ID: 342769 Cookbook: browseurl.jbs Time: 18:01:25 Date: 21/01/2021 Version: 31.0.0 Red Diamond Table of Contents
Table of Contents 2 Analysis Report http://www.godaddy.com/sso.secureserver-ins- servicecenter?tr 4 Overview 4 General Information 4 Detection 4 Signatures 4 Classification 4 Startup 4 Malware Configuration 4 Yara Overview 4 Sigma Overview 4 Signature Overview 4 Compliance: 5 Mitre Att&ck Matrix 5 Behavior Graph 5 Screenshots 6 Thumbnails 6 Antivirus, Machine Learning and Genetic Malware Detection 7 Initial Sample 7 Dropped Files 7 Unpacked PE Files 7 Domains 7 URLs 7 Domains and IPs 8 Contacted Domains 8 Contacted URLs 8 URLs from Memory and Binaries 8 Contacted IPs 10 Public 11 General Information 11 Simulations 12 Behavior and APIs 12 Joe Sandbox View / Context 13 IPs 13 Domains 13 ASN 13 JA3 Fingerprints 13 Dropped Files 13 Created / dropped Files 13 Static File Info 46 No static file info 46 Network Behavior 46 Network Port Distribution 46 TCP Packets 46 UDP Packets 48 DNS Queries 49 DNS Answers 50 HTTPS Packets 51 Code Manipulations 52 Statistics 52 Behavior 52 System Behavior 53 Analysis Process: iexplore.exe PID: 5972 Parent PID: 792 53
Copyright null 2021 Page 2 of 54 General 53 File Activities 53 Registry Activities 53 Analysis Process: iexplore.exe PID: 2592 Parent PID: 5972 53 General 54 File Activities 54 Registry Activities 54 Disassembly 54
Copyright null 2021 Page 3 of 54 Analysis Report http://www.godaddy.com/sso.secureser…ver-ins-servicecenter?tr
Overview
General Information Detection Signatures Classification
Sample URL: www.godaddy.com/s No high impact signatures. so.secureserver-ins-servic ecenter?tr Analysis ID: 342769 Most interesting Screenshot:
Ransomware
Miner Spreading
mmaallliiiccciiioouusss
malicious
Evader Phishing
sssuusssppiiiccciiioouusss
suspicious
cccllleeaann
clean
Exploiter Banker
Spyware Trojan / Bot
Adware
Score: 0 Range: 0 - 100 Whitelisted: false Confidence: 80%
Startup
System is w10x64 iexplore.exe (PID: 5972 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 2592 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5972 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup
Malware Configuration
No configs have been found
Yara Overview
No yara matches
Sigma Overview
No Sigma rule has matched
Signature Overview
Copyright null 2021 Page 4 of 54 • Compliance • Networking • System Summary
Click to jump to signature section
There are no malicious signatures, click here to show all signatures .
Compliance:
Uses new MSVCR Dlls
Uses secure TLS version for HTTPS connections
Mitre Att&ck Matrix
Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Windows Path Process Masquerading 1 OS File and Remote Data from Exfiltration Encrypted Eavesdrop on Remotely Modify Accounts Management Interception Injection 1 Credential Directory Services Local Over Other Channel 2 Insecure Track Device System Instrumentation Dumping Discovery 1 System Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Process LSASS Application Remote Data from Exfiltration Non- Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Injection 1 Memory Window Desktop Removable Over Application Redirect Phone Wipe Data Lockout Initialization Initialization Discovery Protocol Media Bluetooth Layer Calls/SMS Without Scripts Scripts Protocol 1 Authorization Domain At (Linux) Logon Script Logon Obfuscated Files Security Query SMB/Windows Data from Automated Application Exploit SS7 to Obtain Delete Accounts (Windows) Script or Information Account Registry Admin Shares Network Exfiltration Layer Track Device Device Device (Windows) Manager Shared Protocol 2 Location Cloud Data Drive Backups
Behavior Graph
Copyright null 2021 Page 5 of 54 Hide Legend Behavior Graph Legend: ID: 342769 Process URL: http://www.godaddy.com/sso.... Signature Startdate: 21/01/2021 Created File Architecture: WINDOWS DNS/IP Info Score: 0 Is Dropped
Is Windows Process
Number of created Registry Values
img6.wsimg.com started Number of created Files
Visual Basic
Delphi
iexplore.exe Java .Net C# or VB.NET
C, C++ or other language 2 62 Is malicious
Internet started
iexplore.exe
6 199
sni1gl.wpc.gammacdn.net dzlgdtxcws9pb.cloudfront.net
152.199.21.175, 443, 49764, 49765 143.204.6.224, 443, 49735, 49736 14 other IPs or domains EDGECASTUS AMAZON-02US United States United States
Screenshots
Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Copyright null 2021 Page 6 of 54 Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Source Detection Scanner Label Link www.godaddy.com/sso.secureserver-ins-servicecenter?tr 0% Avira URL Cloud safe
Dropped Files
No Antivirus matches
Unpacked PE Files
No Antivirus matches
Domains
No Antivirus matches
URLs
Source Detection Scanner Label Link https://accounts.firefox.com.cn/signup?entrypoint=mozilla.org-firefox- 0% URL Reputation safe desktop&form_type=button&utm_s https://accounts.firefox.com.cn/signup?entrypoint=mozilla.org-firefox- 0% URL Reputation safe desktop&form_type=button&utm_s
Copyright null 2021 Page 7 of 54 Source Detection Scanner Label Link https://accounts.firefox.com.cn/signup?entrypoint=mozilla.org-firefox- 0% URL Reputation safe desktop&form_type=button&utm_s https://ch.godaddcom/en-us/edgenew/servicecenter?trRoot 0% Avira URL Cloud safe https://accounts.firefox.com.cn/signup?entrypoint=mozilla.org- 0% URL Reputation safe globalnav&form_type=button&utm_source= https://accounts.firefox.com.cn/signup?entrypoint=mozilla.org- 0% URL Reputation safe globalnav&form_type=button&utm_source= https://accounts.firefox.com.cn/signup?entrypoint=mozilla.org- 0% URL Reputation safe globalnav&form_type=button&utm_source= https://accounts.firefox.com.cn/ 0% URL Reputation safe https://accounts.firefox.com.cn/ 0% URL Reputation safe https://accounts.firefox.com.cn/ 0% URL Reputation safe https://www.mozilla.or 0% URL Reputation safe https://www.mozilla.or 0% URL Reputation safe https://www.mozilla.or 0% URL Reputation safe https://scottjehl.github.io/picturefill/ 0% Avira URL Cloud safe https://www.mozilla.or/upgrade-your-browserservicecenter?trx 0% Avira URL Cloud safe https://ch.godaddRoot 0% Avira URL Cloud safe https://www.google.%/ads/ga-audiences 0% URL Reputation safe https://www.google.%/ads/ga-audiences 0% URL Reputation safe https://www.google.%/ads/ga-audiences 0% URL Reputation safe https://www.microsoft. 0% URL Reputation safe https://www.microsoft. 0% URL Reputation safe https://www.microsoft. 0% URL Reputation safe https://www.microsoftedgeinsider.com 0% URL Reputation safe https://www.microsoftedgeinsider.com 0% URL Reputation safe https://www.microsoftedgeinsider.com 0% URL Reputation safe https://ch.godaddg/en-US/firefox/new/servicecenter?trRoot 0% Avira URL Cloud safe
Domains and IPs
Contacted Domains
Name IP Active Malicious Antivirus Detection Reputation sni1gl.wpc.gammacdn.net 152.199.21.175 true false unknown dzlgdtxcws9pb.cloudfront.net 143.204.6.224 true false high firefox.com 44.236.48.31 true false high img1.wsimg.com unknown unknown false high www.firefox.com unknown unknown false high assets.adobedtm.com unknown unknown false high www.godaddy.com unknown unknown false high dc.services.visualstudio.com unknown unknown false high ch.godaddy.com unknown unknown false high ajax.aspnetcdn.com unknown unknown false high img6.wsimg.com unknown unknown false high
Contacted URLs
Name Malicious Antivirus Detection Reputation https://ch.godaddy.com/upgrade-your-browser false high
URLs from Memory and Binaries
Name Source Malicious Antivirus Detection Reputation https://outlook.live.com/owa/ edge[1].htm.3.dr false high https://img1.wsimg.com/wrhs/browser-deprecation- upgrade-your-browser[1].htm.3.dr false high warning/Safari.png launch-EN7b3d710ac67a4a1195648 false high https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649 458258f97dd.min[1].js.3.dr ac20bb7ce/RC929a5d988f01430b8db16b1888926c4 https://img1.wsimg.com/wrhs/browser-deprecation- upgrade-your-browser[1].htm.3.dr false high warning/Firefox.png https://ajax.aspnetcdn.com/ajax/jquery/jquery- edge[1].htm.3.dr false high 3.3.1.min.js
Copyright null 2021 Page 8 of 54 Name Source Malicious Antivirus Detection Reputation https://accounts.firefox.com.cn/signup? new[1].htm.3.dr false URL Reputation: safe unknown entrypoint=mozilla.org-firefox- URL Reputation: safe desktop&form_type=button&utm_s URL Reputation: safe https://products.office.com/en-us/academic/compare- edge[1].htm.3.dr false high office-365-education-plans https://ch.godaddcom/en-us/edgenew/servicecenter? {D8AE6A30-5C55-11EB-90E4-ECF4B false Avira URL Cloud: safe unknown trRoot B862DED}.dat.1.dr https://accounts.firefox.com.cn/signup? new[1].htm.3.dr false URL Reputation: safe unknown entrypoint=mozilla.org- URL Reputation: safe globalnav&form_type=button&utm_source= URL Reputation: safe https://firefox.com/set_hsts.gif new[1].htm.3.dr false high https://accounts.firefox.com/signup? new[1].htm.3.dr false high entrypoint=mozilla.org-firefox- desktop&form_type=button&utm_sour https://careers.mozilla.org new[1].htm.3.dr false high RC3832877df1a545d7a1b4ddb8df0b false high https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649 9113-source.min[1].js.3.dr ac20bb7ce/RC3832877df1a545d7a1b4ddb8df0b911 mwf-auto-init-main.var.min[1].js.3.dr false high https://github.com/scottjehl/picturefill/blob/master/Authors.txt; https://support.mozilla.org/en-US/kb/get-started-firefox- new[1].htm.3.dr false high lite https://accounts.firefox.com/signup? new[1].htm.3.dr false high entrypoint=mozilla.org- globalnav&form_type=button&utm_source=moz https://www.instagram.com/mozilla/ new[1].htm.3.dr false high aka.ms/mpegla edge[1].htm.3.dr false high https://accounts.firefox.com.cn/ new[1].htm.3.dr false URL Reputation: safe unknown URL Reputation: safe URL Reputation: safe gtm[1].js.3.dr false high https://github.com/krux/postscribe/blob/master/LICENSE. https://modernizr.com/download/?-eventlistener-picture- mwf-auto-init-main.var.min[1].js.3.dr false high printshiv-setclasses https://ch.godaddy.com/sso.secureserver-ins- {D8AE6A30-5C55-11EB-90E4-ECF4B false high servicecenter?tr B862DED}.dat.1.dr, ~DFF13F9A0F 498DCCE7.TMP.1.dr https://stats.g.doubleclick.net/j/collect analytics[1].js.3.dr false high aka.ms/thirdpartynotices edge[1].htm.3.dr false high github.com/requirejs/almond/LICENSE oneplayer[1].js.3.dr false high https://ch.godaddy.com/upgrade-your- {D8AE6A30-5C55-11EB-90E4-ECF4B false high browser6Aktualisiere B862DED}.dat.1.dr https://www.mozilla.or {D8AE6A30-5C55-11EB-90E4-ECF4B false URL Reputation: safe unknown B862DED}.dat.1.dr URL Reputation: safe URL Reputation: safe https://support.mozilla.org/kb/enhanced-tracking- new[1].htm.3.dr false high protection-firefox-desktop?utm_source=www.mozilla.o RC8d5bac65318549848ccec8ca785d false high https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649 9818-source.min[1].js.3.dr ac20bb7ce/RC8d5bac65318549848ccec8ca785d981 https://img1.wsimg.com/wrhs/browser-deprecation- upgrade-your-browser[1].htm.3.dr false high warning/Chrome.png www.apache.org/licenses/LICENSE-2.0 mwf-auto-init-main.var.min[1].js.3.dr false high aka.ms/arb-agreement-1 edge[1].htm.3.dr false high https://support.mozilla.org/en-US/products/firefox new[1].htm.3.dr false high https://accounts.firefox.com/ new[1].htm.3.dr false high https://app.adjust.com/7ycqdcp edge[1].htm.3.dr false high https://twitter.com/mozilla new[1].htm.3.dr false high https://www.skype.com/en/ edge[1].htm.3.dr false high launch-EN7b3d710ac67a4a1195648 false high https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649 458258f97dd.min[1].js.3.dr, RC ac20bb7ce/RC12afffb085e841c58e32a09f2bc541a 12afffb085e841c58e32a09f2bc541ae- source.min[1].js.3.dr https://bugzilla.mozilla.org/show_bug.cgi? new[1].htm.3.dr false high id=1122305#c8 https://scottjehl.github.io/picturefill/ mwf-auto-init-main.var.min[1].js.3.dr false Avira URL Cloud: safe unknown RC5e0d5bc731054fcea71fe7aa8026 false high https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649 0204-source.min[1].js.3.dr, launch- ac20bb7ce/RC5e0d5bc731054fcea71fe7aa8026020 EN7b3d710ac67a4a119564845 8258f97dd.min[1].js.3.dr https://assets.adobedtm.com/launch- launch-EN7b3d710ac67a4a1195648 false high EN7b3d710ac67a4a1195648458258f97dd.js 458258f97dd.min[1].js.3.dr https://ch.godaddy.com/upgrade-your-browser {D8AE6A30-5C55-11EB-90E4-ECF4B false high B862DED}.dat.1.dr
