General Info

URL

http://www.mediafire.com/file/jbqdsxch4cval8p/TT_Payment_VB8738339398.rar/file

Full analysis
https://app.any.run/tasks/8906c1d7-2d17-44e9-bcb2-407b20ef27dd
Verdict
Malicious activity
Analysis date
2/11/2019, 12:11:01
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • Host.exe (PID: 2576)
  • TT_Payment_VB8738339398.exe (PID: 3164)
  • TT_Payment_VB8738339398.exe (PID: 2660)
Starts itself from another location
  • TT_Payment_VB8738339398.exe (PID: 3164)
Executable content was dropped or overwritten
  • TT_Payment_VB8738339398.exe (PID: 3164)
  • WinRAR.exe (PID: 4076)
Creates files in the user directory
  • TT_Payment_VB8738339398.exe (PID: 3164)
Application launched itself
  • TT_Payment_VB8738339398.exe (PID: 2660)
Application launched itself
  • firefox.exe (PID: 3392)
Dropped object may contain Bitcoin addresses
  • firefox.exe (PID: 3392)
Reads CPU info
  • firefox.exe (PID: 3712)
  • firefox.exe (PID: 2188)
  • firefox.exe (PID: 3132)
  • firefox.exe (PID: 3392)
Reads settings of System Certificates
  • firefox.exe (PID: 3392)
Creates files in the user directory
  • firefox.exe (PID: 3392)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
39
Monitored processes
8
Malicious processes
1
Suspicious processes
2

Behavior graph

+
start drop and start firefox.exe firefox.exe firefox.exe firefox.exe winrar.exe tt_payment_vb8738339398.exe no specs tt_payment_vb8738339398.exe host.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3392
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" http://www.mediafire.com/file/jbqdsxch4cval8p/TT_Payment_VB8738339398.rar/file
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wpc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\program files\mozilla firefox\softokn3.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\sspicli.dll
c:\progra~1\mozill~1\nssckbi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\program files\winrar\winrar.exe
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\program files\mozilla firefox\mozavutil.dll
c:\program files\mozilla firefox\mozavcodec.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msmpeg2adec.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\sqmapi.dll

PID
3132
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3392.0.1609618617\289745370" -childID 1 -isForBrowser -prefsHandle 1340 -prefsLen 8310 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3392 "\\.\pipe\gecko-crash-server-pipe.3392" 1476 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID
3712
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3392.6.1417339836\1729331357" -childID 2 -isForBrowser -prefsHandle 2508 -prefsLen 11442 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3392 "\\.\pipe\gecko-crash-server-pipe.3392" 2416 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID
2188
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3392.12.1594092730\52777897" -childID 3 -isForBrowser -prefsHandle 2124 -prefsLen 12017 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3392 "\\.\pipe\gecko-crash-server-pipe.3392" 2764 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll

PID
4076
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\TT_Payment_VB8738339398.rar"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\users\admin\desktop\tt_payment_vb8738339398.exe

PID
2660
CMD
"C:\Users\admin\Desktop\TT_Payment_VB8738339398.exe"
Path
C:\Users\admin\Desktop\TT_Payment_VB8738339398.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Marxismleninism
Description
oaklandcity
Version
1.01.0001
Modules
Image
c:\users\admin\desktop\tt_payment_vb8738339398.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sxs.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll

PID
3164
CMD
C:\Users\admin\Desktop\TT_Payment_VB8738339398.exe"
Path
C:\Users\admin\Desktop\TT_Payment_VB8738339398.exe
Indicators
Parent process
TT_Payment_VB8738339398.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Marxismleninism
Description
oaklandcity
Version
1.01.0001
Modules
Image
c:\users\admin\desktop\tt_payment_vb8738339398.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\nsi.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\roaming\install\host.exe

PID
2576
CMD
"C:\Users\admin\AppData\Roaming\Install\Host.exe"
Path
C:\Users\admin\AppData\Roaming\Install\Host.exe
Indicators
No indicators
Parent process
TT_Payment_VB8738339398.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Marxismleninism
Description
oaklandcity
Version
1.01.0001
Modules
Image
c:\users\admin\appdata\roaming\install\host.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sxs.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll

