General Info

File name

Invoice.exe

Full analysis
https://app.any.run/tasks/c971fc18-5ce9-44d2-b21a-54209499f079
Verdict
Malicious activity
Analysis date
6/12/2019, 10:55:53
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

trojan

lokibot

opendir

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5

e69bd345a00cbe7040e90374249662c8

SHA1

0e3b26126c68c2ec4c8284a309559a2c3a4cc093

SHA256

189325cdf16ed29cdacd0f3c83795f6a6c231fcd3c425d419748aa7ed6c54d44

SSDEEP

12288:NkfS1yoGHHWOxDrsuElEQZWPcb3vPILS8L4mNRJViQKKQmpRAIRAo:NaKyVHbsuEGQMPckL8aiQNYXo

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • Notepad.exe (PID: 2228)
  • Notepad.exe (PID: 2872)
  • jyelew.exe (PID: 4092)
Connects to CnC server
  • Notepad.exe (PID: 2228)
Changes the autorun value in the registry
  • Notepad.exe (PID: 2872)
Detected artifacts of LokiBot
  • Notepad.exe (PID: 2228)
LOKIBOT was detected
  • Notepad.exe (PID: 2228)
Actions looks like stealing of personal data
  • Notepad.exe (PID: 2228)
Executable content was dropped or overwritten
  • Notepad.exe (PID: 2228)
  • Notepad.exe (PID: 2872)
  • Invoice.exe (PID: 3104)
Creates files in the program directory
  • firefox.exe (PID: 2996)
Creates files in the user directory
  • Notepad.exe (PID: 2228)
Loads DLL from Mozilla Firefox
  • Notepad.exe (PID: 2228)
Application launched itself
  • Notepad.exe (PID: 2872)
Adds / modifies Windows certificates
  • pingsender.exe (PID: 2420)
  • pingsender.exe (PID: 3404)
Application launched itself
  • firefox.exe (PID: 2996)
Changes settings of System certificates
  • pingsender.exe (PID: 3404)
  • pingsender.exe (PID: 2420)
Manual execution by user
  • firefox.exe (PID: 2996)
Reads CPU info
  • firefox.exe (PID: 2996)
Creates files in the user directory
  • firefox.exe (PID: 2996)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   UPX compressed Win32 Executable (42.1%)
.exe
|   Win32 EXE Yoda's Crypter (41.3%)
.exe
|   Win32 Executable (generic) (7%)
.exe
|   Win16/32 Executable Delphi generic (3.2%)
.exe
|   Generic Win/DOS Executable (3.1%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
1992:06:20 00:22:17+02:00
PEType:
PE32
LinkerVersion:
2.25
CodeSize:
634880
InitializedDataSize:
73728
UninitializedDataSize:
884736
EntryPoint:
0x173cb0
OSVersion:
4
ImageVersion:
null
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
1.2.0.0
ProductVersionNumber:
1.2.0.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Windows NT 32-bit
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
CompanyName:
Byte Technologies LLC.
FileDescription:
ByteFence Real-time Protection Service
FileVersion:
1.2
LegalCopyright:
Copyright Byte Technologies LLC.
ProductName:
ByteFence
ProductVersion:
1.2
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
19-Jun-1992 22:22:17
Detected languages
Arabic - Egypt
English - United States
CompanyName:
Byte Technologies LLC.
FileDescription:
ByteFence Real-time Protection Service
FileVersion:
1.2
LegalCopyright:
Copyright Byte Technologies LLC.
ProductName:
ByteFence
ProductVersion:
1.2
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0050
Pages in file:
0x0002
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x000F
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x001A
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
3
Time date stamp:
19-Jun-1992 22:22:17
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
UPX0 0x00001000 0x000D8000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
UPX1 0x000D9000 0x0009B000 0x0009B000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 7.95098
.rsrc 0x00174000 0x00012000 0x00011C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 5.09739
Resources
1

2

3

4

5

6

7

50

4079

4080

4081

4082

4083

4084

4085

4086

4087

4088

4089

4090

4091

4092

4093

4094

4095

4096

32761

32762

32763

32764

32765

32766

32767

BBABORT

BBALL

BBCANCEL

BBCLOSE

BBHELP

BBIGNORE

BBNO

BBOK

BBRETRY

BBYES

PREVIEWGLYPH

DVCLAL

PACKAGEINFO

TABOUTFORM

TFORM1

T__3300559183

T__3300559199

MAINICON

Imports
    KERNEL32.DLL

    advapi32.dll

    comctl32.dll

    comdlg32.dll

    gdi32.dll

    ole32.dll

    oleaut32.dll

    user32.dll

    version.dll

    winmm.dll

    winspool.drv

Exports

    No exports.

Screenshots

Processes

Total processes
46
Monitored processes
11
Malicious processes
4
Suspicious processes
0

Behavior graph

+
drop and start start invoice.exe jyelew.exe no specs notepad.exe #LOKIBOT notepad.exe firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe pingsender.exe pingsender.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3104
CMD
"C:\Users\admin\AppData\Local\Temp\Invoice.exe"
Path
C:\Users\admin\AppData\Local\Temp\Invoice.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Byte Technologies LLC.
Description
ByteFence Real-time Protection Service
Version
1.2
Modules
Image
c:\users\admin\appdata\local\temp\invoice.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\jyelew.exe

PID
4092
CMD
C:\Users\admin\AppData\Local\Temp\jyelew.exe
Path
C:\Users\admin\AppData\Local\Temp\jyelew.exe
Indicators
No indicators
Parent process
Invoice.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\jyelew.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\opengl32.dll
c:\windows\system32\glu32.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll

PID
2872
CMD
Notepad.exe
Path
C:\Windows\system32\Notepad.exe
Indicators
Parent process
jyelew.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Notepad
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\apphelp.dll

PID
2228
CMD
"C:\Windows\system32\Notepad.exe"
Path
C:\Windows\system32\Notepad.exe
Indicators
Parent process
Notepad.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Notepad
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\program files\mozilla firefox\nss3.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vaultcli.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\userenv.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshtcpip.dll

PID
2996
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe"
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\psapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\msimg32.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\progra~1\mozill~1\nssckbi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\actxprxy.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\program files\mozilla firefox\pingsender.exe

