer/logo-word-hor-sm.7e3be091dc25.png
Preview:.PNG........IHDR...[[email protected]$3....PLTE....#Y .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .:.E. .:.N. .: .:.M. .: .: .:.J. .: .:.V. .: .: .: .:.B..A. .:.I. .:.H..D. .:.F. .: .: .: .:.F. .: .: .: .:.J. .:.L..L..G. .:.H..B..N. .:.......N.... .:.H..M..B..C..C..C..G."...B..P. .:r......_..G..m.z...k.W...F..l...4...}.o...b..K..F.....q...:......v.z.........s.<...^....6...L.N...@.!...a....,..K..H..........h...u.W..1...w....)......\.... .:.............A...........S..{........x..V..X.....}...........M.?...H.>[email protected].#%[email protected].,&.%&|[email protected].?...K....b..K..\.....0..@..&N.5+.l..9...d..\.....^.$E. $rU..-..=..R..1..0'.h..M.....56.)2.3*.2..&...O..?..3."-._..i.........q..j..Y.4=..G.71..z.'..w..&......P..+z...N............#o$.....-...r..q.].....)H.83.6c.(8.......q..]...$mb........)K.,v."U.*x.+..D..Qi..6.h....tRNS......;....~.....+Z.....$|1.H.....v.|.O8.p."..qA._S...d.dMl..7....i.qq.]C...W....]..kB.......ne?..tVA...][email protected].,...R..(.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\pocket.f21f7a5dedba[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 426
Entropy (8bit): 4.650869241250668
Encrypted: false
SSDEEP: 12:trwdnlKIT6ZO54tvx5WQPV/rZtHSoEep/ceL/rkKWAion:tYY6OO4leQ13HSoDRcqdXiC
MD5: F21F7A5DEDBA662641EA771D23702F5C
SHA1: 35499458E44B95E610C8960BE24FFAAE05C9D0F0
SHA-256: D1B8F4345A5F07AA6BCBE615C9A2D2BF6AE09E851C0B7A7BC32421DD6A7F3E8D
SHA-512: 4E586EFCA3E4888902B9109CC8305471022D771BF3CAFA38AE8F6CC153C981B7C102115550BA9FCF6E606D94880A0F0278273221C5887B2B0D3F1F2B072B0C1D
Malicious: false
IE Cache URL: https://www.mozilla.org/media/protocol/img/logos/pocket/pocket.f21f7a5dedba.svg
Preview:<svg width="24" height="22" xmlns="http://www.w3.org/2000/svg"><path d="M12 21.5c-6.627 0-12-5.373-12-12v-6a3 3 0 0 1 3-3h18a3 3 0 0 1 3 3v6c0 6.627-5.373 12-12 12zm5.977-15.048a1.485 1.485 0 0 0-1.087.479l-4.923 4.924-4.835-4.851A1.476 1.476 0 0 0 6 6.452a1.5 1.5 0 0 0-1.071 2.55l-.024.016 4.94 4.96 1.06 1.06a1.5 1.5 0 0 0 2.121 0l1.06-1.06 4.964-4.96a1.5 1.5 0 0 0-1.073-2.566z" fill="#FF4056" fill-rule="nonzero"/></svg>.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\stub-attribution.8015cb233077[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 3297
Entropy (8bit): 5.212335302968477
Encrypted: false
Copyright null 2021 Page 30 of 66
SSDEEP: 96:afT7BkqimbGepZGK8lXlTV0ntyuRLzKJVc:IeqtZGZlXl6y6J
MD5: 8015CB233077A05D739C64838A812B33
SHA1: 17D18397F76F1A4CFB08D0B88E2256B9834C6295
SHA-256: 0DB788ABE3928AB10F5823EDE6FF9FA6076A851FC47E24BAF522D1FB54B2EEF2
SHA-512: 832C36097D63CDB47945DB6F10366EEDFA3E15B9BDEB9863EF3C8A5E21894FFEE86CC1A1C4F3130008E77AF6482C71FEC3DB3ED5FB2332A7B38D2B343A92BB1E
Malicious: false
IE Cache URL: https://www.mozilla.org/media/js/BUNDLES/stub-attribution.8015cb233077.js
Preview:"undefined"==typeof window.Mozilla&&(window.Mozilla={}),function(){"use strict";var u={COOKIE_CODE_ID:"moz-stub-attribution-code",COOKIE_SIGNATURE_ID:"moz-stub-attribution-sig"};u.experimentName,u.experimentVariation,u.withinAttributionRate=function(){return Math.random()<u.getAttributionRate()},u.getAttributionRate=function(){var t=$("html").attr("data-stub-attribution-rate");return isNaN(t)?0:Math.min(Math.max(parseFloat(t),0),1)},u.hasCookie=function(){return Mozilla.Cookies.hasItem(u.COOKIE_CODE_ID)&&Mozilla.Cookies.hasItem(u.COOKIE_SIGNATURE_ID)},u.setCookie=function(t){if(t.attribution_code&&t.attribution_sig){var e=new Date;e.setTime(e.getTime()+864e5);var i=e.toUTCString();Mozilla.Cookies.setItem(u.COOKIE_CODE_ID,t.attribution_code,i,"/"),Mozilla.Cookies.setItem(u.COOKIE_SIGNATURE_ID,t.attribution_sig,i,"/")}},u.getCookie=function(){return{attribution_code:Mozilla.Cookies.getItem(u.COOKIE_CODE_ID),attribution_sig:Mozilla.Cookies.getItem(u.COOKIE_SIGNATURE_ID)}},u.updateBouncerL
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\stub-attribution.8015cb233077[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Inter-Bold.2767206dcd8d[1].woff
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 128008, version 0.0
Category: downloaded
Size (bytes): 128008
Entropy (8bit): 7.992898440141803
Encrypted: true
SSDEEP: 3072:HkBSrKM/GaqdnWU5bCai8smfuWCYMAaldZgVwtTcw:EBSd/G3Wc/HMjguD
MD5: 2767206DCD8DAAD63C6A24A5940DF79E
SHA1: 6A3A6EDB7CA2D8B8E1542746884C8A34C12B9F07
SHA-256: CD06B48A60088DF701245B307DD894310B007981E5E5788FC8A3596078D86F76
SHA-512: 60486299BEFE6BEC30D05941D45EBBD619C254F254B0FE28622746984B17BAAB8521B46D83D3990CAB6C72C410F885C0853CC750752E83830A94429DE26D144E
Malicious: false
IE Cache URL: https://www.mozilla.org/media/fonts/Inter-Bold.2767206dcd8d.woff
Preview:wOFF........................................GDEF...0.........'..GPOS......9....v..zeGSUB..<.......3.Fq-.OS/2..V....V...`#.q0cmap..WD..*B..n.....glyf......'........head...<...4...6.3..hhea...p... ...$....hmtx..........%....Ploca...h...p.....I.<maxp........... ....name.......;......d.post...0..%...d.i.Z.x.%..D.Q...s.=..W.o..J"@...^..I..L..`3S)d.*.b.e... .d+H...z..G.cc.".e_v.|.......N.K .nR.%..RyA*c..T>..gR.B*G..Tk..3..z..Vm.6m.vm.......9..e].5]...P...%<.c.h./..o.V.5..lv.uY.s}8.0.r.wy\p...p.`.....q..a....x....]..........{q......?.y..u..._.....~.......L}.g....5..;...E.......#..Z|l..dM.b-.e]..,.. ..8..,..<..*...[.._..........>...~..X.2V....xn...~.V..i.{..u....ex.#a.G.(.B._.7..........S.........w..d...)..t2..."~J*.&.x.\...R|..!f................8..D..0..Yx......U...33....v-X...$.... m.<..P.....%A......B.T.....(...J...7c.....'.....{..3..9....]..!....!a4j.....K...O.O.H!.?.e..M.L4.wu.p....J.s..A..J.5..M(."".....e..j.8...P...-#..*...u.r...3......Ds.>..ln.'.I?d
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Inter-BoldItalic.d4f1ac27c3c1[1].woff
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 134752, version 0.0
Category: downloaded
Size (bytes): 134752
Entropy (8bit): 7.993642698704655
Encrypted: true
SSDEEP: 3072:NkBSrKM/9BKDdX933WDtIyp4jfxBIjRfKK6Qhb+4Rs:qBSd/9BAt3mms6obK
MD5: D4F1AC27C3C139A63E07D23E4A05830D
SHA1: ACDD933E37A2A0E3672D4C55E77C12536A335884
SHA-256: BE307212058E1B6C0081B37F81097F62034C1EEC328DAC4BBCFBA3B24FF407EA
SHA-512: 1DFD001BE91960370E9C4AA84B0DE5DE2D460DD2675984F36636F826479A9097F85569011965AFB9AC46ADBCEFF7A509E5747C2C8632357FA739D0A70A6DE829
Malicious: false
IE Cache URL: https://www.mozilla.org/media/fonts/Inter-BoldItalic.d4f1ac27c3c1.woff
Preview:wOFF.......`................................GDEF...0.........'..GPOS......9....v..zeGSUB..<.......3.Fq-.OS/2..V....[...`#.p.cmap..WH..*B..n.....glyf......?.....w...head...d...4...6....hhea.......$...$.J..hmtx..........%....Aloca......w.....ON.maxp........... ....name...8...G....6Od.post.....%...d.i...x.%..D.Q...s.=..W.o..J"@...^..I..L..`3S)d.*.b.e... .d+H...z..G.cc.".e_v.|.......N.K .nR.%..RyA*c..T>..gR.B*G..Tk..3..z..Vm.6m.vm.......9..e].5]...P...%<.c.h./..o.V.5..lv.uY.s}8.0.r.wy\p...p.`.....q..a....x....]..........{q......?.y..u..._.....~.......L}.g....5..;...E.......#..Z|l..dM.b-.e]..,.. ..8..,..<..*...[.._..........>...~..X.2V....xn...~.V..i.{..u....ex.#a.G.(.B._.7..........S.........w..d...)..t2..."~J*.&.x.\...R|..!f................8..D..0..Yx......U...33....v-X...$.... m.<..P.....%A......B.T.....(...J...7c.....'.....{..3..9....]..!....!a4j.....K...O.O.H!.?.e..M.L4.wu.p....J.s..A..J.5..M(."".....e..j.8...P...-#..*...u.r...3......Ds.>..ln.'.I?d
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Inter-Italic.fb463a63312e[1].woff
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 128744, version 0.0
Category: downloaded
Size (bytes): 128744
Entropy (8bit): 7.991803796908608
Encrypted: true
SSDEEP: 3072:WV4M/KC4C3nBTUnCYdu3lTZNMFrCFeS2fUH0TIb:0/KTC3nZUCP3PNMF+0S3H0K
MD5: FB463A63312E849ABE41DDE33C65F447
Copyright null 2021 Page 31 of 66
SHA1: 45AFBD1F96661246C3BEC6F7EE52CF69C248BC5C
SHA-256: 331B438811C1BC469B9205E889CAB1B91DD67246D2688148131ABD2BB6FF6973
SHA-512: 3B2F39E40CDFA9148D3528E71CC23C6C3BAF3EB6A0793C86EE91712170C4E3BF8758A6947CFA6AD75540459C5202A71533515C8D346035EF4FA9CF62D276F930
Malicious: false
IE Cache URL: https://www.mozilla.org/media/fonts/Inter-Italic.fb463a63312e.woff
Preview:wOFF...............`........................GDEF...0.........'..GPOS......6.....nR.~GSUB..9.......3.Fq-.OS/2..S....[...`%.n.cmap..T<..*B..n.....glyf..~....K......=.head.......4...6....hhea.......$...$.u..hmtx...$......%.l=AAloca...4...w........maxp.......... ....name.......=....1.d9post......%...d.i...x.%..D.Q...s.=..W.o..J"@...^..I..L..`3S)d.*.b.e... .d+H...z..G.cc.".e_v.|.......N.K .nR.%..RyA*c..T>..gR.B*G..Tk..3..z..Vm.6m.vm.......9..e].5]...P...%<.c.h./..o.V.5..lv.uY.s}8.0.r.wy\p...p.`.....q..a....x....]..........{q......?.y..u..._.....~.......L}.g....5..;...E.......#..Z|l..dM.b-.e]..,.. ..8..,..<..*...[.._..........>...~..X.2V....xn...~.V..i.{..u....ex.#a.G.(.B._.7..........S.........w..d...)..t2..."~J*.&.x.\...R|..!f................8..D..0..Yx......U...33....]...Z... [email protected]"..(=u!..BU.g+J.e.JZ...R.T..h+zDJ*....v^.>w.......{...3.9....B.B...E'a4o.......!".....qB.^.-....iB.............]..L..{...P"L.1<P...~Z;.M2......2V;....z#s.....jm..{[3.T}......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Inter-Italic.fb463a63312e[1].woff
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Inter-Regular.1a7f90ff1f1e[1].woff
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 119692, version 0.0
Category: downloaded
Size (bytes): 119692
Entropy (8bit): 7.992112364546725
Encrypted: true
SSDEEP: 1536:iG0xjRyVTq1BbK/CqmPRQ84bhXL+G4hJhSSt5ePW5Xnn7AGeKFSfJItW6LvuFuNW:3V4M/RkG0rFn7beKFSWgAvNTXBFwB
MD5: 1A7F90FF1F1EC75ED4E588736C6A81B0
SHA1: 4AA855FF81ADD61992B3DBE23C7643DA6FF528FC
SHA-256: 764615D6C413495C77873FF78A401DA53D49EB0ABB8554495BCAB483CA1ED2E4
SHA-512: 542ACE63C0F9BCABDAD9029E1C516D123DBD91BFBE764CD9F430C493F601B76D55C0F9037A20EA0F1B12CAAFB04B6F1D70B85C948A502CAD7D73AAE347B08FCA
Malicious: false
IE Cache URL: https://www.mozilla.org/media/fonts/Inter-Regular.1a7f90ff1f1e.woff
Preview:wOFF.......................................GDEF...0.........'..GPOS......6.....nR.~GSUB..9.......3.Fq-.OS/2..S....V...`%.m.cmap..T8..*B..n.....glyf..~|........s..head...l...2...6....hhea....... ...$...chmtx.......&..%.n..bloca.......m.....(P.maxp...X....... [email protected]%f.post......%...d.i.ZEx.%..D.Q...s.=..W.o..J"@...^..I..L..`3S)d.*.b.e... .d+H...z..G.cc.".e_v.|.......N.K .nR.%..RyA*c..T>..gR.B*G..Tk..3..z..Vm.6m.vm.......9..e].5]...P...%<.c.h./..o.V.5..lv.uY.s}8.0.r.wy\p...p.`.....q..a....x....]..........{q......?.y..u..._.....~.......L}.g....5..;...E.......#..Z|l..dM.b-.e]..,.. ..8..,..<..*...[.._..........>...~..X.2V....xn...~.V..i.{..u....ex.#a.G.(.B._.7..........S.........w..d...)..t2..."~J*.&.x.\...R|..!f................8..D..0..Yx......U...33....]...Z... [email protected]"..(=u!..BU.g+J.e.JZ...R.T..h+zDJ*....v^.>w.......{...3.9....B.B...E'a4o.......!".....qB.^.-....iB.............]..L..{...P"L.1<P...~Z;.M2......2V;....z#s.....jm..{[3.T}......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\icon-common-voice.127fa3f5dcb0[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 4700
Entropy (8bit): 4.9721322351642705
Encrypted: false
SSDEEP: 96:CCu3sfgBn/Hx+SZp8RLQ+SZpXCupG29KDlRkG29Kb:7+/RFTNFTfGbDQGbb
MD5: 127FA3F5DCB0F737B14B9F29DAC4A2F4
SHA1: 1760C74EC1187EEA5436BBE492DFD2982A29F117
SHA-256: D7629546C07644EFC307CE7C3D39609916CF88964B68FD2C45437937B0545C84
SHA-512: CB8DB7ACC411B63B6AD32A84C2F2659A94DF5024958C6D763C99E142DB57632098FAD7F6BA88B5BF1A44BAAE109BBCE508B00551BFB4C3E881CBEE7E000DB7E4
Malicious: false
IE Cache URL: https://www.mozilla.org/media/img/nav/icons/icon-common-voice.127fa3f5dcb0.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32" width="32" height="32">. <linearGradient id="a" x1="2.8246" x2="29.3543" y1="10.6026" y2="22.6697" gradientTransform="matrix(1 0 0 -1 0 34)" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#3b8ac9"></stop>. <stop offset=".68" stop-color="#7661aa"></stop>. <stop offset="1" stop-color="#9451a0"></stop>. </linearGradient>. <path fill="url(#a)" d="M8.6 23.6c-.1.1-.5.8-1.1.8s-1-.8-1-.8l-3.1-7.3-.8 1.9c-.6 1.4-.6 2.9-.1 4.3l1 2.4c.4 1 1.7 2.8 4 2.8s3.6-1.7 4-2.7l1.9-4.4-1.7-4.1-3.1 7.1z"></path>. <radialGradient id="b" cx="-821.9417" cy="489.3766" r="1" gradientTransform="matrix(7.734 0 0 -7.734 6364.4019 3810.0491)" gradientUnits="userSpaceOnUse">. <stop offset=".51" stop-color="#5a4a9e" stop-opacity="0"></stop>. <stop offset=".58" stop-color="#53499c" stop-opacity=".06"></stop>. <stop offset=".71" stop-color="#3f4898" stop-opacity=".22"></stop>. <stop offset=".87" stop-color="#1d4591" stop-op
