General Info

URL

http://blitz.coronavirus.saude.salvador.ba.gov.br/

Full analysis
https://app.any.run/tasks/879631ca-0a99-4621-bb3f-886372c1d35a
Verdict
Malicious activity
Analysis date
14/01/2022, 20:16:30
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Drops a file that was compiled in debug mode
  • firefox.exe (PID: 3128)
Executable content was dropped or overwritten
  • firefox.exe (PID: 3128)
Checks supported languages
  • firefox.exe (PID: 3128)
  • firefox.exe (PID: 3980)
  • firefox.exe (PID: 3372)
  • firefox.exe (PID: 2620)
  • firefox.exe (PID: 1520)
  • firefox.exe (PID: 4024)
  • firefox.exe (PID: 2676)
Reads CPU info
  • firefox.exe (PID: 3128)
Reads the computer name
  • firefox.exe (PID: 3128)
  • firefox.exe (PID: 4024)
  • firefox.exe (PID: 1520)
  • firefox.exe (PID: 2620)
  • firefox.exe (PID: 3372)
  • firefox.exe (PID: 2676)
Application launched itself
  • firefox.exe (PID: 3128)
  • firefox.exe (PID: 3980)
Reads the date of Windows installation
  • firefox.exe (PID: 3128)
Creates files in the program directory
  • firefox.exe (PID: 3128)
Creates files in the user directory
  • firefox.exe (PID: 3128)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
41
Monitored processes
7
Malicious processes
0
Suspicious processes
1

Behavior graph

+
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3980
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" "http://blitz.coronavirus.saude.salvador.ba.gov.br/"
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\usp10.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\firefox.exe
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\wintrust.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\cryptbase.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll

PID
3128
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" http://blitz.coronavirus.saude.salvador.ba.gov.br/
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\crypt32.dll
c:\windows\system32\user32.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\imm32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\wsock32.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\wintrust.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ws2_32.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wbemcomn2.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\avrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\dwmapi.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winsta.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samcli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\mscms.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\audioses.dll
c:\windows\system32\propsys.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\wininet.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\program files\mozilla firefox\nssckbi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\program files\mozilla firefox\softokn3.dll
c:\windows\system32\secur32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\mf.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\mfplat.dll
c:\program files\mozilla firefox\mozavutil.dll
c:\program files\mozilla firefox\mozavcodec.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msmpeg2adec.dll
c:\windows\system32\slc.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\atl.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\linkinfo.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll

PID
3372
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3128.0.885938514\1766791676" -parentBuildID 20201112153044 -prefsHandle 1128 -prefMapHandle 1120 -prefsLen 1 -prefMapSize 238726 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3128 "\\.\pipe\gecko-crash-server-pipe.3128" 1212 gpu
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\windows\system32\wintrust.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\program files\mozilla firefox\firefox.exe
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\profapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\avrt.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\atl.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\user32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ntmarta.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\iphlpapi.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\rpcrt4.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mf.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\evr.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wsock32.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\imm32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wshqos.dll

PID
1520
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3128.6.387968129\664981605" -childID 1 -isForBrowser -prefsHandle 2744 -prefMapHandle 2740 -prefsLen 181 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3128 "\\.\pipe\gecko-crash-server-pipe.3128" 2756 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\napinsp.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\wintrust.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\windows\system32\sechost.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\samlib.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wldap32.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\netutils.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\sspicli.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\samcli.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\wsock32.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\avrt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wpc.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\atl.dll
c:\program files\mozilla firefox\mozavcodec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mf.dll
c:\program files\mozilla firefox\mozavutil.dll
c:\windows\system32\slc.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msmpeg2adec.dll

PID
2620
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3128.13.113427924\341752909" -childID 2 -isForBrowser -prefsHandle 3116 -prefMapHandle 3112 -prefsLen 6644 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3128 "\\.\pipe\gecko-crash-server-pipe.3128" 3128 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\windows\system32\kernelbase.dll
c:\windows\system32\napinsp.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\wintrust.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winrnr.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\imm32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\sechost.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\advapi32.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\rpcrt4.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shell32.dll
c:\windows\system32\clbcatq.dll
c:\program files\mozilla firefox\softokn3.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\samlib.dll
c:\program files\mozilla firefox\freebl3.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\profapi.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\samcli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wldap32.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\lpk.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\netutils.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\setupapi.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\oleaut32.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\avrt.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wevtapi.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msctf.dll
c:\windows\system32\iphlpapi.dll

PID
4024
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3128.20.1483539448\1348611997" -childID 3 -isForBrowser -prefsHandle 3612 -prefMapHandle 3224 -prefsLen 7399 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3128 "\\.\pipe\gecko-crash-server-pipe.3128" 3624 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\shell32.dll
c:\windows\system32\setupapi.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wldap32.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\dhcpcsvc.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\ntmarta.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\avrt.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\winnsi.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\profapi.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\wshtcpip.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\advapi32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\cfgmgr32.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\devobj.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\netutils.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samcli.dll
c:\program files\mozilla firefox\freebl3.dll
c:\program files\mozilla firefox\softokn3.dll

PID
2676
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3128.27.788575180\1241490220" -childID 4 -isForBrowser -prefsHandle 3600 -prefMapHandle 3224 -prefsLen 7399 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3128 "\\.\pipe\gecko-crash-server-pipe.3128" 3772 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\winmm.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\wshtcpip.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\program files\mozilla firefox\xul.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\wintrust.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\sechost.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\windows\system32\lpk.dll
c:\windows\system32\winrnr.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\wsock32.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\ole32.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mswsock.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\rpcrt4.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\avrt.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wldap32.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll

Registry activity

Total events
8447
Read events
0
Write events
24
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3980
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
451581F65C010000
3128
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Browser
0E1D81F65C010000
3128
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry
0
3128
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
C:\Program Files\Mozilla Firefox|DisableDefaultBrowserAgent
0
3128
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\DllPrefetchExperiment
C:\Program Files\Mozilla Firefox\firefox.exe
0
3128
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
C:\Program Files\Mozilla Firefox|DisableTelemetry
1
3128
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
C:\Program Files\Mozilla Firefox|SecurityContentSignatureRootHash
97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E
3128
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
C:\Program Files\Mozilla Firefox|ServicesSettingsServer
https://firefox.settings.services.mozilla.com/v1
3128
firefox.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
3128
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3128
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