Registry activity

Total events
1332
Read events
1303
Write events
29
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3392
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3392
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3392
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3392
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3392
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\OpenWithProgids
WinRAR
3392
firefox.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
4076
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
4076
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
4076
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
4076
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\TT_Payment_VB8738339398.rar
4076
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
4076
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
4076
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
4076
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
4076
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
0
C:\Users\admin\Desktop

Files activity

Executable files
2
Suspicious files
62
Text files
19
Unknown types
88

Dropped files

PID
Process
Filename
Type
3164
TT_Payment_VB8738339398.exe
C:\Users\admin\AppData\Roaming\Install\Host.exe
executable
MD5: 65437906d1e00a10630a07613a4ed5c6
SHA256: bedb51618ec4fcf665a88a873f341053c222924f37add85f8287a5593716eebb
4076
WinRAR.exe
C:\Users\admin\Desktop\TT_Payment_VB8738339398.exe
executable
MD5: 65437906d1e00a10630a07613a4ed5c6
SHA256: bedb51618ec4fcf665a88a873f341053c222924f37add85f8287a5593716eebb
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.pset
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D0A859652EB27F681D823FBFEFACD5514FF94C4C
compressed
MD5: 3730abc13e5d2bb6f221d73f55ffdf80
SHA256: 44665fca97096d2bdd10f319c38bb94b8245d466f25ee16b060409713df2ff08
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8473F6B6E4603BD96F7DE40AD2F4CF89B6744630
compressed
MD5: 6b3aad7f4ffc1da5e333025a53ed8d91
SHA256: 01393cb51cb0d3dda49b00102a71ba92b4220ef2db8110576e5565dff38b53b5
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8B2634FB16660BA3F2D27C544075DFEACA1E561A
compressed
MD5: d701d6505f5fb30a112a11797657bbe8
SHA256: 8d4d0ab9132959843d2d105d8bca8f66b1cf73d889db41c10cd0c132e0593b53
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\162BDAA0391079DE536E0ED1CD11B422E27454DB
cer
MD5: 18e3ad38907ca6f5c241ee4295ae2241
SHA256: dc8e97770e186561e02ba62567c564741550ca58180b73e6a1d9a2dd04548d3f
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\96E3CDF8FA4A0DCBB81F0A922B22FED61FC7D2FB
compressed
MD5: 193a087c8c78f181592931b1fb49f72e
SHA256: 5c82a4fbbf113e7a27ddc88ab58594b62281f9ca79061b58de647097641f08a9
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\162BDAA0391079DE536E0ED1CD11B422E27454DB
cer
MD5: 210d7dbeac78f23ee7fa1a61e3dc58dd
SHA256: 31e216d807f27af9612209c53ab434384b216a90f8b2467270d995290ea8fb34
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\162BDAA0391079DE536E0ED1CD11B422E27454DB
cer
MD5: 15c709a16249f91d74f291ebf15e0ae9
SHA256: 49ef59e0ee3253315390b2044587034a6e8ac0b633a835e51107bc34336f1cbc
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\162BDAA0391079DE536E0ED1CD11B422E27454DB
cer
MD5: a62172d6b6a1a9a2574488c75df92460
SHA256: a7107e07c7b99a33f0d70500fe435a9ca3d3503e8af7fa37a9ce2d6b86099cc6
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\162BDAA0391079DE536E0ED1CD11B422E27454DB
cer
MD5: c99a324d31644becb7cd29dc8b21c482
SHA256: 5f9539280612e336c592b23f44c0ba49e1e43569ed61a659f5bf0412f261cc87
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: d3f4015aa2941a57dc219017ae8499f3
SHA256: 6123dc864d998f99bf48bd9b8896c3f240780e54da4598ba495dda74965b0f14
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E21F074DBAD1CB7994F383C419228B689766FB1C
compressed
MD5: 80e6079c59f921cf4e7e5d4ca1d8ec1a
SHA256: ec63d6c0584b47d7f28b2dfd1d41636d4235f670756aae1b164d07241ade5d09
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5C3B1B4A3AF3BDDFB5E032BA9BA685FAE38E7418
binary
MD5: c3646ecab4944182f77480d46451cc27
SHA256: 8f275bf941ea16c316c14dd4466e5887d47dca9db526009f03f32c0c1b7ac97f
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
binary
MD5: 38542545b119c6a5f154de03a0533755
SHA256: cae5a3b3e07a9c643e15e1062cd94cc9e15260e92ff54618bfb498b32f73a59d