Copyright null 2021 Page 9 of 54 Name Source Malicious Antivirus Detection Reputation RC06d86346b2344149b1d309949472 false high https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649 6fe4-source.min[1].js.3.dr, launch-EN7b3 ac20bb7ce/RC06d86346b2344149b1d3099494726fe d710ac67a4a1195648458258f97dd. min[1].js.3.dr launch-EN7b3d710ac67a4a1195648 false high https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649 458258f97dd.min[1].js.3.dr ac20bb7ce/RC5237adfb30ed47c09efb9497e0b2ca6 https://twitter.com/firefox new[1].htm.3.dr false high https://donate.mozilla.org/en-US/?presets=50 new[1].htm.3.dr false high https://www.wikidata.org/wiki/Q698 new[1].htm.3.dr false high https://app.adjust.com/nvox21f edge[1].htm.3.dr false high RCd01d50cad19649bf857a22be5995 false high https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649 480e-source.min[1].js.3.dr ac20bb7ce/RCd01d50cad19649bf857a22be5995480 https://www.mozilla.or/upgrade-your- {D8AE6A30-5C55-11EB-90E4-ECF4B false Avira URL Cloud: safe unknown browserservicecenter?trx B862DED}.dat.1.dr https://ch.godaddy.com/sso.secureserver-ins- {D8AE6A30-5C55-11EB-90E4-ECF4B false high servicecenter?trRoot B862DED}.dat.1.dr https://ch.godaddRoot {D8AE6A30-5C55-11EB-90E4-ECF4B false Avira URL Cloud: safe unknown B862DED}.dat.1.dr https://onedrive.live.com/about/en-us/ edge[1].htm.3.dr false high https://schema.org/ new[1].htm.3.dr false high https://www.onenote.com/ edge[1].htm.3.dr false high RCccc398bde8404c43bd6b4a109bd8 false high https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649 bfbc-source.min[1].js.3.dr, launch-EN7b3 ac20bb7ce/RCccc398bde8404c43bd6b4a109bd8bfb d710ac67a4a1195648458258f97dd. min[1].js.3.dr https://img6.wsimg.com/ux/favicon/favicon-32x32.png imagestore.dat.3.dr false high RCee0d4d5fd4424c8390d703b105f8 false high https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649 2c31-source.min[1].js.3.dr ac20bb7ce/RCee0d4d5fd4424c8390d703b105f82c3 https://support.mozilla.org/en-US/kb/firefox-fire-tv new[1].htm.3.dr false high https://ch.godaddy.com/upgrade-your- {D8AE6A30-5C55-11EB-90E4-ECF4B false high browserservicecenter?trx B862DED}.dat.1.dr launch-EN7b3d710ac67a4a1195648 false high https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649 458258f97dd.min[1].js.3.dr ac20bb7ce/RC4219ad13a91f48d580c6ba0698f5e7d https://www.google.%/ads/ga-audiences analytics[1].js.3.dr false URL Reputation: safe low URL Reputation: safe URL Reputation: safe https://img1.wsimg.com/wrhs/browser-deprecation- upgrade-your-browser[1].htm.3.dr false high warning/logo.png https://img1.wsimg.com/wrhs/browser-deprecation- upgrade-your-browser[1].htm.3.dr false high warning/style-ltr.css https://www.microsoft. {D8AE6A30-5C55-11EB-90E4-ECF4B false URL Reputation: safe unknown B862DED}.dat.1.dr URL Reputation: safe URL Reputation: safe https://www.youtube.com/user/firefoxchannel new[1].htm.3.dr false high https://twitter.com/microsoftedge edge[1].htm.3.dr false high https://www.xbox.com/ edge[1].htm.3.dr false high https://www.instagram.com/firefox/ new[1].htm.3.dr false high schema.org/Organization edge[1].htm.3.dr false high https://www.microsoftedgeinsider.com edge[1].htm.3.dr false URL Reputation: safe unknown URL Reputation: safe URL Reputation: safe
https://channel9.msdn.com/ edge[1].htm.3.dr false high https://ch.godaddy.com/sso.secureserver-ins- {D8AE6A30-5C55-11EB-90E4-ECF4B false high servicecenter?tr/upgrade-your-browserservicecenter?trRoo B862DED}.dat.1.dr https://ch.godaddg/en-US/firefox/new/servicecenter? {D8AE6A30-5C55-11EB-90E4-ECF4B false Avira URL Cloud: safe unknown trRoot B862DED}.dat.1.dr
Contacted IPs
Copyright null 2021 Page 10 of 54 No. of IPs < 25% 25% < No. of IPs < 50% 50% < No. of IPs < 75%
75% < No. of IPs
Public
IP Domain Country Flag ASN ASN Name Malicious 143.204.6.224 unknown United States 16509 AMAZON-02US false 152.199.21.175 unknown United States 15133 EDGECASTUS false 44.236.48.31 unknown United States 16509 AMAZON-02US false
General Information
Joe Sandbox Version: 31.0.0 Red Diamond Analysis ID: 342769 Start date: 21.01.2021 Start time: 18:01:25 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 3m 58s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs Sample URL: www.godaddy.com/sso.secureserver-ins-servicec enter?tr Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 Number of analysed new started processes analysed: 10 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled AMSI enabled Analysis Mode: default Analysis stop reason: Timeout Detection: CLEAN Classification: clean0.win@3/167@10/3
Copyright null 2021 Page 11 of 54 Cookbook Comments: Adjust boot time Enable AMSI Browsing link: https://www.mozilla.org/firefox/new/ Browsing link: https://www.microsoft.com/edge/
Warnings: Show All Exclude process from analysis (whitelisted): ielowutil.exe, backgroundTaskHost.exe, svchost.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded IPs from analysis (whitelisted): 40.88.32.150, 52.255.188.83, 104.108.39.131, 2.20.17.59, 2.18.230.212, 104.18.164.34, 104.18.165.34, 172.217.23.40, 172.217.23.46, 23.211.5.92, 23.210.248.45, 152.199.19.160, 92.122.213.176, 92.122.213.193, 92.122.213.163, 92.122.213.160, 13.107.246.13, 92.122.213.194, 92.122.213.247, 23.210.249.93, 51.107.59.180, 65.55.44.109, 152.199.19.161, 23.210.248.85, 51.11.168.160 Excluded domains from analysis (whitelisted): mwf- service.akamaized.net, arc.msn.com.nsatc.net, www.mozilla.org.cdn.cloudflare.net, e13678.dscb.akamaiedge.net, cn- assets.adobedtm.com.edgekey.net, fs- wildcard.microsoft.com.edgekey.net, e11290.dspg.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, www.microsoft.com-c-3.edgekey.net, star-azurefd- prod.trafficmanager.net, watson.telemetry.microsoft.com, standard.t-0003.t- msedge.net, www.google-analytics.com, fs.microsoft.com, a1835.g2.akamai.net, global.vortex.data.trafficmanager.net, swn- breeziest-in.cloudapp.net, web.vortex.data.trafficmanager.net, c- s.cms.ms.akadns.net, az416426.vo.msecnd.net, wildcard-ipv6.godaddy.com.edgekey.net, t-0003.t- msedge.net, blobcollector.events.data.trafficmanager.net, c.s- microsoft.com-c.edgekey.net, cs9.wpc.v0cdn.net, e2836.g.akamaiedge.net, e6001.dscx.akamaiedge.net, a1449.dscg2.akamai.net, fs- wildcard.microsoft.com.edgekey.net.globalredir.aka dns.net, arc.msn.com, www.microsoft.com-c- 3.edgekey.net.globalredir.akadns.net, iecvlist.microsoft.com, go.microsoft.com, mscomajax.vo.msecnd.net, www.googletagmanager.com, img-prod-cms-rt- microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, statics- marketingsites-neu-ms-com.akamaized.net, www- google-analytics.l.google.com, cs22.wpc.v0cdn.net, ie9comview.vo.msecnd.net, www- googletagmanager.l.google.com, e1723.g.akamaiedge.net, Edge-Prod-FRAr3.ctrl.t- 0003.t-msedge.net, web.vortex.data.microsoft.com, skypedataprdcoleus17.cloudapp.net, c.s- microsoft.com, global- wildcard.wsimg.com.edgekey.net, e7808.dscg.akamaiedge.net, go.microsoft.com.edgekey.net, dc.trafficmanager.net, a1963.g2.akamai.net, dc.applicationinsights.microsoft.com, www.mozilla.org, e13678.dscg.akamaiedge.net, az725175.vo.msecnd.net, www.microsoft.com, wcpstatic.microsoft.com Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. VT rate limit hit for: http://www.godaddy.com/sso.secureserver-ins- servicecenter?tr
Simulations
Behavior and APIs
No simulations
Copyright null 2021 Page 12 of 54 Joe Sandbox View / Context
IPs
No context
Domains
No context
ASN
No context
JA3 Fingerprints
No context
Dropped Files
No context
Created / dropped Files
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\LQYZZ2FU\www.microsoft[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 379 Entropy (8bit): 4.726962945635686 Encrypted: false SSDEEP: 6:JFK1rUFjgemKm6GVqHlJR3/rqMl8w1rUFjgemKm6GVqHlJR3/rqMl8w1rUFjgemA:JsrUGemKm6Fz5/Gi3rUGemKm6Fz5/Giy MD5: 6BA335003B5EEBFEC618A4D22A5AFBEB SHA1: BAA3BF90DDDC25A62D4CE6127B0880A3797E51BB SHA-256: BB84932301FD11C05BBB115D4B2449E80037D519FDFA50F2B4F811EEE84D89D0 SHA-512: 579315FFFDED376CEEC2B8E579A824886D6DD604E5D36B07053E2B8D7865BAA5C516B1572E1D391E8A8103410BDD5537C466854C5340B2E3AFE0E8837952DDC C Malicious: false Reputation: low Preview:
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D8AE6A2E-5C55-11EB-90E4-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 30296 Entropy (8bit): 1.8562594003276338 Encrypted: false SSDEEP: 192:r6/Z1ZQ2cZ9WcUtcc3fc3RMcTchcojfcR8X:r6h7HaUfVPR8yBD/ MD5: 15ABA25B0FCCE0AB9F4E9F73B8AA46E7 SHA1: 70A3980C9B4CC54F57DC79D8DEC4975BB2E4BAF6 SHA-256: 7F6B7794B5F57AB40847FC2D3CC95D0436B43A818D95C6DBE7BF08A4D31F2AB0 SHA-512: 2E21714258ECCF81DC075A3D95D5A5031E6DA776ECCE0E4915B570573620CD897B58E7B1B77DBA5FB657F5A393BCCB24E98FB7E75AE31AD0288D3F10CAE40C 84 Malicious: false Reputation: low
Copyright null 2021 Page 13 of 54 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D8AE6A2E-5C55-11EB-90E4-ECF4BB862DED}.dat Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D8AE6A30-5C55-11EB-90E4-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 55864 Entropy (8bit): 2.1189003588144444 Encrypted: false SSDEEP: 384:r6h2J+gjhUwNT2Yp1D9VhO+ZdOEXvEAQs+yTj1WeajjV0w4ObLqG0OPUZ:7e+KEfEAiEj1W9Z+ MD5: EB788AFA721B7D2B9C3FDB3EBB094BAE SHA1: 56463CFF1B2EFC3B85856B2E4FD067C87D13FC73 SHA-256: FE081DBD526811B16D6000DC8A74B84AB8C49C9F12DA2DA854F371472A1E5F4A SHA-512: F8807F42C7DE80618FBF622E181B6CC7F5F1CABF7C18887D849D21A0CC6B123B54E4519BAF7FF7FF0B9E87F3D80A63F7C9F13B401FD29F6D66EAC13E581E7B1 C Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DF276BA8-5C55-11EB-90E4-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 16984 Entropy (8bit): 1.5637040182890072 Encrypted: false SSDEEP: 48:IwjZGcproGwparZG4pQlGrapbSfrGQpK9G7HpRpsTGIpG:rj/ZwQr76VBSfFAcTp4A MD5: 47AA1906143EFBA2BB923973D578F883 SHA1: D1C5409045DC923F5BE0605FABA2E53B925B787D SHA-256: 19CCE7AD67B433669E91E1184E261119608A13AEA5F4CBDDB83DB6948B092B35 SHA-512: 52B3F40D21EFE6BA9316AF499006F8A9C7B86108E7F07C5349C531EDB8F03EB0190D6CF0163FEEC93E5B81523283ED076921EB761B6F48A9085BB5BCE146ACF C Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: data Category: modified Size (bytes): 27219 Entropy (8bit): 5.390413374743081 Encrypted: false SSDEEP: 192:+ggYrZU6AhtZF+g9uEg64W8ACAvQ1aO+ZDLPZNa+0X:+g7kGgu+8yvXOePRY/X MD5: A3E8D697F5290FCB8A83598AC023D064 SHA1: 315BA96837F1E0A97E0AB9216E0074B17B606427 SHA-256: 16A4375F6247EB07B0F2A933239FFB0D59237E07620E558EBCB1E7B5467FEC9B SHA-512: 6BE345E208E768055848AE5572EAAF40A1B10B86C3A65C0D78A747DE0BE8465A3BF0EA5BF0954602EA8C9533B0AB31A9B17EEFA1355C9031F84A1CFC252A997 5 Malicious: false Reputation: low Preview: 3.h.t.t.p.s.:././.i.m.g.6...w.s.i.m.g...c.o.m./.u.x./.f.a.v.i.c.o.n./.f.a.v.i.c.o.n.-.3.2.x.3.2...p.n.g...... PNG...... IHDR...... szz....lIDATx.....%Y...g.m.m..n....w...m.=.5.N..TN../...... '...42...R.{[email protected](.F.A;..c\.1.....)S.q.yV..x..`)Tb<..Y...#7.+...`...P...... &.bR.1m.S[5V.d.ze....K....(vc.p4..d...... b.j....\..P..0i.C.L.X..ix..)..!h..V(.....N..I...0.. 3.]...... Q.?.|.$.T..I'...[.[...... &H*B}...);x.\.^..Q`..".&Hz..`X.kS4.Aa.k...&..Q8(....v..)...O. .b.z`t.^...a.....4..?
Copyright null 2021 Page 14 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Firefox[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 128 x 128, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 5334 Entropy (8bit): 7.838231384483405 Encrypted: false SSDEEP: 96:nAu+AHnrY06Ja8iJLaLhXnPjRBlMNhIj9QIWIJplEpf7GF:nAuDHrIJ3NXnPjRMsj93W0R MD5: 1AA50EE8234957E5B50D71E053281A6A SHA1: 0B2C40A2898618CBD89F91B410C4F5219659E7AD SHA-256: 6DF5062B41E82B1990D96B5AA75906011C9792C1B750BD80C1741AA35B14768A SHA-512: 36207D2F052B933A1F6D9269EB44C139BE4D7490D66FE541A50B90542B52966807E8068F49C77AD4CBF9C436C681DF2ABD1615217A6F6C4BBC8B868026EA8166 Malicious: false Reputation: low IE Cache URL: https://img1.wsimg.com/wrhs/browser-deprecation-warning/Firefox.png Preview: .PNG...... IHDR...... PLTE...... ^..q..m.W5..X.S".....o.i...k.(5....q"...... g..q. ?..s. C..s.. ..o...... O...X.l...H...... *3"h...... R...... _...... 1.(-.....".J...:..?.|..V..k..A.. N..C.....m....%...L.8$.#2.?!.*+.1(.E..W..Q...... K...... D.....J.]..r...@...... b..!7J.u..G.m.....~..x...... ;.}...... y...D.i..s..Q...I.f...... i...... =....F.....M...A....`.....U...:.\..B.":...T.. M..6.d.....m.....Y.....J...P.>.C....^..a...&7.6'.E.y.....i..2.....e..Z.....Q..W..-(4...'...< ...... 3-...!...,2...... v.!D.u...I."?...-.h...... :.y.~..?%..9.q..H.....L"....;,.E'....3.. i.FC.2...z..p.MH.. .h&d.BW.b/..&...... ) .OO.()..oS.U:[email protected].#E.0.90..J..!#.irv`Lj.0\Q5Z.V0..%.!.s.(..$t..oa...... ?...v.6isGP..F.s...... e.....+.\...k=-\.H..v.y.l+....R..L.+..I..E../~..=...=tRNS...... % ..G..<(.T>...^.`}c..Z...... b;....W.....7....F.....HIDATx..wLSQ.....[..^q.X...@..:P\h...nM.;.Q$j.b..A...B...DQq...... gk]x..#9...... _.i1...b.5.7......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Inter-Bold.2767206dcd8d[1].woff
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 128008, version 0.0 Category: downloaded Size (bytes): 128008 Entropy (8bit): 7.992898440141803 Encrypted: true SSDEEP: 3072:HkBSrKM/GaqdnWU5bCai8smfuWCYMAaldZgVwtTcw:EBSd/G3Wc/HMjguD MD5: 2767206DCD8DAAD63C6A24A5940DF79E SHA1: 6A3A6EDB7CA2D8B8E1542746884C8A34C12B9F07 SHA-256: CD06B48A60088DF701245B307DD894310B007981E5E5788FC8A3596078D86F76 SHA-512: 60486299BEFE6BEC30D05941D45EBBD619C254F254B0FE28622746984B17BAAB8521B46D83D3990CAB6C72C410F885C0853CC750752E83830A94429DE26D144E Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/fonts/Inter-Bold.2767206dcd8d.woff Preview: wOFF...... GDEF...0...... '..GPOS...... 9....v..zeGSUB..<...... 3.Fq-.OS/2..V....V...`#.q0cmap..WD..*B..n.....glyf...... '...... head...<...4...6.3..hhea...p...... $. ...hmtx...... %....Ploca...h...p.....I.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Inter-Italic.fb463a63312e[1].woff
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 128744, version 0.0 Category: downloaded Size (bytes): 128744 Entropy (8bit): 7.991803796908608 Encrypted: true SSDEEP: 3072:WV4M/KC4C3nBTUnCYdu3lTZNMFrCFeS2fUH0TIb:0/KTC3nZUCP3PNMF+0S3H0K MD5: FB463A63312E849ABE41DDE33C65F447 SHA1: 45AFBD1F96661246C3BEC6F7EE52CF69C248BC5C SHA-256: 331B438811C1BC469B9205E889CAB1B91DD67246D2688148131ABD2BB6FF6973 SHA-512: 3B2F39E40CDFA9148D3528E71CC23C6C3BAF3EB6A0793C86EE91712170C4E3BF8758A6947CFA6AD75540459C5202A71533515C8D346035EF4FA9CF62D276F930 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/fonts/Inter-Italic.fb463a63312e.woff Preview: wOFF...... `...... GDEF...0...... '..GPOS...... 6.....nR.~GSUB..9...... 3.Fq-.OS/2..S....[...`%.n.cmap..T<..*B..n.....glyf..~....K...... =.head...... 4...6....hhea...... $...$ .u..hmtx...$...... %.l=AAloca...4...w...... maxp...... name...... =....1.d9post...... %...d.i...x.%..D.Q...s.=..W.o..J"@...^..I..L..`3S)d.*.b.e... .d+H...z..G.cc.".e_v.|...... N.K .nR .%..RyA*c..T>..gR.B*G..Tk..3..z..Vm.6m.vm...... 9..e].5]...P...%<.c.h./..o.V.5..lv.uY.s}8.0.r.wy\p...p.`.....q..a....x....]...... {q...... ?.y..u..._.....~...... L}.g....5..;...E...... #..Z|l..dM.b- .e]..,.. ..8..,..<..*...[.._...... >...~..X.2V....xn...~.V..i.{..u....ex.#a.G.(.B._.7...... S...... w..d...)..t2..."~J*.&.x.\...R|..!f...... 8..D..0..Yx...... U...33....]...Z... [email protected]"..(=u!.. BU.g+J.e.JZ...R.T..h+zDJ*....v^.>w...... {...3.9....B.B...E'a4o...... !".....qB.^.-....iB...... ]..L..{...P"L.1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Inter-Regular.1a7f90ff1f1e[1].woff
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 119692, version 0.0
Copyright null 2021 Page 15 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Inter-Regular.1a7f90ff1f1e[1].woff
