Automated Malware Analysis Report for Firefox Installer

ID: 355697Sample Name: FirefoxInstaller.exeCookbook: default.jbsTime: 01:22:13Date: 21/02/2021Version: 31.0.0 Emerald

2444444444445555666777888

101010101414151616161618192021214142424242424344444445454545

4545

Table of Contents

Table of ContentsAnalysis Report Firefox Installer.exe

OverviewGeneral InformationDetectionSignaturesClassificationAnalysis Advice

StartupMalware ConfigurationYara OverviewSigma OverviewSignature Overview

Compliance:Stealing of Sensitive Information:

Mitre Att&ck MatrixBehavior GraphScreenshots

ThumbnailsAntivirus, Machine Learning and Genetic Malware Detection

Initial SampleDropped FilesUnpacked PE FilesDomainsURLs

Domains and IPsContacted DomainsContacted URLsURLs from Memory and BinariesContacted IPsPublic

General InformationSimulations

Behavior and APIsJoe Sandbox View / Context

IPsDomainsASNJA3 FingerprintsDropped Files

Created / dropped FilesStatic File Info

GeneralFile IconStatic PE Info

GeneralAuthenticode SignatureEntrypoint PreviewRich HeadersData DirectoriesSectionsResourcesImportsVersion InfosPossible Origin

Network BehaviorNetwork Port Distribution

Copyright null 2021 Page 2 of 66

464749495050515252525353535353535355

55555555585864

656565

65656565

656666

6666

TCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTP Request Dependency GraphHTTP PacketsHTTPS Packets

Code ManipulationsStatistics

BehaviorSystem Behavior

Analysis Process: Firefox Installer.exe PID: 5328 Parent PID: 5688GeneralFile Activities

File CreatedFile DeletedFile WrittenFile Read

Analysis Process: setup-stub.exe PID: 2600 Parent PID: 5328GeneralFile Activities

File CreatedFile DeletedFile WrittenFile Read

Registry ActivitiesKey CreatedKey Value Created

Analysis Process: iexplore.exe PID: 6736 Parent PID: 2600GeneralFile ActivitiesRegistry Activities

Analysis Process: iexplore.exe PID: 6788 Parent PID: 6736GeneralFile Activities

DisassemblyCode Analysis


Analysis Report Firefox Installer.exe

Overview

General Information

Sample Name:

Firefox Installer.exe

Analysis ID: 355697

MD5: f0ffd6b22e2e284…

SHA1: c8863c819ae52d…

SHA256: e0e20159839ff7f…

Most interesting Screenshot:

Detection

Score: 22

Range: 0 - 100

Whitelisted: false

Confidence: 60%

Signatures

Tries to harvest and steal browser in






Tries to harvest and steal browser inTries to harvest and steal browser in……

Allocates memory with a write watch






Allocates memory with a write watchAllocates memory with a write watch……

Antivirus or Machine Learning detec






Antivirus or Machine Learning detecAntivirus or Machine Learning detec……

Contains capabilities to detect virtua






Contains capabilities to detect virtuaContains capabilities to detect virtua……

Contains functionality for read data f






Contains functionality for read data fContains functionality for read data f……

Contains functionality to dynamically






Contains functionality to dynamicallyContains functionality to dynamically……

Contains functionality to query CPU






Contains functionality to query CPU Contains functionality to query CPU ……

Contains functionality to shutdown /






Contains functionality to shutdown / Contains functionality to shutdown / ……

Creates a process in suspended mo






Creates a process in suspended moCreates a process in suspended mo……

Detected potential crypto function






Detected potential crypto functionDetected potential crypto function

Drops PE files

Drops PE files

Drops PE files

Drops PE files

Drops PE files

Drops PE files

Drops PE filesDrops PE files

Found potential string decryption / a






Found potential string decryption / aFound potential string decryption / a……

IP address seen in connection with o






IP address seen in connection with oIP address seen in connection with o……

JA3 SSL client fingerprint seen in co






JA3 SSL client fingerprint seen in coJA3 SSL client fingerprint seen in co……

Monitors certain registry keys / valu






Monitors certain registry keys / valuMonitors certain registry keys / valu……

PE file contains an invalid checksum






PE file contains an invalid checksumPE file contains an invalid checksum

PE file contains executable resource






PE file contains executable resourcePE file contains executable resource……

PE file contains strange resources






PE file contains strange resourcesPE file contains strange resources

Queries the volume information (nam






Queries the volume information (namQueries the volume information (nam……

Sample file is different than original






Sample file is different than original Sample file is different than original ……

Uses 32bit PE files

Uses 32bit PE files

Uses 32bit PE files

Uses 32bit PE files

Uses 32bit PE files

Uses 32bit PE files

Uses 32bit PE filesUses 32bit PE files

Uses code obfuscation techniques (






Uses code obfuscation techniques (Uses code obfuscation techniques (……

Classification

Analysis Advice

Sample searches for specific file, try point organization specific fake files to the analysis machine

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Malware Configuration

Yara Overview

Sigma Overview

Ransomware

Spreading

Phishing

Banker

Trojan / Bot

Adware

Spyware

Exploiter

Evader

Miner

clean

clean

clean

clean

clean

clean

clean

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

malicious

malicious

malicious

malicious

malicious

malicious

malicious

System is w10x64

Firefox Installer.exe (PID: 5328 cmdline: 'C:\Users\user\Desktop\Firefox Installer.exe' MD5: F0FFD6B22E2E284850F3933EDE927790)

setup-stub.exe (PID: 2600 cmdline: .\setup-stub.exe MD5: 34D82BBBC56EB436EDF3D77EBA96AD26)

iexplore.exe (PID: 6736 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.mozilla.org/en-GB/firefox/installer-help/?channel=aurora&installer_lang=en-

GB MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)iexplore.exe (PID: 6788 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6736 CREDAT:17410 /prefetch:2 MD5:

071277CC2E3DF41EEEA8013E2AB58D5A)cleanup

No configs have been found

No yara matches

Startup


No Sigma rule has matched

Signature Overview

• AV Detection

• Compliance

• Spreading

• Networking

• Key, Mouse, Clipboard, Microphone and Screen Capturing

• System Summary

• Data Obfuscation

• Persistence and Installation Behavior

• Hooking and other Techniques for Hiding and Protection

• Malware Analysis System Evasion

• Anti Debugging

• HIPS / PFW / Operating System Protection Evasion

• Language, Device and Operating System Detection

• Stealing of Sensitive Information

Click to jump to signature section

Compliance:

Uses 32bit PE files

Creates a directory in C:\Program Files

PE / OLE file has a valid certificate

Uses new MSVCR Dlls

Uses secure TLS version for HTTPS connections

Stealing of Sensitive Information:

Tries to harvest and steal browser information (history, passwords, etc)

Mitre Att&ck Matrix

InitialAccess Execution Persistence

PrivilegeEscalation Defense Evasion

CredentialAccess Discovery

LateralMovement Collection Exfiltration

Commandand Control

NetworkEffects

ValidAccounts

NativeAPI 1

PathInterception

Access TokenManipulation 1

Masquerading 3 OSCredentialDumping 1

Query Registry 1 RemoteServices

ArchiveCollectedData 1

ExfiltrationOver OtherNetworkMedium

EncryptedChannel 1 2

Eavesdrop onInsecureNetworkCommunication

DefaultAccounts

ScheduledTask/Job

Boot orLogonInitializationScripts

ProcessInjection 1 1

Virtualization/SandboxEvasion 2

LSASSMemory

Security SoftwareDiscovery 1 1

RemoteDesktopProtocol

Data fromLocalSystem 1

ExfiltrationOverBluetooth

Ingress ToolTransfer 1

Exploit SS7 toRedirect PhoneCalls/SMS

DomainAccounts

At (Linux) Logon Script(Windows)

Logon Script(Windows)

Disable or ModifyTools 1

SecurityAccountManager

Virtualization/SandboxEvasion 2

SMB/WindowsAdmin Shares

ClipboardData 1

AutomatedExfiltration

Non-ApplicationLayerProtocol 2

Exploit SS7 toTrack DeviceLocation

LocalAccounts

At(Windows)

Logon Script(Mac)

Logon Script(Mac)

Access TokenManipulation 1

NTDS Remote SystemDiscovery 1

DistributedComponentObject Model

InputCapture

ScheduledTransfer

ApplicationLayerProtocol 3

SIM CardSwap

CloudAccounts

Cron NetworkLogon Script

Network LogonScript

ProcessInjection 1 1

LSASecrets

File and DirectoryDiscovery 3

SSH Keylogging DataTransferSize Limits

FallbackChannels

ManipulateDeviceCommunication

ReplicationThroughRemovableMedia

Launchd Rc.common Rc.common Deobfuscate/DecodeFiles or Information 1

CachedDomainCredentials

System InformationDiscovery 2 5

VNC GUI InputCapture

ExfiltrationOver C2Channel

MultibandCommunication

Jamming orDenial ofService


ExternalRemoteServices

ScheduledTask

StartupItems

Startup Items Obfuscated Files orInformation 2 1

DCSync Network Sniffing WindowsRemoteManagement

WebPortalCapture

ExfiltrationOverAlternativeProtocol

CommonlyUsed Port

Rogue Wi-FiAccess Points

Drive-byCompromise

CommandandScriptingInterpreter

ScheduledTask/Job

ScheduledTask/Job

SoftwarePacking 1 1

ProcFilesystem

Network ServiceScanning

SharedWebroot

CredentialAPIHooking

ExfiltrationOverSymmetricEncryptedNon-C2Protocol

ApplicationLayer Protocol

Downgrade toInsecureProtocols

InitialAccess Execution Persistence

PrivilegeEscalation Defense Evasion

CredentialAccess Discovery

LateralMovement Collection Exfiltration

Commandand Control

NetworkEffects

Behavior GraphID: 355697

Sample: Firefox Installer.exe

Startdate: 21/02/2021

Architecture: WINDOWS

Score: 22

Firefox Installer.exe

3

started

C:\Users\user\AppData\...\setup-stub.exe, PE32

dropped

setup-stub.exe

3 62

started

download-stats.r53-2.services.mozilla.com

35.155.87.117, 49725, 80

AMAZON-02US

United States

download-stats.mozilla.org

C:\Users\user\AppData\...\WebBrowser.dll, PE32

dropped

C:\Users\user\AppData\Local\...\UserInfo.dll, PE32

dropped

C:\Users\user\AppData\Local\Temp\...\UAC.dll, PE32

dropped

3 other files (none is malicious)

dropped

Tries to harvest andsteal browser information

(history, passwords,etc)

iexplore.exe

2 84

started

iexplore.exe

71

started

dzlgdtxcws9pb.cloudfront.net

13.224.96.162, 443, 49732, 49733

AMAZON-02US

United States

firefox.com

44.236.48.31, 443, 49728, 49729

AMAZON-02US

United States

2 other IPs or domains

Legend:

Process

Signature

Created File

DNS/IP Info

Is Dropped

Is Windows Process

Number of created Registry Values

Number of created Files

Visual Basic

Delphi

Java

.Net C# or VB.NET

C, C++ or other language

Is malicious

Internet

Hide Legend

ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Graph

Screenshots


No Antivirus matches

Source Detection Scanner Label Link

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\CityHash.dll 0% Metadefender Browse

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\CityHash.dll 0% ReversingLabs

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\InetBgDL.dll 3% Metadefender Browse

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\InetBgDL.dll 0% ReversingLabs

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\System.dll 3% Metadefender Browse

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\System.dll 2% ReversingLabs

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UAC.dll 0% Metadefender Browse

No bigger version No bigger version

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files


https://www.metadefender.com/#!/results/file/YnpJeE1ESXlNRGhqU1ZKaVpUUklSd2tmMUM4Z1lyZ2g/regular/analysis

https://www.metadefender.com/#!/results/file/YnpJeE1ESXhORzFNY1Rkb1J6SlVkMWtIVGNMUU9pR2w5/regular/analysis

https://www.metadefender.com/#!/results/file/YnpJeE1ESXlNRGhqU1ZKaVpUUklSd0Z3SjBXaDEtb3I/regular/analysis

https://www.metadefender.com/#!/results/file/YnpJeE1ESXlNRGhqU1ZKaVpUUklSd1Mzampmd2xNaWE/regular/analysis

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UAC.dll 0% ReversingLabs

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UserInfo.dll 0% Metadefender Browse

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UserInfo.dll 0% ReversingLabs

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\WebBrowser.dll 3% Metadefender Browse

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\WebBrowser.dll 0% ReversingLabs


Source Detection Scanner Label Link Download

0.3.Firefox Installer.exe.2bb0000.1.unpack 100% Avira TR/Patched.Ren.Gen Download File

1.2.setup-stub.exe.428240.3.unpack 100% Avira TR/Patched.Ren.Gen Download File

0.2.Firefox Installer.exe.870000.1.unpack 100% Avira TR/Patched.Ren.Gen Download File

0.3.Firefox Installer.exe.2bdd6e2.2.unpack 100% Avira TR/Patched.Ren.Gen Download File

0.0.Firefox Installer.exe.400000.0.unpack 100% Avira TR/Crypt.XPACK.Gen Download File

0.2.Firefox Installer.exe.400000.0.unpack 100% Avira TR/Crypt.XPACK.Gen Download File

0.3.Firefox Installer.exe.2bdac6a.0.unpack 100% Avira TR/Crypt.XPACK.Gen3 Download File

No Antivirus matches


www.mercadolivre.com.br/ 0% URL Reputation safe




www.merlin.com.pl/favicon.ico 0% URL Reputation safe




www.dailymail.co.uk/ 0% URL Reputation safe




image.excite.co.jp/jp/favicon/lep.ico 0% URL Reputation safe




%s.com 0% URL Reputation safe




busca.igbusca.com.br//app/static/images/favicon.ico 0% URL Reputation safe




www.etmall.com.tw/favicon.ico 0% URL Reputation safe




it.search.dada.net/favicon.ico 0% URL Reputation safe




search.hanafos.com/favicon.ico 0% URL Reputation safe




cgi.search.biglobe.ne.jp/favicon.ico 0% Virustotal Browse

cgi.search.biglobe.ne.jp/favicon.ico 0% Avira URL Cloud safe

www.abril.com.br/favicon.ico 0% URL Reputation safe


Unpacked PE Files

Domains

URLs


https://www.metadefender.com/#!/results/file/YnpJeE1ESXlNRGhqU1ZKaVpUUklSd182bERuRUdXY0Q/regular/analysis

https://www.metadefender.com/#!/results/file/YnpJeE1ESXhORzFNY1Rkb1J6SlVkMWsyV3lVNW14TmRB/regular/analysis

https://www.virustotal.com/gui/url/60462348a921e4ab90df5120b87007492f1c9171ba2784f00a9470ad5921c7fa/detection/u-60462348a921e4ab90df5120b87007492f1c9171ba2784f00a9470ad5921c7fa-1613737597



search.msn.co.jp/results.aspx?q= 0% URL Reputation safe




buscar.ozu.es/ 0% Virustotal Browse

buscar.ozu.es/ 0% Avira URL Cloud safe

busca.igbusca.com.br/ 0% URL Reputation safe




search.auction.co.kr/ 0% URL Reputation safe




busca.buscape.com.br/favicon.ico 0% URL Reputation safe




www.pchome.com.tw/favicon.ico 0% URL Reputation safe




browse.guardian.co.uk/favicon.ico 0% URL Reputation safe




google.pchome.com.tw/ 0% URL Reputation safe




www.ozu.es/favicon.ico 0% Virustotal Browse

www.ozu.es/favicon.ico 0% Avira URL Cloud safe

search.yahoo.co.jp/favicon.ico 0% URL Reputation safe




www.gmarket.co.kr/ 0% URL Reputation safe




searchresults.news.com.au/ 0% URL Reputation safe




www.asharqalawsat.com/ 0% URL Reputation safe




search.yahoo.co.jp 0% URL Reputation safe




buscador.terra.es/ 0% URL Reputation safe




search.orange.co.uk/favicon.ico 0% URL Reputation safe

search.orange.co.uk/favicon.ico 0% URL Reputation safe



https://www.virustotal.com/gui/url/ac51ad9fcc94a925ce7b7efffd7a68bb43cd599d420a51e7706230f04f0bb5bb/detection/u-ac51ad9fcc94a925ce7b7efffd7a68bb43cd599d420a51e7706230f04f0bb5bb-1594652262

https://www.virustotal.com/gui/url/d082bb1c20dacaa66012c6609359133975fc1b845526bcb79f8e52cb2bcd73a5/detection/u-d082bb1c20dacaa66012c6609359133975fc1b845526bcb79f8e52cb2bcd73a5-1576564490

Name IP Active Malicious Antivirus Detection Reputation

download-stats.r53-2.services.mozilla.com 35.155.87.117 true false high

dzlgdtxcws9pb.cloudfront.net 13.224.96.162 true false high

bouncer-bouncer-elb.prod.mozaws.net 52.23.121.221 true false high

firefox.com 44.236.48.31 true false high

www.firefox.com unknown unknown false high

download-stats.mozilla.org unknown unknown false high

Name Malicious Antivirus Detection Reputation

download-stats.mozilla.org/stub/v8/aurora/aurora/en-GB/1/1/10/0/17134/0/0/11/0/9/0//0/0/43/42/0/0/0/0/0/1/0/0/0/0/0/1/1/0/1/Unknown//0/0

false high

Name Source Malicious Antivirus Detection Reputation

search.chol.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.mercadolivre.com.br/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe

unknown

www.merlin.com.pl/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

search.ebay.de/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.mtv.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.rambler.ru/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.nifty.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.dailymail.co.uk/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

www3.fnac.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

buscar.ya.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

search.yahoo.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.sogou.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

asp.usatoday.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

fr.search.yahoo.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

rover.ebay.com setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

in.search.yahoo.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

img.shopzilla.com/shopzilla/shopzilla.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries


search.ebay.in/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

image.excite.co.jp/jp/favicon/lep.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

https://www.instagram.com/mozilla/ installer-help[1].htm.21.dr false high

https://stats.g.doubleclick.net/j/collect analytics[1].js.21.dr false high

%s.com setup-stub.exe, 00000001.00000002.299151180.00000000036E0000.00000002.00000001.sdmp


low

msk.afisha.ru/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.reddit.com/ msapplication.xml4.20.dr false high

busca.igbusca.com.br//app/static/images/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

search.rediff.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.ya.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.etmall.com.tw/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

it.search.dada.net/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

search.naver.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.google.ru/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

search.hanafos.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

https://twitter.com/mozilla installer-help[1].htm.21.dr false high

https://bugzilla.mozilla.org/show_bug.cgi?id=1122305#c8

installer-help[1].htm.21.dr false high

cgi.search.biglobe.ne.jp/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false 0%, Virustotal, BrowseAvira URL Cloud: safe

unknown

www.abril.com.br/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

search.daum.net/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

search.naver.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

search.msn.co.jp/results.aspx?q= setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

www.clarin.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

buscar.ozu.es/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

kr.search.yahoo.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

search.about.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high



https://www.virustotal.com/gui/url/60462348a921e4ab90df5120b87007492f1c9171ba2784f00a9470ad5921c7fa/detection/u-60462348a921e4ab90df5120b87007492f1c9171ba2784f00a9470ad5921c7fa-1613737597

https://www.virustotal.com/gui/url/ac51ad9fcc94a925ce7b7efffd7a68bb43cd599d420a51e7706230f04f0bb5bb/detection/u-ac51ad9fcc94a925ce7b7efffd7a68bb43cd599d420a51e7706230f04f0bb5bb-1594652262

busca.igbusca.com.br/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity

setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.ask.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.priceminister.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.cjmall.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

search.centrum.cz/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

suche.t-online.de/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.google.it/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

search.auction.co.kr/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

www.ceneo.pl/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.amazon.de/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

sads.myspace.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

busca.buscape.com.br/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

www.pchome.com.tw/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

browse.guardian.co.uk/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

google.pchome.com.tw/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

list.taobao.com/browse/search_visual.htm?n=15&q= setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.rambler.ru/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

uk.search.yahoo.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

espanol.search.yahoo.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.ozu.es/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

search.sify.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

openimage.interpark.com/interpark.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

search.yahoo.co.jp/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown



https://www.virustotal.com/gui/url/d082bb1c20dacaa66012c6609359133975fc1b845526bcb79f8e52cb2bcd73a5/detection/u-d082bb1c20dacaa66012c6609359133975fc1b845526bcb79f8e52cb2bcd73a5-1576564490

search.ebay.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.gmarket.co.kr/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

search.nifty.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

searchresults.news.com.au/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

www.google.si/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.google.cz/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.soso.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.univision.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

search.ebay.it/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.amazon.com/ msapplication.xml.20.dr false high

images.joins.com/ui_c/fvc_joins.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.asharqalawsat.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

busca.orange.es/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

cnweb.search.live.com/results.aspx?q= setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.twitter.com/ msapplication.xml5.20.dr false high

auto.search.msn.com/response.asp?MT= setup-stub.exe, 00000001.00000002.299151180.00000000036E0000.00000002.00000001.sdmp

false high

search.yahoo.co.jp setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

www.target.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

buscador.terra.es/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

mozilla.org/MPL/2.0/. Firefox Installer.exe, 00000000.00000003.196148324.0000000002D70000.00000004.00000001.sdmp, setup-stub.exe, 00000001.00000002.297791412.000000000087C000.00000004.00000001.sdmp, setup-stub.exe, 00000001.00000002.297132069.0000000000422000.00000004.00020000.sdmp, setup-stub.exe, 00000001.00000003.294333845.000000000087C000.00000004.00000001.sdmp, stub_common.css.1.dr, installing.html.1.dr, installing.js.1.dr

false high

https://firefox.com/set_hsts.gif installer-help[1].htm.21.dr false high

search.orange.co.uk/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

www.iask.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown



www.tesco.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

cgi.search.biglobe.ne.jp/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

search.seznam.cz/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

suche.freenet.de/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

search.interpark.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

search.ipop.co.kr/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp


unknown

search.espn.go.com/ setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

www.myspace.com/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high

search.centrum.cz/favicon.ico setup-stub.exe, 00000001.00000002.299853409.00000000037D3000.00000002.00000001.sdmp

false high


No. of IPs < 25%

25% < No. of IPs < 50%

50% < No. of IPs < 75%

75% < No. of IPs

IP Domain Country Flag ASN ASN Name Malicious

13.224.96.162 unknown United States 16509 AMAZON-02US false



Contacted IPs

Public


https://www.virustotal.com/gui/url/afb81ea0ecdfa01db59f278b833add9dbc96e7d5842d3988c3ab2953d570d432/detection/u-afb81ea0ecdfa01db59f278b833add9dbc96e7d5842d3988c3ab2953d570d432-1609253783

General Information

Joe Sandbox Version: 31.0.0 Emerald

Analysis ID: 355697

Start date: 21.02.2021

Start time: 01:22:13

Joe Sandbox Product: CloudBasic

Overall analysis duration: 0h 6m 31s

Hypervisor based Inspection enabled: false

Report type: light

Sample file name: Firefox Installer.exe

Cookbook file name: default.jbs

Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

Number of analysed new started processes analysed: 32

Number of new started drivers analysed: 0

Number of existing processes analysed: 0

Number of existing drivers analysed: 0

Number of injected processes analysed: 0

Technologies: HCA enabledEGA enabledHDC enabledAMSI enabled

Analysis Mode: default

Analysis stop reason: Timeout

Detection: SUS

Classification: sus22.spyw.winEXE@7/64@3/3

EGA Information: Failed

HDC Information: Successful, ratio: 98% (good quality ratio 89.3%)Quality average: 76.5%Quality standard deviation: 35.3%

HCA Information: Failed

Cookbook Comments: Adjust boot timeEnable AMSIFound application associated with file extension: .exe


Warnings:Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exeTCP Packets have been reduced to 100Excluded IPs from analysis (whitelisted): 104.43.139.144, 13.88.21.125, 92.122.145.220, 104.43.193.48, 52.255.188.83, 168.61.161.212, 51.11.168.160, 23.218.208.56, 88.221.62.148, 104.18.165.34, 104.18.164.34, 142.250.184.104, 216.58.212.142, 8.248.117.254, 67.27.157.254, 67.27.159.126, 8.253.204.121, 67.26.83.254, 20.54.26.129, 51.104.144.132, 92.122.213.247, 92.122.213.194, 152.199.19.161Excluded domains from analysis (whitelisted): download.mozilla.org, arc.msn.com.nsatc.net, www.mozilla.org.cdn.cloudflare.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, e12564.dspb.akamaiedge.net, go.microsoft.com, www.googletagmanager.com, audownload.windowsupdate.nsatc.net, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.google-analytics.com, fs.microsoft.com, www-google-analytics.l.google.com, ie9comview.vo.msecnd.net, www-googletagmanager.l.google.com, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, www.mozilla.org, skypedataprdcolwus15.cloudapp.net, cs9.wpc.v0cdn.netReport size exceeded maximum capacity and may have missing behavior information.Report size getting too big, too many NtOpenKeyEx calls found.Report size getting too big, too many NtProtectVirtualMemory calls found.Report size getting too big, too many NtQueryValueKey calls found.

