General Info

URL

https://pediatrichomehealthcare-my.sharepoint.com/:b:/g/personal/robert_phhctx_com/EY0-A5GPPO1FueOe5BrrexIBAYpzwShbQt8CIKd6kZ2H5g?e=4%3amubhAJ&at=9

Full analysis
https://app.any.run/tasks/1d89b2de-b672-4882-975e-6c7e8be9d2a6
Verdict
Malicious activity
Analysis date
4/15/2019, 15:34:00
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Application launched itself
  • firefox.exe (PID: 2836)
Reads CPU info
  • firefox.exe (PID: 2836)
Creates files in the user directory
  • firefox.exe (PID: 2836)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
36
Monitored processes
5
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2836
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" https://pediatrichomehealthcare-my.sharepoint.com/:b:/g/personal/robert_phhctx_com/EY0-A5GPPO1FueOe5BrrexIBAYpzwShbQt8CIKd6kZ2H5g?e=4%3amubhAJ&at=9
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\psapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\sspicli.dll
c:\progra~1\mozill~1\nssckbi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\actxprxy.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\installer\{ac76ba86-7ad7-ffff-7b44-ac0f074e4100}\pdffile_8.ico
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll

PID
3860
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2836.0.2043988810\512344834" -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - "C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{ce348e4c-7d33-445e-89f9-60108c51bcaf}" 2836 "\\.\pipe\gecko-crash-server-pipe.2836" 1136 gpu
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\msimg32.dll

PID
2616
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2836.6.181342058\1211746250" -childID 1 -isForBrowser -prefsHandle 832 -prefMapHandle 1692 -prefsLen 1 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2836 "\\.\pipe\gecko-crash-server-pipe.2836" 1696 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID
2288
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2836.13.533959745\780894971" -childID 2 -isForBrowser -prefsHandle 2656 -prefMapHandle 2660 -prefsLen 216 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2836 "\\.\pipe\gecko-crash-server-pipe.2836" 2672 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

PID
3424
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2836.20.774333129\1839532295" -childID 3 -isForBrowser -prefsHandle 3212 -prefMapHandle 3308 -prefsLen 5824 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2836 "\\.\pipe\gecko-crash-server-pipe.2836" 3348 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

Registry activity

Total events
994
Read events
988
Write events
6
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2836
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2836
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006E000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2836
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2836
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1