Files activity

Executable files
4
Suspicious files
135
Text files
51
Unknown types
28

Dropped files

PID
Process
Filename
Type
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.tmp
executable
MD5: 2c7a3b4c1883fae5d8a71cd43a5a20af
SHA256: df721c9e00dc2557c7d4c464168e83367fdcb9690ff6d51ba51eb71a21e9ac79
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll
executable
MD5: d23f706f2eacc190f2d4b75b041670d5
SHA256: ced08ce5bc45dbe505fa94b3a4268c0830ccda016a23c0acb16dd7268cfa7a65
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll
executable
MD5: 2c7a3b4c1883fae5d8a71cd43a5a20af
SHA256: df721c9e00dc2557c7d4c464168e83367fdcb9690ff6d51ba51eb71a21e9ac79
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll.tmp
executable
MD5: d23f706f2eacc190f2d4b75b041670d5
SHA256: ced08ce5bc45dbe505fa94b3a4268c0830ccda016a23c0acb16dd7268cfa7a65
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
binary
MD5: 159575870eb6cb058e85309e010e870f
SHA256: f2764b5dce9f962c0e7c148a236aa5743030a06ec6a2136f65a25b2e8bd174f2
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
text
MD5: 23b5e880b5338652e6497c38ce825c83
SHA256: 07c173d680ae417b79fe1dee53d30fbddc3fc7b85e6e496b5bff61bdc084502b
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF1796b2.TMP
binary
MD5: 5ba0bf4944763ca29c3624a6451e2a37
SHA256: 6b7fae2bc075978da36dca6adec427dffbbecfa6494b342c4b31691ecaf2c2f8
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\bookmarks-2022-01-14_14_5DmdM-wdEkfGE9ELOIB5ew==.jsonlz4
jsonlz4
MD5: e32715430c54ec2219943fc78d203d1a
SHA256: df3949dd133c13d30c806c712b25be287c1ce6977badafa7d1b600bd0cba9318
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 23b5e880b5338652e6497c38ce825c83
SHA256: 07c173d680ae417b79fe1dee53d30fbddc3fc7b85e6e496b5bff61bdc084502b
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YVXAGVPL9PU9FB52A6ZQ.temp
binary
MD5: 159575870eb6cb058e85309e010e870f
SHA256: f2764b5dce9f962c0e7c148a236aa5743030a06ec6a2136f65a25b2e8bd174f2
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\startupCache.4.little
binary
MD5: db981cc9d18ce4977a1d2f7c21121b56
SHA256: 7dcc98b748db6ec114f89530e8a143f78e0ae21dc5cfd0162804b56e90427869
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite
sqlite
MD5: 6f878cb0e0542ae9883c9f9e2e3a7648
SHA256: 68ef9024da757e2a4f529ff3d5ce9be30bebae7a9dc15b72b3754baa1bf1ac4d
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF15c211.TMP
binary
MD5: a5fe63acc5098fa0ef51147a0bb95c2c
SHA256: dbc8a69095723bd44b91dad22d07f2eac42abadb0829788b22ee54272f94fcae
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json.tmp
text
MD5: 939230967d1c4de18a43b9031864a695
SHA256: a81e6645ef6c8e13e9b0c26ed153fff42c4a14eca4ae85c966fbffb240c4515c
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json
text
MD5: 939230967d1c4de18a43b9031864a695
SHA256: a81e6645ef6c8e13e9b0c26ed153fff42c4a14eca4ae85c966fbffb240c4515c
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\jumpListCache\xthu5aXlXl1cFi3K1hM3ow==.ico
image
MD5: da85661b26fb7981d6e1e5d1a2bce611
SHA256: 988f885bd21eb20fd00f905dcd80aa40b614ba907e57e300ff1867faf71d7bd1
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite-wal
binary
MD5: d269f79dba6cc2ba4b5c3ccbbcaafa37
SHA256: 8d9d9174c3bdd101b42148f6ee652d06f7d7523514394308a6e77bb74f082b42
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\T8Z45AR2KEJB55JFIJDE.temp
binary
MD5: 5ba0bf4944763ca29c3624a6451e2a37
SHA256: 6b7fae2bc075978da36dca6adec427dffbbecfa6494b342c4b31691ecaf2c2f8
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite-wal
binary
MD5: c9bf3a72569855a31bb77e8f8f0275fa
SHA256: 1096f432695720f5f38a12e946d8504d46a363f89768ee263df6449228b078f5
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite-shm
binary
MD5: 8d753e3a448f17e70cfddbc42d4c9a47
SHA256: a027b519670a47b9bbc8566183d547c8e79586f52c4c6c84da8dc76468371491
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite-wal
binary
MD5: 34dfd44d9e5ed8547f50c36b37fe0a10
SHA256: c97e3cd2213c0e6daa45a9019b0695f83b8366a3908558bdc02b9198b8eee96f
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite
sqlite
MD5: 75419ac493e6965c40c0793c9ae0570c
SHA256: ace593c788a4807bb82b10299596f28db757994bf4eb9cc2856e586e0d0a43e5
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite
sqlite
MD5: 5a995dd3620b53e3497438d9e2bfa8d4
SHA256: b8eff76bd696544aee282bb66d6d58dd83b580543a717454cc84364952873b63
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite-shm
binary
MD5: 9f21af5fb3b58970ee0d9dd57db972df
SHA256: edaec63b44b1fb0894b3b6f4afc8874e2bbce99230dba81d2858e13d5f808ded
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++b4129a3e-f9d3-4735-87c0-14f07ac9e8cb^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite-shm
binary
MD5: 86087bb41d6f045b62cea5bfd62ba658
SHA256: 1d3858ca5dbf0b49b0aecdd0759ca1d92cb5ab63a2bcd0f8a94ac91817eea6e5
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite-wal
sqlite-wal
MD5: 8920bfa85c79d23c79b0560d59c45643
SHA256: 1dfa8139181d9aa7cf27b23755c49dd67abe21da13311fe52ba6e913eb3ae67b
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite-journal
binary
MD5: bde1bb32ccfc7152803d1f01bf223009
SHA256: 40dcf4abd8a2fae46ab421eb045681c3d8b82d66b29959d9bcabda4d5ca48c23
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite-journal
binary
MD5: e938676f143a02be2cad57a29b061dc4
SHA256: ff8f0cc79765998826c93f503eccb1430e3ad30e5c1d4ff8cde7aa9950d8d550
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4.tmp
jsonlz4
MD5: a6338865eb252d0ef8fcf11fa9af3f0d
SHA256: 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\QLDYZ5~1.DEF\cert9.db
sqlite
MD5: 2a73b63f7450482b50402858db410bcb
SHA256: 890f2a7fc1aa6019cc6d4a5703e2ea5d3c6c6544a82b7c7d0e08f80044957450
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\aborted-session-ping
text
MD5: 20117ce07b16361bd184ee018ed62035
SHA256: c2635bf547ed77d6271a2a3a41873c63b858a2b0544c15c67a54ed1765ba7f78
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.sig
pi2
MD5: 92c7eba077938ef66cc7bd90619919e2
SHA256: ca5396df5db329682a778099ec40ce9c81846a97cfcb99b75a6013d19df1fe2e
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\aborted-session-ping.tmp
text
