Edit tour

Windows Analysis Report
f_171038 (2)

Overview

General Information

Sample name:f_171038 (2)
Analysis ID:1653848
MD5:96d551e70efdfcf85173189d25e2d29c
SHA1:35802b960f6b197c254bae155d1356ee70fa1640
SHA256:2278a5d22e784ff01598068973c7598c6b3cbce88e9b2354a34bf58ea1ac9597
Infos:

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Sigma detected: WScript or CScript Dropper
Creates a process in suspended mode (likely to inject code)
Found WSH timer for Javascript or VBS script (likely evasive script)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • wscript.exe (PID: 6284 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\f_171038 (2).js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
  • OpenWith.exe (PID: 7156 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)
    • firefox.exe (PID: 1560 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\user\Desktop\f_171038 (2).js" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 5320 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\user\Desktop\f_171038 (2).js" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
        • firefox.exe (PID: 1564 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f959d3a-1866-4fd5-998a-1a3104bcceb0} 5320 "\\.\pipe\gecko-crash-server-pipe.5320" 2507026b710 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
        • firefox.exe (PID: 3052 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4024 -parentBuildID 20230927232528 -prefsHandle 4020 -prefMapHandle 4016 -prefsLen 26265 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9832eef8-57dc-4ad5-8303-8197d20dc6a7} 5320 "\\.\pipe\gecko-crash-server-pipe.5320" 250820b3b10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
        • firefox.exe (PID: 1728 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2708 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3428 -prefMapHandle 2528 -prefsLen 33331 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40896e80-eef5-4a65-bf86-7a5f465a3171} 5320 "\\.\pipe\gecko-crash-server-pipe.5320" 2508aaf6510 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No yara matches

System Summary

barindex
Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\f_171038 (2).js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\f_171038 (2).js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4100, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\f_171038 (2).js", ProcessId: 6284, ProcessName: wscript.exe
Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\f_171038 (2).js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\f_171038 (2).js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4100, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\f_171038 (2).js", ProcessId: 6284, ProcessName: wscript.exe
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: f_171038 (2)Virustotal: Detection: 44%Perma Link
Source: f_171038 (2)ReversingLabs: Detection: 37%
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: firefox.exeMemory has grown: Private usage: 1MB later: 240MB
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKLast-Modified: Wed, 12 Mar 2025 04:19:28 GMTETag: 85430baed3398695717b0263807cf97cContent-Length: 453023Accept-Ranges: bytesX-Timestamp: 1741753167.65917Content-Type: application/zipX-Trans-Id: txb1c37318bf954bdd99e1a-0067d45c8ddfw1Cache-Control: public, max-age=114056Expires: Wed, 02 Apr 2025 22:43:54 GMTDate: Tue, 01 Apr 2025 15:02:58 GMTConnection: keep-aliveData Raw: 50 4b 03 04 14 00 00 00 08 00 cd 8d 62 4e d0 b9 df e8 52 e8 06 00 d0 97 0f 00 0f 00 00 00 67 6d 70 6f 70 65 6e 68 32 36 34 2e 64 6c 6c ec bd 0b 7c 14 45 b6 30 de 3d 99 84 49 98 a4 07 8c 18 31 c2 e8 ce ea 34 66 31 71 e3 9a 60 d4 e9 d0 93 f4 e0 04 c2 d3 80 88 71 a3 b9 a0 08 11 27 2b b8 10 08 93 68 2a 6d 7b d9 bb 7a d7 dd 6f 5f ff 7b 77 ef dd e7 c5 bd ee f2 d0 95 cc 24 92 07 28 24 41 21 c0 8a 11 7c 4c 18 81 00 42 26 41 32 ff 73 aa 7b 9e 04 44 64 f7 ff dd ff f7 f1 63 d2 55 d5 55 e7 d4 39 75 ce a9 53 a7 aa bb 4b 16 6c 60 12 18 86 d1 c3 2f 18 64 98 2d 8c fa cf c6 7c f9 bf 00 fc d2 26 be 9e c6 fc 39 f9 9d 9b b6 b0 ce 77 6e 9a b3 78 c9 d3 e6 aa 15 cb ff 69 c5 23 4f 9a 2b 1e 59 b6 6c b9 cb fc dd c7 cc 2b aa 97 99 97 2c 33 8b 33 66 9b 9f 5c fe e8 63 93 53 53 53 2c 1a 8c e9 d2 cf b7 a4 f0 fd fe d0 ef b1 92 cf 8f 4e a4 d7 d3 47 47 d1 eb 99 a3 ff 46 af 27 8f 26 d3 3a 27 fd 4b e0 5a 26 9c 3e 9a 40 af 67 8e de 4d af 9f 1f 4d d7 60 fc 13 fc 2a 84 fe a3 a3 e9 f5 14 bd ce 5a 52 b1 18 ef 85 fa 5e 6a 67 98 47 9f 4b 62 8e 6f 7e 76 61 a8 ac 9f b9 d9 3c 5a 97 c6 31 2e 23 c3 8c 4f a0 65 19 99 a3 19 c6 44 93 eb 58 fc 8b 69 1d c3 24 69 6d 42 57 c6 c3 51 26 be ba c1 04 b7 cb d9 50 a3 d0 e5 c2 bc 9a 2c 4d e4 98 2c a8 bd 3a 89 63 ac d1 cc 2d e5 98 0d 12 5c 9f e5 98 ce 1b e1 fa 2a c7 d4 01 8a ce 2d 69 cc 9c 4b 8c 49 f6 d6 34 86 61 a3 0a 36 18 99 2a dd c5 eb 4f 76 3d b6 d2 05 57 cb d3 46 b5 43 48 bb 3e b6 8e 99 61 ca 27 af 78 f4 11 d7 23 40 66 8d 8e c2 64 d6 c1 75 a5 31 a6 9e 0d fe 4f 56 ab 31 6f 7d 1b 09 84 0e 67 c2 35 90 16 5f cf 33 b9 4a ad 48 69 04 5a 99 69 70 4d e7 2e 84 b7 62 b9 5a 11 86 81 f9 25 dc 47 94 8b 46 aa f7 d8 d2 e5 15 0c e5 11 f2 8a d2 f2 f8 05 f5 0a 2f ce 89 ff 33 ff 71 9b d9 4a af c7 d0 f2 b6 f6 6f de 03 b3 25 