General Info

URL

http://181.143.146.58/System32.exe

Full analysis
https://app.any.run/tasks/8a98999b-e84b-4437-9717-ad934d251157
Verdict
Malicious activity
Analysis date
11/8/2019, 14:37:41
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Downloads executable files from IP
  • firefox.exe (PID: 4032)
Downloads executable files from the Internet
  • firefox.exe (PID: 4032)
Application was dropped or rewritten from another process
  • System32.exe (PID: 3796)
Creates files in the program directory
  • firefox.exe (PID: 4032)
Executable content was dropped or overwritten
  • firefox.exe (PID: 4032)
  • System32.exe (PID: 3796)
Creates files in the user directory
  • firefox.exe (PID: 4032)
Application launched itself
  • firefox.exe (PID: 1732)
  • firefox.exe (PID: 4032)
Reads Internet Cache Settings
  • firefox.exe (PID: 4032)
Reads CPU info
  • firefox.exe (PID: 4032)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
41
Monitored processes
7
Malicious processes
2
Suspicious processes
1

Behavior graph

+
start download and start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe system32.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1732
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" "http://181.143.146.58/System32.exe"
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
68.0.1
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
4032
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" http://181.143.146.58/System32.exe
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
68.0.1
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\psapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winsta.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\sspicli.dll
c:\progra~1\mozill~1\nssckbi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\actxprxy.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\imagehlp.dll
c:\users\admin\downloads\system32.exe
c:\windows\system32\shdocvw.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll

PID
2776
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4032.0.948578205\2003081460" -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 4032 "\\.\pipe\gecko-crash-server-pipe.4032" 1156 gpu
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
68.0.1
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll

PID
896
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4032.3.818885202\1431381812" -childID 1 -isForBrowser -prefsHandle 1704 -prefMapHandle 1700 -prefsLen 1 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 4032 "\\.\pipe\gecko-crash-server-pipe.4032" 1724 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
68.0.1
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID
1152
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4032.13.1087627498\852165200" -childID 2 -isForBrowser -prefsHandle 2808 -prefMapHandle 2812 -prefsLen 5996 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 4032 "\\.\pipe\gecko-crash-server-pipe.4032" 2824 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
68.0.1
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID
2304
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4032.20.204040099\1447697779" -childID 3 -isForBrowser -prefsHandle 4000 -prefMapHandle 4004 -prefsLen 7297 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 4032 "\\.\pipe\gecko-crash-server-pipe.4032" 4016 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
68.0.1
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll

PID
3796
CMD
"C:\Users\admin\Downloads\System32.exe"
Path
C:\Users\admin\Downloads\System32.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\users\admin\downloads\system32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

Registry activity

Total events
788
Read events
779
Write events
9
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
1732
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
18EC081803000000
4032
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Browser
672D0D1803000000
4032
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry
1
4032
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
4032
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
4032
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
4032
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1