Category: downloaded Size (bytes): 119692 Entropy (8bit): 7.992112364546725 Encrypted: true SSDEEP: 1536:iG0xjRyVTq1BbK/CqmPRQ84bhXL+G4hJhSSt5ePW5Xnn7AGeKFSfJItW6LvuFuNW:3V4M/RkG0rFn7beKFSWgAvNTXBFwB MD5: 1A7F90FF1F1EC75ED4E588736C6A81B0 SHA1: 4AA855FF81ADD61992B3DBE23C7643DA6FF528FC SHA-256: 764615D6C413495C77873FF78A401DA53D49EB0ABB8554495BCAB483CA1ED2E4 SHA-512: 542ACE63C0F9BCABDAD9029E1C516D123DBD91BFBE764CD9F430C493F601B76D55C0F9037A20EA0F1B12CAAFB04B6F1D70B85C948A502CAD7D73AAE347B08 FCA Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/fonts/Inter-Regular.1a7f90ff1f1e.woff Preview: wOFF...... GDEF...0...... '..GPOS...... 6.....nR.~GSUB..9...... 3.Fq-.OS/2..S....V...`%.m.cmap..T8..*B..n.....glyf..~|...... s..head...l...2...6....hhea...... $.. .chmtx...... &..%.n..bloca...... m.....(P.maxp...X...... [email protected]%f.post...... %...d.i.ZEx.%..D.Q...s.=..W.o..J"@...^..I..L..`3S)d.*.b.e... .d+H...z..G.cc.".e_v.|...... N.K .nR. %..RyA*c..T>..gR.B*G..Tk..3..z..Vm.6m.vm...... 9..e].5]...P...%<.c.h./..o.V.5..lv.uY.s}8.0.r.wy\p...p.`.....q..a....x....]...... {q...... ?.y..u..._.....~...... L}.g....5..;...E...... #..Z|l..dM.b-. e]..,.. ..8..,..<..*...[.._...... >...~..X.2V....xn...~.V..i.{..u....ex.#a.G.(.B._.7...... S...... w..d...)..t2..."~J*.&.x.\...R|..!f...... 8..D..0..Yx...... U...33....]...Z... [email protected]"..(=u!..B U.g+J.e.JZ...R.T..h+zDJ*....v^.>w...... {...3.9....B.B...E'a4o...... !".....qB.^.-....iB...... ]..L..{...P"L.1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Safari[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 128 x 128, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 7175 Entropy (8bit): 7.922609296000784 Encrypted: false SSDEEP: 192:fuJ0+zNsMG3OJIVXQ8oK7RgKDNQXxm5oNRN0b:fuJbK3jK3KRNQo5oNRab MD5: BDB8B329A8DD71C276215560A8A09B44 SHA1: 1928D7FE2B1A9AAA5CC21C5FB07BDD2291BAA9B7 SHA-256: 56FE01D22EC671B3D6E8D6A4E29695A63BEE3FB4299EED4EDDD97C71AA72F07B SHA-512: A7E9AD17B8B0CD1564C138A59FFC72BC0497D9A5807A2207CB2D02F8FEB4E890734E3A87CD762CCE87C8996D45622A53A9E954F66D081B8BF917DD7596CEFED 3 Malicious: false Reputation: low IE Cache URL: https://img1.wsimg.com/wrhs/browser-deprecation-warning/Safari.png Preview: .PNG...... IHDR...... PLTE...444)))...... BBB...... ```...... ddd...... PM...... e.....k...... q...... }...... ^...... v.... .y...... }..q....5...... x...... &...... j.....W..t...... 3...... n..y.%...... >..)..%z...... a...... a.*...... }...... V.....t..j..k.3...... "...... r..Z...... +...N....m...... GCF...... x..'l.A...z....<..e...... #|...... m..c..k.P...... 9...b...... D....`..){.4...y.D~.Q..{...... 3}.\..p....a.....4q.....u....r....F.._...Dn...... #x..M..k..i.....}..N. %cv.N.Rr....4..y...$#1No...k..o...Y[.$*...... k{.ck._\.,-....,=3...`.a9MHDVo3=Fs..q..x.m T....'tRNS...... 1$G..@...~.~a.x..].UB...!..r...... IDATx..?..P..m).t(.t...vi...`..'8.I...pP8K.x..1 .pP.#.R...0...... {.b...^.N>.r.&....Sz....j4;.N..../..t..z.a.57j.....z...0`
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\black.ac47c78a3a28[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 567 Entropy (8bit): 4.4463055245617795 Encrypted: false SSDEEP: 12:trZvnlKIBN0ccSclrFfp8Srlgtgja7is4J1Qc+FJLuP4QyuBAio/:tVvnY+HfclrFfyAA4jeLZQyuBAiY MD5: AC47C78A3A288B3DA148551DF8DDA3D1 SHA1: 15130B30AABA7708CBFD4F45ECF59C610253E887 SHA-256: 8B63960D7892DD7524EA5208CB1EE5F053C7A300A460BA919193B9D9BF07C43B SHA-512: 54428662EDCF98B9278FC65B1790C7BF4EC6E116966D66B74FF780A5600119FAA52708667C6C1B89FC11C4007D0CDD15CB652E6758BC4E9ABF316064A0C7EA7D Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/protocol/img/icons/social/twitter/black.ac47c78a3a28.svg Preview:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines, with no line terminators Category: downloaded Size (bytes): 76138 Copyright null 2021 Page 16 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css[1].css Entropy (8bit): 5.056962656037093 Encrypted: false SSDEEP: 1536:/u8gS/av4WCOWeiFhXEGb1jgASA/AuAAKFKdnA+B+J+yQ3x3r33FOAxqP+6U:m8gPwWCOWem MD5: 38E3E62A54FEE0A389B8FB5B0677BB8E SHA1: 18F8DE9D1F7337FA01D6302AF95482E5302E75F0 SHA-256: B86D6C0041FC8A734CF3A32F53AEFAC127251AD5194ECC230A0FA5F80150A2A9 SHA-512: CC7706336734502803B494FEB370B86C8CA099B2DD9B740E6CC394BE9EAD13DA822EE050CAA9685DAEC35729AE9C03CE4895C6F7FF6FFD124E486B9E4E7951A 4 Malicious: false Reputation: low IE Cache URL: https://www.microsoft.com/en-us/edge/Assets/css?v1=01.21.u Preview: .invisible{visibility:hidden}#selectionsDisplay,#filteredSort select,.featureKeyIcon li{display:inline}.featureKey p,.edgeconsumerCatalogCategory .c-heading-2{display:inline- block}fieldset[data-category="brand"] .c-checkbox:nth-child(-n+7){display:block}fieldset[data-category="brand"] .c-checkbox,#resultWrapper,#filterSelections{display:n one}.featureKeyIcon img{width:24px;height:24px}.featureKey{padding-top:56px}.featureKey li{display:inline-block;margin-bottom:15px;margin-right:30px}.featureKey .c- image{display:inline-block;margin-right:10px}.featureKey img{width:34px}.filterBy{padding-top:48px}.c-price s{padding-right:5px}.edgeconsumerDeviceBottom::after{clear :both;content:"";display:table}#clearAllFilter{margin-right:20px}#clearAllFilter::after,#showAllFilter::after,.showAllButton::after{content:""!important}#showAllFilter,.s howAllButton.c-call-to-action{background:#fff!important;color:#0067b8;border:1px solid #0067b8;padding:10px;position:relative}#showAllFilter span,.showAllButton
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\edge[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators Category: downloaded Size (bytes): 190189 Entropy (8bit): 5.118783240379922 Encrypted: false SSDEEP: 1536:nKAQ5PXARUwbb33QRpHX097lQoWifmd6HPVVi3abyqIMRsV1tvqqDZLcPyyiIX9b:dQ5PXARUwbb3i1thHyqfM9jOZQ7Ww MD5: 90947D18A5AB79CE36692CB644549470 SHA1: DD78D8695F8E782DADD918E012AED32F1F82FA6C SHA-256: A52C3EE4692FFC31B80A2881F1AE1C51FD8E3DE1C95BC986F6A333D2A3E37124 SHA-512: D7F6D4DF320298EAF5E0EAEB2246E24C1664115EF9ADD1B679A1CED3231C00E13EE4A8929460B0D862B0F0DF6E6E226FED85D71149F107D831B7EA50CF8293E B Malicious: false Reputation: low IE Cache URL: https://www.microsoft.com/en-us/edge Preview: ........
.. .. .. ..C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\everyone.dcedbb8ac2c1[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 367 x 302, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 14150 Copyright null 2021 Page 17 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\everyone.dcedbb8ac2c1[1].png Entropy (8bit): 7.977159877000978 Encrypted: false SSDEEP: 384:IisQ2doHDD4NOnTgfyzmhgZjGVS2KauKeT4PneY:f3oekfyz8gZy2bTkeY MD5: DCEDBB8AC2C1D4BAC3DDCFD97C20420B SHA1: EA4BBD11A5B5F0909EF243F5A4E2366D9465E4BD SHA-256: 5C8BCF84DE3A99D00AC2C2D2E0F4D8C17C24BD41834FF781E527ED8F659202FD SHA-512: 6FDB8AF833C574D4B8BFEF772AF00FBCCFCE186E34AC47BFFF5CB61BF3D13480BF377BFC799F140B9ABEE35D479E53D950506B7FD55E8878E995AEDDA57856 88 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/firefox/new/desktop/ie8/everyone.dcedbb8ac2c1.png Preview: .PNG...... IHDR...o...... v.c.....PLTE...... v...... *...... >...t...... 8...... '...... u...... $...... -...... Q...... J.."...... (|...... O...... N...... p..3.....W..T..5..../...... s..G...... e..B..@..^..,~....|..z...... G...... 1..~..n..w..g..E...... c..:...... Y..:..u..[..<..l..i.....`...... (((...!....*...... ::: ###...... FFF556...... SSSLLL...... ppp@@A...... }}}...... www...... hhh...J6.4..#y.ddd^^]...+...... m?..~..u.uV.5&...... [email protected]..+..(.s .R.ZB...... M-...... iM.f...... V...%8"....g._7.._...... f.._...... w....#...... jc\[email protected])...@.*.....e.2Uf...... 0j.w._....;...R...... V+..:...... w...{...>J... !..m..1.;9.M...... h...=.Bqy{....=P...H..(.F....kbdq...=..niX..mv..$Ib.....D.3y...=...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fb-083993[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 168646 Entropy (8bit): 5.044051581582224 Encrypted: false SSDEEP: 3072:OzCPZkTP3bDLH0tfRqQ0xtLfj4ZDSIpTt813viY8R1j35Ap7LQZLPPJH7PAbOCxR:clZAXLkeedh MD5: 0DCFF2779D4542C11AD9C9C19DF8328D SHA1: D7EFAE8E66FA6B4C335826BFD8C56C6F142E4254 SHA-256: 440D8292ABDF80DD6E8A9D9FAEA83367CE57BD1A1A8D153EDC358DB5F97EFF35 SHA-512: CC747AA36ADEE4CBA4236F01820CE9661214C649DCF23227D7CF9187E24F2D15DBA43E9B706B30DC3D55060E08601575EAB0256306AEA28F3544BAD4BC33E95 3 Malicious: false Reputation: low IE Cache URL: https://www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/77-544ced/4f-ddf677/30- 261f7a/59-e7f1bf/61-241d9a/c0-c303e2/94-a42da6/fb-083993?ver=2.0 Preview: @charset "UTF-8";./*! | Copyright 2017 Microsoft Corporation | This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third P arty Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise.*/./*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */.body{margin:0}.context-uh
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\goog.27ed69741426[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 230 x 138, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 3252 Entropy (8bit): 7.891304652169931 Encrypted: false SSDEEP: 48:rhArUQMzLfJZnkUkJ7v1Rj4XrCfFvCEYvHV47j5U/3M35xDS1hVWua9eJnEqeGZy:rsZMzLbkUc9pLfFp8qn03Me7ouFEqhy MD5: 27ED69741426BCA966CA4C52D0BE8FF2 SHA1: C993409CA72B555B4EC8F7B71438E8A668DF495E SHA-256: 016EFF197798DC95DEC8F216FCF72334D33B39359077F9C1BA495AA97D93F24B SHA-512: DECD50FD0A31FA7540DB4F80143CAE5AC686788A3C0ECF145B0E165FD053F3B15E8DFB63170DA9F7EE47E102850225491EF26257E8B5A3843357C38A82A2DB88 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/firefox/new/desktop/ie8/goog.27ed69741426.png Preview: .PNG...... IHDR...... RPLTE...... W...... j...... U...t...... &...... i...... H...... U...... X.....c...... t...... H...... A...... c.._...... &...... R...... b..V..T...... J...... l...O...... ~H...... -...... [...... \...... d...... l.L...... L..D.."...... p..h...... [..v..q..i.....<..5...... F...... s..^...O...... =....I...... |..x..m...... %.....%...... V...... s.p..i..b;B...... IDATx...... @...Y..V.QQQ...... g. ....~..^.}[email protected]..%.....N+.$..,Rz...)gDQ3...... Z.' ..+$....~TUInU...i.i"k*...... 4q.U.SH...... Y..{V..&..QI...h.$Au...... =.T'q...2.F.{.....u%....:[email protected](.....'2.!...5...... {h.p.*..(..`...x.\{Z.?...%3..|...... f...).=...3.LT..,y..8.v._2.. (P&..O#.7.P...... cz......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\gtm-snippet.9f9cf2026c5f[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 514 Copyright null 2021 Page 18 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\gtm-snippet.9f9cf2026c5f[1].js Entropy (8bit): 5.088023472781701 Encrypted: false SSDEEP: 12:c65DRWyS/yr4tO8qN0S2bRRWGLKX+33vvVlh8Y6Vif:coRWyeUIOR0S0RRWG+u33XVT8Y9f MD5: 9F9CF2026C5FCAD6AF9F12A2E861FFDA SHA1: C93A6E6D6F5CB799700A0C3AFBF1966A0426AFB1 SHA-256: 5FF0C822CE892BAE85CA52C2616F7603787FFFD8C072A886A2607E0F630CE730 SHA-512: 305C776B1898EE46D7F249B316D8F601A3203AF610F362C9585C9913A08D3695CE79B4E78934390C6D25F051C86D6A0DB6F1574329F74835CACACC1D048C9633 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/js/BUNDLES/gtm-snippet.9f9cf2026c5f.js Preview: !function(){"use strict";var e=document.getElementsByTagName("html")[0].getAttribute("data-gtm-container-id");"function"==typeof Mozilla.dntEnabled&&!Mozilla.dn tEnabled()&&e&&function(e,t,n,a,o,g,m,r,i,l){for(e[a]=e[a]||[],e[a].push({"gtm.start":(new Date).getTime(),event:"gtm.js"}),m=t.getElementsByTagName(n)[0],i=o.length,l="/ /www.googletagmanager.com/gtm.js?id=@&l="+a;i--;)(g=t.createElement(n)).async=!0,g.src=l.replace("@",o[i]),m.parentNode.insertBefore(g,m)}(window,document,"scri pt","dataLayer",[e])}();
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\hero.e44596795d0f[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 512 x 371, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 18521 Entropy (8bit): 7.898545293243961 Encrypted: false SSDEEP: 384:QWqtSyZgybLUAZbPMdD6O4YaatyS8iglcgPkNQ8NX4QKjVb45emL/04o/sVNP:QrSyZgMUGNOgeyS8igllPAQ8NdKjV2Lh MD5: E44596795D0F3E910506777AB53F6227 SHA1: C9C737443A97B641B938D45AFAA3A8597CC3F9E4 SHA-256: EDCAB484312A28F54A872614F2DBFF1AC62E2E7CC8CBECA6F521F3B8CE927131 SHA-512: 253B7BABBDF57CF320F99CA1B7C1D84AC8C2105248CB71B69FEDDABECAD660D5C7A7026CDA0DBBC244301A908795792C1DDFE4591DDC48AEC7B6C1B4FAE5 9ADE Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/firefox/new/desktop/hero.e44596795d0f.png Preview: .PNG...... IHDR...... s...... A:....PLTE...... #@...... =6...... 7:_...... q...... ~...... 1S...... t...... s...... x...... xz|...... +o..;...... 4....QMN ).~..Y...... zqkb`rkdo...... #!!..aYT=99...... QSZBBE...014.`.'*J...... _]`...zrjm_Q.....{....{usu...... RI@...... y...... kpn`SH.LD.~r...i....._en.we...... k...... oa. u....1..zFJU...... L;0.....t...}l...... ot}.|oeF7.....5-&.~...... O?...... ^K...-".d..o.>/....cRgN...... n\.kW..D{^...... 5....x..P...... }.-QYi.yZap~..<...... J...... zLA.3..L...... ^..;n.%..o.. [#..~...... s..l.b..]..Q...... _....g....e\v..}.....N.I..~.3l.IW_s ....X.p...T.[0.)...... [.Z.kR.C...... tRNS.....k..E.IDATx...?K.@...... :..4.."4..LB7..Q.U...n]...... *}...;p."t..Z(...... rG.i>/...... j.bB.[MP.....\.'%.kF...M...|.2._b.P...8. [email protected].@b....{..i...... u....D..-q...... H...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\icon-common-voice.127fa3f5dcb0[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 4700 Entropy (8bit): 4.9721322351642705 Encrypted: false SSDEEP: 96:CCu3sfgBn/Hx+SZp8RLQ+SZpXCupG29KDlRkG29Kb:7+/RFTNFTfGbDQGbb MD5: 127FA3F5DCB0F737B14B9F29DAC4A2F4 SHA1: 1760C74EC1187EEA5436BBE492DFD2982A29F117 SHA-256: D7629546C07644EFC307CE7C3D39609916CF88964B68FD2C45437937B0545C84 SHA-512: CB8DB7ACC411B63B6AD32A84C2F2659A94DF5024958C6D763C99E142DB57632098FAD7F6BA88B5BF1A44BAAE109BBCE508B00551BFB4C3E881CBEE7E000DB 7E4 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/nav/icons/icon-common-voice.127fa3f5dcb0.svg Preview:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\passwords.a3e9f3026396[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 32 x 32, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 482 Entropy (8bit): 7.44908942431133 Encrypted: false SSDEEP: 12:6v/7sSHlcNONl01aoFFtwdOp6IAKZLUq7AM2E/TGhYOPalz:hSHloFWdGfAK13ZTmYp9 MD5: A3E9F3026396A0D324A2CD1C19766FEC SHA1: 7FBC4C5A7F6BA7EB4C5198708CB1DD969DE1175C SHA-256: 6C747BDE265A403B583D6019BD43C6245A01547479B812F5883F1F6ABD3E1321 SHA-512: DA65127AA1C77C4DDB773B5E44161FB1098D12ABEFECECA97F8C78AF766E231934F9BBAFA09215BD727BB1D822C5CBA88F64C3FD5F642D13E477338EEADD30 7A Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/firefox/new/desktop/ie8/passwords.a3e9f3026396.png Preview: .PNG...... IHDR...... D...... PLTE...uB.q>.tA.d2...... k>....