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF2488e7.TMP
binary
MD5: 38542545b119c6a5f154de03a0533755
SHA256: cae5a3b3e07a9c643e15e1062cd94cc9e15260e92ff54618bfb498b32f73a59d
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7SF7D6F70GD8WRTB49U8.temp
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: b6e36e68fd1f75f75733bf41238a6eae
SHA256: d24183e6ce143ff50999d3bca6d20529496b918e2c973f268250c3ec26bf881c
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite
sqlite
MD5: dceb18d4d537fd301a2c65b30401cd67
SHA256: 2d25fec8cfbaa05a01b03dd0d807cf43c5306b892bd108d58dc9e27024e6a1ef
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite-wal
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite-shm
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite
sqlite
MD5: e71cd41a926bd33380be00354f05838d
SHA256: 7822c61e793c4dbe6917f24a09afc91d2126ccd5f2f8d3cbd341ddef30b6ea82
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite-shm
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite-wal
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite
sqlite
MD5: add63a6e91d426d0dd2bcd65cb454a7f
SHA256: 3e171318dd7852ea950b1acbef9dfadfe2c93c613a43893de4d8d9ad1dc48201
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite-shm
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite-wal
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite
sqlite
MD5: 1b79d1379146029e5e2fd64a4971f92b
SHA256: 0d2c6e1c21f25371441f20422ab231df864423a12fd1bce07dbe72cccdc66a42
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite-shm
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite-wal
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite-shm
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite-shm
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite-shm
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 6a49f19af6d972b27d970702f2932753
SHA256: b092f74a683e6b64d5de5fff0d88221f87f8ffe9151715a420fab877ecd4826a
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\startupCache.4.little
compressed
MD5: 02ba1ad3af841fb3d0c1e1ef0eb53107
SHA256: 99a8343aebae502fc4437a60710145fe11092e9e01417bb5148d7fd2ddb3b9bc
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\shield-recipe-client.json
text
MD5: b825ef1a746c9ce6781038cce8f0532e
SHA256: 06c006f61792bab70d9563aab6a31e63ba0cdd830b8f4f6945a63dddc34efe2e
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 671d813d8e3b3ce4718147285e660ca2
SHA256: aa944c6c9537547653c1db19d37d10c4bb3d998b87fc06fb45e5c2622da6b3a5
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4A12524EA8D814691D0122D4B4A07FA32B66333C
der
MD5: 531a31bdc09807416704eb37c5249df2
SHA256: 6c57a359a13ce25ad1a2d28e2292551a7f75eb0ab953e63027ef136c1dc3a73a
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4E7FF8AF847BDF8DE2555B1DA79FA5E4F4A8962E
der
MD5: 13f4b2609ab87852258eebc9bc544b89
SHA256: 383318f6f265058d3f8b08df714ac8dde460cb9aae7d2e535ed6209015fc6460
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-02\1549883623952.fd881dd7-6209-441f-8bb0-3ad904db54d7.modules.jsonlz4
jsonlz4
MD5: b8a140c186730f3918441417333b4200
SHA256: c2b6e641a7261fed3274731307796d856131d83452717613fd3e5cc9caa49ea3
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-02\1549883623952.fd881dd7-6209-441f-8bb0-3ad904db54d7.modules.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 0c68a4573924f25be257dea6e7b2863b
SHA256: dfef7c5cf31ee2761bbd081862c6f8b2b0432be9539e3178ea90aa372a2b4ed0
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\jumpListCache\pV+3TL7Nu3EP5juvr_gPjg==.ico
image
MD5: 847cf8580806fda649b20afc264f4736
SHA256: 0697b6004d8408ab86ccee76bb59eb07a9012e6f3e7adbc01f6e390f5c9b8836
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\jumpListCache\FyIfWsxToJ7C+3NcbZgKmw==.ico
image
MD5: 012111c480290d97c36079a025c7e272
SHA256: 840d34f7508683fda7ab7de97cfd5acafe847bb34b7a1f754a6bbe99b5b7a39f
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
binary
MD5: 6f5414bc85b0071d4ef4f92a76489af9
SHA256: 04724cb936a832fae4db842952e13dd7b7710c83384e13f45b01fc01cafd8628
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF22b437.TMP
binary
MD5: 6f5414bc85b0071d4ef4f92a76489af9
SHA256: 04724cb936a832fae4db842952e13dd7b7710c83384e13f45b01fc01cafd8628
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UBD6Q30KV1A0MW6GV4UW.temp
––