Files activity

Executable files
7
Suspicious files
115
Text files
43
Unknown types
72

Dropped files

PID
Process
Filename
Type
3796
System32.exe
C:\Users\admin\AppData\Local\Temp\nse1E1D.tmp\System.dll
executable
MD5: 0d7ad4f45dc6f5aa87f606d0331c6901
SHA256: 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
3796
System32.exe
C:\Users\admin\AppData\Local\Temp\votes\m3ufilename\cert2spc.exe
executable
MD5: 15d14d0403243f2939389b50e62a5d9c
SHA256: c25f774434af1c494594d8315ca8cfd12257c53b8e3682e626b230b79dd5a863
3796
System32.exe
C:\Users\admin\AppData\Local\Temp\votes\m3ufilename\crtowordschs.dll
executable
MD5: 7e99eac885ad8da5c66458a003959ca7
SHA256: 09b59dd892f748de022fc12913029f1661e9698949388edff190871d2f319512
4032
firefox.exe
C:\Users\admin\Downloads\System32.exe
executable
MD5: 049ef18418affcd542d9aa545bb07ee3
SHA256: 4d056b87049ec7fce672b40190bf8b5f9185395b7313d05bc196a655e7fe0c7a
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D829B41F18C8072E773F02B3723979D69C459329
executable
MD5: 94a973f410c54d367b1567585ab4e3c7
SHA256: c12d1ecadec9c089a17f5da0d54be1ad5353e82b27c5c83f8cde42d16eb082df
4032
firefox.exe
C:\Users\admin\AppData\Local\Temp\GarlJ2CC.exe.part
executable
MD5: 049ef18418affcd542d9aa545bb07ee3
SHA256: 4d056b87049ec7fce672b40190bf8b5f9185395b7313d05bc196a655e7fe0c7a
3796
System32.exe
C:\Users\admin\AppData\Local\Temp\etchings.dll
executable
MD5: 9aba0224ea651e03776eb21671f8a743
SHA256: 51c3bfd80d36a77b97d643dbc66d2b6a3662e5316d7ba357431d562f96977725
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.dbt
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.dbR
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.dbP
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journalo뺄衘陈螱࿀
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.dbi
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal໔
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal\
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.dbO뺄衘陈螱࿀
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: 3cecd7966d16a3bb640f066b78fa3dd4
SHA256: 6685e02f40c6e85f924ee4a53d2b705ac162173fd0caa08736f67a16b0e5cd00
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db\荦衞螦࿀
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.dba
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journalR䥤衠倸襆࿀
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journalC猪蠷⻈螩࿀
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db໔
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db໔본衚┐襦࿀
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journals
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db\衣뻈襕࿀
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journala
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journald딴衠〸襦࿀
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db衣
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db\
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journale뺄衘陈螱࿀
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: 81277fbddc5d32067ebc3b23fd320498
SHA256: df8ded1a959c17bf8e398f2a1d73cba7de8d9fbe4e2a07ae16fcd26b6ee9addc
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal!
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.dbྴ
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db㍰
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journalU
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journalC
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: 48aa2703ca9c71063638df0fa7932d4e
SHA256: bf698c4ef5aca8df43ea76ae40d01916c504aa04fd96d7e7321baf693b58d025
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal夠
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.dbn
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.dbm
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal:藾衞怸蔘࿀
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journaln
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.dbC
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journalP
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journalR溞衟⾀襀࿀
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db鲘
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journalo
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: a0821bc1a142e3b5bca852e1090c9f2c
SHA256: db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4
jsonlz4
MD5: 688f2e3bff87326db315ed6b698b544e
SHA256: 8bb89e4fda736cceb2bdb6b95d9d44f9cbd67d34eb082c95212c4aa1b8274696
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
text
MD5: 65690c43c42921410ec8043e34f09079
SHA256: 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: 65690c43c42921410ec8043e34f09079
SHA256: 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: f2b2e9b392f07448bba5d9c9d0746776
SHA256: 0e08808bfba9d821365193ca125753de1567237587d745c465ce18ef0fdf1e6e
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: d042d0c7bdb061dce811befe7955ba19
SHA256: b81e4648ebf81e15d14374394b62793dc5a1ddc7ac88db93f6b568e941456bc1
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6FB640046D762D3E0605721C9AC7736352E427DD
binary
MD5: beed0786645e862bf9360e416dd29322
SHA256: 5abccf58c08c3bc4f2064f77e23120bf9ddc736ed6843bbe60977d8ff5df615f
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4A8147C1076E85F9338AAA0131628490822476E4
binary
MD5: 0161a8376875c2755111914d076e43d1
SHA256: c97d11a7269edf65bc66f0acfb48cd15e76772807dea7fbfd469b970244d55fb
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9F082589D1518763D59705870C54038DD767663D
compressed
MD5: a8cf3d0a7026cf59160df69d211ac422
SHA256: 47d6519d0342348fceb50855ab7f7c8b2ec1dcf1720d15015a0f6d2a86bbace1
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6E26915CFDEA820A7C9CBC2C36B096366255190B
image
MD5: 275a0e2443c2748119a615017d4772ce
SHA256: 8e21b8c582ed0ceff1f894297a278345408d4022536164b139e27a3b383d24dc
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\66F51E3CE629E7F9AA6760485287C1C73F4FFB3D
compressed
MD5: be8ea32fbd5005798b5ce52644f3ee82
SHA256: e11ba7f857b8af9a89baec544d4ec7b731e3e79830e090793b37c80977f6694b
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D8B1F1638BAA41CEC8332963000B32B37591F928
compressed
MD5: 3aff9a48ab21fc9948fcbfcded70e01d
SHA256: e431b04f850f70110c1aadc6e71fab63b23c18b413b7d7b41b5f00dc537861d3
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C636C1E1F8EA032975548228CB95CB8CA77FFD09
der
MD5: cd457b5f9c544c327678bdd12c9f95de
SHA256: 41ff4ecb892f159fed7a3b94ba6edf578cd10755edb88ccc327ddbf53628d689
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\669F2FEA5F60125AFA2DF4AC1283CA68BCD7ADF4
compressed
MD5: bdc17ff2c6fa022ae20ecd41081b065d
SHA256: 838aa90ac9ac0dedef33ef68fe7e553ebca13ebe74279ec3c6c6424d7c14975b
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1F3DD58BFC5ABAEE97CBE3AEB8832169338B43EB
compressed
MD5: 1e697f9cdba70ca395726ecdeca9f3d7
SHA256: ecadfce7f44e5d9009d9ee220a6e22e96bcc0a2f1de27eef05ee22e21d044531
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F6066B9D1E8770A16617FD43A8F9F6160BEB2034
compressed
MD5: 10f4c6c2281cbc49ec6e703eccd3cddf
SHA256: c1df3da48e230ca27d8789c8e204bfa268ece984fa0cce9fb1a365a77c44d8db
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2D3A48C5900FFA3BE3E9D0A37D5D5167AB6D9AC6
compressed
MD5: c0a262b22117eb43973ddccf63e9ea1a
SHA256: 6888a522f8c7949812d34992f925484d44d72bea14f4b9833ca5d1072592631d
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\FB8762C50AF4CC62BD1BA9A4A069CB03B0578358
compressed
MD5: 1dd9fb1d631940222477592c686d084f
SHA256: fa9b1c49e86931c66f72a17a586b788b1354fd4c98606b06a0284725aa52560c
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F22B1834374B2A7DBB974DE839AF09AD1476EFBC
ini
MD5: 9b7897cea152ae69ba951951d1dfbb3b
SHA256: a364cfea4d15d864a6ee94ad5f4c978c190d424c934a098d443b368830fd14e6
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\636BD5218BA9490CCC19EF39D0B3C65488679EEB
der
MD5: 3de5aa7a3d72bfe0190a9236e24cadb1
SHA256: af89abe26e4dd883380be2c527b4cc0dc86f00c85464fe4c4575de032b54aaf1
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4398E9610E18C1949495654A8106F288418A5CF2
binary
MD5: 92f13bf91c79b46c9fccdc8e9c92a5ee
SHA256: d41b35720e8eb4c63fea952df5a8acd853da9227d1bf1b34b9233d218ead2bfa
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9785C10666BA2E1AD45666E5F9187FA63C231F11
compressed
MD5: 34e5df39b6e350269e759c1e1c3ab65f
SHA256: cc08390be90cbfa7d7009e7df693c05d09ba76baee8bec29f2565bf8e6228f6f
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\539F8580A924B4C7DC25BA1FD03A3E3E77016F82
der
MD5: b62683b8d6b8dbeb4070d06fac57af16
SHA256: de4cc1ed79d59757af53833a47bb3f09c23177da8506644cf3c9a06aae418769
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E37F353CE0D5EFDC2922F0237961C7C74CA835BB
compressed
MD5: 9c902f2df0b01e749fcaeb5bbaa1d13a
SHA256: 2a79e031a31d4d1aa527f972c62212d8f0246322089821cd6fff71b4106816e2
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E8A011BC8538E42BE323B93100623DBB45A36E5B
compressed
MD5: 53ffaa239a6ab01bb386093e2b57178c
SHA256: 46bb221847bf0a29aadf04f7ab3b7e7a511e382b07a6a41986bc406d2ba68a05
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\41279518ECBAB313147A1A1AEF68E18541DF0C3B
