General Info

URL

http://www.fivestates.com

Full analysis
https://app.any.run/tasks/26017b50-124e-4af2-8819-ff4371bdd8f1
Verdict
Malicious activity
Analysis date
10/9/2019, 18:17:22
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Creates files in the program directory
  • firefox.exe (PID: 2480)
Application launched itself
  • iexplore.exe (PID: 2788)
  • firefox.exe (PID: 2480)
Creates files in the user directory
  • firefox.exe (PID: 2480)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3016)
Changes internet zones settings
  • iexplore.exe (PID: 2788)
Dropped object may contain Bitcoin addresses
  • firefox.exe (PID: 2480)
Manual execution by user
  • firefox.exe (PID: 3560)
Reads CPU info
  • firefox.exe (PID: 2480)
Reads internet explorer settings
  • iexplore.exe (PID: 3016)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
39
Monitored processes
8
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2788
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll

PID
3016
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2788 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\feclient.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll

PID
3560
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe"
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
68.0.1
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
2480
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe"
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
68.0.1
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\psapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\winsta.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\msimg32.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\progra~1\mozill~1\nssckbi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\actxprxy.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe

PID
3664
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2480.0.487248778\426623217" -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2480 "\\.\pipe\gecko-crash-server-pipe.2480" 1180 gpu
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
68.0.1
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll

PID
3040
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2480.3.1691752133\2032609902" -childID 1 -isForBrowser -prefsHandle 1316 -prefMapHandle 1668 -prefsLen 1 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2480 "\\.\pipe\gecko-crash-server-pipe.2480" 1308 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
68.0.1
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

PID
4080
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2480.13.871109866\1847745599" -childID 2 -isForBrowser -prefsHandle 2820 -prefMapHandle 2824 -prefsLen 5996 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2480 "\\.\pipe\gecko-crash-server-pipe.2480" 2836 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
68.0.1
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

PID
2312
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2480.20.1850705635\549936440" -childID 3 -isForBrowser -prefsHandle 3680 -prefMapHandle 3684 -prefsLen 7129 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2480 "\\.\pipe\gecko-crash-server-pipe.2480" 3696 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
68.0.1
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

Registry activity

Total events
771
Read events
721
Write events
50
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3560
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
3CB846D500000000
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{4ED5C74F-EAB0-11E9-9A49-5254004A04AF}
0
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E3070A0003000900100011002600F100
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E3070A0003000900100011002600F100
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070A00030009001000110026009D01
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
9
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070A0003000900100011002600CC01
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
47
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070A00030009001000110026000A02
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
29
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2788
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2480
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Browser
4A6749D500000000
2480
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry
1
2480
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2480
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000093000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000