Files activity

Executable files
0
Suspicious files
77
Text files
31
Unknown types
38

Dropped files

PID
Process
Filename
Type
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4.tmp
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite-journal
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\985D50B778DEB35D8742C97636799D4AA1FA67E0
binary
MD5: 597657fabd28eed435b31f7ffa7f799b
SHA256: 0c8c38a8bf07d5276de3dbbd18b785be60fecb454cf5877c95e8235f8423f7b5
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\BAEC338BE9A05EC8AF9BFF3D09625F88021B41BD
binary
MD5: 1e1e5e57c3bfeb47c7d8b7440c0d2394
SHA256: 7559a76444b6798d41830f5a0f0888e2eed52b2f5dd9e7d3914e3c1f3c13c354
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\70D8DC84990BA669A9AA95DA275E689F8554FF76
image
MD5: 1db8a85652dd4e5527c2e0b111dcf4f3
SHA256: 4f6f3069bf8bd13c123ed817fe4b9897c27f7cac6735b08b7725f82410ace8b5
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AED1D52694B2D0387C8FAC0C9CD803BD5301D337
image
MD5: d98f69f0ff48c71cb101ed3bf2152aa2
SHA256: 3f244527e2bdccefc582cd02e485be25b53db490daa033188c673223a85f7dc2
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\512678723C285DCE36D6B5E8357815569F149AAC
image
MD5: 05147294cd91d0da83b7aa0ffbe41570
SHA256: 876d06704e5cbfc6545a09d8c4b80dc2f5b2bb5163f9f53c0d9840aa26a1af8b
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9B6CA1366734642DE18EE0835EA511AF5ADFBE50
image
MD5: 3085a35958607222debbe3bc0da5b9d0
SHA256: 5491c41a1552f249a1c09cb4e1a22d3d0ffbfed926c93841d7d155112f988860
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B51D698DD5B4A4A57F5DEFEE76D35573B689854B
image
MD5: d3e360f93d4e48d929cdeaecfb1d481d
SHA256: 3a4b41960e12521f40320bf981b5f7993bfafae18a3dd19e52b498be74573185
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\08BB5F98A05DD31837800FBF58707EC8A1E6C1AC
image
MD5: eb316c0fdd1e184dc643a8b7b5436e2d
SHA256: 86463ffdb27481ebada1fd085c996126cf50f52a53bcec64083e73c5d64afe45
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\450C2B4CD87D6C716F7BD1BBB2E16AFCD0A78F5C
image
MD5: 3b05e2362b13abe72f3e3c9c16d9444d
SHA256: 993e598b4206f7efaaba8d7cf35eedc87ccda5c1e9b426f5c165029c82373c51
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\665662BD91EFD9025EDA09F4FD5E8BC2266B157A
image
MD5: 0528fa1c87df6f72c3968403cb78a540
SHA256: 077e0941ebaf35b05a5317097f394b11ecc75e98da911cd6da8372d2d02c0a78
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E6767489C80B093D8EFDBDE991626A7B7244B154
image
MD5: 16e7c2204e9155dbf1963c08b21dbed5
SHA256: 68c9f0ff6f29594e3c7fc94ae5fbafede871aafa6993789e6b2372f9aaef22b0
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\581CFD8ED655FA7344DEF6E5800388FD97FB9E41
image
MD5: 19941469ff75344425541deee7b77926
SHA256: e4cd3935fe88dcc57256322329d62aa301fc1fea6c06658ad337a25b08ea1728
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7390347813279D9921324136623691027368E585
image
MD5: 4f36d05ac05106492730227380bc10d6
SHA256: 6d0020394b55fc5a27c85db11954805a059fc368f2912127642d7e39cd1f0354
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2DDD2868531AED27B49C0F269345A8DCABAA7587
image
MD5: f8ecd1f9e81e3cf261438bc523bfa6c8
SHA256: 62be09f88888c3760ffe0a48d134dcba7e9e4c80d5c36f41ba3c01758f3a78f5
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: e9969233f38d89e48950160d8c52933b
SHA256: 67ab24d6c8955c35229ad3ec611444ab458ba908b835c47a79dab79daca33224
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 31c03eddb3da4e415d1a2acf7d25a9ad
SHA256: 776d76e1b5bf46eac9285feb912da0cc564c0f1ebacf68250bcf35fbef27d237
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B005E30B2E4FF825E53790BD33FC21E6164E0C94
image
MD5: 143573063728b1341a1006140ed01072
SHA256: ba6d4398989cf3d80205ea85dadd442891f2680ec8126e689d3137b38d86624b
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0FCF0EA4BF3341CCC821EEFE6E9A05D2071154FF
image
MD5: 0dabf597acd033a3c3e04387fbb7d925
SHA256: 8dae740f426f8eca1fae824fce73d02d4cb9044c0a6e817b80c873ecc9565b7c
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: c1bfcf31cdfa0ab5f84aee8776967265
SHA256: 06be2b52d98ae8be9e8f4f48f668d7ca6be1ad6c7d377a0acd685a062abc1233
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5E34F37877873F40156FA96FD0C53D0740A9C5D4
image
MD5: b7ebd67f4a413203454211f84d1902d7
SHA256: 3d1ddb6c405ece38488d633b40b2b8ee4adeb3ba0e5d2d7ff7aa028a383ffa37
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0FA0BD4A8C6FB176FBCB5B2F6B4B516B6AEA641D
binary
MD5: 09a1b8858faebdbe874c249b8813fc3b
SHA256: 1e557313e981ba7d5c91a70ad7ceea1b7410bf9d35f857171fc321d8503b7df6
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\985D50B778DEB35D8742C97636799D4AA1FA67E0
binary
MD5: d6181684db4a4a106d8ac5bc134a68cc
SHA256: 082e170ac9ff7a87e2472b67eabed5f9298d15607cf980953f3cd9668cb99347
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
text
MD5: d6e6dbb749820e41ef346a0961425dd7
SHA256: 1c5764d055a8c63bfef41c3a3410bfabf4977bbf0142f627c731b0b7b36628e7
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json.tmp
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
sqlite
MD5: 28df14c5f87ffd1093dd0eba071de244
SHA256: e04bd7348b9e7548346d20f3cd623b235e1f48d15f2f7df211cd490bb8e13040
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: 6a531e4e99052d1a853cf772230bc8ad
SHA256: 57b59e066d8165209a4e8be0757a9e4e13fa304696b3c2584ba3a8fe6f26bda3
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: e9969233f38d89e48950160d8c52933b