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\installer_help_redesign.cc7ff1710da6[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 11714
Entropy (8bit): 4.976497453652215
Encrypted: false
SSDEEP: 48:gtBBgecCNd5Dt5iFmb5e2b51W5tqG5xQR5Cmh5/BA+rKn0KffLrhNlAgGcUgXZkY:gHJ5jTRat/+Csvv6H2EWv3TTCmHy
MD5: CC7FF1710DA6F4ED30EACAC9787DC7C1
SHA1: 393EE0BFDEE5E6884FF205EA46AC03C95AB067CA
SHA-256: 4003C75DCEB9F35960D1A611161EB769728DFA0C6F23473C5D21B56CAD44031B
Copyright null 2021 Page 32 of 66
SHA-512: 6849AF23A36B3B9875A66243DEB0092B691747E75FB3BD51CC016E7A54EFAC1AE00BCDF13D4D55AB5726B640B165AA64D4A0259F7736EACE9BB31210805BB3AB
Malicious: false
IE Cache URL: https://www.mozilla.org/media/css/BUNDLES/installer_help_redesign.cc7ff1710da6.css
Preview:.mzp-c-hero{padding-bottom:24px;position:relative;text-align:center}.mzp-c-hero.mzp-t-product-beta .mzp-c-hero-title,.mzp-c-hero.mzp-t-product-developer .mzp-c-hero-title,.mzp-c-hero.mzp-t-product-firefox .mzp-c-hero-title,.mzp-c-hero.mzp-t-product-nightly .mzp-c-hero-title{-webkit-background-size:80px 80px;background-size:80px 80px;background-position:top center;background-repeat:no-repeat;padding:104px 0 0 0}.mzp-c-hero.mzp-t-dark,.mzp-t-dark .mzp-c-hero{background-color:#000;color:#fff}.mzp-c-hero.mzp-t-dark .mzp-c-hero-desc,.mzp-t-dark .mzp-c-hero .mzp-c-hero-desc{color:#e0e0e6}.mzp-c-hero-body{margin:0 auto;max-width:480px}.mzp-c-hero-title{font-size:48px;font-size:3rem;line-height:1;margin-bottom:16px}@media (min-width:768px){.mzp-c-hero-title{font-size:56px;font-size:3.5rem;line-height:1}}.mzp-t-product-firefox .mzp-c-hero-title{background-image:url("/media/protocol/img/logos/firefox/browser/logo-lg.3d9087ac44e8.png");background-size:80px 80px}@media only screen and (-webkit-min
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\installer_help_redesign.cc7ff1710da6[1].css
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\linkid[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 1569
Entropy (8bit): 5.369127779967127
Encrypted: false
SSDEEP: 48:Xpm6RFvCzWzAiWqSeTqn1PByqka1cUj54/vD978:5pfpy1Pkqka1cS52b978
MD5: 0CC3A63FE10060AF4A349E5DF666EEFE
SHA1: 3E8D3925B550345123F2CAB26568221FD4154F9C
SHA-256: 92FCA55833F48B4289AC8F1CEDD48752B580FCE4EC4B5D81670B8193D6E51B54
SHA-512: 5801C9DB98C4998480772CA5AD71F0E400C4756AE713AAB0358CA6593B3A3426499D6DEC81A768C861CBBCD8394DD8C6D647628A13F124FF3A1119F9B7793E8C
Malicious: false
IE Cache URL: https://www.google-analytics.com/plugins/ua/linkid.js
Preview:(function(){var e=window,h=document,k="replace";var m=function(a,c,d,b,g){c=encodeURIComponent(c)[k](/\(/g,"%28")[k](/\)/g,"%29");a=a+"="+c+"; path="+(d||"/")+"; ";g&&(a+="expires="+(new Date((new Date).getTime()+g)).toGMTString()+"; ");b&&"none"!=b&&(a+="domain="+b+";");b=h.cookie;h.cookie=a;return b!=h.cookie},p=function(a){var c=h.body;try{c.addEventListener?c.addEventListener("click",a,!1):c.attachEvent&&c.attachEvent("onclick",a)}catch(d){}};var q=function(a,c,d,b){this.get=function(){for(var b=void 0,c=[],d=h.cookie.split(";"),l=new RegExp("^\\s*"+a+"=\\s*(.*?)\\s*$"),f=0;f<d.length;f++){var n=d[f].match(l);n&&c.push(decodeURIComponent(n[1][k](/%28/g,"(")[k](/%29/g,")")))}for(d=0;d<c.length;d++)c[d]&&(b=c[d]);return b};this.set=function(g){return m(a,g,b,c,1E3*d)};this.remove=function(){return m(a,"",b,c,-100)}};var t=function(a,c){var d=void 0;if("function"==typeof a.get&&"function"==typeof a.set){var b=c||{},g=b.hasOwnProperty("cookieName")?b.cookieName:"_gali",r=b.hasOwnProper
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\logo-reality.6bcc5b8e7099[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 216 x 216, 8-bit colormap, non-interlaced
Category: downloaded
Size (bytes): 12069
Entropy (8bit): 7.949263911912639
Encrypted: false
SSDEEP: 192:5YQ3NdT4RH1pSNGAPHgMGi4H72DdBDTDiQrkRx4OchGkPx1Fa7pTbxgdeNX1TAQx:XNd62JPgZ72BkD4OMPz2pv0eNX1TAR/g
MD5: 6BCC5B8E7099829A85F50C01C605FAF8
SHA1: 8859515249A3058CD52DE2F35FCB12E8897564BE
SHA-256: D77EB62C8D795985A422F91F3773336E99CAD9B0575B31580679BA6C7AD2AD37
SHA-512: 5C87EA836EA9B6CF354F821653F6EBDE048F601602B25E882046484ECBE8AB5407135708EBE7D48864B4BCF73F53819BBE7A756DF1A941685498E588716D4471
Malicious: false
IE Cache URL: https://www.mozilla.org/media/img/logos/firefox/logo-reality.6bcc5b8e7099.png
Preview:.PNG........IHDR.....................PLTE...G.o1.}....;.....3..G..].22.....q.6V.D;..B.>[email protected]+....A..<F.A.y<6.....y.:`....?i.....7.9Q.E...d.?..A*..R....;<.A!..7.B6...8][email protected]..).6F.>(.Bs.>S.6U.:L.8i..q.."[email protected]....... *...D/.:?..............0....Y..E$'b....L...".......=.fEp.....H.-..>5.....Q.q2Q+.n.E.B>..K..97.h.5(.0.~......*/....'!........2?..N]....#...........,....Kg..&........t".)".,..#C.......b.j.U....1........Fuq-n{k..3-) .....st......./..dn....y.......qH.....K.Kl.5M.ld..........#.XN..F.P........At...N............E..L..W..r..g..a..L........B../..7..D..]........y..6..n........"........V..$.....v........}[email protected]?.B...C..N..R.8K....~.EA.>E.9B....8.>3.?6.:[..6.<c...3.5.....G.,...1@.\..UHQb..T..._..]*..\1T.n.=!lL..g?.}H.N),.......tRNS................................................................................................"...C6...M..2..j....'.U..w...iPl.....................a...sB.............ds...++ID
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\set_hsts[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Category: downloaded
Size (bytes): 42
Entropy (8bit): 3.0241026136709444
Encrypted: false
SSDEEP: 3:CUmExltxlNXE:JQ
MD5: B4682377DDFBE4E7DABFDDB2E543E842
SHA1: 328E472721A93345801ED5533240EAC2D1F8498C
SHA-256: 6D8BA81D1B60A18707722A1F2B62DAD48A6ACCED95A1933F49A68B5016620B93
SHA-512: 202612457D9042FE853DAAB3DDCC1F0F960C5FFDBE8462FA435713E4D1D85FF0C3F197DAF8DBA15BDA9F5266D7E1F9ECAEEE045CBC156A4892D2F931FE6FA1BB
Copyright null 2021 Page 33 of 66
Malicious: false
IE Cache URL: https://www.firefox.com/set_hsts.gif
Preview:GIF89a.............!.......,...........2.;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\set_hsts[1].gif
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\black.ac47c78a3a28[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 567
Entropy (8bit): 4.4463055245617795
Encrypted: false
SSDEEP: 12:trZvnlKIBN0ccSclrFfp8Srlgtgja7is4J1Qc+FJLuP4QyuBAio/:tVvnY+HfclrFfyAA4jeLZQyuBAiY
MD5: AC47C78A3A288B3DA148551DF8DDA3D1
SHA1: 15130B30AABA7708CBFD4F45ECF59C610253E887
SHA-256: 8B63960D7892DD7524EA5208CB1EE5F053C7A300A460BA919193B9D9BF07C43B
SHA-512: 54428662EDCF98B9278FC65B1790C7BF4EC6E116966D66B74FF780A5600119FAA52708667C6C1B89FC11C4007D0CDD15CB652E6758BC4E9ABF316064A0C7EA7D
Malicious: false
IE Cache URL: https://www.mozilla.org/media/protocol/img/icons/social/twitter/black.ac47c78a3a28.svg
Preview:<svg width="16" height="16" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg"><path d="M5.032 14.5c6.037 0 9.34-5.002 9.34-9.34 0-.142 0-.283-.01-.424A6.679 6.679 0 0 0 16 3.037c-.6.266-1.235.44-1.885.517a3.294 3.294 0 0 0 1.443-1.816 6.579 6.579 0 0 1-2.085.797A3.286 3.286 0 0 0 7.88 5.528 9.32 9.32 0 0 1 1.114 2.1 3.285 3.285 0 0 0 2.13 6.481 3.258 3.258 0 0 1 .64 6.07v.041A3.284 3.284 0 0 0 3.274 9.33c-.484.132-.99.151-1.483.056a3.286 3.286 0 0 0 3.067 2.28A6.587 6.587 0 0 1 0 13.025a9.294 9.294 0 0 0 5.032 1.472" fill="#000" fill-rule="nonzero"/></svg>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\gtm[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines
Category: downloaded
Size (bytes): 259868
Entropy (8bit): 5.374284950951471
Encrypted: false
SSDEEP: 3072:V4FQAB7D2jgXVsaL0rNGd6m1K/XFm/05a/gvg3uzGfaAW:V4FQAxD2jgXVsaL0I6mEPmg7zGfaD
MD5: 66B9F15C409FB09AD6C146FF238E6C0B
SHA1: F8CD2B7BCBB7728102AADCCF377F85B9F304E02F
SHA-256: E4C49656888D03FCF923375739703B9F758449A8A108C61052B530A00BFB5785
SHA-512: E6164635EFCF09312C2934B60BA66492BE2F91DAC8B2294AE441326D1E3B41FEE314D52B43DEE594EB7A838F0F250769DCEC9E0AA3FB0F0A29260FF4CAD4FD68
Malicious: false
IE Cache URL: https://www.googletagmanager.com/gtm.js?id=GTM-MW3R8V&l=dataLayer
Preview:.// Copyright 2012 Google Inc. All rights reserved..(function(w,g){w[g]=w[g]||{};w[g].e=function(s){return eval(s);};})(window,'google_tag_manager');(function(){..var data = {."resource": {. "version":"208",. . "macros":[{. "function":"__e". },{. "function":"__jsm",. "vtp_javascript":["template","(function(){function k(g,d,k){var b=g,c=b.split(\"?\");g=c[0];b=1\u003Cc.length?b.replace(g,\"\").substring(1):\"\";var a=b;b=a.split(\/[\u0026;]\/);c=[];var e=\"\";if(\"\"===a)d=\"\";else{for(a=0;a\u003Cb.length;a++){var h=b[a].split(\"\\x3d\"),l=h[0];h=h[1];include=!0;for(var m=0;m\u003Cd.length;m++){var f;(f=l.toLowerCase()===d[m].toLowerCase())||(f=\/(([^\u003C\u003E()\\[\\]\\\\.,;:\\s@\"]+(\\.[^\u003C\u003E()\\[\\]\\\\.,;:\\s@\"]+)*)|(\".+\"))@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}])|(([a-zA-Z\\-0-9]+\\.)+[a-zA-Z]{2,}))\/,f=f.test(l));f\u0026\u0026(include=!1)}include\u0026\u0026\nc.push({name:l,value:h,index:a})}if(1\u003Ec.length)d=e;else{for(a=0;a\u
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\icon-relay.aca61c9bb349[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 1777
Entropy (8bit): 4.579283019884369
Encrypted: false
SSDEEP: 48:n4FHJoUj9RQU2HAcj71YD7hk+phcdpZM96kyS:6B07TeD75EdTq
MD5: ACA61C9BB349D5089303E2E97184F570
SHA1: DF64AA4A238F0DC68D966C43B0E60F082E5197A1
SHA-256: C74AD6A800B101DFAA037145D6B10D1141D7CC7A4A348449EC49A1BDADB5C501
SHA-512: 4C3BAD522347442D51C38419D8EAB002531F61337722B4C79DDFED6E01C3C17726B36AE883C70698FCD36147DBCDDD25CA61419307F97DCAEDB2D8056CD504B9
Malicious: false
IE Cache URL: https://www.mozilla.org/media/img/nav/icons/icon-relay.aca61c9bb349.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" viewBox="0 0 32 32">. <style>.st1{fill:#20133a}</style>. <linearGradient id="a" x1="1.4286" x2="30.5714" y1="18.94" y2="18.94" gradientTransform="matrix(1 0 0 -1 0 34.94)" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9059ff"/>. <stop offset="1" stop-color="#f770ff"/>. </linearGradient>. <path fill="url(#a)" d="M29.2 7L17.4.4c-.8-.5-1.9-.5-2.7 0L2.8 7c-.8.5-1.4 1.4-1.4 2.4v13.2c0 1 .5 1.9 1.4 2.4l11.8 6.6c.8.5 1.9.5 2.7 0L29.2 25c.9-.5 1.4-1.4 1.4-2.4V9.4c0-1-.6-1.9-1.4-2.4z"/>. <path d="M7.8 19.5l-.8.4c-.5.3-.7 1-.4 1.5.3.5.9.7 1.5.4l.7-.4c.5-.3.7-1 .5-1.5-.3-.5-1-.7-1.5-.4z" class="st1"/>. <path d="M12.1 17l-1.4.8c-.5.3-.7 1-.4 1.5s1 .7 1.5.4l1.4-.8c.5-.3.7-1 .5-1.5-.3-.5-1-.7-1.6-.4z" class="st1"/>. <path d="M17.9 15c-.1-.2-.3-.4-.6-.5V6.1c0-.6-.5-1.1-1.1-1.1-.6 0-1.1.5-1.1 1.1v8.4c-.6.2-.9.8-.6 1.4-.2.6 0 1.2.6 1.4v8.4c0 .6.5 1.1 1.1 1.1.6 0 1.1-.5 1.1-1.1v-8.4c.6-.2.9-.8.7-1.4.1-.3.1-.6-.1
Copyright null 2021 Page 34 of 66
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\installer-help[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Category: downloaded
Size (bytes): 60913
Entropy (8bit): 4.98269574099255
Encrypted: false
SSDEEP: 384:xHk/w0o3ySd5hP1KmfgDNHDf5kKP9epVP8i3qrJIQrdxJvk5GDsRrpJL:lolSdrvI5iK8WJLesDYrpV
MD5: 17F35E0A7F54304AB5702FB6253B2F6C
SHA1: 848E1718254F2F086922E76DC7A913626402FD8C
SHA-256: AFE9A574DFE5FA6EE318BE8C11CA699ED6A74F5630DA2BC364E2EA42CD22EDB1
SHA-512: B15D98BBD242E518E0B6F75B9DCA30BD12DDC9640FB768E112DDB23CEAF95625B38E964D71837D3653796C2039FFE4870F0FCE09EE2FB9892847DDA493B01BEE
Malicious: false
IE Cache URL: https://www.mozilla.org/en-GB/firefox/installer-help/?channel=aurora&installer_lang=en-GB
Preview:.<!doctype html>..<html class="windows x86 no-js" lang="en-GB" dir="ltr" data-latest-firefox="85.0.2" data-esr-versions="78.7.1" data-gtm-container-id="GTM-MW3R8V" data-stub-attribution-rate="1.0" data-sentry-dsn="https://[email protected]/152">. <head>. <meta charset="utf-8">.. <script type="text/javascript" src="https://www.mozilla.org/media/js/BUNDLES/site.ddf5d556ecf8.js" charset="utf-8"></script>.. [if !IE]> >. . <![endif]-->.. . _.-~-.. 7'' Q..\. _7 (_. _7 _/ _q. /. _7 . ___ /VVvv-'_ .. 7/ / /~- \_\\ '-._ .-' / //. ./ ( /-~-/||'=.__ '::. '-~'' { ___ / // ./{. V V-~-~| || __''_ ':::. ''~-~.___.-'' _/ // / {_ / { /. VV/-~-~-|/ \ .'__'. '. ':: _ _ _ ''.. / /~~~~||VVV/ / \ ) \ _ __ ___ ___ ___(_) | | __ _ .
