https://lgin.msa.trafficmanager.net

Interactive malware hunting service

General Info

URL: https://lgin.msa.trafficmanager.net

Full analysis: https://app.any.run/tasks/b485db54-21b1-44d1-8a2e-b94038c1fd87

Verdict: Malicious activity

Analysis date: 12/11/2019, 19:57:22

OS:: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)

Tags:: phishing

phish-outlook

phish-microsoft

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration: 60 seconds

Additional time used: none

Fakenet option: off

Heavy Evaision option: off

MITM proxy: off

Route via Tor: on

Network geolocation: off

Privacy: Public submission

Autoconfirmation of UAC: on

Software preset

Internet Explorer 8.0.7601.17514
Adobe Acrobat Reader DC MUI (15.023.20070)
Adobe Flash Player 26 ActiveX (26.0.0.131)
Adobe Flash Player 26 NPAPI (26.0.0.131)
Adobe Flash Player 26 PPAPI (26.0.0.131)
Adobe Refresh Manager (1.8.0)
CCleaner (5.35)
FileZilla Client 3.36.0 (3.36.0)
Google Chrome (75.0.3770.100)
Google Update Helper (1.3.34.7)
Java 8 Update 92 (8.0.920.14)
Java Auto Updater (2.8.92.14)
Microsoft .NET Framework 4.7.2 (4.7.03062)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
Notepad++ (32-bit x86) (7.5.1)
Opera 12.15 (12.15.1748)
Skype version 8.29 (8.29)
Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
VLC media player (2.2.6)
WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

Client LanguagePack Package
Client Refresh LanguagePack Package
CodecPack Basic Package
Foundation Package
IE Troubleshooters Package
InternetExplorer Optional Package
KB2534111
KB2999226
KB4019990
KB976902
LocalPack AU Package
LocalPack CA Package
LocalPack GB Package
LocalPack US Package
LocalPack ZA Package
ProfessionalEdition
UltimateEdition

Behavior activities

MALICIOUS	SUSPICIOUS	INFO
Outlook phishing page detected firefox.exe (PID: 3100)	Creates files in the program directory firefox.exe (PID: 3100)	Application launched itself firefox.exe (PID: 3100) Creates files in the user directory firefox.exe (PID: 3100) Reads CPU info firefox.exe (PID: 3100)

MALICIOUS

SUSPICIOUS

INFO

Outlook phishing page detected

firefox.exe (PID: 3100)

Creates files in the program directory

firefox.exe (PID: 3100)

Application launched itself

firefox.exe (PID: 3100)

Creates files in the user directory

firefox.exe (PID: 3100)

Reads CPU info

firefox.exe (PID: 3100)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Screenshot of unknown taken from 12511 ms from task started

Screenshot of unknown taken from 15537 ms from task started

Screenshot of unknown taken from 19550 ms from task started

Screenshot of unknown taken from 20551 ms from task started

Screenshot of unknown taken from 25646 ms from task started

Screenshot of unknown taken from 26647 ms from task started

Screenshot of unknown taken from 27670 ms from task started

Screenshot of unknown taken from 28671 ms from task started

Screenshot of unknown taken from 29671 ms from task started

Processes

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

–

Specs description

Program did not start

Integrity level elevation

Task сontains an error or was rebooted

Process has crashed

Task contains several apps running

Executable file was dropped

Debug information is available

Process was injected

Network attacks were detected

Application downloaded the executable file

Actions similar to stealing personal data

Behavior similar to exploiting the vulnerability

Inspected object has sucpicious PE structure

File is detected by antivirus software

CPU overrun

RAM overrun

Process starts the services

Process was added to the startup

Behavior similar to spam

Low-level access to the HDD

Probably Tor was used

System was rebooted

Connects to the network

Known threat

Process information

Click at the process to see the details.