f7 67 d9 4e d2 2a 91 7d 12 d9 29 c9 33 0d 4e 25 f1 21 b7 91 71 2a a9 0b e0 e2 eb b8 8b 81 b4 f1 5e 49 9e 6d 90 c8 7e 07 09 f8 36 dd 85 23 e9 7e 2b fb c1 87 17 85 41 d1 7f 12 49 5d 72 03 c7 e4 78 b4 e2 b9 2a 82 3c 49 59 6a c9 96 da ec cc 70 30 18 8c 60 53 ae 4d 40 14 45 f7 8f 66 ea 3d ae 3b 21 cf 40 1e b0 f8 be 0d 45 c4 bb 05 45 bb be a3 fa 9e ad 1b 20 e1 9b 9c 30 1a 6e da 03 12 f1 4a 64 c8 b7 1c 64 d2 7f fd d6 06 bc 75 4d ec 2d 94 71 49 c6 6c 52 8e 07 7a 9a 07 3d 7d a8 a5 72 83 44 e6 58 4c 5a a7 ac 92 f2 78 b6 24 97 04 7c 63 a1 31 d2 63 55 6b 4d e6 26 d6 51 6e 5d ac fe 61 5d 74 fd 68 fa a1 2a d4 b4 21 b9 36 20 37 80 e4 4a 64 af 44 76 4b 4a 22 57 67 64 2a 25 6e 99 07 d2 bf 77 ab e9 f6 4a 6e 69 fb 69 6e 6d 72 9b 40 4d 85 24 27 5a c7 73 8c 04 ec 18 23 29 25 bd c1 52 73 bd a7 3a 09 68 e9 f5 eb 80 14 52 9c 01 ad Data Ascii: PKbNR
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1Host: ciscobinary.openh264.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: shavar.prod.mozaws.net
Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: a19.dscg10.akamai.net
Source: global trafficDNS traffic detected: DNS query: www.facebook.com
Source: global trafficDNS traffic detected: DNS query: www.youtube.com
Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
Source: global trafficDNS traffic detected: DNS query: www.reddit.com
Source: global trafficDNS traffic detected: DNS query: twitter.com
Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: classification engineClassification label: mal52.win@19/17@55/99
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246
Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7156:120:WilError_03
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefox
Source: C:\Windows\System32\OpenWith.exeFile read: C:\Users\desktop.ini
Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: f_171038 (2)Virustotal: Detection: 44%
Source: f_171038 (2)ReversingLabs: Detection: 37%
Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\f_171038 (2).js"
Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\user\Desktop\f_171038 (2).js"
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\user\Desktop\f_171038 (2).js"
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f959d3a-1866-4fd5-998a-1a3104bcceb0} 5320 "\\.\pipe\gecko-crash-server-pipe.5320" 2507026b710 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4024 -parentBuildID 20230927232528 -prefsHandle 4020 -prefMapHandle 4016 -prefsLen 26265 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9832eef8-57dc-4ad5-8303-8197d20dc6a7} 5320 "\\.\pipe\gecko-crash-server-pipe.5320" 250820b3b10 rdd
Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\user\Desktop\f_171038 (2).js"
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\user\Desktop\f_171038 (2).js"
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f959d3a-1866-4fd5-998a-1a3104bcceb0} 5320 "\\.\pipe\gecko-crash-server-pipe.5320" 2507026b710 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4024 -parentBuildID 20230927232528 -prefsHandle 4020 -prefMapHandle 4016 -prefsLen 26265 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9832eef8-57dc-4ad5-8303-8197d20dc6a7} 5320 "\\.\pipe\gecko-crash-server-pipe.5320" 250820b3b10 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2708 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3428 -prefMapHandle 2528 -prefsLen 33331 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40896e80-eef5-4a65-bf86-7a5f465a3171} 5320 "\\.\pipe\gecko-crash-server-pipe.5320" 2508aaf6510 utility
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2708 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3428 -prefMapHandle 2528 -prefsLen 33331 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40896e80-eef5-4a65-bf86-7a5f465a3171} 5320 "\\.\pipe\gecko-crash-server-pipe.5320" 2508aaf6510 utility
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dll
Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exeSection loaded: textshaping.dll
Source: C:\Windows\System32\wscript.exeSection loaded: textinputframework.dll
Source: C:\Windows\System32\wscript.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\wscript.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\wscript.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windowscodecs.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: appresolver.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: slc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: sppc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: tiledatarepository.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepository.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: wtsapi32.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: mrmcorer.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: sxs.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: directmanipulation.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: textshaping.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: netutils.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: pcacli.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: mpr.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: sfc_os.dll