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\logo-sm.f2523d97cbe0[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 64 x 64, 8-bit colormap, non-interlaced
Category: downloaded
Size (bytes): 2832
Entropy (8bit): 7.797747765966445
Encrypted: false
SSDEEP: 48:OLooNRKEeWvv+4TdN5yXMAeoRJ6dGykjoB8phDq+0Pii4MwcpFmHmHcfU:2oE7Hf4XMAeof60t0B8phu+Q4Mwo32U
MD5: F2523D97CBE08B2763FE13D31B42EE29
SHA1: 058EDFA200BCE72DD0F1C9CEF36E20E720E31EAF
SHA-256: 134BACE3D304A22A8CCFE467D4DF111A8AC901FBE423ADAFAED6F4630F290CD2
SHA-512: E3D61779EF22C59A980D238E99979CE6549370D9AF7CF6C329A81308C9AD81C9FB3203B9501EDDAA2B2E0640D9922338DB32D97566D4BDF198E8457BD6B9403E
Malicious: false
IE Cache URL: https://www.mozilla.org/media/protocol/img/logos/firefox/browser/logo-sm.f2523d97cbe0.png
Preview:.PNG........IHDR...@[email protected].]8..P..2..p..H../..A.\...G..I.'...Q..G..q..J..F..p..D.s9..q..B..J.>..!e.|?.=...I..r..G..E..r..G.8`..=..:....=F..E.~G..s..H..7.....D..K..D.;..S6..D..J.f,.:..Ab..<....tX..G..9..`.....%.0f.p%.h*.^1.R_.^.\\.;[email protected]:.6HY9..8E..B.T5..i..m.3L..b..D.X3.[1.9...J..F..L..D..H..H....;..1P.d,..".....f..?..:.`/......../..F..9..6....A.."Wo[...7..*.h*..&...z\.[J.e3../N..G..>..6.s$....D.dX.^R.ZC..*S..H..G..6.}6.t6.m'...i<...Z..<..<..6.f6.y .Q..[..<.Z=...K..A..6..4....~..W..I.,...L..?.m5..3....J.>.yR.6.lR.3.}(.q,...d..P..J..I..;..7.>...\..[.vU..I..C..B..<..4..1.H.A.yI.;.B...l.._.dW....S.0.rD...q.MchH..s...1.....).O..O.x;../....c.UZ.SH..E.R<..*.O..L..V..v..1_.V.DV.R.[.u=..H_.LV.UL.a.u....`q.}].R.p<..8.j..Y..hp.cW.)`).+...OtRNS.... .....D>.4...&...ea_T4&........L.....vnle........b........q......vbd.c....vIDATX..]HSa.....-d..c2Y...d.~.}HQ..Q7.nV...pcs.....fs.f#..b9\m.....F.][email protected].....=.s.P...<
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\menu.79f1f0c795df[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 436
Entropy (8bit): 4.81285634223051
Encrypted: false
SSDEEP: 6:tnrwNhy/i3mc4slE4easKMwmqZDdGodlwXq9/1Z0RIYVgrVyRI+JTgrVyRIt1kqe:trwNSi33eaxMwhsXqnj4grl9l7e
MD5: 79F1F0C795DF9775A6E940AA6B794A64
SHA1: 0834AFC9234DC2AEE26026CF61ECD29B4483966E
SHA-256: C08840807DBE9DBD399A2F176C5C377BB0F26A6762971DD6B25CA2C1129B5161
SHA-512: 6EE45C5E1DB62CB790D9259C40BB1934082388E2FB23049139877663AA02056401F48086EBE8898B2AFB71F9E920F598E71F76160146E37EABFA570E1EFBE121
Malicious: false
IE Cache URL: https://www.mozilla.org/media/protocol/img/icons/menu.79f1f0c795df.svg
Preview:<svg width="24px" height="24px" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">. <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd" stroke-linecap="round">. <g transform="translate(3.000000, 5.500000)" stroke="#000000" stroke-width="2">. <path d="M0,0.5 L18,0.5"></path>. <path d="M0,6.5 L18,6.5"></path>. <path d="M0,12.5 L18,12.5"></path>. </g>. </g>.</svg>.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\protocol-firefox.a75069e5fd6a[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 75990
Entropy (8bit): 5.151004148141113
Copyright null 2021 Page 35 of 66
Encrypted: false
SSDEEP: 768:v86IlnI+3/mB4DsgRQC1xJuF6Ldt6A5t6l/4Y/FWqv9GrF3lSXNBBiNps2Es68ws:vlVy
MD5: A75069E5FD6A9D669A90119ACB237C1C
SHA1: CB136B1758E2708F1AEA47F306AAD199B44BB455
SHA-256: 7DCF2681A48789AC7446C309645BE3A9AD2579B72CC7612805BC856E59EEEA6A
SHA-512: B50CEC5A605C29F7195D8494747CBE7BECB1B076E2B8EF1165CBF896A6513F881129CC9619CD734F49F1C4E6EE2E8AB27CEACA12DFDD10E3EC376FD58C575F8E
Malicious: false
IE Cache URL: https://www.mozilla.org/media/css/BUNDLES/protocol-firefox.a75069e5fd6a.css
Preview:@font-face{font-display:swap;font-family:Inter;font-style:normal;font-weight:400;src:url("/media/fonts/Inter-Regular.d55e957612a3.woff2") format("woff2"),url("/media/fonts/Inter-Regular.1a7f90ff1f1e.woff") format("woff")}@font-face{font-display:swap;font-family:Inter;font-style:normal;font-weight:700;src:url("/media/fonts/Inter-Bold.0564381b22b2.woff2") format("woff2"),url("/media/fonts/Inter-Bold.2767206dcd8d.woff") format("woff")}@font-face{font-display:swap;font-family:Inter;font-style:italic;font-weight:400;src:url("/media/fonts/Inter-Italic.d6a4e2b82a0b.woff2") format("woff2"),url("/media/fonts/Inter-Italic.fb463a63312e.woff") format("woff")}@font-face{font-display:swap;font-family:Inter;font-style:italic;font-weight:700;src:url("/media/fonts/Inter-BoldItalic.9d1b867e3416.woff2") format("woff2"),url("/media/fonts/Inter-BoldItalic.d4f1ac27c3c1.woff") format("woff")}@font-face{font-display:swap;font-family:Metropolis;font-style:normal;font-weight:400;src:url("/media/fonts/Metropolis
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\protocol-firefox.a75069e5fd6a[1].css
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\sentry.d4a49ae2b9e1[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 57718
Entropy (8bit): 5.222970930870903
Encrypted: false
SSDEEP: 768:b1OODWUvfUNFV7td6BdAj8vNiCOoghSUSgWU/DDf8jbs+KvLXuzpjOBf6vMm5gyD:b1OOq1NFV7td6PInCOnhDD/4pah6jSC
MD5: D4A49AE2B9E152D261A658571A169220
SHA1: 2D101D7C2EAF632EC1F37A68747CF2EBFAB3DBD5
SHA-256: 62071B7D1DACFB476E19B506E4FBAF0A6DDE9E2D3AAA2A10A2F38EB2C9D262CF
SHA-512: B2EE2DA176C534FABD9E2919AB6EBD8B1C6DFC397E262658F2271D3C38A75AEAD877760DD7F1EBD1C07F39E52D61A746E3CD30448842E9F24E02C6F24302AB70
Malicious: false
IE Cache URL: https://www.mozilla.org/media/js/BUNDLES/sentry.d4a49ae2b9e1.js
Preview:var Sentry=function(c){var r=function(t,e){return(r=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}||function(t,e){for(var n in e)e.hasOwnProperty(n)&&(t[n]=e[n])})(t,e)};function t(t,e){function n(){this.constructor=t}r(t,e),t.prototype=null===e?Object.create(e):(n.prototype=e.prototype,new n)}var e,n,o,i,a,s,l=function(){return(l=Object.assign||function(t){for(var e,n=1,r=arguments.length;n<r;n++)for(var o in e=arguments[n])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t}).apply(this,arguments)};function d(t,e){var n="function"==typeof Symbol&&t[Symbol.iterator];if(!n)return t;var r,o,i=n.call(t),a=[];try{for(;(void 0===e||0<e--)&&!(r=i.next()).done;)a.push(r.value)}catch(t){o={error:t}}finally{try{r&&!r.done&&(n=i["return"])&&n.call(i)}finally{if(o)throw o.error}}return a}function u(){for(var t=[],e=0;e<arguments.length;e++)t=t.concat(d(arguments[e]));return t}(s=e=e||{})[s.None=0]="None",s[s.Error=1]="Error",s[s.Debug=2]="Debug",s
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\stub_attribution_code[1].jsonProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: downloaded
Size (bytes): 267
Entropy (8bit): 5.554252011668252
Encrypted: false
SSDEEP: 6:YEt6GKaeV2vSI95Bj9GfBHthf+CthfMl0kq/bm4xt6WMbXRjSX9ULGVYTrLY:YpdzV2v795BxGfBHff+CffMOkqz7I6YY
MD5: A2DDC7A4C7075117BB8817F439BA0643
SHA1: 1A738B72C086A7E1B9C7DAA679AD2EE0751B58A1
SHA-256: E2F911A72FC480A4A874CDC19FA0942BFE255DB037A024A77B6A7E1B45087D00
SHA-512: 69E921EE7C119155860379219153FFC0DFB97AF306D6C7690224F88BBA0C557542BE598AA0118E1D6FD20A72A6E99F47DD6BCE85400538ADF7FD02C91F7F3A1D
Malicious: false
IE Cache URL: https://www.mozilla.org/en-US/firefox/stub_attribution_code/?referrer=&ua=ie
Preview:{"attribution_code": "c291cmNlPShub3Qgc2V0KSZtZWRpdW09KGRpcmVjdCkmY2FtcGFpZ249KG5vdCBzZXQpJmNvbnRlbnQ9KG5vdCBzZXQpJmV4cGVyaW1lbnQ9KG5vdCBzZXQpJnZhcmlhdGlvbj0obm90IHNldCkmdWE9aWU.", "attribution_sig": "b4fb923dca856d72021d64cf01a452f5a37c0d351d679d6ac5a0f49ab8b499f0"}
C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\postSigningDataProcess: C:\Users\user\Desktop\Firefox Installer.exe
File Type: ASCII text, with no line terminators
Category: dropped
Size (bytes): 200
Entropy (8bit): 4.1569193694206295
Encrypted: false
SSDEEP: 6:Bbmq6mHQCmo7INyTQGLPX7YcOAxi/KSmh:BiqxSyYUVx9Zh
MD5: 7CA48EFF90593D12EB05C84A8E577F0D
SHA1: 131D6527C1B2EADCFA8AD5368333723B89C56122
SHA-256: 4B7F06F1F7F727E656404B03D05D9BDBADABEE34E18BC3B7CE7201E32302E699
Copyright null 2021 Page 36 of 66
SHA-512: 42D960192BFF31A3F4EA7E5B05D8C9C2AA086B7C171E7760011DC9447AAEE4CF6967A40F0DDA313990DAE9E86F470796881F5EF0CC5FD6842E6EE8A7CE5433F2
Malicious: false
Preview:campaign%3D%2528not%2Bset%2529%26content%3D%2528not%2Bset%2529%26experiment%3D%2528not%2Bset%2529%26medium%3D%2528direct%2529%26source%3D%2528other%2529%26ua%3Dchrome%26variation%3D%2528not%2Bset%2529
C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\postSigningData
C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe
Process: C:\Users\user\Desktop\Firefox Installer.exe
File Type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category: dropped
Size (bytes): 464416
Entropy (8bit): 5.692007988869744
Encrypted: false
SSDEEP: 6144:cspNjlsxp+1HmP7ysKmKclmaFHOz3U6uW/ns1VId5d:ccufP7y8F3FHOzhuW/sTId
MD5: 34D82BBBC56EB436EDF3D77EBA96AD26
SHA1: 7C3A741641C0BF1725D69A574C18BBC7AE432944
SHA-256: 57791CE52BF222DAA250CE3903CB70FF45808CA4988729E3589BA9E2AA4D3552
SHA-512: E1E3E3FE7901A342074BD0D6E13C9E4F26F5324AB0E9015786BC26E37E878C502D46E1AD2EAF3173CAB9E03FDC4F70360B4906979110BFA25C280CFB4A702660
Malicious: true
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1..P...P...P..*_...P...P..OP..*_...P..s...P...V...P..Rich.P..........PE..L...?.MX.................f..........43............@.......................................@........................................................@................................................................................................text....d.......f.................. ..`.rdata...............j..............@[email protected]..............................@....ndata.......P...........................rsrc..............................@..@................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\CityHash.dll
Process: C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe
File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category: dropped
Size (bytes): 44544
Entropy (8bit): 5.300876438716054
Encrypted: false
SSDEEP: 768:cfXngOuwVTROMOZbPg9ao/wxsfJM3JuNUgo3:c/hPVTRBO9NJYMMno
MD5: 737379945745BB94F8A0DADCC18CAD8D
SHA1: 6A1F497B4DC007F5935B66EC83B00E5A394332C6
SHA-256: D3D7B3D7A7941D66C7F75257BE90B12AC76F787AF42CD58F019CE0280972598A
SHA-512: C4A43B3CA42483CBD117758791D4333DDF38FA45EB3377F7B71CE74EC6E4D8B5EF2BFBE48C249D4EAF57AB929F4301138E53C79E0FA4BE94DCBCD69C8046BC22
Malicious: false
Antivirus: Antivirus: Metadefender, Detection: 0%, BrowseAntivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:
Filename: Firefox Setup 78.5.0esr.msi, Detection: malicious, BrowseFilename: Firefox Setup 75.0.msi, Detection: malicious, BrowseFilename: , Detection: malicious, Browse
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./.J.k.$.k.$.k.$..*.}.$.]...$.$...7.h.$.k.%.#.$.]./.h.$... .j.$.Richk.$.................PE..L...0..P...........!.....b...^..........................................................................................M.......(...............................H....................................................................................text...Ba.......b.................. ..`.rdata...............f..............@[email protected][email protected][email protected]........................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\InetBgDL.dll
Process: C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe
File Type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category: dropped
Size (bytes): 7168
Entropy (8bit): 4.816731548265959
Encrypted: false
SSDEEP: 96:3hJKbkw41fc4wpaTm/lXd/dyEoPqBP3z9YQGbnL8QkQt0AxIh+47m1Ss7:6bpWk1aTmKiB3lQxIsy
MD5: D4F7B4F9C296308E03A55CB0896A92FC
SHA1: 63065BED300926A5B39EABF6EFDF9296ED46E0CC
SHA-256: 6B553F94AC133D8E70FAC0FCAA01217FAE24F85D134D3964C1BEEA278191CF83
SHA-512: D4ACC719AE29C53845CCF4778E1D7ED67F30358AF30545FC744FACDB9F4E3B05D8CB7DC5E72C93895259E9882471C056395AB2E6F238310841B767D6ACBCD6C1
Malicious: false
Antivirus: Antivirus: Metadefender, Detection: 3%, BrowseAntivirus: ReversingLabs, Detection: 0%
Copyright null 2021 Page 37 of 66
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)tBQH..QH..QH..4...VH..QH..NH..g$..PH..g$..PH..g$..PH..g$..PH..RichQH..................PE..L...,3.\...........!................"........ ...............................`............@.........................@#[email protected]..|... #............................................... ...............................text...F........................... ..`.rdata....... ......................@[email protected][email protected]........@......................@[email protected]..|[email protected]................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\InetBgDL.dll
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\System.dll
Process: C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe
File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category: dropped
Size (bytes): 11776
Entropy (8bit): 5.656065698421856
Encrypted: false
SSDEEP: 192:eY24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol+Sl:E8QIl975eXqlWBrz7YLOl+
MD5: 17ED1C86BD67E78ADE4712BE48A7D2BD
SHA1: 1CC9FE86D6D6030B4DAE45ECDDCE5907991C01A0
SHA-256: BD046E6497B304E4EA4AB102CAB2B1F94CE09BDE0EEBBA4C59942A732679E4EB
SHA-512: 0CBED521E7D6D1F85977B3F7D3CA7AC34E1B5495B69FD8C7BFA1A846BAF53B0ECD06FE1AD02A3599082FFACAF8C71A3BB4E32DEC05F8E24859D736B828092CD5
Malicious: false
Antivirus: Antivirus: Metadefender, Detection: 3%, BrowseAntivirus: ReversingLabs, Detection: 2%