PID: 1584

CMD: "C:\Program Files\Mozilla Firefox\firefox.exe" "https://lgin.msa.trafficmanager.net"

Path: C:\Program Files\Mozilla Firefox\firefox.exe

Indicators: No indicators

Parent process: ––

User: admin

Integrity Level: MEDIUM

Exit code: 0

Version:

Company: Mozilla Corporation

Description: Firefox

Version: 68.0.1

Modules

Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID: 3100

CMD: "C:\Program Files\Mozilla Firefox\firefox.exe" https://lgin.msa.trafficmanager.net

Path: C:\Program Files\Mozilla Firefox\firefox.exe

Indicators

Parent process: firefox.exe

User: admin

Integrity Level: MEDIUM

Version:

Company: Mozilla Corporation

Description: Firefox

Version: 68.0.1

Modules

Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\psapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\program files\mozilla firefox\softokn3.dll
c:\windows\system32\sspicli.dll
c:\program files\mozilla firefox\freebl3.dll
c:\progra~1\mozill~1\nssckbi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\actxprxy.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\system32\fwpuclnt.dll

PID: 516

CMD: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.0.284746288\906218836" -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 1180 gpu

Path: C:\Program Files\Mozilla Firefox\firefox.exe

Indicators: No indicators

Parent process: firefox.exe

User: admin

Integrity Level: MEDIUM

Version:

Company: Mozilla Corporation

Description: Firefox

Version: 68.0.1

Modules

Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\avrt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll

PID: 4080

CMD: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.3.1182932075\1404399766" -childID 1 -isForBrowser -prefsHandle 1332 -prefMapHandle 1340 -prefsLen 1 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 1616 tab

Path: C:\Program Files\Mozilla Firefox\firefox.exe

Indicators

Parent process: firefox.exe

User: admin

Integrity Level: LOW

Version:

Company: Mozilla Corporation

Description: Firefox

Version: 68.0.1

Modules

Image
c:\windows\system32\cryptsp.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\rsaenh.dll

PID: 2648

CMD: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.13.2114074647\491891171" -childID 2 -isForBrowser -prefsHandle 2772 -prefMapHandle 2776 -prefsLen 5996 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 2788 tab

Path: C:\Program Files\Mozilla Firefox\firefox.exe

Indicators

Parent process: firefox.exe

User: admin

Integrity Level: LOW

Version:

Company: Mozilla Corporation

Description: Firefox

Version: 68.0.1

Modules

Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID: 3452

CMD: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.20.1381424292\2097594901" -childID 3 -isForBrowser -prefsHandle 3752 -prefMapHandle 3756 -prefsLen 7129 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 3768 tab

Path: C:\Program Files\Mozilla Firefox\firefox.exe

Indicators

Parent process: firefox.exe

User: admin

Integrity Level: LOW

Version:

Company: Mozilla Corporation

Description: Firefox

Version: 68.0.1

Modules

Image
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\mscms.dll

Registry activity

Total events

415

Read events

Write events

Delete events

Modification events

PID

Process

Operation

Key

Name

Value

1584

firefox.exe

write

HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher

C:\Program Files\Mozilla Firefox\firefox.exe|Launcher

09AD521703000000

3100

firefox.exe

write

HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher

C:\Program Files\Mozilla Firefox\firefox.exe|Browser

F311551703000000

3100

firefox.exe

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

SavedLegacySettings

4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000

3100

firefox.exe

write

HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher

C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry

3100

firefox.exe

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

ProxyEnable

Files activity

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID

Process

Filename

Type

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\content-track-digest256.pset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-wal

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\ads-track-digest256.pset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\ads-track-digest256.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\content-track-digest256.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-track-digest256.pset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-track-digest256.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256-1.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256-1.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\analytics-track-digest256.pset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\analytics-track-digest256.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.vlpset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.vlpset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.vlpset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.vlpset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json.tmp

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\broadcast-listeners.json.tmp

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto-1.vlpset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js

text

MD5: 620035fea0a3b46c2cfbea00809e7aaa

SHA256: 0d39f43ec10f7647ca90bf5901b3bd55cde6b512ba4a239eea79066bfaad08c9

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json

text

MD5: 9cf5e9e40b5f764838f42c8f2721957f

SHA256: ad9889206f043a9d31af59d6db2a74d9680930c009a560e8cd158bafa271af8f

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\54A252FAD6F4ABD8B203D690563A59196A88C22B

der

MD5: 2f1b33982942e465a7e06e7915408230

SHA256: 46620e8faa1317b588f76b531f91523a463feca1c993a07fa1eae7cbcbde2e18

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto-1.vlpset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto-1.vlpset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto-1.vlpset