SHA256: 67ab24d6c8955c35229ad3ec611444ab458ba908b835c47a79dab79daca33224
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\985D50B778DEB35D8742C97636799D4AA1FA67E0
binary
MD5: 6847a04c342f989c5a5b98af54de4692
SHA256: 7cbf9435f435d0000585049b86f868bed5069f3cc4716f61ec3cad365325d975
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\BAEC338BE9A05EC8AF9BFF3D09625F88021B41BD
binary
MD5: 65270221ddc6abc177589ebc3c1cc7f1
SHA256: 1e071cac3926fef90ad2e130cb2c3c5e28fd48c75faf8aa7c4a205d3d3ff521e
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4FF2A425C22983F1B59A4D57514A96EA4427EF66
binary
MD5: 831c1eb21b3d3497af268cf4aff07439
SHA256: 2827ddd7ea246324f289872d8d7e6eca4490360dd809ea79055da30e8f25d6af
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 726166457800ff59a5bcb1624e20753e
SHA256: 90b9a3e6c35474d8e6a5f30ff16fe8e803ec270dc6b9ebc39024bcc606cce8b9
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DE23B389EB6A29BF74711D30F79F0B21683DA2B7
binary
MD5: 4ce71d80bb7f8c6511d85606e0c9ff80
SHA256: ecd1b0718aad417e976a56fbdb1bc8ead2a9c6437b21345b2741ad66d28c9df4
2836
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_XO7JYtdY7vKuRz5
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_uTttzqOyWdeqP65
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1E137CDCFC633D2DB96378E90D07058F8E2DD90C
cer
MD5: 2b2a1e7ab4bab967761a725f71425fbc
SHA256: 71026be93ddbf927fa3124f448f80a2539bbf184b7d6a1416de7b615aa81ad05
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A62DAA8951D1736AA922A207513B2B70D523ABAF
binary
MD5: 60684c878c420eb637103eb8021b9bc4
SHA256: 085664cf4b6e0ebc46095624612398f15e8482533d16de02c4fa2503b7f53520
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 4de387e315945bca85fd46a593ed72b3
SHA256: 0cdf4e128ddaa5b8a01c66d9a012105c5626a98aeb78b0817e3c430b960f0ef1
2836
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_wdLCo1sZqZQ8tFA
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal
binary
MD5: 1a646994c42153b079cea71be9828de1
SHA256: 1cee9b248e6ea057f3855880f3aebfb5b5f41f395c14a5ccc5645d832db8d2ee
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
sqlite
MD5: 9c72dd036dbe79cd123e9ec50b42e805
SHA256: 0f699aa77faeabfd454c9fdca053b5771501679fd00145dbe190882be6d8078e
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-journal
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2B8FB3A7C1E8990CE64886D66718692D2B2ED2BC
binary
MD5: 29356ad24ac5e11c9191b0f3a7dc63ec
SHA256: 1dc0f06981a0b767c41fa594d9edc662099c68ed3a39165e458032cbc85e7e46
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0FA0BD4A8C6FB176FBCB5B2F6B4B516B6AEA641D
binary
MD5: af4ce89a6411cfc87b2df8c5df4e9d97
SHA256: 712358b9223007a82361349fbdd34fcf71ba422083da70ca3cec2b8d135fd9c9
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C45BA94AE42483A47F5287D5C53DCA4642424A04
binary
MD5: a98340dff8404737911f71803d8ee8a2
SHA256: 8f965f6109670b3c5826ebd216f6a43ddc5e432a807f8325a268010109f58484
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4595EC1E1F2982AF7C485DA2D9045CEBAE50F10B
image
MD5: 0d82b0330c2f6430f131cefd6846d748
SHA256: 09c38d45e686fae1e39ad4e6418921c70051afb19878d5b0c84dbd4438e6b41d
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3B6DA9003B1BD503AD8BE1B2F66053F55F02F3B2
pdf
MD5: 0cd96c05c332e4569a90a6008d29df89
SHA256: 9a15b4555b9b8e5fe28eb0906e95a70f988268273c8da4446a1ea0aa46e65950
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: 0317f90da28adf5f59a5193f1d009f34
SHA256: f0588dcbb52432ad82172c05049af3e7efe3da1eea41dbcc0339c13ebfc6c29a
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 6a531e4e99052d1a853cf772230bc8ad
SHA256: 57b59e066d8165209a4e8be0757a9e4e13fa304696b3c2584ba3a8fe6f26bda3
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0FA0BD4A8C6FB176FBCB5B2F6B4B516B6AEA641D
binary
MD5: ef0c074e9320f8379b588e5c6e3faf1b
SHA256: 8ace1d12ed16bec808bd7f6def80b9794a003d048e788c2903295216edf4ba08
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: e88bf4b570cdcbd72581c0679d033484
SHA256: fb06276510d3269a4f2712c7a186cd48047b495b72ed90623b29695f9758044b
2836
firefox.exe
C:\Users\admin\Downloads\INVOICE.pdf:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2836
firefox.exe
C:\Users\admin\Downloads\INVOICE.pdf
pdf
MD5: 6b6900ba4c74c68410d66c92bd2ffdb0
SHA256: fa6bbbf42df233d9a559d625bdd153609bd3526c4c675f98446c1ed68c0a2074
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
sqlite
MD5: 81c93c0843557c86393d877fca581fe3
SHA256: 6c9305a1c5f4d6436a3f289e4ca1b42a53f6278720fe85d1d422c45369e74946
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EEE75C07A68FFFBF24E4A6562F207AFCE614D40C
pdf
MD5: 5de8c3c1d58e2beec2c1d1a28e8fe4e4
SHA256: c0a08ce6d1581e551b091cee5b942ad951b67ca36ecd924a15ece77b39d8a933
2836
firefox.exe
C:\Users\admin\AppData\Local\Temp\Xe2xvyz7.pdf.part
pdf
MD5: 6b6900ba4c74c68410d66c92bd2ffdb0
SHA256: fa6bbbf42df233d9a559d625bdd153609bd3526c4c675f98446c1ed68c0a2074
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 9700404c985d403a8e8effca7cf5f990
SHA256: 3e453e89636dc8ab36d0c39ad177b1609cc84458c4d1c9658c477fde19dcfc60
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child.bin
binary
MD5: 558efecb4cdb09a52b64b7737a278a26
SHA256: 660da5a16623cb99f05b166ef13dc4da9b481c5c73ad9d714bea1c9fca07d4d6
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-new.bin
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache.bin