No simulations

Match Associated Sample Name / URL SHA 256 Detection Link Context

13.224.96.162 https://townemortgage-my.sharepoint.com/:b:/p/cislami/ETa8xXdrX-FKtlaSfOphTioBLICbx4muhejuoDN0jK0wqw?e=4%3aBnR24e&at=9

Get hash malicious Browse

Show All

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs


https://view.joesandbox.com/analysis/248279/html/none?idtype=webid#static

https://view.joesandbox.com/analysis/248279/html/none?idtype=webid

https://www.canva.com/design/DAEP8Lslefs/1QHXKjNU7Rc-vcFi3qKqEA/view?utm_content=DAEP8Lslefs&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton


https://www.canva.com/design/DAEPXu2qGvw/k5VLbFVATM5hEHHOGOOwNA/view?utm_content=DAEPXu2qGvw&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink




https://airtable.com/shrvUPgQ9zYvsB8r6 Get hash malicious Browse

https://www.canva.com/design/DAEOhhihuRE/ilbmdiYYv4SZabsnRUeaIQ/view?utm_content=DAEOhhihuRE&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton


https://nl.raymondbaez.com/xxx/redirect/ Get hash malicious Browse

https://www.canva.com/design/DAEN3YdYVHw/zaVHWoDx-9G9l20JXWSBtg/view?utm_content=DAEN3YdYVHw&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton


https://www.canva.com/design/DAENr9VVSBY/j0BB1RmEldachKWw-1swmQ/view?utm_content=DAENr9VVSBY&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink


https://www.canva.com/design/DAENVYOHvFA/QhSvoOcZFDz8qgW3A0jWDQ/view?utm_content=DAENVYOHvFA&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton


https://www.canva.com/design/DAEMXlzyBJo/VT_PJS9miMeLf1BsAVFwFA/view?utm_content=DAEMXlzyBJo&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton


https://www.canva.com/design/DAEMXlzyBJo/VT_PJS9miMeLf1BsAVFwFA/view?utm_content=DAEMXlzyBJo&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton


https://www.canva.com/design/DAEMdmL9jFw/8ZJKhuApMc0F-GfEMjLbGg/view?utm_content=DAEMdmL9jFw&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink


https://www.canva.com/design/DAEMYJa0q38/pqva4aItg5UutnXwpQWdBA/view?utm_content=DAEMYJa0q38&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink


https://www.canva.com/design/DAEJ02ptevs/3JYtKOkIl0JKiwwgCUSQKw/view?utm_content=DAEJ02ptevs&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton


https://customonehomes-my.sharepoint.com/:b:/g/personal/sheila_customonehomesmn_com/ETIP3qftFphArSEZPzIQjWoBYOSk7xE5-Wh6Nzt2BkRJpw?e=4%3aBiJK0J&at=9


44.236.48.31 https://www.canva.com/design/DAEQZtuJBHQ/-KqHZHDeeo0Ff-f1vALKQQ/view?utm_content=DAEQZtuJBHQ&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink




https://www.canva.com/design/DAEPWILyBiI/ZnP1WTHl7xNwOB76L4gORw/view?utm_content=DAEPWILyBiI&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink


https://airtable.com/shrvUPgQ9zYvsB8r6 Get hash malicious Browse









































https://www.canva.com/design/DAEPD5F7x4w/nI8qoCkPV-p6ew3evzbyTw/view?utm_content=DAEPD5F7x4w&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton


https://nl.raymondbaez.com/xxx/redirect/ Get hash malicious Browse

https://www.canva.com/design/DAEN9RlD8Vk/acBvt6UoL-DafjXmQk38pA/view?utm_content=DAEN9RlD8Vk&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink


https://my.freshbooks.com/#/link/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzeXN0ZW1pZCI6OTQ3OTM1LCJ1c2VyaWQiOjYzNDYyNywidHlwZSI6Imludm9pY2UiLCJvYmplY3RpZCI6Mjg4MjQ0OSwiZXhwIjoxNjM3MjY5MTgxLCJsZXZlbCI6MH0.DGVcXxdiwtgxTUka4TzPi_o6GS8zH-kvvTnFJZxapLg?companyName=Amanda&invoiceNumber=00007767&ownerEmail=avigilante%40maxburst.com&type=primary








dzlgdtxcws9pb.cloudfront.nethttps://www.canva.com/design/DAESYWKuLHs/avvDNRvDuj_tk82H9Q45ZQ/view?utm_content=DAESYWKuLHs&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton

Get hash malicious Browse 143.204.6.224

y.novobanco.opengateautospray.com/674616e69612e726f7361406e6f766f62616e636f2e7074


https://www.canva.com/design/DAEQ9wWiiI4/xe_9LxFtkmjBa9UV_tvT3Q/view?utm_content=DAEQ9wWiiI4&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink


https://www.canva.com/design/DAEQZtuJBHQ/-KqHZHDeeo0Ff-f1vALKQQ/view?utm_content=DAEQZtuJBHQ&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink


https://townemortgage-my.sharepoint.com/:b:/p/cislami/ETa8xXdrX-FKtlaSfOphTioBLICbx4muhejuoDN0jK0wqw?e=4%3aBnR24e&at=9


https://www.canva.com/design/DAEP8Lslefs/1QHXKjNU7Rc-vcFi3qKqEA/view?utm_content=DAEP8Lslefs&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton




https://www.canva.com/design/DAEPYcksizk/0MRkCRv3o_LJBVKhQRIOLQ/view?utm_content=DAEPYcksizk&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton


https://www.canva.com/design/DAEPWILyBiI/ZnP1WTHl7xNwOB76L4gORw/view?utm_content=DAEPWILyBiI&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink


https://airtable.com/shrvUPgQ9zYvsB8r6 Get hash malicious Browse 13.224.96.162

https://www.canva.com/design/DAEPD5F7x4w/nI8qoCkPV-p6ew3evzbyTw/view?utm_content=DAEPD5F7x4w&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton


Domains






































https://www.canva.com/design/DAEOhhihuRE/ilbmdiYYv4SZabsnRUeaIQ/view?utm_content=DAEOhhihuRE&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton


https://nl.raymondbaez.com/xxx/redirect/ Get hash malicious Browse 13.224.96.162

https://www.canva.com/design/DAEN9RlD8Vk/acBvt6UoL-DafjXmQk38pA/view?utm_content=DAEN9RlD8Vk&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink


https://my.freshbooks.com/#/link/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzeXN0ZW1pZCI6OTQ3OTM1LCJ1c2VyaWQiOjYzNDYyNywidHlwZSI6Imludm9pY2UiLCJvYmplY3RpZCI6Mjg4MjQ0OSwiZXhwIjoxNjM3MjY5MTgxLCJsZXZlbCI6MH0.DGVcXxdiwtgxTUka4TzPi_o6GS8zH-kvvTnFJZxapLg?companyName=Amanda&invoiceNumber=00007767&ownerEmail=avigilante%40maxburst.com&type=primary




https://www.canva.com/design/DAENqED8UzU/0m_RcAQIILTwa79MyPG8KA/view?utm_content=DAENqED8UzU&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton





Firefox Installer.exe Get hash malicious Browse 52.42.67.12



bouncer-bouncer-elb.prod.mozaws.net https://townemortgage-my.sharepoint.com/:b:/p/cislami/ETa8xXdrX-FKtlaSfOphTioBLICbx4muhejuoDN0jK0wqw?e=4%3aBnR24e&at=9



Setup.exe Get hash malicious Browse 52.86.101.158

22Firefox Installer.exe Get hash malicious Browse 18.214.169.152

DriverUpdate-setup-30503a29-618a-4545-ae2f-f846f9810bbb.exe



19DHL.exe Get hash malicious Browse 3.212.251.241



AMAZON-02US iopjvdf.dll Get hash malicious Browse 13.225.75.73

document-750895311.xls Get hash malicious Browse 143.204.4.74

urgent specification request.exe Get hash malicious Browse 54.238.136.178

P.O-48452689535945.exe Get hash malicious Browse 52.58.78.16

C1.Qoute-Purequest Air Filtration Technologies (Pty) Ltd.xlsm Get hash malicious Browse 13.226.169.13


Shinshin Machinery.exe Get hash malicious Browse 3.141.74.7


CMahQwuvAE.exe Get hash malicious Browse 3.18.253.84

ufsT8EFZBg.exe Get hash malicious Browse 54.185.96.144

l4lHzL7BMk.exe Get hash malicious Browse 54.185.96.144

m5fF9jhh66.exe Get hash malicious Browse 54.185.96.144

MZlUAhy1o7.exe Get hash malicious Browse 54.185.96.144

HBL VRN0924588.xlsx Get hash malicious Browse 3.141.74.7

networkmanager Get hash malicious Browse 54.201.22.174

HEC Batangas Integrated LNG and Power Project DocumentationsType a message.exe.exe


qkfI7LuPTE Get hash malicious Browse 13.224.94.111

ASN










































































jd6kNhbT7v.exe Get hash malicious Browse 54.185.96.144

nPpF6dUvX0.exe Get hash malicious Browse 54.185.96.144

5AFgY3C91D.exe Get hash malicious Browse 54.185.96.144













































9e10692f1b7f78228b2d4e424db3a98c Njs4kjnD5X.dll Get hash malicious Browse 44.236.48.3113.224.96.162

Uiha1GUS7S.dll Get hash malicious Browse 44.236.48.3113.224.96.162

SecuriteInfo.com.Mal.EncPk-APW.20360.dll Get hash malicious Browse 44.236.48.3113.224.96.162

10.dll Get hash malicious Browse 44.236.48.3113.224.96.162

iopjvdf.dll Get hash malicious Browse 44.236.48.3113.224.96.162

d88e07467ddcf9e3b19fa972b9f000d1.exe Get hash malicious Browse 44.236.48.3113.224.96.162

zP9r0Y0QaA.dll Get hash malicious Browse 44.236.48.3113.224.96.162

kYHAeYQDFy.dll Get hash malicious Browse 44.236.48.3113.224.96.162

AtxEaMk8Zr.dll Get hash malicious Browse 44.236.48.3113.224.96.162

JA3 Fingerprints










































































































7PCT0zXmnp.dll Get hash malicious Browse 44.236.48.3113.224.96.162

QAM8tR7ZFa.dll Get hash malicious Browse 44.236.48.3113.224.96.162

DLKGGjg95M.dll Get hash malicious Browse 44.236.48.3113.224.96.162

nS88Jbs3fq.dll Get hash malicious Browse 44.236.48.3113.224.96.162

oij4BmArF3.dll Get hash malicious Browse 44.236.48.3113.224.96.162

mpjKH8lZpe.dll Get hash malicious Browse 44.236.48.3113.224.96.162

YXCDlW9FmD.dll Get hash malicious Browse 44.236.48.3113.224.96.162

MCUE2OrSCd.dll Get hash malicious Browse 44.236.48.3113.224.96.162

AEnV5Az5Io.dll Get hash malicious Browse 44.236.48.3113.224.96.162

PgJq4wSKWt.dll Get hash malicious Browse 44.236.48.3113.224.96.162

YjdyTcR01H.dll Get hash malicious Browse 44.236.48.3113.224.96.162



C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\System.dll

Firefox Setup 78.5.0esr.msi Get hash malicious Browse

FileZilla_3.42.1_win64_sponsored-setup.exe Get hash malicious Browse

Firefox Installer.exe Get hash malicious Browse


https://rpmi.aspire.co/ucs/dl/micollab_pc.msi Get hash malicious Browse

FileZilla_3.41.1_win64-setup_bundled.exe Get hash malicious Browse


Firefox Setup 75.0.msi Get hash malicious Browse

#U6ac3#U8cb7#U5b89#U63a7#U4e2d#U4ecb#U5143#U4ef6.exe


7N9HRsNAb5.exe Get hash malicious Browse




https://download.filezilla-project.org/client/FileZilla_3.34.0_win64-setup_bundled.exe



Firefox_Setup_Stub_58.0.exe Get hash malicious Browse

O9wdkqzdPF.exe Get hash malicious Browse

btweb_installer(1).exe Get hash malicious Browse



C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\CityHash.dll

Firefox Setup 78.5.0esr.msi Get hash malicious Browse

Firefox Setup 75.0.msi Get hash malicious Browse

https://ftp.mozilla.org/pub/firefox/releases/49.0.2/win64/en-US/Firefox%20Setup%2049.0.2.exe


C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7C95EFC1-7426-11EB-90E4-ECF4BB862DED}.datProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: Microsoft Word Document

Category: dropped

Size (bytes): 24152

Entropy (8bit): 1.7632107910271198

Encrypted: false

SSDEEP: 48:Iw1GcprsGwpLhG/ap8LGIpcXWGvnZpvXMGvHZp9XZGokqpvXzQGo47pcFkEWGWUE:rrZEZl2dWDtFfTtP7Wc

MD5: F566B393EAD01B22BA411AC4815C62F4

SHA1: 4B4C085EFD2825F557682923925137AD1EF63B85

Dropped Files

Created / dropped Files






































































SHA-256: 10D6186BD8ED6CEEC97753BDFF99A28E7F82B9147456F712EA52D2EB2F5A7887

SHA-512: 052A6A7907B5C415CC0BD724E915A3DEE744231CB7E6A9E31C27FEF6FD43339CD813258DF2CDE3EB55DD0280B7632A67FAD6F1FBBB5D37969C93BEF33275C51E

Malicious: false

Reputation: low

Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7C95EFC1-7426-11EB-90E4-ECF4BB862DED}.dat

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7C95EFC3-7426-11EB-90E4-ECF4BB862DED}.datProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: Microsoft Word Document

Category: dropped

Size (bytes): 27036

Entropy (8bit): 1.998221273521783

Encrypted: false

SSDEEP: 192:rfZwQUbZP0ecP7sPiqAPhKAPsQPA9P1fNYrAVeVTVIB:rBJSZPEPYPNAPsAPhP4PBNYrAVeVTV2

MD5: F8BF7153B316925A642C9FF3D12F8BA5

SHA1: 112C4A36674D8B033FAD90DDB2B2BDD7140D0C08

SHA-256: C974F9D754D16A935A22A1906B8883504C5A96E50F15A402E62354F9B6660EAD

SHA-512: A2DAD651344C91DA11D8977CB20EA0C6EF4F31B70E0DDD2CDDB2E8AA8959DD3D551584985B00DA8AC82EDCFF13ADAA8E60D9741B377AD47E06D6EE03FE4A4FEF

Malicious: false

Reputation: low

Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

Category: dropped

Size (bytes): 656

Entropy (8bit): 5.126665028668184

Encrypted: false

SSDEEP: 12:TMHdNMNxOEjnWimI002EtM3MHdNMNxOEjnWimI00ObVbkEtMb:2d6NxO2SZHKd6NxO2SZ76b

MD5: 0A7442A034D1DFDD1015155F569BB9A3

SHA1: C0799F7316F4873FE966BC01F0E09E686C203031

SHA-256: 61B243688364B871641508783466188BF5793A8E7F5D0271B045FC607729A7D3

SHA-512: 6693DAFCE4786655CACA183291CC1749C3246791AAC314A2224537212CC95F8787B6B00A8424095130447DE17F9661A9FA92F186CB628A4FDB835C21EE55C07F

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x5281a465,0x01d70833</date><accdate>0x5281a465,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x5281a465,0x01d70833</date><accdate>0x5281a465,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..



Category: dropped

Size (bytes): 653

Entropy (8bit): 5.131093561174962

Encrypted: false

SSDEEP: 12:TMHdNMNxe2ktnWimI002EtM3MHdNMNxe2k7nWimI00Obkak6EtMb:2d6NxrISZHKd6NxrGSZ7Aa7b

MD5: 9E5C8FFB0EE753A5DE5FBA362FC4B583

SHA1: 7241296BA82B78B1B3DC58BBEC5445331E5C8D7D

SHA-256: DFD5CB572FB2674C2FE07CDEB197DC604E80E0172C06192BB4FCED24FAAC38BE

SHA-512: DB03B8EF3C4D9C26D12E4BF4E88F31142965A35CF907F3E3D7A4CADCABF960E8F7056CA626C917D36901DAC9DA7A6049681DB6290FFB6F16975B4F5AED0C758C

Malicious: false

Reputation: low


Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x527a7d49,0x01d70833</date><accdate>0x527a7d49,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x527a7d49,0x01d70833</date><accdate>0x527cdfae,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml



Category: dropped

Size (bytes): 662

Entropy (8bit): 5.134205203915093

Encrypted: false

SSDEEP: 12:TMHdNMNxvLBnWimI002EtM3MHdNMNxvLBnWimI00ObmZEtMb:2d6Nxv9SZHKd6Nxv9SZ7mb

MD5: BB1522911391344B1CC39157D8B467FA

SHA1: B0462DDA70DE710E25C873582845EA3D3216E117

SHA-256: CF49A20F8F81FCDC253E60B9E044D9736E1150C9BC8662347778297C8C706D3F

SHA-512: D397E6CDA89ACB455C92F03E2FD68DB924BD7ADB8AAB233F0DB38B38447253467C6E3B091628A276C3C5E8A10103A65C247ECBE12992BA6BB9E782078119E685

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x528406c1,0x01d70833</date><accdate>0x528406c1,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x528406c1,0x01d70833</date><accdate>0x528406c1,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..



Category: dropped

Size (bytes): 647

Entropy (8bit): 5.142873720939887

Encrypted: false

SSDEEP: 12:TMHdNMNxijnWimI002EtM3MHdNMNxijnWimI00Obd5EtMb:2d6NxUSZHKd6NxUSZ7Jjb

MD5: 235F281F011C0F4D8376E7442AF47760

SHA1: 102AF018B9BC3E599A05FBD22DBBA1F75D167F9F

SHA-256: 1622DBB9421DDB52FF48B2B3C09E010D0BFF6AF1FED375A604D571DA4FFF8738

SHA-512: C81B80FA978728C7112013160727D4E10B3C41CD0085CB82238E46A9468903D7696C91656D3CBD53793AD89DBCBD2636CE2EDA78CF9A2E6BD43CD994C7D5D2A5

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x5281a465,0x01d70833</date><accdate>0x5281a465,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x5281a465,0x01d70833</date><accdate>0x5281a465,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..



Category: dropped

Size (bytes): 656

Entropy (8bit): 5.149144721145254

Encrypted: false

SSDEEP: 12:TMHdNMNxhGwBnWimI002EtM3MHdNMNxhGwBnWimI00Ob8K075EtMb:2d6NxQQSZHKd6NxQQSZ7YKajb

MD5: F6072A51EB00B8CFEE502C49B008709B

SHA1: 8A6DEC1F378F777F011ADC15F43B0F9E3F7F298E

SHA-256: 631C7997702B56ED01407E36A0BD6E5A07CE66C5C9C6B28A7FD270C52B88A0C1

SHA-512: 22777B3C749B0A57738A2EE3848B29C47CA12B9C7686C3784DE2FC2334D30A8817F2F172CF9A6E6E619B95C16EF29B3934ACA7613F8787806E6FA2940E8D6B7E

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x528406c1,0x01d70833</date><accdate>0x528406c1,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x528406c1,0x01d70833</date><accdate>0x528406c1,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..




Category: dropped

Size (bytes): 653

Entropy (8bit): 5.129984340022935

Encrypted: false

SSDEEP: 12:TMHdNMNx0njnWimI002EtM3MHdNMNx0njnWimI00ObxEtMb:2d6Nx0jSZHKd6Nx0jSZ7nb

MD5: 48BC5B879603B59B287F82CAFA3B12BF

SHA1: 5B8EB0184341A7716BE031D6D8D8E844C5792A00

SHA-256: DDB111BBB876809C64EB38495ACBF44C273ACFEDA44C5660C957B7135FAFAC0A

SHA-512: E3FEF9886AF5BB987BA67F9E342DEBEB274A9E473010130521CD8D31FC8CE796707CBB1EC47F044A682A79B31EAAA4A0975EE99B3650DB9A5159DE70A979ED46

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x5281a465,0x01d70833</date><accdate>0x5281a465,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x5281a465,0x01d70833</date><accdate>0x5281a465,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe


Category: dropped

Size (bytes): 656

Entropy (8bit): 5.16708872993888

Encrypted: false

SSDEEP: 12:TMHdNMNxxjnWimI002EtM3MHdNMNxxjnWimI00Ob6Kq5EtMb:2d6NxlSZHKd6NxlSZ7ob

MD5: 21B0DA8D861D5C2BE4ADE290FC991E59

SHA1: 49B05DE1ED8A0C2F38F29667F0E635BA9F6EDC58

SHA-256: 9F9BC3108C80AE12D88E951553F25D7EC59F3CDDCCA0A69BFC5C06EBDFD06094

SHA-512: 7C3C23E27067336B45ED2CD51F58534C87AE7FA100D65C340EA6320A01CE702E8ADB85D39C9B5D955ED6C81D46C32A51C270976AB8974C26D34B167B438C742B

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x5281a465,0x01d70833</date><accdate>0x5281a465,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x5281a465,0x01d70833</date><accdate>0x5281a465,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..



Category: dropped

Size (bytes): 659

Entropy (8bit): 5.14845736576335

Encrypted: false

SSDEEP: 12:TMHdNMNxcdnWimI002EtM3MHdNMNxcdnWimI00ObVEtMb:2d6Nx0SZHKd6Nx0SZ7Db

MD5: FD58C633230FA758C01A9473FA898136

SHA1: 14941C8324F6656AD31687202FA9595B2E7C6507

SHA-256: 06AFA234AFF62D3D52E81C71814F636AC6E31DDF16E320146A4DBB47CEB2E1E8

SHA-512: 6923317B219DA4AED5DBE7C41C1D3034D93BA4EACDBD478F17E0C27CFD16631E1B312E8A09FFEA9998B0EBA57CAE5D11662CC1009549EF56B5BEEAA9D94123A9

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x527f4209,0x01d70833</date><accdate>0x527f4209,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x527f4209,0x01d70833</date><accdate>0x527f4209,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..



Category: dropped

Size (bytes): 653


Entropy (8bit): 5.129833054220666

Encrypted: false

SSDEEP: 12:TMHdNMNxfndnWimI002EtM3MHdNMNxfndnWimI00Obe5EtMb:2d6NxlSZHKd6NxlSZ7ijb

MD5: AD69EEDD6AD6C4493BE2C473D9C579C9

SHA1: 0949BE5A71567759F12272FBCC8955E9ECEBE1C2

SHA-256: 6ABFEC0D367087DA70C7414F744BAC32529C6E3759EE213104B0E981535AF50C

SHA-512: 73360DF1CB73F590310895BDA89D23918C038CAE02FFB063897D450EDF004EB833DA61CD0853C29988B0F3C3BB4705223900CDF565786E06E0825D0A15430FB8

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x527f4209,0x01d70833</date><accdate>0x527f4209,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x527f4209,0x01d70833</date><accdate>0x527f4209,0x01d70833</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.datProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: data

Category: dropped

Size (bytes): 8270

Entropy (8bit): 7.884408130588547

Encrypted: false

SSDEEP: 192:qgYrZU6AhtZF+g9uEg64W8ACAvQ1aO+ZDLPZNa+0r:q7kGgu+8yvXOePRY/r

MD5: B0989215CFB436EADED492D795871198

SHA1: 34518BE1E54E5C6441979860ED05B87D3B2A3961

SHA-256: BA4A9AD5385569137B9760283D76BE8622E0F69ED3B1428853F45903F9E60C02

SHA-512: 35A0FD2A4477D9B311272D3CE98043E04AED0E2F53EA9AF8ED42154F50FEAE7B7243E28D91E459EA4D03AC3827A9B9A36E7EE02084601035F3B830E9289EE935

Malicious: false

Reputation: low

Preview:[.h.t.t.p.s.:././.w.w.w...m.o.z.i.l.l.a...o.r.g./.m.e.d.i.a./.i.m.g./.f.a.v.i.c.o.n.s./.f.i.r.e.f.o.x./.b.r.o.w.s.e.r./.f.a.v.i.c.o.n.-.1.9.6.x.1.9.6...5.9.e.3.8.2.2.7.2.0.b.e...p.n.g.r....PNG........IHDR..............x~Y....PLTE.....?..>..~.N\..C..w..q..q..r..9..o..r..E..E.z9..E..D..H..r..{..q.}8..H..r..G.=...E..q.."..C..G..E..8..H.....7.TK..1.,`..8..;..E.9..i..Z5.]C..8.=.._V..9.~R..E.;...7.M..;.A..C?.J;.=B.O8..J..B..F..l.5G.T6..gY9..2L..>.\0.8E..E.;..b-.0Q..F..q..9.i(.....;....W3.9...6..b..[........3..H..........p$../.......B...+..#.....).E...I.v"..H.>...J.._..:..:..:..A.~6.Y...HmZ.6...9t\.hW...A..9..6.x4ZA...&^P...6|[.bT.ZK...J..B..L..2.j6..6....U..H...K..5Y<..W..Q.`5...2..C.b8..2.L...MlK.}%...7.>..Z9.q8..3l0.YF...ceE..p2.{.|S...Ff2..*S..Oo9.t*...Q..P.M.D.3.e<...1.8...Q.e2sQ.'..2...i..o.D.<.s@.+..{S..Z.#X.M..sU.2..XX..\yD.B..<.|J./..D[.jV.5...e.,c.aX..J../....:`..%\7...:.,..5Z.O..r.+...)zC...T.UA.r..U.=.UL.e...Q.[.l?.....Uc..^.D..Q..Ns.~..-..h...ew.sb.e.-..H..?..7..,.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Metropolis-Bold.1b5b51bac870[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Web Open Font Format, CFF, length 17960, version 0.0