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4.tmp

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\ABEAA48B501FBD6A530EC9F222A741DA79987BC8

binary

MD5: d6056a1d2053b5e3520c63d5e23661a2

SHA256: c4405be18f1ee36e58a080b55f2928998035a0d500bff1d895911ae63dd1ffa6

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4

jsonlz4

MD5: 437a21ce428bcfb0b9e96592a7e5417a

SHA256: 496f6d7b54bc21e5491fb4054f0094493ae78a96af40d37654d31d1af3298801

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\broadcast-listeners.json

text

MD5: e6ea4205cf1e397f6aba1f4cde66c55c

SHA256: d6b5b918e5deebf80e450ea0e0af37cc2bec5dd015185c8246472b726cebd9a2

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\927970716423E2D1417F8996992FC6C7ADD70E69

cer

MD5: cd147a4b10dd40534c0b683fd950e7ef

SHA256: 7aa1dd12096e3fff775ef36c5f841e8f4d73fa8b6a3e409f0c1a45a94df2f967

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-backup

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4

jsonlz4

MD5: 27bfa6dfb1344d1494ce27e666a314e1

SHA256: d05ec939cbd0c2146bf170ecb9d186e3d24c32adebaaf69bca3a48276a0bfb2b

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations-1.txt

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Temp\mz_etilqs_pLb7NsMfecqppP5

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F36BA6E65505B424864C5907B9DCD4FA685F2145

binary

MD5: 4692c2a43e4254c4a59d0867f7d9f657

SHA256: 887fdb22cbff93be0c3c2fb2dc39b946a8346307dedf40526faa790f4cc278a8

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\ED4CE6DCD5C1EA4EBEB3F5CE4968C13FBFBA7575

binary

MD5: 0343113aa26028daec6665101626ee89

SHA256: 64b7b17d1fbc477d77615d5e703714789ca6a6eae07088d40dd53984d46ceb36

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B342653B7130D15A4BC0942CD2B219B312068A91

binary

MD5: e1e21d8caa5b8a7b59060f151fb4e9b6

SHA256: 48aa50dadd2914b228b055b4cd209f6b78d0597e415c6e063f122127f4fd7e17

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\902106735BDEBB4EBB7CA83279FF21BFD23EF313

image

MD5: fabfb597fbfcc4977fe2155ffae15a1a

SHA256: 53fb850a4b60c3bf0798a3c05ffbc78351b2b1dc72b149b7a2c17174b6696e3a

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\BDAA1D51200FBE56835928D99146BCF4A9B63FDA

image

MD5: ed6679d415dc24eb91d852bf75f67e01

SHA256: 2f96d6a1f37be9583067c671c49f6d59891d5040e3949d9e19acd71d39789220

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\30A63F13174CD91A1F938AA6BD86F846A7F079CF

compressed

MD5: 8ff06d63818a4d65053c63f317fd4c65

SHA256: ed4b9c7947f1eb95997bc16a31066d7d42d270c42804a3276ac7897c9400080c

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0072BC37ACDDC06C6067C46B3C534E493C3A8690

compressed

MD5: 584bfc514a3fbc00633da4c3375581b8

SHA256: 066e6090bac9cd617e05b4a530da7ae0fbc3a8ec7df18d5c06daf9de660f6942

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8F1785410647F7E133491D1F38DC63F33CA466CE

compressed

MD5: a005abcaf6fd2b7c9efcc538b48de7b0

SHA256: a7b28092cae7d7076253568f7dff3fe99220b41360bf6811cd4bd41f2c3aad60

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AB423DCD1B1F2AC64DFC45A9DF00554A51D532F5

binary

MD5: 533db31b86278725826c989c538aa76c

SHA256: a8a756993cbaff9d2800503a4a2d31441c62d5f269bed52cbeea86d8b7210203

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

sqlite

MD5: cd875655cfc92d6305460cd7fa1420cb

SHA256: 4c5e2e57b48c8fa1609c0a3e5f69002a0ac67c337ec74e0f3f56777e8acbee54

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C42493F8ED1D0F3A5584E9B8D64E34B6F97A900D

compressed

MD5: e766b5d3669d85f2fe053fb893d765bd

SHA256: 05b75d84bac0bec249620f92b7df2d65bc0653ddc69a88ef3460f1f5de306f99

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CAE02EBF829D02A304987ADFCB2072E3D82666B3