PID
3776
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2996.0.1475941362\442987495" -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - "C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{ce348e4c-7d33-445e-89f9-60108c51bcaf}" 2996 "\\.\pipe\gecko-crash-server-pipe.2996" 1120 gpu
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll

PID
3244
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2996.6.1301236539\1767781394" -childID 1 -isForBrowser -prefsHandle 1232 -prefMapHandle 1728 -prefsLen 1 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2996 "\\.\pipe\gecko-crash-server-pipe.2996" 1796 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

PID
3660
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2996.13.676142767\1580668437" -childID 2 -isForBrowser -prefsHandle 2620 -prefMapHandle 2624 -prefsLen 216 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2996 "\\.\pipe\gecko-crash-server-pipe.2996" 2636 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

PID
3596
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2996.20.1456183330\2028611777" -childID 3 -isForBrowser -prefsHandle 3428 -prefMapHandle 3432 -prefsLen 5824 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2996 "\\.\pipe\gecko-crash-server-pipe.2996" 3444 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

PID
3404
CMD
"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/904ca120-e720-404c-a1fa-6d4d3363d9c6/health/Firefox/65.0.2/release/20190225143501?v=4 C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\904ca120-e720-404c-a1fa-6d4d3363d9c6
Path
C:\Program Files\Mozilla Firefox\pingsender.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Mozilla Foundation
Description
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\pingsender.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll

PID
2420
CMD
"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/454bc40f-dc7c-42b9-922c-4af908a728da/main/Firefox/65.0.2/release/20190225143501?v=4 C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\454bc40f-dc7c-42b9-922c-4af908a728da
Path
C:\Program Files\Mozilla Firefox\pingsender.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Mozilla Foundation
Description
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\pingsender.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll

Registry activity

Total events
781
Read events
741
Write events
36
Delete events
4

Modification events

PID
Process
Operation
Key
Name
Value
2872
Notepad.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
jyelew
C:\Users\admin\AppData\Local\jyelew\jyelew.vbs
2228
Notepad.exe
write
HKEY_CURRENT_USER\������О�����ш������Џ����Й��я��
F63AAA
%APPDATA%\F63AAA\A71D80.exe
2996
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2996
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006E000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3404
pingsender.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3404
pingsender.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006F000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3404
pingsender.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3404
pingsender.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
3404
pingsender.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
3404
pingsender.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
2420
pingsender.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2420
pingsender.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000070000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2420
pingsender.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2420
pingsender.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
2420
pingsender.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
2420
pingsender.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68