`[email protected]=...a0....[.yG.l:.j=.\,....o.h.W.}L.uL.^-...... w.s...Q.i6._...... T...... ~...l....x.|V.f9.b4.(; G....I DAT8..Y..0.E_..&..AFifp..ng..,I..K.\....=.z..qf/..&r~...kpK]...+..^+..U.k...... z!jb...`..."N0.d.e..."#.N....v...6..OMF.0\..u.+U....~..yI.F&...... \2...L....<1...g.$.E:....p....1T}t....V..f\ZK.e...... c...Vvy.O....,.[|.G.....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\screen.19f69ea7f0ea[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 1040 x 412, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 14576 Entropy (8bit): 7.889418514122946 Encrypted: false SSDEEP: 384:Xqlu+6PXc8E0IfBlTm0BnYX+aadM6Cd9f3Oh4:Xq5SXe0mXaaOD+h4 MD5: 19F69EA7F0EA3ACBBF929E04201D916F SHA1: B28B727DA87D43AEF83D9FEF0256FB745F51E69C SHA-256: E9836D34AE366CB0148B3B5B01ECC16F2BC690725738746D8A7DBA81FEA47772 SHA-512: 66F08C2C83F4A8C7E8845597E08FE6A915783F94B92D3BB6F8ABE9B9FC4258A26047AD28AB741C122D3EC3DA0F59203F55F2CDFE4F5F933E6449D08DC173CE69 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/firefox/new/desktop/screen.19f69ea7f0ea.png Preview: .PNG...... IHDR...... W...... PLTE,.9005...99<...@@FQQS.E6...116...--2::=779RRT...... ""'...... >>D...-/7111CCGMMR``d==><=Cbbg*+/&&*336...'...... c..??@138...... !.G6....F5",93.1...... 9(&...AAB.E5ZZ^...=9867=vvx...... KKM4>K>5,}|.HHJ.j..n...... UUW...... %;...... '17.16.... 37...ggi'-9.07...a8:FFH5245+-.t..;:[email protected]!...C7...... 5,-...... q...... x.oor...... kkm....2.sru...... zz|.aV...... |...... 3...... k..O..~.....Y..J...... =+u...... i...... U..?|....K..:...... OC9...... O`...... _.....l..K...... B..<.`,...... tm.+...... T...v...*...9..(.P...... 'a.\-..".o....^..E..@Q.<..O.....0q.7[M..u...y.;>rW<.E9.q.H.E..Ym.._|3W...J=...Q.;...n.Xd*GT.Q\-J.~..z..t.jX.\-.._Q?O..B.z=.{;.....Y.....tRNS.\... .5.IDATx...... A..qfB.t.d..vu....T8m...~.3DC..!.....8I.D.?p.PqqB..H.gBH...d.9.....=...o/.m?.}t..)v5.2UU.2..l..=.Js2.F.rr..rN...r2..c...,.W.dU[.i0t...... #U.g.T..k..*bN..5E.k.He..kD..j.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\stub_attribution_code[1].json Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: downloaded Size (bytes): 267 Entropy (8bit): 5.554252011668252 Encrypted: false SSDEEP: 6:YEt6GKaeV2vSI95Bj9GfBHthf+CthfMl0kq/bm4xt6WMbXRjSX9ULGVYTrLY:YpdzV2v795BxGfBHff+CffMOkqz7I6YY MD5: A2DDC7A4C7075117BB8817F439BA0643 SHA1: 1A738B72C086A7E1B9C7DAA679AD2EE0751B58A1 SHA-256: E2F911A72FC480A4A874CDC19FA0942BFE255DB037A024A77B6A7E1B45087D00 SHA-512: 69E921EE7C119155860379219153FFC0DFB97AF306D6C7690224F88BBA0C557542BE598AA0118E1D6FD20A72A6E99F47DD6BCE85400538ADF7FD02C91F7F3A1D Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/en-US/firefox/stub_attribution_code/?referrer=&ua=ie
Copyright null 2021 Page 33 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\stub_attribution_code[1].json Preview: {"attribution_code": "c291cmNlPShub3Qgc2V0KSZtZWRpdW09KGRpcmVjdCkmY2FtcGFpZ249KG5vdCBzZXQpJmNvbnRlbnQ9KG5vdCBzZXQpJmV4cGVyaW1lbnQ9 KG5vdCBzZXQpJnZhcmlhdGlvbj0obm90IHNldCkmdWE9aWU.", "attribution_sig": "b4fb923dca856d72021d64cf01a452f5a37c0d351d679d6ac5a0f49ab8b499f0"}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\style-ltr[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 1788 Entropy (8bit): 5.03810887574202 Encrypted: false SSDEEP: 24:tSeyZltD3OTbjfwigrzK3EZjqe1r7wPKb1iXR7KWMpnpfM1HKsC1uVaQku8pF:tSVuvfwi8z5QKpCSpK1qMgF MD5: 3A39D6FF71EE3EBA907806A4DC3EB268 SHA1: 6253987B587709DE65C8F865D69B6E2E73BCDEC9 SHA-256: 1A029C78FCAA00ADD89F713FC8867099CA0028BEA0A925D9DB36D878E6E679F8 SHA-512: 085C9AEE72229A24936282DE43FFF93CD15695F65C987F9706FFF14C84130C7B5AA53E3048DAF1C8C8A10CD0B0EF335FD866DAC016159C38D95234F00F567EA3 Malicious: false Reputation: low IE Cache URL: https://img1.wsimg.com/wrhs/browser-deprecation-warning/style-ltr.css Preview: *,:after,:before{box-sizing:border-box}body,p{margin:0}body{background:#fff;color:#444;font-family:Helvetica,Arial,sans-serif}a:hover,a:link,a:visited{color:#09757a;text- decoration:none}a:hover{text-decoration:underline}a:active{color:#00a4a6}p{font-size:16px;line-height:24px}#content,#footer{min-width:840px}#card,#header-contai ner{width:90%;margin-left:auto;margin-right:auto}#header{background-color:#d8efef;z-index:-1;padding-bottom:100px}#header-container{padding-top:24px}#banner{mar gin-bottom:48px}#banner>img{margin-top:7px;height:32px}h1,h2{color:#111}h1{font-family:serif;font-size:46px;line-height:56px;max-width:550px;margin:0 0 24px;letter- spacing:.01em}h2{margin:0 0 32px;font-weight:400}#card{margin-top:-64px;padding:32px;background-color:#fff;border:1px solid #d4dbe0;border-radius:4px}#card: :after,#card::before{content:'';clear:both;display:table}#left,#right{float:left}#left{width:60%;max-width:570px}#right{width:40%;padding-left:32px;border-left:1px solid #d4dbe0}.pl #left{bo
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\sync.222890d2637e[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 230 x 138, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 3484 Entropy (8bit): 7.877486392282662 Encrypted: false SSDEEP: 48:uGJFtAFJl2d6xeWJGYtS6YhmLPqnx6zNqZzK90wxrSDsBuJOIvJStIxWgg8/GWW:1GFFZGsS6trqnxjzK9pxrSnoCJ7OWW MD5: 222890D2637EA88655FD925F6B05D018 SHA1: B39759CCD6245C1F9A284A97CEA8E4791FA9E7F5 SHA-256: 4C708BBECA27665CDE38FA9866415B91AF120EECC6742A2D6AE338245C9F3525 SHA-512: B34A65D19038AA4A7A884EBECFA99B9A8940880149666082765F730EFC5D6A249B0908266E3CEAB26CCDACFF240525D3AFCE5E836A240D3B1B8C0781CF34B14 A Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/firefox/new/desktop/ie8/sync.222890d2637e.png Preview: .PNG...... IHDR...... PLTE...... Y*....g6.....pP...... a...... X)...... e4.\,....oN_3...... a7...... D...... vY...qJ...... r..V&...... W(.*...qQ...... =.....Z,...... [.~ .tS....X..\;...... m...... |...... ]...... nN.hH...... [...l..lK...... m..uM....\...... {V.kB.g;....b5.....l....vW...... u...... ^0.....x.eE...... )...|.v.d....~.....r.._.a@...... #...... q.gA...... \;...... v..^.....7..;...... h=...... u..i..g.^=...... o..j..S...... |^...... X...j:..{..x.i..a...... 0.....yN...... o...... ~a...... P...... >..j._...... u.a8...qR...... t..\.sS...... WIDATx...e..@.....@Z...... ^(...... B.$].?7...}...... ]....*.3....u..!.[.m.o...... hy.!...1...?.J.R...,..`).m....YB....6...L..x...Ue.x9 .y.).t.w Ry...P..;:Ie.....~.3H..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\zap-08.fc201d70f76b[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 701 Entropy (8bit): 5.187522912405071 Encrypted: false SSDEEP: 12:tR1MnroDDuRHxlxbmZCG+AHJGdnuPGNatjU/EX4r629qZPjhlllSVtM:tR1MrofuRHxlduCG/pGdn8Gstix7qZPX MD5: FC201D70F76B12D96AFAD6A0BFEB2EC0 SHA1: 03995C3466E608A40F0C4B53C8A873AF450E7795 SHA-256: 6556778B93310D3432C248FAC858827D2CCF2168CDB64F4EF201756825A0808A SHA-512: D855E14F87699AE8A30AA22D3E33C0685DF97DE6180AC4BA6CF1314FFE525CEF0AD03DF66533E9F385FCF968F846EE045EC17EDC24308FC998DD230612BF8668 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/protocol/img/zaps/zap-08.fc201d70f76b.svg
Copyright null 2021 Page 34 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\zap-08.fc201d70f76b[1].svg Preview:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\zap-11.b89f1adfc49b[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 694 Entropy (8bit): 5.174301281541271 Encrypted: false SSDEEP: 12:tR1MnroDDuRHxlxbmZCG+AHJGdnuPGNatZowcynpqjhlllSVtM:tR1MrofuRHxlduCG/pGdn8GstvcQpqjj MD5: B89F1ADFC49BBDA3A88BD5E54919B5AC SHA1: 786975858081C817EF009C262D9F5CD4D12EA143 SHA-256: 93EE89D8ED60229DE409B9FDDA84118760C5357B4FACAB58D539E0B38E27EA33 SHA-512: F34EB6517FCFC24E4C6733C52712FEB259CC91A0F8F481E9F36868727725275232CF61D511C0135C9AA2DE96DC1FE00F0909BE9A7F567E931DF1C353E642F627 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/protocol/img/zaps/zap-11.b89f1adfc49b.svg Preview:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\zap-14.59889e9bbc67[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 761 Entropy (8bit): 5.1588153870944495 Encrypted: false SSDEEP: 12:tR1MnroDDuRHxlxbmZCG+AHJGdnuPGNatHtIZxUWRl4IrpFxYm8liAjhlllSVtM:tR1MrofuRHxlduCG/pGdn8GstACWRQm+ MD5: 59889E9BBC672B882DC1DF2CFA738EA2 SHA1: F13629CF661F5151DDAD305C3DD44ADE6A120A8D SHA-256: 4705CC89550E227D0056A5B80CA8A59BB7086B49F149450B1BAC4D8A09DA0AEB SHA-512: 007608EA322B9EE79C45BE702CCC1BEB5C8E41468F7AA1028EA1A8C200CD6C40A617C4A13CE2CF739C1093D20E4B0DB6C439C611230DE10BB09F837B00B9AD 6A Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/protocol/img/zaps/zap-14.59889e9bbc67.svg Preview:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\zap-16.fe39cc0d310d[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 674 Entropy (8bit): 5.196737216475909 Encrypted: false SSDEEP: 12:tR1MnroDDuRHxlxbmZCG+AHJGdnuPGNatFvlFubP6Ul5IxN5jhlllSVtM:tR1MrofuRHxlduCG/pGdn8GstFqR5ijj MD5: FE39CC0D310D8533B975235B7E914B22 SHA1: 2AB322DBAED1E8DFE07E19E805DC976E06D118C2 SHA-256: C6081A16CB8F93FDDE4645C113A27CBEC39A5F89E52356A8B260425678783734 SHA-512: 0ED456A72D7C1754E7EA7CD5BE2280DB23957A3107A362E2B905CCF4091A13000A791A137A390CDD9E195B5772A488898B8FD9037B0680D6D36684BE129937C8 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/protocol/img/zaps/zap-16.fe39cc0d310d.svg
Copyright null 2021 Page 35 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\zap-16.fe39cc0d310d[1].svg Preview:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Edge[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 11004 Entropy (8bit): 7.938351001240865 Encrypted: false SSDEEP: 192:wHGMybOMvKRZhUOhv30dSQ6NCDfdVv7HqWKw8CxwVE3bZX:wmAdZhUSv3YyGVv/b8KwVo MD5: D666A5613A6300B940300F93E78A3D62 SHA1: 6ABAF534C46B416F7472B6D4801BF791E7C906FB SHA-256: 1421D289378C5B372D0939645432DB8EA3FD9402D8850A47A68A1BA7F7FAEC77 SHA-512: 2612097C7DE37C2AB6B5B73AD55C6C2406053FA8A7A9084010B98A3E9A671FC37E32240362CF242C78AC8891FD52B1D6C86E4BBD6CCDE799EB32FEAEF2F0A70 5 Malicious: false Reputation: low IE Cache URL: https://img1.wsimg.com/wrhs/browser-deprecation-warning/Edge.png Preview: .PNG...... IHDR...... >a...*.IDATx^.}..]Wy...... n.dK^...... 1..2...... b....{. 3....c..fB...T..!)....L..2v...... U.eKj-.V.[...... :...-.%...>.=*...... g.+...7.}.4S=G...p..x..c.;Z..`5@...... Z.l.....t....{..VE.....?...... */{..a.#'.d...... s..o..Ab[.c.+.%}1..<...... D..\....u..e.k...9u.3..\....2.w.p&` ..../.*.I.E..,l...... fz...... 0.r...5.k.j...... ,.N..}.6...... E....)...`.y.m...... p..x..g;...... =..%..x ...KA..R./?_.{.A.W.R...... &.4.k6..j...5...%Mf=3"p.,:3k...... ,.;.O...-Y..%P*/..].[..{.v...GnZ..s...... r....=. ..d ..`..rW...H [email protected]...... W.}....o...dx....l..M.w..q@.#D...... \..t.DH.{p.{.]..= .E."...8.>.8=B.,.y.I....S?p..-..~..;.../..2..)~...... U....uX.0....eMv],.`.....P...$O.h..,r...... %.}...?...e.W...`.UO|.M....Ldq7..80=..9.u...UB.....)i...D.1d"pb.,...D....!A.d(....?t..[..|.+...... [email protected]...... {...1...... !..."AD.B<..t..=.k.q.....M....W..._a.c~.#...... S...&B/...s....W ..- ....q....`..e."..*..S..5...._...`...40.C...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\RC06d86346b2344149b1d3099494726fe4-source.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 7500 Entropy (8bit): 5.227377078214428 Encrypted: false SSDEEP: 96:MBB9J27VCkUbTh7MC0o3c1KOfamD8FQnfIrz9g7Hd:MBfwVCky708Fy MD5: 8A4D562E91E8160A853592D8774240FC SHA1: 7F7F935EB8333940590B5E50F3F0B123BB5A6DDF SHA-256: 36552ED583832F9ACF9E833F30751D7C48F44123A580FA769D85BCB97CF8514C SHA-512: 7E22679AC857DF552D9D260CA4A3C7BBDCDB959A01F4546968D56ED8063AE3FE6A461F164A79DB526B51C836FB05778813146EB34EA80B261E58109C331CDD41 Malicious: false Reputation: low IE Cache URL: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649ac20bb7ce/RC06d86346b2344149b1d3099494726fe4-source.min.js Preview: // For license information, see `https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649ac20bb7ce/RC06d86346b2344149b1d3099494726fe4-source.js`.._sa tellite.__registerScript('https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649ac20bb7ce/RC06d86346b2344149b1d3099494726fe4-source.min.js', "null! =window.wdgtagging&&(window.wdgtagging.jsll=window.wdgtagging.jsll||{},function(e,u,r){u.lineage={main_sel:\"MAIN\",zone_id:\"a3\",sec_custom_sel:\"\",grp_custo m_sel:\"\",pnl_custom_sel:\"\",subpnl_custom_sel:\"\",exclude_sec_sel:\"\"},r.isDebug=!1,u.lineageSetupCounter=1,\"1\"===r.readCookie(\"debug\")?r.isDebug=r.rea dCookie(\"debug\"):-1 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\RC12afffb085e841c58e32a09f2bc541ae-source.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 22082 Entropy (8bit): 5.2251963579539416 Encrypted: false SSDEEP: 384:vlm7bnREokoYZbcx/+Df31GKP66fT3EFkXJEJUJMJeLDIL:vgvnREokoYZgwDzi6fIFk5l6AUL MD5: 78154927A57F064982E99A5C9C37F03B SHA1: 7A2060BB9BB1BE47A3777141B216C218C16E69E8 SHA-256: 73EF1E93332A73C51A271EA1814DB099C482DC6C76BBDC61601230C6816FC53B SHA-512: B00A56F66DA40D46369ECEA947EF95C01A0F18A3864589C6177D838904ABD9FCABEEAB24C29015427763E0B37718B59632E065E2C729700FA2DA98695C788A74 Malicious: false Reputation: low IE Cache URL: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649ac20bb7ce/RC12afffb085e841c58e32a09f2bc541ae-source.min.js Copyright null 2021 Page 36 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\RC12afffb085e841c58e32a09f2bc541ae-source.min[1].js Preview: // For license information, see `https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649ac20bb7ce/RC12afffb085e841c58e32a09f2bc541ae-source.js`.._satellite.__ registerScript('https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649ac20bb7ce/RC12afffb085e841c58e32a09f2bc541ae-source.min.js', "null!