MD5:  ––
SHA256:  ––
2660
TT_Payment_VB8738339398.exe
C:\Users\admin\AppData\Local\Temp\~DF51769C3EAFEFF29E.TMP
binary
MD5: 946b262756f874fbbb9e344957c33b55
SHA256: 1b597d88d836e1f404f12a0be43d4818ab3d08cd47dccd5d18ec84acc3253b94
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\startupCache.4.little
compressed
MD5: 6944500bfac6db1ff0e6f009f2b80942
SHA256: d141a1401e4abcccbb56f607a50e099de3dca71f5aa49bc0dc0bde3ce0682806
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\aborted-session-ping
text
MD5: 1b1d04257e0195aae2cd0fdd76ad87a4
SHA256: 9040da4429f5342337202fad00ebe3bd797b03d0e697b2953026af66616ea53c
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\aborted-session-ping.tmp
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json
text
MD5: 8c1ecfb6bd4469f6e770bf6ea1dd595a
SHA256: c162fd01d847406ef08aea380d8eeee96246dab08929d6f1b90fd843a4973a98
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json.tmp
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4
jsonlz4
MD5: a6338865eb252d0ef8fcf11fa9af3f0d
SHA256: 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4.tmp
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: f7e6963de73de22caf6161322e05f6e4
SHA256: b38fc27b25ddf8457ff6f49dbf5a8b9a51be570dcc543a50a87debf1efae14b3
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 38a78c84c40d762fc228e1bdb5272503
SHA256: 260f4e7ed90d8a1319226a1a324417b8e57ec375d2ae4ab9ead9516d1e8cdd36
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
text
MD5: 2878468126aa2204bf3b5b985563c8c2
SHA256: d0322f9772e9d62bedb335bb2ffd51078359a0b2c8acab28908dc0bb446cf74a
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json.tmp
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-wal
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: b4a966d94015eb6acf659aba751bc55d
SHA256: 01a97b8caae94d6191a0114d002479c2acccba6a7bcdc15f20d8757fbc820c3a
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-backup
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256-1.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256-1.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.pset
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.pset
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.bin
binary
MD5: 707c12070c52e55c2a996ac15e219b95
SHA256: 6c5410c655c8efc48d123abe708c8940a4218072c0daf85e03ab45da6d2ce6b9
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.pset
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child.bin
binary
MD5: 1037b5d33bffa67582c2de8a78da509f
SHA256: 050991816aad526abd3d9f2faef32ec947577a388c47ed1585dc56b6f1cf6a13
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-new.bin
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache.bin
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-new.bin
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache.bin
binary
MD5: 2eeae68a010ce39358c762c4b2489a47
SHA256: 3acbc1a3ca415db83a52f6d43d8b55f814d65fcffaaf4576c61a19bf7383f9c8
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-new.bin
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\43475F2F9AEEEFFDC479681A9F4C35841E9DA72C
der
MD5: d39e37d53637ef03acc142ce5f8597a1
SHA256: 476f65f9a10e97d25d34e5281467f8e5cd11a8abcbea2ad98cdceeeb5685bd0b
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 274ce39d551d89cdd319920ad8d7fe6b
SHA256: 3fca9c518a3b2698ad0e0a0a93c90cdf9983a151473b7be261c3b0eed298ac1f
3392
firefox.exe
C:\Users\admin\AppData\Local\Temp\TT_Payment_VB8738339398.rar:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3392
firefox.exe
C:\Users\admin\AppData\Local\Temp\TT_Payment_VB8738339398.rar
compressed
MD5: 24933c135fca9bc12301224ad9eeb1db
SHA256: da2d2fb51705742e2acf1d15708cdca8afd4a223892e56b10604c3cd3d478199
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
binary
MD5: 950e248db76773a132e654e63ff4a2d0
SHA256: 2599a74814b2a3e5dd765435ff66dd60e80840f78cdde35a54c19d6ef76aa164
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.pset
binary
MD5: d217a747f67f06f07c0675dd56ee1f11
SHA256: 4de16f657dfc3d2155259ed5e38f100ff8b015a0a198a715a206ab22a3e1f2a6
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9D2B04D46857B392A1E944589048D55F9BD12B74
binary
MD5: 959b58b3be4f5738aeab40723e3aa4df
SHA256: c7769095ac2c8928fd71717ded793ec8e51aa9fc6d8eb857f768369456c50345