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
Source: C:\Windows\System32\OpenWith.exe TID: 7160Thread sleep count: 123 > 30
Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\user\Desktop\f_171038 (2).js"
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting
Valid AccountsWindows Management Instrumentation1
Scripting
11
Process Injection
1
Masquerading
OS Credential Dumping1
Virtualization/Sandbox Evasion
Remote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading
1
DLL Side-Loading
1
Virtualization/Sandbox Evasion
LSASS Memory1
File and Directory Discovery
Remote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection
11
Process Injection
Security Account Manager12
System Information Discovery
SMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
Ingress Tool Transfer
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Extra Window Memory Injection
LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version

windows-stand
SourceDetectionScannerLabelLink
f_171038 (2)44%VirustotalBrowse
f_171038 (2)38%ReversingLabsScript-JS.Trojan.VexTrio
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
example.org
23.215.0.133
truefalse
    high
    star-mini.c10r.facebook.com
    57.144.180.1
    truefalse
      high
      prod.classify-client.prod.webservices.mozgcp.net
      35.190.72.216
      truefalse
        high
        prod.balrog.prod.cloudops.mozgcp.net
        35.244.181.201
        truefalse
          high
          twitter.com
          162.159.140.229
          truefalse
            high
            prod.detectportal.prod.cloudops.mozgcp.net
            34.107.221.82
            truefalse
              high
              shavar.prod.mozaws.net
              54.213.200.248
              truefalse
                high
                services.addons.mozilla.org
                151.101.193.91
                truefalse
                  high
                  dyna.wikimedia.org
                  208.80.154.224
                  truefalse
                    high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    34.149.100.209
                    truefalse
                      high
                      contile.services.mozilla.com
                      34.117.188.166
                      truefalse
                        high
                        prod.content-signature-chains.prod.webservices.mozgcp.net
                        34.160.144.191
                        truefalse
                          high
                          a19.dscg10.akamai.net
                          23.201.34.174
                          truefalse
                            high
                            youtube-ui.l.google.com
                            142.250.80.78
                            truefalse
                              high
                              reddit.map.fastly.net
                              151.101.65.140
                              truefalse
                                high
                                ipv4only.arpa
                                192.0.0.170
                                truefalse
                                  high
                                  prod.ads.prod.webservices.mozgcp.net
                                  34.117.188.166
                                  truefalse
                                    high
                                    push.services.mozilla.com
                                    34.107.243.93
                                    truefalse
                                      high
                                      telemetry-incoming.r53-2.services.mozilla.com
                                      34.120.208.123
                                      truefalse
                                        high
                                        www.reddit.com
                                        unknown
                                        unknownfalse
                                          high
                                          spocs.getpocket.com
                                          unknown
                                          unknownfalse
                                            high
                                            content-signature-2.cdn.mozilla.net
                                            unknown
                                            unknownfalse
                                              high
                                              firefox.settings.services.mozilla.com
                                              unknown
                                              unknownfalse
                                                high
                                                www.youtube.com
                                                unknown
                                                unknownfalse
                                                  high
                                                  www.facebook.com
                                                  unknown
                                                  unknownfalse
                                                    high