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-new.bin
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache.bin
binary
MD5: ae9372bd836fab8be31655ebb36e269a
SHA256: d87e60954d8fc6fe071c91e202cc037483bf67168c2d23793e770945946f0de8
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-new.bin
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-backup
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4
jsonlz4
MD5: a6338865eb252d0ef8fcf11fa9af3f0d
SHA256: 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0FA0BD4A8C6FB176FBCB5B2F6B4B516B6AEA641D
binary
MD5: 920a23f5cd9a7fec6ef69fed357f68d9
SHA256: d0a75ab453b8e5ebea9126cdf74a3ef1626f8bb3b8c1e0793a048a785205275a
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3CDF73AC40AE663728DA822CB66A10BA1CA82347
der
MD5: 70c8f31481c39025f64647a010c9dd02
SHA256: 9342a03a12f7df2b8e73261491ea3f0d1b5307c3a41b81ad5cf71594589c1dd1
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 0c88fb9ca4686d55d8ad51b002d480df
SHA256: 7292996348e48cc109fc4263a9efb0085840813a832d2a7d258d286bf6ebb3da
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CC5FCC4838313B59415E39F1F1748E66BE096781
image
MD5: 3c23dc2143962235d787c5c285881d09
SHA256: 9dad667911ea5a29415abb88de7d1e4e63c89fc84784189748088d0c3474d89f
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C878B9301DC24E8CFCDB64F5335754FF232B212B
compressed
MD5: b97f943c277b697cbad48343381decf8
SHA256: 858b678838361fefa566f47abca83a3d902837a950be4902482be5465db3e9b2
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\44326F98BBF40B443F65A1ED7E4C0FE64D2B995A
compressed
MD5: 6f911e8076dc437dd2bd2de3b1456550
SHA256: 4d2afd6b1839796db510ed4b02e49cec7b9c7cc6450c504f60af424a5205b1d7
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
binary
MD5: a5695cc64d77967232b0c1344c6e72b3
SHA256: 042a22b8681d754671d2018ba109b31a53ee3728d48c6379043f8e3394e7fbad
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5ACB05CA5C413216DB2B5C065C9EDF599A71783E
compressed
MD5: aa3e63355b372681f50779c7f6ba05bd
SHA256: 5fbe5bd750d0b7b4d53d33eb4cb4fa0c3538b3d07ab94616438061edeb3f88bc
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
binary
MD5: 65e942614eee70680464ac4be75019fc
SHA256: 34395085da32c8b4efe9959e3b0d756b43ffed17694d66f39b966cd331bd9a94
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
binary
MD5: 95f28ede25c301301f25fbbd9a3c56ec
SHA256: 87763df78772f7d750b0fa5a31eec23e931fd3bd1cbb33beddfc61889da36478
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
binary
MD5: 3d1ce5e50208f0cb3b979186043a548f
SHA256: 1e13d05d482c3d533dc6035af2b2d6e84749412a5748d1435b70cec8b312340b
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
binary
MD5: 3675254e341df799d4307c1f59109185
SHA256: 23d108134bed6099793f7dd6b8b6e62081ec3b945efdbc7c5e0e779fd9b82f98
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
binary
MD5: 051fb32dece757ba112ac36dc72e3a91
SHA256: 0806d98fb3de55f75d7c0b17e26146567e08c483031526659a4a35d09b97ef19
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
binary
MD5: e2cf527ca7550b7e7bdf7311e483a2c3
SHA256: f1e07b1d717433f47073dc54a7d98e3e87b3d0fa88e53466f93ea544af885d11
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\19D09BFD4D0D4FEEC3841CFAAF398FD419810E66
woff
MD5: 3fae1c055c4d4b04c12a6256d44b53cf
SHA256: 91b7c51f03e93c66d77a3fe9499f8f55a5486f31a67e5fdc63765f6dc67828ba
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EB04FD2F8C6093F0755013A5A191482CC2686797
pdf
MD5: 1ba8a07ca9db4a0c6b5bf3d4836f1243
SHA256: be07aaa9d7b7728311b402fe5202dc7c37023c3f7277892a9a1f8ba5db936e5a
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AED5C3F35B0ABA28C9FB1365F8BAEF7786E8E0C5
compressed
MD5: 0f13d63cbb3ffcd804f83b0de044ea25
SHA256: 14a10d3f991c2e7bc23ff94ae24721d73c393a07a599ecfd9f2ebfd9c32dc128
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DC01DF0B1AFBF79434D5397BCA0ED1A2F2186B31
binary
MD5: 580e1dc1bf5a516250f3576fbc8f4dd7
SHA256: 3937d2986cfa40646a9b7abd50f90ffb7cd5004f8da2db4337ad300530306f85
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EA8007D14E65E1AADF3133C263AB0A9BBDFC5FA2
woff
MD5: b71404fc7ef305aa654c91c0ac7bb796
SHA256: 74a8da09c4d7901b4c8e09c6b3c8f0127dca6527979f917ceb692f50f6d92be7
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7D07D68F445E7047C23A6810D6C305803F319557
woff
MD5: de82a893976dbaa15a66aeba381dfaff
SHA256: ff8eaeded066e069d9907245fd99214b6205374e5d486d22831bf53a0107eae3
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C6DFC154B21065D177A67E0EFBF21A4883ECC219
woff
MD5: 0311fc8f6605c49d3ea374daa50873ff
SHA256: 47354124f55aab4315ce03d62eee4f4a907e069c5a9ca97a5c202567d04e0616
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9388A25BEDC9DED5891F4E1EE47CAF14814A1E89
compressed
MD5: c1b8d6fb16ec95a00c726a5e47c27928
SHA256: 6727cc01f47c060d71508fa3294601bc6f9c052acb2683c0d710d2e5b2b12d64
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7732B937C4927CA59E2B5F6F5F23C6DCB3F4531D
compressed
MD5: 59e1b3e58f4b5ed1e29a4322bfb12af2
SHA256: b26c7f88dfd6e8a9812e711b8d346bcf0e597cfaa97bf4d47bf7cc1f678cfce6
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CE112779C0B23657D8041B809638C80B83979A0D
compressed
MD5: aad699bdbc8854d55be0728a9edc896a
SHA256: f5bc56310770de4254950c8eb3086b00e802ddaa281e7a02851b9d137fbe0b36
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\533FF45D534820CC740F3A936A70A396E812AFA2