=window.wd gtagging&&null!=window.wdgtagging.jsll&&function(t,m,b){window.location.hostname,window.location.pathname;var e,n,r,a=location.pathname,o=_satellite.getVar(\"Cu rrentSiteData\");m.tagMSStoreBehavior=function(){return\"PARTNERREFERRAL\"},m.isMicrosoftStore=function(t){return t.attr(\"href\").match(/microsoftstore/i)||t.attr(\"href \").match(/microsoft\\.com/i)&&(t.attr(\"href\").match(/\\/store/i)||t.attr(\"href\").match(/\\/p\\//i))&&!t.attr(\"href\").match(/\\/fwlink\\/p\\//i)},m.tagChooseContentType=function(t) {return 0 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\RC5e0d5bc731054fcea71fe7aa80260204-source.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 5151 Entropy (8bit): 5.240077187486443 Encrypted: false SSDEEP: 96:BU9JBBiU9PRkACIxl/+vYh1nt1W8+SnZLNDdmQNMKr0cbW55SnXs:BU9JB8U92MxhN+SnZLNDdjNMKr0cbW5R MD5: 00E213A9F00CA569BDDB43740083FCCB SHA1: DE73BC5A857ECC496FC7DC0ECFA516E55E88538C SHA-256: 1E94BC1B32D25B5BB3C3712AF11D39323B595AF4AEC4F0FB432AEC5536B04103 SHA-512: 958F9DF7C1B9985CAD37EFFC07E06704A1236AD02A623037CD053E8EFE47F8991EACD97FCF0359B46B21CCF65F78562BCA87D88D3DD9941266240BE46086A879 Malicious: false Reputation: low IE Cache URL: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649ac20bb7ce/RC5e0d5bc731054fcea71fe7aa80260204-source.min.js Preview: // For license information, see `https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649ac20bb7ce/RC5e0d5bc731054fcea71fe7aa80260204-source.js`.._satellite.__ registerScript('https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649ac20bb7ce/RC5e0d5bc731054fcea71fe7aa80260204-source.min.js', "null!=window.wd gtagging&&(window.wdgtagging.jsll=window.wdgtagging.jsll||{},function(t,a,i,n){location.pathname;var e,o,d,c,m,s={main_sel:\"#mainContent>DIV\",zone_id:\"a3\",s ec_custom_sel:\"[data-sec],.fullbleed\",grp_custom_sel:\".m-hero,.mosaic-container,.m-hero-item,[id^='ContentBlockList_'],[data-grid='container'],.gameSection,.featuredga mes,[id^='ContentBlockList_'] > div,section.m-feature,.m-content-placement,[role='dialog'],.multi-combobox,fieldset.c-radio,#questionnarie .c-checkbox,#questionnarie>div, #faq,#mwf-common-prefooter\",pnl_custom_sel:\".m-global-promotion,.m-product-placement-item,.m-panes-product-placement-item,section.f-stacked,.m-content-placeme nt-item,section.m-feature,.m-c C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\RC8d5bac65318549848ccec8ca785d9818-source.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 1017 Entropy (8bit): 5.342531898655358 Encrypted: false SSDEEP: 24:Dk/S/Wct/Buk/S/QU9lDMx93sHpQzb12vRxVvRHy6IrBAuwuPn/:Dxt/BucB93sSb1gx7Hy6cBbJ MD5: B014CE257C74863D81949701EEC9FD05 SHA1: 2C45D2C3B2E8908120D910A3AD9B59435EB49878 SHA-256: 0A2658B01EE301E382A3BD7748E462D1F0C0D50FF36359E8A433AF72A9CA8E61 SHA-512: F3BB0C06AF7267A1DFD6A14BDEC1368858904ABB5023124940639D9DE064535EE52C068ACEF5F02F9AD100BCE8C259851A12C72EE26C6B25F468EAB14B7DAD C7 Malicious: false Reputation: low IE Cache URL: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649ac20bb7ce/RC8d5bac65318549848ccec8ca785d9818-source.min.js Preview: // For license information, see `https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649ac20bb7ce/RC8d5bac65318549848ccec8ca785d9818-source.js`.._sa tellite.__registerScript('https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649ac20bb7ce/RC8d5bac65318549848ccec8ca785d9818-source.min.js', "null! =window.wdgtagging&&null!=window.wdgtagging.jsll&&function(t,g,i){window.location.pathname.match(/\\/en-us\\/edge\\/?$/i)&&i(document).on(\"mousedown\",\".custom- overlay-table, .mse14-overlay-edgetable\",function(t){try{var a=i(this);if(a.attr({\"data-bi-name\":a.attr(\"class\"),\"data-module-id\":\"set\",\"data-bi-area\":\"body\",\"data-bi- id\":\"custom-overlay-table-close-background\"}),i(t.target).parents(\".custom-table-wrap\").length||i(t.target).parents(\".custom-wrap\").length)return;var e=\"CL\";if(3===t.wh ich||2===t.button)return;var n={actionType:e};awa.ct.capturePageAction(this,n)}catch(o){g.debugLog(\"Exp overlay tagging error: \"+o)}})}(window.wdgtagging,wind ow.wdgtagging.util,w C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\RCccc398bde8404c43bd6b4a109bd8bfbc-source.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 1285 Entropy (8bit): 5.264804895962383 Encrypted: false SSDEEP: 24:Dk34vect/Buk34vmd+9mwTahWFR9fSZ8USZ8vSZ8DSZ8cSZzSZXSZ7SZhTKVwuGu:DP9t/BuPmVJhWDtSnSGSGSjS1SBSlSTQ MD5: 44A1CCCB57DBAF3DCCA122A2D33F783F SHA1: 7D1A404E1C0F553359DE30628DC19096AFF618C9 SHA-256: A9A59A373BB53696830F1E9A768091C3DA11FB0071F565351F328C8E61AD9FB2 SHA-512: AE03B6E7EC5B564D126DE550F80A2E2B2A21D107AB738F73E053FEB9F737D4E129D28F7979A8B2860D038E6264934AA6B9E3AFAB3B9901FE42C021FB606D096 D Malicious: false Copyright null 2021 Page 37 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\RCccc398bde8404c43bd6b4a109bd8bfbc-source.min[1].js Reputation: low IE Cache URL: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649ac20bb7ce/RCccc398bde8404c43bd6b4a109bd8bfbc-source.min.js Preview: // For license information, see `https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649ac20bb7ce/RCccc398bde8404c43bd6b4a109bd8bfbc-source.js`.._satellite.__ registerScript('https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/649ac20bb7ce/RCccc398bde8404c43bd6b4a109bd8bfbc-source.min.js', "window.location .pathname.match(/\\/edge\\/uninstall\\/?/gi)&&null!=window.wdgtagging&&null!=window.wdgtagging.jsll&&(window.wdgtagging.data=window.wdgtagging.data||{},function (n,a,t,e){e(document).on(\"mousedown\",\"#questionnarie button[name='btntellus']\",function(){var n=\"\",a=\"\";0 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ai.0[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 96705 Entropy (8bit): 5.228470338380378 Encrypted: false SSDEEP: 1536:EVpXOWPGHRGUvJEzxPNLgyLuG6XV3yV/QtJ+j1YeO4PFWYit:EVoWPGHRGUvJEzxOMQV3yV/ERaNWYit MD5: 1DD63DE72CF1F702324245441844BE13 SHA1: 58A8BDCDCB398AF7DB424357DF70DF18E7B30E9D SHA-256: 5201C813C37A4168CC5C20C701D4391FD0A55625F97EB9F263A74FB52B52FD0E SHA-512: 532D1E907B433AB97785CF632D9637A957152BAF0BA57879C856CBAA469BFFECA22C4F99485679539944B27068D39E70F7D44282594F999142454DA57329A11B Malicious: false Reputation: low IE Cache URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js Preview: "use strict";var AI,Microsoft,__extends=this&&this.__extends||function(){var i=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||functi on(e,t){for(var n in t)t.hasOwnProperty(n)&&(e[n]=t[n])};return function(e,t){function n(){this.constructor=e}i(e,t),e.prototype=null===t?Object.create(t):(n.prototype=t. prototype,new n)}}();function _endsWith(e,t){var n=e.length,i=n-t.length;return e.substring(0<=i?i:0,n)===t}!function(e){e.ApplicationInsights||(e.ApplicationInsights={})} (Microsoft||(Microsoft={})),function(e){var t;t=function n(){},(e.Telemetry||(e.Telemetry={})).Base=t}(Microsoft||(Microsoft={})),function(e){var t;t=function n(){this.ver=1,this. sampleRate=100,this.tags={}},(e.Telemetry||(e.Telemetry={})).Envelope=t}(Microsoft||(Microsoft={})),function(e){var t;(t=e.ApplicationInsights||(e.ApplicationInsights={}) ).Context||(t.Context={})}(Microsoft||(Microsoft={})),function(e){var t;(t=e.ApplicationInsights||(e.ApplicationInsights={})).Context||(t.Co C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\black.180e8cf7ea9e[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 1637 Entropy (8bit): 4.061688919431878 Encrypted: false SSDEEP: 48:rnawk9VKZlCHK3lm2UNU52/mQIowSCmSZ5ZB+fP1:mJ9qyKFcRDWnZMH1 MD5: 180E8CF7EA9E0A381B7B2C44E13FBE68 SHA1: C99CD61B0EC2161117F2EF4C14AABD2CC2204502 SHA-256: 2D7263960C6067A8EDE4F1FF8F0D85D33A51C04080C96BD2BD4731DAEA814F4C SHA-512: 6C8B3729E019B1ECA6C85C5CC3F9A8F287BF3A15972DDA5580100F71FE3BC9133FD73B994ED817B91E90DD29CDC157FD76CF2DDD86A3CCDCBA36CC8BBA3E0 6D8 Copyright null 2021 Page 38 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\black.180e8cf7ea9e[1].svg Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/protocol/img/icons/social/instagram/black.180e8cf7ea9e.svg Preview: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\close.73e5756fc7ce[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 383 Entropy (8bit): 4.76377104873034 Encrypted: false SSDEEP: 6:tnrwNhy/i3mc4slE4easKMwmqZDdGoawXq9/1Z0RIgTblVyRItIroEVNC:trwNSi33eaxMwh7XqnjgTi87 MD5: 73E5756FC7CE98E0B4794BF6494AC363 SHA1: 48CD53CEFB65E3F25214D1B2C17E63D314574048 SHA-256: 8E7FA1D23C05DE55B93FB1B89D0BBC0E9A1D336E6D7984FB88EC1B040316B2DE SHA-512: A4CA68DA658AFC7A17F7A52A60C5215D1EBA43E9E6BDE8070A12B58D757BF0FE2AA1F076559C0E37F47AE7759CD2EFAF3514A35B5CD2AA3A2448253418A2067 7 Malicious: false Copyright null 2021 Page 39 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\close.73e5756fc7ce[1].svg Reputation: low IE Cache URL: https://www.mozilla.org/media/protocol/img/icons/close.73e5756fc7ce.svg Preview: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\common.3eee9164c538[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines, with no line terminators Category: downloaded Size (bytes): 121551 Entropy (8bit): 5.317690764679733 Encrypted: false SSDEEP: 1536:oLMNEiAld3FgdYXVZxCtVaYQvXa6KswzR4nW3R6wF1pE92Wv0dGXHXUgMrr34YXP:EIzR4nW3DOf04X3UHXHXRZ7TPj0tpbK MD5: 3EEE9164C538B5DFB14E03C130E838F7 SHA1: 54AD8EAB33EFEF8DE3AA27F3F006498FA1BE3690 SHA-256: E8AC6BB1AC2043A54E48BCB926DB7E851E06C054E66C6801081B9E982E96E427 SHA-512: FB76E94815AB7068CD4EF2CC792778C335CAB6DBA7E57ACE6974BECBBCB8B12B6C41C91BC068B7FA9DB689718E37C88A12C2B0A16D5F45421613783BE1B81C 2E Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/js/BUNDLES/common.3eee9164c538.js Preview: if(function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Er ror("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(S,e){"use strict";function m(e){return null!=e&&e===e.w indow}var t=[],k=S.document,i=Object.getPrototypeOf,s=t.slice,g=t.concat,u=t.push,o=t.indexOf,n={},r=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y= {},x=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var i,o,r=(n=n||k).createElement("s cript");if(r.text=e,t)for(i in c)(o=t[i]||t.getAttribute&&t.getAttribute(i))&&r.setAttribute(i,o);n.head.appendChild(r).parentNode.removeChild(r)}function w(e){return null==e?e+"": "object"==typeof e||"function"==typeof e?n[r.call(e)]||"object":typeof e}var f="3.4.1",C=function(e,t){return new C.fn.init(e,t)},d=/^[\s\uFEFF\xA0]+|[\s\uFEFF\ C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\devices.837eed3af485[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 483x491, frames 3 Category: downloaded Size (bytes): 23894 Entropy (8bit): 7.928578642153703 Encrypted: false SSDEEP: 384:Vi/cuN6ypxeAo0eZh2AZV4nJwUQP7ss9+oxlJ05ljTzJTGQRmR1Nr:VUFIAo0eZQFk2oJ05lXzl5C MD5: 837EED3AF485135269994F9EE61222BA SHA1: E2580B21EA8067C279530C11A75E3F5E803A31B5 SHA-256: C3B7B4A31BDB5DC8ABBC45F96918A15A6FF4206F868EB685BA37005DADDE5FAB SHA-512: A99E0D8F3B39F5EC5363337171726C1E4EE445B72C831D9B6F2E8B16B178FBB1EE4850438F1F116D11FCEF5B59FD6785421E549289856CAB2168331036EB1C45 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/firefox/new/desktop/devices.837eed3af485.jpg Preview: ...... JFIF...... C...... $.' ",#..(7),01444.'9=82<.342...C...... 2!.!22222222222222222222222222222222222222222222222222...... GV...... +.)...... L.....9...... O:...... '...... `...... |...... `...... |...g...... q.=....XZ>.u...... O...... @..Lb...h.y...... A>|z...... 2...@\"T...... E.2...34.}<...... >=a..x..e..q..el.L.|.@...... 6yy}][email protected]&..}<...... >=Q...*.*.P.P...P.*...~ *.*p.....`...... b...$H.2...%.$H.".I.$H."D..$T..V..*J8C;.}<...... >=..)..$H."D..$T.(.R...*H."D..&kL.fIU.T.PT.p.wh.y...... A>|z+:S.$H."D..*H."QREI..A"D....>m3.&e...... *T...... O:...... '.EgKt.I.$H."D....$T.R...... "|.O/'..t..jT.*T.p~wh.y...... A>|z;:[.$H.RD..$H.H.".J.P."...p.._.e.o..e.*T.*.N....O:...... '.GgLt.I.$T C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\etp.7eb15e0dc639[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 230 x 138, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 3552 Entropy (8bit): 7.927513440485425 Encrypted: false SSDEEP: 96:8olrZxjYmn164qFITuUlugqGtotlT67qtyDeC+IwT0Hx9s:hlrHsmn44HTuUogOi7eh0R2 MD5: 7EB15E0DC6399AAD09385D418F5FE8B9 SHA1: 7F6DE0D3054F1FD4E880F21862BA04FB0F1B8409 SHA-256: 0A80B738CEA53848E048EF05E9DCE5E2700BEEB16CC11F8AC97F5E65FB17A82B SHA-512: D9B8A5A70EB5100ABECC62F3702EA682B0AC6681362CFDBBE1573EF38C0BD43611F046BE94F954C06267010043FC3054DB64FDD16222C8EA47CDC4EAA80D415 D Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/firefox/new/desktop/ie8/etp.7eb15e0dc639.png Copyright null 2021 Page 40 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\etp.7eb15e0dc639[1].png Preview: .PNG...... IHDR...... PLTE...... uB.Y*...... tA.g6.s?.V&...... Z+....[...... wF...... sd...... ~|...... ^0...... yJ.{O...gI....xm...... ^...... {u.|x...... Q....}U.c...^6...... Z.]2.a<....vj...... _.f....r.|[email protected]...... k.xF.e9.h.~....eE....lT.uh.....m.xQ.sL.h=.w. ..jO.q_...... w...s.zI.z.kA...~.e3.n...... o.n?.pH.w\..}..n...... IDATx..._.G.....l6%[email protected].)7.%.R..P)..Q...... z.Zk/.....u....;...?...x|?o.73...Od.XR.u.wF...q...DD..b...;.x..[...... u...... |...... #8">W..U..>O..h.]=...|.^...n+.,08.C.u..z.q.L...C...P..ay`.o...... %.l0xZ:.:...`....."Z....+.Gzk...Cn".20.C...?.80.....y.&0...O..-qQB.]@]...... N.?B...... {..V.l..W.....5...g~.. ."...2F.. .P..T.....7a..e...Yr$.A\..-.u.`...... R{\v.x.b.'..).(....b..h.`,.M.,.j...e.L.#z.Y.]~...?.y. C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\favicon-196x196.59e3822720be[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 196 x 196, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 8050 Entropy (8bit): 7.907796996416949 Encrypted: false SSDEEP: 192:4YrZU6AhtZF+g9uEg64W8ACAvQ1aO+ZDLPZNa+00:jkGgu+8yvXOePRY/0 MD5: 59E3822720BEDCC45CA5E6E6D3220EA9 SHA1: 8DAF0EB5833154557561C419B5E44BBC6DCC70EE SHA-256: 1D58E7AF9C848AE3AE30C795A16732D6EBC72D216A8E63078CF4EFDE4BEB3805 SHA-512: 5BACB3BE51244E724295E58314392A8111E9CAB064C59F477B37B50D9B2A2EA5F4277700D493E031E60311EF0157BBD1EB2008D88EA22D880E5612CFD085DA6D Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/favicons/firefox/browser/favicon-196x196.59e3822720be.png Preview: .PNG...... IHDR...... x~Y....PLTE.....?..