Joe Sandbox View:
Filename: Firefox Setup 78.5.0esr.msi, Detection: malicious, BrowseFilename: FileZilla_3.42.1_win64_sponsored-setup.exe, Detection: malicious, BrowseFilename: Firefox Installer.exe, Detection: malicious, BrowseFilename: FileZilla_3.42.1_win64_sponsored-setup.exe, Detection: malicious, BrowseFilename: , Detection: malicious, BrowseFilename: FileZilla_3.41.1_win64-setup_bundled.exe, Detection: malicious, BrowseFilename: FileZilla_3.41.1_win64-setup_bundled.exe, Detection: malicious, BrowseFilename: Firefox Setup 75.0.msi, Detection: malicious, BrowseFilename: #U6ac3#U8cb7#U5b89#U63a7#U4e2d#U4ecb#U5143#U4ef6.exe, Detection: malicious, BrowseFilename: 7N9HRsNAb5.exe, Detection: malicious, BrowseFilename: Firefox Installer.exe, Detection: malicious, BrowseFilename: Firefox Installer.exe, Detection: malicious, BrowseFilename: FileZilla_3.34.0_win64-setup_bundled.exe, Detection: malicious, BrowseFilename: , Detection: malicious, BrowseFilename: FileZilla_3.33.0_win64-setup_bundled.exe, Detection: malicious, BrowseFilename: Firefox_Setup_Stub_58.0.exe, Detection: malicious, BrowseFilename: O9wdkqzdPF.exe, Detection: malicious, BrowseFilename: btweb_installer(1).exe, Detection: malicious, BrowseFilename: FileZilla_3.42.1_win64_sponsored-setup.exe, Detection: malicious, BrowseFilename: FileZilla_3.42.1_win64_sponsored-setup.exe, Detection: malicious, Browse
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L.....MX...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@[email protected]....@.......([email protected].......*[email protected]................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UAC.dll
Process: C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe
File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category: dropped
Size (bytes): 18432
Entropy (8bit): 5.858723390475489
Encrypted: false
SSDEEP: 192:5cdcpry0igQ1Ii1rzn6U4gbfW6irWP+vOg7XRSEi+OPLjte86jugnincl0Nr90Og:WqVibvTh4qnFP+OPEzinclP+
MD5: 113C5F02686D865BC9E8332350274FD1
SHA1: 4FA4414666F8091E327ADB4D81A98A0D6E2E254A
SHA-256: 0D21041A1B5CD9F9968FC1D457C78A802C9C5A23F375327E833501B65BCD095D
SHA-512: E190D1EE50C0B2446B14F0D9994A0CE58F5DBD2AA5D579F11B3A342DA1D4ABF0F833A0415D3817636B237930F314BE54E4C85B4DB4A9B4A3E532980EA9C91284
Malicious: false
Antivirus: Antivirus: Metadefender, Detection: 0%, BrowseAntivirus: ReversingLabs, Detection: 0%
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......DH.".)lq.)lq.)lq.)mqP)lq.!1q.)lq./jq.)lqT.]q.)lq..hq.)lqRich.)lq........................PE..L...lKPJ...........!.....4...........:.......P......................................i/...............................B..J....:..x....`.......................p..........................................................L............................text...Z3.......4.................. ..`[email protected]........`.......@..............@[email protected][email protected]........................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UserInfo.dll
Process: C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe
Copyright null 2021 Page 38 of 66
File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category: dropped
Size (bytes): 4096
Entropy (8bit): 3.300248291125861
Encrypted: false
SSDEEP: 48:qKf6qD22TZ4s9XXqQr1wHGzzofD4x/X/3Mbj+cZSNJwhSv3:5fF/RKQruH0pxvcec++hSv
MD5: 1B446B36F5B4022D50FFDC0CF567B24A
SHA1: D9A0A99FE5EA3932CBD2774AF285DDF35FCDD4F9
SHA-256: 2862C7BC7F11715CEBDEA003564A0D70BF42B73451E2B672110E1392EC392922
SHA-512: 04AB80568F6DA5EEF2BAE47056391A5DE4BA6AFF15CF4A2D0A9CC807816BF565161731921C65FE5FF748D2B86D1661F6AA4311C65992350BD63A9F092019F1B8
Malicious: false
Antivirus: Antivirus: Metadefender, Detection: 0%, BrowseAntivirus: ReversingLabs, Detection: 0%
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..................[.........Rich..........................PE..L.....MX...........!................j........ ...............................P...................................... "......L ..<[email protected].................................................... ..L............................text............................... ..`.rdata....... ......................@[email protected][email protected].......@[email protected]................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UserInfo.dll
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\WebBrowser.dll
Process: C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe
File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category: dropped
Size (bytes): 95232
Entropy (8bit): 6.341258790684601
Encrypted: false
SSDEEP: 1536:r5T3mufJUOjAArf8WmL6ovLqp1UOrNIxUxuW/nANL8ZEsWUcdeVw0QWV7x/E1VIU:RfSOjAHW06ovW1UOBnuW/0L8ieV1QWZl
MD5: DFE24AA39F009E9D98B20B7C9CC070B1
SHA1: F48E4923C95466F689E8C5408265B52437ED2701
SHA-256: 8EC65A3D8AE8A290A6066773E49387FD368F5697392DFB58EAC1B63640E30444
SHA-512: 665CE32D3776B1B41F95ED685054A796D0C1938DBC237619FA6309D1B52AE3BD44E3CF0A1F53EBF88556F7603111CCA6DFF1BFC917A911E0A9CE04AFFD0D5261
Malicious: false
Antivirus: Antivirus: Metadefender, Detection: 3%, BrowseAntivirus: ReversingLabs, Detection: 0%
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS [email protected][email protected][email protected].([email protected].([email protected]./[email protected]./[email protected]./[email protected].([email protected].([email protected][email protected][email protected]/[email protected]/[email protected]/[email protected].@[email protected]/[email protected][email protected].....^...........!.................(....................................................@..........................].......^..x.......`.......................0....R..............................0R..@............................................text............................... ..`.rdata..tg.......h..................@[email protected][email protected]...`............^..............@[email protected][email protected]........................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\bgstub.jpgProcess: C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1344x822, frames 3
Category: dropped
Size (bytes): 58327
Entropy (8bit): 7.671129076331537
Encrypted: false
SSDEEP: 768:8Pcee2Z31xI+ut5WibOyEHrU0e5LxTGUMGGPq9D25z1oFlh8gUe9hkKcT3ZBoNqK:zR5WLQn5lTGUgq9SuYe9T4DiDeFe
MD5: B7A3CA496F252CF886986D354A875026
SHA1: 809CEC45606A148DCF84CC2E0BE7BC54305282AA
SHA-256: BB39042D269152B10BB5955CAB98D8AF35718B83FA30DC430811F2411CED2966
SHA-512: 9E8809A1F7A01F9A7DD070D483FFB1F4B0B27847FEB0D4AE850A041DC4B1CAF2F41D2D228A2AFD4A81FA354123FE3EC404FE5009145AF51437E427AFA7C6D71C
Malicious: false
Preview:......JFIF......................................................................................................................................................6.@......................................................0..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing.htmlProcess: C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe
File Type: HTML document, ASCII text
Category: dropped
Size (bytes): 1031
Entropy (8bit): 4.9747185139122365
Encrypted: false
Copyright null 2021 Page 39 of 66
SSDEEP: 24:0lrrmeoWPkvL5BANVv9LtVIA1EGgMifL9GMSX3eTeXWYIfS3ME:0lnfoWcMmA1EDjRo3eTeXWYIfg7
MD5: 32DE55F44C497811DD7ED7F227F5C28D
SHA1: C111BE08E7F3D268E7A2ED160D0C30833F25AE4A
SHA-256: 6259F3A41A703F13466503E6FBD37CA40E94F565A2F4B4087FBCD87A13BF3EE1
SHA-512: 48BB6F24B3EE2F4B7052205A3843EA34F917EE192B70261D2438C037B0E17D48BCE8BEB4C31BE4141E9618922A45B6B47745B797E5618F18FE00BFC1625309EF
Malicious: false
Preview:<!doctype html>.. This Source Code Form is subject to the terms of the Mozilla Public. - License, v. 2.0. If a copy of the MPL was not distributed with this. - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->..<html>.<head>..<meta charset="UTF-8">.<meta http-equiv="X-UA-Compatible" content="IE=8">..<link rel="stylesheet" href="stub_common.css">.<link rel="stylesheet" href="installing_page.css">..<script src="stub_common.js"></script>.<script src="installing.js"></script>..</head>.<body>..<img id="background" src="bgstub.jpg" alt="" role="presentation">..<div id="text_column">. <div id="text_column_container">. <h1 id="header"></h1>. <div id="content"></div>. </div>.</div>..<div id="installing">. <div id="label" tabindex="0"></div>. <div id="progress_background">. <div id="progress_bar" role="progressbar" aria-labelledby="label" aria-valuemin="0" aria-valuemax="100" aria-valuenow="0" tabindex="0"></div>. </div>.</div>..<div id="blurb"></div>..<div id="f
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing.html
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing.jsProcess: C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe
File Type: ASCII text
Category: dropped
Size (bytes): 2313
Entropy (8bit): 4.945006967984332
Encrypted: false
SSDEEP: 48:1PAJD5hjHZBda+3w3PVqroG72j3zNeZBAhHeX7u8ji+3WHQBlGh0nnSvidU2k3W8:1PAR5hjHV/w3P4exeRF73Bm0nWi2hG8
MD5: DFA7861BCA754036AB853B3BB02B194D
SHA1: 46D7C5BA614B39CAA4857FCBA4BDEDBABB2C67C0
SHA-256: 2C286B6EEFD38F032A385F3AC6A1F794DEAB3BAC0FBFF71BD0BA21453F477878
SHA-512: C58D96FB2496A84261A5E4B18CF4156A30F9AD161BBABC3652B6B5C24976F1AC432DCED31927A9443260CDCA0292524D1F691766B7C0731F926D37BE11FE0C64
Malicious: false
Preview:// This Source Code Form is subject to the terms of the Mozilla Public.// License, v. 2.0. If a copy of the MPL was not distributed with this.// file, You can obtain one at http://mozilla.org/MPL/2.0/...// Length of time (milliseconds) that one blurb stays up before we switch to.// displaying the next one..var BLURB_CYCLE_MS = 20000;..// How frequently we should update the progress bar state, in milliseconds..var PROGRESS_BAR_INTERVAL_MS = 250;..window.attachEvent("onload", function() {. // Set direction on the two components of the layout.. var direction = external.getTextDirection();. document.getElementById("text_column").style.direction = direction;. document.getElementById("installing").style.direction = direction;.. // Get this page's static strings.. var label = document.getElementById("label");. label.innerText = external.getUIString("installing_label");. document.getElementById("header").innerText = external.getUIString(. "installing_header". );. document.getEleme
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing_page.cssProcess: C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe
File Type: ASCII text
Category: dropped
Size (bytes): 1137
Entropy (8bit): 4.9215580342589655
Encrypted: false
SSDEEP: 24:wfrmokmQe0+08DGJreQXZe5YUeXkdkydskBDpaZeXkd6aHeHpiHvcLhORWH:AKmQerFQecZe5reXkgesZeXkJeHpiPc3
MD5: CBD327243D2650EF132599C42D4B0820
SHA1: A8D5B12D89077401DEC504AC56FCB635D7D2A96E
SHA-256: E123002AB5836965420FC58F9E30F87FB294D4648A58F3BCE1AC8EC514917ECC
SHA-512: E3B97471C42C3971969086C97386BA42B0A15E3722E0F97A0095FE6FCCA3E7EAC46370ADA3B6E648E155D6BD1FDE1762CB6F9496CA50038ABAC332F7C572D2EA
Malicious: false
Preview:/* This Source Code Form is subject to the terms of the Mozilla Public. * License, v. 2.0. If a copy of the MPL was not distributed with this. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */..body {. color: white;.}..#label,.#progress_background,.#blurb {. text-align: center;. margin: 20px 30px;.}..#label {. font-size: 40px;. margin-top: 100px;. margin-bottom: 20px;.}..#progress_background {. margin: 0 auto;. width: 60%;. height: 24px;. background-color: white;.}..body.high-contrast #progress_background {. outline: solid;.}..#progress_bar {. margin: 0;. width: 0%;. max-width: 100%;. height: 100%;. background-color: #00AAFF;.}../* In high contrast mode, fill the entire progress bar with its border. */.body.high-contrast #progress_bar {. /* This border should be the height of progress_background. */. border-top: 24px solid;. box-sizing: border-box;.}../* This layout doesn't want the header or content text. */.#header, #content {. display: none;.}..#blurb
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\stub_common.cssProcess: C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe
File Type: ASCII text
Category: dropped
Size (bytes): 684
Entropy (8bit): 4.895598755144928
Encrypted: false
SSDEEP: 12:UffrmssQiG8XxmcuKOdNGwQm/vYukF45fEibiHoEsyhqvR0T1vx:wfrmokmPqwQ+vY05fRiJLhqU1J
MD5: 544B51F11AD19DF720669478D28F129D
SHA1: D238B604FD3FA37DFD552EACDC6AACC474FCDDAD
SHA-256: 4D9495B6F0E18331659993B79440E414A6E607FCDAEACBC7477E0683CC0FA98B
SHA-512: BBBB0F31839316C51464CFD225166145F968CE38995DC2748DF5402B7E109FF6119D65B6774FC4738638AD4C9D89776516B00AB5A700097D9D74E1824A11DC5E
Malicious: false
Copyright null 2021 Page 40 of 66
Static File Info
Preview:/* This Source Code Form is subject to the terms of the Mozilla Public. * License, v. 2.0. If a copy of the MPL was not distributed with this. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */..body {. height: 100%;. width: 100%;. margin: 0;. padding: 0;. overflow: hidden;.. font-family: "Segoe UI", sans-serif;.}../* This is an <img> rather than using background-image because IE8. * does not support background-size. */.#background {. min-height: 100%;. min-width: 100%;.. width: 100%;. height: auto;.. position: fixed;. top: 0;. left: 0;.. z-index: -1;.}..body.high-contrast #background {. display: none;.}...no-focus-outline {. outline: none;.}.