                                                    detectportal.firefox.com
                                                    unknown
                                                    unknownfalse
                                                      high
                                                      shavar.services.mozilla.com
                                                      unknown
                                                      unknownfalse
                                                        high
                                                        www.wikipedia.org
                                                        unknown
                                                        unknownfalse
                                                          high
                                                          NameMaliciousAntivirus DetectionReputation
                                                          http://detectportal.firefox.com/canonical.htmlfalse
                                                            high
                                                            http://detectportal.firefox.com/success.txt?ipv4false
                                                              high
                                                              • No. of IPs < 25%
                                                              • 25% < No. of IPs < 50%
                                                              • 50% < No. of IPs < 75%
                                                              • 75% < No. of IPs
                                                              IPDomainCountryFlagASNASN NameMalicious
                                                              34.149.100.209
                                                              prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                              2686ATGS-MMD-ASUSfalse
                                                              34.107.243.93
                                                              push.services.mozilla.comUnited States
                                                              15169GOOGLEUSfalse
                                                              142.251.40.234
                                                              unknownUnited States
                                                              15169GOOGLEUSfalse
                                                              34.107.221.82
                                                              prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                              15169GOOGLEUSfalse
                                                              54.213.200.248
                                                              shavar.prod.mozaws.netUnited States
                                                              16509AMAZON-02USfalse
                                                              35.244.181.201
                                                              prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                              15169GOOGLEUSfalse
                                                              34.117.188.166
                                                              contile.services.mozilla.comUnited States
                                                              139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                              151.101.193.91
                                                              services.addons.mozilla.orgUnited States
                                                              54113FASTLYUSfalse
                                                              35.190.72.216
                                                              prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                              15169GOOGLEUSfalse
                                                              34.160.144.191
                                                              prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                              2686ATGS-MMD-ASUSfalse
                                                              23.201.34.174
                                                              a19.dscg10.akamai.netUnited States
                                                              16625AKAMAI-ASUSfalse
                                                              34.120.208.123
                                                              telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                              15169GOOGLEUSfalse
                                                              IP
                                                              127.0.0.1
                                                              Joe Sandbox version:42.0.0 Malachite
                                                              Analysis ID:1653848
                                                              Start date and time:2025-04-01 17:00:22 +02:00
                                                              Joe Sandbox product:CloudBasic