Files activity

Executable files
0
Suspicious files
90
Text files
54
Unknown types
80

Dropped files

PID
Process
Filename
Type
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3157035957967F798A6800B9224C6AD63C51FB42
image
MD5: 7b2d60e5499178bb5860439d55943b5f
SHA256: 141484cd911e314cb709cf5929bf8561b3dbc07052d9192100a1ecfd543f8b6d
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
binary
MD5: 54ae552c7fb3ffbeb2928b88922eb170
SHA256: 25bb09b9133fed34fcd27029302336c36580496e5deb20646b7034dac846dfd2
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D3635D353B3C159E308DFFA8766B8B6B889B1A19
image
MD5: 4cb0f39b710fb3bdbdbc0053035a911a
SHA256: 5157c4d3b031c9c431b87b0d45d87842e55ae89fcfa359dfe47d37e57d7c89ba
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\08EE34AF3C8FC465ABBD34775EFE2E963075F43A
image
MD5: 9ea605ad184cdfe4a1a665ec6a6f7b51
SHA256: 5350988bf63a52d93de5a819c4569c45251861b12e2dfd39de0005c9c658ccd9
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\ED8F785C4B15800E601EFB52B4BAA98790B58712
image
MD5: dab0f5730e07f25c6e18518266588399
SHA256: a950d6cf182bfa58d43ae79d807b6345b38bf8d3aa92fa97615f16a3fffe5282
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D10915EC1682CE39D6C4E0F94A0FB3A2BD34A0AD
image
MD5: 1ccf616c1e68fe033bd47d0c714352f7
SHA256: 18c6a2fccb0fadd566d85cfa946133cb0bcea1ecaf73062369ca4643d4e61978
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4FA0691988D979415FB056B3D7E9E499D74A776B
image
MD5: 97518a6b35b8b3b42456ecbfcca154e0
SHA256: a6901f656b7db664255d944b97bdf53ac60bea40b7eab14efbde2b15903f0ebe
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\54DA34FE8FA2C542047DAE9216649D712366896E
image
MD5: 8bcc263187f81c7b3b688cbb3328e37d
SHA256: e45c3b31283e38d8b08f2f4a8a97fb4c344515f25cf87114c67f51e8d198dca5
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F8D85F56AEF3E6F7FCAB1BB007ED2D61A80E146F
image
MD5: c2153108cbe9bc79fbf6830522447372
SHA256: d53a297cbcec1a4c0305701674d1dcd77fc1125d06ed35d20123391eb734f1d4
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1CB46AD4467ACBFBEFA62A5456140F55CAE15245
image
MD5: a99ecbfd5144a19fd8ac9ce63062ecb2
SHA256: e6097a989f8e18318bda7178fd05983d6d1b49a5cfd55c4c06f00bb2b8d55409
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CF05E7040D7952D29CCD2FE8A07B32E34841A20F
image
MD5: 01fbc8a60fa28661cc4737894d286725
SHA256: dc587fa5ce4bc502f906dbebc40f196e9125815b56ad98b3735f1830fc8ba8be
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\47187F7A8F4D3EE33231A3FB9BCAB165BF5034D3
woff2
MD5: e57f54cd8abc6f263ab8857f204f51d3
SHA256: a785b6859d001f30990c93f80c2f6fb77b7a7f8327d41658d88b6f5972c95e8d
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4E164385C8BA52BA988C13661E2D098554ABC499
binary
MD5: e36e17c16c87d76c6df2ddab6354a6ef
SHA256: 75fc715cb90e6c77997facafc405a7046d699d82d5dbc8718f7d1e6d2eacf8b3
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F1F3587510BDC20A3E66DFC9B32D60BC545F79B1
woff2
MD5: 634c43d000ebeba43d6fa62d9ab55f38
SHA256: 01866dabf279d06b3321a542dd1747d2e598f03abf1cd72aa4669ee1f4f6c01e
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\32095
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1A1E20BC512FE74FE0E2A5A9B81391815DD3FADF
binary
MD5: b5d9ebe06a145f9f76c07a41b1826fa8
SHA256: 5c5f3c603484f405a13b0b87c83b2683b0a645db94d21a9ba29e9faf5e08e70d
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\8729
compressed
MD5: 6ab0af0e9c8a7ae2ad2ea12264b01520
SHA256: c8adc0064737f1b960f8a70cad9c0516c8bec1bf8bf836770ced8f03d36c151d
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.fivestates.com\cache\morgue\81\{adcbaa4e-7d1e-4c3a-84f8-9b38b9626a51}.final
sz
MD5: 1ff52f6d613484484cfcb2c2d0250cfa
SHA256: 90b0e3c241ad5c81a31ac4698a1d67ebc0ee2572dd4ae9d07bf86191908dc351
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.fivestates.com\cache\morgue\81\{adcbaa4e-7d1e-4c3a-84f8-9b38b9626a51}.tmp
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2C4884F940CE5B1F64498E10E01A77ED34ADDB63
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A8BF4E4D306BCE16E65CF53A217C821EE448C478
der
MD5: 57c72014b861ee5c1cc02101b2591334
SHA256: 45bfa9a854d8a00aa4c34fcb163678228da5dd5af53afa0bfd86dac8c1153d47
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\serviceworker.txt
text
MD5: 076525c5a4fa1d0592e3cab899b93a4c
SHA256: 9d8cb89e562133e83c7df39033852f80afb0e5c3812ac37f0b9c2606cbfab0ef
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\567EA4D983588343CF9B88E8143E103B1FC6FC78
binary
MD5: 274157151bbbb2758f061f4dfd3c426b
SHA256: 67dbd5b1b5197e6f9bb86f9d5a21d761c7fd5c8f7fc7fbe68b53ed811d008e8c
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.fivestates.com\cache\morgue\127\{6407608c-bd30-4442-ba35-d010cb20247f}.final
sz
MD5: c31f0cdbbf62d05dd8be7861b96d0d38
SHA256: 72688bcee2b1238993e3bf3db4faad8e0f977d391b3d5a46202cbd23aedc9331
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.fivestates.com\cache\morgue\127\{6407608c-bd30-4442-ba35-d010cb20247f}.tmp
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\FF83F72F0C759A571FF241A08CEA1A54A4CD37B6
der
MD5: 39e9e967e0edcd3a9453cc95341c4506
SHA256: 333f2aa16238ebaf66d30e383cfeb01d0056645febe8356c7645e66f15368743
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.fivestates.com\cache\morgue\50\{4d3c070a-fbdc-4d30-bb67-382cf3b21232}.final
sz
MD5: 5c2161be578b9298ba32d3784d905459
SHA256: 999dba38017e781c0631962e41deed695e6cfa66371ac7cb0ecdc28feaad662e
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\568C1EAB248CBD2901F7047E1C644077558DE71F
binary
MD5: 94633016cb4b31effbc8d497f7f026e4
SHA256: 18e392127e86457926177906983a55bd1a183321ee50719af4208f7b8c5898a8
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.fivestates.com\cache\morgue\50\{4d3c070a-fbdc-4d30-bb67-382cf3b21232}.tmp
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.fivestates.com\cache\morgue\31\{52731c35-7d4f-4f10-b98b-c59215e0c21f}.final
sz
MD5: 877e30ceb9c59c12cb7ba98a1a4b469c
SHA256: a39ffc89621f946c1fbb9132f93a702b6c964c6015b0e1998a325a4b296ff4cf
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0DE6E14F62DFC53FD1030229258ED8CFDBA3D378
binary
MD5: 8e81c59da0c34a31a1d10b09e8bbba96
SHA256: 2cb259e2e345da225b21a22d6ff64c3c02d747f09e7de3c187889a1b55ad91e4
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.fivestates.com\cache\morgue\31\{52731c35-7d4f-4f10-b98b-c59215e0c21f}.tmp
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\499C472637BEC115902497A7EEB04C0EE8CEDBE1
der
MD5: 684e21d20ee8f5b03d9bfd8b32eb914b
SHA256: 4685b72f0100f4b668a39b019fe3582f8d6882750830943a0219fcbc7006add3
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.fivestates.com\cache\.padding
binary
MD5: 7dea362b3fac8e00956a4952a3d4f474
SHA256: af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.fivestates.com\cache\morgue\179\{df0bd8b3-ad09-4f67-b2ab-2335b30365b3}.final
sz
MD5: 8230c13f8dad376e24a0e82405b80a93
SHA256: 0f89ffcc81c68d4521c0174dc994b2b8fc5c0441e020d14f63f336e2acf3a786
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.fivestates.com\cache\morgue\179\{df0bd8b3-ad09-4f67-b2ab-2335b30365b3}.tmp
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.fivestates.com\cache\caches.sqlite-journal
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.fivestates.com\.metadata-v2
binary
MD5: c995072c34cc0af63def30c0f1c50d92
SHA256: 72b595f18797236d9fdbf6151ff22d7e88e60ebc0cb39ea9db4361027d36561d
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.fivestates.com\.metadata-v2-tmp
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 047d28a89c4336d09b89c8da39ad6aa1
SHA256: 7bd1efcbd9c1f6dc3fc0f7a824f87488e836320168be42dc566bffd04f78a629
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite-journal
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
text
MD5: d71b51937400c60b064449b8c8405ba9
SHA256: 1c8dd6fa6cc10ca0905e6a7f552d0486b2be42c87a74568ba49b3c633aec38b6
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json.tmp