MD5: 20117ce07b16361bd184ee018ed62035
SHA256: c2635bf547ed77d6271a2a3a41873c63b858a2b0544c15c67a54ed1765ba7f78
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.lib
obj
MD5: cd73bf55e2cf0f1caa5f1a469d75d9dc
SHA256: 48cd8b46c785ea848e2056525b7f8c28b5c164888bf7145db5b9ade91a71f7f2
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\QLDYZ5~1.DEF\cert9.db-journal
binary
MD5: be56523fff7f211eff12bfbab37624c9
SHA256: 6af1b6069fe4a9879bcaf21007e1ac855c671358be62abef78e39980f0c805c5
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json
binary
MD5: 8b00dfa2e7c8fdb65df98e5d17f5a9d6
SHA256: be7ed43ffb3fdaf590029c9f73e40f4fd5841ce48c751dbc512d736183cf6587
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json.tmp
binary
MD5: 8b00dfa2e7c8fdb65df98e5d17f5a9d6
SHA256: be7ed43ffb3fdaf590029c9f73e40f4fd5841ce48c751dbc512d736183cf6587
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4
jsonlz4
MD5: a6338865eb252d0ef8fcf11fa9af3f0d
SHA256: 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1582.2\manifest.json.tmp
binary
MD5: b3d1c25ba27fc580d497ee7936fed44e
SHA256: 20aac87259d3a34207dedf0c1a6832890e73f18aab557d7ea593e889da6ac15a
3128
firefox.exe
C:\Users\admin\AppData\Local\Temp\tmpaddon-f55052
compressed
MD5: ca728e84cc4daebbed5bafb35e3df9df
SHA256: 8eeb72ff641c26eb563f6a0fdb1b3fe67f0f9b17be4c4f96a83304590ec99a83
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.lib.tmp
obj
MD5: cd73bf55e2cf0f1caa5f1a469d75d9dc
SHA256: 48cd8b46c785ea848e2056525b7f8c28b5c164888bf7145db5b9ade91a71f7f2
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1582.2\LICENSE.txt
text
MD5: 49ddb419d96dceb9069018535fb2e2fc
SHA256: 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1582.2\LICENSE.txt.tmp
text
MD5: 49ddb419d96dceb9069018535fb2e2fc
SHA256: 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1582.2\manifest.json
binary
MD5: b3d1c25ba27fc580d497ee7936fed44e
SHA256: 20aac87259d3a34207dedf0c1a6832890e73f18aab557d7ea593e889da6ac15a
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info.tmp
text
MD5: 3d33cdc0b3d281e67dd52e14435dd04f
SHA256: f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.sig.tmp
pi2
MD5: 92c7eba077938ef66cc7bd90619919e2
SHA256: ca5396df5db329682a778099ec40ce9c81846a97cfcb99b75a6013d19df1fe2e
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info
text
MD5: 3d33cdc0b3d281e67dd52e14435dd04f
SHA256: f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-tracking-protection-twitter-digest256.sbstore
binary
MD5: 373411cebf6e3bcb89d8bfa632409bf1
SHA256: c1d5b95b18ff02514bda0ec7865d9468c3a89e5c3ba2ebd3d4284fd8fcd463d4
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-tracking-protection-linkedin-digest256.vlpset
binary
MD5: 3303aa4bcb02d27f1a8b6aff30c1dd9c
SHA256: 6f33ccfcf9767b612657242c2819c325cfdf17b8d92224db588a886f7ec2d26e
3128
firefox.exe
C:\Users\admin\AppData\Local\Temp\tmpaddon
compressed
MD5: 29ddfd36f79eaae39627110a00ff8370
SHA256: 600552de4de554364152ed426d02264e97d76ae1f33afb1d845a0d25e5e5ba33
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-cryptomining-track-digest256.sbstore
binary
MD5: d6c5c2e242df3ec5ff8e17dd8ee15f73
SHA256: f0c6512e42f2732b3aa401f9ab4df84c0a89c9755968b158796706a48b9f492a
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-tracking-protection-facebook-digest256.sbstore
binary
MD5: 58fbc7f7687cc8798aea35b7066eb198
SHA256: 3a2035ad8446c71242daa9eaf3818b87f673d0429e4f5334621905b47a1c3df5
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-fingerprinting-track-digest256.sbstore
binary
MD5: daa7abdb5ed1dbf8877f4028092e32f6
SHA256: b8f20b14ad5291b4528df859129b301f367a9885f417f9807821d5a386352530
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-tracking-protection-linkedin-digest256.sbstore
binary
MD5: 3b11b562807fef504fe671ded4d0e8ce
SHA256: 9bf05adc119cdd219347572787a9b7e18308c4465a8f440c34c697b2f5cd479f
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-tracking-protection-twitter-digest256.vlpset
binary
MD5: 35d8fd43d868d7bba7041362eb8101b3
SHA256: 104c2467e4f7bc7cac0ce0e456d5abd8c192c2c8c44f7c9a38412a59abdd1772
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-cryptomining-track-digest256.vlpset
binary
MD5: 7d532b89a987d92def1d7aabbaad62ab
SHA256: 7cb574be3e783d6876740dbca525d868677307a52dddd67ac84665ccfaae895e
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-tracking-protection-facebook-digest256.vlpset
binary
MD5: 86b1acdbf1fc7201d0eb7c85ee75f5af
SHA256: a0f4c83316cd66525f663cd72a2dc8bd1b2aa2e40d599b8b6f334d61c5d03098
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.vlpset
binary
MD5: 40165280ff1345b5241ec2a9d1da2af0
SHA256: f80bdd5341d8b1ee946e344e258ef2d35c3c0bb6b13eb7b3e6a77467dfa8b97f
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore
binary
MD5: b9556d03aff392142ad5691d2f867310
SHA256: cfd3909b41c1ee3cbcb8b7d2b1378065e7d3b543fff1f2fb7a4f25c5ff41722c
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.vlpset
binary
MD5: 0c0d67875bd75a0227c02dd8529ba01a
SHA256: 614be0169ec36e67223eb9645a98da66dbfde5dfbb89bb064f428aaeabdd9d97
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-fingerprinting-track-digest256.vlpset
binary
MD5: fa7667eeed0b53973506278ece958e62
SHA256: 0d55a21e6694fce19f366f9e5351a02d215d378541dbc38df68645b63b56d8bf
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore
binary
MD5: dd0458514c9a922b45da6a8bebe47320
SHA256: d27d5b27030f4725249377951beb89e84a90a0e8241f0d5fd80ea59c1606e761
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google-trackwhite-digest256.vlpset
binary
MD5: e54e5b84194eee15e64d2a03f1136bb7
SHA256: 07707b589be3dba3bb0bdac67760a2b180ea3531e9d7976b73e4c1d8df9dbb1e
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google-trackwhite-digest256.sbstore
binary
MD5: fec9bc354a7ee92c6feefe63e6b0fa26
SHA256: 258ef8e6994a09ffb54bd0d5afec97c13c31f2eefb7fe90a2a4c487c87817519
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
binary
MD5: dd0458514c9a922b45da6a8bebe47320
SHA256: d27d5b27030f4725249377951beb89e84a90a0e8241f0d5fd80ea59c1606e761
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.vlpset
binary
MD5: de0d88480c24350c59e1e9a3583de0d1