Files activity

Executable files
3
Suspicious files
73
Text files
42
Unknown types
41

Dropped files

PID
Process
Filename
Type
2228
Notepad.exe
C:\Users\admin\AppData\Roaming\F63AAA\A71D80.exe
executable
MD5: d378bffb70923139d6a4f546864aa61c
SHA256: c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102
3104
Invoice.exe
C:\Users\admin\AppData\Local\Temp\jyelew.exe
executable
MD5: 906c97d6bf47c9544ed8f5286c91b2a4
SHA256: c0b7e0ee0d022c9fb49851e46f037360960a7ba19db785effd725d1e176321f0
2872
Notepad.exe
C:\Users\admin\AppData\Local\jyelew\jyelew.exe
executable
MD5: 906c97d6bf47c9544ed8f5286c91b2a4
SHA256: c0b7e0ee0d022c9fb49851e46f037360960a7ba19db785effd725d1e176321f0
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 4424c2be3f2d9f882b649b54dcf22fa0
SHA256: fbffe9de044428cef85be4efd30133a46df680fa6e4ccdcf42f6b6b5eb2229aa
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\904ca120-e720-404c-a1fa-6d4d3363d9c6
text
MD5: 6c2fe35c6951e01db3e1be9d93e42a2c
SHA256: 05a2de78ce2f4ed381adfec374cc5575cfca74ef2697234e7b2eb07309e065d1
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\904ca120-e720-404c-a1fa-6d4d3363d9c6.tmp
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-06\1560329801898.904ca120-e720-404c-a1fa-6d4d3363d9c6.health.jsonlz4
jsonlz4
MD5: 95789edbc8c229a75f0c8eac3ce7b314
SHA256: 7426ad602b68ab1aca62cebe0d13380f943a35239da8159ec5966373abb3ebb2
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-06\1560329801898.904ca120-e720-404c-a1fa-6d4d3363d9c6.health.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\85469024-e344-400a-b113-fcf09e25ad2b
text
MD5: 22742397e88ec93a858cdee965d6c430
SHA256: 3df571a7f5b18ffd260830634b4d63d32f8ff4fc7e64e957e590bb623d2066fc
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\85469024-e344-400a-b113-fcf09e25ad2b.tmp
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\aborted-session-ping
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\aborted-session-ping.tmp
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json
text
MD5: 4249c1cbf23b2873011dfdc4f67ebd5c
SHA256: df595250caf98e75cbeddb648d10e43c6f4c7aadb49cdd0954bfae744290c982
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-06\1560329801873.85469024-e344-400a-b113-fcf09e25ad2b.health.jsonlz4
jsonlz4
MD5: 47461b9a41bc12b2710fdf857e74f129
SHA256: 97941c4829b9ab6e349bf372648fe359b23ef346f5c5aee3ce2d8dc75c5ce6cf
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-06\1560329801873.85469024-e344-400a-b113-fcf09e25ad2b.health.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json.tmp
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
sqlite
MD5: 45ed8bc93707c6197c0701eb251789ce
SHA256: ebd84e96d3bac458075417e047957a9478b64f1cb07e1d1d84f8c8f6916ed22d
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 7d754ff48389d3f58ec14a88e941c6c8
SHA256: a1bbd01124614e1784669d3fb7896a7f6f1b31fd73b2af3cd8d3345374df92d2
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite
sqlite
MD5: 9fe569eb4027527710415c6dfc0f04d5
SHA256: 2c16d4b2fbdc1bb129d56455d6faec55fa8106eb2cedcf63340740c09426a41b
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
text
MD5: 120b885c3becc77ebf6b7d377e5e867c
SHA256: cd256c79351140a6e27ef0373e120f245d07b189130ebf40baf4d3859897780d
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite
sqlite
MD5: 6da7b5daac9ff4ccc5d6ce0c5a02fe0d
SHA256: 8fbd7edf1acd38826570fedbca4c7ef89ce5a827774f443d5af62b4a5ecd5ba6
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite-shm
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite-wal
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json.tmp
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-wal
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite
sqlite
MD5: dcf9b53745563a9ed553c5f524fe2b7f
SHA256: adc0dbe78d2d4b1a83c07ea3f1bba876f9b2ff3330e46c1a6c48e9d1d7924f12
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite-wal
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite-shm
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite-wal
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite-shm
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
text
MD5: 362985746d24dbb2b166089f30cd1bb7
SHA256: b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: 362985746d24dbb2b166089f30cd1bb7
SHA256: b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite
sqlite
MD5: 623f28b1ee85c23fa25925dcf4c916ad
SHA256: 8f41f54e1476ea083d3d2da8596a29664eff9d95689cf9f1fc4438a02ed0d993
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt
text
MD5: bb8a945aa5ccf30bf7630992c7c86466
SHA256: 54f7dd922a8eb568dfc541aa817d37097320b1aa92b772ef6f5f99ca724b4dd0
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4
jsonlz4
MD5: 84b267d3f51f1745487692a725fa2f9e
SHA256: ea23473093bf7ba540bfe763cb89c35d2a4b28b8ab07031bb40858ef161b561c
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: edb143d31dada61dfbb768788ea11a22
SHA256: f8f4fb593f1c44fbfe8a20c07b6e6ca22d5e67989884cc94edb8c27b8e71c365
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
sqlite
MD5: 10ac16329c80cfda02c8f3ac4bd41472
SHA256: 74ead0f4acea822849973e17777b2975c1d011331405e0141e4c8eef946d13ac
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\51893A6671C209FF8DAC3D1314FFCE98D5EF2309
binary
MD5: 1eeb51896c3862ee2f625374fbb708be
SHA256: 798c174dac091cf07a1fb16a5a95bb0e477b6ad298b2404fb1ffce8a0766a511
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\97AE667565B6120DDEBF42730CC21468FE5AC36E
binary
MD5: 6cff4a1ef8fffc33a5d0994f54c2e537
SHA256: 421b14289d5ad4baeb4b539257603828bfa5685a4376ac0f3c25be14d467f6c0
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B7D6230DD80E2558FCD5E751D8C676A86D2A9EA3
binary
MD5: e7ff299b8260f54fc6fe2ae16b0da4ce
SHA256: a36085b3acbbaf436631d5fe82ce99f3c6565d78fe3f4388e84721503744cd6a
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child.bin
binary
MD5: 0ad2f5438d889f37ea5811ec56d446b7
SHA256: f70f427259d7d00df4f27ccc5287568d9c4494ff9cc5ce99b343d61ae9b17ae9
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-new.bin
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache.bin
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-new.bin
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache.bin
binary
MD5: 24583610253291890e3a6ee7b9af1ef9
SHA256: c80884e84dba81ba08c50f616dde24f220e20f0a2bd067e131bbdf41cde00c99
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-new.bin
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\93E38B6D42F82F49887A42E658F203EBFFF67F29
image
MD5: a99c055700f9c2e5479b9627a7b4a75a
SHA256: d97874046b60e0c55730d627bb8bcb244b9629a6686220b95702051bd9dacd9a
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3D8697647E8CAF8232260BF15AAF8EC56F65DCC3
der
MD5: 021106de7c676ce886eaab040e925db3
SHA256: f22a3cbb9877160cf6aeac98ce9d5b6dfd7afda56d64360d71bc8f7b7cfbb752
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\51893A6671C209FF8DAC3D1314FFCE98D5EF2309