>..~.N\..C..w..q..q..r..9..o..r..E..E.z9..E..D..H..r..{..q.}8..H..r..G.=...E..q.."..C..G..E..8..H.....7.TK..1.,`..8..;..E.9..i..Z5.]C..8.=.._ V..9.~R..E.;...7.M..;.A..C?.J;.=B.O8..J..B..F..l.5G.T6..gY9..2L..>.\0.8E..E.;..b-.0Q..F..q..9.i(.....;....W3.9...6..b..[...... 3..H...... p$../...... B...+..#.....).E...I.v"..H.>...J.._..:..:..:.. A.~6.Y...HmZ.6...9t\.hW...A..9..6.x4ZA...&^P...6|[.bT.ZK...J..B..L..2.j6..6....U..H...K..5Y<..W..Q.`5...2..C.b8..2.L...MlK.}%...7.>..Z9.q8..3l0.YF...ceE..p2.{.|S...Ff2..*S..Oo9.t*. ..Q..P.M.D.3.e<...1.8...Q.e2sQ.'..2...i..o.D.<.s@.+..{S..Z.#X.M..sU.2..XX..\yD.B..<.|J./..D[.jV.5...e.,c.aX..J../....:`..%\7...:.,..5Z.O..r.+...)zC...T.UA.r..U.=.UL.e...Q.[.l?..... Uc..^.D..Q..Ns.~..-..h...ew.sb.e.-..H..?..7..,.h...:tRNS.....,....AAz.t]\E.^..(...... }.J...w..M..3....IDATx...A...... n.+K....O5S..].....>.'.....[...BMc.pnB,7\l.Z!...)....(.0t.....b.>[.C.B ...#...._...J...1-.. C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\firefox_new_desktop_join_modal.69e5ca482b50[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 2559 Entropy (8bit): 5.222806194857365 Encrypted: false SSDEEP: 48:8R93VQXz2kEtjg+wYKcxRyn+XVqtEoBfRufqtQSEFBt9A+6Ln:GQBEhg9M7XVqTBfRYqIBfANj MD5: 69E5CA482B50150841F7127E64CA88F3 SHA1: 05BAD3DB65A13B75BFFD8270916EB87586BDEA28 SHA-256: D4BD2280A280E56CAECFE71BB1503CFB3EC81A2D5623582248EA0FD80B3663B4 SHA-512: 01D72E4EADC9DCA91FD14A432AC9A379273BE3209B68AEA283BB2ED54F9EF8D8C50AC53FE70A9B1B00C100F36DE606A9F93840FB24AE8D16AD5855E1DED9B 5C6 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/js/BUNDLES/firefox_new_desktop_join_modal.69e5ca482b50.js Preview: if(void 0===Mzp)var Mzp={};!function(){"use strict";var r,s,m,u={},p=!1,v=document.body,f=document.documentElement,z={};u.createModal=function(e,o,t){z=t;var n= window.innerWidth<760;p&&u.closeModal();var a=z&&z.title?z.title:"",i=z&&z.className?z.className:"",l=z&&z.closeText?z.closeText:"",c=' C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\icon-privacy-promise.eee1662acb03[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 3991 Entropy (8bit): 4.986519310279732 Encrypted: false SSDEEP: 48:n5HJH0GHQKHjFfz39oWyfANXRZiHJ2fw74S/6eKqd/OMHJsZ2iV++pVMSqd/OVHF:5DQKJZPEMWuaISROMH5ROVQk MD5: EEE1662ACB03543A9A24B25903FCF8E9 SHA1: 46F6E2300D4FEAD760620F55A25AEB1E7AC0382E SHA-256: 0E3E64B31E3CF5018358042F8AAFEE2F4351970BFFBD6F03E48747BCB6AEFABE SHA-512: DA7C1D9C2642CDF4678F993BE3ACA9728714A3D31561C99FD0161A6C69068404161883BAFDF2DF3B24325876A23708D09DF9B669167EF52999CAE1D4AC3C99C5 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/nav/icons/icon-privacy-promise.eee1662acb03.svg Copyright null 2021 Page 41 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\icon-privacy-promise.eee1662acb03[1].svg Preview: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\lock.b92c7e55bd98[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 64 x 64, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 1023 Entropy (8bit): 7.655517385258993 Encrypted: false SSDEEP: 24:q8V0uArhbB5RPNWBf8Tall0CSxaG9Cv8gxVEs87GSK:q8ohbB5RA8TaH0CuovVfYGb MD5: B92C7E55BD98670D7A415035F7F3F538 SHA1: 03E81C9855FE38702AD36865F8B1B4DC5B04A645 SHA-256: 92A536C2F69D02DF7F7EF18D312A91827C61A3220392A45437D53B2AC5708259 SHA-512: CA3AAE24FD2CDF91C904F44B0D1D240C7F4DAC6871F7D45160FB3F721A7095FFECD7F4DE0E00D344813C53A4F8F66A0894801C19CCDF01FE330543B0729DBBE A Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/firefox/new/desktop/ie8/lock.b92c7e55bd98.png Preview: .PNG...... IHDR...@...@...... [email protected]>.m....I.K.p..x..Y...... X.s...... zG...... O....k.^.T...... }J....y...... u.f.xD...... b...... |...... x.i...... |..m...... /...... IDATX...S.P.....X.P..L.eZij...... [email protected]?-...'....~..-.J...... t.4.V!.....I...... "...6{.0..C&A.....f.2y..i..s.Tp[.6....X.R._g =eUuY.4...<;=.....%.N...7>.....0~...b.|.n%0...lte`._p.w_.'L.?.Y..c.w.4q....b..#...#?\P...{.9...... >.\.=.EG.-.b9."...... ?.d....)....c C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\logo-safari.2a116a2615e2[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 190 x 190, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 52440 Entropy (8bit): 7.9927698496494655 Encrypted: true SSDEEP: 1536:VZ1/Zuqo/auea05aEibrpZxkqFc/r85FBz6z:BUaXaSqnkqFcUBC MD5: 2A116A2615E2A2C11AE20F49D747358D SHA1: FDC1F0126D2AF5F1A62FFBE6F7D1FBBD5F36A516 SHA-256: 74898A4C506CFA540A8EA8D6BCF2D3B7754AA156FA8AD1A07748966E1734CCE6 SHA-512: 066387801665A0582B3A547F7C3C5915A3916A8BCB7526E1EDFF56336D091FBC37F92E7F2B77509806907355FDC34EB57D0C2A1135405360979C34DBE21894F4 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/logos/safari/logo-safari.2a116a2615e2.png Preview: .PNG...... IHDR...... t...... tEXtSoftware.Adobe ImageReadyq.e<...zIDATx..}.`...wg...^...M1.B...86.....GH.I.K....B ` !..p..cz.....m.J...m...3....,.S..kI[fg.~...+...... M|v.>.u...B.x <...... N.....+..eYx..g....>..K/5.1.a..;?...C.+.&D..\x....c.....HIIA$.A8.F.E..\>.}...~...Fss...u.].].v.C..)....7n\!=^...... Y.'O..d.>|8...C...... ~....|.v...pNNN...... o7..[...6.s../_~...ugmm.n:.. ...E..sN..>..q...... t.|.....S..)--.B..y.e.....&.]A.e0.]O..=.;.....O<.D...... ZV.}... . Ah.."|....^...... >:.;...... RO...... *.~...gj...1...F..:.]...>no.Xr..ew..%+W.l\.r..a.P.....]oDUp....h....~z.} .`.....q...m..AT...w...[o.$...... (...9...0a...&N.8..3...=<._..P.V...... }...t_.g..l..q.?.C.....u.~C...... ?..7rD{}.....w.1i.]Z|$.g.....H....Q...y...... t.u...C.Z...... _.....r.-..De.p?....Eq9...... 4.+h.. G.CJ..-d!....{0,..?.O....C.o.i>...[$9..-.Do.0.=.{q..}..._.d...-.9sfp.M...?...3.5|.7.._...... C.G...... B...X...4vX..ja{S...$..G.D.;$Z...... !..,}....C@ C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\logo-word-hor-xs.c87882e8c93c[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 260 x 48, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 4044 Entropy (8bit): 7.843815284411972 Encrypted: false SSDEEP: 96:DUEG793lPqwfoHa/HyqqQtMaydTPKWV45qtp+c2jOFjmeGMe:DbqnqwA6/ShQ7yFPKWV4A+cfKeu MD5: C87882E8C93C8E8ADD46662736A179CF SHA1: DA977CA2D10451B0D27848DE9357B46C5A29DD64 SHA-256: D35436542A3513095A794C175C1DB8062E5263E7061E4298614444808089D834 SHA-512: 8F1C0EC7BE73446EE30A3CC23DB0AA4E2A35E9AB6146551A06D7734C899AEEFD304EE93083EB697DC481A67B69854018A3F46B78810B2CF890A2C72FB4A6C94 A Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/protocol/img/logos/firefox/browser/logo-word-hor-xs.c87882e8c93c.png Copyright null 2021 Page 42 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\logo-word-hor-xs.c87882e8c93c[1].png Preview: .PNG...... IHDR...... 0...... J.7....PLTE... .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .:.aq..p .:..=..0..F..H..z..<..n..o..A..s ..I..9..=..1..o..H..H..j.<..q.....D..H.l?.....p..q....l7..q..9.4V..K.L:..D.6d..K..I..J.GA.0O.:...N.tX.q%.V4..S..$..J..6..E.....D.q%.Q..:.8..T^..o.:...Q.b[..B..E.:./. .:.7F.W4.J;.F=.N9Y:..R6. [email protected].;D..:..h.^0....<..d-.=B.4J..>..:.j)....A...L..G.w6..5.s#ZF...H.."....V..:.eT...Z.#X..5..+..'.}....u[.7.k1...P..F..E..=..;.k6....Z.G.\P...^..M..G..9k[.hD...I. a7..4....Q..C.D.C.5.uD.`9...f..Y..P..L..I..:..6../uP.S.}'...8.M..F.D.4.|2.i<..|..Io.Z.VZ.+Q.gP.TO..<.+..\..:..y.`x.m.8^.Q.M..0..+.o.uV.EU.SB.b.x.5..v..Ib..O.k.g..e|.Zp.ok.Y93"..... wtRNS...... [email protected].#.|^.iW.'..7.../...4$..5.l#.....F...K...... A...... ~J...... }kgdZ...... sb`E8.Dd.....IDATh..Ih.Q...d...I3..&1ImliM....H...... @IJ...ZI C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\logo.eb1324e44442[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 10572 Entropy (8bit): 4.846546938265641 Encrypted: false SSDEEP: 192:y2FQvZHHevKPTWFw9aemD3dbsoM/6X6P+XCDhaemlFTdQoaemDY:yEQvZHHeyPK7emrdeI8cemlhCemk MD5: EB1324E44442D41CC447BF257456D257 SHA1: 293439DEC5A12C2E15302018F9D930251D8CE2A4 SHA-256: F3DD297EE9EF486E0563BEEA279318CEDC69980CB808747197CD42A311A2BA50 SHA-512: 861947BD4AB5ABC9E7BD8A52D86D47C3F9AC9F3B610FF1C9CA38CA3E73766717D2E3814208BAE3CEDD0B87DA6861B13AB6E8B09B98408AA8CCD7D631C51262 74 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/protocol/img/logos/firefox/browser/logo.eb1324e44442.svg Preview: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\mobile-arrow.66d0fad85ca6[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 1411 Entropy (8bit): 5.197055574653359 Encrypted: false SSDEEP: 24:t4LPfX6GGEP5bJZXygFgrDQlXDQns9GxDQEXDQo1IXm1GItxMyMKBArMKR5lk0y+:+HXt9BfekMs9G3b1I21Gv/S3hk MD5: 66D0FAD85CA6F7899B7E5D111B9B7D7E SHA1: 9B13B0FAD5245D856F8D1B958AD02D2EC2557BC6 SHA-256: 25DD3F1FF4889E994DE131E0F5216E869EAF91A80B486FDF0593B9554E4D838E SHA-512: 1DBC5D75384B8D8F21CDA7AFD4CE0450AE583770CF7AD531AF4EF3DEC9592F91A64EB0E5611DA8B301F9EE2B859575A0514060410AF429E88E3A05121EF02048 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/firefox/new/desktop/mobile-arrow.66d0fad85ca6.svg Preview: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\oval-left.b9983179f7a7[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 426 Entropy (8bit): 4.9122760160620675 Encrypted: false SSDEEP: 12:trJF/qIHog2C5UTjnbNcPPJ4Mq5xfAxxMwem:ttxqAD2C5UTTxcPeYxxMwem MD5: B9983179F7A7AF8A2F0E5BC508140AA3 SHA1: 3714F7D066E03AC2FC24FCB7025555D6EAB9F6A4 SHA-256: 9B7D4967EE9163B17E27B2F3B0200D96B9790BFEFD021688612135FEA5A67305 SHA-512: 949037F931722E6182820D652F34E84D4F6DEA38F8410ACAB141C65E9A284B4A942D29F245DF2F24ACCF2F7D6A1EFF09C91EB27684BF962C3E2790F794EB67D7 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/firefox/new/desktop/mobile/oval-left.b9983179f7a7.svg Preview: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\pocket.f21f7a5dedba[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 426 Entropy (8bit): 4.650869241250668 Encrypted: false SSDEEP: 12:trwdnlKIT6ZO54tvx5WQPV/rZtHSoEep/ceL/rkKWAion:tYY6OO4leQ13HSoDRcqdXiC MD5: F21F7A5DEDBA662641EA771D23702F5C SHA1: 35499458E44B95E610C8960BE24FFAAE05C9D0F0 SHA-256: D1B8F4345A5F07AA6BCBE615C9A2D2BF6AE09E851C0B7A7BC32421DD6A7F3E8D SHA-512: 4E586EFCA3E4888902B9109CC8305471022D771BF3CAFA38AE8F6CC153C981B7C102115550BA9FCF6E606D94880A0F0278273221C5887B2B0D3F1F2B072B0C1D Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/protocol/img/logos/pocket/pocket.f21f7a5dedba.svg Copyright null 2021 Page 44 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\pocket.f21f7a5dedba[1].svg Preview: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\privacy.6600d165965f[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 32 x 32, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 678 Entropy (8bit): 7.378355016170778 Encrypted: false SSDEEP: 12:6v/7sYkxDiiUN6D0mkS2wYA7saXS3uECj71f9d3OMSNbMooPss9h1qyT1MBNDL4A:h9xFW6D0G2w8HCj71f/OAls01qoeNDU2 MD5: 6600D165965F2DDAD05F8455C332FD74 SHA1: 35082BA2E80B68057415CACDDB52A1258564B208 SHA-256: 297751AAD941FE4DF052ABF60E663DA6C0BE385F723E73920B5517954324FE4B SHA-512: 3AAD91773EF7EC575F48CB377FEDB75484CEAE5B2B2199EE7B636C31A6E2182B26C41FC88077F729B5A2E8EC6B2279C17F837B284179455E7B0D0D5F8679DBD C Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/firefox/new/desktop/ie8/privacy.6600d165965f.png Preview: .PNG...... IHDR...... D...... PLTE....Y.vA.W.u?.....^...... yE.}J.....x....q..\..[...... c..`...... V....M..w.|F.m._.Y.xB.R.N...... w..k..j..h..f...... |.d...... u..t...... T...`.u.0W..._IDAT8..QUv.0...bNl...9)3...R.r.../..<....3...KN...SiYN.<...^E. E...f...f...1..&S.T.. D...... `&...... `....#..aqh...t.(...+...%US.b>....P..vO....MP .I..&.6..X...*"...F."[email protected]<....]in....I.{....B'.e...K`Ri5.|V...$..;6&V`..8. .HY.....gDL...qSeK.>....{.R [email protected]./d,..,.<...P. BR6 .`.i....~..//.6...... IEND.B`. C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\rect-one.26a762a93b9a[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 426 Entropy (8bit): 4.885737961759744 Encrypted: false SSDEEP: 12:trstXODR09I0bs75BDISuyFJ2p4xPzd9jB9MxME:toteDRsFQt1IlWJBrjTMxME MD5: 26A762A93B9A7AFE529C86DE26A0B999 SHA1: 1D902A331DDC5A3AF174095EA0E68BCEB2FC8035 SHA-256: 649616FA3BC9D3ADB4A90EE316033ABB3E54A9ACF0DE53FA48F999F67B81B408 SHA-512: 67B1D4F4415AAB9DEFEBE32D94CA4DB3D8D7FB5162DB26E334E51A36E4113F061F655C54EA2710520C4ACD3D0E144961DFD648D27D059A8C36BCA5E2EE9802 28 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/firefox/new/desktop/features/rect-one.26a762a93b9a.svg Preview: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\search.9a8494844596[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 32 x 32, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 519 Entropy (8bit): 7.538512816365613 Encrypted: false SSDEEP: 12:6v/7svRlvhrFH8QFXxXXnSXo1+wy2H5kvyhoJjD8qE2Aps1vIBpNi1:hvlFHzFXxHnmo1+yYv8e2nLNi1 MD5: 9A84948445966D3E5C4917B584CF25B9 SHA1: 80D3ADDC36D8DB564586402A88C7DB68460DECF5 SHA-256: 42CAFAF6769AA120534A19B2F63750674469FC9CF4B00A30D563079264F5F583 SHA-512: 63F8DDBA9CFF5591204ACAF8EE5FFC805BE60CDC62458994553C272B70692AE6E41DD47D794B807DA892642FEBABC1EE232A29B0EF2FA15C5B8622E7C572A2 28 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/firefox/new/desktop/ie8/search.9a8494844596.png Preview: .PNG...... IHDR...... D...... [email protected]...... {J...... l..O...... \...... V...... |K...... |.t.i.d...... w._!.....>IDAT8...r.0..-...... m...*...P...... Z.+K.3...... W..U'...~.e=.oR]..K..!.C.1....P...:...YU.w...Y.b..mU@6.....