SHA256: 01ba9f0b913e04ed10bd7166796483dd4f72005f249d6ee68b12117be4b5d3c7
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.vlpset
binary
MD5: c8663695a49bb5fb5a301d1a7233db6c
SHA256: 498d10d381ed91be12cff65292813bcccd676176bcf614534ab7ba0e5536306e
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.vlpset
binary
MD5: c2994d388f8780c87d35c352d9582985
SHA256: 7ed09f7d2bd632f70077a4ae4f2bd2f3fb654b03cd72652f51678b0c7d027f25
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-track-digest256.vlpset
binary
MD5: e1edde17e24b61c5b26d7b76ba039463
SHA256: c2c4612b7b9545751f37b302ee345abd0f22170c7cc2497320897b385d508b7f
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore
binary
MD5: 9f6b331aa1e070dcfeed473e76ce56c3
SHA256: 7dbbea2dd387eeb85e1f56e02fc9989acde570cd43bfef2c2a827093ba87da6d
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
binary
MD5: 92a93e4c81027f5788873296c6e2875b
SHA256: 4358b8f0af157cf2ef36a3a8bd152a528d32cfe98a2e0ae66207dbdb1d943efa
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
binary
MD5: d5d6b4d59b4ae4e2de4b40d0da083571
SHA256: 000e3a78c72a210ca3b5417a3cdd294fbce2a31661601c9d594c75cf2800571c
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\analytics-track-digest256.vlpset
binary
MD5: 1e1c0442f3fe16b185d5db74f0e91fce
SHA256: 43acc2d047c7988e9073ecf32ac619de0d080c45b061d441d1d671d305bb4f08
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.vlpset
binary
MD5: 7194b6bff691a056852a51e2e06ce8fe
SHA256: cbe2dc6abfe25bead60f4dfaf419fc0f441ff8a8dd4a2febf5553be1cbd90c49
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
binary
MD5: 22698b4cf784dbbae2d583f00491d43d
SHA256: 3849563088ae0677d61702a1310fde26de5ddd846d53037222d3efe012197bf5
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.vlpset
binary
MD5: 130b9ac2beec5ada274561105d81ae36
SHA256: 7d99fec08182a5b95d18d1569edaa2c60c2aafbd15a56d8882f22f3b395e6460
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.vlpset
––
MD5:  ––
SHA256:  ––
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal
––
MD5:  ––
SHA256:  ––
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal
––
MD5:  ––
SHA256:  ––
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-wal
––
MD5:  ––
SHA256:  ––
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\ads-track-digest256.vlpset
binary
MD5: 38f55098ab1772e8a7b90a05cb33cfae
SHA256: fd44a8121e20cf102d8fd79d6ee45d55ccb0d92893907091bb7587ed3b274244
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\content-track-digest256.vlpset
binary
MD5: 897401403f6a9bbc2727bf8acfa8bbaf
SHA256: 75157865105c44c1220c337aeff723e7b2e4aef506ce7db00e2621d5ceaf45b8
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.vlpset
binary
MD5: fcc9c2c9b611a3264b68ebe180eb4248
SHA256: 6ecd378a537eefe350b45cfa353741383f407d99d776bf23155a7825dc5dd2bc
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
binary
MD5: b70c67226dda144d430ed545d45c8a1c
SHA256: ddc14969cd0b54a85d09bf0dab1436d3fa5cd38dae397cdfe2f2fac237d97419
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\ads-track-digest256.sbstore
binary
MD5: a03e51212ad01cfe7eb3a87c8ce51744
SHA256: 2328a7569ab3d1e0c8638282e09860c82db28edd1c1be75caad91fc7015e966c
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-track-digest256.sbstore
binary
MD5: 59d2d3a9ff42621ae974078bcaabd9bc
SHA256: 7371e8534c31c4bff73e340413d77c988593a0e559418b0f2a5b34b9c82dddd2
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
binary
MD5: ec98fc2b92acd151a589144097ddc87e
SHA256: 4b05ae19926b35483dc33db7763a5c22a589bbde00e3607c926c153b0aaacd14
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\analytics-track-digest256.sbstore
binary
MD5: ae706abfaecfd90d67e5c965091e004e
SHA256: 13cbf8a5389a33a562e6dd10660f68e8964313536a109aa80acfd8838bf45e73
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
binary
MD5: b8a6658bc8e8243f648834521a0f8461
SHA256: 6626d868f51faab209be57a945e9216455bad899ed2df0aaba1940c38005a979
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\content-track-digest256.sbstore
binary
MD5: 2be5027a476efb5fe011ae8257e6b428
SHA256: 26d0ef7103dbc0516add2da8029ca43567b98bda1ef8d8e4cda42f09aa9a4b36
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
binary
MD5: d97b8bda72ea926869fe6f6dc9ec692e
SHA256: 6f22c20964d5a6c282f52bcadd27a1f880de8132c81a9de079405958d0f0fbfb
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4.tmp
jsonlz4
MD5: d3c7b89278518e2c521243b1b60875cd
SHA256: 152e42b14234e6e0fd93a36f7bc2a51e9c5bf9e729eb79ca9f52117123b68bfc
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto-1.vlpset
––
MD5:  ––
SHA256:  ––
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
binary
MD5: 519beb1b01fc355bb388f1f75be997fd
SHA256: ffe2d3077b81ae6f51b220c1c661b276c823fa67dad1d64fc5f17249fc54bdc0
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache.bin
––
MD5:  ––
SHA256:  ––
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-new.bin
––
MD5:  ––
SHA256:  ––
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
binary
MD5: 20c90b748a2a8630426798609f72f579
SHA256: e4152224235c46c631591174780063916993bed1d2347db9ff042e9ce620d888
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: 38806289ea45301985fcb4dade2b31af
SHA256: 6588d67998e685d2afa5fb0c382b77501832ed58723f7bad069b980ad3d0dbbd
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: d3c7b89278518e2c521243b1b60875cd
SHA256: 152e42b14234e6e0fd93a36f7bc2a51e9c5bf9e729eb79ca9f52117123b68bfc
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm
binary
MD5: d6d0d92d2bc4b79fab4a1c374577c39e
SHA256: 1dd2caf2910b119b7bada88b0e70d355386a5b35a554ace2ef91196bfc20dba2
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto-1.vlpset
binary
MD5: b0272f5cf9f56f11c856155dc5f40be1
SHA256: 74ab81a1929a8806d559a13140947f076caba52bf882364c416ef4d8e9b155f4
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
binary
MD5: 0e4f70b588d61b6eab63943573924f87
SHA256: acbfb86a83cd6ccbbe03c1c7f1f19d62c84080f85bdf3e3306c93bf57e7356f4
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto-1.vlpset
binary
MD5: 3f79661113fea06b4aca2d65cf0b2de9
SHA256: 8cdae9a34443181bdb7d9b21ed00d2b6c9760f253f4b8a5e385603c0f317871b
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