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\61E5EC0E3DBFB80BBDDE0503F0CA4FFD722FF2C8
binary
MD5: 6e67ee53cce7646e61419612e160845b
SHA256: b9e255814f7a8c1ee7c77623a0af14a7d1ade174588171d7380b95b31c6bb3d6
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
binary
MD5: ed909385b8d3a7e798fe1318542e86d0
SHA256: 9fd6742f090a1cd76d59d4f37ac91098fdf4376f0e9921c587b0177b7d447df8
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\48BE98BF17F02DE0AB4E6B49093AC9261AF6BB01
der
MD5: b483ef28644cf28c618691c63feabd5b
SHA256: 9bc16460186f32992342a7d8aa13e58335d88172c1092f9a828faa18722e648f
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: 687b7d44cc33d97432c5197be7af4a4a
SHA256: 192ab22b8d3f46176be3370f9acd073a5d03cbd772eaf5cc7082250ff69140e4
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.tmp
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Temp\Wv+jqCKy.rar.part
compressed
MD5: 24933c135fca9bc12301224ad9eeb1db
SHA256: da2d2fb51705742e2acf1d15708cdca8afd4a223892e56b10604c3cd3d478199
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\70D3F80516CA439FF7EAF41F6A8A0819137E8318
binary
MD5: 2f8f7a53d15a5224b9c0565b7d22c225
SHA256: 31d5a9228fd840a7c3b0dd01fc3ee537cc9cd33c16481ff45030570ef1aff86e
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
binary
MD5: e2cf527ca7550b7e7bdf7311e483a2c3
SHA256: f1e07b1d717433f47073dc54a7d98e3e87b3d0fa88e53466f93ea544af885d11
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
binary
MD5: 65e942614eee70680464ac4be75019fc
SHA256: 34395085da32c8b4efe9959e3b0d756b43ffed17694d66f39b966cd331bd9a94
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
binary
MD5: 95f28ede25c301301f25fbbd9a3c56ec
SHA256: 87763df78772f7d750b0fa5a31eec23e931fd3bd1cbb33beddfc61889da36478
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
binary
MD5: a5695cc64d77967232b0c1344c6e72b3
SHA256: 042a22b8681d754671d2018ba109b31a53ee3728d48c6379043f8e3394e7fbad
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
binary
MD5: 051fb32dece757ba112ac36dc72e3a91
SHA256: 0806d98fb3de55f75d7c0b17e26146567e08c483031526659a4a35d09b97ef19
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
binary
MD5: 3d1ce5e50208f0cb3b979186043a548f
SHA256: 1e13d05d482c3d533dc6035af2b2d6e84749412a5748d1435b70cec8b312340b
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
binary
MD5: 3675254e341df799d4307c1f59109185
SHA256: 23d108134bed6099793f7dd6b8b6e62081ec3b945efdbc7c5e0e779fd9b82f98
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
binary
MD5: bdaa2a3b4259ebf8dd87e5769b1bf3f4
SHA256: 8408968dae85e51ea6b0ca7123b0ddfd7425d3013ba311bb1cbe135fff0e5bda
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
binary
MD5: d6acf2573e12afdd7939568804d3fcc1
SHA256: 5525cbf8f8dc41d19ac632ed324e55293a510ae0eeba16d0e3f33c707aa58a0c
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
binary
MD5: c834f081a427580ca4661f1646d92b93
SHA256: e3672be937c311b3e6a2a825f4aa0b3d7bb67f93a336874ef00a185866be1b13
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.pset
binary
MD5: 956da9703243b882baee1b320e9fb606
SHA256: 45a7cfeb7304cedc0fff05247d16ea745384603e46ca63ffcb2f2603d27f26eb
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.pset
binary
MD5: cd6e12988fe9f72fe4a2a529c9eb2a6d
SHA256: 835da593f7efc223e291af8eb16b99c3a1bad5a9e89f22e696ada202fb2029d4
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
binary
MD5: 09fbbf39cf99ab9c36514819b05bdbfe
SHA256: 6c2f4152ec6fe51c16b83cc39388f3f8179f592f24afcd9584760ef09a0fb496
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.pset
binary
MD5: b2a6475baaaefda29e3f21b2e51ec23e
SHA256: 2a03b353e4e8412bcf98976ae589b6af24f12ea5802252394e6345200dd0f5b2
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\55F3A8141B0F01292545EBF09A1E053D6C64205B
binary
MD5: a818a5918e04105a4ebd6b60f880ed95
SHA256: beffc096776f050ee14bbfb5e2d071983eae3392d7859715862289ae79e66a10
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
binary
MD5: bb9d8f55e9156fa6ffefa41d2102d400
SHA256: fb97e6aaffb325fa27434d746372d9ecf549e59c2b0476b3da39b42435ab6d6a
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
binary
MD5: 16c5aee35e9d1fd0e735cfbef142be20
SHA256: 00dce01845d833eff11f38b41499714ee6d3d1b343473c2686dc830cf5297fbe
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
binary
MD5: 578f74adf6e96eef17ba8ab4d5738408
SHA256: e9780c16075e62e66cf47594262edb17da9b3c6a1dad555a5fd1c91969c81621