compressed
MD5: 941373d838d4a5c4b56a55866103280a
SHA256: 62216915ee1674a93fff7170c532482cf2d0706ba29eda51e739fee2d8ff19f6
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\BB63224FBAF803A81092F8FAEDE49C097EAB135E
compressed
MD5: 7a46f3c07ee67bceeb2435058cbf43e6
SHA256: a0dd5158f503c42d5725a7f8058d45f8c60e45b7e6e8d47538994a967b7c5bcb
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9BA08A383BA1B8E453F51BA5536EC2636702E747
compressed
MD5: 8fe508aaa6c3d5cbbe799d0e8ca7750d
SHA256: 98ca9a939b59ec9bd80339090a27cf824ca09db06b52491a49c738ca315402c0
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CC20A1639514FF910813A2A63AD2DFAAE56BDCBC
compressed
MD5: 40f04d3de56d20a79e82f17524001ace
SHA256: 8047489c977f09d96885e19540d2e1b144350c7c65c06e090a5bafc689e4590c
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8EE1633027A099814F0F2ADFF5B7DE918A40026F
compressed
MD5: 308fbd14f41cab223947216b1b68e5ce
SHA256: c237aa77f3d9d84efa118bcf50c86fe254cbf26136f6a48b1c1848e457cd5b5b
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\16A9BED07C828CDFB0CA3B761EB2E940D057F22D
der
MD5: 23febd3315c1bddf24194e36c6fe0950
SHA256: 72db27983e61ca378a035f483980b4cfc7b25145d394344523621053b54ea22e
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E8CA65797CD428B50B43BAC007397928DE5B4C68
der
MD5: d52b3659e0c6cc56533ec103a63bfb6c
SHA256: 5c74aae347fc1451caa0fa115f7eb0b467f872ede243591cca887fde55df2278
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite-journal
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3E1FF1BE5ED019F549F43279762651631BFFDA4D
compressed
MD5: cb17b69b8f3551f45000e0564b2f0180
SHA256: df49b6210986b1904efbaf9fe6cb7a807b07cc677735ca7acfb356a32e9c8f24
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CECEAF7E1DE7DC5ED4106C8AFD04E6181AEBB305
der
MD5: 91b43ed9f5e9706f8ee2a44c8ed71df2
SHA256: 1c854e649bbadb987a62cc84d19879fb6c3e61049004ded7579020a9f7dafd72
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3E1FF1BE5ED019F549F43279762651631BFFDA4D
binary
MD5: 3c2635a40ca7c86b296490068ff11942
SHA256: 998de442a3ff41fcb3ba299139128a996d88cd12e7e866e0b295d4b6fe21e4d0
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EEDBAD1CBBC20B542215EE2134E489A429BB698D
binary
MD5: 0d01b48560ab340f4852ca9f595a175e
SHA256: 340e4f455950b6857ed846b95d14f8e5931d27d01411bf07b86c360ad70208f8
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6FB640046D762D3E0605721C9AC7736352E427DD
binary
MD5: 83c90474dba1baff4f1e825e315dd0e2
SHA256: bc24daa52b9f2809b9bfb653718db5ad46548412cabeedf00b0b823dc9cc1d79
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CECEAF7E1DE7DC5ED4106C8AFD04E6181AEBB305
binary
MD5: e319145e69d96d56b64402b6bcea8e48
SHA256: 7ec4a54b5d8c9d3619be7a95b3ef0e09e46dd5494772c6eccda1ffe222cb1ac5
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\843D679AE18FB2506F20A2B49CD62879858A6DEF
binary
MD5: 1896d13e084f3fb62322bd25bb4dab96
SHA256: 27aac269a1c8af958ce8b962caf48b733aa6d39b4a189f27a4af22ff13354ae9
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F
binary
MD5: 70d483ce7e4c5bb3d6a706d5dd26f47a
SHA256: a1f5550d53ffd95fc7a096f9a5fb1efe1a45ad6d352492ac7b0f0f3edf770d1e
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\21B52CF46A6A1CEC7FE7888D644FF8A83700623C
binary
MD5: 1e731e0a54057e1dc5e9a33a2474b47e
SHA256: 7f9971544fb7cc9584952f26c21e3f4a469338fc2783c2eb9197bc3fcd0190b6
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2D3A48C5900FFA3BE3E9D0A37D5D5167AB6D9AC6
compressed
MD5: 0fc17114b0a71b99bf1edb285dba1ce2
SHA256: 148bb74fbc814022807b687a2280658abfe2c0d015226e325d47723b546bba16
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6F14A937AC0A714AC192D12F86708DA9954027DD
der
MD5: 749a400f65530d7e6d625e89df0d11f2
SHA256: bbc1ef4652ad98c33749c45f5ef12f0c312e5d470693b493b275bc61ffe3ae4e
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\BB63224FBAF803A81092F8FAEDE49C097EAB135E
compressed
MD5: e4272766f190f83005e688fa58945714
SHA256: 15261312469be2113f141387f8dd450123512deede49607e4b7ac6efc775eb51
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9BA08A383BA1B8E453F51BA5536EC2636702E747
compressed
MD5: 0f4f1632ca5c077f6fe79f3c6288dd76
SHA256: d3cdd7496845522f59ea37418990df6cb6f770ac724f8aae87a21fee610f652c
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D24B2A0F3F835E5DF7C401AA7BE59691CB6F133E
der
MD5: 35806f11bddab39910a2ef41db6c02c8
SHA256: a584c1495a11a9310e3e181420a0f9315b3441e5d9da08e7261c7a504364fc52
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CC20A1639514FF910813A2A63AD2DFAAE56BDCBC
compressed
MD5: eee9ccc0a3ac346d21abfd214afebd9a
SHA256: f76a9823437eea46c80e34b04295d40422d10bab22cac6d84e147e5defa38935
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8EE1633027A099814F0F2ADFF5B7DE918A40026F
compressed
MD5: ed866f4c9a399664e6b2125b22aa1793
SHA256: 95a75ebbce916f9bcdfe299d2f98e454662b241e7a304de04eb446383ff043d9
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EEE29A9BC540D6B22BC075EEF253150AEC96621E
der
MD5: c364f48dbb22dcaf16909c5e7d386683
SHA256: 5036a0ae72188012e9ee8973c0e4b2d39c19b64f98b98165f12bba3eed4b5644
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8FAD4EF74376C75C1E06B11126C5D179A451BC8F
der
MD5: 9e2d837e88ec368f74a26bf417932572
SHA256: 56da7f1b04bd365909f45b6f63fe63f7e393f99bd4487ad152a39a766c20c302
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\5097
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\18383
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\31670
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2A43220BB7CEBE52490C66F14D3A22A1AAAD86B8
der
MD5: f5ac49f8ca939102b5002c218f6e599a
SHA256: 9a42354ba1bf1aae42be2fd937d96255ac275cb83ccfadb2a695106eb3234372
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2C8253713CBFD0BE130DCCAF607CF1B2EA180AB4
image
MD5: 6b04cc6afa9a1b56869fad772b49f90e
SHA256: 95395f248ba88e464e0dca47a6df9a8301d90fa492a08cc6483f7af7954e021f
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\20852
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1D41A0EB9C1BC7A715E1AE5BAADDEAC3F2AEFFDF
compressed
MD5: ae0902882af5913ca55e28381080a757
SHA256: fc26a54e8ba2a0e91e43990b9f17f2ec88f1c866ed2aca20d5b4b57e8619d7fb
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0209343852ED2B33D4B6C608793C667A4F5A8EB4
compressed
MD5: 759f4c80864170faa830784e6e484b92
SHA256: 747ae4864816c24283d9d1508cee440a59dde32d0d0ed35c24af76f31c20d384
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0A339150907120D2D32484F4720030257800BAF6
der
MD5: d9d8f1c9442fdb3dea0d416f594cc4ee
SHA256: b29350e1d2300b963eb843264fe2d7a7b4bd250d1b072448f985ca996a5136c9
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\357B195113555776543E201817E93C64272FDF52
der
MD5: 7e26e6246a170dfda388422859443552
SHA256: 0fe888c7c078224cb880beb022f694d245a24577e04604de78df9c742ab09303
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8E085E78007A4C4BC9CDABCD855FEA72D8988AE8
image
MD5: 44108bc5db052d9f331d99a97ebb8ede
SHA256: 9124a3f2cb5fcb4e78dccbda1ac94384151ea0854c0ab77542492b1008426aab
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B7C857999FD22C3AF245C7E412DB60D55DDA32FB
compressed
MD5: 120c61d8a7ad677f2940dcbe7e01047a
SHA256: e139c8af6365b00c17caf8dbef8f18ba9cf613bd000446126a6978b70fd1fcec
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\684F1F44D05D4D8C90103EE696329F9E8B2407DE
compressed
MD5: e6c0b587a0b275822967dd23754fc18a
SHA256: bc7a10bcbfe3022afa035e1ff4a82624a3a263f3884fbaa13d52aa758ce824d3
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F3A88171B840A682255883646B2EEA72E0BD5E7E
image
MD5: 43d6d07a6fb849ea41434426028343d0
SHA256: 931442e70eed65b02e53ffe082ec1664f939b2e12f32eaf5a3a2cf0ab3cf51af
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\993C427E725BC02F7C066F9D8F646B01C721DF4D
compressed
MD5: 7e17d687ced14f01e7ee97484077a92c
SHA256: fa0e03b1706191df7139b83c4672b29646b89d5fd227a970c4c26c083371fdb5
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AAE550CE837D700C1AC307EC01111ED488CF8A79
compressed
MD5: 4217f21c3a6a905e85008a889dba2989
SHA256: 077875c869aa21c2518ebaf4c69e3fa3eaaa2f7a5dee0407c188f0fc283f3bff
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6594BD9449BD8142BF1E54A848CEC250CAD93D93
compressed
MD5: 1e795149605017ad1312bff7963ed4d0
SHA256: 4e0123b88819f6cdd24ebc731a762bae8684e69fa83c47f239a1b0e32e8affeb
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0D288E5EFB5F6BD4D2FBED99FD460472CAB057B9
compressed
MD5: 2bd69bc6025d893a3b29909af93d616f
SHA256: 2e348649b7dab345abe2744f69397fa0942dd45776fc692e69c35a12d642ec7d
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F
image
MD5: b51b4ed9ed495d3631208d895d62018f
SHA256: fb34203b4a4cbbda3bb4c099b3254a90a80b3240e500310e8bbe7a0ddb412a42
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\21B52CF46A6A1CEC7FE7888D644FF8A83700623C
binary
MD5: 0ad3b1b57c83c78b7bb1180009afcb35
SHA256: 2a2ea1dc9d7da3c66599778b07814faf89aed68f81a9a42d1414e6dfcc5c5860
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CDF8AB2938764D3AB7F1963FD9575FA2CA4F1D67
der
MD5: 1debd368889d4b58210a5edcc360fe15
SHA256: 53fcd95ca36499ad6d85a464b680a2b937a96497ab06eb1a0aadb461c58a1487