binary
MD5: 6587878002a165a17a0629cb270e1068
SHA256: c3d3af14b3344f6e8395c545807f5ed264b3be6baa6336ab312654642a94b3a2
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto-1.vlpset
binary
MD5: a301fbcf3b1b7cc5fc29f701b52e96f4
SHA256: a8573270c23546514867a657e7f87d837ab41e3dad15ed9623715ac8c08c4953
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.vlpset
binary
MD5: a6566ea0594abeb5aaa8bd2947cfb466
SHA256: 4f51cc9f3ef2ee4690bfad0e2aaec3f1aed7a538bde67e9c012ed2da0833f01b
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.vlpset
binary
MD5: 3f79661113fea06b4aca2d65cf0b2de9
SHA256: 8cdae9a34443181bdb7d9b21ed00d2b6c9760f253f4b8a5e385603c0f317871b
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-new.bin
binary
MD5: 67e373b5cab3e04961925b699a30eb48
SHA256: c16510d34f4be9e1986b19ec63eab4076fe3d7b60e9dbe8198b5700a5d86c00f
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto-1.vlpset
binary
MD5: a6566ea0594abeb5aaa8bd2947cfb466
SHA256: 4f51cc9f3ef2ee4690bfad0e2aaec3f1aed7a538bde67e9c012ed2da0833f01b
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.vlpset
binary
MD5: a301fbcf3b1b7cc5fc29f701b52e96f4
SHA256: a8573270c23546514867a657e7f87d837ab41e3dad15ed9623715ac8c08c4953
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache.bin
binary
MD5: a3c8ed41bc084360ef380ce52b3a1ec8
SHA256: 436019251af4d1f7ede7f147e32b23ac8eefd1ace2ecb9aec301cf8a42ae250a
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.vlpset
binary
MD5: b0272f5cf9f56f11c856155dc5f40be1
SHA256: 74ab81a1929a8806d559a13140947f076caba52bf882364c416ef4d8e9b155f4
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child.bin
binary
MD5: 67e373b5cab3e04961925b699a30eb48
SHA256: c16510d34f4be9e1986b19ec63eab4076fe3d7b60e9dbe8198b5700a5d86c00f
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-new.bin
binary
MD5: a3c8ed41bc084360ef380ce52b3a1ec8
SHA256: 436019251af4d1f7ede7f147e32b23ac8eefd1ace2ecb9aec301cf8a42ae250a
3128
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_0dAjgdVnJ8uUDrG
mpg
MD5: ea9fe9b8bf05204cd9d0eb0d93812b66
SHA256: a2a65c9b505198338b88d04113f6f82f24ca3fea819c5477e8a2dada11e5552a
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite-wal
sqlite-wal
MD5: 5d39afa61d8a191bafbcd89e2d5430bb
SHA256: c022646720bad2d691f81c061b468aa9dc20b7aec4d44da349080c6ddb329221
3128
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_bWXRfiaN3obSugh
binary
MD5: 26017242853afa90c2338e9e2c8e5b94
SHA256: a6fb6e2bed7a66fb0418b89f3d567138e01ecd0aa2585d76b22f2c80556a682a
3128
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_jKmaCj4hm2urnaK
binary
MD5: a524b9945fd820f570500428e99fc2d6
SHA256: 107c040a15f42699b04c2b93c21957fbbf6b90332247727ff93e0b8b8c5963b3
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\broadcast-listeners.json.tmp
binary
MD5: 01590385e2e0f22c302eece973d09eb3
SHA256: 7176267cbe30d2aa445c156e95b2b0931d960cbb968df400f6e3b6ee899fcc6a
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\broadcast-listeners.json
binary
MD5: 01590385e2e0f22c302eece973d09eb3
SHA256: 7176267cbe30d2aa445c156e95b2b0931d960cbb968df400f6e3b6ee899fcc6a
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
––
MD5:  ––
SHA256:  ––
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\1
binary
MD5: b4ddf33e1dc200be3ffe7ba3a6fd9f3c
SHA256: d148685ce5590081b04dc0014a8f5b074ae16e65c5728afcfde5757896a37550
3128
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_z7dTvI6No2qJ8u3
binary
MD5: 2984d42d4686bb5db77ef1a7a1f886fd
SHA256: 7409787912469e0f4490e2d64faac75e14839b598968152686c7c4a948c5320b
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
jsonlz4
MD5: 01dae35763819ee4c2bd72553b33c337
SHA256: 674e499ccf7e955deffeb21b94c092de0a8ea1dd308c426dcf04bc84dbdfa377
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.tmp
jsonlz4
MD5: 01dae35763819ee4c2bd72553b33c337
SHA256: 674e499ccf7e955deffeb21b94c092de0a8ea1dd308c426dcf04bc84dbdfa377
3128
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_6b7X3KFPVFVKzut
binary
MD5: 6576ae8b623130c767712bbd5303a45c
SHA256: fb9350b50214c1b258c2f5eb2621310bf0414ed3c04a41da060dce6f8afd9514
3128
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_cF1R8I3Twe0d5mt
binary
MD5: 8bd2ed8d172c42a1bb9545ae74559877
SHA256: 53b0c452266abecb7f743975ce0a08b96d77cd51f1a48ce1d8f92a8f7a5cee91
3128
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_ezph7ViPAPopj7K
binary
MD5: 09daff50e227acd033e3519fc8d9528d
SHA256: b2ee2775d9347dfa89751daacde707046bdd6a8a9538238c0c5b6a5c55ec97c8
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\settings\main\ms-language-packs\asrouter.ftl.tmp
text
MD5: 3625f1dda6d119478ad89d13950c9aca
SHA256: cb40f6a8d58901d612a86690a41d4e273f24936fc926e98f82c0918cbef4fc64
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\settings\main\ms-language-packs\asrouter.ftl
text
MD5: 3625f1dda6d119478ad89d13950c9aca
SHA256: cb40f6a8d58901d612a86690a41d4e273f24936fc926e98f82c0918cbef4fc64
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.tmp
jsonlz4
MD5: b17f8d93b0c43d6b72dc03752c20a2d9
SHA256: ada0f70d374223fb63c2f19471fab45d986a681e2485692e63f00f5071f19d76
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: b17f8d93b0c43d6b72dc03752c20a2d9
SHA256: ada0f70d374223fb63c2f19471fab45d986a681e2485692e63f00f5071f19d76
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
––
MD5:  ––
SHA256:  ––
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3128
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_Fxs2gAjJ8XItCJL
binary
MD5: 351821e41ec0086e5ee4b40b74b78c7c
SHA256: 7d0661d8684356385c846b65461f3e45c1f187264bc7c9af978218fca02fc8b8
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
binary
MD5: c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA256: 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
binary
MD5: c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA256: 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
3128
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3128
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.bin
binary
MD5: 994a33896bb41a278a315d0d796422b6
SHA256: 54ec50a20fff8cc016710e49437cf6a11d3fe5ee7b28c185e4a9aafee2908b63