Category: downloaded

Size (bytes): 17960

Entropy (8bit): 7.979393130699797

Encrypted: false

SSDEEP: 384:ZkDHSauFx/eNN8Me0neS8LOCdeYftH3AruNhD:ZkixGf9iLOCdvSr

MD5: 1B5B51BAC870E5C2645497A16B769BEC

SHA1: 5577FE0C5BCAF247994B0BE1B1D5048B327FC848

SHA-256: 3C10B2E736B2ABA4E1E629B259A474C1523B62B798AEE56BC0CEE667463EED52

SHA-512: 06EFAB531B442A7EC4F8F4F1DCC7563946AF01AF1A5CB0BD676EA64FDF9AF81C24E734CC09FC91051E8E07E37E19CC905EFEF090DC1FE7131F99B474C0DF6F4D

Malicious: false

Reputation: moderate, very likely benign file

IE Cache URL: https://www.mozilla.org/media/fonts/Metropolis-Bold.1b5b51bac870.woff

Preview:wOFFOTTO..F(......_.........................CFF ......8:[email protected]....]...R...JGSUB..F.............OS/2...h...N...`i..Tcmap.......0....)...head...$...2...6....hhea...H... ...$....hmtx...X........./.maxp.............9P.name...........;....post........... ......P..9..x.c`d`.........|e`f~...W^.M...5..e..|......$........x......Q...s..m.)/k..nX.m.UX[am.qm....Y.%.r........5.Q..y....B~"YkW g .i..9....'._....=f.!mQ..H2.""..4.zq..J..{y*.....r\[email protected]..).....(9.z....Y..B.....v.rD...B..*..f.n..D..k5..d..y."\.A.E...........A.....<=.L[..}K0...h..<c..Z....F~C....-E.\\'.\]QSKB......C...^...pSkPKz..5..|.w .2.....2..o....V..!U.... Psa. ."d.Z...........c_H....-...$.....2i..&!\..0.MuD[2.....y|.5_...._....`R.`|k..c..A.....;!.....:....N.C....iX..p.-h!.x...R/...v5...8]....G.m.y..'[email protected]`d``[email protected].....~x.c`f.e..................D...........@.w...........c..fi......ArL.L......l.w..x.,.a.a........{IE.3.%mV`.&...mY...G...[s.._

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Metropolis-Medium.cce692f84337[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Web Open Font Format, CFF, length 17708, version 0.0


Size (bytes): 17708

Entropy (8bit): 7.979314948108075

Encrypted: false

SSDEEP: 384:xH3aHFYew3eqHbA6TPSiStLEirPN2j9KkDyjC+DA:xXScusbDZm3rl2ZKkD+C+U


MD5: CCE692F84337013497C8C0C9E90F6517

SHA1: D6A95ACD2C9B10489CE45206938195E999802991

SHA-256: 3C7B11A2AAB87A8F80AEDAD2DE99673BB846BC74240104B600754553995F56F8

SHA-512: 301C442F4FB521B6FA9DDFB1FB5640F1D30BB0F74F4BBC9B9ED6B51C1F23CAE809E8FB71DDFB7C4F19DEF87633C291EAC710C05CA7C5204D796D821499D15301

Malicious: false


IE Cache URL: https://www.mozilla.org/media/fonts/Metropolis-Medium.cce692f84337.woff

Preview:wOFFOTTO..E,......]l........................CFF ......7*..B..{[email protected]..@...._...^...2GSUB..E ............OS/2...l...N...`hN.hcmap.......0....)...head...$...1...6....hhea...L... ...$....hmtx...X.........j:-maxp.............9P.name...........yj..&post........... ......P..9..x.c`d`...;.....|e`f~...W^.M......`)e>..230.D.|......x......Q.E.u..m.m.m.Q....F.6(..v..g...|.g.z.>3.>./9RdS.....J.?..e.\4..>...s.D.=.......*..C.U..9m.....,j.E.~....TIJ..Z.-......1L.T.s)....I.<.:.....!2..Z14.brx.+.hE...J..Lj.s.t.Br.1..%T..M.>.PZ....\....M...:....p......c....".Rg.....1.....u.....:...\^...f..g=..G...}%.Yj.Y.....+.m..............n'5.).;.h.......F+..,@...K......."-.N.@?.}c]..n.e...A'..&QO.yS.a...Tea.J...R....r...{..3.SY.8.R:B.[...'.W:K....A%...;.Nj.....Q!.^*xS5v.%m..-.8..j.7w.h..^i..34.RmVNyQ.Jw.D...A........x.c`d``..o.........R...`...~..dx.c`[email protected][email protected].`......].\.\;...m..-.. ...,.>.d.$.!.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Metropolis-Medium.cce692f84337[1].woff

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\analytics[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines


Size (bytes): 47332

Entropy (8bit): 5.518633523108405

Encrypted: false

SSDEEP: 768:UyC36rcBLbfsl5XqYoyPndHTkoWY3SoavVVy2WiCgYUD0FEw0stZb:UyDAZfY5hVdHTwY3SoIjw0sD

MD5: 6A10EB2BB5C90414980729F4F96FFBDA

SHA1: 8BBBD5948255549E4B691B614AA3177DEA9AF1B7

SHA-256: 0F3BE44690AE9914AE3E47B7752E1BDEA316F09938E9094F99E0DE19CCD8987A

SHA-512: 5A505CBAAEEAB8961AA0DE94767F76A09B6F03E60EB0C72954B85EC0392EE1CE383D2088939A314D3175AB24B7A69390C841CFE0237C1D1C40966B43F22AE929

Malicious: false


IE Cache URL: https://www.google-analytics.com/analytics.js

Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n=this||self,p=function(a,b){a=a.split(".");var c=n;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var q=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},r=function(a){for(var b in a)if(a.hasOwnProperty(b))return!0;return!1};var t=/^(?:(?:https?|mailto|ftp):|[^:/?#]*(?:[/?#]|$))/i;var v=window,x=document,y=function(a,b){x.addEventListener?x.addEventListener(a,b,!1):x.attachEvent&&x.attachEvent("on"+a,b)};var z={},A=function(){z.TAGGING=z.TAGGING||[];z.TAGGING[1]=!0};var B=/:[0-9]+$/,C=function(a,b,c){a=a.split("&");for(var d=0;d<a.length;d++){var e=a[d].split("=");if(decodeURIComponent(e[0]).replace(/\+/g," ")===b)return b=e.slice(1).join("="),c?b:decodeURIComponent(b).replace(/\+/g," ")}},F=function(a,b){b&&(b=String(b).toLowerCase());if("p

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\black.0b92f54b3059[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image


Size (bytes): 471

Entropy (8bit): 4.598094550080737

Encrypted: false

SSDEEP: 12:trZvnlKIZdWJ0Ti2cKYJb8ZfmqBTJF1LCBAME:tVvnYaYJSihRJb8ZffTL1LCBAME

MD5: 0B92F54B305911937F1B046B407F1DF8

SHA1: BE25A32BB81E20FB33CB31C11BCE6BBB30A36094

SHA-256: D705F7F6B5A32CC664AB1EC268D7342F79A748BEED62F065A5618B5BA5F7DC5D

SHA-512: 60D188162B8A0E3A14B35F07993367FA1BE327B384157CDB43B11BA376517ACC622878F4168CDD9F39B62CE74106399F0F29F2D6E55C92B3244F0BE09EEDF020

Malicious: false

IE Cache URL: https://www.mozilla.org/media/protocol/img/icons/social/youtube/black.0b92f54b3059.svg

Preview:<svg width="16" height="16" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg"><path d="M15.666 3.749C16 4.997 16 7.599 16 7.599s0 2.604-.334 3.852a2.004 2.004 0 0 1-1.415 1.415C13.003 13.2 8 13.2 8 13.2s-5.003 0-6.251-.334A2.004 2.004 0 0 1 .334 11.45C0 10.203 0 7.6 0 7.6s0-2.603.334-3.851A2.004 2.004 0 0 1 1.75 2.334C2.997 2 7.999 2 7.999 2s5.004 0 6.252.334c.689.184 1.23.726 1.415 1.415zM6.4 9.999L10.557 7.6 6.4 5.2V10z" fill="#000" fill-rule="evenodd"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\black.40d1af88c248[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 1681

Entropy (8bit): 4.263886668961708

Encrypted: false

SSDEEP: 24:tiBj16xQpKeTJhIP1NRbdWhuJLi0XjTwbZQ8720FiBWCFlHULHRqogVDncMG:i6xQpKSJ2lWhuJLzngfQgax8HR/gZ0

MD5: 40D1AF88C248598FB555505C975698BE

SHA1: EED5B36F4C5A966760E6863843A770CEE5A6B90F

SHA-256: E95A342F7A1F74B84675401D23453D0A591A81861E79EA6662334D8F5B419C4F


SHA-512: 11CFE694F1B015EC9097FFFF67C06315EC8CF46DE6111B1D720FB3C96056D2B6FADABE481AF548554474263B800B0AD3E09A4CF1D74EE4F34470D246CA92399C

Malicious: false

IE Cache URL: https://www.mozilla.org/media/protocol/img/logos/mozilla/black.40d1af88c248.svg

Preview:<svg width="112" height="32" xmlns="http://www.w3.org/2000/svg" style="background:#000"><path d="M30.954 22.564h1.86v3.09h-5.826v-7.975c0-2.458-.806-3.404-2.386-3.404-1.922 0-2.696 1.387-2.696 3.373v4.948h1.859v3.089h-5.857v-8.006c0-2.458-.806-3.404-2.386-3.404-1.921 0-2.696 1.387-2.696 3.373v4.948h2.665v3.089H7v-3.089h1.86V14.56H7v-3.09h5.857v2.144c.837-1.513 2.293-2.427 4.245-2.427 2.015 0 3.874.977 4.556 3.058.774-1.892 2.355-3.058 4.555-3.058 2.51 0 4.803 1.545 4.803 4.917v6.461h-.062zm11.001.284c-2.169 0-3.285-1.891-3.285-4.35 0-2.679 1.27-4.223 3.316-4.223 1.89 0 3.409 1.292 3.409 4.16 0 2.743-1.364 4.413-3.44 4.413zm.093-11.662c-5.02 0-7.5 3.436-7.5 7.596 0 4.539 2.976 7.218 7.283 7.218 4.463 0 7.685-2.868 7.685-7.407 0-3.971-2.448-7.407-7.468-7.407zm19.988 9.204l3.16.315-.867 4.98H52.15l-.402-2.143 7.684-8.983h-4.369l-.62 2.206-2.881-.315.495-4.98h12.241l.31 2.143-7.747 8.983h4.524l.65-2.206zm6.105 5.295h4.183v-5.106h-4.183v5.106zm0-9.11h4.183V11.47h-4.183v5.106zM84.874 4l-6.04

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\black.40d1af88c248[1].svg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\icon-fpn-beta.9e7bc3a29f6e[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 2577

Entropy (8bit): 5.033660474488909

Encrypted: false

SSDEEP: 48:nnSHJmeWHpW+zAnsnN4HJGWNQNuFMgQtohHpB6eexCTAWwP7:nSm48Osah6lTohJn7TAWwD

MD5: 9E7BC3A29F6E384D28FE7600252D8D23

SHA1: E768BBAE73B4F0B75D8221CBE4FCF5E87F6E1E0F

SHA-256: F27170723143E0A5310F65C230B259D20655E110DA18C1F02694B5AAFE6B2AB7

SHA-512: 1B8465845C9F27D39B96A95DB1FA446EFB609904BD6581DD5801B16DB488454F3FE45EB66DA2BDA43A9B9B9E2A44CEF767C9691D330D4B2683490CFC1D26955E

Malicious: false

IE Cache URL: https://www.mozilla.org/media/img/nav/icons/icon-fpn-beta.9e7bc3a29f6e.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" viewBox="0 0 32 32">. <path fill="#008787" d="M28.7 20.6H15.6c-.4 0-.7.3-.7.7v2.1c0 3.1 2.5 5.6 5.6 5.6h7.2c2.3 0 4.2-1.9 4.2-4.2V23c0-1.1-1-2.4-3.2-2.4z"></path>. <linearGradient id="a" x1="26.9067" x2="24.0047" y1="6.7601" y2="9.5076" gradientTransform="matrix(1 0 0 -1 0 34)" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#054096" stop-opacity=".5"></stop>. <stop offset=".09995" stop-color="#173ba1" stop-opacity=".442"></stop>. <stop offset=".2949" stop-color="#3434b3" stop-opacity=".329"></stop>. <stop offset=".4888" stop-color="#482ec1" stop-opacity=".217"></stop>. <stop offset=".6797" stop-color="#552bc8" stop-opacity=".107"></stop>. <stop offset=".864" stop-color="#592acb" stop-opacity="0"></stop>. </linearGradient>. <path fill="url(#a)" d="M28.7 20.6H15.6c-.4 0-.7.3-.7.7v2.1c0 3.1 2.5 5.6 5.6 5.6h7.2c2.3 0 4.2-1.9 4.2-4.2V23c0-1.1-1-2.4-3.2-2.4z" opacity=".9"></path>. <linearGrad

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\icon-privacy-promise.eee1662acb03[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 3991

Entropy (8bit): 4.986519310279732

Encrypted: false

SSDEEP: 48:n5HJH0GHQKHjFfz39oWyfANXRZiHJ2fw74S/6eKqd/OMHJsZ2iV++pVMSqd/OVHF:5DQKJZPEMWuaISROMH5ROVQk

MD5: EEE1662ACB03543A9A24B25903FCF8E9

SHA1: 46F6E2300D4FEAD760620F55A25AEB1E7AC0382E

SHA-256: 0E3E64B31E3CF5018358042F8AAFEE2F4351970BFFBD6F03E48747BCB6AEFABE

SHA-512: DA7C1D9C2642CDF4678F993BE3ACA9728714A3D31561C99FD0161A6C69068404161883BAFDF2DF3B24325876A23708D09DF9B669167EF52999CAE1D4AC3C99C5

Malicious: false

IE Cache URL: https://www.mozilla.org/media/img/nav/icons/icon-privacy-promise.eee1662acb03.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" viewBox="0 0 32 32">. <linearGradient id="a" x1="20.5504" x2="20.5504" y1="6.4937" y2="30" gradientTransform="matrix(1 0 0 -1 0 34)" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#3a8ee6"></stop>. <stop offset=".2359" stop-color="#5c79f0"></stop>. <stop offset=".6293" stop-color="#9059ff"></stop>. <stop offset="1" stop-color="#c139e6"></stop>. </linearGradient>. <path fill="url(#a)" d="M28.8 6.5C27.3 4.9 25.3 4 23.1 4H23c-2.2 0-4.2.8-5.7 2.3l-6.4 6.4c-.5.5-.8 1.2-.8 1.9s.3 1.4.8 1.9l1.2 1.2c.5.5 1.2.8 1.9.8s1.4-.3 1.9-.8l-3.1-3.1 6.4-6.4c1-1 2.3-1.5 3.7-1.5h.1c1.4 0 2.8.6 3.7 1.6 2 2.1 1.9 5.4-.2 7.5L17.4 25c-.8.8-2.1.8-2.8 0l1.5 1.5.2.2c.9.9 2.3.9 3.2.2l9-9.1c3.2-3.1 3.3-8.2.3-11.3z"></path>. <linearGradient id="b" x1="28.5539" x2="14.5874" y1="12.29" y2="12.29" gradientTransform="matrix(1 0 0 -1 0 34)" gradientUnits="userSpaceOnUse">. <stop offset=".136" stop-color="#6a2bea" stop-opacity

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\set_hsts[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with CRLF line terminators

Category: dropped

Size (bytes): 162

Entropy (8bit): 4.43530643106624

Encrypted: false

SSDEEP: 3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGu:q43tISl6kXiMIWSU6XlI5LP8IpfGu

MD5: 4F8E702CC244EC5D4DE32740C0ECBD97

SHA1: 3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF

SHA-256: 9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A

SHA-512: 21047FEA5269FEE75A2A187AA09316519E35068CB2F2F76CFAF371E5224445E9D5C98497BD76FB9608D2B73E9DAC1A3F5BFADFDC4623C479D53ECF93D81D3C9F


Malicious: false

Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\set_hsts[1].htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\site.ddf5d556ecf8[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines, with no line terminators


Size (bytes): 4915

Entropy (8bit): 5.439041642972666

Encrypted: false

SSDEEP: 96:EFjnH/MZUU2rD7hvFHYPf9XnXm5s06fabKPASNsufqyI0l3FqN8:IoUBf7J29nm5sGbEASNsHyIbN8

MD5: DDF5D556ECF822A8E790135943462EBB

SHA1: 46A5E280EC8229897422F81FE8E840AB4E63112B

SHA-256: 711BAF816DA9B69492A2994B8D31B463786B6250B305B46D2774A22CAEAF5275

SHA-512: 6E9D12045C9E39826FE1C21AB38355B20A2B4E6C2F8E47DC5AE7073EB92CE5663346DBE6E16914C941186284F2CA822B34457026FEF086063BB60CD8291DFBCD

Malicious: false

IE Cache URL: https://www.mozilla.org/media/js/BUNDLES/site.ddf5d556ecf8.js

Preview:!function(){"use strict";window.site={getPlatform:function(e,t){return t=t||navigator.platform,e=e||navigator.userAgent,-1!==t.indexOf("Win32")||-1!==t.indexOf("Win64")?"windows":/android/i.test(e)?"android":/linux/i.test(t)||/linux/i.test(e)?"linux":-1!==t.indexOf("MacPPC")?"other":-1!==t.indexOf("iPhone")||-1!==t.indexOf("iPad")||-1!==t.indexOf("iPod")||-1!==t.indexOf("MacIntel")&&"standalone"in navigator?"ios":-1===e.indexOf("Mac OS X")||/Mac OS X 10.[0-8]\D/.test(e)?"other":"osx"},getPlatformVersion:function(e){var t=(e=e||navigator.userAgent).match(/Windows NT (\d+\.\d+)/)||e.match(/Mac OS X (\d+[._]\d+)/)||e.match(/Android (\d+\.\d+)/);return t?t[1].replace("_","."):undefined},getArchType:function(e,t){var i;return t=""===t?"":t||navigator.platform,e=e||navigator.userAgent,(i=/armv\d+/i).test(t)||i.test(e)?RegExp.lastMatch.toLowerCase():/aarch64/.test(t)?"armv8":"x86"},getArchSize:function(e,t){t=""===t?"":t||navigator.platform,e=e||navigator.userAgent;var i=/x64|x86_64|Win64|WOW

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\black.180e8cf7ea9e[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 1637

Entropy (8bit): 4.061688919431878

Encrypted: false

SSDEEP: 48:rnawk9VKZlCHK3lm2UNU52/mQIowSCmSZ5ZB+fP1:mJ9qyKFcRDWnZMH1

MD5: 180E8CF7EA9E0A381B7B2C44E13FBE68

SHA1: C99CD61B0EC2161117F2EF4C14AABD2CC2204502

SHA-256: 2D7263960C6067A8EDE4F1FF8F0D85D33A51C04080C96BD2BD4731DAEA814F4C

SHA-512: 6C8B3729E019B1ECA6C85C5CC3F9A8F287BF3A15972DDA5580100F71FE3BC9133FD73B994ED817B91E90DD29CDC157FD76CF2DDD86A3CCDCBA36CC8BBA3E06D8

Malicious: false

IE Cache URL: https://www.mozilla.org/media/protocol/img/icons/social/instagram/black.180e8cf7ea9e.svg

Preview:<svg width="16" height="16" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg"><path d="M7.997.005c2.172 0 2.445.01 3.298.048.851.039 1.432.174 1.941.372a3.92 3.92 0 0 1 1.417.922c.444.445.718.891.922 1.417.198.509.333 1.09.372 1.941.039.853.048 1.126.048 3.298s-.01 2.444-.048 3.297c-.039.851-.174 1.432-.372 1.941a3.92 3.92 0 0 1-.922 1.417 3.92 3.92 0 0 1-1.417.922c-.509.198-1.09.333-1.941.372-.853.039-1.126.048-3.298.048s-2.444-.01-3.297-.048c-.851-.039-1.432-.174-1.941-.372a3.92 3.92 0 0 1-1.417-.922A3.92 3.92 0 0 1 .42 13.24c-.198-.509-.333-1.09-.372-1.941C.01 10.447 0 10.175 0 8.003s.01-2.445.048-3.298c.039-.851.174-1.432.372-1.941a3.92 3.92 0 0 1 .922-1.417A3.92 3.92 0 0 1 2.76.425C3.268.227 3.849.092 4.7.053 5.553.014 5.825.005 7.997.005zm0 1.441c-2.135 0-2.388.008-3.231.047-.78.035-1.203.166-1.485.275-.374.145-.64.318-.92.598-.28.28-.453.547-.598.92-.11.282-.24.705-.275 1.485-.039.843-.047 1.096-.047 3.232 0 2.135.008 2.388.047 3.231.035.78.165 1.203.275 1.485.145.374.318.6

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\common.28871f85d686[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode text, with very long lines, with no line terminators


Size (bytes): 122875

Entropy (8bit): 5.316355105533018

Encrypted: false

SSDEEP: 1536:62g7Eie6O3FgdYXVZxCtVaNQvXC6dsweT1ugAg5Ec8FCvyV6BbMNnQQCMfdXxWJv:TgeT1wj6rBQNnNXxWRZ7TPF0tpbK

MD5: 28871F85D68643169795BE8CF5F09FB5

SHA1: 1ED8989233A53CA95F54B89B5B94BDA25A35C11D

SHA-256: F5E44245ADE0AF2C033E2B2332AF6D33879CA245CA626B2EEB21FF8B7F3F05EF

SHA-512: CDD4028599A74052C36128D9D662E03131E19ED07AA9421D67FBC36978ABFB82466507EEE50873AD9D5EB6DB343380D8B5A5D0D3E7263EE2E91C9679EA5B968B

Malicious: false

IE Cache URL: https://www.mozilla.org/media/js/BUNDLES/common.28871f85d686.js


Preview:if(function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(S,e){"use strict";function m(e){return null!=e&&e===e.window}var t=[],i=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,o=t.indexOf,n={},r=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},x=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},k=S.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var i,o,r=(n=n||k).createElement("script");if(r.text=e,t)for(i in c)(o=t[i]||t.getAttribute&&t.getAttribute(i))&&r.setAttribute(i,o);n.head.appendChild(r).parentNode.removeChild(r)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[r.call(e)]||"object":typeof e}var f="3.5.1"

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\common.28871f85d686[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\favicon-196x196.59e3822720be[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: PNG image data, 196 x 196, 8-bit colormap, non-interlaced


Size (bytes): 8050

Entropy (8bit): 7.907796996416949

Encrypted: false

SSDEEP: 192:4YrZU6AhtZF+g9uEg64W8ACAvQ1aO+ZDLPZNa+00:jkGgu+8yvXOePRY/0

MD5: 59E3822720BEDCC45CA5E6E6D3220EA9

SHA1: 8DAF0EB5833154557561C419B5E44BBC6DCC70EE

SHA-256: 1D58E7AF9C848AE3AE30C795A16732D6EBC72D216A8E63078CF4EFDE4BEB3805

SHA-512: 5BACB3BE51244E724295E58314392A8111E9CAB064C59F477B37B50D9B2A2EA5F4277700D493E031E60311EF0157BBD1EB2008D88EA22D880E5612CFD085DA6D

Malicious: false

IE Cache URL: https://www.mozilla.org/media/img/favicons/firefox/browser/favicon-196x196.59e3822720be.png

Preview:.PNG........IHDR..............x~Y....PLTE.....?..>..~.N\..C..w..q..q..r..9..o..r..E..E.z9..E..D..H..r..{..q.}8..H..r..G.=...E..q.."..C..G..E..8..H.....7.TK..1.,`..8..;..E.9..i..Z5.]C..8.=.._V..9.~R..E.;...7.M..;.A..C?.J;.=B.O8..J..B..F..l.5G.T6..gY9..2L..>.\0.8E..E.;..b-.0Q..F..q..9.i(.....;....W3.9...6..b..[........3..H..........p$../.......B...+..#.....).E...I.v"..H.>...J.._..:..:..:..A.~6.Y...HmZ.6...9t\.hW...A..9..6.x4ZA...&^P...6|[.bT.ZK...J..B..L..2.j6..6....U..H...K..5Y<..W..Q.`5...2..C.b8..2.L...MlK.}%...7.>..Z9.q8..3l0.YF...ceE..p2.{.|S...Ff2..*S..Oo9.t*...Q..P.M.D.3.e<...1.8...Q.e2sQ.'..2...i..o.D.<.s@.+..{S..Z.#X.M..sU.2..XX..\yD.B..<.|J./..D[.jV.5...e.,c.aX..J../....:`..%\7...:.,..5Z.O..r.+...)zC...T.UA.r..U.=.UL.e...Q.[.l?.....Uc..^.D..Q..Ns.~..-..h...ew.sb.e.-..H..?..7..,.h...:tRNS.....,....AAz.t]\E.^..(................}.J...w..M..3....IDATx...A.. ......n.+K....O5S..].....>.'.....[...BMc.pnB,7\l.Z!...)....(.0t.....b.>[.C.B...#...._...J...1-..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\gtm-snippet.9f9cf2026c5f[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 514

Entropy (8bit): 5.088023472781701

Encrypted: false

SSDEEP: 12:c65DRWyS/yr4tO8qN0S2bRRWGLKX+33vvVlh8Y6Vif:coRWyeUIOR0S0RRWG+u33XVT8Y9f