compressed

MD5: c31ffc338f03dd47c49119f33cfdbbff

SHA256: dc46fce77ce739adf33250006c128b5525b32cb45ccb737133e68ce6f45c8d56

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt

text

MD5: b37801656a16f18b1c067fb7826b2737

SHA256: dd9ea1387fced5a4c5c833a5880e76f21dbacded51b84646e06cec778894532f

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EA8E7FF52ED662DF2659F01FD78053DDBA5113BA

image

MD5: bb1de368de6e1613828d638c33630863

SHA256: 2443f5cc6b5033c6ad09639da88b150d5dde671ce146c257d17526ea9fb3de8d

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6600D575DBF0A48A7EC979D6AB87FD7504E4638D

cer

MD5: 081511b3201fc41848ca3b83fbeb7981

SHA256: 471762fcff6766fdc05c2f6353444160a792324394136601a1357e52eb4d642d

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AE83001E23EA7F19571263EA6FFBF73271765ACA

compressed

MD5: 513e4e2a8644a26b149f88f285557862

SHA256: c49852dc9ed106d8cf462de42b1d5a06926e6f0a76d5ed9d16da76a5b3b15b4f

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DC1BED99931D95F1B579835FC9F56E6BE518772E

binary

MD5: 3fe5917d2a9d1dfe4752bfa6167239f3

SHA256: 14915991bfb4fb3d9c556581f02d722d972e068e616eba96f6523c89e8b92aac

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\29199

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Temp\mz_etilqs_eHEe5qLTvkAfFJt

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Temp\mz_etilqs_grPnpk1b0eqOWHi

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-new.bin

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache.bin

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-new.bin

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-new.bin

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B3E23AD3604E036212A893BC7E609F9E3CEE65D4

binary

MD5: 196bd1cbd06229feff91b415deb70952

SHA256: b22f1c8b0d9aa6882a8d82c2676ed6570e400796493d4b6e4438ceddff45865a

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AC30F8475DC59E5FA34E816A79BF3670D5E429AA

binary

MD5: c949da0bc698e915b25d8d0e9c56550e

SHA256: 87f03777977d2711efb6fa1b352fc00e031856452c8e1e93b590146e85f4465e

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child.bin

binary

MD5: bd09ae31284f5f39c9a1bcc966ee4992

SHA256: 5bff27b82aed4dfefa851620f78a7b6ce97825e32ddaa8e4f96b9bb950801760

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache.bin

binary

MD5: a9fb30d6af509da48ce0df13738b96e2

SHA256: 5f8f812b2bef3ffd1834fc3ff346073ae398d1610422237ba6cda66e5e9c4978

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert_override.txt

text

MD5: 0229a3cb73c4f800ccbb1f0576033c50

SHA256: ed31a5b0fee72c42ee9cb3bd90c3b85af66e1213e4880f515afd7f18e1eee0aa

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db

sqlite

MD5: aa3dc495c4f4d5ad8a874537315289a5

SHA256: 34fe5bf5e1325f282d0ac3335f67296cbef8b3a822c96f766fca4fa5d28a43ab

3100

firefox.exe

C:\Users\admin\AppData\Local\Temp\mz_etilqs_plJj6CKfZYYSEdr

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite-journal

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.tmp

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Temp\mz_etilqs_glHFOYwnTt86434

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.tmp

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6ECA0FEA78766CD8D68B17D920A922EA2331E265

binary

MD5: a602bf005502cb6a7bea95cd007c14ed

SHA256: 513f05f7cee257182315558f72498cef05ef9c73b9be788aa1538d8509bc6048

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6C7E8A81FA2BBE48C5C57402C8E7FDADEFD17011

binary

MD5: bb49709769bc3263d1da233988e21160

SHA256: a8ea065f1d4ab89274486da3236df383df94832b491c9412c804b7a6f8c0a734

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EE197B20CAB0419D1C0BD23EE03034F880EDC296

image

MD5: 7a98af53e00bb788aad310f7c7654570

SHA256: 8e442a4048c0b275622f9b2b6b1705be55227da3459fe58f52602c0275445407

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9A3EF8133F0FA6C3DE8D839A13E7E624CC01FBCC