compressed
MD5: f26fe46e128ad0ffc080682d92233846
SHA256: 99d7b7f30532ffcb798d01f3981df24f3435c59999f32792813455445a603e70
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CC5FCC4838313B59415E39F1F1748E66BE096781
binary
MD5: 56d086e46b58179cea95cc6b711e0ac7
SHA256: 41c036962efb74a8c5112eec60d00d5a49d8ffa0ec7677668754837534c3b08d
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\25218EE79CFF5F3AC18C58CFDF44A674E3560C47
binary
MD5: 3b613d4e9a1c8bb8c6a44641193a95dc
SHA256: e7ffb9233fadd92e8129c1babd8b679f10ffa98f2ca5e3f910d1c3abe0fbffc0
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0FA0BD4A8C6FB176FBCB5B2F6B4B516B6AEA641D
binary
MD5: c660ca02b2ba459226434815f91b4f07
SHA256: 7f0dbac38f27b506bbba5e08e3b21459cf21e21e6f3dcb2167baf66fe9c38c24
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0302C574FEEA1833D0418D479B09A2D90D49F7E8
binary
MD5: 601007b685f32b69af8bbaab635dc4f3
SHA256: eeb161701d7cc8daa18b214b6ba5e91ec6d5ef9dedfdb533bea607ef19a26af8
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\533FF45D534820CC740F3A936A70A396E812AFA2
binary
MD5: d38abac95ae0e8a81b7b97a548182271
SHA256: 282a326fd6828fbbee136ec11e4e1788de085925deb320893f4f39216b638db8
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CE112779C0B23657D8041B809638C80B83979A0D
binary
MD5: fc3e0bafd89cc8bf854aa508897be808
SHA256: f5baa2c15d2f410d72f07534492b4c6f54437c81530341d9e22e33813be4f995
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 0317f90da28adf5f59a5193f1d009f34
SHA256: f0588dcbb52432ad82172c05049af3e7efe3da1eea41dbcc0339c13ebfc6c29a
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\69E5F6E44AC767A9039CC7B0E73BFC17A52B9DD8
image
MD5: eeb21bdbb7eb74a340333a0b0a56e623
SHA256: 160714a886928ee93dd953058aea743885944b208346c9e72b7ed9a1be134882
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F134556DA1D4CF2F98781D5CE538C5168BF3B95F
compressed
MD5: 07e971d486c83ebdcbb3982a2b141d70
SHA256: cb5b31fd385a6e90d2af3057581d24d0ec50ccea0630bfa44ee2aab39b4196c9
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A450C4DC875C60B6152F4B10D0A2BD0F9D7D3347
compressed
MD5: 78576540958ee2aa51a0a1be5130e7a3
SHA256: a77eecf483fdb3c660d4994440dfdf9fbc43e8d3435508b84f6166d730f4ecf3
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AE08C75A73D5DA5CFB8FAFFA5D7DAC22CA027AB8
compressed
MD5: 2390e3933e83a59130761526aadf4c63
SHA256: ed375eb3cd339c83e6e6e22fff29b41105b8083eebb8c808115cf5b2362eebd0
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\07FF35F333433AB9F0BA687DD615A153F09C5D21
compressed
MD5: 0f41aacffd7b64dd4e8f8dc8ce183603
SHA256: 4b342be793f6cf1fb5a1d70d2e800c8d5b3c6e929dbf7672e17c37c3ed9558bd
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7AE79CAA9AFB50B4C5446D7307FFED7EFDEA2A48
compressed
MD5: 077fe58cc1ceafc883fd0daef4f2eb88
SHA256: 8bff4af08b7c850cb498174e08afa45a13de59d3388e031905a4bdd85b772cad
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8582BDD7B87584D1CFE1FAAB0E05EB8CF2AAF94F
compressed
MD5: c64591a8d457bdf2426b69276592c5aa
SHA256: b5e43a1cce2266052697cdea20ed6f43144161aa707bee2812f01e6178dab8c8
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CC3BB9312993F2EA71B006B45E2328B3F356B2C9
compressed
MD5: ab76248125ce9aed3ac11fb8f7c855ff
SHA256: 90e1808e53a5c7c6645c414d03b3c570cfda1fb84ed619a2ab3d3416eb1f4a77
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\04D7B98EA8E4F7557F561A65E9F029CEE9FFF981
compressed
MD5: a468d33893a1e1de14aea51f81603cf3
SHA256: 4c7479e0e7caa3ba836ca16eccd2e4ef41431ac7a76f2b3add5eca6774db7f57
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6FB48EC615F940556B741D850688451799A80274
compressed
MD5: a974a56e696172d8a2abdd848c816e5c
SHA256: 8e19bc93378fc068fff88cc7b19710f2bd1c843fe1447afb271d2638d74a4f2e
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\641377005C651CF3AED847C62C7C0F10497C4D69
compressed
MD5: 0aad4db96fb42e2ef4c88c0d623c5be5
SHA256: f2b80975ac3adc2e54942485b07dcc19b2912bccd538e2bcffb02e09e252178d
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\05AC387C8DFB24219B7A557BB24E9720171594CB
compressed
MD5: 284e798532fe2f168bfe11edc4f2a586
SHA256: a8d694df406b1ae234cec0d5310669ed6acd04eba177f718cde9a5d5fefe18dd
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\23471447F6AB780919A220966E49173EB5D3B364
compressed
MD5: 391d3e622c0b0167aa5db93ac30385ce
SHA256: fca04c7008c2a4dcaca98e5d22b8340fc3318b36d5eaf7e623b72d6993fcf709
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\835427A1CC770553494C1149E52CE336D00B2C32
compressed
MD5: b3ad8bb92a7d2acc3fee207062119975
SHA256: e216b1dc37ff7d39662c1d18aae8b1fe06738af6b9e142ad85c87489ff6e7ef9
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: ce88a3ecf2b862e16eb2b00074df8843
SHA256: c6627cec81564edf89d572338b5f6a8282c4b3b519f248850bf2d571f797440d
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\BB1DF15F3E1D8BEE811C098906261B0EF4293C51
der
MD5: bce694a427af1ec257b9d136849eec8a
SHA256: 778db16169e6a70b9b1ae2e1715b2aa19a3bb919772378a5966bef23705dbf7c
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\BAEEF221E8191A9D79CF30E5560A9799EDF12382
compressed
MD5: fac69d74cc35c4ce2d02c8fde924ae89
SHA256: 24ef1415d5d3f9dbae59960e5a409c9cfb9e671f6b9f953e7cd588edebaadca6
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F5D09D2411CE8471C4B0AE7C36516B606CD039B8
compressed
MD5: 2fff8e1ca89cb228db9bcfc03cad22b5
SHA256: c5dc173a47459a5de280c109517908e9fe292db54ddc532137de7814f1b55c75