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\471E1C019C1CB2A48AFFE9237A79AE0F05A0233F
binary
MD5: babf99077b741bc99721441166157d0b
SHA256: 6f2d7b090090a7fa1571521c0538c8bbe2cd5c6236f97fc6c6773af5548c2d25
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4157E039C34450641BF87A841EC482E7896EBA61
binary
MD5: 358ce389061377c93701fd51c4e2a943
SHA256: 7c0b14ab620084aeda9cf41f37d8e467961898930a3c247ce7bbb01da14bb19d
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\55F5C3F9BA40B25841238B49ADA60524905E06A6
binary
MD5: bab8bc50a7427ec4d2d859ae471fe937
SHA256: d2fd384794e4aa691012ddde13718d833c972233f38fba1a9bcfb0d425e1961b
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F
binary
MD5: eba7ba5ae0d0e43131bb8298f3024b59
SHA256: 2bff52a266c1588032c5de180e0cc361249ba0e13950473a8c784192b9c21655
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6CBE5FE7F64C0A0203A14D762F0102E48DFCA0B3
binary
MD5: 06ce08379f4c5c660ea7784c589ae381
SHA256: ee7d854671b7fc35667829ea0a01ccffd7d4e5b991e40f2ab3f0e23bd5a02cd9
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\62A5CB3C33A6218F354C396C14A9B6C74A2363B6
binary
MD5: 624df3a01e14d27d1829076b603e67e8
SHA256: a081f4fc108c95967168dacdcbc1a69dab7bc55da8c92fdbb84981dadf190180
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\21B52CF46A6A1CEC7FE7888D644FF8A83700623C
binary
MD5: 6a8b47860f925cab8a17539ba850ae25
SHA256: c658ca42657c23d4b7b40d177a0b82bab0aa76f08cf6b4cfdd5c6c1b1f4a0ed2
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A6E04BBCE35A982E211DF2798A26772F3A2D66C2
binary
MD5: f63df940f5a10a526e61264cd04e58e8
SHA256: 3db6616f5834a89dec7fcf69f8696ea188e6699bb4c31466c52e3af0d916313e
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6E5991F23BE2A4B8AAF8B9564946F25BAF60FEE0
binary
MD5: e329a429e068efecfc9e0b56c0f125cc
SHA256: b67a11a6fa4f7331c484beb6af7cb7246cbdd1ef1d86a0c6b2dd7dd9a9846796
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: d042d0c7bdb061dce811befe7955ba19
SHA256: b81e4648ebf81e15d14374394b62793dc5a1ddc7ac88db93f6b568e941456bc1
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: de943b0010b9a6ecdc07ad630f9ad0ef
SHA256: 0e8a2da806553e89644f9c96acbd877cfe34d998501c00366f51b2e4d61b8e65
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 518c5678f857d8afef69a1db93eab039
SHA256: 03251c605ab11d827bd76ae6c91ad73adb4d45ada251288d7d7e166e0f77f267
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 7b66d6130137aa601b7e33b30c5f3068
SHA256: 9eaed865270a5b3bee5b78723baa1ab2f6aee55352bd92e84ce000b921978e30
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 8184ccba8e4b98a970d97ef04b258873
SHA256: f0a35d87292c20090425a8743168bebb116f64d9f5333b79b551cc7482fc3a83
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json.tmp
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json
text
MD5: 9cf5e9e40b5f764838f42c8f2721957f
SHA256: ad9889206f043a9d31af59d6db2a74d9680930c009a560e8cd158bafa271af8f
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B6CA657517BA7E46554F7A534DB4C6DD356EA2D1
der
MD5: ccb2905d0572c5287d20c7b4cde77251
SHA256: bac766ad12191b77cdc9c92beda6225beb08877849108df84ec2973388738eeb
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0F46DB9C8C772D8283A63DC5285C51A26B398A20
s
MD5: 1b7d91a004f2055803f90e852bf92329
SHA256: 60153207c085f8e313bffd9af6aa7ad9aa85d9b5669b11f6c569dd20ba44c14a
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 5a32b2bc12ea6360a7b7a96f0c9c4606
SHA256: 09a7433ab594ecd9b123cc36a376d81b83c04623add867c1b681a06507b6a8e5
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\05C9147E14D215AF87DF31B575FBCAA2076B8A60
woff
MD5: 4b2c72a0faa370f94274080551ae0df3
SHA256: 4e62a44debe590e2cc508d02b03741fab6265607074b6152552c7961564b8012
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\977DD558149187128CCBDA0F5A11CF64410945FB
woff
MD5: b1e04309a6de5043420587110eae07fd
SHA256: 6b7c71b678d1c1dba6519070996049b67c4bf25a08bf27588d544c514f6c6fdc
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\BE16427776BB371AD742C7973A6B1E012215D863
woff
MD5: 498649e74f5c4980b59b34641ecd8295
SHA256: 33d30fc2900c9d1a2c6800bb19d5f186abddeee6099d7f2a40d42fee2587626d
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CC20A1639514FF910813A2A63AD2DFAAE56BDCBC
compressed
MD5: d83607671eb5ed09de5a4a40d8ce2132
SHA256: ede2c74d39153b14bc7a38c4b7db5107ffaa29ac7f395d767af296cae6ac1cff
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8EE1633027A099814F0F2ADFF5B7DE918A40026F
compressed
MD5: 0ab6c3b9aa1d2c09cbc9b5f6a5872aac
SHA256: 8627366453b9bf7afcaf1db1bbaf50cb0eb0a7720b0363be8480d60630af0a4c
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 19b298b483b165d9ca1b0e8bc3acacbd
SHA256: ac4456d00221ccd20da90342b2a997991d04c2f3872802ec6076a33fe4cbf465
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite
––
MD5:  ––
SHA256:  ––
3796
System32.exe
C:\Users\admin\AppData\Local\Temp\Airframe
binary
MD5: c432d2bcf0806db55128182d1101e084
SHA256: 61a6ea138049c3e7b2ff58525a1611cc1e0301f59c857685ae16dd1e10e397db
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C761F1E4846445BC2671DAD3475AF31D134F73D0
der
MD5: 0a98557056b3b75834c548c5c4a68cc9
SHA256: 22e708b546ad604ad8b12ddd38956c66bfaefe3aac0ffdd7e1fd03f349b82d9f
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\21823B488013AE2F6530AFDACA7E730F4DAE5CC3
der
MD5: 0e114769533147526f236f0975bf04f8
SHA256: d5f52744795fbc11d92facca67243d571d09e450c22133b0a8a02aa75b436c48
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\75B7585ADCB1E96C1AF0CF6F6E5156F9573E2EBE
der
MD5: 1024f39f3a1ab56c80efe259a3b654f7
SHA256: 89d9928aeca36e2d0a5e77dca148c370a845d4f95f1848d655009b55bce6466c
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A396316C99AE0A117BA8DB5118107BFC32C8736D
der
MD5: c5cfc12d01ef6632ed898defffc889e2
SHA256: f603436d516d4cc1739ac2c7296b7161ba852cbbab7049e78ba2b0b0226c218b
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: b346a9f2696004a06923872059dd8913
SHA256: e89468af5a2148a85ef49cd4381c45cb64d05c142385ff302e9ba192817aa619
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-backup
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.vlpset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto-1.vlpset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.vlpset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto-1.vlpset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.vlpset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto-1.vlpset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.vlpset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto-1.vlpset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-track-digest256.sbstore
binary
MD5: 78dcec0cca3c5d108fda713905cb017d
SHA256: c2bcbf8269fd25481a15d67d990137ccb72e4c9af75b0aeabc884218c1105f6e
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
binary
MD5: 9582c7d247c75c190135b8f9770b90bd
SHA256: 9936c7df1950b74f63bb7da12e40d95b20e0b8f867737442ee508945aa741ebd
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 0d4d1857f06e5ff5bcf26f1ff7c4ed82
SHA256: 3c244776aa4df1f6d58a6cdb9052feb4d62cd8f7cc99669388c83da177746ef5
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256-1.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256-1.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.bin
binary
MD5: de9496aca551ade408ef6466a11833a1
SHA256: 8f9c7fdb3e0bc01024e43a8e242468fc4dd4f74c725e32a883571635203dc10a
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-track-digest256.pset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-track-digest256.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\content-track-digest256.sbstore
binary
MD5: 9702c14e80e6dd390a450909a81d2c8f
SHA256: 92c485c737f5b403bcea9f344de23fd8a8f3ea3629b244f9499e8dad77f3d6d5
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\content-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
binary
MD5: 2615ed123b3eb63c61ef0455bb2b34e3
SHA256: a7a21ff9e31b468739b472de3621d3f6d34493be2dc88885cbe526343be20783
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\analytics-track-digest256.sbstore
binary
MD5: 5da8f75ca7d284f87d29a9b3de7f3305
SHA256: 6f612171da4d86018ba74e660239493084b520d7f67227e9b800e6453ef8e3c5
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\analytics-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\ads-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\ads-track-digest256.sbstore
binary
MD5: 6e2df5e8f8fb96e4fbb3af02337dcef6
SHA256: afeae83272c9467d7407c516759977393a17d9a332a3c4786fdf6cbeb0888960
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B7E9AF7CEC5389A844A1D58833798C6E925B0BA2
der
MD5: bc264b00e482f6c65f2d31313988709f
SHA256: 8bce9c38fefc91348f4890e7bac12732211edf3d0a3a51e62140c889c13295ac
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\ads-track-digest256.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\ads-track-digest256.pset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\content-track-digest256.pset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\content-track-digest256.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\analytics-track-digest256.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\analytics-track-digest256.pset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.vlpset