binary
MD5: 1f1fd8952b5b5cdd6ccc1dee6b7d9922
SHA256: 7d459d6276eb26c1d21b80d6fbd9d410ab8aa67c435502acafbb925864ae7b58
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\84F7092C8766FB5D168F2E6E31542F7F783AA9AC
binary
MD5: 88b5d0e465c6081198341b692e67c328
SHA256: 11fca30995ccb90fb92a9b841a152fc64cf1257fc9940a011c915ce98949d7cc
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3EC5A91F7B821D4EF77068E02B8DF8497379197F
binary
MD5: 00085672136832927cfb50e7202609f8
SHA256: 9795cd50866e69d7788c4a38280fcfa84f677a276f2f4c9738c5566103edca64
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\68B23D2E5E756AFB0ECCE0BFA1D6715564F17458
binary
MD5: 51517d34760e80abaffbf30531edc8b6
SHA256: 07ce7d9df5d1a963f471732dd1cd3c931f6e3d1b92676a387c252b08e0585fbc
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\916095892B2DF6C1A219760974064A9E48A7E842
binary
MD5: a661e502775c11ac6a9f955066fc084d
SHA256: ee45a0e45fe6ed43c5bb6d1fa0e3daaf3153a07b2853e5307ec59cf1b36886f7
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\FEFBD568F11909C32AB0DE2868D01672F893AE1B
binary
MD5: 30d8460c4f3b8d281b62750a382db6c1
SHA256: 5a052576d028fb12181935766e3cc1d00287b0b7fa455fb325dfe614a5d8ceed
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9B31CC011F9018FA5DE35047369BAEA8D19A17C8
binary
MD5: 643ea7ac7333623e9dc6a00f21a37a46
SHA256: 083473e08426c2318c70fde65905a891aea0ad77fec0f4ec8d824ef70e80ec54
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\FBE9616F926C836D4B2C27852FC3FD772869AA29
binary
MD5: 4e28628e6abd374eac7cf736a7b3e90d
SHA256: d1bbf5aac44f0f83ad6da16b4726663186c8779058b060042cef0c1328c9bc80
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EA9B2970E53A29B7F945C834E4B9BBA3E697E143
binary
MD5: 3a2d99ac02bb372231dda8e0928e12a5
SHA256: 4e30f574d26832a35db703c62dd17d61ee28bf9c4925cf3b2ffe3f11be384663
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EAB2380AB209C3F6FBDFFBE96B54DCD40346839A
binary
MD5: 1a5cd24b01e83bcee0e0e4dae9510bad
SHA256: e829131def83b660b1b6d37bc41698a91e767a9670dafff838f42bf4ad7a91f3
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\BD0D023ED7D847045B635551EC30CCBAD9492B3C
image
MD5: 0ce135edf09531729540a1e912801867
SHA256: 89e79589564d3dffbf0c5188f1cd8e495ba5afd2247a0afab378fe96d62cbf19
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3919EA78829D1E87C41F0E5FECC157041C4CD0A8
image
MD5: 3548979a61bba96d6f4d9c8ef13e1a6e
SHA256: c72422d68ab584a1d7fe7442c99e84b05585a38cc756b4730a9b9b3fea815e0b
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 6ef7371816de4bf462a27a6a82a8b2b0
SHA256: 89e8378b8fd972754b0df53b68d75472c499a2eb7ffc4f9776e22396c4561b82
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CA885E95356398A0394CDAEC9F9B2FF80B8B67DC
binary
MD5: 5104481104d4544c887c1f7a20acda12
SHA256: 896caaa2af5e0eccb88a189f3870ec1f2344bd621814918ad25577c7b2946c85
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E53E9B6D0C799833ED79EAC26702337D388A1A80
binary
MD5: 2b29297a4d5c7dd8fd23afad66eac1b8
SHA256: 6b28f1ecf993df66edaec0daeb6b485951afb66a2638d3ffeb6c254b710e3a31
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3618E31B0F92BE9DFFF52D26A376F758912C1114
binary
MD5: 317700e367d3767c399f7be6f4d83301
SHA256: bd454847c75ab2ac61f8b458eebf14c77481f737a376230b95c880a98c948fe8
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E7A968035B26AFA46D859F0CF1C2A151B74BE725
binary
MD5: ba02fee6b94c93e4e6fdf838e41dc442
SHA256: 0277dbbce51340dbdc667f564cff54ec4e5779ca02979813c71a7b844895ebb2
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\317BC9071DC1C02114DF1C548BDE496CDC40B57F
binary
MD5: db53a8e1dd39318fd3cacb3c0bba91bf
SHA256: 522532c6876f429af055b8e404518711ee27afdb017761b8f024bf9b5641055f
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5E2A5C6B7A71E4F0C20DE2E86E7BB770D7EF47FA
binary
MD5: e2b778d993bd7503e8c51f1e80224a7a
SHA256: 1a6866fa3f106c227ff7f8dacdc933f6b3d09748e3e57df55ee7cc13f2199b3b
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-backup
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore
binary
MD5: 04824a1f92353f43ebb9e7f74b7476fd
SHA256: b48e58ebab82e4c376f16150a3fff850c1111ff1f5985d68819cfd6f0db159d2
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
binary
MD5: 3ac28cc7a3cf16ade2eca874c3850fcf
SHA256: 20650e0c1a079b44ced4d28b8912345c78ba242972653e52eafcda5028b0464d
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore
binary
MD5: d886a47c89d9c49c795da345bc236990
SHA256: a03c5e2656d2f292bf5794c8eeb8d223cd6ba4f4bfb2ed1f325460e879d0bcf7
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
binary
MD5: ba0009932844173bc8f9af264229df24
SHA256: 66d1c00c04d86e313e9a02775cdf906b1be8d4cd6bef423a1b9e21cc4e9f50c1
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
binary
MD5: c921d8e98fa01b4f303481e112202e92
SHA256: 4ef1038730ec8bc7206713c29a936768831b922c5e6c83355fd62d7401d8c1dc
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
binary
MD5: 6f85bc4b2ecb49e26b0bd83a821065d0
SHA256: c0b3bc9b3dc507ab654caf72d13c3aefa58c9b13b1e4d14dd8816712d80a7e54
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.pset
binary
MD5: b32644f9897dde5726d35284d0c2f342
SHA256: 189f2ec9db6648446299325712a3a6da44ea3d63e9b89b709cec257df371f954
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
binary
MD5: 46b7939af3d26d190c98371ef56100f4
SHA256: e5b17d22432693b91a1803c560c5da422f68ecc7da6476be3d5bc5b92d6d126f
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.pset
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
binary
MD5: 77fe54400198d466207ccfa00bcaac90
SHA256: 3f7ee05010c78ac2f81a38f5f56267a0dc93b0c62301c44f4b42214d7cd990d9
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.pset
binary
MD5: eb5a5ee503025a6c64549402e68182fb
SHA256: b5c460c3ad6e49e517f7891706ff8a37482034a7c32210687257522d1bd4285d
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
binary
MD5: 82df433d1947cbb04f2504700df4d370
SHA256: a45ac1bc544fb5184b5f0ae3954785ee694d96c2529dec32e724f64a8cf08d78
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
binary
MD5: 7655fffe7cfbe1ebf96afea5fe2e1376
SHA256: ff2f663c4e453706b7817109f6a43e8b3389e8cfb1b7d64aace2bfba45f3a359
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
binary
MD5: 7773d1fd25038d4fb8445daf65940215
SHA256: e84b7512b86fbb94f9832e253b55638c9093ac80f3b9cf701d780826450d345b
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
binary
MD5: aa89a7535de9ef835b5e39d36b10e9ba
SHA256: 29e45c09976a23690fd3ade1191d1e9e4dbd06da0cc31c72245e5cd10f3fa2d6
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.pset
binary
MD5: f091210dbf5c655d2b7f0861e85d9227
SHA256: 0f0b69cf5f1d3d14477b3aa6d640d3d3199622a50f940599e76c3b8b61d1a02f
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite-journal
––
MD5:  ––
SHA256:  ––
3104
Invoice.exe
C:\Users\admin\AppData\Local\Temp\jyelew.bmp
image
MD5: ca113f17e4106d85d8a2db149c65bd9d
SHA256: c9e05e534bd6d821044ca7cf3c0b07035c3e31f7a1f55aa0878bff71f50afbe6