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\stub_common.css
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\stub_common.jsProcess: C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe
File Type: ASCII text
Category: dropped
Size (bytes): 817
Entropy (8bit): 4.930061365317776
Encrypted: false
SSDEEP: 24:ZrmAAJdslLElW0d+TrT0kKJRRZotfjJRRnE00:1PAJQLKWxXTGtoxjJjE00
MD5: 58B8AC894C64370CFA137F5848AEB88D
SHA1: 6A1AC1F88A918A232B79FE798B2DE69CF433945F
SHA-256: 0E28AA770B0AFADE30BE85C6DC1E50344DB8F8CDD3FA01989D81A9E20A4990BD
SHA-512: AE309518E0F926021E4D9378950C1A375263247D4F79D8A8CC09464CD01653AE5E707D52A4B0C36D532E649C246F4BE6B5BA8648F58FB0E3E40C495AE63180AB
Malicious: false
Preview:// This Source Code Form is subject to the terms of the Mozilla Public.// License, v. 2.0. If a copy of the MPL was not distributed with this.// file, You can obtain one at http://mozilla.org/MPL/2.0/...window.attachEvent("onload", function() {. if (parseInt(external.getIsHighContrast())) {. document.body.className += " high-contrast";. } else {. document.body.className += " normal-contrast";. }.. document.body.style.fontFamily = external.getFontName() + ", sans-serif";.. // All pages have the global footer (or don't, depending on the branding).. document.getElementById("footer").innerText = external.getUIString(. "global_footer". );.. // Disallow dragging of the "background" image.. document.getElementById("background").attachEvent("ondragstart", function() {. return false;. });.});.
C:\Users\user\AppData\Local\Temp\~DF15C2A6A2A552686A.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Category: dropped
Size (bytes): 36201
Entropy (8bit): 0.7208448941956904
Encrypted: false
SSDEEP: 384:kBqoxKFZPaZPbPoPYPzPNAPXAPKP5PTNYrAVeVTV:B5a5zgQbi4SZTWrAVeVTV
MD5: 4A51573DAE68686CC8FAA1122099F48A
SHA1: 3B5AE2EA738514A9AA608589092D60FC4D7AD6DF
SHA-256: 56FBC006D38476F2F35F6D72EB474527DD2576CACE6EF8809B6D94FC9D888D07
SHA-512: 4D0C9CCA9C83E988EECF2D516A4CEBBC87F80B9941A83F26E126B4D8E3329A8A0E7A088D584BB053580EF60D130283C5167845237A82374069EC057CE45A37A9
Malicious: false
Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\~DFC3557FDB50A0AF3E.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Category: dropped
Size (bytes): 12965
Entropy (8bit): 0.42172021325321307
Encrypted: false
SSDEEP: 24:c9lLh9lLh9lIn9lIn9lolF9lo/9lW3cF+eB:kBqoIg+3cp
MD5: D3B3664FEE71CA4A53F9E001D8A94618
SHA1: 32DB8F4DED683492B3264DE23A9572DEC23FE759
SHA-256: 4F8443E6421469A668078BBB516EDDBAFB904963C771B036109D4815DB714F5C
SHA-512: 96EF606089A007A461519F4F8536EB1B230A0943B8D3E30A953DCB01A8CFEDC23F91ABE0BA8E4A304C13B88924D552569A639A82A644AEF3280F3F71968F2263
Malicious: false
Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Copyright null 2021 Page 41 of 66
GeneralFile type: PE32 executable (GUI) Intel 80386, for MS Windows,
UPX compressed
Entropy (8bit): 7.931900551699911
TrID: Win32 Executable (generic) a (10002005/4) 99.66%UPX compressed Win32 Executable (30571/9) 0.30%Generic Win/DOS Executable (2004/3) 0.02%DOS Executable Generic (2002/1) 0.02%Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name: Firefox Installer.exe
File size: 327360
MD5: f0ffd6b22e2e284850f3933ede927790
SHA1: c8863c819ae52dc1126d5215b3c6d61df96b49ab
SHA256: e0e20159839ff7fa71278a67d90b7fa685733d19c3eb36de406669e6c070c60e
SHA512: 01a4e9d28f774acee9e44e97cd01f3e7bdbf23ac022992024ba0767ee33d4ecc420a639467cc754bd553e548c6d4d2cd05e546c74c1f955ac2ea4595dac24df0
SSDEEP: 6144:+aVWdyzOxeA1DfdwX3MmIOJhEbX1U0s/KyHQWW3HpO9SoaJvxfEQgQM3NcRrIH:+MROxdDfOnMmXDEu00o3g9SbMvQMyRsH
File Content Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............`Y..`Y..`YM.nY..`Y&.dY..`Y..?Y..`Y..=Y..`Y..aYb.`Y&.jY..`Y&.kY..`Yv.fY..`YRich..`Y........................PE..L...9m.[...
File Icon
Icon Hash: 64e4cc8df0f0f0b0
GeneralEntrypoint: 0x434fa0
Entrypoint Section: UPX1
Digitally signed: true
Imagebase: 0x400000
Subsystem: windows gui
Image File Characteristics: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp: 0x5B886D39 [Thu Aug 30 22:18:33 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major: 4
OS Version Minor: 0
File Version Major: 4
File Version Minor: 0
Subsystem Version Major: 4
Subsystem Version Minor: 0
Import Hash: 05d3dce2be32df01ca249872dd2cc117
Signature Valid: true
Signature Issuer: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Signature Validation Error: The operation completed successfully
Error Number: 0
Not Before, Not After 5/6/2020 5:00:00 PM 5/12/2021 5:00:00 AM
Subject Chain E="[email protected]", CN=Mozilla Corporation, OU=Firefox Engineering Operations, O=Mozilla Corporation, L=Mountain View, S=California, C=US
Version: 3
Thumbprint MD5: 9E49C16F999E6957E8FAF4FDCA2F7ED0
Thumbprint SHA-1: 91CABEA509662626E34326687348CAF2DD3B4BBA
Static PE Info
Authenticode Signature
Copyright null 2021 Page 42 of 66
Thumbprint SHA-256: 1DD436F9E9A33CCBF19A785FBDCCF512F36C753BBB9CF3787B4200162A6BDFE4
Serial: 0DDEB53F957337FBEAF98C4A615B149D
Instruction
pushad
mov esi, 00425000h
lea edi, dword ptr [esi-00024000h]
push edi
or ebp, FFFFFFFFh
jmp 00007FA3ACABE392h
nop
nop
nop
nop
nop
nop
mov al, byte ptr [esi]
inc esi
mov byte ptr [edi], al
inc edi
add ebx, ebx
jne 00007FA3ACABE389h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
jc 00007FA3ACABE36Fh
mov eax, 00000001h
add ebx, ebx
jne 00007FA3ACABE389h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
adc eax, eax
add ebx, ebx
jnc 00007FA3ACABE371h
jne 00007FA3ACABE38Bh
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
jnc 00007FA3ACABE366h
xor ecx, ecx
sub eax, 03h
jc 00007FA3ACABE38Fh
shl eax, 08h
mov al, byte ptr [esi]
inc esi
xor eax, FFFFFFFFh
je 00007FA3ACABE3F6h
mov ebp, eax
add ebx, ebx
jne 00007FA3ACABE389h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
adc ecx, ecx
add ebx, ebx
jne 00007FA3ACABE389h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
adc ecx, ecx
jne 00007FA3ACABE3A2h
inc ecx
Entrypoint Preview
Copyright null 2021 Page 43 of 66
add ebx, ebx
jne 00007FA3ACABE389h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
adc ecx, ecx
add ebx, ebx
jnc 00007FA3ACABE371h
jne 00007FA3ACABE38Bh
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
jnc 00007FA3ACABE366h
add ecx, 02h
cmp ebp, FFFFF300h
adc ecx, 01h
lea edx, dword ptr [edi+ebp]
cmp ebp, FFFFFFFCh
jbe 00007FA3ACABE391h
mov al, byte ptr [edx]
inc edx
mov byte ptr [edi], al
inc edi
dec ecx
jne 00007FA3ACABE379h
jmp 00007FA3ACABE2E8h
nop
mov eax, dword ptr [edx]
add edx, 04h
mov dword ptr [edi], eax
add edi, 04h
sub ecx, 00000000h
Instruction
Programming Language: [ C ] VS98 (6.0) build 8168[RES] VS98 (6.0) cvtres build 1720[C++] VS98 (6.0) build 8168[LNK] VS98 (6.0) imp/exp build 8168
Name Virtual Address Virtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT 0x0 0x0
IMAGE_DIRECTORY_ENTRY_IMPORT 0x45b4c 0xb4 .rsrc
IMAGE_DIRECTORY_ENTRY_RESOURCE 0x36000 0xfb4c .rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION 0x0 0x0
IMAGE_DIRECTORY_ENTRY_SECURITY 0x4d7d0 0x26f0
IMAGE_DIRECTORY_ENTRY_BASERELOC 0x0 0x0
IMAGE_DIRECTORY_ENTRY_DEBUG 0x0 0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT 0x0 0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR 0x0 0x0
IMAGE_DIRECTORY_ENTRY_TLS 0x0 0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 0x0 0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 0x0 0x0
IMAGE_DIRECTORY_ENTRY_IAT 0x0 0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 0x1f130 0x80 UPX0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 0x0 0x0
IMAGE_DIRECTORY_ENTRY_RESERVED 0x0 0x0
Name Virtual Address Virtual Size Raw Size Xored PE ZLIB Complexity File Type Entropy Characteristics
UPX0 0x1000 0x24000 0x0 False 0 empty 0.0 IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
Rich Headers
Data Directories
Sections
Copyright null 2021 Page 44 of 66
Network Port Distribution
Total Packets: 105
UPX1 0x25000 0x11000 0x10200 False 0.985268289729 data 7.8779930428 IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc 0x36000 0x10000 0xfc00 False 0.808113219246 data 7.52725036342 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
Name Virtual Address Virtual Size Raw Size Xored PE ZLIB Complexity File Type Entropy Characteristics
Name RVA Size Type Language Country
RT_ICON 0x362e4 0x528 GLS_BINARY_LSB_FIRST English United States
RT_ICON 0x36810 0x1428 dBase IV DBT of @.DBF, block length 5120, next free block index 40, next free block 0, next used block 0
English United States
RT_ICON 0x37c3c 0x2d28 data English United States
RT_ICON 0x3a968 0xa9cb PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
English United States
RT_DIALOG 0x32324 0xb8 data English United States
RT_STRING 0x323dc 0x60 data English United States
RT_STRING 0x3243c 0x88 data English United States
RT_STRING 0x324c4 0x54 data English United States
RT_STRING 0x32518 0x34 data English United States
RT_GROUP_ICON 0x45338 0x3e data English United States
RT_VERSION 0x4537c 0x274 data English United States
RT_MANIFEST 0x455f4 0x555 XML 1.0 document, ASCII text, with CRLF line terminators
DLL Import
KERNEL32.DLL LoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
MSVCRT.dll free
Description Data
LegalCopyright Mozilla
InternalName 7zS.sfx
FileVersion 18.05
CompanyName Mozilla
ProductName Firefox
ProductVersion 18.05
FileDescription Firefox
OriginalFilename 7zS.sfx.exe
Translation 0x0409 0x04b0
Language of compilation system Country where language is spoken Map
English United States
Network Behavior
Resources
Imports
Version Infos
Possible Origin
Copyright null 2021 Page 45 of 66
• 53 (DNS)
• 443 (HTTPS)
• 80 (HTTP)
Timestamp Source Port Dest Port Source IP Dest IP
Feb 21, 2021 01:23:42.928412914 CET 49725 80 192.168.2.3 35.155.87.117
Feb 21, 2021 01:23:43.129740000 CET 80 49725 35.155.87.117 192.168.2.3
Feb 21, 2021 01:23:43.129909992 CET 49725 80 192.168.2.3 35.155.87.117
Feb 21, 2021 01:23:43.130429029 CET 49725 80 192.168.2.3 35.155.87.117
Feb 21, 2021 01:23:43.331476927 CET 80 49725 35.155.87.117 192.168.2.3
Feb 21, 2021 01:23:43.442848921 CET 80 49725 35.155.87.117 192.168.2.3
Feb 21, 2021 01:23:43.442961931 CET 49725 80 192.168.2.3 35.155.87.117
Feb 21, 2021 01:23:44.644891024 CET 49728 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:44.644937992 CET 49729 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:44.847662926 CET 443 49729 44.236.48.31 192.168.2.3
Feb 21, 2021 01:23:44.847815990 CET 49729 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:44.848442078 CET 49729 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:44.848506927 CET 443 49728 44.236.48.31 192.168.2.3
Feb 21, 2021 01:23:44.848612070 CET 49728 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:44.849150896 CET 49728 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:45.050424099 CET 443 49729 44.236.48.31 192.168.2.3
Feb 21, 2021 01:23:45.052923918 CET 443 49728 44.236.48.31 192.168.2.3
Feb 21, 2021 01:23:45.052980900 CET 443 49729 44.236.48.31 192.168.2.3
Feb 21, 2021 01:23:45.053036928 CET 49729 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:45.053041935 CET 443 49729 44.236.48.31 192.168.2.3
Feb 21, 2021 01:23:45.053073883 CET 443 49729 44.236.48.31 192.168.2.3
Feb 21, 2021 01:23:45.053138971 CET 49729 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:45.055820942 CET 443 49728 44.236.48.31 192.168.2.3
Feb 21, 2021 01:23:45.055860043 CET 443 49728 44.236.48.31 192.168.2.3
Feb 21, 2021 01:23:45.055891991 CET 49728 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:45.055922031 CET 49728 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:45.055954933 CET 443 49728 44.236.48.31 192.168.2.3
Feb 21, 2021 01:23:45.056102037 CET 49728 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:45.071691036 CET 49728 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:45.071779013 CET 49729 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:45.072613955 CET 49728 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:45.074162960 CET 49728 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:45.074218035 CET 49729 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:45.274070978 CET 443 49729 44.236.48.31 192.168.2.3
Feb 21, 2021 01:23:45.274111032 CET 443 49729 44.236.48.31 192.168.2.3
Feb 21, 2021 01:23:45.274167061 CET 49729 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:45.274230957 CET 49729 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:45.274975061 CET 443 49728 44.236.48.31 192.168.2.3
Feb 21, 2021 01:23:45.275007010 CET 443 49728 44.236.48.31 192.168.2.3
Feb 21, 2021 01:23:45.275062084 CET 49728 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:45.275094986 CET 49728 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:45.275676966 CET 49728 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:45.277296066 CET 443 49728 44.236.48.31 192.168.2.3
Feb 21, 2021 01:23:45.277374983 CET 49728 443 192.168.2.3 44.236.48.31
TCP Packets
Copyright null 2021 Page 46 of 66
Feb 21, 2021 01:23:45.277544975 CET 443 49729 44.236.48.31 192.168.2.3
Feb 21, 2021 01:23:45.277615070 CET 49729 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:45.278187990 CET 443 49728 44.236.48.31 192.168.2.3
Feb 21, 2021 01:23:45.278228045 CET 443 49728 44.236.48.31 192.168.2.3
Feb 21, 2021 01:23:45.278323889 CET 49728 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:45.282090902 CET 49729 443 192.168.2.3 44.236.48.31
Feb 21, 2021 01:23:45.381151915 CET 49732 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.382103920 CET 49733 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.427129030 CET 443 49732 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.427234888 CET 49732 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.427880049 CET 443 49733 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.427973032 CET 49733 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.428061962 CET 49732 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.428814888 CET 49733 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.473948956 CET 443 49732 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.473974943 CET 443 49732 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.473992109 CET 443 49732 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.474008083 CET 443 49732 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.474036932 CET 49732 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.474071980 CET 49732 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.474488974 CET 443 49733 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.477018118 CET 443 49732 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.477128983 CET 49732 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.477140903 CET 443 49733 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.477160931 CET 443 49733 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.477178097 CET 443 49733 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.477204084 CET 49733 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.477257967 CET 49733 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.480346918 CET 443 49733 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.480953932 CET 49733 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.490745068 CET 49733 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.491076946 CET 49732 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.491245031 CET 49733 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.491548061 CET 49732 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.491566896 CET 49733 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.520524025 CET 443 49728 44.236.48.31 192.168.2.3