binary

MD5: 3b3f14d5bda1e3f47732f84938bd7e3c

SHA256: 410c08e720234023adb68b684b192dfec6b0c3b86b8a2e8593544e9d45bd1bf6

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F14CAE5A6CD01ECDDDDDA4CD61A1EF99F720D22D

binary

MD5: 125411646af9cf95b8a44c72f3f48e5b

SHA256: d30fc70c327761e101c26ac448f89fe40bc3019cb586f95738d5ec6842ac7890

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E1E251A5BC5386C473A99AF28DFADE47B2A33EE4

image

MD5: 64242c583d2f2b87499b866eedf94dee

SHA256: 937a9940115ff766a2c13884df58d29bc742e327fc4b3b38a8b560d96e263336

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\1057

binary

MD5: a57eac8c4e0d59d6d62c92b05e210c46

SHA256: ba0e89eca0b891a962786df3685c27588ad196a7c42c5218c3e2fa6873f31e89

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4

jsonlz4

MD5: da5a84a2615e68822fa04e81e66ea403

SHA256: 1c43e3fbd8cf850c863bba57a263da38355b9021b4a9bcc9f1d59ecaf9841ce9

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4

jsonlz4

MD5: f0c2232ed11edf2229c07ff13b8a7f70

SHA256: 33f7701c933522618a463be437ffe5499d41254955fddb4540779a10653b4cde

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A5D93CC48B83C8124FEB6A2E9448677EACA5BA86

binary

MD5: b17f7dac05248ad5bae36dcd72a2093e

SHA256: d5684d23ad5b3d0c7566ee19b9f9e1a5ebdf4bbc766ba0e03abca4547a26a1cb

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D2DC8196468F9C49E5D462DD63699A42E6292CB1

der

MD5: ce3267eda5f9dce64f0b50b80e2a990e

SHA256: 0e3b5fb50de8e4b74101488e56d8cb56747bb76296a1d55887cb7baef9e0a265

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\BE0CCFDEED023C83BCD6BAB4E7FA39C986B3EA5A

ini

MD5: 0e7a9930df120df925d7c12d81e14770

SHA256: e96f0bc02c66e45ca270464c861f5676d58ae9934605b2b5616a20948bc1247f

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\298C63FF434869897753FB8FE1C032A2897DC10F

der

MD5: bc91b6296b8850c0a337248f89683da6

SHA256: 6cfbcbbbfb295f40cff78783be83f0f4d8bedcb8ae36c46005610536ae65c976

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1BB1C23E26E0306BA64099A99F8765A18D4D330E

der

MD5: 213b2c696bbcd10ad7f246faf7cb27df

SHA256: 05bc2379bd124b0d70588b078ded90a1a62b8e897e86a3e74a5d9a21fd372cf5

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\664D8B83F744FF1331F50BCDEA789F4A1ECA2F62

der

MD5: 7d7339deb67993fc24d68d7529782624

SHA256: 06666455ecf103fef1b25ded8c74e9570ec0b2d0fbb24109a34d40ed7e0ef5cc

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple-1.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\15206

binary

MD5: e2ad220e176539d8470f5661a7777caa

SHA256: 48f6f4550310d8a7a573960035008a92744fd448be98fc836612c5e9c5e51938

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4

jsonlz4

MD5: 65a8568f72fdf05a592210c52784c82a

SHA256: 353279aec0402d3777cd400ecfa22ece3e3e882cb1e57056965db44bd1306465

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple-1.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple-1.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple-1.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple-1.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple-1.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple-1.sbstore

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin

––

MD5: ––

SHA256: ––

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json

text

MD5: c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA256: 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