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D86382D97B7BD8D8502A123CD1AA58FA881BFE15
compressed
MD5: d9c322be3579ba03a5be7a7312a91652
SHA256: a98bb78d6e15815d21fdd902685b02e20963229576cb26d2e96b0d445f019d87
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A24ED3143D54573AFE7FD0D012963905C9CC29FF
compressed
MD5: fe71dad79fac1c39f89217780ab69db9
SHA256: 7cffe58a79ea853f3e4c705f0aaf47ad3a5452f004c6025c70c5e285be74fe87
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\05C6A46B4943484ED38F129E0B77620612207F65
compressed
MD5: a1777a72b02fb69da93b18e0bfc99a3b
SHA256: fafbda46d2370ed3d9b62f0ec38897b32f4c9dccc73f50a7ea41f5cff02569b0
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D2E77B75DAD516E512EFAB0995FA183FC6EFA3B9
compressed
MD5: 2651a52aa8797c128aa2639eb912feed
SHA256: 82fa9fbc0da88ccf8b36ee9fbaad82f4178527d1234f835d0887677a3af7e1f0
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\71CAC4A17CE16588F8160C503B1E025010657DF9
compressed
MD5: 578222de1b437b6419f7745bc005be68
SHA256: 13229465cd0cc57c2d37c2485e168a826ff7b74a826e9165de982e06dc39271f
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A24CAD57C89B31594C4F732FC4ABE2A97E1064C9
compressed
MD5: 47a396e730d31befb62ccdcc3ffe9e68
SHA256: 325383bc7cbbca567e4f3e47bbc0d3ff6f0a5266d9bed070187385b5015261be
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
jsonlz4
MD5: 7337d087ec76e87a76778b4eec5e8e63
SHA256: aa4398d1716aadeb35a4ddddc4e7d2429c71defd15cb45401938889f5b2f05e0
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.tmp
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6AB68D47B94000ED1FF1D2DF667038B732C32348
compressed
MD5: 2f3162dd3ab1b106926b9e89b61c9985
SHA256: d8ce8e9250582bbb635d4bea86b2358e2aeda644e074f1baceae849257e2fa84
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\66494D73397FCF2C258174B377FB26AF1779667E
compressed
MD5: 2c728bf7d4ec5e3ca17e2bfcf097eed8
SHA256: 6fa4cab9f3eb391c6153add1807966b4e756e24ef82674a9902a5ab96303d73f
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D2DFD34A880074E351CC4C735D566C08AE54BFDB
compressed
MD5: f93fafdd13dbf974030684efe74d5f8e
SHA256: 2a71f75d2b958da6660b5e9b26bfe7028150f1dbea187f95156479a48c0c6335
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D20D8DE8040DDBCB0B6F7C885918CAF67A3A3B56
compressed
MD5: 8ad5e0d6f590c2b5003fd7875d6c0c20
SHA256: 4b96e9a9e8bee9b96acb931624a83217dad13a24b425715ed93f24857aa41713
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\62A768F8F5F0639803CE85CC2111669BC6914391
compressed
MD5: 54db4066339387c346c54a962527a275
SHA256: 49dbbf6a92bc2a0227809746be33d130b57afdd30b10b010a7f3d9c46e0fbc5c
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: 8c647dc2cca5d4e42937200b57607d2c
SHA256: a7e86e4548a4c34d81a1dc4e0ef5ec19f9b14a044354b92c31a2fc3f4c0c670c
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: 9c78336590e3fe7069cf3581494a66b7
SHA256: cc6c6a5071612386cfb26da7e8fd3297c8457dcc9203c031fc26e0c93870f239
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.tmp
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DB28DFFAED859F365A9538D649D8ADF16E107024
der
MD5: cd8fcce28ca9f82f21a1fe0023f53e55
SHA256: 25a82fcce1249d4f6dfac38b25cf9672878339ae6f58fcdadb5665b53914886a
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D3089A705F8528BEB23E6982A73477F5141C4961
binary
MD5: 235e435fb43cdbc28cae09c4e9171c90
SHA256: af9bd8289a0726ffb5de724cc483a62028294cf21175b3668608d2562cf840fe
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\49968F5AAF6C3D4E162E052C301E673D6E1D2552
binary
MD5: 63aa7914cffdc9fb640087dd56a51166
SHA256: 5190efbcead9f1da4a1d2e926599c56342fee83c11795bc2a8192ef8dcecea2d
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\14753
binary
MD5: 00845cfa655570ede0374d9c0df85b59
SHA256: a421e6f7103b60091014b90f4118ae00b723d80599d4356e3e150b8f2be2359d
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5F48DD1070FAD8360BDB26A01C8DA8DF85CBFCAD
ini
MD5: 0ad70162dcd781bac66cb15bbac54731
SHA256: 48e9a4cec7031b78022840b62ffab3af67c22711c814e5e8fd26146ce6eddf2e
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E6A1983DC61302F37198178A6F3266C2F7D6A778
der
MD5: 3af83dfc92583490f693edf719b15982
SHA256: 8d70acb6308039a546c1c26a262efcc53b5f544674a50a1cd5dc8fe35dac25ad
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: cc0be89edda683ccc61bdc92a383de99
SHA256: 792441881bb9f6c0e75c0d39b02ea650004f51642c88b3413e2936e567bc82d8
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: c50027df624a4d646ad8d8f118471be9
SHA256: e32f18832a6e82cfb5ac77c8de45474760605cba3f747afd6f6686525501024d
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA256: 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA256: 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 8f89a5889e1615f65674daf6a01a2454
SHA256: f6d3fde91836d607a3311a6e0a12463c811f791a9f231d2ff8542d772fa22ed7
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\trash7019
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-current.bin
gmc
MD5: eea17f67fd57174d29c5ede8dc944b42
SHA256: 807ad7cf5a6bb45426ca2ed79856ad4a141a11acbdde540fd4c10c8bbf01a687
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.bin
gmc
MD5: 50c27fc71b8eb413f290e0a0e0a0f30e
SHA256: cac301e92bd8b54a2baf8dec1aa1f58707f5ad9fa4958b64eedd900dd667fe45
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
22
TCP/UDP connections
38
DNS requests
86
Threats
1