binary
MD5: 6d91e17a5eef841b8da5c4c25d958001
SHA256: 7807b12ed660d82a25127bf983107a27271e4da98902c42c80b18fb8c8b50f68
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
binary
MD5: 8ac90d3a2008695a5c3282e0306013bd
SHA256: f15d1c77cb14b4679b6589e968d9595f318446c0748eb62bb7c223ae86613d07
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
binary
MD5: 712da15a56eb051c124c90a7f8702343
SHA256: 627278fc40334136505e597998b34e5fcfb3b3d852c0bc088f7a87615df45550
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.vlpset
binary
MD5: e982b878b3527c258f6aadb456398aa3
SHA256: ccea4824da8aa19d823be90f9a8f75ba374b3dc721bedbe42fd5f21e48aa38a2
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
binary
MD5: c9e2a2d9dbd4066ca9dd7b4f0d356d32
SHA256: 92bab14d0964aca8fba2615f93103eaf835941fa9ef59dcf141e2f6abb5af353
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
binary
MD5: 75a1a8cf21089299700a4f9347c6ee41
SHA256: 86423fa9371d2a8b3d508d495ed5dcc1a83d0c88902d27bd693fc76fddfae4f4
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.vlpset
binary
MD5: 8bbd7f22e3293068d3d96dbcba0b0499
SHA256: 29776cd419637e48bea35b4c4867cf5b005f89550531a5ccf03da139c760cdef
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
sqlite
MD5: fc3d5e9fde55559e31ab4aa902fa4155
SHA256: e4c4c310e7c1b74f269ef1761e0a38aec43d7483f4608b41512989e4c8e79e30
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-wal
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
––
MD5:  ––
SHA256:  ––
3796
System32.exe
C:\Users\admin\AppData\Local\Temp\votes\m3ufilename\node-get.m2i
text
MD5: cea2900fb396af7ef68b835c0edfaacc
SHA256: e6aa09ed94ac9a5d3c93147dff679f9f7a837deec098b7ddf981c8a871dbfccd
3796
System32.exe
C:\Users\admin\AppData\Local\Temp\votes\m3ufilename\eo-h-fundamente.png
image
MD5: badd211e3b69ea310426297bed65bcc0
SHA256: 87ed83967fbe118921d2e58c29af04554efa0e5594f8fb249b9e11afa348d0e5
3796
System32.exe
C:\Users\admin\AppData\Local\Temp\votes\m3ufilename\convrt3d.png
image
MD5: 0c42372a9f77d8f0faef6eede641502f
SHA256: 21117c234c5012d5c28e49ed3845fc559ac7d0956b7ccf76a1994ca36fc4b2b2
3796
System32.exe
C:\Users\admin\AppData\Local\Temp\votes\m3ufilename\contacts.xml
xml
MD5: c721935d4a94d5d9d46eaff95be9cefd
SHA256: 9b6a6337fb75a903549664d4666490b76011d47168c185fd37f4a908155a9ace
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite-wal
––
MD5:  ––
SHA256:  ––
3796
System32.exe
C:\Users\admin\AppData\Local\Temp\votes\m3ufilename\color-widget.css
text
MD5: 6d19f73209be3b3a3bbe49be4b154266
SHA256: 9d4503641a0f00d190b9c9c2eddadfecf2ffe37fed60c089c61f6e4ea30052de
3796
System32.exe
C:\Users\admin\AppData\Local\Temp\votes\m3ufilename\x-ms-wmv.xml
xml
MD5: e967d140f6e8a484f6adca59502f48db
SHA256: 31d358bc620d3b2c5479d92d89d861e75faa1fb90443250832e215f1179b1b5f
3796
System32.exe
C:\Users\admin\AppData\Local\Temp\votes\m3ufilename\76.opends60.dll
binary
MD5: 5c609f784597f9eb378920b5a7c90167
SHA256: f62c88126fa73a21b956cdcede3e2bc32daf2579f3e088008b7f6195fb317965
3796
System32.exe
C:\Users\admin\AppData\Local\Temp\votes\m3ufilename\objbrowser.gif
image
MD5: 0a2dad5f60a899ed2b7e6681b546d8e7
SHA256: 41d748cb939642431aa8cc5c7008ed77aff94431eb7f0f18e1c06b8db5448e4f
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
––
MD5:  ––
SHA256:  ––
3796
System32.exe
C:\Users\admin\AppData\Local\Temp\votes\m3ufilename\snd-soc-spdif-rx.ko
o
MD5: 7d46c6d01305606e0ec17bd943d1f30b
SHA256: a30089c389373ba6af8e8f475ea9728ab20ac274020d4c23be71d1690ec9e840
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache.bin
binary
MD5: 4147f9a3b7d8efa11645cae22e522f63
SHA256: a7c7a239022577b57085af80de2f0d1f579cc10892ea7e5e80980fd4f4ac5951
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child.bin
binary
MD5: bd09ae31284f5f39c9a1bcc966ee4992
SHA256: 5bff27b82aed4dfefa851620f78a7b6ce97825e32ddaa8e4f96b9bb950801760
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-new.bin
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache.bin
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-new.bin
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-new.bin
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: d9219fb094f6d5961cced164316d3d20
SHA256: 4cb73dd695475070ed9672454effe5f423e8b104b380da8293bed0eb57328090
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\Downloads\System32.exe:Zone.Identifier
text
MD5: 71941f8bf8a71f4817b595ba1720a21e
SHA256: 1f4bb78534e409b73b7f2de3b32bbb279aad06937655286d74fd05e68bbfa9ec
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: 948a7403e323297c6bb8a5c791b42866
SHA256: 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
binary
MD5: 65e942614eee70680464ac4be75019fc
SHA256: 34395085da32c8b4efe9959e3b0d756b43ffed17694d66f39b966cd331bd9a94
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
binary
MD5: a5695cc64d77967232b0c1344c6e72b3
SHA256: 042a22b8681d754671d2018ba109b31a53ee3728d48c6379043f8e3394e7fbad
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
binary
MD5: 3675254e341df799d4307c1f59109185
SHA256: 23d108134bed6099793f7dd6b8b6e62081ec3b945efdbc7c5e0e779fd9b82f98
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
binary
MD5: 3d1ce5e50208f0cb3b979186043a548f
SHA256: 1e13d05d482c3d533dc6035af2b2d6e84749412a5748d1435b70cec8b312340b
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
binary
MD5: 051fb32dece757ba112ac36dc72e3a91
SHA256: 0806d98fb3de55f75d7c0b17e26146567e08c483031526659a4a35d09b97ef19
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
binary
MD5: 95f28ede25c301301f25fbbd9a3c56ec
SHA256: 87763df78772f7d750b0fa5a31eec23e931fd3bd1cbb33beddfc61889da36478
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.vlpset
binary
MD5: d9e28d043d05a069ac7962f181a05337
SHA256: efbb9ada8e5f662779444e4de88ce944036b7c73d61acfb70239f809dd153aa1
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
binary
MD5: e2cf527ca7550b7e7bdf7311e483a2c3
SHA256: f1e07b1d717433f47073dc54a7d98e3e87b3d0fa88e53466f93ea544af885d11
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
binary
MD5: 2ad4445da23a8e50d667c09150cf1876
SHA256: c1550f9dc8f675c7ff2c896ee91c839e4e2b243e759d71c128521c17f53e91b1
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
binary
MD5: 6ee2fe4d5c3460929a4eec3138d76e8e
SHA256: 1bd0d3301b97fe608243e61c8fa114cc1ae9b69c0622a10cafe5cc1814df3b7a
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
binary
MD5: d6acf2573e12afdd7939568804d3fcc1
SHA256: 5525cbf8f8dc41d19ac632ed324e55293a510ae0eeba16d0e3f33c707aa58a0c
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.vlpset
binary
MD5: 8996548565a96f6ba34bc8317fb4f09e
SHA256: f760f51c58a91fcc264b8d27f610372ad510209eae6d0911e0ac236e7405fdc8
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
binary
MD5: f57521d4d31b44fbbb74ba8f2441f52f
SHA256: fd6f2adcf2bce0ac48f15b6a67110e24ec8d24a566422512df2269f2cfac7a0d
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
binary
MD5: c0ff29e2429d6a67594d829b166b9d0b
SHA256: a8ab69af442ae86af43f2a3bf22b91341377be23874762de01e3e71ef08f0318
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
binary
MD5: b4d69f529bf6d261075d04c6a5c56158
SHA256: 2794c0426aa721104df6a8615d57a251af30a79865cc69e369ed41cae4ea4ee8
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
binary
MD5: 7655fffe7cfbe1ebf96afea5fe2e1376
SHA256: ff2f663c4e453706b7817109f6a43e8b3389e8cfb1b7d64aace2bfba45f3a359
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.vlpset
binary
MD5: 93fdf288da71b455cfcb53f9e78add2a
SHA256: 017ed2622f8e5e1d72df4bc872bcf81ccfea9681aede1afdc7f3ddac800b0cf5
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
binary
MD5: 498dae4e538658a57f464748f2dabfda
SHA256: 8778f52cd9cb4f4787bf7ba18006d212f8c3004652d163f7786556a8eef3a067
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
binary
MD5: ba0009932844173bc8f9af264229df24
SHA256: 66d1c00c04d86e313e9a02775cdf906b1be8d4cd6bef423a1b9e21cc4e9f50c1
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore
binary
MD5: 04824a1f92353f43ebb9e7f74b7476fd
SHA256: b48e58ebab82e4c376f16150a3fff850c1111ff1f5985d68819cfd6f0db159d2
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
binary
MD5: c921d8e98fa01b4f303481e112202e92
SHA256: 4ef1038730ec8bc7206713c29a936768831b922c5e6c83355fd62d7401d8c1dc
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
binary
MD5: 6f85bc4b2ecb49e26b0bd83a821065d0
SHA256: c0b3bc9b3dc507ab654caf72d13c3aefa58c9b13b1e4d14dd8816712d80a7e54
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore
binary
MD5: d886a47c89d9c49c795da345bc236990
SHA256: a03c5e2656d2f292bf5794c8eeb8d223cd6ba4f4bfb2ed1f325460e879d0bcf7
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
binary
MD5: 4a1220fc03e11726f09e9981834345db
SHA256: 6ae7fc0fdbe217104f4034bf6a580a461106b50309abccff6e309124dca5ef39
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore
binary
MD5: 0e8fe60ccd7e9b4c32589a5743a95302
SHA256: 2b124d4026850a3cffd28dbacb58aec28f7dcd4d40bc14e52bbe96d60ce4e749
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\broadcast-listeners.json
text
MD5: 11431640bde861117baf57975cfa9bb6