3100

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm

binary

MD5: b7c14ec6110fa820ca6b65f5aec85911

SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-current.bin

binary

MD5: 5027177f513cdae07db2330e1ded5934

SHA256: 0c53f16051e738287a4612f68e296238087627e594cfd6ddfa1fecc2e998328b

3100

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.bin

binary

MD5: de9496aca551ade408ef6466a11833a1

SHA256: 8f9c7fdb3e0bc01024e43a8e242468fc4dd4f74c725e32a883571635203dc10a

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests

TCP/UDP connections

DNS requests

100

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
3100	firefox.exe	GET	200	104.84.152.177:80	http://detectportal.firefox.com/success.txt	NL	text	8 b	whitelisted
3100	firefox.exe	GET	200	104.84.152.177:80	http://detectportal.firefox.com/success.txt	NL	text	8 b	whitelisted
3100	firefox.exe	POST	200	172.217.17.67:80	http://ocsp.pki.goog/gts1o1	US	binary der	83 b 471 b	whitelisted
3100	firefox.exe	POST	200	93.184.220.29:80	http://ocsp.digicert.com/	US	binary der	83 b 471 b	whitelisted
3100	firefox.exe	POST	200	93.184.220.29:80	http://ocsp.digicert.com/	US	binary der	83 b 471 b	whitelisted
3100	firefox.exe	POST	200	93.184.220.29:80	http://ocsp.digicert.com/	US	binary der	83 b 471 b	whitelisted
3100	firefox.exe	POST	200	93.184.220.29:80	http://ocsp.digicert.com/	US	binary der	83 b 471 b	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	ASN	CN	Reputation
3100	firefox.exe	104.84.152.177:80	Akamai International B.V.	NL	whitelisted
3100	firefox.exe	52.89.218.39:443	Amazon.com, Inc.	US	unknown
3100	firefox.exe	35.162.117.80:443	Amazon.com, Inc.	US	unknown
3100	firefox.exe	52.84.90.120:443	Amazon.com, Inc.	US	unknown
3100	firefox.exe	40.90.22.191:443	Microsoft Corporation	US	malicious
3100	firefox.exe	52.41.171.126:443	Amazon.com, Inc.	US	malicious
3100	firefox.exe	172.217.17.42:443	Google Inc.	US	whitelisted
3100	firefox.exe	172.217.17.67:80	Google Inc.	US	whitelisted
3100	firefox.exe	93.184.220.29:80	MCI Communications Services, Inc. d/b/a Verizon Business	US	whitelisted
3100	firefox.exe	13.32.171.51:443	Amazon.com, Inc.	US	unknown
3100	firefox.exe	99.86.115.6:443	AT&T Services, Inc.	US	unknown
3100	firefox.exe	192.229.221.185:443	MCI Communications Services, Inc. d/b/a Verizon Business	US	unknown
3100	firefox.exe	35.167.176.126:443	Amazon.com, Inc.	US	unknown
3100	firefox.exe	52.84.90.19:443	Amazon.com, Inc.	US	unknown

DNS requests

Domain	IP	Reputation
detectportal.firefox.com	104.84.152.177	whitelisted
search.services.mozilla.com	52.89.218.39	whitelisted
push.services.mozilla.com	52.41.171.126	whitelisted
snippets.cdn.mozilla.net	52.84.90.120	whitelisted
tiles.services.mozilla.com	35.162.117.80	whitelisted
lgin.msa.trafficmanager.net	40.90.22.191	malicious
safebrowsing.googleapis.com	172.217.17.42	whitelisted
ocsp.pki.goog	172.217.17.67	whitelisted
ocsp.digicert.com	93.184.220.29	whitelisted
support.mozilla.org	34.213.134.214	whitelisted
www.facebook.com	157.240.201.35	whitelisted
www.youtube.com	216.58.208.110	whitelisted
www.ebay.de	104.81.141.226	whitelisted
www.reddit.com	151.101.193.140	whitelisted
www.wikipedia.org	91.198.174.192	whitelisted
firefox.settings.services.mozilla.com	13.32.171.51	whitelisted
www.mozilla.org	104.16.142.228	whitelisted
content-signature-2.cdn.mozilla.net	99.86.115.6	whitelisted
logincdn.msauth.net	192.229.221.185	whitelisted
ipv6.login.live.com	No response	unknown
shavar.services.mozilla.com	35.167.176.126	whitelisted
tracking-protection.cdn.mozilla.net	52.84.90.19	whitelisted

Threats

No threats detected.

Debug output strings

No debug info.

General Info

phishing

phish-outlook

phish-microsoft

Take your security to the next level

Launch configuration

Software preset

Hotfixes

Behavior activities

Screenshots

Processes

Behavior graph

Process information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings

Take your security
to the next level