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
17
TCP/UDP connections
69
DNS requests
115
Threats
18

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3128 firefox.exe GET 200 34.107.221.82:80 http://detectportal.firefox.com/success.txt US
text
shared
3128 firefox.exe GET 200 34.107.221.82:80 http://detectportal.firefox.com/success.txt?ipv4 US
text
shared
3128 firefox.exe GET 301 177.20.6.55:80 http://blitz.coronavirus.saude.salvador.ba.gov.br/ BR
––
––
suspicious
3128 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
shared
3128 firefox.exe POST 200 216.58.212.163:80 http://ocsp.pki.goog/gts1c3 US
binary
der
shared
3128 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
shared
3128 firefox.exe POST 200 95.101.89.97:80 http://r3.o.lencr.org/ unknown
binary
der
shared
3128 firefox.exe POST 200 216.58.212.163:80 http://ocsp.pki.goog/gts1c3 US
binary
der
shared
3128 firefox.exe POST 200 216.58.212.163:80 http://ocsp.pki.goog/gts1c3 US
binary
der
shared
3128 firefox.exe POST 200 216.58.212.163:80 http://ocsp.pki.goog/gts1c3 US
binary
der
shared
3128 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
shared
3128 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
shared
3128 firefox.exe GET 200 2.22.146.16:80 http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip GB
compressed
whitelisted
3128 firefox.exe POST 200 216.58.212.163:80 http://ocsp.pki.goog/gts1c3 US
binary
der
shared
3128 firefox.exe POST 200 216.58.212.163:80 http://ocsp.pki.goog/gts1c3 US
binary
der
shared
3128 firefox.exe GET 200 34.107.221.82:80 http://detectportal.firefox.com/success.txt US
text
shared
3128 firefox.exe GET 200 34.107.221.82:80 http://detectportal.firefox.com/success.txt?ipv4 US
text
shared