Feb 21, 2021 01:23:45.524482965 CET 443 49729 44.236.48.31 192.168.2.3
Feb 21, 2021 01:23:45.536559105 CET 443 49733 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.536694050 CET 443 49733 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.536711931 CET 443 49732 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.536755085 CET 443 49733 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.536771059 CET 49733 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.536801100 CET 49733 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.536911964 CET 443 49733 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.536927938 CET 443 49733 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.536959887 CET 443 49732 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.536992073 CET 443 49732 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.537026882 CET 49733 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.537071943 CET 49732 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.537103891 CET 49732 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.537194014 CET 443 49732 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.537246943 CET 443 49732 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.537262917 CET 443 49733 13.224.96.162 192.168.2.3
Feb 21, 2021 01:23:45.537331104 CET 49732 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.537461042 CET 49733 443 192.168.2.3 13.224.96.162
Feb 21, 2021 01:23:45.538292885 CET 49732 443 192.168.2.3 13.224.96.162
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source Port Dest Port Source IP Dest IP
Feb 21, 2021 01:22:51.062041044 CET 50200 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:22:51.110786915 CET 53 50200 8.8.8.8 192.168.2.3
Feb 21, 2021 01:22:52.476252079 CET 51281 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:22:52.527959108 CET 53 51281 8.8.8.8 192.168.2.3
UDP Packets
Copyright null 2021 Page 47 of 66
Feb 21, 2021 01:22:53.910063982 CET 49199 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:22:53.915158987 CET 50620 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:22:53.961580038 CET 53 49199 8.8.8.8 192.168.2.3
Feb 21, 2021 01:22:53.973233938 CET 53 50620 8.8.8.8 192.168.2.3
Feb 21, 2021 01:22:55.324569941 CET 64938 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:22:55.377518892 CET 53 64938 8.8.8.8 192.168.2.3
Feb 21, 2021 01:22:56.619436979 CET 60152 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:22:56.671044111 CET 53 60152 8.8.8.8 192.168.2.3
Feb 21, 2021 01:22:57.720863104 CET 57544 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:22:57.769581079 CET 53 57544 8.8.8.8 192.168.2.3
Feb 21, 2021 01:22:58.875772953 CET 55984 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:22:58.937350988 CET 53 55984 8.8.8.8 192.168.2.3
Feb 21, 2021 01:22:59.892302990 CET 64185 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:22:59.957537889 CET 53 64185 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:00.061630011 CET 65110 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:00.113430023 CET 53 65110 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:00.909101963 CET 64185 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:00.965965033 CET 53 64185 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:01.202502012 CET 58361 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:01.251348972 CET 53 58361 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:01.909109116 CET 64185 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:01.966286898 CET 53 64185 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:02.191656113 CET 63492 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:02.240434885 CET 53 63492 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:02.971446037 CET 60831 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:03.020020008 CET 53 60831 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:03.956406116 CET 64185 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:03.981857061 CET 60100 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:04.015860081 CET 53 64185 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:04.030819893 CET 53 60100 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:05.135250092 CET 53195 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:05.183896065 CET 53 53195 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:06.109028101 CET 50141 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:06.157891035 CET 53 50141 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:07.051289082 CET 53023 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:07.108325005 CET 53 53023 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:08.003674030 CET 64185 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:08.060903072 CET 53 64185 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:08.278072119 CET 49563 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:08.329540968 CET 53 49563 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:10.152112007 CET 51352 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:10.212368011 CET 53 51352 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:11.356726885 CET 59349 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:11.405545950 CET 53 59349 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:12.627676010 CET 57084 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:12.676616907 CET 53 57084 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:28.108849049 CET 58823 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:28.157969952 CET 53 58823 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:29.759469986 CET 57568 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:29.820246935 CET 53 57568 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:42.802278996 CET 50540 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:42.867436886 CET 53 50540 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:43.100639105 CET 54366 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:43.159143925 CET 53 54366 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:43.166420937 CET 53034 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:43.223934889 CET 53 53034 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:44.091286898 CET 57762 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:44.142791033 CET 53 57762 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:44.560369015 CET 55435 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:44.608866930 CET 53 55435 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:44.719257116 CET 50713 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:44.786983967 CET 53 50713 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:45.290653944 CET 56132 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:45.355911016 CET 53 56132 8.8.8.8 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Copyright null 2021 Page 48 of 66
Feb 21, 2021 01:23:45.682940960 CET 58987 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:45.734615088 CET 53 58987 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:46.046883106 CET 56579 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:46.098305941 CET 53 56579 8.8.8.8 192.168.2.3
Feb 21, 2021 01:23:50.864659071 CET 60633 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:23:50.933037996 CET 53 60633 8.8.8.8 192.168.2.3
Feb 21, 2021 01:24:03.624521017 CET 61292 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:24:03.673295975 CET 53 61292 8.8.8.8 192.168.2.3
Feb 21, 2021 01:24:09.762056112 CET 63619 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:24:09.820967913 CET 53 63619 8.8.8.8 192.168.2.3
Feb 21, 2021 01:24:13.093055010 CET 64938 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:24:13.144689083 CET 53 64938 8.8.8.8 192.168.2.3
Feb 21, 2021 01:24:13.850284100 CET 61946 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:24:13.899166107 CET 53 61946 8.8.8.8 192.168.2.3
Feb 21, 2021 01:24:14.081475973 CET 64938 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:24:14.133091927 CET 53 64938 8.8.8.8 192.168.2.3
Feb 21, 2021 01:24:14.845295906 CET 61946 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:24:14.894074917 CET 53 61946 8.8.8.8 192.168.2.3
Feb 21, 2021 01:24:15.100153923 CET 64938 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:24:15.151701927 CET 53 64938 8.8.8.8 192.168.2.3
Feb 21, 2021 01:24:15.861507893 CET 61946 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:24:15.910463095 CET 53 61946 8.8.8.8 192.168.2.3
Feb 21, 2021 01:24:17.095712900 CET 64938 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:24:17.147783041 CET 53 64938 8.8.8.8 192.168.2.3
Feb 21, 2021 01:24:17.861715078 CET 61946 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:24:17.910439968 CET 53 61946 8.8.8.8 192.168.2.3
Feb 21, 2021 01:24:21.113451958 CET 64938 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:24:21.165438890 CET 53 64938 8.8.8.8 192.168.2.3
Feb 21, 2021 01:24:21.881704092 CET 61946 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:24:21.930587053 CET 53 61946 8.8.8.8 192.168.2.3
Feb 21, 2021 01:24:38.854480028 CET 64910 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:24:38.903454065 CET 53 64910 8.8.8.8 192.168.2.3
Feb 21, 2021 01:24:42.471494913 CET 52123 53 192.168.2.3 8.8.8.8
Feb 21, 2021 01:24:42.545460939 CET 53 52123 8.8.8.8 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Feb 21, 2021 01:23:42.802278996 CET 192.168.2.3 8.8.8.8 0xc188 Standard query (0)
download-stats.mozilla.org
A (IP address) IN (0x0001)
Feb 21, 2021 01:23:44.560369015 CET 192.168.2.3 8.8.8.8 0xb3c3 Standard query (0)
firefox.com A (IP address) IN (0x0001)
Feb 21, 2021 01:23:45.290653944 CET 192.168.2.3 8.8.8.8 0x1f0c Standard query (0)
www.firefox.com A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Feb 21, 2021 01:22:59.957537889 CET
8.8.8.8 192.168.2.3 0x26a7 No error (0) bouncer-bouncer-elb.prod.mozaws.net
52.23.121.221 A (IP address) IN (0x0001)
Feb 21, 2021 01:22:59.957537889 CET
8.8.8.8 192.168.2.3 0x26a7 No error (0) bouncer-bouncer-elb.prod.mozaws.net
3.214.32.170 A (IP address) IN (0x0001)
Feb 21, 2021 01:22:59.957537889 CET
8.8.8.8 192.168.2.3 0x26a7 No error (0) bouncer-bouncer-elb.prod.mozaws.net
18.210.96.88 A (IP address) IN (0x0001)
Feb 21, 2021 01:23:00.965965033 CET
8.8.8.8 192.168.2.3 0x26a7 No error (0) bouncer-bouncer-elb.prod.mozaws.net
52.23.121.221 A (IP address) IN (0x0001)
Feb 21, 2021 01:23:00.965965033 CET
8.8.8.8 192.168.2.3 0x26a7 No error (0) bouncer-bouncer-elb.prod.mozaws.net
3.214.32.170 A (IP address) IN (0x0001)
DNS Queries
DNS Answers
Copyright null 2021 Page 49 of 66
Feb 21, 2021 01:23:00.965965033 CET
8.8.8.8 192.168.2.3 0x26a7 No error (0) bouncer-bouncer-elb.prod.mozaws.net
18.210.96.88 A (IP address) IN (0x0001)
Feb 21, 2021 01:23:01.966286898 CET
8.8.8.8 192.168.2.3 0x26a7 No error (0) bouncer-bouncer-elb.prod.mozaws.net
52.23.121.221 A (IP address) IN (0x0001)
Feb 21, 2021 01:23:01.966286898 CET
8.8.8.8 192.168.2.3 0x26a7 No error (0) bouncer-bouncer-elb.prod.mozaws.net
3.214.32.170 A (IP address) IN (0x0001)
Feb 21, 2021 01:23:01.966286898 CET
8.8.8.8 192.168.2.3 0x26a7 No error (0) bouncer-bouncer-elb.prod.mozaws.net
18.210.96.88 A (IP address) IN (0x0001)
Feb 21, 2021 01:23:04.015860081 CET
8.8.8.8 192.168.2.3 0x26a7 No error (0) bouncer-bouncer-elb.prod.mozaws.net
52.23.121.221 A (IP address) IN (0x0001)
Feb 21, 2021 01:23:04.015860081 CET
8.8.8.8 192.168.2.3 0x26a7 No error (0) bouncer-bouncer-elb.prod.mozaws.net
3.214.32.170 A (IP address) IN (0x0001)
Feb 21, 2021 01:23:04.015860081 CET
8.8.8.8 192.168.2.3 0x26a7 No error (0) bouncer-bouncer-elb.prod.mozaws.net
18.210.96.88 A (IP address) IN (0x0001)
Feb 21, 2021 01:23:08.060903072 CET
8.8.8.8 192.168.2.3 0x26a7 No error (0) bouncer-bouncer-elb.prod.mozaws.net
52.23.121.221 A (IP address) IN (0x0001)
Feb 21, 2021 01:23:08.060903072 CET
8.8.8.8 192.168.2.3 0x26a7 No error (0) bouncer-bouncer-elb.prod.mozaws.net
3.214.32.170 A (IP address) IN (0x0001)
Feb 21, 2021 01:23:08.060903072 CET
8.8.8.8 192.168.2.3 0x26a7 No error (0) bouncer-bouncer-elb.prod.mozaws.net
18.210.96.88 A (IP address) IN (0x0001)
Feb 21, 2021 01:23:42.867436886 CET
8.8.8.8 192.168.2.3 0xc188 No error (0) download-stats.mozilla.org
download-stats.r53-2.services.mozilla.com
CNAME (Canonical name)
IN (0x0001)
Feb 21, 2021 01:23:42.867436886 CET
8.8.8.8 192.168.2.3 0xc188 No error (0) download-stats.r53-2.services.mozilla.com
35.155.87.117 A (IP address) IN (0x0001)
Feb 21, 2021 01:23:42.867436886 CET
8.8.8.8 192.168.2.3 0xc188 No error (0) download-stats.r53-2.services.mozilla.com
52.40.50.138 A (IP address) IN (0x0001)
Feb 21, 2021 01:23:44.608866930 CET
8.8.8.8 192.168.2.3 0xb3c3 No error (0) firefox.com 44.236.48.31 A (IP address) IN (0x0001)
Feb 21, 2021 01:23:44.608866930 CET
8.8.8.8 192.168.2.3 0xb3c3 No error (0) firefox.com 44.235.246.155 A (IP address) IN (0x0001)
Feb 21, 2021 01:23:44.608866930 CET
8.8.8.8 192.168.2.3 0xb3c3 No error (0) firefox.com 44.236.72.93 A (IP address) IN (0x0001)
Feb 21, 2021 01:23:45.355911016 CET
8.8.8.8 192.168.2.3 0x1f0c No error (0) www.firefox.com fxc-prod.moz.works CNAME (Canonical name)
IN (0x0001)
Feb 21, 2021 01:23:45.355911016 CET
8.8.8.8 192.168.2.3 0x1f0c No error (0) fxc-prod.moz.works
dzlgdtxcws9pb.cloudfront.net
CNAME (Canonical name)
IN (0x0001)
Feb 21, 2021 01:23:45.355911016 CET
8.8.8.8 192.168.2.3 0x1f0c No error (0) dzlgdtxcws9pb.cloudfront.net
13.224.96.162 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
download-stats.mozilla.org
HTTP Request Dependency Graph
HTTP Packets
Copyright null 2021 Page 50 of 66
Session ID Source IP Source Port Destination IP Destination Port Process
0 192.168.2.3 49725 35.155.87.117 80 C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe
TimestampkBytestransferred Direction Data
Feb 21, 2021 01:23:43.130429029 CET
1273 OUT GET /stub/v8/aurora/aurora/en-GB/1/1/10/0/17134/0/0/11/0/9/0//0/0/43/42/0/0/0/0/0/1/0/0/0/0/0/1/1/0/1/Unknown//0/0 HTTP/1.1Range: bytes=0-User-Agent: NSIS InetBgDL (Mozilla)Host: download-stats.mozilla.orgConnection: Keep-Alive
Feb 21, 2021 01:23:43.442848921 CET
1274 IN HTTP/1.1 200 OKAlt-Svc: clearContent-Type: text/plain; charset=utf-8Date: Sun, 21 Feb 2021 00:23:43 GMTStrict-Transport-Security: max-age=15768000Via: 1.1 googleX-Frame-Options: DENYContent-Length: 0Connection: keep-alive
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Feb 21, 2021 01:23:45.053041935 CET
44.236.48.31 443 192.168.2.3 49729 CN=firefox.com CN=R3, O=Let's Encrypt, C=US
CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.