~ Copyright null 2021 Page 45 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\sentry.d4a49ae2b9e1[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 57718 Entropy (8bit): 5.222970930870903 Encrypted: false SSDEEP: 768:b1OODWUvfUNFV7td6BdAj8vNiCOoghSUSgWU/DDf8jbs+KvLXuzpjOBf6vMm5gyD:b1OOq1NFV7td6PInCOnhDD/4pah6jSC MD5: D4A49AE2B9E152D261A658571A169220 SHA1: 2D101D7C2EAF632EC1F37A68747CF2EBFAB3DBD5 SHA-256: 62071B7D1DACFB476E19B506E4FBAF0A6DDE9E2D3AAA2A10A2F38EB2C9D262CF SHA-512: B2EE2DA176C534FABD9E2919AB6EBD8B1C6DFC397E262658F2271D3C38A75AEAD877760DD7F1EBD1C07F39E52D61A746E3CD30448842E9F24E02C6F24302AB 70 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/js/BUNDLES/sentry.d4a49ae2b9e1.js Preview: var Sentry=function(c){var r=function(t,e){return(r=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}||function(t,e){for(var n in e)e.ha sOwnProperty(n)&&(t[n]=e[n])})(t,e)};function t(t,e){function n(){this.constructor=t}r(t,e),t.prototype=null===e?Object.create(e):(n.prototype=e.prototype,new n)}var e,n, o,i,a,s,l=function(){return(l=Object.assign||function(t){for(var e,n=1,r=arguments.length;n Static File Info No static file info Network Behavior Network Port Distribution Total Packets: 99 • 53 (DNS) • 443 (HTTPS) TCP Packets Timestamp Source Port Dest Port Source IP Dest IP Jan 21, 2021 18:02:36.317620039 CET 49731 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:36.317646027 CET 49732 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:36.524887085 CET 443 49731 44.236.48.31 192.168.2.3 Jan 21, 2021 18:02:36.524955034 CET 49731 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:36.527184010 CET 443 49732 44.236.48.31 192.168.2.3 Jan 21, 2021 18:02:36.527246952 CET 49732 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:36.536046982 CET 49731 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:36.537405968 CET 49732 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:36.740689039 CET 443 49731 44.236.48.31 192.168.2.3 Copyright null 2021 Page 46 of 54 Timestamp Source Port Dest Port Source IP Dest IP Jan 21, 2021 18:02:36.743508101 CET 443 49732 44.236.48.31 192.168.2.3 Jan 21, 2021 18:02:36.743818998 CET 443 49731 44.236.48.31 192.168.2.3 Jan 21, 2021 18:02:36.743846893 CET 443 49731 44.236.48.31 192.168.2.3 Jan 21, 2021 18:02:36.743860006 CET 443 49731 44.236.48.31 192.168.2.3 Jan 21, 2021 18:02:36.743897915 CET 49731 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:36.743918896 CET 49731 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:36.754592896 CET 49731 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:36.755065918 CET 49731 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:36.755923033 CET 49731 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:36.809832096 CET 443 49732 44.236.48.31 192.168.2.3 Jan 21, 2021 18:02:36.809899092 CET 443 49732 44.236.48.31 192.168.2.3 Jan 21, 2021 18:02:36.809917927 CET 49732 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:36.809938908 CET 443 49732 44.236.48.31 192.168.2.3 Jan 21, 2021 18:02:36.809953928 CET 49732 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:36.809988976 CET 49732 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:36.813267946 CET 49732 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:36.813760996 CET 49732 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:36.959604025 CET 443 49731 44.236.48.31 192.168.2.3 Jan 21, 2021 18:02:36.959659100 CET 443 49731 44.236.48.31 192.168.2.3 Jan 21, 2021 18:02:36.959706068 CET 49731 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:36.959728003 CET 49731 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:36.959988117 CET 443 49731 44.236.48.31 192.168.2.3 Jan 21, 2021 18:02:36.960062027 CET 49731 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:36.960783005 CET 49731 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:36.961921930 CET 443 49731 44.236.48.31 192.168.2.3 Jan 21, 2021 18:02:36.961971045 CET 443 49731 44.236.48.31 192.168.2.3 Jan 21, 2021 18:02:36.962044954 CET 49731 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:37.019959927 CET 443 49732 44.236.48.31 192.168.2.3 Jan 21, 2021 18:02:37.020009041 CET 443 49732 44.236.48.31 192.168.2.3 Jan 21, 2021 18:02:37.020046949 CET 443 49732 44.236.48.31 192.168.2.3 Jan 21, 2021 18:02:37.020083904 CET 443 49732 44.236.48.31 192.168.2.3 Jan 21, 2021 18:02:37.020113945 CET 49732 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:37.020137072 CET 49732 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:37.021560907 CET 49732 443 192.168.2.3 44.236.48.31 Jan 21, 2021 18:02:37.041089058 CET 49735 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.041865110 CET 49736 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.085402966 CET 443 49735 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.085465908 CET 443 49736 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.085525990 CET 49735 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.085597038 CET 49736 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.086688995 CET 49735 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.086762905 CET 49736 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.130500078 CET 443 49736 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.130562067 CET 443 49736 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.130599976 CET 443 49736 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.130650997 CET 443 49736 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.130737066 CET 443 49735 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.130736113 CET 49736 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.130763054 CET 49736 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.130806923 CET 443 49735 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.130861998 CET 443 49735 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.130867004 CET 49735 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.130907059 CET 49735 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.130913019 CET 443 49735 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.130958080 CET 49735 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.132527113 CET 443 49736 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.133229017 CET 49736 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.133306026 CET 443 49735 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.133377075 CET 49735 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.144658089 CET 49736 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.144695044 CET 49736 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.146800041 CET 49736 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.148165941 CET 49735 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.148518085 CET 49735 443 192.168.2.3 143.204.6.224 Copyright null 2021 Page 47 of 54 Timestamp Source Port Dest Port Source IP Dest IP Jan 21, 2021 18:02:37.188234091 CET 443 49736 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.188290119 CET 443 49736 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.188400984 CET 443 49736 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.188445091 CET 443 49736 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.188540936 CET 49736 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.188601971 CET 49736 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.189421892 CET 49736 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.190196991 CET 443 49736 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.192039967 CET 443 49736 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.192090988 CET 443 49735 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.192408085 CET 443 49735 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.192481041 CET 443 49735 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.192599058 CET 49735 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.192846060 CET 443 49735 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.192903996 CET 49735 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.193526983 CET 49736 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.199333906 CET 49735 443 192.168.2.3 143.204.6.224 Jan 21, 2021 18:02:37.211136103 CET 443 49731 44.236.48.31 192.168.2.3 Jan 21, 2021 18:02:37.233136892 CET 443 49736 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.244324923 CET 443 49735 143.204.6.224 192.168.2.3 Jan 21, 2021 18:02:37.270001888 CET 443 49732 44.236.48.31 192.168.2.3 Jan 21, 2021 18:02:41.972174883 CET 49764 443 192.168.2.3 152.199.21.175 Jan 21, 2021 18:02:41.972637892 CET 49765 443 192.168.2.3 152.199.21.175 Jan 21, 2021 18:02:42.012144089 CET 443 49764 152.199.21.175 192.168.2.3 Jan 21, 2021 18:02:42.012300968 CET 49764 443 192.168.2.3 152.199.21.175 Jan 21, 2021 18:02:42.012900114 CET 443 49765 152.199.21.175 192.168.2.3 Jan 21, 2021 18:02:42.012985945 CET 49764 443 192.168.2.3 152.199.21.175 UDP Packets Timestamp Source Port Dest Port Source IP Dest IP Jan 21, 2021 18:02:10.585525990 CET 65110 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:10.634691000 CET 53 65110 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:11.700196981 CET 58361 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:11.756618977 CET 53 58361 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:12.505641937 CET 63492 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:12.556389093 CET 53 63492 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:13.564234972 CET 60831 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:13.615154028 CET 53 60831 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:14.413063049 CET 60100 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:14.463896036 CET 53 60100 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:15.152029991 CET 53195 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:15.210798979 CET 53 53195 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:15.405826092 CET 50141 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:15.456540108 CET 53 50141 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:16.186964035 CET 53023 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:16.246022940 CET 53 53023 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:16.333648920 CET 49563 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:16.375296116 CET 51352 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:16.381481886 CET 53 49563 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:16.478719950 CET 53 51352 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:17.116488934 CET 59349 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:17.164355040 CET 53 59349 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:18.057624102 CET 57084 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:18.105561018 CET 53 57084 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:18.970765114 CET 58823 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:18.984688997 CET 57568 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:19.029160023 CET 53 58823 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:19.042516947 CET 53 57568 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:19.379002094 CET 50540 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:19.429694891 CET 53 50540 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:20.314954996 CET 54366 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:20.371459007 CET 53 54366 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:32.305783033 CET 53034 53 192.168.2.3 8.8.8.8 Copyright null 2021 Page 48 of 54 Timestamp Source Port Dest Port Source IP Dest IP Jan 21, 2021 18:02:32.362195015 CET 53 53034 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:35.722759008 CET 57762 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:35.790110111 CET 53 57762 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:36.253984928 CET 55435 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:36.309989929 CET 53 55435 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:36.381531954 CET 50713 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:36.434576035 CET 53 50713 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:36.974806070 CET 56132 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:37.037631989 CET 53 56132 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:37.482481003 CET 58987 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:37.551922083 CET 53 58987 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:38.068269014 CET 56579 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:38.126214981 CET 53 56579 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:38.922060966 CET 60633 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:38.979809046 CET 53 60633 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:38.998497963 CET 61292 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:39.000194073 CET 63619 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:39.003014088 CET 64938 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:39.015014887 CET 61946 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:39.054625034 CET 53 61292 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:39.057523966 CET 53 63619 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:39.060261011 CET 53 64938 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:39.070046902 CET 64910 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:39.074265957 CET 53 61946 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:39.083944082 CET 52123 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:39.127737045 CET 53 64910 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:39.144638062 CET 53 52123 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:40.643008947 CET 56130 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:40.704106092 CET 53 56130 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:41.899622917 CET 56338 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:41.959327936 CET 53 56338 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:43.217122078 CET 59420 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:43.273454905 CET 53 59420 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:44.603874922 CET 58784 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:44.676126957 CET 53 58784 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:45.675070047 CET 63978 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:45.722943068 CET 53 63978 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:45.825253963 