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\25CAFBEE274189BF26DF57790771A0E8158D02C0
der
MD5: 043490c0286dc8c4b2d757fd146a80db
SHA256: 4c6cbfa910a83fa188d0754b288b90c1b67c586fdd1a72dca745164203f0a700
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.pset
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.pset
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.pset
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
binary
MD5: 65e942614eee70680464ac4be75019fc
SHA256: 34395085da32c8b4efe9959e3b0d756b43ffed17694d66f39b966cd331bd9a94
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
binary
MD5: 95f28ede25c301301f25fbbd9a3c56ec
SHA256: 87763df78772f7d750b0fa5a31eec23e931fd3bd1cbb33beddfc61889da36478
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
binary
MD5: a5695cc64d77967232b0c1344c6e72b3
SHA256: 042a22b8681d754671d2018ba109b31a53ee3728d48c6379043f8e3394e7fbad
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
binary
MD5: 3d1ce5e50208f0cb3b979186043a548f
SHA256: 1e13d05d482c3d533dc6035af2b2d6e84749412a5748d1435b70cec8b312340b
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
binary
MD5: e2cf527ca7550b7e7bdf7311e483a2c3
SHA256: f1e07b1d717433f47073dc54a7d98e3e87b3d0fa88e53466f93ea544af885d11
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
binary
MD5: 051fb32dece757ba112ac36dc72e3a91
SHA256: 0806d98fb3de55f75d7c0b17e26146567e08c483031526659a4a35d09b97ef19
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
binary
MD5: 3675254e341df799d4307c1f59109185
SHA256: 23d108134bed6099793f7dd6b8b6e62081ec3b945efdbc7c5e0e779fd9b82f98
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite-journal
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\25218EE79CFF5F3AC18C58CFDF44A674E3560C47
binary
MD5: 2a6b450f11631969915a62fa0d1b18cf
SHA256: ebbd15b3c4a2a152ec6ffff3481d4beeeac1f96587b472e0c03b6d86a6421988
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\97AE667565B6120DDEBF42730CC21468FE5AC36E
binary
MD5: 49f5cb1621bc0d377c27b0880e23e970
SHA256: 81683b57b37de1460562158a7403e9363772c71d3ddb0dda26a11fdf4de72980
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2A30B3C8B17A7856071258034FEC4A67C227A84E
image
MD5: 5a90009aa6430deec63a8d32d7958f2c
SHA256: 00bff599285794293d3b628839301b9b7e0e11790552c9c71f000aa28411004a
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\FBE9616F926C836D4B2C27852FC3FD772869AA29
binary
MD5: c69f50c657f56c3b3713468552b50317
SHA256: c5d1fc00b4a1e55559d6adf4a0c5e02161f9e2244dfadbfea1b23a66080c7492
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\916095892B2DF6C1A219760974064A9E48A7E842
binary
MD5: 66c352dd184731177dfbfa2e91ee286f
SHA256: 78e04778d488356127e539a82648ec002964069249ee470a477989d13cbb89e5
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\FEFBD568F11909C32AB0DE2868D01672F893AE1B
binary
MD5: f519534d7a4e357dcec5790ca3e88fcd
SHA256: 0faf4968da5c092438967e6878cafae8ff8bed547bebb616729afbabdf973b83
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EAB2380AB209C3F6FBDFFBE96B54DCD40346839A
binary
MD5: 23e611f6ae8b8a9b1c59966fbcfb5fa4
SHA256: 64fc4cfc6240606f20b3ded44bdddea93df60c38153eaa22fb0375aa559da529
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\11F9F3A14F38A6D6E2A06201C8EFE00DB978449F
binary
MD5: b6e1d7af8e5f37e0cc03ea871e9f0dfb
SHA256: d6eccfdcc95ce70be3e115de8c842cb82b9fcbd309607c8cb09aa8a870be9f1c
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EA9B2970E53A29B7F945C834E4B9BBA3E697E143
binary
MD5: c0a145cc7e1dbacbc6bbb33fa729eb44
SHA256: 272eb326d92cc79926bfc46a26d505bf12659d70903dc3aba6bb61247fcabd08
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\68B23D2E5E756AFB0ECCE0BFA1D6715564F17458
binary
MD5: fa03b47e9804a0bedc05d4fbbd4d72bc
SHA256: 5b5447192416c8a4518deb2eb33aaf76caf72a8d6f8e87dfdbf17130a313fb92
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3EC5A91F7B821D4EF77068E02B8DF8497379197F
binary
MD5: c89585a0e117ca1624dc1d3a44393885
SHA256: aefd8a6b7999b862ebf95e2a074bb4aa440e58ced4d08daa0e8d1de745736cdb
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\84F7092C8766FB5D168F2E6E31542F7F783AA9AC
binary
MD5: 4d7a4f60da54af340ed2b143e1809187
SHA256: 4a2ca80074909bb4f379643e5d22ca4569ade4bacc671989d9ce59bb0804caea
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9B31CC011F9018FA5DE35047369BAEA8D19A17C8
binary
MD5: b7d70a6212a7ef53b43532ee7a6363f7
SHA256: fb1fa9d0c8efd5a34bb0088d799f4875645039f585295f499c111f96cb4c0231
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6FDBA8B66ABE29510AC141D3B6BDA00B5B4885A5
binary
MD5: 364f3db9745e1c41e18526ee408504b3
SHA256: e556142133226801ace01222508aa2b41e3df0753b03d2d325589983bd8b04c5
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 4c1385ea32bbdd8e7faef10cd0cc2aef
SHA256: ec6d4749a4b06a8a0bf4035d1aece6576a07cb65d6008074a102dcf7f23b61af
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\BD0D023ED7D847045B635551EC30CCBAD9492B3C
image
MD5: faced21f5b4c8fd7940ea0bf1991dafe
SHA256: 3a3d145e353bdc394d32661cbca1a2d7d5ce3c81e3e6dc5f5e99c3a32a7c8b51
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E53E9B6D0C799833ED79EAC26702337D388A1A80
binary
MD5: 7c5c2e1106d2ebd19bc9ba8227cfc242
SHA256: 681215eb68c5e505e021bc08c873ee4d017c890592652c83b165cf613ff94082
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CA885E95356398A0394CDAEC9F9B2FF80B8B67DC
binary
MD5: 4c1a2d19ba256a1c5e05370354996280
SHA256: 25f0bca872f2d4b393a59c16aa6dc92a6589885337f07c55ad08fb42bdd2d886
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\053141FEB9AEB557496386D0E6EB674E344EA7CB
image
MD5: 73b268275004e68040ae1fe2c474f1c2
SHA256: 5a562a9e80f8acba1e70aaaefa7293f567de88f9d53e5a5ee0330f17394b3b02
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\251680DBF93F21535A4F45FE7FC1FA1951218766
image
MD5: 8047e422489a3e84e24ac6de218060e7
SHA256: 534077f47036284231bfdcb7a8e0a5ddfc6cffd3aff6c6bd5bdc3331ce2e254b
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5E2A5C6B7A71E4F0C20DE2E86E7BB770D7EF47FA
binary
MD5: e8029216cf85af290ee7529cc15819fc
SHA256: 0279c7eb0c489fc6e81970b42ea2f7b51700c6d60aa1b2594823cb21f0160015
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D3E4D4646EEAC67B131DE56D6FE6FBE5519C0F98
image
MD5: a94822243e555108417ad54f822a69ae
SHA256: a2688558dfd7bbb3d8951615f109da6f3056c41c5a2e6d5ee206e940bc05e11b
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7A69BC35C9C10F86073FF97959BF84A8CD0ACB04
binary
MD5: a2414b57660a92fec286c92a757c44b0
SHA256: 059f28f03457831d43b417d4ab037b0df55a58b5b5681dfc8e9d73ec1a784c5c
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\620AD1D611CBFB3BC2E87F5F92D1862BD64C1DCD
image
MD5: e85b83b882c9d10289367ce47b02424c
SHA256: e5ed8d99eafb2122d9ed2974db8fa79dbeab154ac4e1bc2557504aabcd0775ff
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\94CF886BB14C6F183FB95117C2F696D5FA463400
image
MD5: e38adafeca12483cc18d73d0a81cf501
SHA256: 3675b10f36b430238746c89567b3c75a949f1645ac2dc07eea85aa3483da9829