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B72824DB5147C429CA5335D462B3112D5EBBD498
der
MD5: ddd10cf9a7f73addacc3bedb2f6862c7
SHA256: 9a59085918c10fb913115b791af0c98363b73bf25c919f9e35c1fecc70e5693a
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CC50F6BE38D652964A6FDB592B34ACFA88109BE4
image
MD5: 97c1ff7850e5a25b4d7ef128c90125bd
SHA256: 93ead21c73b41ca4b99b379f289026a8df612d8db1567621d655de7807df5e07
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\97D1C626D4E6609E32B89E135C5AA7C9F7D66D0C
image
MD5: af360a6d3ef7537124db306b5c3f12f8
SHA256: 22776886cda5efa00c3b282c09eb027ab35820fbeab53cfef3fa1a9c09872f21
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B54FE28D0AFA5BB41306FA19B092C53ABBBE95B0
image
MD5: 82e0ddb335dda4b0d2279b39716186df
SHA256: 32a818984b5dbd7a60f2f0c69d338e28f8e1f90f4a3fca50faf567a8c4905f72
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\01C58B0FE9059ADD1E27F03758AD8FEE2FDCAD63
compressed
MD5: 9652ae4a3d3a890d3c49efaefaf7b459
SHA256: 4d57dcfe3cb9452021384384fb9a0450fb8f3f48351ccc7713e4ad689335e3a7
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CC73D752AE6C345CA41FE35B101A9875D075E83C
binary
MD5: a067a7c2d56e3ba312f832ddbbca4eba
SHA256: b82075776b04923b59c5f8fde22da78e0b9a78e2484727b4b6e90ea621ae94b2
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C4603DCAEB9F54400196A6400426F6895F07C5A3
image
MD5: 9fca155088cded64d18e822ef26b7b96
SHA256: c5cb9f01cc0943206d66f4d45c140be643a7a0219f2d3f09e1219258b3b6a361
3016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 5b62c13d97d3e9a8a72d46ca5136dcab
SHA256: 4f053c5055e702bb748e9931d4931cc3474c241f98c488fd3d9f49d2b0ddb238
3016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WD2TJC02\tools[1]
image
MD5: 6f20ba58551e13cfd87ec059327effd0
SHA256: 62a7038cc42c1482d70465192318f21fc1ce0f0c737cb8804137f38a1f9d680b
3016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2GY4NPTZ\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
3016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2GY4NPTZ\favcenter[1]
image
MD5: 25d76ee5fb5b890f2cc022d94a42fe19
SHA256: 07d07a467e4988d3c377acd6dc9e53abca6b64e8fbf70f6be19d795a1619289b
3016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\495GZHIJ\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
3016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5UV7C3XN\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
3016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WD2TJC02\noConnect[1]
image
MD5: 3cb8faccd5de434d415ab75c17e8fd86
SHA256: 6976c426e3ac66d66303c114b22b2b41109a7de648ba55ffc3e5a53bd0db09e7
3016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5UV7C3XN\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
3016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\495GZHIJ\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3C8F46BCB98B58EB9366C39A05E695627A319D56
image
MD5: 282d0a4b56048a1a5e2064f834b7cb5c
SHA256: 9bd2916d1a3724ec74fbc5c5453fd8e758e8077b92e353776f8bf4d4865c7ee8
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AED5B6754362F8BEE007EA02FBDD29FFE52803CF
image
MD5: 113825c04b5931aaeaaac96c0ce72c2a
SHA256: ec784bf78b4862644ade852f69a6f529d078e362fe55089809561aa8131f3279
3016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WD2TJC02\dnserror[1]
html
MD5: 68e03ed57ec741a4afbbcd11fab1bdbe
SHA256: 1ff3334c3eb27033f8f37029fd72f648edd4551fce85fc1f5159feaea1439630
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C7FB1B5F94E3BEACB02A435012B3FB97E05776AB
compressed
MD5: 4da063ddef43077b32bd213e74f1e94f
SHA256: d0a989b173a7c5aeae56937609d5846168b324bc964d464ecdc1918efadbc807
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1EBE3366BF4703360716C07AEDED1770C1D4FBD7
image
MD5: fcf0666772fd36c93c024839b1f859cb
SHA256: df3b6794a23b0e4b0bf9bf522529c5ae3191d25ef9447d1fa5bd9bbfa95beeb8
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8080BE30210BECDD3C47779FE60F9A6F55A246AA
compressed
MD5: f14e4c9124814be2368e7c1800444be4
SHA256: b9360ed0e56d7545a339bbfd0f3f9acd3fdf08df26e78076aad99f29ed2c6106
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1A90B2D5F817CE647112D62D004E6FF34F31649F
compressed
MD5: 9ee4d32fa74cbd9afe0ec8696e5ab6ff
SHA256: 7d334f9b6c9282ec718185e4c2daef30e5aa4783e3b2ad279c4dd35cbb4c3f34
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1F35FAF91874975AE0A6E83F056002C0C6DB2DA8
binary
MD5: 5bb61690f42cf685211dcab6d921a8ca
SHA256: 25258504438236d8e6b1b475026b0d0f956b0af72a955f84260f3e883cf49f8c
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\69DDA47AA001FE47E4666C169F530ABE17221006
woff2
MD5: b79e7f5e39e0a8bfb2672b2597a0c3b0
SHA256: 103e51f3c9dd4ab2f1324b49f3508de354e2c1f983fac75670215106f68e39c5
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: faf0bfe4086eeed177864816d7bf19b9
SHA256: a33fa31e3d28bbce62320937a5250dfb41fc284c8216382a8a199b6bcc06216f
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B4EF1FCD5D8993916BEF80F0A7BE5D79A5D63471
ttf
MD5: ca93fed4c3c7d5a8d8e3c6dbb0e9c8ab
SHA256: 0b73041a8fdb9a0546141bd8a7e7cececf8ac682e474499ec64f5c27777a7422
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A45A3810F44BF34800342DA71B15F99A4EFF5EF1
compressed
MD5: a38b556bfc0220099f9a78fc8687e237
SHA256: 1c86dbdf6d623d8d538f75997b1637b4ecbfb353f52d9ba5a3587388c6156a76
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A5D2C97EE352CBA7B9D41309E8458C6CEFDBC9C4
image
MD5: 41617ef7974ce9f7533856f3b7a7a265
SHA256: 9905a3956df07a3af38fe6b899a5367ff42a33f064228ffb443379549b12c3aa
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C373CD30F38095AA5AE1A5C61905853670ACCFF8
compressed
MD5: 1ba070623d404d585dbe8ca81bc6977d
SHA256: efbe35b583d60f23858c78f2ea85ca1f0976c868f33a96ea13f4f3acf4c67395
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: 3481a5fda7e1baa38e78b3bf668b80b3
SHA256: 2835eb0804e7f60ac99f124ddd015b97fef611a5a097e8aa323de2bb14167c87
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4E164385C8BA52BA988C13661E2D098554ABC499
binary
MD5: a27115ad34e8d149e798d10fd47456e9
SHA256: fc7c5197980c1c6fb992ab2085e7b480f24f5fc032b4fdea8c30baaad765d704
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C09E2C853FA6E588D8773DD509BBF4345B31CC55
woff
MD5: 779b65f95ed84a3501f6ac0a0a790793
SHA256: 0fd64b8c35c29a7ff6f48ced7beef0347be94e29663ba2a3ffa11611ec2ee8b0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CDA5F71C46D59F5BEC1FA2DE25C65C3153BE26A7
der
MD5: 2c3217c9f8fbe68368efef6638744c08
SHA256: 63f23d8c3c1f56e6d21fe1cf8fa64a2ba48d8164b1c025f90894d5847732dfbf
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\43952528D98AB48C58B63479201FAE1A85619FDB
binary
MD5: af81b665aa8c47e95e11a363fa9c74b6
SHA256: c0eb0907be04649e3f5e6ad35266d3441b50158b6ed8a1b7d60c064a593ca195
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C59B87ED4A144A3BBC0D62B6ED97808171203498
woff2
MD5: a54bd5501261e6f356145c424ac5042d
SHA256: 0879224501191dbaba64f5051d2368591e36d3b22baeb4cff346a4e567bd0cc6
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E4948727A7E96F19718A93B78ACD4D137D28D9C8
woff2
MD5: 2e41c075ac8aa40dd91c24394ddeb59a
SHA256: 254682d74ec45544236062d2827ce336bcfa745d2156f81aa80a4ffba2cecf8a
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\387CDC65D584ACE8A708966D569B04DD38ACF94E
woff2
MD5: b332b71c1dee90bc9815277bf2f3bc46
SHA256: da8618a978abe287d3c1123d9a7fdffa81b36969467b3b98bfafe98350fa5904
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CC15955916FF23B7D0F6E89923B3E08BD13D9189
woff2
MD5: 5e739a90078238cec51b8bdfd23c623c
SHA256: 5fb61f3a7923305d8ee0d4671f095317ad87cd105a5b86d2d9b1c146d0b544ed
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CE562CDB7DE622B0AE7D315FBA7A61A219D4B220
compressed
MD5: a29acff834c53648f29090894e8c7824
SHA256: c64865e9cc325862d7323681bfabada8115c5e762c55546756273fb8135ca458
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\754559E2A3DC338CAE326A7672971AE46E8A9C29
woff2
MD5: d7c300e451ce23495397400eaabdb1de
SHA256: 4421534655b1204a8dbf352fc88dc60a40923b88b69134c1bc940d816435aa2b