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2836 firefox.exe GET 200 173.223.11.159:80 http://detectportal.firefox.com/success.txt NL
text
whitelisted
2836 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2836 firefox.exe POST 200 172.217.18.99:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
2836 firefox.exe POST 200 104.18.24.243:80 http://ocsp.msocsp.com/ US
binary
der
whitelisted
2836 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2836 firefox.exe GET 301 185.94.98.197:80 http://www.seattlepersonalinjurydoctors.com/drives IR
html
unknown
2836 firefox.exe GET –– 185.94.98.197:80 http://www.seattlepersonalinjurydoctors.com/drives/ IR
––
––
unknown
2836 firefox.exe GET 200 185.94.98.197:80 http://www.seattlepersonalinjurydoctors.com/drives/ IR
html
unknown
2836 firefox.exe GET 200 185.94.98.197:80 http://www.seattlepersonalinjurydoctors.com/drives/assets/av011.png IR
image
unknown
2836 firefox.exe GET 200 185.94.98.197:80 http://www.seattlepersonalinjurydoctors.com/drives/assets/av021.png IR
image
unknown
2836 firefox.exe GET 200 185.94.98.197:80 http://www.seattlepersonalinjurydoctors.com/drives/assets/av022.png IR
image
unknown
2836 firefox.exe GET 200 185.94.98.197:80 http://www.seattlepersonalinjurydoctors.com/drives/assets/av031.png IR
image
unknown
2836 firefox.exe GET 200 185.94.98.197:80 http://www.seattlepersonalinjurydoctors.com/drives/assets/av041.png IR
image
unknown
2836 firefox.exe GET 200 185.94.98.197:80 http://www.seattlepersonalinjurydoctors.com/drives/assets/av051.png IR
image
unknown
2836 firefox.exe GET 200 185.94.98.197:80 http://www.seattlepersonalinjurydoctors.com/drives/assets/av061.png IR
image
unknown
2836 firefox.exe GET 200 185.94.98.197:80 http://www.seattlepersonalinjurydoctors.com/drives/assets/landing-devices-bg.png IR
image
unknown
2836 firefox.exe GET 200 185.94.98.197:80 http://www.seattlepersonalinjurydoctors.com/drives/assets/bt01.png IR
image
unknown
2836 firefox.exe GET 200 185.94.98.197:80 http://www.seattlepersonalinjurydoctors.com/drives/assets/bt02.png IR
image
unknown
2836 firefox.exe GET 200 185.94.98.197:80 http://www.seattlepersonalinjurydoctors.com/drives/assets/bt03.png IR
image
unknown
2836 firefox.exe GET 200 185.94.98.197:80 http://www.seattlepersonalinjurydoctors.com/drives/assets/bt04.png IR
image
unknown
2836 firefox.exe GET 200 185.94.98.197:80 http://www.seattlepersonalinjurydoctors.com/drives/assets/bt05.png IR
image
unknown
2836 firefox.exe GET 200 185.94.98.197:80 http://www.seattlepersonalinjurydoctors.com/drives/assets/bt06.png IR
image
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
–– –– 173.223.11.159:80 Akamai International B.V. NL unknown
2836 firefox.exe 13.107.136.9:443 Microsoft Corporation US whitelisted
2836 firefox.exe 52.88.150.81:443 Amazon.com, Inc. US unknown
2836 firefox.exe 52.39.131.77:443 Amazon.com, Inc. US unknown
2836 firefox.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2836 firefox.exe 143.204.173.62:443 US unknown
2836 firefox.exe 172.217.16.202:443 Google Inc. US whitelisted
2836 firefox.exe 172.217.18.99:80 Google Inc. US whitelisted
2836 firefox.exe 2.16.186.40:443 Akamai International B.V. –– whitelisted
2836 firefox.exe 104.103.74.164:443 Akamai Technologies, Inc. NL unknown
2836 firefox.exe 104.18.24.243:80 Cloudflare Inc US shared
2836 firefox.exe 52.114.74.44:443 Microsoft Corporation NL whitelisted
2836 firefox.exe 13.107.136.13:443 Microsoft Corporation US unknown
2836 firefox.exe 34.223.207.155:443 Amazon.com, Inc. US unknown
–– –– 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2836 firefox.exe 52.222.162.99:443 Amazon.com, Inc. US unknown
2836 firefox.exe 52.222.162.6:443 Amazon.com, Inc. US unknown
2836 firefox.exe 185.94.98.197:80 Netmihan Communication Company Ltd IR unknown
2836 firefox.exe 104.103.82.209:443 Akamai Technologies, Inc. NL whitelisted