SHA256: 8084a523aaae2e9dacbb3d899869a27c8bd920b7c877fd010b43cff81af56886
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\broadcast-listeners.json.tmp
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F5CE184FC60C0BE08911B12BC32788AF99F9EAAA
binary
MD5: ad722df2ec73acbc26b2affcade62772
SHA256: cedafa70d9e9e33839251cfb600140f9ea5c63998293aa4ccb3f2496be32c887
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9A3EF8133F0FA6C3DE8D839A13E7E624CC01FBCC
binary
MD5: ac0f15fcb298690bcc5d13c53d163ce1
SHA256: b40b15bdea6100a665456ab2cc268827b3868e92bc10b2428c75208a2382b7c2
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\downloads.json
text
MD5: e57e419fea6dcf64b17926cc8a8832a9
SHA256: 56c71f913e3042692ab2556d29081a323bec2923035067446377321f2f70aedb
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\downloads.json.tmp
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 7df3b441fa9a2a1f67c0de1e41568516
SHA256: ef1ab8f16f0a74c4a4878eafcfa6f0b243d4a9fe1bba433c380f0bdd7661c733
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt
text
MD5: bef8ec74021a23512d2724a28c7dffa5
SHA256: f3f0fed4885bef62a9e666dd47c41b76adb1bd63a2ab14c30e524eb5d91046f6
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations-1.txt
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_niqHeIoMSssR9Wv
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AC7AC47939B664085464A4D28582F7F6A41B8726
binary
MD5: 3214d91fffc6268e8718e121c6381d6d
SHA256: c92d3a9b967ffdf6e7b5eaa3ace3f5ba2ad4c2e839c002d93391f30e1f832c0c
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E75534129CD180149FC867C56A5CE66247E918BA
der
MD5: 15da0d4c8a9e3a30831cf3a295e8571d
SHA256: 70b97485a324d291ebfc74acd895b1f22c7af549df653aefde90de46dbe20c47
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DBAADDBE936AB2F853A9CA618FF84448E7790B44
cer
MD5: f338a9386f6b795833a0706d309bfa19
SHA256: 212718d86fce4fcab979d7412e2347ce9df06c777b3608c238b6489bbd54ce12
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1D934245BFF92F546D1D205CC7BEBD74CC72A72A
binary
MD5: c9836ab37c7ff8df6c05427ef2865742
SHA256: 5cbcf8ef20971a71c3c65d7cf05a3cbf47917f8d8942b2d11b508cb54a5522a3
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4E4D532C34CD6DACAF7567FF890023703BC33312
der
MD5: 10a93b7cf6cb8d5ba5a76495b6374c8b
SHA256: 992532f0968deb603791e65fe650b3506ae2329e577f705b284781554dae9ead
4032
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_kx4kEUACfoqWiwi
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 863ab78c443e101f2f81f73f10c44884
SHA256: b33cc632db0436b96881e95cc7eb9f1ab460508e4f6fb64ab2847161f44ecb2a
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4
jsonlz4
MD5: da5a84a2615e68822fa04e81e66ea403
SHA256: 1c43e3fbd8cf850c863bba57a263da38355b9021b4a9bcc9f1d59ecaf9841ce9
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: de943b0010b9a6ecdc07ad630f9ad0ef
SHA256: 0e8a2da806553e89644f9c96acbd877cfe34d998501c00366f51b2e4d61b8e65
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9177A730A75A3AED965C9E07E7094239DD45F8CA
cer
MD5: 396ae9c949bab02d845b9e3acedf7f20
SHA256: dbf0061fc3abd576e6b87148db051804aaf4ce06090d0d937c3826131ca5b64b
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\ABEAA48B501FBD6A530EC9F222A741DA79987BC8
binary
MD5: 23dc5d83efa58cb2ff748f64639053eb
SHA256: 076e7628daf67633a20fa91d55f5bfca10c397c73d5805ec7f1861db7de10ea6
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F36BA6E65505B424864C5907B9DCD4FA685F2145
binary
MD5: 5d725dceb8aa2e0f712bd488e5fcf04f
SHA256: c563bc3d47d46c7c83b0273e835fb1042f07b72977f41af9bdd281fdb50de445
4032
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_5HsgPuYPr2BX4qL
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: a9e8cbb8a234803e07bc97e86e7fae9c
SHA256: 5c6c15b7dde3698e7f57ecc56475b214682e3d82975545146046260bd08c99a8
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9177A730A75A3AED965C9E07E7094239DD45F8CA
cer
MD5: 900d2802dbc9632c293658d0ff86ef01
SHA256: d8b7e47c1a7421445d7a134b8d41ba6dc9b0633016e4c9b42e008792965cd0d5
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\20389B09730504F72FC74211F1E3B3EDD49F6C91
binary
MD5: 3bc2f8fa16afe5fc33c9e31d11b2f476
SHA256: d54afb6b671c13457bb627b143d0ce861abbff52187f5cef3fcf4af0f286ce31
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
jsonlz4
MD5: 65a8568f72fdf05a592210c52784c82a
SHA256: 353279aec0402d3777cd400ecfa22ece3e3e882cb1e57056965db44bd1306465
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.tmp
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt
text
MD5: 4d8c63c62873cfd2c70215f3b68633b1
SHA256: 33495ea66f77bc1e8c3bd804b7e63663623664767f69b87cbd55052fa09d6ef7
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journaln藾衞怸蔘࿀
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\ED4CE6DCD5C1EA4EBEB3F5CE4968C13FBFBA7575
binary
MD5: c8d87460faaa05d28991af36e93b3ad8
SHA256: 3f72b9c275d8436f247903f2a946135552f423e8fe30821a2965aa30a32284f1
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AB423DCD1B1F2AC64DFC45A9DF00554A51D532F5
binary
MD5: 44bb370c3cb143708e3ba76d4e59f54d
SHA256: 53d4bc0e04bd964440e6e3a6eec40b55c30a9dd534925b305ee7d50ed2568953
4032
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_9amX0A8GcpdLbAK
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9177A730A75A3AED965C9E07E7094239DD45F8CA
cer
MD5: f9e78144f48c410d4a796700d619cbdb
SHA256: 6b5d7832bfbb3d2d454f36d0caacc7fb3134c5687e10c3b4b565dc9c2c5b1fae
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 1b80e79af82a1940448e65b0b5771a5c
SHA256: 8046aeefcdbde0c5ee59872deaf365ec0afe49c490224de2c2e56c275dc26b9f
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EE197B20CAB0419D1C0BD23EE03034F880EDC296
image
MD5: b07d78ad9ef5978d0bc9157447b72ae2
SHA256: db90d6528cb3887b5de8acf39c2e5a276fc112736ab9c812f00e296098d6242f
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B06E1D29677C5C3714B3982BF0DADEE29A0C9B96
binary
MD5: 6be1eb885f4dcf86a37a49c4e73b52d0
SHA256: e0e93ff0dc4f8ecdf60d1d9c90005c4c75501a68dee9ea4a135f5c7469676af3
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\402C0CE4DF91187CB5A00B5B605444BC41F64477
image
MD5: 144dbac92469c020463f9d4064c70e4d
SHA256: ffccad5b49117c2f10053ac32d054e7be1c5e47e7d6ae4beba7e423e0b6d689b
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B76AE19835CDEA86B521946719284134832ED132
binary
MD5: 76d155c2f4eac5ebf581cc05ba8b2d94
SHA256: 706bea7adfa04532dac772bc0ca63a30998af35a728fb5862bee3f03626f4094
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AF7939F39E47634AD6B7EAFBFB9DE99413632461
binary
MD5: c7aac51a7f7ad6a8ca2bb337d50773f1
SHA256: 5dd5b792ace151921f98012b46b109d4711cc90576dc031d79c18ea8ee7e3aa7
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A5D93CC48B83C8124FEB6A2E9448677EACA5BA86
binary
MD5: b56f210c104b504afd79e81bd7a01ea6
SHA256: 57076bee6b1716ca3ebcabf899e161164563279141dbfa4fbf21c72186328c05
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: 9e3d5115477b8e19b3b18e9a3b07f2f1
SHA256: 3be36de2a5aacfc4187f412cae55f4dd187203f02d1dded7b86d259205080b42
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.tmp
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\13495
binary
MD5: a57eac8c4e0d59d6d62c92b05e210c46
SHA256: ba0e89eca0b891a962786df3685c27588ad196a7c42c5218c3e2fa6873f31e89
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A09F3DA7FC6F53BFE2E6B0D8A1E4282A2328F5F0
der
MD5: d254eafea9bab7508e156ecdc4aad4f4
SHA256: 89784665e1d38500e758dc5092916c23144c6acf39a46e5a0ecb7a458098cfbf
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5C9560308E370E56C3EE93807E6D6D57D3DCD396
der
MD5: b627b67af821696253f22cb37cd07ef0
SHA256: 3b7faf5b7a89c7744ec8ebc618e0e8ec3cda195f240d7861aa7f906150efa381
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_rfoBLgV29EcMUFH
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\BE0CCFDEED023C83BCD6BAB4E7FA39C986B3EA5A
ini
MD5: a755d910770d6c265c0a769812c6c984
SHA256: 63ad8ec786054186d7cf580159b1f2d5ccb2d2d61eb40bb48888525d133c4dc5
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\8972
binary
MD5: e2ad220e176539d8470f5661a7777caa
SHA256: 48f6f4550310d8a7a573960035008a92744fd448be98fc836612c5e9c5e51938
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 44db56a0680b883aacc0013a8ed4c583
SHA256: 9d42cd6d70a97c2676d9ab9eb1de5325714c2bdc93f64dec3b763865b15f72c0
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: 6d378e0d40b6eaca22c8bce899a1c5c1
SHA256: ada2467b2477aceff837ac7820c435ad1ebbe844b2da31c7ab9ae8d010c7a639
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA256: 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA256: 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 354459382f30b8994109c88659dfa1f3
SHA256: e3e8e2b7e7eeca231620d83c70fa5a926e8b9ce74c51f595f71191dc0b50527e
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
––
MD5:  ––
SHA256:  ––
4032
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-current.bin
binary
MD5: 5027177f513cdae07db2330e1ded5934
SHA256: 0c53f16051e738287a4612f68e296238087627e594cfd6ddfa1fecc2e998328b
4032
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
26
TCP/UDP connections
91
DNS requests
156
Threats
5