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3DAF7F80950D14900A884A7077F9382EE0B391CA
woff2
MD5: 6abc46b5492ab48f75bb67cb17669699
SHA256: 009f247c7306d362a05f11df7e10029f3c4e248d36e59748a554a224679aeaa8
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\68A7E9304F1485C5868A3DBC5240BCC3C35F9D95
der
MD5: d1387370f378160e050846f77ddf072b
SHA256: 52df160018b646d19e950c8ba2a9a8a77916d9b21f4b2d9124074cb9b588536f
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AB395238B1E08D5DCBA01AC558A3FE3AB891F445
der
MD5: 9e0d8126d70827be6e275f5dab67b1ac
SHA256: 013c931ddb2b9ba8e59f61fe521f2bb91d6dc00d6c5e9419230a3af4952bf61f
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4B83684974F6D9102C456B858CA754288F2BBD74
der
MD5: db136c875f47904ef11ce628056c0a4a
SHA256: 678b7a82fcf59be100dd231fc817aad8b053ef42cc920e15ef52e906902e8c65
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\60EEC2F26605B73DAE47429AC4FE6BD5F03ED173
der
MD5: 22608ee2338cdb887e40ec9ab130e3d2
SHA256: 19b749947dff3023bcad019c5b5ca546fe52778ebd7391ffd2718dc4ebffc7db
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\97998C1BEEF06E1DE358307EF7854121B93A0ADC
der
MD5: 845408c8478e294c8c8cd73c9617dde0
SHA256: 97511609f4a250f0c01eb85b152f3d98eb595e9fb75abf3dc107805cfb0b2bfc
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E72C875F184EDF771D5B25A768327BB4C23D15F3
compressed
MD5: 3a6704890f0c1cfb42e57f1b5deb49ec
SHA256: c21ce14bcdc6662547c4f57bbcb55cb5442e682b7d7a22d9a711e2ea7c0cf828
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\607117208090ED47810158080970DFA307879376
compressed
MD5: 15b1f4fa6720e7aa5b1e07ea7529a3a0
SHA256: 91e313b057f3511b4e680c4a1bc63e3156e871ab1b071a8ed9e14d46538b0a21
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6ED200814C400F2AAD1326F41382416A4A1412E6
compressed
MD5: 1a88f16931acb812101735a4bf7fe395
SHA256: bf4d28c57277b6eae6ec2151c32eb16f649a4ecb5b3c39594757371b2dd8cd15
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AAE56648E6B001C507AD8A33CF85BC7A111B0ABF
compressed
MD5: debc632d0c78f97f20aa8080632ac5b8
SHA256: 098b3271b04ebdb4b2b32f8de27292a0228204854073bd359229380b3448794b
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EC120C60E1FCCFC45F982CE5F11242094DA471FF
compressed
MD5: 060b3c58a4a86007cccd9eadf46e1aa7
SHA256: 7191238d231951f72d7516fd7bc75c44e414dd87ab3244f502b8113829f4c431
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A6A9ED38F2312CF9EAC6856CCF7569C9A5DE4B88
compressed
MD5: a76adf9875be90047e0fa89f5b9b6113
SHA256: 43eafc9e6c1f4c1950eb16f784309a0fea4ae1e49b23b07fd7c4508411879eec
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B8566DE06616D654E1461727B34D5A53C7E345CB
der
MD5: 8ec9b604ebc34e52b8087b70f19bb081
SHA256: eb9333b67456350ed3f049070dfa0a47326ecc144fb876931498bbd5705f2cef
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 5dbbba483fce958873dd15563592d8e6
SHA256: 224f2052b6d56280a591f1d8e2110da549c07a31f99667e173f6634872d31e74
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3301C9EBA7E29717526FCCDA7593B7A2665A0982
compressed
MD5: 1cbe1e60cb09ecd2d77d6b8dad2038e6
SHA256: 2f58a13c2eced4ef92e67f2ca757df365e294bdef4d736b58c1baa3716d7901f
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: ecc3fc0ee80726c18b3d1200486e98db
SHA256: 852af536552ee09d3a174d0473f32f503aebded2e54c88274f5994850b8c6e45
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 9d4c050cab2ff3e9cd7f94e486f142be
SHA256: 403cd6902c2129c21776d0d5a3a24b3957bb2f823d67d3edb0b32f0fccb41c00
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 7b33591a79a31dc58f64ed1b47af84b6
SHA256: 0483eed1347fd1f286598322ba96c4140e0392cf99d487f0df5858d882af207f
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5F758B7038E8D60857D0C1E97A5B007F068221EC
der
MD5: a87643f45ff31e11892a4d9ed9138063
SHA256: 826b22315bac972ea670e983ae139f64aea99306592eab5c0ac60eda332a7748
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json
text
MD5: 9cf5e9e40b5f764838f42c8f2721957f
SHA256: ad9889206f043a9d31af59d6db2a74d9680930c009a560e8cd158bafa271af8f
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json.tmp
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B0F08E53C68D89D981E2154D2F9113444A98849C
der
MD5: 3e7c63e7da0b646a3ec127625b564596
SHA256: db3380eb11f260b80123a55e882321aa804c6a7ff3d2891100df54de11180707
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B54FEB6DB8DF8411B62D17051531460B6EF31C48
der
MD5: bb3b319fabc12ae73e750af1068b0f2f
SHA256: 64c652f6838f56a6cb4a9b7437592b54385a2149868f11afbb84a32b7959e90f
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\991261EA1ACD3DFF9C9F7951AA698EE99633D71F
der
MD5: 665b9cf4308a35261bca69b9ccb3cbf1
SHA256: 50cc6b1fc1ce51d8d95a216ddbfd92b5a30f06b73833a05108af3d74c5644705
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9CA5DFC5CBD4A99EB79E07F362ACFB0DF7427EF7
der
MD5: 12b13e26782fba164ee5a8f738b2ea98
SHA256: 4c34f9fccdc3e6b60c2ac2573dab37d5c169d84e3b90fb134f053ea8c3481eb2
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 72dbe4f0e3c99a660eb413a68c6dcebf
SHA256: 1e4e47b50e324cb59a2c0558eca146c43e2e866bef3d5a08d338cfea37fb32e0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-backup
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.vlpset
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto-1.vlpset
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto-1.vlpset
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.vlpset
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto-1.vlpset
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto-1.vlpset
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.vlpset
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-track-digest256.sbstore
binary
MD5: 3e1de68d2cb28095453a94cfd04ed4b9
SHA256: 540e836bcbbeb8f2bb9ce1e0a6f4aa2643bb9dfd63308f9ff196c4add8169790
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\content-track-digest256.sbstore
binary
MD5: 9702c14e80e6dd390a450909a81d2c8f
SHA256: 92c485c737f5b403bcea9f344de23fd8a8f3ea3629b244f9499e8dad77f3d6d5
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\content-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\analytics-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\analytics-track-digest256.sbstore
binary
MD5: a9204496a61bae22a46f09c64f5ba714
SHA256: 60a19593c0b926880a1778634151338a24fdbf0b741396e279281c3ce4aa1c2d
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\ads-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\ads-track-digest256.sbstore
binary
MD5: 95dfeb0dda5ded36de9cace11803ca4d
SHA256: 5d55af164cfb767c45ea754a98e696407a2b31f902bb2f4fbb212d566ab4c907
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
sqlite
MD5: 813746cc76137f6fa308816e621f4e30
SHA256: cec6d4f1a8e727572c8cfb096ca36c09268c1f00f460ab24d9a9b6f693fc363f
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\ads-track-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\ads-track-digest256.pset
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-track-digest256.pset
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\analytics-track-digest256.pset
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\analytics-track-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\content-track-digest256.pset
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-track-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\content-track-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C7FB1B5F94E3BEACB02A435012B3FB97E05776AB
compressed
MD5: 6a526c35cf5669d4be35fca816d62b17
SHA256: 2553507f5fa0a85dccdfcf94a154911df5dfa3bdaf8b2007276f80ee701d3717
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.vlpset
binary
MD5: e1b450ccb6022ab55d10f3002060f73b
SHA256: 36228a27dff8d5e4c5425ac6a7af10bca8cc2201c4f4de2468739b7c472db941
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.vlpset
binary
MD5: 05c86983bbaeefd5c9dc510c95149305
SHA256: 2c6c867b628885c097bc21e5a471aea5fc693bb0e0adee6572986d943209c55e