MD5: 9F9CF2026C5FCAD6AF9F12A2E861FFDA

SHA1: C93A6E6D6F5CB799700A0C3AFBF1966A0426AFB1

SHA-256: 5FF0C822CE892BAE85CA52C2616F7603787FFFD8C072A886A2607E0F630CE730

SHA-512: 305C776B1898EE46D7F249B316D8F601A3203AF610F362C9585C9913A08D3695CE79B4E78934390C6D25F051C86D6A0DB6F1574329F74835CACACC1D048C9633

Malicious: false

IE Cache URL: https://www.mozilla.org/media/js/BUNDLES/gtm-snippet.9f9cf2026c5f.js

Preview:!function(){"use strict";var e=document.getElementsByTagName("html")[0].getAttribute("data-gtm-container-id");"function"==typeof Mozilla.dntEnabled&&!Mozilla.dntEnabled()&&e&&function(e,t,n,a,o,g,m,r,i,l){for(e[a]=e[a]||[],e[a].push({"gtm.start":(new Date).getTime(),event:"gtm.js"}),m=t.getElementsByTagName(n)[0],i=o.length,l="//www.googletagmanager.com/gtm.js?id=@&l="+a;i--;)(g=t.createElement(n)).async=!0,g.src=l.replace("@",o[i]),m.parentNode.insertBefore(g,m)}(window,document,"script","dataLayer",[e])}();

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\logo-sm.0bc3e6ae9d32[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 2491

Entropy (8bit): 7.806829480704644

Encrypted: false

SSDEEP: 48:mXI83rIRArg7EHYgcwKopTauRTO/ikah7p/btfc3KV9H:mXlCE4pczRTUah7p/btE3m

MD5: 0BC3E6AE9D320DDECD3EC7B7E1DE8DAD

SHA1: 9E33E3CBD660C1AFDFB6467F4CD9AB47F3E94FC4

SHA-256: 8DE69D72F41FDEF11C8F8A5BC159A62C754523524B169F02003E9A8DAF3C18E2

SHA-512: 20A3A7E776279DD133C064E87F2535FB7C263A93173504760A5C009007E41BBCC8B871C545EA001893478B35358E9963BF51B04B29DF7C7FE428157C6B8322E6

Malicious: false

IE Cache URL: https://www.mozilla.org/media/protocol/img/logos/firefox/monitor/logo-sm.0bc3e6ae9d32.png

Preview:.PNG........IHDR...@[email protected]..*q.C...X.ZZ.Pe..\.W..8.J..K_..]..^..YFb.2...\.._pZ..<c..[.;f.;l.8..[X..[..Y.<..<d.+m.N].pY.^Y..|.%s.uY.:d."x..\..\.8j..Z.LZ.....\.E...].M..5...Y..{.6.. z..[.S\.#y.K_.zY..~.J_.=.A.H...\..]..].F`.bY.S[.4...Z.V..R..M...[..].....Z..d.3.F.;...j.R\.dY.I_..{.R\.bY.;d.kX.6..L\..\.}Y..d.(s..Y.6.. z.*s.x..#v.$u..c..[[email protected]..\.>\..d..Z..Y..^..Z..\..[.:...Z..Zb]...a...{Y.5...Z.a..9.1.Cc..KO[^...Z.4..._Cb.1.. {..^Z^..oTAe.zY..4.6...{.5.4.Ec..._.._.8...\.;.ja..0...a..^..].6.T..k..;...\..^..[.}.d.."w.3...{..~..\.N].E`..\.R\..[..].UZ.8..I_.vY.ZY..]..\.Bb.K^..[..[..Z..Y..Y.<..=c..]..Z..Y.|Y.lY.^Y.R..A..+l..b..Z.qY.gY.cY..a.'r..c..`..^..Z..Z.4..9d.U..O..L..J.F..2g9d.2.4.1.Q`.1.d\.[^.4.,e.7.~W..2..QQ.JLyY.Gd.B..t.Xn.]..[..>I.o4.....tRNS............AA....-....,...............oL7"..............LLI7-..............................~hfed_><8......................|lgMKK.................}qfdd[URA1..............USA!.da...


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\logo-sm.d3157a6ac671[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 2949

Entropy (8bit): 7.901955484552058

Encrypted: false

SSDEEP: 48:Ekq0oI65bnP3/1MOxag8aVp1A5rI9WQXsUE4DeqxmNGxnPyhoXif/0CRxy7yRlWl:UI65bLwg8CAJIPXPE4aqxmOfXm/7emWl

MD5: D3157A6AC671F6DBE4926EB27308B70B

SHA1: 8E08E23BDB4438BD166A9F2CE089C234F8112FCF

SHA-256: 6DCDF08A7F5FF08A37E3BED32F1B884524AB10081CBA1E3E733EBDFFA71239BE

SHA-512: 3FE0967F5EA3D1888A25D4A26166A2B514B9BA9CE6FC54CF594F31CF7FA02EF938A9D0C2CBC922E523D87632735E4E332D2C80345B5AA4354942C798AC82CDF9

Malicious: false

IE Cache URL: https://www.mozilla.org/media/protocol/img/logos/firefox/browser/developer/logo-sm.d3157a6ac671.png

Preview:.PNG........IHDR...@[email protected].....(.3g.1_v.....Z..d.....v..s....(.t..\..[.T..%...}....i..<..........[...a.Q..t..n...K..=..^..W..j..\..]..u.R.......g....D..&...n.b......[.......a..,.......7..{...W.<...H.:........}..M....."..m..8....w.....r......Z.Z...y..i.T.....{..!...W.P...|....2..u...p....D............y.....}....................v.#$t]...R..&........W.....Y..T..V.?..@..@......\.......58.+%..#pU..K..@[email protected]..?...t.6*.?..4(.$%y?..?...............q..W.(..v..?...Z.%'[email protected]..?.....+..'J.._../.k.."............e..W.'C.83.7/.D..>..W..7..1..3......z..X..P..>..+|.)va........2.....#...[..k..M.!K.#+.j..\..1..(..+..N...........$R..^..G.'7..2.."l/..............!..+.....,..!...j..`..N.+;..7.H..E..3.....*G..E.#A.t..Q..j..!H..m....c..d......|.5w..y.Q..&[.:m.&4....C..4?.'c.7:._.....-..Rf.FP...R....ZtRNS.........)....W..+....?....`:,.....r][email protected]=........vo........P.UP....IDATX..[hRq...L./.t%.K.j[.m."../t...H..T.....B...,k..[...5...s.+m....e..X....oc."

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\logo-word-hor-sm.7e3be091dc25[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 6056

Entropy (8bit): 7.93402909596781

Encrypted: false

SSDEEP: 96:k+4UEJ/BE1ZN2a6i4FkLJm7zxIL0seWCJSXvSuqhIxrVTN9P5M7wndLs53rVfEvy:l4UEVOp2a65KtmiLLCcRqSxx7BEasUvy

MD5: 7E3BE091DC25C8C623363AF683E9B7C1

SHA1: 553BD693564AD6E45E9A820A2024C5F0DCFD88F8

SHA-256: 5CF15E5CE8EB41FEF0DFE02548C885DEB339738BF565C7758574100559856D2C

SHA-512: 78B9BD02687D0594C2325F1F7B344715C6B3992AE8F999CC0C146D4313E0045D9BFEA50F688CB7DB2A56BE20EEF9E3404DD9CDC083A4AE1585DB6E6C00A427B6

Malicious: false

IE Cache URL: https://www.mozilla.org/media/protocol/img/logos/firefox/browser/developer/logo-word-hor-sm.7e3be091dc25.png

Preview:.PNG........IHDR...[[email protected]$3....PLTE....#Y .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .:.E. .:.N. .: .:.M. .: .: .:.J. .: .:.V. .: .: .: .:.B..A. .:.I. .:.H..D. .:.F. .: .: .: .:.F. .: .: .: .:.J. .:.L..L..G. .:.H..B..N. .:.......N.... .:.H..M..B..C..C..C..G."...B..P. .:r......_..G..m.z...k.W...F..l...4...}.o...b..K..F.....q...:......v.z.........s.<...^....6...L.N...@.!...a....,..K..H..........h...u.W..1...w....)......\.... .:.............A...........S..{........x..V..X.....}...........M.?...H.>[email protected].#%[email protected].,&.%&|[email protected].?...K....b..K..\.....0..@..&N.5+.l..9...d..\.....^.$E. $rU..-..=..R..1..0'.h..M.....56.)2.3*.2..&...O..?..3."-._..i.........q..j..Y.4=..G.71..z.'..w..&......P..+z...N............#o$.....-...r..q.].....)H.83.6c.(8.......q..]...$mb........)K.,v."U.*x.+..D..Qi..6.h....tRNS......;....~.....+Z.....$|1.H.....v.|.O8.p."..qA._S...d.dMl..7....i.qq.]C...W....]..kB.......ne?..tVA...][email protected].,...R..(.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\pocket.f21f7a5dedba[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 426

Entropy (8bit): 4.650869241250668

Encrypted: false

SSDEEP: 12:trwdnlKIT6ZO54tvx5WQPV/rZtHSoEep/ceL/rkKWAion:tYY6OO4leQ13HSoDRcqdXiC

MD5: F21F7A5DEDBA662641EA771D23702F5C

SHA1: 35499458E44B95E610C8960BE24FFAAE05C9D0F0

SHA-256: D1B8F4345A5F07AA6BCBE615C9A2D2BF6AE09E851C0B7A7BC32421DD6A7F3E8D

SHA-512: 4E586EFCA3E4888902B9109CC8305471022D771BF3CAFA38AE8F6CC153C981B7C102115550BA9FCF6E606D94880A0F0278273221C5887B2B0D3F1F2B072B0C1D

Malicious: false

IE Cache URL: https://www.mozilla.org/media/protocol/img/logos/pocket/pocket.f21f7a5dedba.svg

Preview:<svg width="24" height="22" xmlns="http://www.w3.org/2000/svg"><path d="M12 21.5c-6.627 0-12-5.373-12-12v-6a3 3 0 0 1 3-3h18a3 3 0 0 1 3 3v6c0 6.627-5.373 12-12 12zm5.977-15.048a1.485 1.485 0 0 0-1.087.479l-4.923 4.924-4.835-4.851A1.476 1.476 0 0 0 6 6.452a1.5 1.5 0 0 0-1.071 2.55l-.024.016 4.94 4.96 1.06 1.06a1.5 1.5 0 0 0 2.121 0l1.06-1.06 4.964-4.96a1.5 1.5 0 0 0-1.073-2.566z" fill="#FF4056" fill-rule="nonzero"/></svg>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\stub-attribution.8015cb233077[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 3297

Entropy (8bit): 5.212335302968477

Encrypted: false


SSDEEP: 96:afT7BkqimbGepZGK8lXlTV0ntyuRLzKJVc:IeqtZGZlXl6y6J

MD5: 8015CB233077A05D739C64838A812B33

SHA1: 17D18397F76F1A4CFB08D0B88E2256B9834C6295

SHA-256: 0DB788ABE3928AB10F5823EDE6FF9FA6076A851FC47E24BAF522D1FB54B2EEF2

SHA-512: 832C36097D63CDB47945DB6F10366EEDFA3E15B9BDEB9863EF3C8A5E21894FFEE86CC1A1C4F3130008E77AF6482C71FEC3DB3ED5FB2332A7B38D2B343A92BB1E

Malicious: false

IE Cache URL: https://www.mozilla.org/media/js/BUNDLES/stub-attribution.8015cb233077.js

Preview:"undefined"==typeof window.Mozilla&&(window.Mozilla={}),function(){"use strict";var u={COOKIE_CODE_ID:"moz-stub-attribution-code",COOKIE_SIGNATURE_ID:"moz-stub-attribution-sig"};u.experimentName,u.experimentVariation,u.withinAttributionRate=function(){return Math.random()<u.getAttributionRate()},u.getAttributionRate=function(){var t=$("html").attr("data-stub-attribution-rate");return isNaN(t)?0:Math.min(Math.max(parseFloat(t),0),1)},u.hasCookie=function(){return Mozilla.Cookies.hasItem(u.COOKIE_CODE_ID)&&Mozilla.Cookies.hasItem(u.COOKIE_SIGNATURE_ID)},u.setCookie=function(t){if(t.attribution_code&&t.attribution_sig){var e=new Date;e.setTime(e.getTime()+864e5);var i=e.toUTCString();Mozilla.Cookies.setItem(u.COOKIE_CODE_ID,t.attribution_code,i,"/"),Mozilla.Cookies.setItem(u.COOKIE_SIGNATURE_ID,t.attribution_sig,i,"/")}},u.getCookie=function(){return{attribution_code:Mozilla.Cookies.getItem(u.COOKIE_CODE_ID),attribution_sig:Mozilla.Cookies.getItem(u.COOKIE_SIGNATURE_ID)}},u.updateBouncerL

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\stub-attribution.8015cb233077[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Inter-Bold.2767206dcd8d[1].woff

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Web Open Font Format, TrueType, length 128008, version 0.0



Entropy (8bit): 7.992898440141803

Encrypted: true

SSDEEP: 3072:HkBSrKM/GaqdnWU5bCai8smfuWCYMAaldZgVwtTcw:EBSd/G3Wc/HMjguD

MD5: 2767206DCD8DAAD63C6A24A5940DF79E

SHA1: 6A3A6EDB7CA2D8B8E1542746884C8A34C12B9F07

SHA-256: CD06B48A60088DF701245B307DD894310B007981E5E5788FC8A3596078D86F76

SHA-512: 60486299BEFE6BEC30D05941D45EBBD619C254F254B0FE28622746984B17BAAB8521B46D83D3990CAB6C72C410F885C0853CC750752E83830A94429DE26D144E

Malicious: false

IE Cache URL: https://www.mozilla.org/media/fonts/Inter-Bold.2767206dcd8d.woff

Preview:wOFF........................................GDEF...0.........'..GPOS......9....v..zeGSUB..<.......3.Fq-.OS/2..V....V...`#.q0cmap..WD..*B..n.....glyf......'........head...<...4...6.3..hhea...p... ...$....hmtx..........%....Ploca...h...p.....I.<maxp........... ....name.......;......d.post...0..%...d.i.Z.x.%..D.Q...s.=..W.o..J"@...^..I..L..`3S)d.*.b.e... .d+H...z..G.cc.".e_v.|.......N.K .nR.%..RyA*c..T>..gR.B*G..Tk..3..z..Vm.6m.vm.......9..e].5]...P...%<.c.h./..o.V.5..lv.uY.s}8.0.r.wy\p...p.`.....q..a....x....]..........{q......?.y..u..._.....~.......L}.g....5..;...E.......#..Z|l..dM.b-.e]..,.. ..8..,..<..*...[.._..........>...~..X.2V....xn...~.V..i.{..u....ex.#a.G.(.B._.7..........S.........w..d...)..t2..."~J*.&.x.\...R|..!f................8..D..0..Yx......U...33....v-X...$.... m.<..P.....%A......B.T.....(...J...7c.....'.....{..3..9....]..!....!a4j.....K...O.O.H!.?.e..M.L4.wu.p....J.s..A..J.5..M(."".....e..j.8...P...-#..*...u.r...3......Ds.>..ln.'.I?d

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Inter-BoldItalic.d4f1ac27c3c1[1].woff





Entropy (8bit): 7.993642698704655

Encrypted: true

SSDEEP: 3072:NkBSrKM/9BKDdX933WDtIyp4jfxBIjRfKK6Qhb+4Rs:qBSd/9BAt3mms6obK

MD5: D4F1AC27C3C139A63E07D23E4A05830D

SHA1: ACDD933E37A2A0E3672D4C55E77C12536A335884

SHA-256: BE307212058E1B6C0081B37F81097F62034C1EEC328DAC4BBCFBA3B24FF407EA

SHA-512: 1DFD001BE91960370E9C4AA84B0DE5DE2D460DD2675984F36636F826479A9097F85569011965AFB9AC46ADBCEFF7A509E5747C2C8632357FA739D0A70A6DE829

Malicious: false

IE Cache URL: https://www.mozilla.org/media/fonts/Inter-BoldItalic.d4f1ac27c3c1.woff

Preview:wOFF.......`................................GDEF...0.........'..GPOS......9....v..zeGSUB..<.......3.Fq-.OS/2..V....[...`#.p.cmap..WH..*B..n.....glyf......?.....w...head...d...4...6....hhea.......$...$.J..hmtx..........%....Aloca......w.....ON.maxp........... ....name...8...G....6Od.post.....%...d.i...x.%..D.Q...s.=..W.o..J"@...^..I..L..`3S)d.*.b.e... .d+H...z..G.cc.".e_v.|.......N.K .nR.%..RyA*c..T>..gR.B*G..Tk..3..z..Vm.6m.vm.......9..e].5]...P...%<.c.h./..o.V.5..lv.uY.s}8.0.r.wy\p...p.`.....q..a....x....]..........{q......?.y..u..._.....~.......L}.g....5..;...E.......#..Z|l..dM.b-.e]..,.. ..8..,..<..*...[.._..........>...~..X.2V....xn...~.V..i.{..u....ex.#a.G.(.B._.7..........S.........w..d...)..t2..."~J*.&.x.\...R|..!f................8..D..0..Yx......U...33....v-X...$.... m.<..P.....%A......B.T.....(...J...7c.....'.....{..3..9....]..!....!a4j.....K...O.O.H!.?.e..M.L4.wu.p....J.s..A..J.5..M(."".....e..j.8...P...-#..*...u.r...3......Ds.>..ln.'.I?d

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Inter-Italic.fb463a63312e[1].woff





Entropy (8bit): 7.991803796908608

Encrypted: true

SSDEEP: 3072:WV4M/KC4C3nBTUnCYdu3lTZNMFrCFeS2fUH0TIb:0/KTC3nZUCP3PNMF+0S3H0K

MD5: FB463A63312E849ABE41DDE33C65F447


SHA1: 45AFBD1F96661246C3BEC6F7EE52CF69C248BC5C

SHA-256: 331B438811C1BC469B9205E889CAB1B91DD67246D2688148131ABD2BB6FF6973

SHA-512: 3B2F39E40CDFA9148D3528E71CC23C6C3BAF3EB6A0793C86EE91712170C4E3BF8758A6947CFA6AD75540459C5202A71533515C8D346035EF4FA9CF62D276F930

Malicious: false

IE Cache URL: https://www.mozilla.org/media/fonts/Inter-Italic.fb463a63312e.woff

Preview:wOFF...............`........................GDEF...0.........'..GPOS......6.....nR.~GSUB..9.......3.Fq-.OS/2..S....[...`%.n.cmap..T<..*B..n.....glyf..~....K......=.head.......4...6....hhea.......$...$.u..hmtx...$......%.l=AAloca...4...w........maxp.......... ....name.......=....1.d9post......%...d.i...x.%..D.Q...s.=..W.o..J"@...^..I..L..`3S)d.*.b.e... .d+H...z..G.cc.".e_v.|.......N.K .nR.%..RyA*c..T>..gR.B*G..Tk..3..z..Vm.6m.vm.......9..e].5]...P...%<.c.h./..o.V.5..lv.uY.s}8.0.r.wy\p...p.`.....q..a....x....]..........{q......?.y..u..._.....~.......L}.g....5..;...E.......#..Z|l..dM.b-.e]..,.. ..8..,..<..*...[.._..........>...~..X.2V....xn...~.V..i.{..u....ex.#a.G.(.B._.7..........S.........w..d...)..t2..."~J*.&.x.\...R|..!f................8..D..0..Yx......U...33....]...Z... [email protected]"..(=u!..BU.g+J.e.JZ...R.T..h+zDJ*....v^.>w.......{...3.9....B.B...E'a4o.......!".....qB.^.-....iB.............]..L..{...P"L.1<P...~Z;.M2......2V;....z#s.....jm..{[3.T}......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Inter-Italic.fb463a63312e[1].woff

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Inter-Regular.1a7f90ff1f1e[1].woff





Entropy (8bit): 7.992112364546725

Encrypted: true

SSDEEP: 1536:iG0xjRyVTq1BbK/CqmPRQ84bhXL+G4hJhSSt5ePW5Xnn7AGeKFSfJItW6LvuFuNW:3V4M/RkG0rFn7beKFSWgAvNTXBFwB

MD5: 1A7F90FF1F1EC75ED4E588736C6A81B0

SHA1: 4AA855FF81ADD61992B3DBE23C7643DA6FF528FC

SHA-256: 764615D6C413495C77873FF78A401DA53D49EB0ABB8554495BCAB483CA1ED2E4

SHA-512: 542ACE63C0F9BCABDAD9029E1C516D123DBD91BFBE764CD9F430C493F601B76D55C0F9037A20EA0F1B12CAAFB04B6F1D70B85C948A502CAD7D73AAE347B08FCA

Malicious: false

IE Cache URL: https://www.mozilla.org/media/fonts/Inter-Regular.1a7f90ff1f1e.woff

Preview:wOFF.......................................GDEF...0.........'..GPOS......6.....nR.~GSUB..9.......3.Fq-.OS/2..S....V...`%.m.cmap..T8..*B..n.....glyf..~|........s..head...l...2...6....hhea....... ...$...chmtx.......&..%.n..bloca.......m.....(P.maxp...X....... [email protected]%f.post......%...d.i.ZEx.%..D.Q...s.=..W.o..J"@...^..I..L..`3S)d.*.b.e... .d+H...z..G.cc.".e_v.|.......N.K .nR.%..RyA*c..T>..gR.B*G..Tk..3..z..Vm.6m.vm.......9..e].5]...P...%<.c.h./..o.V.5..lv.uY.s}8.0.r.wy\p...p.`.....q..a....x....]..........{q......?.y..u..._.....~.......L}.g....5..;...E.......#..Z|l..dM.b-.e]..,.. ..8..,..<..*...[.._..........>...~..X.2V....xn...~.V..i.{..u....ex.#a.G.(.B._.7..........S.........w..d...)..t2..."~J*.&.x.\...R|..!f................8..D..0..Yx......U...33....]...Z... [email protected]"..(=u!..BU.g+J.e.JZ...R.T..h+zDJ*....v^.>w.......{...3.9....B.B...E'a4o.......!".....qB.^.-....iB.............]..L..{...P"L.1<P...~Z;.M2......2V;....z#s.....jm..{[3.T}......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\icon-common-voice.127fa3f5dcb0[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 4700

Entropy (8bit): 4.9721322351642705

Encrypted: false

SSDEEP: 96:CCu3sfgBn/Hx+SZp8RLQ+SZpXCupG29KDlRkG29Kb:7+/RFTNFTfGbDQGbb

MD5: 127FA3F5DCB0F737B14B9F29DAC4A2F4

SHA1: 1760C74EC1187EEA5436BBE492DFD2982A29F117

SHA-256: D7629546C07644EFC307CE7C3D39609916CF88964B68FD2C45437937B0545C84

SHA-512: CB8DB7ACC411B63B6AD32A84C2F2659A94DF5024958C6D763C99E142DB57632098FAD7F6BA88B5BF1A44BAAE109BBCE508B00551BFB4C3E881CBEE7E000DB7E4

Malicious: false

IE Cache URL: https://www.mozilla.org/media/img/nav/icons/icon-common-voice.127fa3f5dcb0.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32" width="32" height="32">. <linearGradient id="a" x1="2.8246" x2="29.3543" y1="10.6026" y2="22.6697" gradientTransform="matrix(1 0 0 -1 0 34)" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#3b8ac9"></stop>. <stop offset=".68" stop-color="#7661aa"></stop>. <stop offset="1" stop-color="#9451a0"></stop>. </linearGradient>. <path fill="url(#a)" d="M8.6 23.6c-.1.1-.5.8-1.1.8s-1-.8-1-.8l-3.1-7.3-.8 1.9c-.6 1.4-.6 2.9-.1 4.3l1 2.4c.4 1 1.7 2.8 4 2.8s3.6-1.7 4-2.7l1.9-4.4-1.7-4.1-3.1 7.1z"></path>. <radialGradient id="b" cx="-821.9417" cy="489.3766" r="1" gradientTransform="matrix(7.734 0 0 -7.734 6364.4019 3810.0491)" gradientUnits="userSpaceOnUse">. <stop offset=".51" stop-color="#5a4a9e" stop-opacity="0"></stop>. <stop offset=".58" stop-color="#53499c" stop-opacity=".06"></stop>. <stop offset=".71" stop-color="#3f4898" stop-opacity=".22"></stop>. <stop offset=".87" stop-color="#1d4591" stop-op

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\installer_help_redesign.cc7ff1710da6[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 11714

Entropy (8bit): 4.976497453652215

Encrypted: false

SSDEEP: 48:gtBBgecCNd5Dt5iFmb5e2b51W5tqG5xQR5Cmh5/BA+rKn0KffLrhNlAgGcUgXZkY:gHJ5jTRat/+Csvv6H2EWv3TTCmHy

MD5: CC7FF1710DA6F4ED30EACAC9787DC7C1

SHA1: 393EE0BFDEE5E6884FF205EA46AC03C95AB067CA

SHA-256: 4003C75DCEB9F35960D1A611161EB769728DFA0C6F23473C5D21B56CAD44031B


SHA-512: 6849AF23A36B3B9875A66243DEB0092B691747E75FB3BD51CC016E7A54EFAC1AE00BCDF13D4D55AB5726B640B165AA64D4A0259F7736EACE9BB31210805BB3AB

Malicious: false

IE Cache URL: https://www.mozilla.org/media/css/BUNDLES/installer_help_redesign.cc7ff1710da6.css