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3128 firefox.exe 13.32.121.70:443 Amazon.com, Inc. US unknown
3128 firefox.exe 52.42.77.140:443 Amazon.com, Inc. US unknown
3128 firefox.exe 34.107.221.82:80 US whitelisted
3128 firefox.exe 142.250.185.234:443 Google Inc. US whitelisted
3128 firefox.exe 34.209.131.4:443 Amazon.com, Inc. US unknown
3128 firefox.exe 143.204.215.75:443 US suspicious
3128 firefox.exe 13.35.253.78:443 US malicious
3128 firefox.exe 13.225.80.100:443 US unknown
3128 firefox.exe 13.224.193.80:443 US suspicious
3128 firefox.exe 95.101.89.97:80 Akamai International B.V. –– unknown
3128 firefox.exe 142.250.185.74:443 Google Inc. US whitelisted
3128 firefox.exe 177.20.6.55:80 Companhia de Governança Eletrônica do Salvador BR suspicious
3128 firefox.exe 143.204.98.76:443 US suspicious
3128 firefox.exe 92.123.194.83:80 Akamai International B.V. –– unknown
3128 firefox.exe 104.18.10.207:443 Cloudflare Inc US suspicious
3128 firefox.exe 177.20.6.55:443 Companhia de Governança Eletrônica do Salvador BR suspicious
3128 firefox.exe 216.58.212.163:80 Google Inc. US whitelisted
3128 firefox.exe 142.250.186.163:443 Google Inc. US whitelisted
3128 firefox.exe 34.211.175.209:443 Amazon.com, Inc. US unknown
3128 firefox.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3128 firefox.exe 143.204.98.23:443 US suspicious
3128 firefox.exe 13.224.193.115:443 US suspicious
3128 firefox.exe 35.244.181.201:443 US suspicious
3128 firefox.exe 2.22.146.16:80 Akamai International B.V. GB whitelisted
3128 firefox.exe 142.250.184.206:443 Google Inc. US whitelisted
3128 firefox.exe 194.9.25.77:443 ATM S.A. PL whitelisted