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\069D9C4EE60B556D5A035D8FA4B93F324986F0AE
image
MD5: 8d1ca58447cae4e17b171327ae694c88
SHA256: 38c29fc57562d61002db729a092f04ee7b9ec855ddeed835715b63ef9fafbc4b
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\354FFCCECEA24366B7972D21DCA278CC6222E40F
binary
MD5: be3fcd7a6f1f245248a72be7fe587c1d
SHA256: e549225869c4ba0987049ff39c963877c3dc491ee6c6a3817e691844be498ea5
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\82A084FFF05F7A64D03084CA89D793EE2038369D
binary
MD5: ce1a4787f59e7309e020c19043ccde04
SHA256: 7af8690de853e98bc070d6653f342017e36b743d142c48752206f99fcf2ce805
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\317BC9071DC1C02114DF1C548BDE496CDC40B57F
binary
MD5: 662c002ee4e0d3302f4630c8c8b7bb75
SHA256: 7e5eda53f49efa2517993773c5bf5006d7af78b0fd40bace5b1e1ac2ea4c2679
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E7A968035B26AFA46D859F0CF1C2A151B74BE725
binary
MD5: 585c75edc8440621e597399b7963736b
SHA256: 531050d4e0ed99ff893d930b8851304a07c9259d6419fc033df6f734529ca5af
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
jsonlz4
MD5: 7337d087ec76e87a76778b4eec5e8e63
SHA256: aa4398d1716aadeb35a4ddddc4e7d2429c71defd15cb45401938889f5b2f05e0
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.tmp
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1C79D2B69EF5B0F73444D2FB561237C61AFA00AD
binary
MD5: 3d5fd818df368326fb6d42a48bc5693e
SHA256: 3ee4fc2d3aafa7c0d0f8505d1717dd49189af8b472f55ba7f535d212175e0f20
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: 7ce57661829720e7e9c0c1e267b386f0
SHA256: 9d52ad4faabfd95ea6ead509b366fdc67f1621aa5ee46af6317205420a65b42e
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2EB3B7F80A631A2F410938AA4844E1D21EC06C98
der
MD5: ced02a5f268123be57530bc82181551e
SHA256: 1fc907431ceb9b6ca63f085f6bd4abb6ae1e1f3d6fe6b9d74410eb220644914c
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E7A622743433C9703BCB6A575ECC4407358D4C48
der
MD5: aef36fe8a626435873004afda954f5a7
SHA256: c309b88a3809747e757640200f7ed2d7747176fdf4beddf16845ed156422456f
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A6541D20A37AA32F13817595E2B33F9AD5A95FE7
der
MD5: 3bbc3aa576a1491fd3d3f4926160eec4
SHA256: 94964241b19ef9807026f2962fd8407faeecf9902f35eefdd80bdfae27da5ce3
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F71B4DD892F31EE12C04E097F6314A69E7296C10
binary
MD5: 869870fb931aea9072557731e116456f
SHA256: 78373b0359dd75e25ea75661f51886b27f81c1e682469ad494b200edc3da839b
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\67D45B69C746C27A775022DB425874C7069D9620
der
MD5: 9ff36cd9e4ba6ff94474c8c5d7ecf8bc
SHA256: f34e64c3753349c0973861c4fd0f3af10fcb5996ae1f161742dbdc96fd3ac447
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: caa5331a92474c8b479ee97d907ac000
SHA256: 1e2784c601977fd710a33dad58d1cb2e4d20400e2e8f2ee13c81a6f4b375ad0b
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.tmp
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6187F7B1DEF6A8661C7BF0A7BBC1C13DBB6E6B56
binary
MD5: 871694ad23aee7294a85b3c1b4b023fa
SHA256: 07e73000e12f5183db46f561798b9c78a201edca139acf985327f9cfecfe0421
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3428896C8A9132471F5989C455A8C13637750A24
image
MD5: 5b245bb0ec00105945293ce70514a2d1
SHA256: 3a93d17686ddcfafb4f210f6c4d580c2422182eb95008c037773e79b068c8755
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\16A24D9DBE3BFAA442136FA22052DCA7EB422A55
ini
MD5: 054bdfb9d284c2fb91d6d6f0f6bf9d8d
SHA256: f83c300ed9df21ac9cc75bb64ce48c80c796ea103e2b3494bfd2328c31e88f97
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\49968F5AAF6C3D4E162E052C301E673D6E1D2552
binary
MD5: 621eaf00f005457f072448fb11633213
SHA256: 08de30ad461e2ff38b7cdae2c3bf8fee681ffb351b4236514322d6c485816256
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\20097
binary
MD5: 00845cfa655570ede0374d9c0df85b59
SHA256: a421e6f7103b60091014b90f4118ae00b723d80599d4356e3e150b8f2be2359d
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3568D12FFBC15F82D3000E130EB85C7EEA511F79
der
MD5: 5ddda6deedd6026e0881404a1b34a7c1
SHA256: 8fdae20a08fa40e7cfcdbc2f68f9b14421c8bf22e14f66439d2303c17425f43b
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9A7E14D41BC5BEC23D8B2D625E91EA377B9F0438
der
MD5: 2d18459cf39695071f7a8f12ab73e59b
SHA256: d592801440856dc671500a2119869a1f1e3a2866f85c545e769aafbc3fd1357d
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: fa0951743b46ec5a0d2d01251d001408
SHA256: 26ddf2b4b68b5f48f31b4a75298aa1577ebca09a4c8dd800338bbbf62cb28380
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA256: 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 8f89a5889e1615f65674daf6a01a2454
SHA256: f6d3fde91836d607a3311a6e0a12463c811f791a9f231d2ff8542d772fa22ed7
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\trash18345
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-current.bin
gmc
MD5: eea17f67fd57174d29c5ede8dc944b42
SHA256: 807ad7cf5a6bb45426ca2ed79856ad4a141a11acbdde540fd4c10c8bbf01a687
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.bin
gmc
MD5: 50c27fc71b8eb413f290e0a0e0a0f30e
SHA256: cac301e92bd8b54a2baf8dec1aa1f58707f5ad9fa4958b64eedd900dd667fe45
2996
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-06\1560329801987.454bc40f-dc7c-42b9-922c-4af908a728da.main.jsonlz4
jsonlz4
MD5: 73129d46730ee679f56f6615767a9de3
SHA256: 0a1a13e5fc7f44a8b0e643fcc5fffb6b046ab592b590fc442902eaccaebb26a5
2228
Notepad.exe
C:\Users\admin\AppData\Roaming\F63AAA\A71D80.lck
––
MD5:  ––
SHA256:  ––
2228
Notepad.exe
C:\Users\admin\AppData\Roaming\F63AAA\A71D80.hdb
text
MD5: 5302b1b5ec232d44e2d9507fb847fc49
SHA256: 20b58a25872b1e3f7d47dae0c090acf229c49b6e33939934513499cc37bb2684
2228
Notepad.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f
dbf
MD5: 18b8cfc0185c50383aac0a4f30a9dac8
SHA256: 913e8ced6a447fe791954d382aba52d490513c5d2f689b391866c7e561f89a03
2872
Notepad.exe
C:\Users\admin\AppData\Local\jyelew\jyelew.Bat
text
MD5: 1523335522038164c59d48a61803979d
SHA256: 7b3c7e8e42a93366f5b293cc3a304a300690511536cc055a826a8c8942e944b9
2872
Notepad.exe
C:\Users\admin\AppData\Local\jyelew\jyelew.bmp
image
MD5: ca113f17e4106d85d8a2db149c65bd9d
SHA256: c9e05e534bd6d821044ca7cf3c0b07035c3e31f7a1f55aa0878bff71f50afbe6
2872
Notepad.exe
C:\Users\admin\AppData\Local\jyelew\jyelew.vbs
text
MD5: d08cfe1cee2245614d6d023f898a6453
SHA256: 34438311b9897a1569712dd5cda9e0aa3ae02c5931dec0873bd1bd50dd0874bd
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-06\1560329801987.454bc40f-dc7c-42b9-922c-4af908a728da.main.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\454bc40f-dc7c-42b9-922c-4af908a728da.tmp
––
MD5:  ––
SHA256:  ––
2996
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\454bc40f-dc7c-42b9-922c-4af908a728da
text
MD5: 4c99733f23e6e174e0fcb475b9ca7011
SHA256: 0f9256a7eee878122960f69b0dc5eeb2dfb1d982225347ef8043d3d72b134825