Preview:.mzp-c-hero{padding-bottom:24px;position:relative;text-align:center}.mzp-c-hero.mzp-t-product-beta .mzp-c-hero-title,.mzp-c-hero.mzp-t-product-developer .mzp-c-hero-title,.mzp-c-hero.mzp-t-product-firefox .mzp-c-hero-title,.mzp-c-hero.mzp-t-product-nightly .mzp-c-hero-title{-webkit-background-size:80px 80px;background-size:80px 80px;background-position:top center;background-repeat:no-repeat;padding:104px 0 0 0}.mzp-c-hero.mzp-t-dark,.mzp-t-dark .mzp-c-hero{background-color:#000;color:#fff}.mzp-c-hero.mzp-t-dark .mzp-c-hero-desc,.mzp-t-dark .mzp-c-hero .mzp-c-hero-desc{color:#e0e0e6}.mzp-c-hero-body{margin:0 auto;max-width:480px}.mzp-c-hero-title{font-size:48px;font-size:3rem;line-height:1;margin-bottom:16px}@media (min-width:768px){.mzp-c-hero-title{font-size:56px;font-size:3.5rem;line-height:1}}.mzp-t-product-firefox .mzp-c-hero-title{background-image:url("/media/protocol/img/logos/firefox/browser/logo-lg.3d9087ac44e8.png");background-size:80px 80px}@media only screen and (-webkit-min

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\installer_help_redesign.cc7ff1710da6[1].css

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\linkid[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines


Size (bytes): 1569

Entropy (8bit): 5.369127779967127

Encrypted: false

SSDEEP: 48:Xpm6RFvCzWzAiWqSeTqn1PByqka1cUj54/vD978:5pfpy1Pkqka1cS52b978

MD5: 0CC3A63FE10060AF4A349E5DF666EEFE

SHA1: 3E8D3925B550345123F2CAB26568221FD4154F9C

SHA-256: 92FCA55833F48B4289AC8F1CEDD48752B580FCE4EC4B5D81670B8193D6E51B54

SHA-512: 5801C9DB98C4998480772CA5AD71F0E400C4756AE713AAB0358CA6593B3A3426499D6DEC81A768C861CBBCD8394DD8C6D647628A13F124FF3A1119F9B7793E8C

Malicious: false

IE Cache URL: https://www.google-analytics.com/plugins/ua/linkid.js

Preview:(function(){var e=window,h=document,k="replace";var m=function(a,c,d,b,g){c=encodeURIComponent(c)[k](/$/g,"%28")[k](/$/g,"%29");a=a+"="+c+"; path="+(d||"/")+"; ";g&&(a+="expires="+(new Date((new Date).getTime()+g)).toGMTString()+"; ");b&&"none"!=b&&(a+="domain="+b+";");b=h.cookie;h.cookie=a;return b!=h.cookie},p=function(a){var c=h.body;try{c.addEventListener?c.addEventListener("click",a,!1):c.attachEvent&&c.attachEvent("onclick",a)}catch(d){}};var q=function(a,c,d,b){this.get=function(){for(var b=void 0,c=[],d=h.cookie.split(";"),l=new RegExp("^\\s*"+a+"=\\s*(.*?)\\s*$"),f=0;f<d.length;f++){var n=d[f].match(l);n&&c.push(decodeURIComponent(n[1][k](/%28/g,"(")[k](/%29/g,")")))}for(d=0;d<c.length;d++)c[d]&&(b=c[d]);return b};this.set=function(g){return m(a,g,b,c,1E3*d)};this.remove=function(){return m(a,"",b,c,-100)}};var t=function(a,c){var d=void 0;if("function"==typeof a.get&&"function"==typeof a.set){var b=c||{},g=b.hasOwnProperty("cookieName")?b.cookieName:"_gali",r=b.hasOwnProper

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\logo-reality.6bcc5b8e7099[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 12069

Entropy (8bit): 7.949263911912639

Encrypted: false

SSDEEP: 192:5YQ3NdT4RH1pSNGAPHgMGi4H72DdBDTDiQrkRx4OchGkPx1Fa7pTbxgdeNX1TAQx:XNd62JPgZ72BkD4OMPz2pv0eNX1TAR/g

MD5: 6BCC5B8E7099829A85F50C01C605FAF8

SHA1: 8859515249A3058CD52DE2F35FCB12E8897564BE

SHA-256: D77EB62C8D795985A422F91F3773336E99CAD9B0575B31580679BA6C7AD2AD37

SHA-512: 5C87EA836EA9B6CF354F821653F6EBDE048F601602B25E882046484ECBE8AB5407135708EBE7D48864B4BCF73F53819BBE7A756DF1A941685498E588716D4471

Malicious: false

IE Cache URL: https://www.mozilla.org/media/img/logos/firefox/logo-reality.6bcc5b8e7099.png

Preview:.PNG........IHDR.....................PLTE...G.o1.}....;.....3..G..].22.....q.6V.D;..B.>[email protected]+....A..<F.A.y<6.....y.:`....?i.....7.9Q.E...d.?..A*..R....;<.A!..7.B6...8][email protected]..).6F.>(.Bs.>S.6U.:L.8i..q.."[email protected]....... *...D/.:?..............0....Y..E$'b....L...".......=.fEp.....H.-..>5.....Q.q2Q+.n.E.B>..K..97.h.5(.0.~......*/....'!........2?..N]....#...........,....Kg..&........t".)".,..#C.......b.j.U....1........Fuq-n{k..3-) .....st......./..dn....y.......qH.....K.Kl.5M.ld..........#.XN..F.P........At...N............E..L..W..r..g..a..L........B../..7..D..]........y..6..n........"........V..$.....v........}[email protected]?.B...C..N..R.8K....~.EA.>E.9B....8.>3.?6.:[..6.<c...3.5.....G.,...1@.\..UHQb..T..._..]*..\1T.n.=!lL..g?.}H.N),.......tRNS................................................................................................"...C6...M..2..j....'.U..w...iPl.....................a...sB.............ds...++ID

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\set_hsts[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: GIF image data, version 89a, 1 x 1


Size (bytes): 42

Entropy (8bit): 3.0241026136709444

Encrypted: false

SSDEEP: 3:CUmExltxlNXE:JQ

MD5: B4682377DDFBE4E7DABFDDB2E543E842

SHA1: 328E472721A93345801ED5533240EAC2D1F8498C

SHA-256: 6D8BA81D1B60A18707722A1F2B62DAD48A6ACCED95A1933F49A68B5016620B93

SHA-512: 202612457D9042FE853DAAB3DDCC1F0F960C5FFDBE8462FA435713E4D1D85FF0C3F197DAF8DBA15BDA9F5266D7E1F9ECAEEE045CBC156A4892D2F931FE6FA1BB


Malicious: false

IE Cache URL: https://www.firefox.com/set_hsts.gif

Preview:GIF89a.............!.......,...........2.;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\set_hsts[1].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\black.ac47c78a3a28[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 567

Entropy (8bit): 4.4463055245617795

Encrypted: false

SSDEEP: 12:trZvnlKIBN0ccSclrFfp8Srlgtgja7is4J1Qc+FJLuP4QyuBAio/:tVvnY+HfclrFfyAA4jeLZQyuBAiY

MD5: AC47C78A3A288B3DA148551DF8DDA3D1

SHA1: 15130B30AABA7708CBFD4F45ECF59C610253E887

SHA-256: 8B63960D7892DD7524EA5208CB1EE5F053C7A300A460BA919193B9D9BF07C43B

SHA-512: 54428662EDCF98B9278FC65B1790C7BF4EC6E116966D66B74FF780A5600119FAA52708667C6C1B89FC11C4007D0CDD15CB652E6758BC4E9ABF316064A0C7EA7D

Malicious: false

IE Cache URL: https://www.mozilla.org/media/protocol/img/icons/social/twitter/black.ac47c78a3a28.svg

Preview:<svg width="16" height="16" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg"><path d="M5.032 14.5c6.037 0 9.34-5.002 9.34-9.34 0-.142 0-.283-.01-.424A6.679 6.679 0 0 0 16 3.037c-.6.266-1.235.44-1.885.517a3.294 3.294 0 0 0 1.443-1.816 6.579 6.579 0 0 1-2.085.797A3.286 3.286 0 0 0 7.88 5.528 9.32 9.32 0 0 1 1.114 2.1 3.285 3.285 0 0 0 2.13 6.481 3.258 3.258 0 0 1 .64 6.07v.041A3.284 3.284 0 0 0 3.274 9.33c-.484.132-.99.151-1.483.056a3.286 3.286 0 0 0 3.067 2.28A6.587 6.587 0 0 1 0 13.025a9.294 9.294 0 0 0 5.032 1.472" fill="#000" fill-rule="nonzero"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\gtm[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode text, with very long lines



Entropy (8bit): 5.374284950951471

Encrypted: false

SSDEEP: 3072:V4FQAB7D2jgXVsaL0rNGd6m1K/XFm/05a/gvg3uzGfaAW:V4FQAxD2jgXVsaL0I6mEPmg7zGfaD

MD5: 66B9F15C409FB09AD6C146FF238E6C0B

SHA1: F8CD2B7BCBB7728102AADCCF377F85B9F304E02F

SHA-256: E4C49656888D03FCF923375739703B9F758449A8A108C61052B530A00BFB5785

SHA-512: E6164635EFCF09312C2934B60BA66492BE2F91DAC8B2294AE441326D1E3B41FEE314D52B43DEE594EB7A838F0F250769DCEC9E0AA3FB0F0A29260FF4CAD4FD68

Malicious: false

IE Cache URL: https://www.googletagmanager.com/gtm.js?id=GTM-MW3R8V&l=dataLayer

Preview:.// Copyright 2012 Google Inc. All rights reserved..(function(w,g){w[g]=w[g]||{};w[g].e=function(s){return eval(s);};})(window,'google_tag_manager');(function(){..var data = {."resource": {. "version":"208",. . "macros":[{. "function":"__e". },{. "function":"__jsm",. "vtp_javascript":["template","(function(){function k(g,d,k){var b=g,c=b.split(\"?\");g=c[0];b=1\u003Cc.length?b.replace(g,\"\").substring(1):\"\";var a=b;b=a.split(\/[\u0026;]\/);c=[];var e=\"\";if(\"\"===a)d=\"\";else{for(a=0;a\u003Cb.length;a++){var h=b[a].split(\"\\x3d\"),l=h[0];h=h[1];include=!0;for(var m=0;m\u003Cd.length;m++){var f;(f=l.toLowerCase()===d[m].toLowerCase())||(f=\/(([^\u003C\u003E()\\[\\]\\\\.,;:\\s@\"]+(\\.[^\u003C\u003E()\\[\\]\\\\.,;:\\s@\"]+)*)|(\".+\"))@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}])|(([a-zA-Z\\-0-9]+\\.)+[a-zA-Z]{2,}))\/,f=f.test(l));f\u0026\u0026(include=!1)}include\u0026\u0026\nc.push({name:l,value:h,index:a})}if(1\u003Ec.length)d=e;else{for(a=0;a\u

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\icon-relay.aca61c9bb349[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 1777

Entropy (8bit): 4.579283019884369

Encrypted: false

SSDEEP: 48:n4FHJoUj9RQU2HAcj71YD7hk+phcdpZM96kyS:6B07TeD75EdTq

MD5: ACA61C9BB349D5089303E2E97184F570

SHA1: DF64AA4A238F0DC68D966C43B0E60F082E5197A1

SHA-256: C74AD6A800B101DFAA037145D6B10D1141D7CC7A4A348449EC49A1BDADB5C501

SHA-512: 4C3BAD522347442D51C38419D8EAB002531F61337722B4C79DDFED6E01C3C17726B36AE883C70698FCD36147DBCDDD25CA61419307F97DCAEDB2D8056CD504B9

Malicious: false

IE Cache URL: https://www.mozilla.org/media/img/nav/icons/icon-relay.aca61c9bb349.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" viewBox="0 0 32 32">. <style>.st1{fill:#20133a}</style>. <linearGradient id="a" x1="1.4286" x2="30.5714" y1="18.94" y2="18.94" gradientTransform="matrix(1 0 0 -1 0 34.94)" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9059ff"/>. <stop offset="1" stop-color="#f770ff"/>. </linearGradient>. <path fill="url(#a)" d="M29.2 7L17.4.4c-.8-.5-1.9-.5-2.7 0L2.8 7c-.8.5-1.4 1.4-1.4 2.4v13.2c0 1 .5 1.9 1.4 2.4l11.8 6.6c.8.5 1.9.5 2.7 0L29.2 25c.9-.5 1.4-1.4 1.4-2.4V9.4c0-1-.6-1.9-1.4-2.4z"/>. <path d="M7.8 19.5l-.8.4c-.5.3-.7 1-.4 1.5.3.5.9.7 1.5.4l.7-.4c.5-.3.7-1 .5-1.5-.3-.5-1-.7-1.5-.4z" class="st1"/>. <path d="M12.1 17l-1.4.8c-.5.3-.7 1-.4 1.5s1 .7 1.5.4l1.4-.8c.5-.3.7-1 .5-1.5-.3-.5-1-.7-1.6-.4z" class="st1"/>. <path d="M17.9 15c-.1-.2-.3-.4-.6-.5V6.1c0-.6-.5-1.1-1.1-1.1-.6 0-1.1.5-1.1 1.1v8.4c-.6.2-.9.8-.6 1.4-.2.6 0 1.2.6 1.4v8.4c0 .6.5 1.1 1.1 1.1.6 0 1.1-.5 1.1-1.1v-8.4c.6-.2.9-.8.7-1.4.1-.3.1-.6-.1


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\installer-help[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, UTF-8 Unicode text, with very long lines


Size (bytes): 60913

Entropy (8bit): 4.98269574099255

Encrypted: false

SSDEEP: 384:xHk/w0o3ySd5hP1KmfgDNHDf5kKP9epVP8i3qrJIQrdxJvk5GDsRrpJL:lolSdrvI5iK8WJLesDYrpV

MD5: 17F35E0A7F54304AB5702FB6253B2F6C

SHA1: 848E1718254F2F086922E76DC7A913626402FD8C

SHA-256: AFE9A574DFE5FA6EE318BE8C11CA699ED6A74F5630DA2BC364E2EA42CD22EDB1

SHA-512: B15D98BBD242E518E0B6F75B9DCA30BD12DDC9640FB768E112DDB23CEAF95625B38E964D71837D3653796C2039FFE4870F0FCE09EE2FB9892847DDA493B01BEE

Malicious: false

IE Cache URL: https://www.mozilla.org/en-GB/firefox/installer-help/?channel=aurora&installer_lang=en-GB

Preview:.<!doctype html>..<html class="windows x86 no-js" lang="en-GB" dir="ltr" data-latest-firefox="85.0.2" data-esr-versions="78.7.1" data-gtm-container-id="GTM-MW3R8V" data-stub-attribution-rate="1.0" data-sentry-dsn="https://[email protected]/152">. <head>. <meta charset="utf-8">.. <script type="text/javascript" src="https://www.mozilla.org/media/js/BUNDLES/site.ddf5d556ecf8.js" charset="utf-8"></script>.. [if !IE]> >. . <![endif]-->.. . _.-~-.. 7'' Q..\. _7 (_. _7 _/ _q. /. _7 . ___ /VVvv-'_ .. 7/ / /~- \_\\ '-._ .-' / //. ./ ( /-~-/||'=.__ '::. '-~'' { ___ / // ./{. V V-~-~| || __''_ ':::. ''~-~.___.-'' _/ // / {_ / { /. VV/-~-~-|/ \ .'__'. '. ':: _ _ _ ''.. / /~~~~||VVV/ / \ ) \ _ __ ___ ___ ___(_) | | __ _ .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\logo-sm.f2523d97cbe0[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 2832

Entropy (8bit): 7.797747765966445

Encrypted: false

SSDEEP: 48:OLooNRKEeWvv+4TdN5yXMAeoRJ6dGykjoB8phDq+0Pii4MwcpFmHmHcfU:2oE7Hf4XMAeof60t0B8phu+Q4Mwo32U

MD5: F2523D97CBE08B2763FE13D31B42EE29

SHA1: 058EDFA200BCE72DD0F1C9CEF36E20E720E31EAF

SHA-256: 134BACE3D304A22A8CCFE467D4DF111A8AC901FBE423ADAFAED6F4630F290CD2

SHA-512: E3D61779EF22C59A980D238E99979CE6549370D9AF7CF6C329A81308C9AD81C9FB3203B9501EDDAA2B2E0640D9922338DB32D97566D4BDF198E8457BD6B9403E

Malicious: false

IE Cache URL: https://www.mozilla.org/media/protocol/img/logos/firefox/browser/logo-sm.f2523d97cbe0.png

Preview:.PNG........IHDR...@[email protected].]8..P..2..p..H../..A.\...G..I.'...Q..G..q..J..F..p..D.s9..q..B..J.>..!e.|?.=...I..r..G..E..r..G.8`..=..:....=F..E.~G..s..H..7.....D..K..D.;..S6..D..J.f,.:..Ab..<....tX..G..9..`.....%.0f.p%.h*.^1.R_.^.\\.;[email protected]:.6HY9..8E..B.T5..i..m.3L..b..D.X3.[1.9...J..F..L..D..H..H....;..1P.d,..".....f..?..:.`/......../..F..9..6....A.."Wo[...7..*.h*..&...z\.[J.e3../N..G..>..6.s$....D.dX.^R.ZC..*S..H..G..6.}6.t6.m'...i<...Z..<..<..6.f6.y .Q..[..<.Z=...K..A..6..4....~..W..I.,...L..?.m5..3....J.>.yR.6.lR.3.}(.q,...d..P..J..I..;..7.>...\..[.vU..I..C..B..<..4..1.H.A.yI.;.B...l.._.dW....S.0.rD...q.MchH..s...1.....).O..O.x;../....c.UZ.SH..E.R<..*.O..L..V..v..1_.V.DV.R.[.u=..H_.LV.UL.a.u....`q.}].R.p<..8.j..Y..hp.cW.)`).+...OtRNS.... .....D>.4...&...ea_T4&........L.....vnle........b........q......vbd.c....vIDATX..]HSa.....-d..c2Y...d.~.}HQ..Q7.nV...pcs.....fs.f#..b9\m.....F.][email protected].....=.s.P...<

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\menu.79f1f0c795df[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 436

Entropy (8bit): 4.81285634223051

Encrypted: false

SSDEEP: 6:tnrwNhy/i3mc4slE4easKMwmqZDdGodlwXq9/1Z0RIYVgrVyRI+JTgrVyRIt1kqe:trwNSi33eaxMwhsXqnj4grl9l7e

MD5: 79F1F0C795DF9775A6E940AA6B794A64

SHA1: 0834AFC9234DC2AEE26026CF61ECD29B4483966E

SHA-256: C08840807DBE9DBD399A2F176C5C377BB0F26A6762971DD6B25CA2C1129B5161

SHA-512: 6EE45C5E1DB62CB790D9259C40BB1934082388E2FB23049139877663AA02056401F48086EBE8898B2AFB71F9E920F598E71F76160146E37EABFA570E1EFBE121

Malicious: false

IE Cache URL: https://www.mozilla.org/media/protocol/img/icons/menu.79f1f0c795df.svg

Preview:<svg width="24px" height="24px" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">. <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd" stroke-linecap="round">. <g transform="translate(3.000000, 5.500000)" stroke="#000000" stroke-width="2">. <path d="M0,0.5 L18,0.5"></path>. <path d="M0,6.5 L18,6.5"></path>. <path d="M0,12.5 L18,12.5"></path>. </g>. </g>.</svg>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\protocol-firefox.a75069e5fd6a[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode text, with very long lines, with no line terminators


Size (bytes): 75990

Entropy (8bit): 5.151004148141113


Encrypted: false

SSDEEP: 768:v86IlnI+3/mB4DsgRQC1xJuF6Ldt6A5t6l/4Y/FWqv9GrF3lSXNBBiNps2Es68ws:vlVy

MD5: A75069E5FD6A9D669A90119ACB237C1C

SHA1: CB136B1758E2708F1AEA47F306AAD199B44BB455

SHA-256: 7DCF2681A48789AC7446C309645BE3A9AD2579B72CC7612805BC856E59EEEA6A

SHA-512: B50CEC5A605C29F7195D8494747CBE7BECB1B076E2B8EF1165CBF896A6513F881129CC9619CD734F49F1C4E6EE2E8AB27CEACA12DFDD10E3EC376FD58C575F8E

Malicious: false

IE Cache URL: https://www.mozilla.org/media/css/BUNDLES/protocol-firefox.a75069e5fd6a.css

Preview:@font-face{font-display:swap;font-family:Inter;font-style:normal;font-weight:400;src:url("/media/fonts/Inter-Regular.d55e957612a3.woff2") format("woff2"),url("/media/fonts/Inter-Regular.1a7f90ff1f1e.woff") format("woff")}@font-face{font-display:swap;font-family:Inter;font-style:normal;font-weight:700;src:url("/media/fonts/Inter-Bold.0564381b22b2.woff2") format("woff2"),url("/media/fonts/Inter-Bold.2767206dcd8d.woff") format("woff")}@font-face{font-display:swap;font-family:Inter;font-style:italic;font-weight:400;src:url("/media/fonts/Inter-Italic.d6a4e2b82a0b.woff2") format("woff2"),url("/media/fonts/Inter-Italic.fb463a63312e.woff") format("woff")}@font-face{font-display:swap;font-family:Inter;font-style:italic;font-weight:700;src:url("/media/fonts/Inter-BoldItalic.9d1b867e3416.woff2") format("woff2"),url("/media/fonts/Inter-BoldItalic.d4f1ac27c3c1.woff") format("woff")}@font-face{font-display:swap;font-family:Metropolis;font-style:normal;font-weight:400;src:url("/media/fonts/Metropolis

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\protocol-firefox.a75069e5fd6a[1].css

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\sentry.d4a49ae2b9e1[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 57718

Entropy (8bit): 5.222970930870903

Encrypted: false

SSDEEP: 768:b1OODWUvfUNFV7td6BdAj8vNiCOoghSUSgWU/DDf8jbs+KvLXuzpjOBf6vMm5gyD:b1OOq1NFV7td6PInCOnhDD/4pah6jSC

MD5: D4A49AE2B9E152D261A658571A169220

SHA1: 2D101D7C2EAF632EC1F37A68747CF2EBFAB3DBD5

SHA-256: 62071B7D1DACFB476E19B506E4FBAF0A6DDE9E2D3AAA2A10A2F38EB2C9D262CF

SHA-512: B2EE2DA176C534FABD9E2919AB6EBD8B1C6DFC397E262658F2271D3C38A75AEAD877760DD7F1EBD1C07F39E52D61A746E3CD30448842E9F24E02C6F24302AB70

Malicious: false

IE Cache URL: https://www.mozilla.org/media/js/BUNDLES/sentry.d4a49ae2b9e1.js

Preview:var Sentry=function(c){var r=function(t,e){return(r=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}||function(t,e){for(var n in e)e.hasOwnProperty(n)&&(t[n]=e[n])})(t,e)};function t(t,e){function n(){this.constructor=t}r(t,e),t.prototype=null===e?Object.create(e):(n.prototype=e.prototype,new n)}var e,n,o,i,a,s,l=function(){return(l=Object.assign||function(t){for(var e,n=1,r=arguments.length;n<r;n++)for(var o in e=arguments[n])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t}).apply(this,arguments)};function d(t,e){var n="function"==typeof Symbol&&t[Symbol.iterator];if(!n)return t;var r,o,i=n.call(t),a=[];try{for(;(void 0===e||0<e--)&&!(r=i.next()).done;)a.push(r.value)}catch(t){o={error:t}}finally{try{r&&!r.done&&(n=i["return"])&&n.call(i)}finally{if(o)throw o.error}}return a}function u(){for(var t=[],e=0;e<arguments.length;e++)t=t.concat(d(arguments[e]));return t}(s=e=e||{})[s.None=0]="None",s[s.Error=1]="Error",s[s.Debug=2]="Debug",s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\stub_attribution_code[1].jsonProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with no line terminators


Size (bytes): 267

Entropy (8bit): 5.554252011668252

Encrypted: false

SSDEEP: 6:YEt6GKaeV2vSI95Bj9GfBHthf+CthfMl0kq/bm4xt6WMbXRjSX9ULGVYTrLY:YpdzV2v795BxGfBHff+CffMOkqz7I6YY

MD5: A2DDC7A4C7075117BB8817F439BA0643

SHA1: 1A738B72C086A7E1B9C7DAA679AD2EE0751B58A1

SHA-256: E2F911A72FC480A4A874CDC19FA0942BFE255DB037A024A77B6A7E1B45087D00

SHA-512: 69E921EE7C119155860379219153FFC0DFB97AF306D6C7690224F88BBA0C557542BE598AA0118E1D6FD20A72A6E99F47DD6BCE85400538ADF7FD02C91F7F3A1D

Malicious: false

IE Cache URL: https://www.mozilla.org/en-US/firefox/stub_attribution_code/?referrer=&ua=ie

Preview:{"attribution_code": "c291cmNlPShub3Qgc2V0KSZtZWRpdW09KGRpcmVjdCkmY2FtcGFpZ249KG5vdCBzZXQpJmNvbnRlbnQ9KG5vdCBzZXQpJmV4cGVyaW1lbnQ9KG5vdCBzZXQpJnZhcmlhdGlvbj0obm90IHNldCkmdWE9aWU.", "attribution_sig": "b4fb923dca856d72021d64cf01a452f5a37c0d351d679d6ac5a0f49ab8b499f0"}

C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\postSigningDataProcess: C:\Users\user\Desktop\Firefox Installer.exe