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
binary
MD5: cbffadb99e208979b146fe394acb1090
SHA256: 53704cab1a09d2a74146f0be6f5547177092e0d912c018f9e90807c738cad363
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.vlpset
binary
MD5: a92fb61210797ed936fb9745d0e67778
SHA256: 53ded5c15bc1b0f39595bbf4fe6f00dc5bc123040109e986136baba234b4cc65
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
binary
MD5: ad7a4b5f31d8072ebc1a598049e4f486
SHA256: 257d5b6bce279e671230b4fa34a1366cf02db98dc36f58bd6f5b1912ddc33b26
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
binary
MD5: f4827f97f813b6ab0447a2ff98678fef
SHA256: 055bae393c072a9bd56f9c3fe2206144e5ae5c657d279ba7b3c4b01ec490eae0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child.bin
binary
MD5: ba75b380c35e3e0204e1cdb94bb483b7
SHA256: 47a322dcbc35329c2fdc98daa83294349a97adf316c3b5106a5e94d99bacd0dd
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-new.bin
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache.bin
binary
MD5: e0d89d7dd7e509146764839cab8eedca
SHA256: 5f0505d4994f7a060cf16502614f29e97b76bb0dc38a3785b5b54019b51ac764
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-new.bin
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache.bin
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-new.bin
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C407D039DAEB3D0C76572F022374131EEB7A4FD2
der
MD5: cb64a217f33f9e1cea6ed85f4eb3741e
SHA256: 71f6c9e50af9ffaf9eddafa02e436f557a5e8b46adb459b6fd8c93ae2faadb9a
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 3efeeb6856f9c0886334a002c8020987
SHA256: fa8ce6746e9fe8793a91f111165bc1f138634444f3aa074c3a5dd9b9a1303cd0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.vlpset
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\broadcast-listeners.json.tmp
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\broadcast-listeners.json
text
MD5: acec4b14e1828d69fa70bddbdd70eb06
SHA256: 1e8b18e0a0b066b36952e738ca0d346918aba9e85fb720b53bf59a0966aceaf1
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: acea0b5bb428e1d2259ee74fa9946227
SHA256: 8b7848cd2751d0f6ee26962103ae899125218a554e451fa8448edee70c10c008
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\28CD555C8F67F41397D93F6119AF6A2902BC6057
binary
MD5: bb8f87aa39b7fbe61915040e3dfaf239
SHA256: 663465a5f3c7159dfd1e682f2bfa711f4925b42f38a2e992a726ba2ec17279e3
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CC23F944333E8CE7D2CAEA7AA93D7A20C7693127
cer
MD5: 9421de40532f9e278a260f05927bbd19
SHA256: 7c79fae69cb33a81b813fb4f85282226cc95970d0bf61ab17c5c51c3a724faa9
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8D803A2E86C36C92675CBDED174B919329D848E4
binary
MD5: fb567d89841399682b2f5ecfff4d6880
SHA256: 281b9236267bdd1be11f1979a83abb1efc86cddcc680a472cd4c745832518c94
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt
text
MD5: bef8ec74021a23512d2724a28c7dffa5
SHA256: f3f0fed4885bef62a9e666dd47c41b76adb1bd63a2ab14c30e524eb5d91046f6
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations-1.txt
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_am8K98RCZp9vGvr
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0D8E16D0B115F97F1F183A86F585ED951978D83D
cer
MD5: 51f9e4d1e7bef8f31201842bfe1955a3
SHA256: b6ee0dbe23ad32f039506508b154fe5d51cedfdc72f128c6777038ab850dc69a
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1D934245BFF92F546D1D205CC7BEBD74CC72A72A
binary
MD5: 7025998bdbf577a4f7d92aa3a4a16ec2
SHA256: 66a8f3ef4a13ddfc4dd185fe84a1015197facc4eb006cd5363684c224d8921da
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 4acfa79bf13d01cf9b2c3bf596bd3e16
SHA256: bfc382397cfdc08333104eae2179be983e3d483f21fc71a3f27b9b0c63d2b298
2480
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_R3NrwkBKxR0hsc3
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CC23F944333E8CE7D2CAEA7AA93D7A20C7693127
cer
MD5: e4f5226ccb9609f020475871dad4f0a5
SHA256: 9fba88422edf2530083a84a6b93dc0ce8a8413220210d7d4a77311f5d104f569
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\ABEAA48B501FBD6A530EC9F222A741DA79987BC8
binary
MD5: c48aae66f59fd30708d82beda877c4e6
SHA256: c8d5d3590e64d9d2044a706eafc643501ae4b4b3ac81975db3428da6b2e04ca8
2480
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_6djqHM27kj65dkb
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CC23F944333E8CE7D2CAEA7AA93D7A20C7693127
cer
MD5: 6176be238bfcee04c0789f6f2aea308e
SHA256: 636616451b9ae80204bec08ada94e028b68c1a269b527ccceed066a5d1776a18
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B7E10A18EE4E507A772B333D6FAB9A360F069EFB
binary
MD5: 14cb046f0d410065ba574dafa2ed9fc9
SHA256: 4c5c3aeb46d62db3a32382efb8c152ddf0fdbfc2553ea8e56a0a117e2e21162a
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 1821e5bc31007db2658fcac6d06bf73a
SHA256: f9a4ab0b4289ad3303e5bfe5764e4e20adebcd32604622e7baf3432a4e1370f6
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\04F771C9DEFC6F9F95B87377155F920C99E22EAA
der
MD5: 188d4bbc435e418365fb0c95a580f154
SHA256: c57c7d87335c7b8ad3a43b73cd28aab6a5eac36b8c8eb0fcca4bf02ea3a4f3c0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CC23F944333E8CE7D2CAEA7AA93D7A20C7693127
cer
MD5: c37c02211696fc28b876ff68b94d54cf
SHA256: 8eda165880b1cfb63d29e1e5d79457cbcd68daf7f591108141b34469cc767d9e
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\195113AC8F4C3A570D0244DCAB0A999329A15F9F
binary
MD5: abe0541f6f0700dd64980d2663b9fe45
SHA256: 31723ec8e01db7c45abe7f61ac0814e952321f9aba015ae6c6041663884e4604
2480
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_tExGxzcGZuO2M9Y
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\04F771C9DEFC6F9F95B87377155F920C99E22EAA
binary
MD5: d33b6a6c2050e385e8f380fd1dd92ece
SHA256: f5748e9c9b4431cfa54fe68d86fba8c8f5ebae855797aace90659fe9a7109124
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9A3EF8133F0FA6C3DE8D839A13E7E624CC01FBCC
binary
MD5: 18d219029a495ad32764438efdd11382
SHA256: 6fb9e00c70e2fc793a26ab5fc0858ec058d88ae655044fbf22c7e533b2a80c36
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\43F5BE9D212D19F7B72BCAB1F0B317A33D6032B3
binary
MD5: c399c7da94605b461b54e9de0a2d5835
SHA256: 388573d6d0f719510c54f001568f437014052070ba5eac5f83050d41907e003f
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D79C1A96EF7A9A017487083081EAAA632CC44D98
binary
MD5: c2df895a0bbc335fc819d4e3f9e1b2d8
SHA256: cc5f20b53bd93f9586762d01a76f5fb49bea80afe2bb27c71e18585f7c9d6854
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\733855AB7280D975110DF6DD706B42EF9C08C96B
der
MD5: b4edfce60dd67d47f64baa990bec76bd
SHA256: ef2ae40384412e7a1c0ab660217efacacb1b7e88d8005a7ebe73a5f569d98cfc
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: ecc3fc0ee80726c18b3d1200486e98db
SHA256: 852af536552ee09d3a174d0473f32f503aebded2e54c88274f5994850b8c6e45
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4
jsonlz4
MD5: da5a84a2615e68822fa04e81e66ea403
SHA256: 1c43e3fbd8cf850c863bba57a263da38355b9021b4a9bcc9f1d59ecaf9841ce9
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
jsonlz4
MD5: 65a8568f72fdf05a592210c52784c82a
SHA256: 353279aec0402d3777cd400ecfa22ece3e3e882cb1e57056965db44bd1306465
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.tmp
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\BE76CE7A70E3A9A65BE2D08DF77DF71D2530FE64
binary
MD5: 6bd5c8b69705d8ba4b435a1339c429fe
SHA256: 7638bf803e5901b16c73c3c47c69ae3539f80c703344ddd9441ddc8fbbba0f1b
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\37AC539E9AA4AB3F0E75324B1D64A92B77CA101E
image
MD5: ce83d3e7b18dc0b915f94cfdd7fba561
SHA256: b35d80604e19bd1cf13ace396131af98e4594f59ad4987356ef2a1fcb50c3772
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A572AD1991A24174CF0FD5AC4D3D613732ECFBBA
binary
MD5: f1b160fe599c5629ce5c25104ee9a06d
SHA256: 241f7b63f7c9fba83bff2cbab9f4f068cba7b37ac5730c68fa4ce984f9511be8
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: cc2c02d5efc01b08d9c5a120c55a3e6e