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
12
TCP/UDP connections
34
DNS requests
65
Threats
18

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2228 Notepad.exe POST –– 104.168.248.212:80 http://aljust.website/panel/fre.php US
binary
––
––
malicious
2228 Notepad.exe POST –– 104.168.248.212:80 http://aljust.website/panel/fre.php US
binary
––
––
malicious
2228 Notepad.exe POST –– 104.168.248.212:80 http://aljust.website/panel/fre.php US
binary
––
––
malicious
2996 firefox.exe GET 200 88.221.144.105:80 http://detectportal.firefox.com/success.txt IT
text
whitelisted
2996 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2996 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2996 firefox.exe POST 200 172.217.22.3:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
2996 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2996 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2996 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2996 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2996 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2228 Notepad.exe 104.168.248.212:80 Hostwinds LLC. US malicious
2996 firefox.exe 35.165.116.96:443 Amazon.com, Inc. US unknown
2996 firefox.exe 88.221.144.105:80 Akamai International B.V. IT unknown
2996 firefox.exe 54.190.222.97:443 Amazon.com, Inc. US unknown
2996 firefox.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2996 firefox.exe 52.43.91.152:443 Amazon.com, Inc. US unknown
2996 firefox.exe 13.32.159.68:443 Amazon.com, Inc. US unknown
2996 firefox.exe 216.58.207.42:443 Google Inc. US whitelisted
2996 firefox.exe 172.217.22.3:80 Google Inc. US whitelisted
2996 firefox.exe 31.13.92.36:443 Facebook, Inc. IE whitelisted
2996 firefox.exe 185.60.216.19:443 Facebook, Inc. IE whitelisted
–– –– 185.60.216.19:443 Facebook, Inc. IE whitelisted
2996 firefox.exe 185.60.216.35:443 Facebook, Inc. IE whitelisted
2996 firefox.exe 157.240.201.15:443 US unknown
–– –– 157.240.201.15:443 US unknown
2996 firefox.exe 34.223.207.155:443 Amazon.com, Inc. US unknown
2996 firefox.exe 13.32.158.45:443 Amazon.com, Inc. US unknown
2996 firefox.exe 185.60.216.6:443 Facebook, Inc. IE whitelisted
2420 pingsender.exe 35.162.26.63:443 Amazon.com, Inc. US unknown
3404 pingsender.exe 35.162.26.63:443 Amazon.com, Inc. US unknown