File Type: ASCII text, with no line terminators

Category: dropped

Size (bytes): 200

Entropy (8bit): 4.1569193694206295

Encrypted: false

SSDEEP: 6:Bbmq6mHQCmo7INyTQGLPX7YcOAxi/KSmh:BiqxSyYUVx9Zh

MD5: 7CA48EFF90593D12EB05C84A8E577F0D

SHA1: 131D6527C1B2EADCFA8AD5368333723B89C56122

SHA-256: 4B7F06F1F7F727E656404B03D05D9BDBADABEE34E18BC3B7CE7201E32302E699


SHA-512: 42D960192BFF31A3F4EA7E5B05D8C9C2AA086B7C171E7760011DC9447AAEE4CF6967A40F0DDA313990DAE9E86F470796881F5EF0CC5FD6842E6EE8A7CE5433F2

Malicious: false

Preview:campaign%3D%2528not%2Bset%2529%26content%3D%2528not%2Bset%2529%26experiment%3D%2528not%2Bset%2529%26medium%3D%2528direct%2529%26source%3D%2528other%2529%26ua%3Dchrome%26variation%3D%2528not%2Bset%2529

C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\postSigningData

C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe

Process: C:\Users\user\Desktop\Firefox Installer.exe

File Type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

Category: dropped


Entropy (8bit): 5.692007988869744

Encrypted: false

SSDEEP: 6144:cspNjlsxp+1HmP7ysKmKclmaFHOz3U6uW/ns1VId5d:ccufP7y8F3FHOzhuW/sTId

MD5: 34D82BBBC56EB436EDF3D77EBA96AD26

SHA1: 7C3A741641C0BF1725D69A574C18BBC7AE432944

SHA-256: 57791CE52BF222DAA250CE3903CB70FF45808CA4988729E3589BA9E2AA4D3552

SHA-512: E1E3E3FE7901A342074BD0D6E13C9E4F26F5324AB0E9015786BC26E37E878C502D46E1AD2EAF3173CAB9E03FDC4F70360B4906979110BFA25C280CFB4A702660

Malicious: true

Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1..P...P...P..*_...P...P..OP..*_...P..s...P...V...P..Rich.P..........PE..L...?.MX.................f..........43............@.......................................@........................................................@................................................................................................text....d.......f.................. ..`.rdata...............j..............@[email protected]..............................@....ndata.......P...........................rsrc..............................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\CityHash.dll

Process: C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe

File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

Category: dropped

Size (bytes): 44544

Entropy (8bit): 5.300876438716054

Encrypted: false

SSDEEP: 768:cfXngOuwVTROMOZbPg9ao/wxsfJM3JuNUgo3:c/hPVTRBO9NJYMMno

MD5: 737379945745BB94F8A0DADCC18CAD8D

SHA1: 6A1F497B4DC007F5935B66EC83B00E5A394332C6

SHA-256: D3D7B3D7A7941D66C7F75257BE90B12AC76F787AF42CD58F019CE0280972598A

SHA-512: C4A43B3CA42483CBD117758791D4333DDF38FA45EB3377F7B71CE74EC6E4D8B5EF2BFBE48C249D4EAF57AB929F4301138E53C79E0FA4BE94DCBCD69C8046BC22

Malicious: false

Antivirus: Antivirus: Metadefender, Detection: 0%, BrowseAntivirus: ReversingLabs, Detection: 0%

Joe Sandbox View:

Filename: Firefox Setup 78.5.0esr.msi, Detection: malicious, BrowseFilename: Firefox Setup 75.0.msi, Detection: malicious, BrowseFilename: , Detection: malicious, Browse

Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./.J.k.$.k.$.k.$..*.}.$.]...$.$...7.h.$.k.%.#.$.]./.h.$... .j.$.Richk.$.................PE..L...0..P...........!.....b...^..........................................................................................M.......(...............................H....................................................................................text...Ba.......b.................. ..`.rdata...............f..............@[email protected][email protected][email protected]........................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\InetBgDL.dll


File Type: PE32 executable (DLL) (console) Intel 80386, for MS Windows

Category: dropped

Size (bytes): 7168

Entropy (8bit): 4.816731548265959

Encrypted: false

SSDEEP: 96:3hJKbkw41fc4wpaTm/lXd/dyEoPqBP3z9YQGbnL8QkQt0AxIh+47m1Ss7:6bpWk1aTmKiB3lQxIsy

MD5: D4F7B4F9C296308E03A55CB0896A92FC

SHA1: 63065BED300926A5B39EABF6EFDF9296ED46E0CC

SHA-256: 6B553F94AC133D8E70FAC0FCAA01217FAE24F85D134D3964C1BEEA278191CF83

SHA-512: D4ACC719AE29C53845CCF4778E1D7ED67F30358AF30545FC744FACDB9F4E3B05D8CB7DC5E72C93895259E9882471C056395AB2E6F238310841B767D6ACBCD6C1

Malicious: false



https://www.metadefender.com/#!/results/file/YnpJeE1ESXlNRGhqU1ZKaVpUUklSd2tmMUM4Z1lyZ2g/regular/analysis

https://view.joesandbox.com/analysis/237911/html/none



https://www.metadefender.com/#!/results/file/YnpJeE1ESXhORzFNY1Rkb1J6SlVkMWtIVGNMUU9pR2w5/regular/analysis

Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)tBQH..QH..QH..4...VH..QH..NH..g$..PH..g$..PH..g$..PH..g$..PH..RichQH..................PE..L...,3.\...........!................"........ ...............................`............@.........................@#[email protected]..|... #............................................... ...............................text...F........................... ..`.rdata....... ......................@[email protected][email protected]........@......................@[email protected]..|[email protected]................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\InetBgDL.dll

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\System.dll



Category: dropped

Size (bytes): 11776

Entropy (8bit): 5.656065698421856

Encrypted: false

SSDEEP: 192:eY24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol+Sl:E8QIl975eXqlWBrz7YLOl+

MD5: 17ED1C86BD67E78ADE4712BE48A7D2BD

SHA1: 1CC9FE86D6D6030B4DAE45ECDDCE5907991C01A0

SHA-256: BD046E6497B304E4EA4AB102CAB2B1F94CE09BDE0EEBBA4C59942A732679E4EB

SHA-512: 0CBED521E7D6D1F85977B3F7D3CA7AC34E1B5495B69FD8C7BFA1A846BAF53B0ECD06FE1AD02A3599082FFACAF8C71A3BB4E32DEC05F8E24859D736B828092CD5

Malicious: false


Joe Sandbox View:

Filename: Firefox Setup 78.5.0esr.msi, Detection: malicious, BrowseFilename: FileZilla_3.42.1_win64_sponsored-setup.exe, Detection: malicious, BrowseFilename: Firefox Installer.exe, Detection: malicious, BrowseFilename: FileZilla_3.42.1_win64_sponsored-setup.exe, Detection: malicious, BrowseFilename: , Detection: malicious, BrowseFilename: FileZilla_3.41.1_win64-setup_bundled.exe, Detection: malicious, BrowseFilename: FileZilla_3.41.1_win64-setup_bundled.exe, Detection: malicious, BrowseFilename: Firefox Setup 75.0.msi, Detection: malicious, BrowseFilename: #U6ac3#U8cb7#U5b89#U63a7#U4e2d#U4ecb#U5143#U4ef6.exe, Detection: malicious, BrowseFilename: 7N9HRsNAb5.exe, Detection: malicious, BrowseFilename: Firefox Installer.exe, Detection: malicious, BrowseFilename: Firefox Installer.exe, Detection: malicious, BrowseFilename: FileZilla_3.34.0_win64-setup_bundled.exe, Detection: malicious, BrowseFilename: , Detection: malicious, BrowseFilename: FileZilla_3.33.0_win64-setup_bundled.exe, Detection: malicious, BrowseFilename: Firefox_Setup_Stub_58.0.exe, Detection: malicious, BrowseFilename: O9wdkqzdPF.exe, Detection: malicious, BrowseFilename: btweb_installer(1).exe, Detection: malicious, BrowseFilename: FileZilla_3.42.1_win64_sponsored-setup.exe, Detection: malicious, BrowseFilename: FileZilla_3.42.1_win64_sponsored-setup.exe, Detection: malicious, Browse

Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L.....MX...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@[email protected]....@.......([email protected].......*[email protected]................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UAC.dll



Category: dropped

Size (bytes): 18432

Entropy (8bit): 5.858723390475489

Encrypted: false

SSDEEP: 192:5cdcpry0igQ1Ii1rzn6U4gbfW6irWP+vOg7XRSEi+OPLjte86jugnincl0Nr90Og:WqVibvTh4qnFP+OPEzinclP+

MD5: 113C5F02686D865BC9E8332350274FD1

SHA1: 4FA4414666F8091E327ADB4D81A98A0D6E2E254A

SHA-256: 0D21041A1B5CD9F9968FC1D457C78A802C9C5A23F375327E833501B65BCD095D

SHA-512: E190D1EE50C0B2446B14F0D9994A0CE58F5DBD2AA5D579F11B3A342DA1D4ABF0F833A0415D3817636B237930F314BE54E4C85B4DB4A9B4A3E532980EA9C91284

Malicious: false


Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......DH.".)lq.)lq.)lq.)mqP)lq.!1q.)lq./jq.)lqT.]q.)lq..hq.)lqRich.)lq........................PE..L...lKPJ...........!.....4...........:.......P......................................i/...............................B..J....:..x....`.......................p..........................................................L............................text...Z3.......4.................. ..`[email protected]........`.......@..............@[email protected][email protected]........................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UserInfo.dll



https://www.metadefender.com/#!/results/file/YnpJeE1ESXlNRGhqU1ZKaVpUUklSd0Z3SjBXaDEtb3I/regular/analysis





















https://www.metadefender.com/#!/results/file/YnpJeE1ESXlNRGhqU1ZKaVpUUklSd1Mzampmd2xNaWE/regular/analysis


Category: dropped

Size (bytes): 4096

Entropy (8bit): 3.300248291125861

Encrypted: false

SSDEEP: 48:qKf6qD22TZ4s9XXqQr1wHGzzofD4x/X/3Mbj+cZSNJwhSv3:5fF/RKQruH0pxvcec++hSv

MD5: 1B446B36F5B4022D50FFDC0CF567B24A

SHA1: D9A0A99FE5EA3932CBD2774AF285DDF35FCDD4F9

SHA-256: 2862C7BC7F11715CEBDEA003564A0D70BF42B73451E2B672110E1392EC392922

SHA-512: 04AB80568F6DA5EEF2BAE47056391A5DE4BA6AFF15CF4A2D0A9CC807816BF565161731921C65FE5FF748D2B86D1661F6AA4311C65992350BD63A9F092019F1B8

Malicious: false


Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..................[.........Rich..........................PE..L.....MX...........!................j........ ...............................P...................................... "......L ..<[email protected].................................................... ..L............................text............................... ..`.rdata....... ......................@[email protected][email protected].......@[email protected]................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UserInfo.dll

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\WebBrowser.dll



Category: dropped

Size (bytes): 95232

Entropy (8bit): 6.341258790684601

Encrypted: false

SSDEEP: 1536:r5T3mufJUOjAArf8WmL6ovLqp1UOrNIxUxuW/nANL8ZEsWUcdeVw0QWV7x/E1VIU:RfSOjAHW06ovW1UOBnuW/0L8ieV1QWZl

MD5: DFE24AA39F009E9D98B20B7C9CC070B1

SHA1: F48E4923C95466F689E8C5408265B52437ED2701

SHA-256: 8EC65A3D8AE8A290A6066773E49387FD368F5697392DFB58EAC1B63640E30444

SHA-512: 665CE32D3776B1B41F95ED685054A796D0C1938DBC237619FA6309D1B52AE3BD44E3CF0A1F53EBF88556F7603111CCA6DFF1BFC917A911E0A9CE04AFFD0D5261

Malicious: false


Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS [email protected][email protected][email protected].([email protected].([email protected]./[email protected]./[email protected]./[email protected].([email protected].([email protected][email protected][email protected]/[email protected]/[email protected]/[email protected].@[email protected]/[email protected][email protected].....^...........!.................(....................................................@..........................].......^..x.......`.......................0....R..............................0R..@............................................text............................... ..`.rdata..tg.......h..................@[email protected][email protected]...`............^..............@[email protected][email protected]........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\bgstub.jpgProcess: C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe

File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1344x822, frames 3

Category: dropped

Size (bytes): 58327

Entropy (8bit): 7.671129076331537

Encrypted: false

SSDEEP: 768:8Pcee2Z31xI+ut5WibOyEHrU0e5LxTGUMGGPq9D25z1oFlh8gUe9hkKcT3ZBoNqK:zR5WLQn5lTGUgq9SuYe9T4DiDeFe

MD5: B7A3CA496F252CF886986D354A875026

SHA1: 809CEC45606A148DCF84CC2E0BE7BC54305282AA

SHA-256: BB39042D269152B10BB5955CAB98D8AF35718B83FA30DC430811F2411CED2966

SHA-512: 9E8809A1F7A01F9A7DD070D483FFB1F4B0B27847FEB0D4AE850A041DC4B1CAF2F41D2D228A2AFD4A81FA354123FE3EC404FE5009145AF51437E427AFA7C6D71C

Malicious: false

Preview:......JFIF......................................................................................................................................................6.@......................................................0..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing.htmlProcess: C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe

File Type: HTML document, ASCII text

Category: dropped

Size (bytes): 1031

Entropy (8bit): 4.9747185139122365

Encrypted: false


https://www.metadefender.com/#!/results/file/YnpJeE1ESXlNRGhqU1ZKaVpUUklSd182bERuRUdXY0Q/regular/analysis

https://www.metadefender.com/#!/results/file/YnpJeE1ESXhORzFNY1Rkb1J6SlVkMWsyV3lVNW14TmRB/regular/analysis

SSDEEP: 24:0lrrmeoWPkvL5BANVv9LtVIA1EGgMifL9GMSX3eTeXWYIfS3ME:0lnfoWcMmA1EDjRo3eTeXWYIfg7

MD5: 32DE55F44C497811DD7ED7F227F5C28D

SHA1: C111BE08E7F3D268E7A2ED160D0C30833F25AE4A

SHA-256: 6259F3A41A703F13466503E6FBD37CA40E94F565A2F4B4087FBCD87A13BF3EE1

SHA-512: 48BB6F24B3EE2F4B7052205A3843EA34F917EE192B70261D2438C037B0E17D48BCE8BEB4C31BE4141E9618922A45B6B47745B797E5618F18FE00BFC1625309EF

Malicious: false

Preview:<!doctype html>.. This Source Code Form is subject to the terms of the Mozilla Public. - License, v. 2.0. If a copy of the MPL was not distributed with this. - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->..<html>.<head>..<meta charset="UTF-8">.<meta http-equiv="X-UA-Compatible" content="IE=8">..<link rel="stylesheet" href="stub_common.css">.<link rel="stylesheet" href="installing_page.css">..<script src="stub_common.js"></script>.<script src="installing.js"></script>..</head>.<body>..<img id="background" src="bgstub.jpg" alt="" role="presentation">..<div id="text_column">. <div id="text_column_container">. <h1 id="header"></h1>. <div id="content"></div>. </div>.</div>..<div id="installing">. <div id="label" tabindex="0"></div>. <div id="progress_background">. <div id="progress_bar" role="progressbar" aria-labelledby="label" aria-valuemin="0" aria-valuemax="100" aria-valuenow="0" tabindex="0"></div>. </div>.</div>..<div id="blurb"></div>..<div id="f

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing.html

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing.jsProcess: C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe

File Type: ASCII text

Category: dropped

Size (bytes): 2313

Entropy (8bit): 4.945006967984332

Encrypted: false

SSDEEP: 48:1PAJD5hjHZBda+3w3PVqroG72j3zNeZBAhHeX7u8ji+3WHQBlGh0nnSvidU2k3W8:1PAR5hjHV/w3P4exeRF73Bm0nWi2hG8

MD5: DFA7861BCA754036AB853B3BB02B194D

SHA1: 46D7C5BA614B39CAA4857FCBA4BDEDBABB2C67C0

SHA-256: 2C286B6EEFD38F032A385F3AC6A1F794DEAB3BAC0FBFF71BD0BA21453F477878

SHA-512: C58D96FB2496A84261A5E4B18CF4156A30F9AD161BBABC3652B6B5C24976F1AC432DCED31927A9443260CDCA0292524D1F691766B7C0731F926D37BE11FE0C64

Malicious: false

Preview:// This Source Code Form is subject to the terms of the Mozilla Public.// License, v. 2.0. If a copy of the MPL was not distributed with this.// file, You can obtain one at http://mozilla.org/MPL/2.0/...// Length of time (milliseconds) that one blurb stays up before we switch to.// displaying the next one..var BLURB_CYCLE_MS = 20000;..// How frequently we should update the progress bar state, in milliseconds..var PROGRESS_BAR_INTERVAL_MS = 250;..window.attachEvent("onload", function() {. // Set direction on the two components of the layout.. var direction = external.getTextDirection();. document.getElementById("text_column").style.direction = direction;. document.getElementById("installing").style.direction = direction;.. // Get this page's static strings.. var label = document.getElementById("label");. label.innerText = external.getUIString("installing_label");. document.getElementById("header").innerText = external.getUIString(. "installing_header". );. document.getEleme

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing_page.cssProcess: C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe


Category: dropped

Size (bytes): 1137

Entropy (8bit): 4.9215580342589655

Encrypted: false

SSDEEP: 24:wfrmokmQe0+08DGJreQXZe5YUeXkdkydskBDpaZeXkd6aHeHpiHvcLhORWH:AKmQerFQecZe5reXkgesZeXkJeHpiPc3

MD5: CBD327243D2650EF132599C42D4B0820

SHA1: A8D5B12D89077401DEC504AC56FCB635D7D2A96E

SHA-256: E123002AB5836965420FC58F9E30F87FB294D4648A58F3BCE1AC8EC514917ECC

SHA-512: E3B97471C42C3971969086C97386BA42B0A15E3722E0F97A0095FE6FCCA3E7EAC46370ADA3B6E648E155D6BD1FDE1762CB6F9496CA50038ABAC332F7C572D2EA

Malicious: false

Preview:/* This Source Code Form is subject to the terms of the Mozilla Public. * License, v. 2.0. If a copy of the MPL was not distributed with this. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */..body {. color: white;.}..#label,.#progress_background,.#blurb {. text-align: center;. margin: 20px 30px;.}..#label {. font-size: 40px;. margin-top: 100px;. margin-bottom: 20px;.}..#progress_background {. margin: 0 auto;. width: 60%;. height: 24px;. background-color: white;.}..body.high-contrast #progress_background {. outline: solid;.}..#progress_bar {. margin: 0;. width: 0%;. max-width: 100%;. height: 100%;. background-color: #00AAFF;.}../* In high contrast mode, fill the entire progress bar with its border. */.body.high-contrast #progress_bar {. /* This border should be the height of progress_background. */. border-top: 24px solid;. box-sizing: border-box;.}../* This layout doesn't want the header or content text. */.#header, #content {. display: none;.}..#blurb

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\stub_common.cssProcess: C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe


Category: dropped

Size (bytes): 684

Entropy (8bit): 4.895598755144928

Encrypted: false

SSDEEP: 12:UffrmssQiG8XxmcuKOdNGwQm/vYukF45fEibiHoEsyhqvR0T1vx:wfrmokmPqwQ+vY05fRiJLhqU1J

MD5: 544B51F11AD19DF720669478D28F129D

SHA1: D238B604FD3FA37DFD552EACDC6AACC474FCDDAD

SHA-256: 4D9495B6F0E18331659993B79440E414A6E607FCDAEACBC7477E0683CC0FA98B

SHA-512: BBBB0F31839316C51464CFD225166145F968CE38995DC2748DF5402B7E109FF6119D65B6774FC4738638AD4C9D89776516B00AB5A700097D9D74E1824A11DC5E

Malicious: false


Static File Info

Preview:/* This Source Code Form is subject to the terms of the Mozilla Public. * License, v. 2.0. If a copy of the MPL was not distributed with this. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */..body {. height: 100%;. width: 100%;. margin: 0;. padding: 0;. overflow: hidden;.. font-family: "Segoe UI", sans-serif;.}../* This is an <img> rather than using background-image because IE8. * does not support background-size. */.#background {. min-height: 100%;. min-width: 100%;.. width: 100%;. height: auto;.. position: fixed;. top: 0;. left: 0;.. z-index: -1;.}..body.high-contrast #background {. display: none;.}...no-focus-outline {. outline: none;.}.

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\stub_common.css

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\stub_common.jsProcess: C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe


Category: dropped

Size (bytes): 817

Entropy (8bit): 4.930061365317776

Encrypted: false

SSDEEP: 24:ZrmAAJdslLElW0d+TrT0kKJRRZotfjJRRnE00:1PAJQLKWxXTGtoxjJjE00

MD5: 58B8AC894C64370CFA137F5848AEB88D

SHA1: 6A1AC1F88A918A232B79FE798B2DE69CF433945F

SHA-256: 0E28AA770B0AFADE30BE85C6DC1E50344DB8F8CDD3FA01989D81A9E20A4990BD

SHA-512: AE309518E0F926021E4D9378950C1A375263247D4F79D8A8CC09464CD01653AE5E707D52A4B0C36D532E649C246F4BE6B5BA8648F58FB0E3E40C495AE63180AB

Malicious: false

Preview:// This Source Code Form is subject to the terms of the Mozilla Public.// License, v. 2.0. If a copy of the MPL was not distributed with this.// file, You can obtain one at http://mozilla.org/MPL/2.0/...window.attachEvent("onload", function() {. if (parseInt(external.getIsHighContrast())) {. document.body.className += " high-contrast";. } else {. document.body.className += " normal-contrast";. }.. document.body.style.fontFamily = external.getFontName() + ", sans-serif";.. // All pages have the global footer (or don't, depending on the branding).. document.getElementById("footer").innerText = external.getUIString(. "global_footer". );.. // Disallow dragging of the "background" image.. document.getElementById("background").attachEvent("ondragstart", function() {. return false;. });.});.

C:\Users\user\AppData\Local\Temp\~DF15C2A6A2A552686A.TMPProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: data

Category: dropped

Size (bytes): 36201

Entropy (8bit): 0.7208448941956904

Encrypted: false

SSDEEP: 384:kBqoxKFZPaZPbPoPYPzPNAPXAPKP5PTNYrAVeVTV:B5a5zgQbi4SZTWrAVeVTV

MD5: 4A51573DAE68686CC8FAA1122099F48A

SHA1: 3B5AE2EA738514A9AA608589092D60FC4D7AD6DF

SHA-256: 56FBC006D38476F2F35F6D72EB474527DD2576CACE6EF8809B6D94FC9D888D07

SHA-512: 4D0C9CCA9C83E988EECF2D516A4CEBBC87F80B9941A83F26E126B4D8E3329A8A0E7A088D584BB053580EF60D130283C5167845237A82374069EC057CE45A37A9

Malicious: false

Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFC3557FDB50A0AF3E.TMPProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: data

Category: dropped

Size (bytes): 12965

Entropy (8bit): 0.42172021325321307

Encrypted: false

SSDEEP: 24:c9lLh9lLh9lIn9lIn9lolF9lo/9lW3cF+eB:kBqoIg+3cp

MD5: D3B3664FEE71CA4A53F9E001D8A94618

SHA1: 32DB8F4DED683492B3264DE23A9572DEC23FE759

SHA-256: 4F8443E6421469A668078BBB516EDDBAFB904963C771B036109D4815DB714F5C

SHA-512: 96EF606089A007A461519F4F8536EB1B230A0943B8D3E30A953DCB01A8CFEDC23F91ABE0BA8E4A304C13B88924D552569A639A82A644AEF3280F3F71968F2263

Malicious: false

Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................


GeneralFile type: PE32 executable (GUI) Intel 80386, for MS Windows,

UPX compressed

Entropy (8bit): 7.931900551699911

TrID: Win32 Executable (generic) a (10002005/4) 99.66%UPX compressed Win32 Executable (30571/9) 0.30%Generic Win/DOS Executable (2004/3) 0.02%DOS Executable Generic (2002/1) 0.02%Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%

File name: Firefox Installer.exe

File size: 327360

MD5: f0ffd6b22e2e284850f3933ede927790

SHA1: c8863c819ae52dc1126d5215b3c6d61df96b49ab

SHA256: e0e20159839ff7fa71278a67d90b7fa685733d19c3eb36de406669e6c070c60e

SHA512: 01a4e9d28f774acee9e44e97cd01f3e7bdbf23ac022992024ba0767ee33d4ecc420a639467cc754bd553e548c6d4d2cd05e546c74c1f955ac2ea4595dac24df0

SSDEEP: 6144:+aVWdyzOxeA1DfdwX3MmIOJhEbX1U0s/KyHQWW3HpO9SoaJvxfEQgQM3NcRrIH:+MROxdDfOnMmXDEu00o3g9SbMvQMyRsH

File Content Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............`Y..`Y..`YM.nY..`Y&.dY..`Y..?Y..`Y..=Y..`Y..aYb.`Y&.jY..`Y&.kY..`Yv.fY..`YRich..`Y........................PE..L...9m.[...