DNS requests

Domain IP Reputation
detectportal.firefox.com 173.223.11.159
173.223.11.152
whitelisted
pediatrichomehealthcare-my.sharepoint.com 13.107.136.9
unknown
a1089.dscd.akamai.net 173.223.11.152
173.223.11.159
whitelisted
spo-0004.spo-msedge.net 13.107.136.9
unknown
search.services.mozilla.com 52.88.150.81
35.166.112.39
34.213.175.109
whitelisted
search.r53-2.services.mozilla.com 34.213.175.109
35.166.112.39
52.88.150.81
whitelisted
tiles.services.mozilla.com 52.39.131.77
52.34.132.219
35.165.22.140
52.10.122.55
52.35.250.5
35.164.197.9
52.26.103.165
35.164.130.113
whitelisted
tiles.r53-2.services.mozilla.com 35.164.130.113
52.26.103.165
35.164.197.9
52.35.250.5
52.10.122.55
35.165.22.140
52.34.132.219
52.39.131.77
whitelisted
ocsp.digicert.com 93.184.220.29
whitelisted
cs9.wac.phicdn.net 93.184.220.29
whitelisted
snippets.cdn.mozilla.net 143.204.173.62
whitelisted
drcwo519tnci7.cloudfront.net No response whitelisted
safebrowsing.googleapis.com 172.217.16.202
whitelisted
ocsp.pki.goog 172.217.18.99
whitelisted
pki-goog.l.google.com 172.217.18.99
whitelisted
spoprod-a.akamaihd.net 2.16.186.40
2.16.186.25
whitelisted
a1531.g2.akamai.net No response whitelisted
static2.sharepointonline.com 104.103.74.164
whitelisted
e1780.g.akamaiedge.net 104.103.74.164
whitelisted
ocsp.msocsp.com 104.18.24.243
104.18.25.243
whitelisted
ocsp.globalsign.cloud 104.18.25.243
104.18.24.243
malicious
browser.pipe.aria.microsoft.com 52.114.74.44
whitelisted
pipe.cloudapp.aria.akadns.net No response unknown
southcentralus1-mediap.svc.ms 13.107.136.13
unknown
spo-0008.spo-msedge.net 13.107.136.13
unknown
shavar.services.mozilla.com 34.223.207.155
52.26.235.130
54.187.144.104
35.160.231.181
52.33.113.226
52.24.56.107
52.42.83.187
52.42.122.34
whitelisted
shavar.prod.mozaws.net 52.42.122.34
52.42.83.187
52.24.56.107
52.33.113.226
35.160.231.181
54.187.144.104
52.26.235.130
34.223.207.155
whitelisted
tracking-protection.cdn.mozilla.net 52.222.162.99
52.222.162.48
52.222.162.10
52.222.162.38
whitelisted
d1zkz3k4cclnv6.cloudfront.net 52.222.162.38
52.222.162.10
52.222.162.48
52.222.162.99
whitelisted
www.youtube.com 216.58.207.78
172.217.16.174
172.217.16.142
172.217.22.46
172.217.22.78
216.58.210.14
172.217.16.206
172.217.23.174
172.217.21.206
216.58.205.238
172.217.21.238
172.217.18.174
whitelisted
star-mini.c10r.facebook.com 31.13.90.36
whitelisted
www.amazon.de 2.19.46.133
whitelisted
www.facebook.com 31.13.90.36
whitelisted
youtube-ui.l.google.com 172.217.18.174
172.217.21.238
216.58.205.238
172.217.21.206
172.217.23.174
172.217.16.206
216.58.210.14
172.217.22.78
172.217.22.46
172.217.16.142
172.217.16.174
216.58.207.78
whitelisted
e15317.ci.akamaiedge.net 2.19.46.133
whitelisted
www.wikipedia.org 91.198.174.192
whitelisted
www.reddit.com 151.101.1.140
151.101.65.140
151.101.129.140
151.101.193.140
whitelisted
www.ebay.de 104.111.216.65
unknown
e11847.g.akamaiedge.net 104.111.216.65
unknown
reddit.map.fastly.net No response whitelisted
www.mozilla.org 104.16.40.2
104.16.41.2
whitelisted
www.mozilla.org.cdn.cloudflare.net 104.16.41.2
104.16.40.2
whitelisted
www.seattlepersonalinjurydoctors.com 185.94.98.197
unknown
seattlepersonalinjurydoctors.com 185.94.98.197
unknown
d2k03kvdk5cku0.cloudfront.net 52.222.162.155
52.222.162.126
52.222.162.135
52.222.162.6
whitelisted
firefox.settings.services.mozilla.com 52.222.162.6
52.222.162.135
52.222.162.126
52.222.162.155
whitelisted
content-signature.cdn.mozilla.net 52.222.162.99
52.222.162.10
52.222.162.187
52.222.162.12
whitelisted
d12uj65dsn9ho1.cloudfront.net No response whitelisted
p.sfx.ms 104.103.82.209
shared
e9244.g.akamaiedge.net 104.103.82.209
unknown

Threats

PID Process Class Message
2836 firefox.exe Generic Protocol Command Decode SURICATA STREAM excessive retransmissions

Debug output strings

No debug info.