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
4032 firefox.exe GET 200 2.16.186.112:80 http://detectportal.firefox.com/success.txt unknown
text
whitelisted
4032 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
4032 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
4032 firefox.exe GET 200 181.143.146.58:80 http://181.143.146.58/System32.exe CO
executable
malicious
4032 firefox.exe POST 200 172.217.23.131:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
4032 firefox.exe POST 200 172.217.23.131:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
–– –– POST 200 172.217.23.131:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
–– –– POST 200 172.217.23.131:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
–– –– POST 200 172.217.23.131:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
–– –– GET 301 217.148.69.240:80 http://lacaixa.es/ ES
html
unknown
–– –– POST 200 151.139.128.14:80 http://ocsp.comodoca.com/ US
binary
der
whitelisted
4032 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
4032 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
–– –– POST 200 2.16.186.11:80 http://ocsp.int-x3.letsencrypt.org/ unknown
binary
der
whitelisted
–– –– POST 200 2.16.186.11:80 http://ocsp.int-x3.letsencrypt.org/ unknown
binary
der
whitelisted
4032 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
4032 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
4032 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
4032 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
–– –– POST 200 172.217.23.131:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
–– –– POST 200 172.217.23.131:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
–– –– POST 200 172.217.23.131:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
–– –– POST 200 172.217.23.131:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
–– –– POST 200 151.139.128.14:80 http://ocsp.comodoca.com/ US
binary
der
whitelisted
–– –– POST 200 172.217.23.131:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
4032 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
4032 firefox.exe 181.143.146.58:80 EPM Telecomunicaciones S.A. E.S.P. CO malicious
–– –– 2.16.186.112:80 Akamai International B.V. –– whitelisted
4032 firefox.exe 52.35.182.58:443 Amazon.com, Inc. US unknown
4032 firefox.exe 34.214.149.136:443 Amazon.com, Inc. US unknown
4032 firefox.exe 35.161.239.106:443 Amazon.com, Inc. US unknown
4032 firefox.exe 13.224.196.117:443 US unknown
4032 firefox.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
–– –– 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
4032 firefox.exe 172.217.18.170:443 Google Inc. US whitelisted
–– –– 172.217.23.131:80 Google Inc. US whitelisted
4032 firefox.exe 13.224.196.51:443 US unknown
4032 firefox.exe 172.217.23.131:80 Google Inc. US whitelisted
4032 firefox.exe 13.224.196.17:443 US unknown
4032 firefox.exe 216.58.207.78:443 Google Inc. US whitelisted
–– –– 13.224.196.62:443 US unknown
4032 firefox.exe 52.33.61.229:443 Amazon.com, Inc. US unknown
–– –– 52.33.61.229:443 Amazon.com, Inc. US unknown
–– –– 13.224.196.115:443 US unknown
–– –– 13.225.78.65:443 US unknown
–– –– 52.24.113.72:443 Amazon.com, Inc. US unknown
–– –– 172.217.18.100:443 Google Inc. US whitelisted
–– –– 217.148.69.240:80 IT Now S.A. ES unknown
–– –– 217.148.72.210:443 IT Now S.A. ES unknown
–– –– 151.139.128.14:80 Highwinds Network Group, Inc. US suspicious
–– –– 152.199.23.241:443 MCI Communications Services, Inc. d/b/a Verizon Business US suspicious
–– –– 52.16.200.95:443 Amazon.com, Inc. IE unknown
–– –– 104.16.143.228:443 Cloudflare Inc US unknown
–– –– 52.27.36.44:443 Amazon.com, Inc. US unknown
–– –– 63.245.208.195:443 Mozilla Corporation US unknown
–– –– 35.156.37.214:443 Amazon.com, Inc. DE unknown
–– –– 2.16.186.11:80 Akamai International B.V. –– whitelisted
–– –– 15.188.31.119:443 Hewlett-Packard Company US unknown
–– –– 52.31.175.110:443 Amazon.com, Inc. IE unknown
–– –– 66.117.28.86:443 Adobe Systems Inc. US whitelisted
–– –– 217.148.72.211:443 IT Now S.A. ES unknown
–– –– 66.117.29.6:443 Adobe Systems Inc. US whitelisted
–– –– 172.217.22.2:443 Google Inc. US whitelisted
–– –– 172.217.23.162:443 Google Inc. US whitelisted
–– –– 216.58.207.67:443 Google Inc. US whitelisted
–– –– 66.117.29.3:443 Adobe Systems Inc. US whitelisted
–– –– 104.22.4.116:443 Cloudflare Inc US unknown
–– –– 217.148.72.237:443 IT Now S.A. ES unknown
–– –– 216.58.208.40:443 Google Inc. US whitelisted
–– –– 157.240.20.19:443 Facebook, Inc. US whitelisted
–– –– 157.240.20.35:443 Facebook, Inc. US whitelisted
–– –– 52.40.106.174:443 Amazon.com, Inc. US unknown