File Icon

Icon Hash: 64e4cc8df0f0f0b0

GeneralEntrypoint: 0x434fa0

Entrypoint Section: UPX1

Digitally signed: true

Imagebase: 0x400000

Subsystem: windows gui

Image File Characteristics: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

DLL Characteristics:

Time Stamp: 0x5B886D39 [Thu Aug 30 22:18:33 2018 UTC]

TLS Callbacks:

CLR (.Net) Version:

OS Version Major: 4

OS Version Minor: 0

File Version Major: 4

File Version Minor: 0

Subsystem Version Major: 4

Subsystem Version Minor: 0

Import Hash: 05d3dce2be32df01ca249872dd2cc117

Signature Valid: true

Signature Issuer: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Signature Validation Error: The operation completed successfully

Error Number: 0

Not Before, Not After 5/6/2020 5:00:00 PM 5/12/2021 5:00:00 AM

Subject Chain E="[email protected]", CN=Mozilla Corporation, OU=Firefox Engineering Operations, O=Mozilla Corporation, L=Mountain View, S=California, C=US

Version: 3

Thumbprint MD5: 9E49C16F999E6957E8FAF4FDCA2F7ED0

Thumbprint SHA-1: 91CABEA509662626E34326687348CAF2DD3B4BBA

Static PE Info

Authenticode Signature


Thumbprint SHA-256: 1DD436F9E9A33CCBF19A785FBDCCF512F36C753BBB9CF3787B4200162A6BDFE4

Serial: 0DDEB53F957337FBEAF98C4A615B149D

Instruction

pushad

mov esi, 00425000h

lea edi, dword ptr [esi-00024000h]

push edi

or ebp, FFFFFFFFh

jmp 00007FA3ACABE392h

nop

nop

nop

nop

nop

nop

mov al, byte ptr [esi]

inc esi

mov byte ptr [edi], al

inc edi

add ebx, ebx

jne 00007FA3ACABE389h

mov ebx, dword ptr [esi]

sub esi, FFFFFFFCh

adc ebx, ebx

jc 00007FA3ACABE36Fh

mov eax, 00000001h

add ebx, ebx



sub esi, FFFFFFFCh

adc ebx, ebx

adc eax, eax

add ebx, ebx

jnc 00007FA3ACABE371h

jne 00007FA3ACABE38Bh


sub esi, FFFFFFFCh

adc ebx, ebx


xor ecx, ecx

sub eax, 03h

jc 00007FA3ACABE38Fh

shl eax, 08h

mov al, byte ptr [esi]

inc esi

xor eax, FFFFFFFFh

je 00007FA3ACABE3F6h

mov ebp, eax

add ebx, ebx



sub esi, FFFFFFFCh

adc ebx, ebx

adc ecx, ecx

add ebx, ebx



sub esi, FFFFFFFCh

adc ebx, ebx

adc ecx, ecx

jne 00007FA3ACABE3A2h

inc ecx

Entrypoint Preview


add ebx, ebx



sub esi, FFFFFFFCh

adc ebx, ebx

adc ecx, ecx

add ebx, ebx


jne 00007FA3ACABE38Bh


sub esi, FFFFFFFCh

adc ebx, ebx


add ecx, 02h

cmp ebp, FFFFF300h

adc ecx, 01h

lea edx, dword ptr [edi+ebp]

cmp ebp, FFFFFFFCh

jbe 00007FA3ACABE391h

mov al, byte ptr [edx]

inc edx

mov byte ptr [edi], al

inc edi

dec ecx


jmp 00007FA3ACABE2E8h

nop

mov eax, dword ptr [edx]

add edx, 04h

mov dword ptr [edi], eax

add edi, 04h

sub ecx, 00000000h

Instruction

Programming Language: [ C ] VS98 (6.0) build 8168[RES] VS98 (6.0) cvtres build 1720[C++] VS98 (6.0) build 8168[LNK] VS98 (6.0) imp/exp build 8168

Name Virtual Address Virtual Size Is in Section

IMAGE_DIRECTORY_ENTRY_EXPORT 0x0 0x0

IMAGE_DIRECTORY_ENTRY_IMPORT 0x45b4c 0xb4 .rsrc

IMAGE_DIRECTORY_ENTRY_RESOURCE 0x36000 0xfb4c .rsrc

IMAGE_DIRECTORY_ENTRY_EXCEPTION 0x0 0x0

IMAGE_DIRECTORY_ENTRY_SECURITY 0x4d7d0 0x26f0

IMAGE_DIRECTORY_ENTRY_BASERELOC 0x0 0x0

IMAGE_DIRECTORY_ENTRY_DEBUG 0x0 0x0

IMAGE_DIRECTORY_ENTRY_COPYRIGHT 0x0 0x0

IMAGE_DIRECTORY_ENTRY_GLOBALPTR 0x0 0x0

IMAGE_DIRECTORY_ENTRY_TLS 0x0 0x0

IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 0x0 0x0

IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 0x0 0x0

IMAGE_DIRECTORY_ENTRY_IAT 0x0 0x0

IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 0x1f130 0x80 UPX0

IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 0x0 0x0

IMAGE_DIRECTORY_ENTRY_RESERVED 0x0 0x0

Name Virtual Address Virtual Size Raw Size Xored PE ZLIB Complexity File Type Entropy Characteristics

UPX0 0x1000 0x24000 0x0 False 0 empty 0.0 IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ

Rich Headers

Data Directories

Sections


Network Port Distribution

Total Packets: 105

UPX1 0x25000 0x11000 0x10200 False 0.985268289729 data 7.8779930428 IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ

.rsrc 0x36000 0x10000 0xfc00 False 0.808113219246 data 7.52725036342 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ

Name Virtual Address Virtual Size Raw Size Xored PE ZLIB Complexity File Type Entropy Characteristics

Name RVA Size Type Language Country

RT_ICON 0x362e4 0x528 GLS_BINARY_LSB_FIRST English United States

RT_ICON 0x36810 0x1428 dBase IV DBT of @.DBF, block length 5120, next free block index 40, next free block 0, next used block 0

English United States

RT_ICON 0x37c3c 0x2d28 data English United States

RT_ICON 0x3a968 0xa9cb PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced


RT_DIALOG 0x32324 0xb8 data English United States

RT_STRING 0x323dc 0x60 data English United States

RT_STRING 0x3243c 0x88 data English United States

RT_STRING 0x324c4 0x54 data English United States

RT_STRING 0x32518 0x34 data English United States

RT_GROUP_ICON 0x45338 0x3e data English United States

RT_VERSION 0x4537c 0x274 data English United States

RT_MANIFEST 0x455f4 0x555 XML 1.0 document, ASCII text, with CRLF line terminators

DLL Import

KERNEL32.DLL LoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect

MSVCRT.dll free

Description Data

LegalCopyright Mozilla

InternalName 7zS.sfx

FileVersion 18.05

CompanyName Mozilla

ProductName Firefox

ProductVersion 18.05

FileDescription Firefox

OriginalFilename 7zS.sfx.exe

Translation 0x0409 0x04b0

Language of compilation system Country where language is spoken Map


Network Behavior

Resources

Imports

Version Infos

Possible Origin


• 53 (DNS)

• 443 (HTTPS)

• 80 (HTTP)

Timestamp Source Port Dest Port Source IP Dest IP

Feb 21, 2021 01:23:42.928412914 CET 49725 80 192.168.2.3 35.155.87.117

Feb 21, 2021 01:23:43.129740000 CET 80 49725 35.155.87.117 192.168.2.3

Feb 21, 2021 01:23:43.129909992 CET 49725 80 192.168.2.3 35.155.87.117

Feb 21, 2021 01:23:43.130429029 CET 49725 80 192.168.2.3 35.155.87.117

Feb 21, 2021 01:23:43.331476927 CET 80 49725 35.155.87.117 192.168.2.3

Feb 21, 2021 01:23:43.442848921 CET 80 49725 35.155.87.117 192.168.2.3

Feb 21, 2021 01:23:43.442961931 CET 49725 80 192.168.2.3 35.155.87.117

Feb 21, 2021 01:23:44.644891024 CET 49728 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:44.644937992 CET 49729 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:44.847662926 CET 443 49729 44.236.48.31 192.168.2.3

Feb 21, 2021 01:23:44.847815990 CET 49729 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:44.848442078 CET 49729 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:44.848506927 CET 443 49728 44.236.48.31 192.168.2.3

Feb 21, 2021 01:23:44.848612070 CET 49728 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:44.849150896 CET 49728 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:45.050424099 CET 443 49729 44.236.48.31 192.168.2.3

Feb 21, 2021 01:23:45.052923918 CET 443 49728 44.236.48.31 192.168.2.3

Feb 21, 2021 01:23:45.052980900 CET 443 49729 44.236.48.31 192.168.2.3

Feb 21, 2021 01:23:45.053036928 CET 49729 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:45.053041935 CET 443 49729 44.236.48.31 192.168.2.3

Feb 21, 2021 01:23:45.053073883 CET 443 49729 44.236.48.31 192.168.2.3

Feb 21, 2021 01:23:45.053138971 CET 49729 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:45.055820942 CET 443 49728 44.236.48.31 192.168.2.3

Feb 21, 2021 01:23:45.055860043 CET 443 49728 44.236.48.31 192.168.2.3

Feb 21, 2021 01:23:45.055891991 CET 49728 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:45.055922031 CET 49728 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:45.055954933 CET 443 49728 44.236.48.31 192.168.2.3

Feb 21, 2021 01:23:45.056102037 CET 49728 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:45.071691036 CET 49728 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:45.071779013 CET 49729 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:45.072613955 CET 49728 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:45.074162960 CET 49728 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:45.074218035 CET 49729 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:45.274070978 CET 443 49729 44.236.48.31 192.168.2.3

Feb 21, 2021 01:23:45.274111032 CET 443 49729 44.236.48.31 192.168.2.3

Feb 21, 2021 01:23:45.274167061 CET 49729 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:45.274230957 CET 49729 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:45.274975061 CET 443 49728 44.236.48.31 192.168.2.3

Feb 21, 2021 01:23:45.275007010 CET 443 49728 44.236.48.31 192.168.2.3

Feb 21, 2021 01:23:45.275062084 CET 49728 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:45.275094986 CET 49728 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:45.275676966 CET 49728 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:45.277296066 CET 443 49728 44.236.48.31 192.168.2.3

Feb 21, 2021 01:23:45.277374983 CET 49728 443 192.168.2.3 44.236.48.31

TCP Packets


Feb 21, 2021 01:23:45.277544975 CET 443 49729 44.236.48.31 192.168.2.3

Feb 21, 2021 01:23:45.277615070 CET 49729 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:45.278187990 CET 443 49728 44.236.48.31 192.168.2.3

Feb 21, 2021 01:23:45.278228045 CET 443 49728 44.236.48.31 192.168.2.3

Feb 21, 2021 01:23:45.278323889 CET 49728 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:45.282090902 CET 49729 443 192.168.2.3 44.236.48.31

Feb 21, 2021 01:23:45.381151915 CET 49732 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.382103920 CET 49733 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.427129030 CET 443 49732 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.427234888 CET 49732 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.427880049 CET 443 49733 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.427973032 CET 49733 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.428061962 CET 49732 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.428814888 CET 49733 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.473948956 CET 443 49732 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.473974943 CET 443 49732 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.473992109 CET 443 49732 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.474008083 CET 443 49732 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.474036932 CET 49732 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.474071980 CET 49732 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.474488974 CET 443 49733 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.477018118 CET 443 49732 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.477128983 CET 49732 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.477140903 CET 443 49733 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.477160931 CET 443 49733 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.477178097 CET 443 49733 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.477204084 CET 49733 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.477257967 CET 49733 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.480346918 CET 443 49733 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.480953932 CET 49733 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.490745068 CET 49733 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.491076946 CET 49732 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.491245031 CET 49733 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.491548061 CET 49732 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.491566896 CET 49733 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.520524025 CET 443 49728 44.236.48.31 192.168.2.3

Feb 21, 2021 01:23:45.524482965 CET 443 49729 44.236.48.31 192.168.2.3

Feb 21, 2021 01:23:45.536559105 CET 443 49733 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.536694050 CET 443 49733 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.536711931 CET 443 49732 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.536755085 CET 443 49733 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.536771059 CET 49733 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.536801100 CET 49733 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.536911964 CET 443 49733 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.536927938 CET 443 49733 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.536959887 CET 443 49732 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.536992073 CET 443 49732 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.537026882 CET 49733 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.537071943 CET 49732 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.537103891 CET 49732 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.537194014 CET 443 49732 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.537246943 CET 443 49732 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.537262917 CET 443 49733 13.224.96.162 192.168.2.3

Feb 21, 2021 01:23:45.537331104 CET 49732 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.537461042 CET 49733 443 192.168.2.3 13.224.96.162

Feb 21, 2021 01:23:45.538292885 CET 49732 443 192.168.2.3 13.224.96.162



Feb 21, 2021 01:22:51.062041044 CET 50200 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:22:51.110786915 CET 53 50200 8.8.8.8 192.168.2.3

Feb 21, 2021 01:22:52.476252079 CET 51281 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:22:52.527959108 CET 53 51281 8.8.8.8 192.168.2.3

UDP Packets


Feb 21, 2021 01:22:53.910063982 CET 49199 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:22:53.915158987 CET 50620 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:22:53.961580038 CET 53 49199 8.8.8.8 192.168.2.3

Feb 21, 2021 01:22:53.973233938 CET 53 50620 8.8.8.8 192.168.2.3

Feb 21, 2021 01:22:55.324569941 CET 64938 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:22:55.377518892 CET 53 64938 8.8.8.8 192.168.2.3

Feb 21, 2021 01:22:56.619436979 CET 60152 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:22:56.671044111 CET 53 60152 8.8.8.8 192.168.2.3

Feb 21, 2021 01:22:57.720863104 CET 57544 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:22:57.769581079 CET 53 57544 8.8.8.8 192.168.2.3

Feb 21, 2021 01:22:58.875772953 CET 55984 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:22:58.937350988 CET 53 55984 8.8.8.8 192.168.2.3

Feb 21, 2021 01:22:59.892302990 CET 64185 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:22:59.957537889 CET 53 64185 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:00.061630011 CET 65110 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:00.113430023 CET 53 65110 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:00.909101963 CET 64185 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:00.965965033 CET 53 64185 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:01.202502012 CET 58361 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:01.251348972 CET 53 58361 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:01.909109116 CET 64185 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:01.966286898 CET 53 64185 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:02.191656113 CET 63492 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:02.240434885 CET 53 63492 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:02.971446037 CET 60831 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:03.020020008 CET 53 60831 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:03.956406116 CET 64185 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:03.981857061 CET 60100 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:04.015860081 CET 53 64185 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:04.030819893 CET 53 60100 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:05.135250092 CET 53195 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:05.183896065 CET 53 53195 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:06.109028101 CET 50141 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:06.157891035 CET 53 50141 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:07.051289082 CET 53023 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:07.108325005 CET 53 53023 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:08.003674030 CET 64185 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:08.060903072 CET 53 64185 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:08.278072119 CET 49563 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:08.329540968 CET 53 49563 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:10.152112007 CET 51352 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:10.212368011 CET 53 51352 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:11.356726885 CET 59349 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:11.405545950 CET 53 59349 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:12.627676010 CET 57084 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:12.676616907 CET 53 57084 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:28.108849049 CET 58823 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:28.157969952 CET 53 58823 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:29.759469986 CET 57568 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:29.820246935 CET 53 57568 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:42.802278996 CET 50540 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:42.867436886 CET 53 50540 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:43.100639105 CET 54366 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:43.159143925 CET 53 54366 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:43.166420937 CET 53034 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:43.223934889 CET 53 53034 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:44.091286898 CET 57762 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:44.142791033 CET 53 57762 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:44.560369015 CET 55435 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:44.608866930 CET 53 55435 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:44.719257116 CET 50713 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:44.786983967 CET 53 50713 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:45.290653944 CET 56132 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:45.355911016 CET 53 56132 8.8.8.8 192.168.2.3



Feb 21, 2021 01:23:45.682940960 CET 58987 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:45.734615088 CET 53 58987 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:46.046883106 CET 56579 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:46.098305941 CET 53 56579 8.8.8.8 192.168.2.3

Feb 21, 2021 01:23:50.864659071 CET 60633 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:23:50.933037996 CET 53 60633 8.8.8.8 192.168.2.3

Feb 21, 2021 01:24:03.624521017 CET 61292 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:24:03.673295975 CET 53 61292 8.8.8.8 192.168.2.3

Feb 21, 2021 01:24:09.762056112 CET 63619 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:24:09.820967913 CET 53 63619 8.8.8.8 192.168.2.3

Feb 21, 2021 01:24:13.093055010 CET 64938 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:24:13.144689083 CET 53 64938 8.8.8.8 192.168.2.3

Feb 21, 2021 01:24:13.850284100 CET 61946 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:24:13.899166107 CET 53 61946 8.8.8.8 192.168.2.3

Feb 21, 2021 01:24:14.081475973 CET 64938 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:24:14.133091927 CET 53 64938 8.8.8.8 192.168.2.3

Feb 21, 2021 01:24:14.845295906 CET 61946 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:24:14.894074917 CET 53 61946 8.8.8.8 192.168.2.3

Feb 21, 2021 01:24:15.100153923 CET 64938 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:24:15.151701927 CET 53 64938 8.8.8.8 192.168.2.3

Feb 21, 2021 01:24:15.861507893 CET 61946 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:24:15.910463095 CET 53 61946 8.8.8.8 192.168.2.3

Feb 21, 2021 01:24:17.095712900 CET 64938 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:24:17.147783041 CET 53 64938 8.8.8.8 192.168.2.3

Feb 21, 2021 01:24:17.861715078 CET 61946 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:24:17.910439968 CET 53 61946 8.8.8.8 192.168.2.3

Feb 21, 2021 01:24:21.113451958 CET 64938 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:24:21.165438890 CET 53 64938 8.8.8.8 192.168.2.3

Feb 21, 2021 01:24:21.881704092 CET 61946 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:24:21.930587053 CET 53 61946 8.8.8.8 192.168.2.3

Feb 21, 2021 01:24:38.854480028 CET 64910 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:24:38.903454065 CET 53 64910 8.8.8.8 192.168.2.3

Feb 21, 2021 01:24:42.471494913 CET 52123 53 192.168.2.3 8.8.8.8

Feb 21, 2021 01:24:42.545460939 CET 53 52123 8.8.8.8 192.168.2.3


Timestamp Source IP Dest IP Trans ID OP Code Name Type Class

Feb 21, 2021 01:23:42.802278996 CET 192.168.2.3 8.8.8.8 0xc188 Standard query (0)


A (IP address) IN (0x0001)

Feb 21, 2021 01:23:44.560369015 CET 192.168.2.3 8.8.8.8 0xb3c3 Standard query (0)

firefox.com A (IP address) IN (0x0001)

Feb 21, 2021 01:23:45.290653944 CET 192.168.2.3 8.8.8.8 0x1f0c Standard query (0)

www.firefox.com A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Feb 21, 2021 01:22:59.957537889 CET

8.8.8.8 192.168.2.3 0x26a7 No error (0) bouncer-bouncer-elb.prod.mozaws.net

52.23.121.221 A (IP address) IN (0x0001)

Feb 21, 2021 01:22:59.957537889 CET


3.214.32.170 A (IP address) IN (0x0001)

Feb 21, 2021 01:22:59.957537889 CET


18.210.96.88 A (IP address) IN (0x0001)

Feb 21, 2021 01:23:00.965965033 CET


52.23.121.221 A (IP address) IN (0x0001)

Feb 21, 2021 01:23:00.965965033 CET


3.214.32.170 A (IP address) IN (0x0001)

DNS Queries

DNS Answers


Feb 21, 2021 01:23:00.965965033 CET


18.210.96.88 A (IP address) IN (0x0001)

Feb 21, 2021 01:23:01.966286898 CET


52.23.121.221 A (IP address) IN (0x0001)

Feb 21, 2021 01:23:01.966286898 CET


3.214.32.170 A (IP address) IN (0x0001)

Feb 21, 2021 01:23:01.966286898 CET


18.210.96.88 A (IP address) IN (0x0001)

Feb 21, 2021 01:23:04.015860081 CET


52.23.121.221 A (IP address) IN (0x0001)

Feb 21, 2021 01:23:04.015860081 CET


3.214.32.170 A (IP address) IN (0x0001)

Feb 21, 2021 01:23:04.015860081 CET


18.210.96.88 A (IP address) IN (0x0001)

Feb 21, 2021 01:23:08.060903072 CET


52.23.121.221 A (IP address) IN (0x0001)

Feb 21, 2021 01:23:08.060903072 CET


3.214.32.170 A (IP address) IN (0x0001)

Feb 21, 2021 01:23:08.060903072 CET


18.210.96.88 A (IP address) IN (0x0001)

Feb 21, 2021 01:23:42.867436886 CET

8.8.8.8 192.168.2.3 0xc188 No error (0) download-stats.mozilla.org


CNAME (Canonical name)

IN (0x0001)

Feb 21, 2021 01:23:42.867436886 CET

8.8.8.8 192.168.2.3 0xc188 No error (0) download-stats.r53-2.services.mozilla.com

35.155.87.117 A (IP address) IN (0x0001)

Feb 21, 2021 01:23:42.867436886 CET

8.8.8.8 192.168.2.3 0xc188 No error (0) download-stats.r53-2.services.mozilla.com

52.40.50.138 A (IP address) IN (0x0001)

Feb 21, 2021 01:23:44.608866930 CET

8.8.8.8 192.168.2.3 0xb3c3 No error (0) firefox.com 44.236.48.31 A (IP address) IN (0x0001)

Feb 21, 2021 01:23:44.608866930 CET


Feb 21, 2021 01:23:44.608866930 CET


Feb 21, 2021 01:23:45.355911016 CET

8.8.8.8 192.168.2.3 0x1f0c No error (0) www.firefox.com fxc-prod.moz.works CNAME (Canonical name)

IN (0x0001)

Feb 21, 2021 01:23:45.355911016 CET

8.8.8.8 192.168.2.3 0x1f0c No error (0) fxc-prod.moz.works

dzlgdtxcws9pb.cloudfront.net

CNAME (Canonical name)

IN (0x0001)

Feb 21, 2021 01:23:45.355911016 CET

8.8.8.8 192.168.2.3 0x1f0c No error (0) dzlgdtxcws9pb.cloudfront.net

13.224.96.162 A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class


HTTP Request Dependency Graph

HTTP Packets


Session ID Source IP Source Port Destination IP Destination Port Process

0 192.168.2.3 49725 35.155.87.117 80 C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe

TimestampkBytestransferred Direction Data

Feb 21, 2021 01:23:43.130429029 CET

1273 OUT GET /stub/v8/aurora/aurora/en-GB/1/1/10/0/17134/0/0/11/0/9/0//0/0/43/42/0/0/0/0/0/1/0/0/0/0/0/1/1/0/1/Unknown//0/0 HTTP/1.1Range: bytes=0-User-Agent: NSIS InetBgDL (Mozilla)Host: download-stats.mozilla.orgConnection: Keep-Alive

Feb 21, 2021 01:23:43.442848921 CET

1274 IN HTTP/1.1 200 OKAlt-Svc: clearContent-Type: text/plain; charset=utf-8Date: Sun, 21 Feb 2021 00:23:43 GMTStrict-Transport-Security: max-age=15768000Via: 1.1 googleX-Frame-Options: DENYContent-Length: 0Connection: keep-alive

Timestamp Source IPSourcePort Dest IP

DestPort Subject Issuer

NotBefore

NotAfter

JA3 SSL ClientFingerprint JA3 SSL Client Digest

Feb 21, 2021 01:23:45.053041935 CET

44.236.48.31 443 192.168.2.3 49729 CN=firefox.com CN=R3, O=Let's Encrypt, C=US

CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.

Tue Feb 09 23:10:15 CET 2021 Wed Oct 07 21:21:40 CEST 2020

Tue May 11 00:10:15 CEST 2021 Wed Sep 29 21:21:40 CEST 2021

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=R3, O=Let's Encrypt, C=US

CN=DST Root CA X3, O=Digital Signature Trust Co.

Wed Oct 07 21:21:40 CEST 2020

Wed Sep 29 21:21:40 CEST 2021

Feb 21, 2021 01:23:45.055860043 CET

44.236.48.31 443 192.168.2.3 49728 CN=firefox.com CN=R3, O=Let's Encrypt, C=US

CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.

Tue Feb 09 23:10:15 CET 2021 Wed Oct 07 21:21:40 CEST 2020

Tue May 11 00:10:15 CEST 2021 Wed Sep 29 21:21:40 CEST 2021

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=R3, O=Let's Encrypt, C=US

CN=DST Root CA X3, O=Digital Signature Trust Co.