CET 62938 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:45.875930071 CET 53 62938 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:46.474467039 CET 55708 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:46.532668114 CET 53 55708 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:46.712755919 CET 63978 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:46.760804892 CET 53 63978 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:46.832463026 CET 62938 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:46.885143042 CET 53 62938 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:47.879401922 CET 62938 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:47.885282993 CET 63978 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:47.930341005 CET 53 62938 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:47.933073997 CET 53 63978 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:49.892182112 CET 62938 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:49.892348051 CET 63978 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:49.940445900 CET 53 63978 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:49.943803072 CET 53 62938 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:53.374032974 CET 56803 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:53.422056913 CET 53 56803 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:53.909466982 CET 62938 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:53.909508944 CET 63978 53 192.168.2.3 8.8.8.8 Jan 21, 2021 18:02:53.958374023 CET 53 63978 8.8.8.8 192.168.2.3 Jan 21, 2021 18:02:53.960982084 CET 53 62938 8.8.8.8 192.168.2.3 DNS Queries Timestamp Source IP Dest IP Trans ID OP Code Name Type Class Copyright null 2021 Page 49 of 54 Timestamp Source IP Dest IP Trans ID OP Code Name Type Class Jan 21, 2021 18:02:16.186964035 CET 192.168.2.3 8.8.8.8 0x1c64 Standard query www.godadd A (IP address) IN (0x0001) (0) y.com Jan 21, 2021 18:02:16.375296116 CET 192.168.2.3 8.8.8.8 0xf43a Standard query ch.godaddy.com A (IP address) IN (0x0001) (0) Jan 21, 2021 18:02:18.970765114 CET 192.168.2.3 8.8.8.8 0x7603 Standard query img6.wsimg.com A (IP address) IN (0x0001) (0) Jan 21, 2021 18:02:18.984688997 CET 192.168.2.3 8.8.8.8 0x7acd Standard query img1.wsimg.com A (IP address) IN (0x0001) (0) Jan 21, 2021 18:02:32.305783033 CET 192.168.2.3 8.8.8.8 0x3038 Standard query img6.wsimg.com A (IP address) IN (0x0001) (0) Jan 21, 2021 18:02:36.253984928 CET 192.168.2.3 8.8.8.8 0xac64 Standard query firefox.com A (IP address) IN (0x0001) (0) Jan 21, 2021 18:02:36.974806070 CET 192.168.2.3 8.8.8.8 0x4fa5 Standard query www.firefox.com A (IP address) IN (0x0001) (0) Jan 21, 2021 18:02:38.922060966 CET 192.168.2.3 8.8.8.8 0x6f81 Standard query assets.ado A (IP address) IN (0x0001) (0) bedtm.com Jan 21, 2021 18:02:38.998497963 CET 192.168.2.3 8.8.8.8 0x746d Standard query ajax.aspne A (IP address) IN (0x0001) (0) tcdn.com Jan 21, 2021 18:02:43.217122078 CET 192.168.2.3 8.8.8.8 0xf7cc Standard query dc.service A (IP address) IN (0x0001) (0) s.visualst udio.com DNS Answers Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Jan 21, 2021 8.8.8.8 192.168.2.3 0x1c64 No error (0) www.godadd wildcard- CNAME IN (0x0001) 18:02:16.246022940 y.com ipv6.godaddy.com.edgek (Canonical CET ey.net name) Jan 21, 2021 8.8.8.8 192.168.2.3 0xf43a No error (0) ch.godaddy.com wildcard- CNAME IN (0x0001) 18:02:16.478719950 ipv6.godaddy.com.edgek (Canonical CET ey.net name) Jan 21, 2021 8.8.8.8 192.168.2.3 0x7603 No error (0) img6.wsimg.com global- CNAME IN (0x0001) 18:02:19.029160023 wildcard.wsimg.com.edge (Canonical CET key.net name) Jan 21, 2021 8.8.8.8 192.168.2.3 0x7acd No error (0) img1.wsimg.com global- CNAME IN (0x0001) 18:02:19.042516947 wildcard.wsimg.com.edge (Canonical CET key.net name) Jan 21, 2021 8.8.8.8 192.168.2.3 0x3038 No error (0) img6.wsimg.com global- CNAME IN (0x0001) 18:02:32.362195015 wildcard.wsimg.com.edge (Canonical CET key.net name) Jan 21, 2021 8.8.8.8 192.168.2.3 0xac64 No error (0) firefox.com 44.236.48.31 A (IP address) IN (0x0001) 18:02:36.309989929 CET Jan 21, 2021 8.8.8.8 192.168.2.3 0xac64 No error (0) firefox.com 44.236.72.93 A (IP address) IN (0x0001) 18:02:36.309989929 CET Jan 21, 2021 8.8.8.8 192.168.2.3 0xac64 No error (0) firefox.com 44.235.246.155 A (IP address) IN (0x0001) 18:02:36.309989929 CET Jan 21, 2021 8.8.8.8 192.168.2.3 0x4fa5 No error (0) www.firefox.com fxc-prod.moz.works CNAME IN (0x0001) 18:02:37.037631989 (Canonical CET name) Jan 21, 2021 8.8.8.8 192.168.2.3 0x4fa5 No error (0) fxc-prod.m dzlgdtxcws9pb.cloudfront. CNAME IN (0x0001) 18:02:37.037631989 oz.works net (Canonical CET name) Jan 21, 2021 8.8.8.8 192.168.2.3 0x4fa5 No error (0) dzlgdtxcws 143.204.6.224 A (IP address) IN (0x0001) 18:02:37.037631989 9pb.cloudf CET ront.net Jan 21, 2021 8.8.8.8 192.168.2.3 0x6f81 No error (0) assets.ado cn- CNAME IN (0x0001) 18:02:38.979809046 bedtm.com assets.adobedtm.com.ed (Canonical CET gekey.net name) Jan 21, 2021 8.8.8.8 192.168.2.3 0x746d No error (0) ajax.aspne mscomajax.vo.msecnd.ne CNAME IN (0x0001) 18:02:39.054625034 tcdn.com t (Canonical CET name) Jan 21, 2021 8.8.8.8 192.168.2.3 0x572 No error (0) consentdel star-azurefd- CNAME IN (0x0001) 18:02:39.074265957 iveryfd.az prod.trafficmanager.net (Canonical CET urefd.net name) Jan 21, 2021 8.8.8.8 192.168.2.3 0xbdc7 No error (0) sni1gl.wpc 152.199.21.175 A (IP address) IN (0x0001) 18:02:41.959327936 .gammacdn.net CET Jan 21, 2021 8.8.8.8 192.168.2.3 0xf7cc No error (0) dc.service dc.applicationinsights.mic CNAME IN (0x0001) 18:02:43.273454905 s.visualst rosoft.com (Canonical CET udio.com name) Jan 21, 2021 8.8.8.8 192.168.2.3 0xf7cc No error (0) dc.applica global.in.ai.monitor.azure. CNAME IN (0x0001) 18:02:43.273454905 tioninsigh com (Canonical CET ts.azure.com name) Copyright null 2021 Page 50 of 54 Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Jan 21, 2021 8.8.8.8 192.168.2.3 0xf7cc No error (0) global.in. global.in.ai.privatelink.mo CNAME IN (0x0001) 18:02:43.273454905 ai.monitor nitor.azure.com (Canonical CET .azure.com name) Jan 21, 2021 8.8.8.8 192.168.2.3 0xf7cc No error (0) global.in. dc.trafficmanager.net CNAME IN (0x0001) 18:02:43.273454905 ai.private (Canonical CET link.monit name) or.azure.com HTTPS Packets Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Jan 21, 2021 44.236.48.31 443 192.168.2.3 49731 CN=firefox.com CN=R3, CN=R3, O=Let's Sat Dec Fri Mar 771,49196- 9e10692f1b7f78228b2d4e 18:02:36.743846893 O=Let's Encrypt, C=US Encrypt, C=US 12 12 49195-49200- 424db3a98c CET CN=DST Root CA X3, 00:09:44 00:09:44 49199-49188- O=Digital Signature CET CET 49187-49192- Trust Co. 2020 2021 49191-49162- Wed Oct Wed 49161-49172- 07 Sep 29 49171-157-156- 21:21:40 21:21:40 61-60-53-47- CEST CEST 10,0-10-11-13- 2020 2021 35-16-23-24- 65281,29-23- CN=R3, O=Let's Encrypt, CN=DST Root CA X3, Wed Oct Wed 24,0 C=US O=Digital Signature 07 Sep 29 Trust Co. 21:21:40 21:21:40 CEST CEST 2020 2021 Jan 21, 2021 44.236.48.31 443 192.168.2.3 49732 CN=firefox.com CN=R3, CN=R3, O=Let's Sat Dec Fri Mar 771,49196- 9e10692f1b7f78228b2d4e 18:02:36.809899092 O=Let's Encrypt, C=US Encrypt, C=US 12 12 49195-49200- 424db3a98c CET CN=DST Root CA X3, 00:09:44 00:09:44 49199-49188- O=Digital Signature CET CET 49187-49192- Trust Co. 2020 2021 49191-49162- Wed Oct Wed 49161-49172- 07 Sep 29 49171-157-156- 21:21:40 21:21:40 61-60-53-47- CEST CEST 10,0-10-11-13- 2020 2021 35-16-23-24- 65281,29-23- CN=R3, O=Let's Encrypt, CN=DST Root CA X3, Wed Oct Wed 24,0 C=US O=Digital Signature 07 Sep 29 Trust Co. 21:21:40 21:21:40 CEST CEST 2020 2021 Jan 21, 2021 143.204.6.224 443 192.168.2.3 49736 CN=www.firefox.com CN=Amazon, Wed Sat Jul 771,49196- 9e10692f1b7f78228b2d4e 18:02:37.132527113 CN=Amazon, OU=Server CA OU=Server CA 1B, Jun 24 24 49195-49200- 424db3a98c CET 1B, O=Amazon, C=US O=Amazon, C=US 02:00:00 14:00:00 49199-49188- CN=Amazon Root CA 1, CN=Amazon Root CA CEST CEST 49187-49192- O=Amazon, C=US 1, O=Amazon, C=US 2020 2021 49191-49162- CN=Starfield Services Root CN=Starfield Services Thu Oct Sun Oct 49161-49172- Certificate Authority - G2, Root Certificate 22 19 49171-157-156- O="Starfield Technologies, Authority - G2, 02:00:00 02:00:00 61-60-53-47- Inc.", L=Scottsdale, O="Starfield CEST CEST 10,0-10-11-13- ST=Arizona, C=US Technologies, Inc.", 2015 2025 35-16-23-24- L=Scottsdale, Mon Thu Dec 65281,29-23- ST=Arizona, C=US May 25 31 24,0 OU=Starfield Class 2 14:00:00 02:00:00 Certification Authority, CEST CET O="Starfield 2015 2037 Technologies, Inc.", Wed Wed C=US Sep 02 Jun 28 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CA CN=Amazon Root CA Thu Oct Sun Oct 1B, O=Amazon, C=US 1, O=Amazon, C=US 22 19 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Services Mon Thu Dec O=Amazon, C=US Root Certificate May 25 31 Authority - G2, 14:00:00 02:00:00 O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Authority, Sep 02 Jun 28 O="Starfield Technologies, O="Starfield 02:00:00 19:39:16 Inc.", L=Scottsdale, Technologies, Inc.", CEST CEST ST=Arizona, C=US C=US 2009 2034 Copyright null 2021 Page 51 of 54 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Jan 21, 2021 143.204.6.224 443 192.168.2.3 49735 CN=www.firefox.com CN=Amazon, Wed Sat Jul 771,49196- 9e10692f1b7f78228b2d4e 18:02:37.133306026 CN=Amazon, OU=Server CA OU=Server CA 1B, Jun 24 24 49195-49200- 424db3a98c CET 1B, O=Amazon, C=US O=Amazon, C=US 02:00:00 14:00:00 49199-49188- CN=Amazon Root CA 1, CN=Amazon Root CA CEST CEST 49187-49192- O=Amazon, C=US 1, O=Amazon, C=US 2020 2021 49191-49162- CN=Starfield Services Root CN=Starfield Services Thu Oct Sun Oct 49161-49172- Certificate Authority - G2, Root Certificate 22 19 49171-157-156- O="Starfield Technologies, Authority - G2, 02:00:00 02:00:00 61-60-53-47- Inc.", L=Scottsdale, O="Starfield CEST CEST 10,0-10-11-13- ST=Arizona, C=US Technologies, Inc.", 2015 2025 35-16-23-24- L=Scottsdale, Mon Thu Dec 65281,29-23- ST=Arizona, C=US May 25 31 24,0 OU=Starfield Class 2 14:00:00 02:00:00 Certification Authority, CEST CET O="Starfield 2015 2037 Technologies, Inc.", Wed Wed C=US Sep 02 Jun 28 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CA CN=Amazon Root CA Thu Oct Sun Oct 1B, O=Amazon, C=US 1, O=Amazon, C=US 22 19 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Services Mon Thu Dec O=Amazon, C=US Root Certificate May 25 31 Authority - G2, 14:00:00 02:00:00 O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Authority, Sep 02 Jun 28 O="Starfield Technologies, O="Starfield 02:00:00 19:39:16 Inc.", L=Scottsdale, Technologies, Inc.", CEST CEST ST=Arizona, C=US C=US 2009 2034 Jan 21, 2021 152.199.21.175 443 192.168.2.3 49764 CN=sni1e6ffgl.wpc.edgecast CN=DigiCert SHA2 Thu Apr Thu Apr 771,49196- 9e10692f1b7f78228b2d4e 18:02:42.053858042 cdn.net, OU=SecOps, Secure Server CA, 16 21 49195-49200- 424db3a98c CET O="Verizon Digital Media O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- Services, Inc.", L=Los CN=DigiCert Global CEST CEST 49187-49192- Angeles, ST=California, Root CA, 2020 Fri 2022 49191-49162- C=US CN=DigiCert SHA2 OU=www.digicert.com, Mar 08 Wed 49161-49172- Secure Server CA, O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- O=DigiCert Inc, C=US CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Jan 21, 2021 152.199.21.175 443 192.168.2.3 49765 CN=sni1e6ffgl.wpc.edgecast CN=DigiCert SHA2 Thu Apr Thu Apr 771,49196- 9e10692f1b7f78228b2d4e 18:02:42.058423042 cdn.net, OU=SecOps, Secure Server CA, 16 21 49195-49200- 424db3a98c CET O="Verizon Digital Media O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- Services, Inc.", L=Los CN=DigiCert Global CEST CEST 49187-49192- Angeles, ST=California, Root CA, 2020 Fri 2022 49191-49162- C=US CN=DigiCert SHA2 OU=www.digicert.com, Mar 08 Wed 49161-49172- Secure Server CA, O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- O=DigiCert Inc, C=US CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Code Manipulations Statistics Behavior Copyright null 2021 Page 52 of 54 • iexplore.exe • iexplore.exe Click to jump to process System Behavior Analysis Process: iexplore.exe PID: 5972 Parent PID: 792 General Start time: 18:02:14 Start date: 21/01/2021 Path: C:\Program Files\internet explorer\iexplore.exe Wow64 process (32bit): false Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding Imagebase: 0x7ff731bd0000 File size: 823560 bytes MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596 Has elevated privileges: true Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low File Activities Source File Path Access Attributes Options Completion Count Address Symbol Source File Path Offset Length Value Ascii Completion Count Address Symbol Source File Path Offset Length Completion Count Address Symbol Registry Activities Source Key Path Completion Count Address Symbol Source Key Path Name Type Data Completion Count Address Symbol Source Key Path Name Type Old Data New Data Completion Count Address Symbol Analysis Process: iexplore.exe PID: 2592 Parent PID: 5972 Copyright null 2021 Page 53 of 54 General Start time: 18:02:15 Start date: 21/01/2021 Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Wow64 process (32bit): true Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5972 CREDAT:17410 /prefetch:2 Imagebase: 0x1150000 File size: 822536 bytes MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A Has elevated privileges: true Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low File Activities Source File Path Access Attributes Options Completion Count Address Symbol Source File Path Offset Length Value Ascii Completion Count Address Symbol Source File Path Offset Length Completion Count Address Symbol Registry Activities Source Key Path Completion Count Address Symbol Source Key Path Name Type Data Completion Count Address Symbol Source Key Path Name Type Old Data New Data Completion Count Address Symbol Disassembly Copyright null 2021 Page 54 of 54'+a+'< /h2>