                                                              Overall analysis duration:
                                                              Hypervisor based Inspection enabled:false
                                                              Report type:full
                                                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                              Number of analysed new started processes analysed:18
                                                              Number of new started drivers analysed:0
                                                              Number of existing processes analysed:0
                                                              Number of existing drivers analysed:0
                                                              Number of injected processes analysed:0
                                                              Technologies:
                                                              • EGA enabled
                                                              Analysis Mode:stream
                                                              Analysis stop reason:Timeout
                                                              Sample name:f_171038 (2)
                                                              Detection:MAL
                                                              Classification:mal52.win@19/17@55/99
                                                              • Exclude process from analysis (whitelisted): svchost.exe
                                                              • Excluded IPs from analysis (whitelisted): 184.31.69.3, 52.149.20.212
                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                              • Not all processes where analyzed, report is missing behavior information
                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):0
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:C0EC3FD0F6FCEEE42228381FB63D35DC
                                                              SHA1:A7920D0530BA6EAC8594953CE5C82CE57CAF0009
                                                              SHA-256:1F0D90E330098BE1D1C7E0C5B832C6D66F4CDF15CE8446567707DB13BD4222B4
                                                              SHA-512:3B3D53C010DBDA52A47142DD7C60247BE76C3A9F69D535E9540EF8FFAF462E8B6341D43E7E828C1F77162663D591A091F30A91DED9943B4D7C402D5CC9DD6EAC
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:{"type":"uninstall","id":"8140e895-2f7e-40e6-a2d8-f26391e0f16c","creationDate":"2025-04-01T16:45:16.455Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":4,"vendor":"GenuineIntel","name":"I
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):7557
                                                              Entropy (8bit):5.161197869596379
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:C0EC3FD0F6FCEEE42228381FB63D35DC
                                                              SHA1:A7920D0530BA6EAC8594953CE5C82CE57CAF0009
                                                              SHA-256:1F0D90E330098BE1D1C7E0C5B832C6D66F4CDF15CE8446567707DB13BD4222B4
                                                              SHA-512:3B3D53C010DBDA52A47142DD7C60247BE76C3A9F69D535E9540EF8FFAF462E8B6341D43E7E828C1F77162663D591A091F30A91DED9943B4D7C402D5CC9DD6EAC
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:{"type":"uninstall","id":"8140e895-2f7e-40e6-a2d8-f26391e0f16c","creationDate":"2025-04-01T16:45:16.455Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":4,"vendor":"GenuineIntel","name":"I
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.4593089050301797
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:D910AD167F0217587501FDCDB33CC544
                                                              SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                              SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                              SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                              Category:modified
                                                              Size (bytes):453023
                                                              Entropy (8bit):7.997718157581587
                                                              Encrypted:true
                                                              SSDEEP:
                                                              MD5:85430BAED3398695717B0263807CF97C
                                                              SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                              SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                              SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text, with very long lines (5740), with no line terminators
                                                              Category:dropped
                                                              Size (bytes):0
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:7EEF9A7CBD8FCE52562D9CFF501412A4