Tue Feb 09 23:10:15 CET 2021 Wed Oct 07 21:21:40 CEST 2020
Tue May 11 00:10:15 CEST 2021 Wed Sep 29 21:21:40 CEST 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=R3, O=Let's Encrypt, C=US
CN=DST Root CA X3, O=Digital Signature Trust Co.
Wed Oct 07 21:21:40 CEST 2020
Wed Sep 29 21:21:40 CEST 2021
Feb 21, 2021 01:23:45.055860043 CET
44.236.48.31 443 192.168.2.3 49728 CN=firefox.com CN=R3, O=Let's Encrypt, C=US
CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.
Tue Feb 09 23:10:15 CET 2021 Wed Oct 07 21:21:40 CEST 2020
Tue May 11 00:10:15 CEST 2021 Wed Sep 29 21:21:40 CEST 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=R3, O=Let's Encrypt, C=US
CN=DST Root CA X3, O=Digital Signature Trust Co.
Wed Oct 07 21:21:40 CEST 2020
Wed Sep 29 21:21:40 CEST 2021
Feb 21, 2021 01:23:45.477018118 CET
13.224.96.162 443 192.168.2.3 49732 CN=www.firefox.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Jun 24 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Sat Jul 24 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
HTTPS Packets
Copyright null 2021 Page 51 of 66
Code Manipulations
Statistics
Behavior
• Firefox Installer.exe
• setup-stub.exe
• iexplore.exe
• iexplore.exe
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Feb 21, 2021 01:23:45.480346918 CET
13.224.96.162 443 192.168.2.3 49733 CN=www.firefox.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Jun 24 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Sat Jul 24 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2021 Page 52 of 66
Click to jump to process
System Behavior
File ActivitiesFile Activities
Start time: 01:22:57
Start date: 21/02/2021
Path: C:\Users\user\Desktop\Firefox Installer.exe
Wow64 process (32bit): true
Commandline: 'C:\Users\user\Desktop\Firefox Installer.exe'
Imagebase: 0x400000
File size: 327360 bytes
MD5 hash: F0FFD6B22E2E284850F3933EDE927790
Has elevated privileges: true
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C read data or list directory | synchronize
device directory file | synchronous io non alert | open for backup ident | open reparse point
success or wait 1 40B45A CreateDirectoryW
C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe read attributes | synchronize | generic write
device synchronous io non alert | non directory file
success or wait 1 40C577 CreateFileW
C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\postSigningData read attributes | synchronize | generic write
device synchronous io non alert | non directory file
success or wait 1 40C577 CreateFileW
File Path Completion CountSourceAddress Symbol
C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\postSigningData success or wait 1 40B6BB DeleteFileW
C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe success or wait 1 40B6BB DeleteFileW
Analysis Process: Firefox Installer.exe PID: 5328 Parent PID: 5688Analysis Process: Firefox Installer.exe PID: 5328 Parent PID: 5688
General
File CreatedFile Created
File DeletedFile Deleted
File WrittenFile Written
Copyright null 2021 Page 53 of 66
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe
unknown 262144 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 e8 81 e9 50 86 d2 e9 50 86 d2 e9 50 86 d2 2a 5f d9 d2 eb 50 86 d2 e9 50 87 d2 4f 50 86 d2 2a 5f db d2 e6 50 86 d2 bd 73 b6 d2 e3 50 86 d2 2e 56 80 d2 e8 50 86 d2 52 69 63 68 e9 50 86 d2 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 3f ca 4d 58 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 66 00 00 00 d8 02 00 00 08 00 00 34 33 00 00 00 10 00 00 00 80 00 00 00 00 40
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..*_...P...P..OP..*_...P...s...P...V...P..Rich.P..........PE..L...?.MX.................f..........43............@
success or wait 1 40C7E5 WriteFile
C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe
unknown 202272 22 29 f5 2c b5 d6 f7 d2 f7 d7 59 da d6 69 a6 96 b5 a6 67 5b a6 6f 2b 25 6a cd 34 2b 68 a2 f9 db 2a c4 d6 95 a2 29 9d 2b 49 ce b8 2b cf 9c 65 5c a9 5a 52 b9 57 0c 2b 19 57 d3 60 00 00 00 00 00 00 3e e3 ed e7 de 22 22 22 22 a8 8a c4 44 47 c2 7c 76 ba e9 7d 6d 7d 75 b6 b6 b4 db 5d 2f 6b 4c cd f5 4a f6 4d a2 6d 0a 5a f1 05 6b a5 15 cc 8c e3 33 3a 67 19 db 3a e3 49 e7 ca 33 a6 54 a5 69 5c ab 86 39 c5 33 8f 4d c0 00 00 00 00 00 01 e6 8f 6b 3a 2a 85 22 26 b1 10 ac 55 cd f0 5a ed a5 f4 bd f4 d7 4b e9 69 6d 7d 2d 69 b4 ce d3 2b 5c bd 6d 33 11 5d a9 31 35 a5 e2 b3 94 44 e7 19 c4 e7 4c eb 45 6b 9e 33 8e 35 ae 54 ce 91 95 69 9e 78 63 11 95 63 ff c4 00 1d 01 01 00 03 00 03 01 01 01 00 00 00 00 00 00 00 00 00 01 02 03 05 06 07 04 08 09 ff da 00 08 01 01 10 00 00 00 f7
").,......Y..i....g[.o+%j.4+h...*....).+I..+..e\.ZR.W.+.W.`......>....""""...DG.|v..}m}u....]/kL..J.M.m.Z..k.....3:g..:.I..3.T.i\..9.3.M.........k:*."&...U..Z......K.im}-i...+\.m3.].15....D....L.Ek.3.5.T...i.xc..c..........................................
success or wait 1 40C7E5 WriteFile
Copyright null 2021 Page 54 of 66
C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\postSigningData
unknown 200 63 61 6d 70 61 69 67 6e 25 33 44 25 32 35 32 38 6e 6f 74 25 32 42 73 65 74 25 32 35 32 39 25 32 36 63 6f 6e 74 65 6e 74 25 33 44 25 32 35 32 38 6e 6f 74 25 32 42 73 65 74 25 32 35 32 39 25 32 36 65 78 70 65 72 69 6d 65 6e 74 25 33 44 25 32 35 32 38 6e 6f 74 25 32 42 73 65 74 25 32 35 32 39 25 32 36 6d 65 64 69 75 6d 25 33 44 25 32 35 32 38 64 69 72 65 63 74 25 32 35 32 39 25 32 36 73 6f 75 72 63 65 25 33 44 25 32 35 32 38 6f 74 68 65 72 25 32 35 32 39 25 32 36 75 61 25 33 44 63 68 72 6f 6d 65 25 32 36 76 61 72 69 61 74 69 6f 6e 25 33 44 25 32 35 32 38 6e 6f 74 25 32 42 73 65 74 25 32 35 32 39
campaign%3D%2528not%2Bset%2529%26content%3D%2528not%2Bset%2529%26experiment%3D%2528not%2Bset%2529%26medium%3D%2528direct%2529%26source%3D%2528other%2529%26ua%3Dchrome%26variation%3D%2528not%2Bset%2529
success or wait 1 40C7E5 WriteFile
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
C:\Users\user\Desktop\Firefox Installer.exe unknown 4096 success or wait 33 40C6CC ReadFile
C:\Users\user\Desktop\Firefox Installer.exe unknown 32 success or wait 1 40C6CC ReadFile
C:\Users\user\Desktop\Firefox Installer.exe unknown 32736 success or wait 2 40C6CC ReadFile
C:\Users\user\Desktop\Firefox Installer.exe unknown 369 success or wait 1 40C6CC ReadFile
C:\Users\user\Desktop\Firefox Installer.exe unknown 1571 success or wait 3 40C6CC ReadFile
File ActivitiesFile Activities
Start time: 01:22:57
Start date: 21/02/2021
Path: C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe
Wow64 process (32bit): true
Commandline: .\setup-stub.exe
Imagebase: 0x400000
File size: 464416 bytes
MD5 hash: 34D82BBBC56EB436EDF3D77EBA96AD26
Has elevated privileges: true
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
C:\Users\user\AppData\Local\Temp\ read data or list directory | synchronize
device directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 40579B CreateDirectoryW
File ReadFile Read
Analysis Process: setup-stub.exe PID: 2600 Parent PID: 5328Analysis Process: setup-stub.exe PID: 2600 Parent PID: 5328
General
File CreatedFile Created
Copyright null 2021 Page 55 of 66
C:\Users\user\AppData\Local\Temp\nsf82AF.tmp read attributes | synchronize | generic read
device synchronous io non alert | non directory file
success or wait 1 405D27 GetTempFileNameW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp read attributes | synchronize | generic read
device synchronous io non alert | non directory file
success or wait 1 405D27 GetTempFileNameW
C:\Users read data or list directory | synchronize
device directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 40579B CreateDirectoryW
C:\Users\user read data or list directory | synchronize
device directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 40579B CreateDirectoryW
C:\Users\user\AppData read data or list directory | synchronize
device directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 40579B CreateDirectoryW
C:\Users\user\AppData\Local read data or list directory | synchronize
device directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 40579B CreateDirectoryW
C:\Users\user\AppData\Local\Temp read data or list directory | synchronize
device directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 40579B CreateDirectoryW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp read data or list directory | synchronize
device directory file | synchronous io non alert | open for backup ident | open reparse point
success or wait 1 40575B CreateDirectoryW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\System.dll read attributes | synchronize | generic write
device synchronous io non alert | non directory file
success or wait 1 405CE5 CreateFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\System.dll read attributes | synchronize | generic write
device synchronous io non alert | non directory file
object name collision 9 405CE5 CreateFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\System.dll read attributes | synchronize | generic write
device synchronous io non alert | non directory file
object name collision 22 405CE5 CreateFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UAC.dll read attributes | synchronize | generic write
device synchronous io non alert | non directory file
success or wait 1 405CE5 CreateFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UserInfo.dll read attributes | synchronize | generic write
device synchronous io non alert | non directory file
success or wait 1 405CE5 CreateFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UserInfo.dll read attributes | synchronize | generic write
device synchronous io non alert | non directory file
object name collision 1 405CE5 CreateFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\bgstub.jpg read attributes | synchronize | generic write
device synchronous io non alert | non directory file
success or wait 1 405CE5 CreateFileW
C:\Program Files\nsa82E0.tmp read attributes | synchronize | generic read
device synchronous io non alert | non directory file
success or wait 1 405D27 GetTempFileNameW
C:\Program Files read data or list directory | synchronize
device directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 2 40579B CreateDirectoryW
C:\Program Files\nsa82E0.tmp read data or list directory | synchronize
device directory file | synchronous io non alert | open for backup ident | open reparse point
success or wait 1 40579B CreateDirectoryW
C:\Program Files\nsa82E0.tmp\nsv8310.tmp read attributes | synchronize | generic read
device synchronous io non alert | non directory file
success or wait 1 405D27 GetTempFileNameW
File Path Access Attributes Options Completion CountSourceAddress Symbol
Copyright null 2021 Page 56 of 66
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\System.dll read attributes | synchronize | generic write
device synchronous io non alert | non directory file
object name collision 2 405CE5 CreateFileW
C:\Program Files\nsv8311.tmp read attributes | synchronize | generic read
device synchronous io non alert | non directory file
success or wait 1 405D27 GetTempFileNameW
C:\Program Files\nsv8311.tmp read data or list directory | synchronize
device directory file | synchronous io non alert | open for backup ident | open reparse point
success or wait 1 40579B CreateDirectoryW
C:\Program Files\nsv8311.tmp\nsv8312.tmp read attributes | synchronize | generic read
device synchronous io non alert | non directory file
success or wait 1 405D27 GetTempFileNameW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\CityHash.dll read attributes | synchronize | generic write
device synchronous io non alert | non directory file
success or wait 1 405CE5 CreateFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\stub_common.css read attributes | synchronize | generic write
device synchronous io non alert | non directory file
success or wait 1 405CE5 CreateFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\stub_common.js read attributes | synchronize | generic write
device synchronous io non alert | non directory file
success or wait 1 405CE5 CreateFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\WebBrowser.dll read attributes | synchronize | generic write
device synchronous io non alert | non directory file
success or wait 1 405CE5 CreateFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\WebBrowser.dll read attributes | synchronize | generic write
device synchronous io non alert | non directory file
object name collision 7 405CE5 CreateFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing.html read attributes | synchronize | generic write
device synchronous io non alert | non directory file
success or wait 1 405CE5 CreateFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing_page.css read attributes | synchronize | generic write
device synchronous io non alert | non directory file
success or wait 1 405CE5 CreateFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing.js read attributes | synchronize | generic write
device synchronous io non alert | non directory file
success or wait 1 405CE5 CreateFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\WebBrowser.dll read attributes | synchronize | generic write
device synchronous io non alert | non directory file
object name collision 34 405CE5 CreateFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\InetBgDL.dll read attributes | synchronize | generic write
device synchronous io non alert | non directory file
success or wait 1 405CE5 CreateFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\download.exe read attributes | synchronize | generic read | generic write
device synchronous io non alert | non directory file
success or wait 4 6C3C1371 CreateFileW
C:\Users\user read data or list directory | synchronize
device directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 6C3C14BF InternetOpenUrlW
C:\Users\user\AppData\Local read data or list directory | synchronize
device directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 6C3C14BF InternetOpenUrlW
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache read data or list directory | synchronize
device directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 6C3C14BF InternetOpenUrlW
C:\Users\user read data or list directory | synchronize
device directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 6C3C14BF InternetOpenUrlW
C:\Users\user\AppData\Local read data or list directory | synchronize
device directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 6C3C14BF InternetOpenUrlW
File Path Access Attributes Options Completion CountSourceAddress Symbol
Copyright null 2021 Page 57 of 66
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies read data or list directory | synchronize
device directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 6C3C14BF InternetOpenUrlW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\InetBgDL.dll read attributes | synchronize | generic write
device synchronous io non alert | non directory file
object name collision 88 405CE5 CreateFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\System.dll read attributes | synchronize | generic write
device synchronous io non alert | non directory file
object name collision 1 405CE5 CreateFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\InetBgDL.dll read attributes | synchronize | generic write
device synchronous io non alert | non directory file
object name collision 2 405CE5 CreateFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\System.dll read attributes | synchronize | generic write
device synchronous io non alert | non directory file
object name collision 16 405CE5 CreateFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\WebBrowser.dll read attributes | synchronize | generic write
device synchronous io non alert | non directory file
object name collision 1 405CE5 CreateFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\_temp read attributes | synchronize | generic read | generic write
device synchronous io non alert | non directory file
success or wait 1 6C3C1371 CreateFileW
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Completion CountSourceAddress Symbol
C:\Users\user\AppData\Local\Temp\nsf82AF.tmp success or wait 1 4035C1 DeleteFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp success or wait 1 405904 DeleteFileW
C:\Program Files\nsa82E0.tmp success or wait 1 4058B6 DeleteFileW
C:\Program Files\nsa82E0.tmp\nsv8310.tmp success or wait 1 4058B6 DeleteFileW
C:\Program Files\nsv8311.tmp success or wait 1 4058B6 DeleteFileW
C:\Program Files\nsv8311.tmp\nsv8312.tmp success or wait 1 4058B6 DeleteFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\download.exe success or wait 8 4058B6 DeleteFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\_temp success or wait 1 4058B6 DeleteFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\download.exe success or wait 1 4058B6 DeleteFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\bgstub.jpg success or wait 1 4058B6 DeleteFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\CityHash.dll success or wait 1 4058B6 DeleteFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\InetBgDL.dll success or wait 1 4058B6 DeleteFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing.html success or wait 1 4058B6 DeleteFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing.js success or wait 1 4058B6 DeleteFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing_page.css success or wait 1 4058B6 DeleteFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\stub_common.css success or wait 1 4058B6 DeleteFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\stub_common.js success or wait 1 4058B6 DeleteFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\System.dll success or wait 1 4058B6 DeleteFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UAC.dll success or wait 1 4058B6 DeleteFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UserInfo.dll success or wait 1 4058B6 DeleteFileW
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\WebBrowser.dll success or wait 1 4058B6 DeleteFileW
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File DeletedFile Deleted
File WrittenFile Written
Copyright null 2021 Page 58 of 66
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\System.dll unknown 11776 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 31 93 d2 ee 75 f2 bc bd 75 f2 bc bd 75 f2 bc bd f6 ee b2 bd 73 f2 bc bd 75 f2 bd bd 61 f2 bc bd b6 fd e1 bd 72 f2 bc bd 21 d1 8c bd 71 f2 bc bd 16 d0 96 bd 74 f2 bc bd 8a d2 b8 bd 74 f2 bc bd 52 69 63 68 75 f2 bc bd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 1a ca 4d 58 00 00 00 00 00 00 00 00 e0 00 0e 21 0b 01 06 00 00 20 00
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u...u...u.......s...u...a.......r...!...q.......t.......t...Richu...........................PE..L.....MX...........!..... .