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.pset
binary
MD5: be469e82d40529c40a46fe86c3e69d03
SHA256: fb21601b552cd7d9cbb8940912d2fcab1d19707b1d5b9ab0fd0199f89a64fafd
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
binary
MD5: ad03bc546b37ef44db3cfa1e00c2ea47
SHA256: 2fca11241229fd4c5948f4c25657a9bcdcdff44237d0d0450b01ed6496c769eb
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
binary
MD5: ba0009932844173bc8f9af264229df24
SHA256: 66d1c00c04d86e313e9a02775cdf906b1be8d4cd6bef423a1b9e21cc4e9f50c1
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\1445
binary
MD5: 2b47f318fdcfabf9b88818d1f266b6ca
SHA256: 552e9205f11d8bed37e6d3c068cd7393893cacae4f21d922e895fb26b3191a54
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
binary
MD5: 6f85bc4b2ecb49e26b0bd83a821065d0
SHA256: c0b3bc9b3dc507ab654caf72d13c3aefa58c9b13b1e4d14dd8816712d80a7e54
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
binary
MD5: c921d8e98fa01b4f303481e112202e92
SHA256: 4ef1038730ec8bc7206713c29a936768831b922c5e6c83355fd62d7401d8c1dc
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore
binary
MD5: 04824a1f92353f43ebb9e7f74b7476fd
SHA256: b48e58ebab82e4c376f16150a3fff850c1111ff1f5985d68819cfd6f0db159d2
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore
binary
MD5: 0e8fe60ccd7e9b4c32589a5743a95302
SHA256: 2b124d4026850a3cffd28dbacb58aec28f7dcd4d40bc14e52bbe96d60ce4e749
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
binary
MD5: cd82f4495eafe523b9b6b938c828611b
SHA256: 576a0d2c3ad8d66bb202439b18f9fd563f92d9ddd9582a3c4cce0ecafd4f0908
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore
binary
MD5: d886a47c89d9c49c795da345bc236990
SHA256: a03c5e2656d2f292bf5794c8eeb8d223cd6ba4f4bfb2ed1f325460e879d0bcf7
3392
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\104B3BA8C6C01E87D8695588D8A4E9684B5BCC97
der
MD5: 5079cb2b1ea91e5e1101f536a7513190
SHA256: 1f0c6b3d433a51c34ae6f439272ee89f9543d600b5c8b3cd8086ec652a7c44e9
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: ef0de443532ee6383808ded63a58dc4b
SHA256: 548b21e0da862f6ce24742b135c7315627e8c6356800b15c2a0e421b1a36f674
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA256: 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA256: 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
––
MD5:  ––
SHA256:  ––
3392
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\shield-recipe-client.json.tmp
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
9
TCP/UDP connections
17
DNS requests
48
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3392 firefox.exe GET 200 104.107.216.169:80 http://detectportal.firefox.com/success.txt NL
text
whitelisted
3392 firefox.exe GET 302 104.19.195.29:80 http://www.mediafire.com/file/jbqdsxch4cval8p/TT_Payment_VB8738339398.rar/file US
––
––
malicious
3392 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3392 firefox.exe GET 200 199.91.153.146:80 http://download1899.mediafire.com/345a908we6bg/jbqdsxch4cval8p/TT_Payment_VB8738339398.rar US
compressed
unknown
3392 firefox.exe POST 200 172.217.16.131:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
3392 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3392 firefox.exe GET 200 104.107.216.169:80 http://detectportal.firefox.com/success.txt NL
text
whitelisted
3392 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3392 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3392 firefox.exe 104.107.216.169:80 Akamai International B.V. NL whitelisted
3392 firefox.exe 104.19.195.29:80 Cloudflare Inc US shared
3392 firefox.exe 52.27.184.151:443 Amazon.com, Inc. US unknown
3392 firefox.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3392 firefox.exe 54.187.46.234:443 Amazon.com, Inc. US unknown
3392 firefox.exe 199.91.153.146:80 MediaFire, LLC US unknown
3392 firefox.exe 216.58.207.74:443 Google Inc. US whitelisted
3392 firefox.exe 172.217.16.131:80 Google Inc. US whitelisted
3392 firefox.exe 52.35.215.194:443 Amazon.com, Inc. US unknown
3392 firefox.exe 13.32.223.213:443 Amazon.com, Inc. US unknown
3392 firefox.exe 34.217.184.213:443 Amazon.com, Inc. US unknown
3392 firefox.exe 52.37.35.5:443 Amazon.com, Inc. US unknown
3392 firefox.exe 13.32.223.92:443 Amazon.com, Inc. US unknown
3392 firefox.exe 35.244.179.255:443 US unknown
3392 firefox.exe 13.32.223.221:443 Amazon.com, Inc. US unknown