SHA256: b3cdba5a3807e3fdc69ec526a4f166e151d18a6c5aae69fe49ce0ff7bb04b19d
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.tmp
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\26151
binary
MD5: a57eac8c4e0d59d6d62c92b05e210c46
SHA256: ba0e89eca0b891a962786df3685c27588ad196a7c42c5218c3e2fa6873f31e89
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A5D93CC48B83C8124FEB6A2E9448677EACA5BA86
binary
MD5: 0d63145839fc27d89b4cec88288e5d86
SHA256: 5b7a88cdd61b180aa62ae6bb9ca52049604fe2bb0f2b9151b735a035b9889aa8
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4726FEC64ABC3EA704C8D1AE92ECDBA094EB0FAF
image
MD5: 9d4b41230afd710e652a9f05a2cede5e
SHA256: 713384a380fd424e316b44d3c33e235f9d687e456b79d8675964fc904d90a8f8
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EE197B20CAB0419D1C0BD23EE03034F880EDC296
image
MD5: d04475847e86ed8f417082805737a196
SHA256: 2c33495281c8142ffbe63c580cf93536fad8da43511745d351d2bab994562a38
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DB6F18DD51965468D943B042EA1532622A134002
der
MD5: 0d90ecaa529e26b6bd2be31ab4d5241d
SHA256: d823c769b2a03c3face5addc9c52360789ce4819104649890cce8a6503698623
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A857317FFD676313B1EAECEB937D423DB1316F58
der
MD5: 8f1d304efacf8d8b5352aa17045cb768
SHA256: 7be2d27cc09d180789cf64cae289e0378c56ca5a698cb207803fbddf575fad11
2480
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_s1IyXsviEGdTpc5
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E8A0BD36458D4C96F8BEF3E2CA3C2F7EC955137F
ini
MD5: 38e3e8d51c344cefadaffef10e1023dd
SHA256: 57a834158f9a6c30a9fba651fac6c3ef0c85932aa4f2056e5da51990b5939258
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
binary
MD5: a5695cc64d77967232b0c1344c6e72b3
SHA256: 042a22b8681d754671d2018ba109b31a53ee3728d48c6379043f8e3394e7fbad
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\3493
binary
MD5: e2ad220e176539d8470f5661a7777caa
SHA256: 48f6f4550310d8a7a573960035008a92744fd448be98fc836612c5e9c5e51938
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
binary
MD5: 3675254e341df799d4307c1f59109185
SHA256: 23d108134bed6099793f7dd6b8b6e62081ec3b945efdbc7c5e0e779fd9b82f98
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
binary
MD5: 65e942614eee70680464ac4be75019fc
SHA256: 34395085da32c8b4efe9959e3b0d756b43ffed17694d66f39b966cd331bd9a94
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
binary
MD5: 95f28ede25c301301f25fbbd9a3c56ec
SHA256: 87763df78772f7d750b0fa5a31eec23e931fd3bd1cbb33beddfc61889da36478
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
binary
MD5: 3d1ce5e50208f0cb3b979186043a548f
SHA256: 1e13d05d482c3d533dc6035af2b2d6e84749412a5748d1435b70cec8b312340b
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
binary
MD5: 051fb32dece757ba112ac36dc72e3a91
SHA256: 0806d98fb3de55f75d7c0b17e26146567e08c483031526659a4a35d09b97ef19
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
binary
MD5: e2cf527ca7550b7e7bdf7311e483a2c3
SHA256: f1e07b1d717433f47073dc54a7d98e3e87b3d0fa88e53466f93ea544af885d11
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
binary
MD5: 2ad4445da23a8e50d667c09150cf1876
SHA256: c1550f9dc8f675c7ff2c896ee91c839e4e2b243e759d71c128521c17f53e91b1
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
binary
MD5: d6acf2573e12afdd7939568804d3fcc1
SHA256: 5525cbf8f8dc41d19ac632ed324e55293a510ae0eeba16d0e3f33c707aa58a0c
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.vlpset
binary
MD5: d9e28d043d05a069ac7962f181a05337
SHA256: efbb9ada8e5f662779444e4de88ce944036b7c73d61acfb70239f809dd153aa1
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
binary
MD5: 6ee2fe4d5c3460929a4eec3138d76e8e
SHA256: 1bd0d3301b97fe608243e61c8fa114cc1ae9b69c0622a10cafe5cc1814df3b7a
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.vlpset
binary
MD5: 8996548565a96f6ba34bc8317fb4f09e
SHA256: f760f51c58a91fcc264b8d27f610372ad510209eae6d0911e0ac236e7405fdc8
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
binary
MD5: f57521d4d31b44fbbb74ba8f2441f52f
SHA256: fd6f2adcf2bce0ac48f15b6a67110e24ec8d24a566422512df2269f2cfac7a0d
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
binary
MD5: c0ff29e2429d6a67594d829b166b9d0b
SHA256: a8ab69af442ae86af43f2a3bf22b91341377be23874762de01e3e71ef08f0318
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
binary
MD5: 7655fffe7cfbe1ebf96afea5fe2e1376
SHA256: ff2f663c4e453706b7817109f6a43e8b3389e8cfb1b7d64aace2bfba45f3a359
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.vlpset
binary
MD5: 93fdf288da71b455cfcb53f9e78add2a
SHA256: 017ed2622f8e5e1d72df4bc872bcf81ccfea9681aede1afdc7f3ddac800b0cf5
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
binary
MD5: 498dae4e538658a57f464748f2dabfda
SHA256: 8778f52cd9cb4f4787bf7ba18006d212f8c3004652d163f7786556a8eef3a067
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
binary
MD5: b4d69f529bf6d261075d04c6a5c56158
SHA256: 2794c0426aa721104df6a8615d57a251af30a79865cc69e369ed41cae4ea4ee8
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
binary
MD5: ba0009932844173bc8f9af264229df24
SHA256: 66d1c00c04d86e313e9a02775cdf906b1be8d4cd6bef423a1b9e21cc4e9f50c1
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
binary
MD5: 6f85bc4b2ecb49e26b0bd83a821065d0
SHA256: c0b3bc9b3dc507ab654caf72d13c3aefa58c9b13b1e4d14dd8816712d80a7e54
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
binary
MD5: c921d8e98fa01b4f303481e112202e92
SHA256: 4ef1038730ec8bc7206713c29a936768831b922c5e6c83355fd62d7401d8c1dc
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore
binary
MD5: 04824a1f92353f43ebb9e7f74b7476fd
SHA256: b48e58ebab82e4c376f16150a3fff850c1111ff1f5985d68819cfd6f0db159d2
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore
binary
MD5: 0e8fe60ccd7e9b4c32589a5743a95302
SHA256: 2b124d4026850a3cffd28dbacb58aec28f7dcd4d40bc14e52bbe96d60ce4e749
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
binary
MD5: 4a1220fc03e11726f09e9981834345db
SHA256: 6ae7fc0fdbe217104f4034bf6a580a461106b50309abccff6e309124dca5ef39
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore
binary
MD5: d886a47c89d9c49c795da345bc236990
SHA256: a03c5e2656d2f292bf5794c8eeb8d223cd6ba4f4bfb2ed1f325460e879d0bcf7
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: e21eccdc44a5a4d7d7dbacd6271ce203
SHA256: 7ce7b4989952e2388df582396e90a9450264b1cdf30031066281af01cdcbc74d
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: 6d378e0d40b6eaca22c8bce899a1c5c1
SHA256: ada2467b2477aceff837ac7820c435ad1ebbe844b2da31c7ab9ae8d010c7a639
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
––
MD5:  ––
SHA256:  ––
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA256: 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 354459382f30b8994109c88659dfa1f3
SHA256: e3e8e2b7e7eeca231620d83c70fa5a926e8b9ce74c51f595f71191dc0b50527e
2480
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-current.bin
binary
MD5: 5027177f513cdae07db2330e1ded5934
SHA256: 0c53f16051e738287a4612f68e296238087627e594cfd6ddfa1fecc2e998328b
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.bin
binary
MD5: de9496aca551ade408ef6466a11833a1
SHA256: 8f9c7fdb3e0bc01024e43a8e242468fc4dd4f74c725e32a883571635203dc10a
2480
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
––
MD5:  ––
SHA256:  ––
3016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: f98e11525fe40aa53cc06b486f68bea9
SHA256: 76e6c302c04518a0461a7442d982dfc868d1c78b4e450c2645edd23187f0dc06
2788
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2788
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2788
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5UV7C3XN\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2GY4NPTZ\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WD2TJC02\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\495GZHIJ\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: a4ac1d6e7c173040678913402b09c05f
SHA256: 4db430eaa1682d42dc6034b7a244ba758f1fc0ac09f69b4aee987f441d0bcb72