success or wait 1 405D85 WriteFile
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UAC.dll unknown 18432 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 44 48 02 22 00 29 6c 71 00 29 6c 71 00 29 6c 71 00 29 6d 71 50 29 6c 71 83 21 31 71 0b 29 6c 71 c7 2f 6a 71 01 29 6c 71 54 0a 5d 71 02 29 6c 71 ff 09 68 71 01 29 6c 71 52 69 63 68 00 29 6c 71 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 6c 4b 50 4a 00 00 00 00 00 00 00 00 e0 00 0e 21 0b 01 06 00 00 34 00 00 00 10 00 00 00 00 00
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......DH.".)lq.)lq.)lq.)mqP)lq.!1q.)lq./jq.)lqT.]q.)lq..hq.)lqRich.)lq........................PE..L...lKPJ...........!.....4.........
success or wait 1 405D85 WriteFile
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
Copyright null 2021 Page 59 of 66
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UserInfo.dll unknown 4096 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4b 84 f1 e4 0f e5 9f b7 0f e5 9f b7 0f e5 9f b7 0f e5 9e b7 1a e5 9f b7 cc ea c2 b7 08 e5 9f b7 5b c6 af b7 0d e5 9f b7 f0 c5 9b b7 0e e5 9f b7 52 69 63 68 0f e5 9f b7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 1a ca 4d 58 00 00 00 00 00 00 00 00 e0 00 0e 21 0b 01 06 00 00 04 00 00 00 08 00 00 00 00 00 00 6a 12 00 00 00 10 00
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K...............................[...............Rich............................PE..L.....MX...........!................j......
success or wait 1 405D85 WriteFile
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\bgstub.jpg unknown 32768 ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 01 01 01 01 01 01 01 01 01 01 02 01 01 01 02 02 02 01 01 02 02 02 02 02 02 02 02 02 03 02 03 03 03 03 02 03 03 04 04 04 04 04 03 05 05 05 05 05 05 07 07 07 07 07 08 08 08 08 08 08 08 08 08 08 01 01 01 01 02 02 02 05 03 03 05 07 05 04 05 07 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 ff c2 00 11 08 03 36 05 40 03 00 11 00 01 11 01 02 11 01 ff c4 00 1f 00 01 00 03 01 00 02 03 01 01 00 00 00 00 00 00 00 00 01 02 03 04 07 08 05 06 09 0a 0b ff da 00 08 01 00 00 00 00 00 fe 30 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
......JFIF....................
..............................
..............................
..............................
..............................
..........6.@.................
..............................
.......0......................
...............
success or wait 2 405D85 WriteFile
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
Copyright null 2021 Page 60 of 66
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\CityHash.dll unknown 32768 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 2f c7 4a ed 6b a6 24 be 6b a6 24 be 6b a6 24 be e8 ba 2a be 7d a6 24 be 5d 80 2e be 24 a6 24 be 09 b9 37 be 68 a6 24 be 6b a6 25 be 23 a6 24 be 5d 80 2f be 68 a6 24 be 94 86 20 be 6a a6 24 be 52 69 63 68 6b a6 24 be 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 30 1b 87 50 00 00 00 00 00 00 00 00 e0 00 0e 21 0b 01 06 00 00 62 00 00 00 5e 00 00 00 00 00
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./.J.k.$.k.$.k.$...*.}.$.]...$.$...7.h.$.k.%.#.$.]./.h.$... .j.$.Richk.$.................PE..L...0..P...........!.....b...^.....
success or wait 2 405D85 WriteFile
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\stub_common.css
unknown 684 2f 2a 20 54 68 69 73 20 53 6f 75 72 63 65 20 43 6f 64 65 20 46 6f 72 6d 20 69 73 20 73 75 62 6a 65 63 74 20 74 6f 20 74 68 65 20 74 65 72 6d 73 20 6f 66 20 74 68 65 20 4d 6f 7a 69 6c 6c 61 20 50 75 62 6c 69 63 0a 20 2a 20 4c 69 63 65 6e 73 65 2c 20 76 2e 20 32 2e 30 2e 20 49 66 20 61 20 63 6f 70 79 20 6f 66 20 74 68 65 20 4d 50 4c 20 77 61 73 20 6e 6f 74 20 64 69 73 74 72 69 62 75 74 65 64 20 77 69 74 68 20 74 68 69 73 0a 20 2a 20 66 69 6c 65 2c 20 59 6f 75 20 63 61 6e 20 6f 62 74 61 69 6e 20 6f 6e 65 20 61 74 20 68 74 74 70 3a 2f 2f 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 4d 50 4c 2f 32 2e 30 2f 2e 20 2a 2f 0a 0a 62 6f 64 79 20 7b 0a 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 6d 61 72 67 69 6e
/* This Source Code Form is subject to the terms of the Mozilla Public. * License, v. 2.0. If a copy of the MPL was not distributed with this. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */..body {. height: 100%;. width: 100%;. margin
success or wait 1 405D85 WriteFile
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
Copyright null 2021 Page 61 of 66
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\stub_common.js
unknown 817 2f 2f 20 54 68 69 73 20 53 6f 75 72 63 65 20 43 6f 64 65 20 46 6f 72 6d 20 69 73 20 73 75 62 6a 65 63 74 20 74 6f 20 74 68 65 20 74 65 72 6d 73 20 6f 66 20 74 68 65 20 4d 6f 7a 69 6c 6c 61 20 50 75 62 6c 69 63 0a 2f 2f 20 4c 69 63 65 6e 73 65 2c 20 76 2e 20 32 2e 30 2e 20 49 66 20 61 20 63 6f 70 79 20 6f 66 20 74 68 65 20 4d 50 4c 20 77 61 73 20 6e 6f 74 20 64 69 73 74 72 69 62 75 74 65 64 20 77 69 74 68 20 74 68 69 73 0a 2f 2f 20 66 69 6c 65 2c 20 59 6f 75 20 63 61 6e 20 6f 62 74 61 69 6e 20 6f 6e 65 20 61 74 20 68 74 74 70 3a 2f 2f 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 4d 50 4c 2f 32 2e 30 2f 2e 0a 0a 77 69 6e 64 6f 77 2e 61 74 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 6c 6f 61 64 22 2c 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 69 66 20 28 70 61 72 73
// This Source Code Form is subject to the terms of the Mozilla Public.// License, v. 2.0. If a copy of the MPL was not distributed with this.// file, You can obtain one at http://mozilla.org/MPL/2.0/...window.attachEvent("onload", function() {. if (pars
success or wait 1 405D85 WriteFile
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\WebBrowser.dll
unknown 32768 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 b5 21 c1 15 f1 40 af 46 f1 40 af 46 f1 40 af 46 aa 28 ac 47 fb 40 af 46 aa 28 aa 47 76 40 af 46 fa 2f ab 47 fe 40 af 46 fa 2f ac 47 e3 40 af 46 fa 2f aa 47 d1 40 af 46 aa 28 ab 47 e5 40 af 46 aa 28 ae 47 fa 40 af 46 f1 40 ae 46 9e 40 af 46 37 2f a6 47 f4 40 af 46 37 2f af 47 f0 40 af 46 37 2f 50 46 f0 40 af 46 f1 40 38 46 f0 40 af 46 37 2f ad 47 f0 40 af 46 52 69 63 68 f1 40 af
MZ......................@...............................................!..L.!This program cannot be run in DOS [email protected][email protected][email protected].([email protected].([email protected]./[email protected]./[email protected]./[email protected].([email protected].([email protected][email protected][email protected]/[email protected]/[email protected]/[email protected].@[email protected]/[email protected].@.
success or wait 3 405D85 WriteFile
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
Copyright null 2021 Page 62 of 66
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing.html unknown 1031 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 0a 3c 21 2d 2d 20 54 68 69 73 20 53 6f 75 72 63 65 20 43 6f 64 65 20 46 6f 72 6d 20 69 73 20 73 75 62 6a 65 63 74 20 74 6f 20 74 68 65 20 74 65 72 6d 73 20 6f 66 20 74 68 65 20 4d 6f 7a 69 6c 6c 61 20 50 75 62 6c 69 63 0a 20 20 20 2d 20 4c 69 63 65 6e 73 65 2c 20 76 2e 20 32 2e 30 2e 20 49 66 20 61 20 63 6f 70 79 20 6f 66 20 74 68 65 20 4d 50 4c 20 77 61 73 20 6e 6f 74 20 64 69 73 74 72 69 62 75 74 65 64 20 77 69 74 68 20 74 68 69 73 0a 20 20 20 2d 20 66 69 6c 65 2c 20 59 6f 75 20 63 61 6e 20 6f 62 74 61 69 6e 20 6f 6e 65 20 61 74 20 68 74 74 70 3a 2f 2f 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 4d 50 4c 2f 32 2e 30 2f 2e 20 2d 2d 3e 0a 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 0a 3c 6d 65 74 61 20 63 68 61 72
<!doctype html>.. This Source Code Form is subject to the terms of the Mozilla Public. - License, v. 2.0. If a copy of the MPL was not distributed with this. - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->..<html>.<head>..<meta char
success or wait 1 405D85 WriteFile
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing_page.css
unknown 1137 2f 2a 20 54 68 69 73 20 53 6f 75 72 63 65 20 43 6f 64 65 20 46 6f 72 6d 20 69 73 20 73 75 62 6a 65 63 74 20 74 6f 20 74 68 65 20 74 65 72 6d 73 20 6f 66 20 74 68 65 20 4d 6f 7a 69 6c 6c 61 20 50 75 62 6c 69 63 0a 20 2a 20 4c 69 63 65 6e 73 65 2c 20 76 2e 20 32 2e 30 2e 20 49 66 20 61 20 63 6f 70 79 20 6f 66 20 74 68 65 20 4d 50 4c 20 77 61 73 20 6e 6f 74 20 64 69 73 74 72 69 62 75 74 65 64 20 77 69 74 68 20 74 68 69 73 0a 20 2a 20 66 69 6c 65 2c 20 59 6f 75 20 63 61 6e 20 6f 62 74 61 69 6e 20 6f 6e 65 20 61 74 20 68 74 74 70 3a 2f 2f 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 4d 50 4c 2f 32 2e 30 2f 2e 20 2a 2f 0a 0a 62 6f 64 79 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 0a 23 6c 61 62 65 6c 2c 0a 23 70 72 6f 67 72 65 73 73 5f 62 61 63 6b 67
/* This Source Code Form is subject to the terms of the Mozilla Public. * License, v. 2.0. If a copy of the MPL was not distributed with this. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */..body {. color: white;.}..#label,.#progress_backg
success or wait 1 405D85 WriteFile
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
Copyright null 2021 Page 63 of 66
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing.js unknown 2313 2f 2f 20 54 68 69 73 20 53 6f 75 72 63 65 20 43 6f 64 65 20 46 6f 72 6d 20 69 73 20 73 75 62 6a 65 63 74 20 74 6f 20 74 68 65 20 74 65 72 6d 73 20 6f 66 20 74 68 65 20 4d 6f 7a 69 6c 6c 61 20 50 75 62 6c 69 63 0a 2f 2f 20 4c 69 63 65 6e 73 65 2c 20 76 2e 20 32 2e 30 2e 20 49 66 20 61 20 63 6f 70 79 20 6f 66 20 74 68 65 20 4d 50 4c 20 77 61 73 20 6e 6f 74 20 64 69 73 74 72 69 62 75 74 65 64 20 77 69 74 68 20 74 68 69 73 0a 2f 2f 20 66 69 6c 65 2c 20 59 6f 75 20 63 61 6e 20 6f 62 74 61 69 6e 20 6f 6e 65 20 61 74 20 68 74 74 70 3a 2f 2f 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 4d 50 4c 2f 32 2e 30 2f 2e 0a 0a 2f 2f 20 4c 65 6e 67 74 68 20 6f 66 20 74 69 6d 65 20 28 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 29 20 74 68 61 74 20 6f 6e 65 20 62 6c 75 72 62 20 73 74 61 79
// This Source Code Form is subject to the terms of the Mozilla Public.// License, v. 2.0. If a copy of the MPL was not distributed with this.// file, You can obtain one at http://mozilla.org/MPL/2.0/...// Length of time (milliseconds) that one blurb stay
success or wait 1 405D85 WriteFile
C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\InetBgDL.dll unknown 7168 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 15 29 74 42 51 48 1a 11 51 48 1a 11 51 48 1a 11 34 2e 1b 10 56 48 1a 11 51 48 1b 11 4e 48 1a 11 67 24 13 10 50 48 1a 11 67 24 1a 10 50 48 1a 11 67 24 e5 11 50 48 1a 11 67 24 18 10 50 48 1a 11 52 69 63 68 51 48 1a 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 2c 33 f8 5c 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 15 00 0a 00 00 00 0e 04 00 00 00 00
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)tBQH..QH..QH..4...VH..QH..NH..g$..PH..g$..PH..g$..PH..g$..PH..RichQH..................PE..L...,3.\...........!...............
success or wait 1 405D85 WriteFile
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe unknown 512 success or wait 163 405D56 ReadFile
C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe unknown 4 success or wait 2 405D56 ReadFile
C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe unknown 4 success or wait 19 405D56 ReadFile
C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe unknown 4 success or wait 7 405D56 ReadFile
C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe unknown 4 success or wait 2 405D56 ReadFile
File ReadFile Read
Copyright null 2021 Page 64 of 66
Registry ActivitiesRegistry Activities
Key Path Completion CountSourceAddress Symbol
HKEY_LOCAL_MACHINE\Software\Mozilla success or wait 1 40242E RegCreateKeyExW
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox success or wait 1 40242E RegCreateKeyExW
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\TaskBarIDs success or wait 1 40242E RegCreateKeyExW
Key Path Name Type Data Completion CountSourceAddress Symbol
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla Firefox Developer EditionInstallerTest
unicode Write Test success or wait 1 40248E RegSetValueExW
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\TaskBarIDs
C:\Program Files\Firefox Developer Edition
unicode CA9422711AE1A81C success or wait 1 40248E RegSetValueExW
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 01:23:41
Start date: 21/02/2021
Path: C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit): false
Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.mozilla.org/en-GB/firefox/installer-help/?channel=aurora&installer_lang=en-GB
Imagebase: 0x7ff6ccf40000
File size: 823560 bytes
MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges: true
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: high
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
Key CreatedKey Created
Key Value CreatedKey Value Created
Analysis Process: iexplore.exe PID: 6736 Parent PID: 2600Analysis Process: iexplore.exe PID: 6736 Parent PID: 2600
General
Analysis Process: iexplore.exe PID: 6788 Parent PID: 6736Analysis Process: iexplore.exe PID: 6788 Parent PID: 6736
Copyright null 2021 Page 65 of 66
Disassembly
Code Analysis
File ActivitiesFile Activities
Start time: 01:23:42
Start date: 21/02/2021
Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit): true
Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6736 CREDAT:17410 /prefetch:2
Imagebase: 0xca0000
File size: 822536 bytes
MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges: true
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: high
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
General
Copyright null 2021 Page 66 of 66