DNS requests

Domain IP Reputation
detectportal.firefox.com 104.107.216.169
104.107.216.187
whitelisted
www.mediafire.com 104.19.195.29
104.19.194.29
malicious
a1089.dscd.akamai.net No response whitelisted
search.services.mozilla.com 52.27.184.151
34.216.89.123
52.89.32.107
whitelisted
search.r53-2.services.mozilla.com No response whitelisted
ocsp.digicert.com 93.184.220.29
whitelisted
cs9.wac.phicdn.net No response whitelisted
tiles.services.mozilla.com 54.187.46.234
34.208.7.98
52.25.70.97
34.216.156.21
34.218.217.119
35.160.41.125
34.209.108.219
34.208.103.195
whitelisted
tiles.r53-2.services.mozilla.com No response whitelisted
download1899.mediafire.com 199.91.153.146
unknown
safebrowsing.googleapis.com 216.58.207.74
whitelisted
ocsp.pki.goog 172.217.16.131
whitelisted
pki-goog.l.google.com No response whitelisted
shavar.services.mozilla.com 52.35.215.194
54.201.6.28
52.35.21.241
54.187.176.55
52.88.72.192
34.212.119.231
whitelisted
shavar.prod.mozaws.net No response whitelisted
d1zkz3k4cclnv6.cloudfront.net No response whitelisted
tracking-protection.cdn.mozilla.net 13.32.223.213
13.32.223.146
13.32.223.127
13.32.223.144
whitelisted
incoming.telemetry.mozilla.org 34.217.184.213
34.214.252.85
35.167.70.180
34.212.55.103
52.38.149.111
52.89.179.237
54.191.241.246
54.68.141.132
whitelisted
pipeline-edge-prod-25-561439127.us-west-2.elb.amazonaws.com No response shared
aus5.mozilla.org 52.37.35.5
52.43.79.30
35.163.20.157
35.164.82.230
34.218.159.169
54.149.111.157
52.32.77.100
54.186.118.41
whitelisted
balrog-aus5.r53-2.services.mozilla.com 54.186.118.41
52.32.77.100
54.149.111.157
34.218.159.169
35.164.82.230
35.163.20.157
52.43.79.30
52.37.35.5
whitelisted
normandy.cdn.mozilla.net 13.32.223.92
13.32.223.195
13.32.223.73
13.32.223.17
whitelisted
d6wjo2hisqfy2.cloudfront.net No response whitelisted
classify-client.services.mozilla.com 35.244.179.255
whitelisted
prod.normandy.prod.cloudops.mozgcp.net No response whitelisted
content-signature.cdn.mozilla.net 13.32.223.221
13.32.223.141
13.32.223.150
13.32.223.191
whitelisted
d12uj65dsn9ho1.cloudfront.net No response whitelisted

Threats

No threats detected.

Debug output strings

No debug info.