                                                              SHA1:DEDDB582BE1DF20D91EAB94F31A5745CF950BB34
                                                              SHA-256:3D18A8E7B4B007871EB23364961509CCA6F4954C6BAC6B2F2EAEF4782C387BC7
                                                              SHA-512:47478FE350E5F86FAF2B1FD673A008C2767EF4F236678BD9217FB1052CB365D252B51FF1092F69B5EE6772482FEB531152BCC792EBA92DB9C384DFC28A23DA73
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"9c4f630b-d3dc-4236-9fe2-a1415309e4e4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-06T09:08:30.452Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text, with very long lines (5740), with no line terminators
                                                              Category:dropped
                                                              Size (bytes):5740
                                                              Entropy (8bit):5.0164350826316335
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:7EEF9A7CBD8FCE52562D9CFF501412A4
                                                              SHA1:DEDDB582BE1DF20D91EAB94F31A5745CF950BB34
                                                              SHA-256:3D18A8E7B4B007871EB23364961509CCA6F4954C6BAC6B2F2EAEF4782C387BC7
                                                              SHA-512:47478FE350E5F86FAF2B1FD673A008C2767EF4F236678BD9217FB1052CB365D252B51FF1092F69B5EE6772482FEB531152BCC792EBA92DB9C384DFC28A23DA73
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"9c4f630b-d3dc-4236-9fe2-a1415309e4e4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-06T09:08:30.452Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 27954 bytes
                                                              Category:dropped
                                                              Size (bytes):0
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:0EE1DEA50353EF72B3983D45C0F79672
                                                              SHA1:83A858B3793BD9B1C35A954FA71582F557DDAB01
                                                              SHA-256:76D8DD378010DD3158633286B32FCEE00A63EA8E85EAF2E60A8B8B1F6FD32C87
                                                              SHA-512:D08B7A1C9EBF2C277662EA7314B371EE114153AE8CA840100D9EA053210BD20188CE591CA247C7E541590C6AAD925AD10F84F1AA025ACB2F01BC37B1DBC57EBD
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:mozLz40.2m....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 27954 bytes
                                                              Category:dropped
                                                              Size (bytes):6075
                                                              Entropy (8bit):6.623258976790648
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:0EE1DEA50353EF72B3983D45C0F79672
                                                              SHA1:83A858B3793BD9B1C35A954FA71582F557DDAB01
                                                              SHA-256:76D8DD378010DD3158633286B32FCEE00A63EA8E85EAF2E60A8B8B1F6FD32C87
                                                              SHA-512:D08B7A1C9EBF2C277662EA7314B371EE114153AE8CA840100D9EA053210BD20188CE591CA247C7E541590C6AAD925AD10F84F1AA025ACB2F01BC37B1DBC57EBD
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:mozLz40.2m....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):0
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:{"schema":6,"addons":[]}
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):24
                                                              Entropy (8bit):3.91829583405449
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:{"schema":6,"addons":[]}
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                              Category:dropped
                                                              Size (bytes):0
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                              Category:dropped
                                                              Size (bytes):66
                                                              Entropy (8bit):4.837595020998689
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):0
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:5774E6BEEB8C63A660A4C37E130F7D30
                                                              SHA1:B3F7B89A4A143BA839593F6368822C5E7C0FE20D
                                                              SHA-256:E2C331AEE64E1D381A7D9E579E7EB7236AFDE83239780D18945DE3152602E610
                                                              SHA-512:2F16D11971091141224DFF45721E96E5617CCA12E6EC5AC037770D35251CEC28D8758929474424F01B2BBD6236EDBCE82CD2E20FECE3A95E5C0173E345979E47
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{45005050-3e88-41ad-8766-e52c88f37369}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):36830
                                                              Entropy (8bit):5.187080624303907
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:5774E6BEEB8C63A660A4C37E130F7D30