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
24
TCP/UDP connections
77
DNS requests
121
Threats
2

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2788 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3016 iexplore.exe GET 301 35.172.94.1:80 http://www.fivestates.com/ US
––
––
malicious
2480 firefox.exe GET 200 2.16.186.50:80 http://detectportal.firefox.com/success.txt unknown
text
whitelisted
2480 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2480 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2480 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2480 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2480 firefox.exe POST 200 216.58.205.227:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
2480 firefox.exe POST 200 216.58.205.227:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
2480 firefox.exe POST 200 216.58.205.227:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
2480 firefox.exe POST 200 216.58.205.227:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
2480 firefox.exe GET 301 35.172.94.1:80 http://www.fivestates.com/ US
––
––
malicious
2480 firefox.exe POST 200 95.101.72.151:80 http://ocsp.int-x3.letsencrypt.org/ unknown
binary
der
whitelisted
2480 firefox.exe POST 200 216.58.205.227:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
2480 firefox.exe POST 200 216.58.205.227:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
2480 firefox.exe POST 200 216.58.205.227:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
2480 firefox.exe POST 200 216.58.205.227:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
2480 firefox.exe POST 200 216.58.205.227:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
2480 firefox.exe POST 200 216.58.205.227:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
2480 firefox.exe POST 200 216.58.205.227:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
2480 firefox.exe POST 200 216.58.205.227:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
2480 firefox.exe POST 200 216.58.205.227:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
2480 firefox.exe POST 200 216.58.205.227:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
2480 firefox.exe POST 200 13.249.12.65:80 http://ocsp.sca1b.amazontrust.com/ US
binary
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
–– –– 192.168.1.2:80 –– unknown
2788 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3016 iexplore.exe 35.172.94.1:80 Amazon.com, Inc. US malicious
3016 iexplore.exe 35.172.94.1:443 Amazon.com, Inc. US malicious
2480 firefox.exe 2.16.186.50:80 Akamai International B.V. –– whitelisted
2480 firefox.exe 52.26.8.178:443 Amazon.com, Inc. US unknown
2480 firefox.exe 52.35.244.72:443 Amazon.com, Inc. US malicious
2480 firefox.exe 13.249.5.161:443 US unknown
2480 firefox.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2480 firefox.exe 54.69.207.70:443 Amazon.com, Inc. US unknown
–– –– 13.249.5.161:443 US unknown
2480 firefox.exe 172.217.23.170:443 Google Inc. US whitelisted
2480 firefox.exe 216.58.205.227:80 Google Inc. US whitelisted
2480 firefox.exe 99.86.88.31:443 AT&T Services, Inc. US unknown
2480 firefox.exe 13.249.11.100:443 US unknown
3016 iexplore.exe 100.24.208.97:443 US malicious
2480 firefox.exe 52.32.91.14:443 Amazon.com, Inc. US unknown
2480 firefox.exe 99.86.88.84:443 AT&T Services, Inc. US malicious
2480 firefox.exe 172.217.18.164:443 Google Inc. US whitelisted
–– –– 172.217.18.164:443 Google Inc. US whitelisted
–– –– 216.58.205.227:80 Google Inc. US whitelisted
2480 firefox.exe 35.172.94.1:80 Amazon.com, Inc. US malicious
2480 firefox.exe 35.172.94.1:443 Amazon.com, Inc. US malicious
2480 firefox.exe 95.101.72.151:80 Akamai International B.V. –– whitelisted
2480 firefox.exe 172.217.21.232:443 Google Inc. US whitelisted
2480 firefox.exe 172.217.21.234:443 Google Inc. US whitelisted
2480 firefox.exe 99.86.90.148:443 AT&T Services, Inc. US unknown
2480 firefox.exe 172.217.22.35:443 Google Inc. US whitelisted
2480 firefox.exe 216.58.205.234:443 Google Inc. US whitelisted
2480 firefox.exe 13.249.9.147:443 US unknown
2480 firefox.exe 13.249.11.37:443 US unknown
2480 firefox.exe 13.249.12.99:443 US unknown
2480 firefox.exe 104.16.89.20:443 Cloudflare Inc US shared
2480 firefox.exe 66.102.1.157:443 Google Inc. US whitelisted
2480 firefox.exe 216.58.207.67:443 Google Inc. US whitelisted
2480 firefox.exe 52.206.46.76:443 Amazon.com, Inc. US unknown
2480 firefox.exe 172.217.16.176:443 Google Inc. US whitelisted
–– –– 13.249.12.65:80 US whitelisted