DNS requests

Domain IP Reputation
blitz.coronavirus.saude.salvador.ba.gov.br 177.20.6.55
suspicious
prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82
2600:1901:0:38d7::
shared
location.services.mozilla.com 52.42.77.140
35.163.137.0
52.89.115.53
52.11.104.45
35.163.35.154
52.26.7.9
shared
locprod2-elb-us-west-2.prod.mozaws.net 52.26.7.9
35.163.35.154
52.11.104.45
52.89.115.53
35.163.137.0
52.42.77.140
shared
ipv4only.arpa 192.0.0.170
192.0.0.171
whitelisted
example.org 93.184.216.34
shared
detectportal.firefox.com 34.107.221.82
shared
firefox.settings.services.mozilla.com 143.204.215.75
143.204.215.95
143.204.215.37
143.204.215.126
143.204.98.76
143.204.98.33
143.204.98.23
143.204.98.29
13.224.193.14
13.224.193.70
13.224.193.99
13.224.193.78
13.32.121.70
13.32.121.7
13.32.121.96
13.32.121.6
shared
ocsp.digicert.com 93.184.220.29
shared
cs9.wac.phicdn.net 93.184.220.29
shared
safebrowsing.googleapis.com 142.250.185.202
142.250.74.202
142.250.185.234
2a00:1450:4001:82a::200a
shared
push.services.mozilla.com 54.244.7.161
34.209.131.4
shared
autopush.prod.mozaws.net 54.244.7.161
whitelisted
d2nxq2uap88usk.cloudfront.net 13.35.253.78
13.35.253.75
13.35.253.55
13.35.253.70
2600:9000:224a:2400:a:da5e:7900:93a1
2600:9000:224a:6c00:a:da5e:7900:93a1
2600:9000:224a:ea00:a:da5e:7900:93a1
2600:9000:224a:8200:a:da5e:7900:93a1
2600:9000:224a:2000:a:da5e:7900:93a1
2600:9000:224a:6000:a:da5e:7900:93a1
2600:9000:224a:2e00:a:da5e:7900:93a1
2600:9000:224a:c00:a:da5e:7900:93a1
shared
content-signature-2.cdn.mozilla.net 13.35.253.70
13.35.253.55
13.35.253.75
13.35.253.78
shared
ocsp.pki.goog 216.58.212.163
shared
pki-goog.l.google.com 2a00:1450:4001:82a::2003
216.58.212.163
2a00:1450:4001:808::2003
2a00:1450:4001:82f::2003
whitelisted
firefox-settings-attachments.cdn.mozilla.net 13.225.80.100
13.225.80.47
13.225.80.60
13.225.80.119
shared
fennec-catalog-cdn.prod.mozaws.net 143.204.98.122
143.204.98.64
143.204.98.4
143.204.98.108
shared
d228z91au11ukj.cloudfront.net 13.224.193.120
13.224.193.58
13.224.193.128
13.224.193.80
whitelisted
snippets.cdn.mozilla.net 13.224.193.80
13.224.193.128
13.224.193.58
13.224.193.120
shared
r3.o.lencr.org 92.123.194.83
92.123.194.59
92.123.194.50
92.123.194.82
92.123.194.67
92.123.194.65
92.123.194.57
92.123.194.35
92.123.194.49
95.101.89.97
95.101.89.10
95.101.89.75
95.101.89.8
95.101.89.83
95.101.89.64
95.101.88.249
95.101.89.59
95.101.89.80
95.101.89.82
95.101.89.90
95.101.89.88
95.101.89.73
95.101.89.106
shared
a1887.dscq.akamai.net 95.101.89.17
95.101.89.19
95.101.88.249
95.101.89.8
95.101.89.97
95.101.89.75
95.101.89.10
95.101.89.83
95.101.89.80
2a02:26f0:f7::5c7b:e113
2a02:26f0:f7::5c7b:e10b
whitelisted
fonts.googleapis.com 142.250.185.74
2a00:1450:4001:828::200a
whitelisted
stackpath.bootstrapcdn.com 104.18.10.207
104.18.11.207
2606:4700::6812:bcf
2606:4700::6812:acf
whitelisted
www.ebay.de 23.35.237.126
shared
www.youtube.com 142.250.185.238
142.250.186.142
142.250.185.206
172.217.16.142
142.250.186.174
216.58.212.142
142.250.185.142
172.217.18.110
142.250.185.174
142.250.181.238
142.250.186.110
142.250.185.78
142.250.184.238
142.250.185.110
216.58.212.174
142.250.184.206
shared
www.facebook.com 157.240.7.35
shared
www.reddit.com 151.101.65.140
151.101.193.140
151.101.129.140
151.101.1.140
whitelisted
www.wikipedia.org 91.198.174.192
shared
star-mini.c10r.facebook.com 2a03:2880:f12d:83:face:b00c:0:25de
185.60.216.35
whitelisted
e11847.a.akamaiedge.net 23.35.237.126
whitelisted
youtube-ui.l.google.com 2a00:1450:4001:82a::200e
2a00:1450:4001:82b::200e
2a00:1450:4001:828::200e
2a00:1450:4001:829::200e
142.250.184.206
216.58.212.174
142.250.185.110
142.250.184.238
142.250.185.78
142.250.186.110
142.250.181.238
142.250.185.174
172.217.18.110
142.250.185.142
216.58.212.142
142.250.186.174
172.217.16.142
142.250.185.206
142.250.186.142
142.250.185.238
whitelisted
reddit.map.fastly.net 151.101.1.140
151.101.129.140
151.101.193.140
151.101.65.140
whitelisted
dyna.wikimedia.org 91.198.174.192
2620:0:862:ed1a::1
shared
gstaticadssl.l.google.com 142.250.186.163
2a00:1450:4001:829::2003
shared
fonts.gstatic.com 142.250.186.163
shared
shavar.prod.mozaws.net 34.213.195.39
52.89.81.52
54.190.2.244
34.216.66.163
34.217.152.155
34.211.175.209
shared
shavar.services.mozilla.com 34.211.175.209
34.217.152.155
34.216.66.163
54.190.2.244
52.89.81.52
34.213.195.39
shared
d1zkz3k4cclnv6.cloudfront.net 18.66.97.122
18.66.97.117
18.66.97.19
18.66.97.89
13.224.193.115
13.224.193.32
13.224.193.19
13.224.193.82
shared
tracking-protection.cdn.mozilla.net 143.204.98.115
143.204.98.40
143.204.98.4
143.204.98.23
13.224.193.82
13.224.193.19
13.224.193.32
13.224.193.115
18.66.97.89
18.66.97.122
18.66.97.19
18.66.97.117
shared
aus5.mozilla.org 35.244.181.201
whitelisted
prod.balrog.prod.cloudops.mozgcp.net 35.244.181.201
whitelisted
ciscobinary.openh264.org 2.22.146.16
2.22.146.88
whitelisted
a19.dscg10.akamai.net 2.22.146.16
2.22.146.88
2a02:26f0:4000::216:9210
2a02:26f0:4000::216:9258
shared
r2---sn-5uh5o-f5fs.gvt1.com 194.9.25.77
whitelisted
redirector.gvt1.com 142.250.186.110
2a00:1450:4001:82a::200e
142.250.184.206
shared
r2.sn-5uh5o-f5fs.gvt1.com 2001:1a68:0:23::d
194.9.25.77
whitelisted

Threats

PID Process Class Message
–– –– Potentially Bad Traffic ET INFO Suspicious Domain Request for Possible COVID-19 Domain M2
3128 firefox.exe Potentially Bad Traffic ET INFO Terse Request for .txt - Likely Hostile
3128 firefox.exe Potentially Bad Traffic ET INFO Terse Request for .txt - Likely Hostile
–– –– Potentially Bad Traffic ET INFO Suspicious Domain Request for Possible COVID-19 Domain M2
–– –– Potentially Bad Traffic ET INFO Suspicious Domain Request for Possible COVID-19 Domain M2
3128 firefox.exe Potentially Bad Traffic ET INFO Suspicious GET Request with Possible COVID-19 Domain M2
3128 firefox.exe Potentially Bad Traffic ET INFO Suspicious TLS SNI Request for Possible COVID-19 Domain M2
3128 firefox.exe Potentially Bad Traffic ET INFO Suspicious TLS SNI Request for Possible COVID-19 Domain M2
3128 firefox.exe Potentially Bad Traffic ET INFO Suspicious TLS SNI Request for Possible COVID-19 Domain M2
3128 firefox.exe Potentially Bad Traffic ET INFO Suspicious TLS SNI Request for Possible COVID-19 Domain M2
3128 firefox.exe Potentially Bad Traffic ET INFO Suspicious TLS SNI Request for Possible COVID-19 Domain M2
3128 firefox.exe Potentially Bad Traffic ET INFO Suspicious TLS SNI Request for Possible COVID-19 Domain M2
3128 firefox.exe Potentially Bad Traffic ET INFO Suspicious TLS SNI Request for Possible COVID-19 Domain M2
3128 firefox.exe Potentially Bad Traffic ET INFO Suspicious TLS SNI Request for Possible COVID-19 Domain M2
3128 firefox.exe Potentially Bad Traffic ET INFO Suspicious TLS SNI Request for Possible COVID-19 Domain M2
3128 firefox.exe Potentially Bad Traffic ET INFO Terse Request for .txt - Likely Hostile
3128 firefox.exe Potentially Bad Traffic ET INFO Terse Request for .txt - Likely Hostile
3128 firefox.exe Generic Protocol Command Decode SURICATA HTTP unable to match response to request

Debug output strings

No debug info.