                                                              SHA1:B3F7B89A4A143BA839593F6368822C5E7C0FE20D
                                                              SHA-256:E2C331AEE64E1D381A7D9E579E7EB7236AFDE83239780D18945DE3152602E610
                                                              SHA-512:2F16D11971091141224DFF45721E96E5617CCA12E6EC5AC037770D35251CEC28D8758929474424F01B2BBD6236EDBCE82CD2E20FECE3A95E5C0173E345979E47
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{45005050-3e88-41ad-8766-e52c88f37369}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                              Category:modified
                                                              Size (bytes):12558
                                                              Entropy (8bit):5.477542615560616
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:CF78A47703D41DFFD8FF83B4CFD80B2B
                                                              SHA1:D68C5C118ED3ABB4BAD1665832C70E197AFB69E3
                                                              SHA-256:8F060011766311350116FADFBBA7758B3A54D567A29143B9F8DEDF9FECB61560
                                                              SHA-512:E1FC95EB5A225E46651804FD4A715CDE0DB0F06787B6B0B0F6D1BE460635C9A2CD4D35BA4576FE9EBDF4F523904B91399C148D77FD5A2364BE7BAFA681B40DC7
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "0dbf219f-4e18-464a-957c-ae336603cdcc");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.lastInstalledTaskVersion", 3);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1743525856);..user_pref("app.update.lastUpdateTime.background-update-timer", 1743525856);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1743525856);..user
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):0
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:5554C31D539A38609B9BF8C3363D3EEF
                                                              SHA1:A7B7D05C8C045E89F2083444E8D36C4962E8077A
                                                              SHA-256:B8A863E3AFF898686F618991ECE9F9FEC971502C211E7B058C2B53ADFF11A7EF
                                                              SHA-512:3FB13E39AD3FC36273AC38EFF8B4F5F19636F94F91CB779A53C876EC9360689B361323489525F059B8BDDD8FD56EEA73AEC3F50903BD466923E77AF8C4E5ED42
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "0dbf219f-4e18-464a-957c-ae336603cdcc");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696583305);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696583311);..user_pref("app.up
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):0
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                              SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                              SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                              SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):90
                                                              Entropy (8bit):4.194538242412464
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                              SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                              SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                              SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 5896 bytes
                                                              Category:dropped
                                                              Size (bytes):0
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:B2960DAC73CB029AC4DC0045DB9811D0
                                                              SHA1:1C40A9B0714DB522AF7719717917FCFFF79A64D4
                                                              SHA-256:3FF722B4C5D37873A4AED20BB9874FB05F7FEC592731CCB881EC2D98D0D322DD
                                                              SHA-512:CC4DB395F2D268FFFC6F223970364A812AC25EE7A1801CBB65BE59C036F7A37D8B9C3A2A5E09D78C671BEF95D4767CE7B919A598360C89CBB7191AF04F0513B0
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"file:///C:/Users/user/Desktop/f_171038%20(2).js","title:."..cacheKey":0,"ID":7,"docshellUU...6"{f67a2d06-d0f7-4413-8f0f-7fb27e850341}","resultPrincipalURI":null,"p....ToInherit_base64_.c\"0\":..`\"moz-6..4...:{39c18103-4fe0-4d87-8f4c-8c9f4530b66f}\"}..0has5..Interact....false,"triggering......3...E..6docIdentifier":8,"persist":true}],"lastAccessed":1743525915332,"hiddey..searchMode...userContextId|..attribut...{},"index":1W..questedI...0,"scroll":{..."0,2847":.3magi....aselect...,"_closedT}.@],"_...C....GroupCount":-1,"busy....chromeFlags":2167541758....dth":1164,"height":891..teenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace....4378c673-0e80-4f61-9fd7-a34963b93441","z=..1...W...e...........:.....g..&.jUpdate...8,"startTim..`824318...centCrash...0},"globa..t},"cook.. ho\..."addons.mozilla.org","valu.. 7cu..*9745a185df1b235fd3ecf9e918cb7cd2b41b705581b7355f517422d41a. pa..p"/","na..`"taarI..bsecur
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 5896 bytes
                                                              Category:dropped
                                                              Size (bytes):1577