Wed Oct 07 21:21:40 CEST 2020

Wed Sep 29 21:21:40 CEST 2021

Feb 21, 2021 01:23:45.477018118 CET

13.224.96.162 443 192.168.2.3 49732 CN=www.firefox.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Wed Jun 24 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009

Sat Jul 24 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US

CN=Amazon Root CA 1, O=Amazon, C=US

Thu Oct 22 02:00:00 CEST 2015

Sun Oct 19 02:00:00 CEST 2025

HTTPS Packets


Code Manipulations

Statistics

Behavior

• Firefox Installer.exe

• setup-stub.exe

• iexplore.exe

• iexplore.exe


CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

Mon May 25 14:00:00 CEST 2015

Thu Dec 31 02:00:00 CET 2037


OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Wed Sep 02 02:00:00 CEST 2009

Wed Jun 28 19:39:16 CEST 2034

Feb 21, 2021 01:23:45.480346918 CET

13.224.96.162 443 192.168.2.3 49733 CN=www.firefox.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Wed Jun 24 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009

Sat Jul 24 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US


Thu Oct 22 02:00:00 CEST 2015

Sun Oct 19 02:00:00 CEST 2025



Mon May 25 14:00:00 CEST 2015

Thu Dec 31 02:00:00 CET 2037


OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Wed Sep 02 02:00:00 CEST 2009

Wed Jun 28 19:39:16 CEST 2034

Timestamp Source IPSourcePort Dest IP

DestPort Subject Issuer

NotBefore

NotAfter

JA3 SSL ClientFingerprint JA3 SSL Client Digest


Click to jump to process

System Behavior

File ActivitiesFile Activities


Start date: 21/02/2021

Path: C:\Users\user\Desktop\Firefox Installer.exe

Wow64 process (32bit): true

Commandline: 'C:\Users\user\Desktop\Firefox Installer.exe'

Imagebase: 0x400000

File size: 327360 bytes

MD5 hash: F0FFD6B22E2E284850F3933EDE927790

Has elevated privileges: true

Has administrator privileges: true

Programmed in: C, C++ or other language

Reputation: low

File Path Access Attributes Options Completion CountSourceAddress Symbol

C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C read data or list directory | synchronize

device directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 40B45A CreateDirectoryW

C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe read attributes | synchronize | generic write

device synchronous io non alert | non directory file

success or wait 1 40C577 CreateFileW

C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\postSigningData read attributes | synchronize | generic write


success or wait 1 40C577 CreateFileW

File Path Completion CountSourceAddress Symbol

C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\postSigningData success or wait 1 40B6BB DeleteFileW

C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe success or wait 1 40B6BB DeleteFileW

Analysis Process: Firefox Installer.exe PID: 5328 Parent PID: 5688Analysis Process: Firefox Installer.exe PID: 5328 Parent PID: 5688

General

File CreatedFile Created

File DeletedFile Deleted

File WrittenFile Written


File Path Offset Length Value Ascii Completion CountSourceAddress Symbol


unknown 262144 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 e8 81 e9 50 86 d2 e9 50 86 d2 e9 50 86 d2 2a 5f d9 d2 eb 50 86 d2 e9 50 87 d2 4f 50 86 d2 2a 5f db d2 e6 50 86 d2 bd 73 b6 d2 e3 50 86 d2 2e 56 80 d2 e8 50 86 d2 52 69 63 68 e9 50 86 d2 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 3f ca 4d 58 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 66 00 00 00 d8 02 00 00 08 00 00 34 33 00 00 00 10 00 00 00 80 00 00 00 00 40

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..*_...P...P..OP..*_...P...s...P...V...P..Rich.P..........PE..L...?.MX.................f..........43............@

success or wait 1 40C7E5 WriteFile


unknown 202272 22 29 f5 2c b5 d6 f7 d2 f7 d7 59 da d6 69 a6 96 b5 a6 67 5b a6 6f 2b 25 6a cd 34 2b 68 a2 f9 db 2a c4 d6 95 a2 29 9d 2b 49 ce b8 2b cf 9c 65 5c a9 5a 52 b9 57 0c 2b 19 57 d3 60 00 00 00 00 00 00 3e e3 ed e7 de 22 22 22 22 a8 8a c4 44 47 c2 7c 76 ba e9 7d 6d 7d 75 b6 b6 b4 db 5d 2f 6b 4c cd f5 4a f6 4d a2 6d 0a 5a f1 05 6b a5 15 cc 8c e3 33 3a 67 19 db 3a e3 49 e7 ca 33 a6 54 a5 69 5c ab 86 39 c5 33 8f 4d c0 00 00 00 00 00 01 e6 8f 6b 3a 2a 85 22 26 b1 10 ac 55 cd f0 5a ed a5 f4 bd f4 d7 4b e9 69 6d 7d 2d 69 b4 ce d3 2b 5c bd 6d 33 11 5d a9 31 35 a5 e2 b3 94 44 e7 19 c4 e7 4c eb 45 6b 9e 33 8e 35 ae 54 ce 91 95 69 9e 78 63 11 95 63 ff c4 00 1d 01 01 00 03 00 03 01 01 01 00 00 00 00 00 00 00 00 00 01 02 03 05 06 07 04 08 09 ff da 00 08 01 01 10 00 00 00 f7

").,......Y..i....g[.o+%j.4+h...*....).+I..+..e\.ZR.W.+.W.`......>....""""...DG.|v..}m}u....]/kL..J.M.m.Z..k.....3:g..:.I..3.T.i\..9.3.M.........k:*."&...U..Z......K.im}-i...+\.m3.].15....D....L.Ek.3.5.T...i.xc..c..........................................



C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\postSigningData

unknown 200 63 61 6d 70 61 69 67 6e 25 33 44 25 32 35 32 38 6e 6f 74 25 32 42 73 65 74 25 32 35 32 39 25 32 36 63 6f 6e 74 65 6e 74 25 33 44 25 32 35 32 38 6e 6f 74 25 32 42 73 65 74 25 32 35 32 39 25 32 36 65 78 70 65 72 69 6d 65 6e 74 25 33 44 25 32 35 32 38 6e 6f 74 25 32 42 73 65 74 25 32 35 32 39 25 32 36 6d 65 64 69 75 6d 25 33 44 25 32 35 32 38 64 69 72 65 63 74 25 32 35 32 39 25 32 36 73 6f 75 72 63 65 25 33 44 25 32 35 32 38 6f 74 68 65 72 25 32 35 32 39 25 32 36 75 61 25 33 44 63 68 72 6f 6d 65 25 32 36 76 61 72 69 61 74 69 6f 6e 25 33 44 25 32 35 32 38 6e 6f 74 25 32 42 73 65 74 25 32 35 32 39

campaign%3D%2528not%2Bset%2529%26content%3D%2528not%2Bset%2529%26experiment%3D%2528not%2Bset%2529%26medium%3D%2528direct%2529%26source%3D%2528other%2529%26ua%3Dchrome%26variation%3D%2528not%2Bset%2529



File Path Offset Length Completion CountSourceAddress Symbol

C:\Users\user\Desktop\Firefox Installer.exe unknown 4096 success or wait 33 40C6CC ReadFile








Path: C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe


Commandline: .\setup-stub.exe

Imagebase: 0x400000


MD5 hash: 34D82BBBC56EB436EDF3D77EBA96AD26




Reputation: low


C:\Users\user\AppData\Local\Temp\ read data or list directory | synchronize


object name collision 1 40579B CreateDirectoryW

File ReadFile Read

Analysis Process: setup-stub.exe PID: 2600 Parent PID: 5328Analysis Process: setup-stub.exe PID: 2600 Parent PID: 5328

General

File CreatedFile Created


C:\Users\user\AppData\Local\Temp\nsf82AF.tmp read attributes | synchronize | generic read


success or wait 1 405D27 GetTempFileNameW

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp read attributes | synchronize | generic read



C:\Users read data or list directory | synchronize



C:\Users\user read data or list directory | synchronize



C:\Users\user\AppData read data or list directory | synchronize



C:\Users\user\AppData\Local read data or list directory | synchronize



C:\Users\user\AppData\Local\Temp read data or list directory | synchronize



C:\Users\user\AppData\Local\Temp\nsf82B0.tmp read data or list directory | synchronize


success or wait 1 40575B CreateDirectoryW

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\System.dll read attributes | synchronize | generic write


success or wait 1 405CE5 CreateFileW



object name collision 9 405CE5 CreateFileW




C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UAC.dll read attributes | synchronize | generic write



C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UserInfo.dll read attributes | synchronize | generic write



C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UserInfo.dll read attributes | synchronize | generic write



C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\bgstub.jpg read attributes | synchronize | generic write



C:\Program Files\nsa82E0.tmp read attributes | synchronize | generic read



C:\Program Files read data or list directory | synchronize



C:\Program Files\nsa82E0.tmp read data or list directory | synchronize



C:\Program Files\nsa82E0.tmp\nsv8310.tmp read attributes | synchronize | generic read








C:\Program Files\nsv8311.tmp read attributes | synchronize | generic read



C:\Program Files\nsv8311.tmp read data or list directory | synchronize



C:\Program Files\nsv8311.tmp\nsv8312.tmp read attributes | synchronize | generic read



C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\CityHash.dll read attributes | synchronize | generic write



C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\stub_common.css read attributes | synchronize | generic write



C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\stub_common.js read attributes | synchronize | generic write



C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\WebBrowser.dll read attributes | synchronize | generic write






C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing.html read attributes | synchronize | generic write



C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing_page.css read attributes | synchronize | generic write



C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing.js read attributes | synchronize | generic write






C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\InetBgDL.dll read attributes | synchronize | generic write



C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\download.exe read attributes | synchronize | generic read | generic write


success or wait 4 6C3C1371 CreateFileW



object name collision 1 6C3C14BF InternetOpenUrlW




C:\Users\user\AppData\Local\Microsoft\Windows\INetCache read data or list directory | synchronize











C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies read data or list directory | synchronize


















C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\_temp read attributes | synchronize | generic read | generic write


success or wait 1 6C3C1371 CreateFileW


File Path Completion CountSourceAddress Symbol

C:\Users\user\AppData\Local\Temp\nsf82AF.tmp success or wait 1 4035C1 DeleteFileW

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp success or wait 1 405904 DeleteFileW

C:\Program Files\nsa82E0.tmp success or wait 1 4058B6 DeleteFileW

C:\Program Files\nsa82E0.tmp\nsv8310.tmp success or wait 1 4058B6 DeleteFileW

C:\Program Files\nsv8311.tmp success or wait 1 4058B6 DeleteFileW

C:\Program Files\nsv8311.tmp\nsv8312.tmp success or wait 1 4058B6 DeleteFileW

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\download.exe success or wait 8 4058B6 DeleteFileW

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\_temp success or wait 1 4058B6 DeleteFileW

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\download.exe success or wait 1 4058B6 DeleteFileW

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\bgstub.jpg success or wait 1 4058B6 DeleteFileW

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\CityHash.dll success or wait 1 4058B6 DeleteFileW

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\InetBgDL.dll success or wait 1 4058B6 DeleteFileW

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing.html success or wait 1 4058B6 DeleteFileW

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing.js success or wait 1 4058B6 DeleteFileW

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing_page.css success or wait 1 4058B6 DeleteFileW

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\stub_common.css success or wait 1 4058B6 DeleteFileW

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\stub_common.js success or wait 1 4058B6 DeleteFileW

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\System.dll success or wait 1 4058B6 DeleteFileW

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UAC.dll success or wait 1 4058B6 DeleteFileW

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UserInfo.dll success or wait 1 4058B6 DeleteFileW

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\WebBrowser.dll success or wait 1 4058B6 DeleteFileW


File DeletedFile Deleted

File WrittenFile Written


C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\System.dll unknown 11776 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 31 93 d2 ee 75 f2 bc bd 75 f2 bc bd 75 f2 bc bd f6 ee b2 bd 73 f2 bc bd 75 f2 bd bd 61 f2 bc bd b6 fd e1 bd 72 f2 bc bd 21 d1 8c bd 71 f2 bc bd 16 d0 96 bd 74 f2 bc bd 8a d2 b8 bd 74 f2 bc bd 52 69 63 68 75 f2 bc bd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 1a ca 4d 58 00 00 00 00 00 00 00 00 e0 00 0e 21 0b 01 06 00 00 20 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u...u...u.......s...u...a.......r...!...q.......t.......t...Richu...........................PE..L.....MX...........!..... .

success or wait 1 405D85 WriteFile

C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UAC.dll unknown 18432 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 44 48 02 22 00 29 6c 71 00 29 6c 71 00 29 6c 71 00 29 6d 71 50 29 6c 71 83 21 31 71 0b 29 6c 71 c7 2f 6a 71 01 29 6c 71 54 0a 5d 71 02 29 6c 71 ff 09 68 71 01 29 6c 71 52 69 63 68 00 29 6c 71 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 6c 4b 50 4a 00 00 00 00 00 00 00 00 e0 00 0e 21 0b 01 06 00 00 34 00 00 00 10 00 00 00 00 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......DH.".)lq.)lq.)lq.)mqP)lq.!1q.)lq./jq.)lqT.]q.)lq..hq.)lqRich.)lq........................PE..L...lKPJ...........!.....4.........




C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\UserInfo.dll unknown 4096 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4b 84 f1 e4 0f e5 9f b7 0f e5 9f b7 0f e5 9f b7 0f e5 9e b7 1a e5 9f b7 cc ea c2 b7 08 e5 9f b7 5b c6 af b7 0d e5 9f b7 f0 c5 9b b7 0e e5 9f b7 52 69 63 68 0f e5 9f b7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 1a ca 4d 58 00 00 00 00 00 00 00 00 e0 00 0e 21 0b 01 06 00 00 04 00 00 00 08 00 00 00 00 00 00 6a 12 00 00 00 10 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K...............................[...............Rich............................PE..L.....MX...........!................j......


C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\bgstub.jpg unknown 32768 ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 01 01 01 01 01 01 01 01 01 01 02 01 01 01 02 02 02 01 01 02 02 02 02 02 02 02 02 02 03 02 03 03 03 03 02 03 03 04 04 04 04 04 03 05 05 05 05 05 05 07 07 07 07 07 08 08 08 08 08 08 08 08 08 08 01 01 01 01 02 02 02 05 03 03 05 07 05 04 05 07 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 ff c2 00 11 08 03 36 05 40 03 00 11 00 01 11 01 02 11 01 ff c4 00 1f 00 01 00 03 01 00 02 03 01 01 00 00 00 00 00 00 00 00 01 02 03 04 07 08 05 06 09 0a 0b ff da 00 08 01 00 00 00 00 00 fe 30 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

......JFIF....................

..............................

..............................

..............................

..............................

..........6.@.................

..............................

.......0......................

...............




C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\CityHash.dll unknown 32768 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 2f c7 4a ed 6b a6 24 be 6b a6 24 be 6b a6 24 be e8 ba 2a be 7d a6 24 be 5d 80 2e be 24 a6 24 be 09 b9 37 be 68 a6 24 be 6b a6 25 be 23 a6 24 be 5d 80 2f be 68 a6 24 be 94 86 20 be 6a a6 24 be 52 69 63 68 6b a6 24 be 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 30 1b 87 50 00 00 00 00 00 00 00 00 e0 00 0e 21 0b 01 06 00 00 62 00 00 00 5e 00 00 00 00 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./.J.k.$.k.$.k.$...*.}.$.]...$.$...7.h.$.k.%.#.$.]./.h.$... .j.$.Richk.$.................PE..L...0..P...........!.....b...^.....


C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\stub_common.css

unknown 684 2f 2a 20 54 68 69 73 20 53 6f 75 72 63 65 20 43 6f 64 65 20 46 6f 72 6d 20 69 73 20 73 75 62 6a 65 63 74 20 74 6f 20 74 68 65 20 74 65 72 6d 73 20 6f 66 20 74 68 65 20 4d 6f 7a 69 6c 6c 61 20 50 75 62 6c 69 63 0a 20 2a 20 4c 69 63 65 6e 73 65 2c 20 76 2e 20 32 2e 30 2e 20 49 66 20 61 20 63 6f 70 79 20 6f 66 20 74 68 65 20 4d 50 4c 20 77 61 73 20 6e 6f 74 20 64 69 73 74 72 69 62 75 74 65 64 20 77 69 74 68 20 74 68 69 73 0a 20 2a 20 66 69 6c 65 2c 20 59 6f 75 20 63 61 6e 20 6f 62 74 61 69 6e 20 6f 6e 65 20 61 74 20 68 74 74 70 3a 2f 2f 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 4d 50 4c 2f 32 2e 30 2f 2e 20 2a 2f 0a 0a 62 6f 64 79 20 7b 0a 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 6d 61 72 67 69 6e

/* This Source Code Form is subject to the terms of the Mozilla Public. * License, v. 2.0. If a copy of the MPL was not distributed with this. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */..body {. height: 100%;. width: 100%;. margin




C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\stub_common.js

unknown 817 2f 2f 20 54 68 69 73 20 53 6f 75 72 63 65 20 43 6f 64 65 20 46 6f 72 6d 20 69 73 20 73 75 62 6a 65 63 74 20 74 6f 20 74 68 65 20 74 65 72 6d 73 20 6f 66 20 74 68 65 20 4d 6f 7a 69 6c 6c 61 20 50 75 62 6c 69 63 0a 2f 2f 20 4c 69 63 65 6e 73 65 2c 20 76 2e 20 32 2e 30 2e 20 49 66 20 61 20 63 6f 70 79 20 6f 66 20 74 68 65 20 4d 50 4c 20 77 61 73 20 6e 6f 74 20 64 69 73 74 72 69 62 75 74 65 64 20 77 69 74 68 20 74 68 69 73 0a 2f 2f 20 66 69 6c 65 2c 20 59 6f 75 20 63 61 6e 20 6f 62 74 61 69 6e 20 6f 6e 65 20 61 74 20 68 74 74 70 3a 2f 2f 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 4d 50 4c 2f 32 2e 30 2f 2e 0a 0a 77 69 6e 64 6f 77 2e 61 74 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 6c 6f 61 64 22 2c 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 69 66 20 28 70 61 72 73

// This Source Code Form is subject to the terms of the Mozilla Public.// License, v. 2.0. If a copy of the MPL was not distributed with this.// file, You can obtain one at http://mozilla.org/MPL/2.0/...window.attachEvent("onload", function() {. if (pars


C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\WebBrowser.dll

unknown 32768 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 b5 21 c1 15 f1 40 af 46 f1 40 af 46 f1 40 af 46 aa 28 ac 47 fb 40 af 46 aa 28 aa 47 76 40 af 46 fa 2f ab 47 fe 40 af 46 fa 2f ac 47 e3 40 af 46 fa 2f aa 47 d1 40 af 46 aa 28 ab 47 e5 40 af 46 aa 28 ae 47 fa 40 af 46 f1 40 ae 46 9e 40 af 46 37 2f a6 47 f4 40 af 46 37 2f af 47 f0 40 af 46 37 2f 50 46 f0 40 af 46 f1 40 38 46 f0 40 af 46 37 2f ad 47 f0 40 af 46 52 69 63 68 f1 40 af

MZ......................@...............................................!..L.!This program cannot be run in DOS [email protected][email protected][email protected].([email protected].([email protected]./[email protected]./[email protected]./[email protected].([email protected].([email protected][email protected][email protected]/[email protected]/[email protected]/[email protected].@[email protected]/[email protected].@.




C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing.html unknown 1031 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 0a 3c 21 2d 2d 20 54 68 69 73 20 53 6f 75 72 63 65 20 43 6f 64 65 20 46 6f 72 6d 20 69 73 20 73 75 62 6a 65 63 74 20 74 6f 20 74 68 65 20 74 65 72 6d 73 20 6f 66 20 74 68 65 20 4d 6f 7a 69 6c 6c 61 20 50 75 62 6c 69 63 0a 20 20 20 2d 20 4c 69 63 65 6e 73 65 2c 20 76 2e 20 32 2e 30 2e 20 49 66 20 61 20 63 6f 70 79 20 6f 66 20 74 68 65 20 4d 50 4c 20 77 61 73 20 6e 6f 74 20 64 69 73 74 72 69 62 75 74 65 64 20 77 69 74 68 20 74 68 69 73 0a 20 20 20 2d 20 66 69 6c 65 2c 20 59 6f 75 20 63 61 6e 20 6f 62 74 61 69 6e 20 6f 6e 65 20 61 74 20 68 74 74 70 3a 2f 2f 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 4d 50 4c 2f 32 2e 30 2f 2e 20 2d 2d 3e 0a 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 0a 3c 6d 65 74 61 20 63 68 61 72

<!doctype html>.. This Source Code Form is subject to the terms of the Mozilla Public. - License, v. 2.0. If a copy of the MPL was not distributed with this. - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->..<html>.<head>..<meta char


C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing_page.css

unknown 1137 2f 2a 20 54 68 69 73 20 53 6f 75 72 63 65 20 43 6f 64 65 20 46 6f 72 6d 20 69 73 20 73 75 62 6a 65 63 74 20 74 6f 20 74 68 65 20 74 65 72 6d 73 20 6f 66 20 74 68 65 20 4d 6f 7a 69 6c 6c 61 20 50 75 62 6c 69 63 0a 20 2a 20 4c 69 63 65 6e 73 65 2c 20 76 2e 20 32 2e 30 2e 20 49 66 20 61 20 63 6f 70 79 20 6f 66 20 74 68 65 20 4d 50 4c 20 77 61 73 20 6e 6f 74 20 64 69 73 74 72 69 62 75 74 65 64 20 77 69 74 68 20 74 68 69 73 0a 20 2a 20 66 69 6c 65 2c 20 59 6f 75 20 63 61 6e 20 6f 62 74 61 69 6e 20 6f 6e 65 20 61 74 20 68 74 74 70 3a 2f 2f 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 4d 50 4c 2f 32 2e 30 2f 2e 20 2a 2f 0a 0a 62 6f 64 79 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 0a 23 6c 61 62 65 6c 2c 0a 23 70 72 6f 67 72 65 73 73 5f 62 61 63 6b 67

/* This Source Code Form is subject to the terms of the Mozilla Public. * License, v. 2.0. If a copy of the MPL was not distributed with this. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */..body {. color: white;.}..#label,.#progress_backg




C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\installing.js unknown 2313 2f 2f 20 54 68 69 73 20 53 6f 75 72 63 65 20 43 6f 64 65 20 46 6f 72 6d 20 69 73 20 73 75 62 6a 65 63 74 20 74 6f 20 74 68 65 20 74 65 72 6d 73 20 6f 66 20 74 68 65 20 4d 6f 7a 69 6c 6c 61 20 50 75 62 6c 69 63 0a 2f 2f 20 4c 69 63 65 6e 73 65 2c 20 76 2e 20 32 2e 30 2e 20 49 66 20 61 20 63 6f 70 79 20 6f 66 20 74 68 65 20 4d 50 4c 20 77 61 73 20 6e 6f 74 20 64 69 73 74 72 69 62 75 74 65 64 20 77 69 74 68 20 74 68 69 73 0a 2f 2f 20 66 69 6c 65 2c 20 59 6f 75 20 63 61 6e 20 6f 62 74 61 69 6e 20 6f 6e 65 20 61 74 20 68 74 74 70 3a 2f 2f 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 4d 50 4c 2f 32 2e 30 2f 2e 0a 0a 2f 2f 20 4c 65 6e 67 74 68 20 6f 66 20 74 69 6d 65 20 28 6d 69 6c 6c 69 73 65 63 6f 6e 64 73 29 20 74 68 61 74 20 6f 6e 65 20 62 6c 75 72 62 20 73 74 61 79

// This Source Code Form is subject to the terms of the Mozilla Public.// License, v. 2.0. If a copy of the MPL was not distributed with this.// file, You can obtain one at http://mozilla.org/MPL/2.0/...// Length of time (milliseconds) that one blurb stay


C:\Users\user\AppData\Local\Temp\nsf82B0.tmp\InetBgDL.dll unknown 7168 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 15 29 74 42 51 48 1a 11 51 48 1a 11 51 48 1a 11 34 2e 1b 10 56 48 1a 11 51 48 1b 11 4e 48 1a 11 67 24 13 10 50 48 1a 11 67 24 1a 10 50 48 1a 11 67 24 e5 11 50 48 1a 11 67 24 18 10 50 48 1a 11 52 69 63 68 51 48 1a 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 2c 33 f8 5c 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 15 00 0a 00 00 00 0e 04 00 00 00 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)tBQH..QH..QH..4...VH..QH..NH..g$..PH..g$..PH..g$..PH..g$..PH..RichQH..................PE..L...,3.\...........!...............




C:\Users\user\AppData\Local\Temp\7zS0D4B9F5C\setup-stub.exe unknown 512 success or wait 163 405D56 ReadFile





File ReadFile Read


Registry ActivitiesRegistry Activities

Key Path Completion CountSourceAddress Symbol

HKEY_LOCAL_MACHINE\Software\Mozilla success or wait 1 40242E RegCreateKeyExW

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox success or wait 1 40242E RegCreateKeyExW

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\TaskBarIDs success or wait 1 40242E RegCreateKeyExW

Key Path Name Type Data Completion CountSourceAddress Symbol

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla Firefox Developer EditionInstallerTest

unicode Write Test success or wait 1 40248E RegSetValueExW

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\TaskBarIDs

C:\Program Files\Firefox Developer Edition

unicode CA9422711AE1A81C success or wait 1 40248E RegSetValueExW


Registry ActivitiesRegistry Activities



Path: C:\Program Files\internet explorer\iexplore.exe

Wow64 process (32bit): false

Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.mozilla.org/en-GB/firefox/installer-help/?channel=aurora&installer_lang=en-GB

Imagebase: 0x7ff6ccf40000


MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596




Reputation: high




Key Path Completion CountSourceAddress Symbol

Key Path Name Type Data Completion CountSourceAddress Symbol

Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol

Key CreatedKey Created

Key Value CreatedKey Value Created

Analysis Process: iexplore.exe PID: 6736 Parent PID: 2600Analysis Process: iexplore.exe PID: 6736 Parent PID: 2600

General

Analysis Process: iexplore.exe PID: 6788 Parent PID: 6736Analysis Process: iexplore.exe PID: 6788 Parent PID: 6736


Disassembly

Code Analysis




Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6736 CREDAT:17410 /prefetch:2

Imagebase: 0xca0000


MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A




Reputation: high




General


Documents

Automated Malware Analysis Report for Firefox Installer