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.fivestates.com 35.172.94.1
100.24.208.97
malicious
detectportal.firefox.com 2.16.186.50
2.16.186.112
whitelisted
a1089.dscd.akamai.net 2.16.186.112
2.16.186.50
whitelisted
search.services.mozilla.com 52.26.8.178
34.210.145.79
52.36.193.139
whitelisted
search.r53-2.services.mozilla.com 52.36.193.139
34.210.145.79
52.26.8.178
whitelisted
push.services.mozilla.com 52.35.244.72
whitelisted
autopush.prod.mozaws.net 52.35.244.72
whitelisted
snippets.cdn.mozilla.net 13.249.5.161
whitelisted
d228z91au11ukj.cloudfront.net No response unknown
ocsp.digicert.com 93.184.220.29
whitelisted
cs9.wac.phicdn.net 93.184.220.29
whitelisted
tiles.services.mozilla.com 54.69.207.70
34.223.160.244
54.186.225.209
34.210.143.213
52.39.224.180
52.89.51.22
54.68.223.18
54.68.132.173
whitelisted
tiles.r53-2.services.mozilla.com 54.68.132.173
54.68.223.18
52.89.51.22
52.39.224.180
34.210.143.213
54.186.225.209
34.223.160.244
54.69.207.70
whitelisted
support.mozilla.org 34.209.95.119
34.213.134.214
whitelisted
youtube-ui.l.google.com 172.217.18.14
216.58.205.238
172.217.21.206
172.217.23.174
172.217.22.110
172.217.22.46
216.58.208.46
172.217.16.174
216.58.207.78
216.58.207.46
172.217.23.110
216.58.206.14
172.217.23.142
172.217.18.174
whitelisted
www.youtube.com 172.217.18.174
172.217.23.142
216.58.206.14
172.217.23.110
216.58.207.46
216.58.207.78
172.217.16.174
216.58.208.46
172.217.22.46
172.217.22.110
172.217.23.174
172.217.21.206
216.58.205.238
172.217.18.14
whitelisted
prod-tp.sumo.mozit.cloud 34.213.134.214
34.209.95.119
whitelisted
www.facebook.com 185.60.216.35
whitelisted
www.ebay.de 2.18.234.244
whitelisted
star-mini.c10r.facebook.com 185.60.216.35
whitelisted
www.wikipedia.org 91.198.174.192
whitelisted
www.reddit.com 151.101.1.140
151.101.65.140
151.101.129.140
151.101.193.140
whitelisted
e11847.g.akamaiedge.net 2.18.234.244
whitelisted
dyna.wikimedia.org 91.198.174.192
whitelisted
reddit.map.fastly.net 151.101.193.140
151.101.129.140
151.101.65.140
151.101.1.140
whitelisted
www.mozilla.org.cdn.cloudflare.net 104.16.40.2
104.16.41.2
whitelisted
www.mozilla.org 104.16.41.2
104.16.40.2
whitelisted
safebrowsing.googleapis.com 172.217.23.170
whitelisted
ocsp.pki.goog 216.58.205.227
whitelisted
pki-goog.l.google.com 216.58.205.227
whitelisted
firefox.settings.services.mozilla.com 99.86.88.31
99.86.88.5
99.86.88.71
99.86.88.113
whitelisted
d2k03kvdk5cku0.cloudfront.net 99.86.88.113
99.86.88.71
99.86.88.5
99.86.88.31
whitelisted
content-signature-2.cdn.mozilla.net 13.249.11.100
13.249.11.70
13.249.11.11
13.249.11.58
whitelisted
d2nxq2uap88usk.cloudfront.net 13.249.11.58
13.249.11.11
13.249.11.70
13.249.11.100
whitelisted
shavar.services.mozilla.com 52.32.91.14
54.68.166.121
34.209.199.162
34.213.214.155
34.209.180.237
52.40.41.239
whitelisted
shavar.prod.mozaws.net 52.40.41.239
34.209.180.237
34.213.214.155
34.209.199.162
54.68.166.121
52.32.91.14
whitelisted
tracking-protection.cdn.mozilla.net 99.86.88.84
99.86.88.82
99.86.88.32
99.86.88.37
whitelisted
d1zkz3k4cclnv6.cloudfront.net 99.86.88.37
99.86.88.32
99.86.88.82
99.86.88.84
whitelisted
www.google.com 172.217.18.164
whitelisted
s.multiscreensite.com 100.24.208.97
35.172.94.1
unknown
ocsp.int-x3.letsencrypt.org 95.101.72.151
95.101.72.191
whitelisted
a771.dscq.akamai.net No response whitelisted
ssl.google-analytics.com 172.217.21.232
whitelisted
ssl-google-analytics.l.google.com 172.217.21.232
whitelisted
irp-cdn.multiscreensite.com 99.86.90.148
unknown
googleapis.l.google.com 216.58.205.234
172.217.21.202
172.217.23.170
216.58.210.10
172.217.22.106
172.217.22.74
172.217.16.138
172.217.23.106
216.58.206.10
172.217.23.138
172.217.18.10
172.217.22.10
172.217.21.234
whitelisted
ajax.googleapis.com 172.217.21.234
172.217.22.10
172.217.18.10
172.217.23.138
216.58.206.10
172.217.23.106
172.217.16.138
172.217.22.74
172.217.22.106
216.58.210.10
172.217.23.170
172.217.21.202
216.58.205.234
whitelisted
da7otfopzteok.cloudfront.net 99.86.90.148
unknown
fonts.gstatic.com 172.217.22.35
whitelisted
gstaticadssl.l.google.com 172.217.22.35
whitelisted
dd-cdn.multiscreensite.com 13.249.9.147
unknown
fonts.googleapis.com 216.58.205.234
whitelisted
googleadapis.l.google.com 216.58.205.234
whitelisted
d39jbib8sh5lao.cloudfront.net 13.249.9.147
unknown
static-cdn.multiscreensite.com 13.249.11.37
13.249.11.99
13.249.11.3
13.249.11.4
whitelisted
d32hwlnfiv2gyn.cloudfront.net 13.249.12.99
13.249.12.30
13.249.12.43
13.249.12.200
whitelisted
cdn.jsdelivr.net 104.16.89.20
104.16.85.20
104.16.88.20
104.16.87.20
104.16.86.20
whitelisted
cdn.jsdelivr.net.cdn.cloudflare.net 104.16.86.20
104.16.87.20
104.16.88.20
104.16.85.20
104.16.89.20
unknown
stats.g.doubleclick.net 66.102.1.157
66.102.1.155
66.102.1.156
66.102.1.154
whitelisted
stats.l.doubleclick.net 66.102.1.154
66.102.1.156
66.102.1.155
66.102.1.157
whitelisted
www.google.co.uk 216.58.207.67
whitelisted
multiscreenstore-com-vpc-973674827.us-east-1.elb.amazonaws.com No response unknown
app.multiscreenstore.com 52.206.46.76
52.1.93.69
52.87.20.20
unknown
storage.googleapis.com 172.217.16.176
whitelisted
storage.l.googleusercontent.com 172.217.16.176
whitelisted
ocsp.sca1b.amazontrust.com 13.249.12.65
13.249.12.199
13.249.12.207
13.249.12.146
whitelisted

Threats

PID Process Class Message
–– –– Potentially Bad Traffic ET INFO Observed DNS Query to .cloud TLD
–– –– Potentially Bad Traffic ET INFO Observed DNS Query to .cloud TLD

Debug output strings

No debug info.