                                                              Entropy (8bit):6.3032816320237215
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:B2960DAC73CB029AC4DC0045DB9811D0
                                                              SHA1:1C40A9B0714DB522AF7719717917FCFFF79A64D4
                                                              SHA-256:3FF722B4C5D37873A4AED20BB9874FB05F7FEC592731CCB881EC2D98D0D322DD
                                                              SHA-512:CC4DB395F2D268FFFC6F223970364A812AC25EE7A1801CBB65BE59C036F7A37D8B9C3A2A5E09D78C671BEF95D4767CE7B919A598360C89CBB7191AF04F0513B0
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"file:///C:/Users/user/Desktop/f_171038%20(2).js","title:."..cacheKey":0,"ID":7,"docshellUU...6"{f67a2d06-d0f7-4413-8f0f-7fb27e850341}","resultPrincipalURI":null,"p....ToInherit_base64_.c\"0\":..`\"moz-6..4...:{39c18103-4fe0-4d87-8f4c-8c9f4530b66f}\"}..0has5..Interact....false,"triggering......3...E..6docIdentifier":8,"persist":true}],"lastAccessed":1743525915332,"hiddey..searchMode...userContextId|..attribut...{},"index":1W..questedI...0,"scroll":{..."0,2847":.3magi....aselect...,"_closedT}.@],"_...C....GroupCount":-1,"busy....chromeFlags":2167541758....dth":1164,"height":891..teenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace....4378c673-0e80-4f61-9fd7-a34963b93441","z=..1...W...e...........:.....g..&.jUpdate...8,"startTim..`824318...centCrash...0},"globa..t},"cook.. ho\..."addons.mozilla.org","valu.. 7cu..*9745a185df1b235fd3ecf9e918cb7cd2b41b705581b7355f517422d41a. pa..p"/","na..`"taarI..bsecur
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):0
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:C529F1F1B8B180B5B57F2258F0FBE609
                                                              SHA1:A1E15C15FE20B27537D3CC3895DCB662C8DB26A1
                                                              SHA-256:D49A4F4C29C0F680FA26132CC6309381A129F1DE6EBDC2EF40DAA08E91E60E8C
                                                              SHA-512:00C64F43E3D72F9A7A41CF8F62E0BA2DF5DB86C4A593E7704E21B0472A7ADBA9933C0EFDA719E8BE359F7392C227709CC6B8C806291CEB7077338225BE1A4DF3
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2025-04-01T16:45:15.368Z","profileAgeCreated":1696583300378,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true},"screenshots@mozilla.org":{"version":"39.0.1","type":"extension","isSystem":true,"isWebExt
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3686
                                                              Entropy (8bit):4.979973283571025
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:C529F1F1B8B180B5B57F2258F0FBE609
                                                              SHA1:A1E15C15FE20B27537D3CC3895DCB662C8DB26A1
                                                              SHA-256:D49A4F4C29C0F680FA26132CC6309381A129F1DE6EBDC2EF40DAA08E91E60E8C
                                                              SHA-512:00C64F43E3D72F9A7A41CF8F62E0BA2DF5DB86C4A593E7704E21B0472A7ADBA9933C0EFDA719E8BE359F7392C227709CC6B8C806291CEB7077338225BE1A4DF3
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2025-04-01T16:45:15.368Z","profileAgeCreated":1696583300378,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true},"screenshots@mozilla.org":{"version":"39.0.1","type":"extension","isSystem":true,"isWebExt
                                                              File type:Unicode text, UTF-8 text, with very long lines (64217), with no line terminators
                                                              Entropy (8bit):5.496789004142333
                                                              TrID:
                                                              • Java Script (8502/1) 100.00%
                                                              File name:f_171038 (2)
                                                              File size:82'744 bytes
                                                              MD5:96d551e70efdfcf85173189d25e2d29c
                                                              SHA1:35802b960f6b197c254bae155d1356ee70fa1640
                                                              SHA256:2278a5d22e784ff01598068973c7598c6b3cbce88e9b2354a34bf58ea1ac9597
                                                              SHA512:31117d31d6adb6b38bce8adf7678a388f5e951e5c9a31353d5fc14341c94d990c685a21ce45501f38f342d65d837a4e1f5e2c1435563f284924382ff6823f42b
                                                              SSDEEP:1536:hrWVEqDiMd9gekOZnlqGOHrAAg/KHH9zDir:hiVRGGkOnPOHrAAUIHNir
                                                              TLSH:0583D748BE537235427F20F7656F500A7136AB7EB00959A8B058CCE86EB9C14726BF3D
                                                              File Content Preview:/*! Select2 4.0.13-rc.1 | https://github.com/select2/select2/blob/master/LICENSE.md */!function(a){"function"==typeof define&&define.amd?define(["jquery"],a):"object"==typeof module&&module.exports?module.exports=function(b,c){return void 0===c&&(c="undef
                                                              Icon Hash:68d69b8bb6aa9a86