DNS requests

Domain IP Reputation
aljust.website 104.168.248.212
malicious
aus5.mozilla.org 35.165.116.96
54.213.5.202
52.34.120.127
34.218.159.169
52.35.34.27
52.40.226.98
52.34.127.169
35.161.58.143
whitelisted
detectportal.firefox.com 88.221.144.105
88.221.144.128
whitelisted
balrog-aus5.r53-2.services.mozilla.com 35.161.58.143
52.34.127.169
52.40.226.98
52.35.34.27
34.218.159.169
52.34.120.127
54.213.5.202
35.165.116.96
whitelisted
a1089.dscd.akamai.net 88.221.144.128
88.221.144.105
whitelisted
search.services.mozilla.com 54.190.222.97
52.11.30.237
34.215.70.240
whitelisted
search.r53-2.services.mozilla.com 34.215.70.240
52.11.30.237
54.190.222.97
whitelisted
ocsp.digicert.com 93.184.220.29
whitelisted
cs9.wac.phicdn.net 93.184.220.29
whitelisted
tiles.services.mozilla.com 52.43.91.152
52.27.87.181
52.42.232.148
54.149.115.79
52.35.96.157
52.26.166.58
52.34.132.219
54.186.163.246
whitelisted
tiles.r53-2.services.mozilla.com 54.186.163.246
52.34.132.219
52.26.166.58
52.35.96.157
54.149.115.79
52.42.232.148
52.27.87.181
52.43.91.152
whitelisted
snippets.cdn.mozilla.net 13.32.159.68
whitelisted
drcwo519tnci7.cloudfront.net 13.32.159.68
whitelisted
safebrowsing.googleapis.com 216.58.207.42
whitelisted
ocsp.pki.goog 172.217.22.3
whitelisted
pki-goog.l.google.com 172.217.22.3
whitelisted
www.facebook.com 31.13.92.36
whitelisted
star-mini.c10r.facebook.com 31.13.92.36
whitelisted
static.xx.fbcdn.net 185.60.216.19
whitelisted
scontent-ams4-1.xx.fbcdn.net 157.240.201.15
unknown
facebook.com 185.60.216.35
whitelisted
scontent.xx.fbcdn.net 185.60.216.19
whitelisted
www.youtube.com 172.217.18.174
172.217.23.142
216.58.206.14
216.58.207.78
216.58.208.46
172.217.16.142
172.217.22.110
216.58.210.14
172.217.16.206
172.217.18.110
216.58.205.238
172.217.22.14
172.217.18.14
whitelisted
www.ebay.de 104.111.216.65
whitelisted
www.amazon.de 13.32.141.45
whitelisted
youtube-ui.l.google.com 172.217.18.14
172.217.22.14
216.58.205.238
172.217.18.110
172.217.16.206
216.58.210.14
172.217.22.110
172.217.16.142
216.58.208.46
216.58.207.78
216.58.206.14
172.217.23.142
172.217.18.174
whitelisted
e11847.g.akamaiedge.net 104.111.216.65
whitelisted
djvbdz1obemzo.cloudfront.net 13.32.141.45
whitelisted
www.reddit.com 151.101.1.140
151.101.65.140
151.101.129.140
151.101.193.140
whitelisted
www.wikipedia.org 91.198.174.192
whitelisted
www.mozilla.org 104.16.41.2
104.16.40.2
whitelisted
reddit.map.fastly.net 151.101.193.140
151.101.129.140
151.101.65.140
151.101.1.140
whitelisted
www.mozilla.org.cdn.cloudflare.net 104.16.40.2
104.16.41.2
whitelisted
dyna.wikimedia.org 91.198.174.192
suspicious
shavar.services.mozilla.com 34.223.207.155
52.24.56.107
52.25.98.1
52.36.109.121
52.42.122.34
52.40.28.81
whitelisted
shavar.prod.mozaws.net 52.40.28.81
52.42.122.34
52.36.109.121
52.25.98.1
52.24.56.107
34.223.207.155
whitelisted
tracking-protection.cdn.mozilla.net 13.32.158.45
13.32.158.236
13.32.158.248
13.32.158.23
whitelisted
d1zkz3k4cclnv6.cloudfront.net 13.32.158.23
13.32.158.248
13.32.158.236
13.32.158.45
whitelisted
cx.atdmt.com 185.60.216.6
whitelisted
atlas.c10r.facebook.com 185.60.216.6
whitelisted
incoming.telemetry.mozilla.org 35.162.26.63
35.160.159.212
35.166.68.10
35.165.148.158
52.13.225.74
35.161.6.28
34.214.74.24
54.70.141.88
whitelisted

Threats

PID Process Class Message
2228 Notepad.exe A Network Trojan was detected ET TROJAN LokiBot User-Agent (Charon/Inferno)
2228 Notepad.exe A Network Trojan was detected ET TROJAN LokiBot Checkin
2228 Notepad.exe A Network Trojan was detected ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1
2228 Notepad.exe A Network Trojan was detected ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2
2228 Notepad.exe A Network Trojan was detected MALWARE [PTsecurity] Loki Bot Check-in M2
2228 Notepad.exe A Network Trojan was detected ET TROJAN LokiBot User-Agent (Charon/Inferno)
2228 Notepad.exe A Network Trojan was detected ET TROJAN LokiBot Checkin
2228 Notepad.exe A Network Trojan was detected ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1
2228 Notepad.exe A Network Trojan was detected ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2
2228 Notepad.exe A Network Trojan was detected MALWARE [PTsecurity] Loki Bot Check-in M2
2228 Notepad.exe A Network Trojan was detected ET TROJAN LokiBot User-Agent (Charon/Inferno)
2228 Notepad.exe A Network Trojan was detected ET TROJAN LokiBot Checkin
2228 Notepad.exe A Network Trojan was detected ET TROJAN LokiBot Request for C2 Commands Detected M1
2228 Notepad.exe A Network Trojan was detected ET TROJAN LokiBot Request for C2 Commands Detected M2
2228 Notepad.exe A Network Trojan was detected MALWARE [PTsecurity] Loki Bot Check-in M2

3 ETPRO signatures available at the full report

Debug output strings

No debug info.