DNS requests

Domain IP Reputation
detectportal.firefox.com 2.16.186.112
2.16.186.50
whitelisted
a1089.dscd.akamai.net 2.16.186.50
2.16.186.112
whitelisted
search.services.mozilla.com 52.35.182.58
35.164.109.147
52.89.218.39
whitelisted
search.r53-2.services.mozilla.com 52.89.218.39
35.164.109.147
52.35.182.58
whitelisted
push.services.mozilla.com 34.214.149.136
whitelisted
autopush.prod.mozaws.net 34.214.149.136
whitelisted
tiles.services.mozilla.com 35.161.239.106
35.166.89.106
52.24.113.72
52.33.184.165
35.162.117.80
52.39.224.180
52.39.125.254
52.35.188.24
whitelisted
tiles.r53-2.services.mozilla.com 52.35.188.24
52.39.125.254
52.39.224.180
35.162.117.80
52.33.184.165
52.24.113.72
35.166.89.106
35.161.239.106
whitelisted
snippets.cdn.mozilla.net 13.224.196.117
13.224.196.36
13.224.196.62
13.224.196.115
whitelisted
d228z91au11ukj.cloudfront.net 13.224.196.115
13.224.196.62
13.224.196.36
13.224.196.117
malicious
cs9.wac.phicdn.net 93.184.220.29
whitelisted
ocsp.digicert.com 93.184.220.29
whitelisted
safebrowsing.googleapis.com 172.217.18.170
whitelisted
ocsp.pki.goog 172.217.23.131
whitelisted
pki-goog.l.google.com 172.217.23.131
whitelisted
firefox.settings.services.mozilla.com 13.224.196.51
13.224.196.69
13.224.196.123
13.224.196.28
whitelisted
d2k03kvdk5cku0.cloudfront.net No response whitelisted
content-signature-2.cdn.mozilla.net 13.224.196.17
13.224.196.118
13.224.196.33
13.224.196.63
whitelisted
d2nxq2uap88usk.cloudfront.net 13.224.196.63
13.224.196.33
13.224.196.118
13.224.196.17
whitelisted
support.mozilla.org 34.213.134.214
34.209.95.119
whitelisted
blog.mozilla.org 35.197.18.156
whitelisted
prod-tp.sumo.mozit.cloud 34.209.95.119
34.213.134.214
whitelisted
mozilla.wpengine.com 35.197.18.156
whitelisted
www.youtube.com 172.217.22.46
216.58.210.14
172.217.21.206
216.58.205.238
172.217.22.14
172.217.23.142
172.217.18.14
172.217.18.174
216.58.206.14
172.217.18.110
216.58.207.46
216.58.207.78
172.217.23.110
172.217.16.142
whitelisted
youtube-ui.l.google.com 172.217.16.142
172.217.23.110
216.58.207.78
216.58.207.46
172.217.18.110
216.58.206.14
172.217.18.174
172.217.18.14
172.217.23.142
172.217.22.14
216.58.205.238
172.217.21.206
216.58.210.14
172.217.22.46
whitelisted
www.mozilla.org 104.16.143.228
104.16.142.228
whitelisted
www.mozilla.org.cdn.cloudflare.net 104.16.142.228
104.16.143.228
whitelisted
www.facebook.com 157.240.20.35
whitelisted
www.ebay.de 72.247.226.12
whitelisted
star-mini.c10r.facebook.com 157.240.20.35
whitelisted
e11847.g.akamaiedge.net 72.247.226.12
whitelisted
www.wikipedia.org 91.198.174.192
whitelisted
www.reddit.com 151.101.1.140
151.101.65.140
151.101.129.140
151.101.193.140
whitelisted
dyna.wikimedia.org 91.198.174.192
whitelisted
reddit.map.fastly.net No response whitelisted
sb-ssl.google.com 216.58.207.78
whitelisted
sb-ssl.l.google.com 216.58.207.78
whitelisted
shavar.services.mozilla.com 52.33.61.229
52.88.59.72
52.27.36.44
52.33.139.34
52.33.55.70
52.89.48.8
35.155.241.126
35.165.44.141
whitelisted
shavar.prod.mozaws.net 35.165.44.141
35.155.241.126
52.89.48.8
52.33.55.70
52.33.139.34
52.27.36.44
52.88.59.72
52.33.61.229
whitelisted
tracking-protection.cdn.mozilla.net 13.225.78.65
13.225.78.87
13.225.78.67
13.225.78.23
whitelisted
d1zkz3k4cclnv6.cloudfront.net 13.225.78.23
13.225.78.67
13.225.78.87
13.225.78.65
whitelisted
www.google.com 172.217.18.100
whitelisted
lacaixa.es 217.148.69.240
217.148.69.165
217.148.71.165
217.148.71.240
unknown
www.caixabank.es 217.148.72.210
unknown
portal-orig.lacaixa.es 217.148.72.210
unknown
ocsp.comodoca.com 151.139.128.14
whitelisted
t3j2g9x7.stackpathcdn.com 151.139.128.14
whitelisted
tags.tiqcdn.com 152.199.23.241
whitelisted
cs2005.wpc.alphacdn.net No response suspicious
dpm.demdex.net 52.16.200.95
52.211.89.62
63.35.240.22
52.30.105.51
3.248.26.129
54.76.175.152
54.77.236.71
52.31.175.110
whitelisted
dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com 52.31.175.110
54.77.236.71
54.76.175.152
3.248.26.129
52.30.105.51
63.35.240.22
52.211.89.62
52.16.200.95
whitelisted
mozilla.org 63.245.208.195
unknown
trackertest.org No response suspicious
ocsp.int-x3.letsencrypt.org 2.16.186.11
2.16.186.27
whitelisted
a771.dscq.akamai.net 2.16.186.27
2.16.186.11
whitelisted
metrics.caixabank.es 15.188.31.119
15.188.105.205
35.181.91.36
whitelisted
caixabank.es.ssl.sc.omtrdc.net 35.181.91.36
15.188.105.205
15.188.31.119
unknown
caixa.demdex.net 52.31.175.110
54.76.175.152
3.248.26.129
54.154.151.160
54.77.236.71
52.30.105.51
52.50.81.152
63.35.240.22
unknown
cm.everesttech.net 66.117.28.86
whitelisted
cm.everesttech.net.akadns.net 66.117.28.86
whitelisted
lacaixa.tt.omtrdc.net 66.117.29.6
66.117.29.4
66.117.29.11
66.117.29.3
unknown
www.googleadservices.com 172.217.22.2
whitelisted
pagead.l.doubleclick.net No response whitelisted
googleads.g.doubleclick.net 172.217.23.162
whitelisted
pagead46.l.doubleclick.net No response whitelisted
www.google.nl 216.58.207.67
whitelisted
mboxedge26.tt.omtrdc.net 66.117.29.3
66.117.29.4
66.117.29.6
66.117.29.11
unknown
js.pp.caixabank.es 104.22.4.116
104.22.5.116
unknown
js.pp.caixabank.es.cdn.cloudflare.net 104.22.5.116
104.22.4.116
unknown
loapp.caixabank.es 217.148.72.237
unknown
loapp.xarin.caixabank.es No response unknown
connect.facebook.net 157.240.20.19
whitelisted
www.googletagmanager.com 216.58.208.40
whitelisted
scontent.xx.fbcdn.net No response whitelisted
www-googletagmanager.l.google.com No response whitelisted
incoming.telemetry.mozilla.org 52.40.106.174
52.24.89.101
52.35.171.123
52.32.219.185
52.36.57.225
52.39.3.8
52.10.187.18
52.43.139.170
whitelisted

Threats

PID Process Class Message
4032 firefox.exe A Network Trojan was detected ET INFO Executable Download from dotted-quad Host
4032 firefox.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP
4032 firefox.exe Potentially Bad Traffic ET INFO SUSPICIOUS Dotted Quad Host MZ Response
–– –– Potentially Bad Traffic ET INFO Observed DNS Query to .cloud TLD
–– –– Potentially Bad Traffic ET INFO Observed DNS Query to .cloud TLD

Debug output strings

No debug info.