General Info

URL

https://visitor.constantcontact.com/do?p=un&m=001ATIcH-NDTXN-_2s_WqnEfQ%3D&ch=bba62732-559f-11e9-b2e7-d4ae527b8053&ca=0c199b0d-3669-4b83-8ade-6d74828ce22e

Full analysis
https://app.any.run/tasks/e41b192b-1dc4-4197-ac9b-a7cce3114d8c
Verdict
Malicious activity
Analysis date
7/11/2019, 18:37:23
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 67.0.4 (x86 en-US) (67.0.4)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Reads CPU info
  • firefox.exe (PID: 3024)
Application launched itself
  • firefox.exe (PID: 3024)
Creates files in the user directory
  • firefox.exe (PID: 3024)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
38
Monitored processes
5
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3024
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" https://visitor.constantcontact.com/do?p=un&m=001ATIcH-NDTXN-_2s_WqnEfQ%3D&ch=bba62732-559f-11e9-b2e7-d4ae527b8053&ca=0c199b0d-3669-4b83-8ade-6d74828ce22e
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
67.0.4
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\psapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\d2d1.dll
c:\program files\google\update\1.3.34.11\npgoogleupdate3.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\sspicli.dll
c:\progra~1\mozill~1\nssckbi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\actxprxy.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\program files\mozilla firefox\mozavutil.dll
c:\program files\mozilla firefox\mozavcodec.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msmpeg2adec.dll
c:\windows\system32\slc.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll

PID
3992
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3024.0.2043949149\1479450168" -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3024 "\\.\pipe\gecko-crash-server-pipe.3024" 1164 gpu
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
67.0.4
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll

PID
3128
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3024.3.55575612\1710929687" -childID 1 -isForBrowser -prefsHandle 1324 -prefMapHandle 1664 -prefsLen 1 -prefMapSize 188076 -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3024 "\\.\pipe\gecko-crash-server-pipe.3024" 1660 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
67.0.4
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID
3800
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3024.13.1581416967\812242257" -childID 2 -isForBrowser -prefsHandle 2728 -prefMapHandle 2732 -prefsLen 5842 -prefMapSize 188076 -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3024 "\\.\pipe\gecko-crash-server-pipe.3024" 2748 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
67.0.4
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

PID
2120
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3024.20.1919435822\712065397" -childID 3 -isForBrowser -prefsHandle 3516 -prefMapHandle 3540 -prefsLen 6726 -prefMapSize 188076 -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3024 "\\.\pipe\gecko-crash-server-pipe.3024" 3552 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
67.0.4
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

Registry activity

Total events
506
Read events
503
Write events
3
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3024
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Browser
0000000000000000
3024
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3024
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000077000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000

Files activity

Executable files
0
Suspicious files
87
Text files
19
Unknown types
53

Dropped files

PID
Process
Filename
Type
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4.tmp
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
binary
MD5: 95f28ede25c301301f25fbbd9a3c56ec
SHA256: 87763df78772f7d750b0fa5a31eec23e931fd3bd1cbb33beddfc61889da36478
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: f9e2ebdea27976c50917e77a38c925c6
SHA256: a2186cac3d20907863faae5931a522e1c49c71ca38c9730c33db7b95a4bb1efa
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: ce99a1a736bd4d45e03ac0ca17696a4c
SHA256: bb032c7f3d0e1f532a2adf149d950fe31546e714ead2bb78b6deb0dd0352be9f
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 4fc8dc2b57dda7bb9218926ab3e892ec
SHA256: b770902746757b41ec4645b8e4966f51f3ce9ec04fda49b23e121a3e0d951c9b
3024
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_D3LtBezrx6r9eVE
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EEAEA8AB98877B6DD1B0F31F837915B7FD47F46F
cer
MD5: c33ac333942a008ef1017a4864ee055d
SHA256: a9b7ba5a8ab1dd1e05371881eb029dad5a3acb9abfbce6d3c48a262dc5279df1
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D00A688072D5E651DFCBF1F615D0FF8CC68B8989
binary
MD5: 81b846099aaf6d62601210d2dcffd221
SHA256: d0bcb9aca52ef929730f83b907640a43d546b7f42cea9fd67ce37b0a38df8348
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1836CC1ECC545FA7B1A59C8B19A2E984D0122ED4
cer
MD5: 55b657144bba651a6ebe8e78b708df25
SHA256: 31d4fb7b1d987e166ceb112d9dd0e834a57cf8b960da6cfecb98e3ca3586d193
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7B230AB1AF8D8511EACCCB69C1917AB2C031B2FC
binary
MD5: 467ec7578079e300fd032ba26618201e
SHA256: 11318bc09683e8f81b24924c23e1a847b39f0e6e3cb621b48f5e832165b666e9
3024
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_IA7ZKVITi5gxq3b
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_TGKANC2pMbfL0J3
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: eca291e420d6f92073d6ead0f5aedc84
SHA256: 03fbc9391d5e8c50617749f4d27c5bfab5214c965d899fde4d93b7d2c46334ad
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1836CC1ECC545FA7B1A59C8B19A2E984D0122ED4
cer
MD5: fd59c2d76a9a256423aef06f0fbd3418
SHA256: d3284390eb087c3f4053ae5096d6e98cdc49a7fa7a86eedba5b1174a3fdcfba2
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7065E2D8071545DFA0260E9A938F2BD08B66173D
binary
MD5: 6a9b7e80b5c2889cbb45b7ecce9bcc89
SHA256: 8d4dd51a0eb0f012dd4e737e0b014eecafc1ec2b6f455700a0601dbcd34d16a0
3024
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_herbkb624hePWlF
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 72d8a2d69f160d0807c5ce1438511bcb
SHA256: 31520335c77dabf71b2064b1df1a91134342893a9bc738873446ef28b5dcd1ae
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D17FDEA053F042E7C1F46E73FEFE25911325753D
binary
MD5: 7db23afb6a11bab7d50b20e564cf1d9a
SHA256: a543e39bf600f65f7797aeedb5c9ee6a501576dffebe9430d05e5a3f40582d73
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: 43cb970fae5ef0c956576fb850e64fc5
SHA256: defbd9a5182cb35c67426b9dfd1711d89ad791d0bebf312b99c6f6edbb1f8686
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 646519c2da5bed25869857d863ba5f49
SHA256: 7d026f0f318d40a19bed4ec5da8d404f914ac837f5549ca72cb70536a1bfb3d5
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DAE8C351831B510F3F7A37B0FB340A270A48E646
binary
MD5: da8eae8b1698e0a25bbf892b44ce75b1
SHA256: 0fe8534a6837980f5ec9480caca04e2207f54561c784662c86cec420ea95d28e
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5711447FF3374497ECFB9553C1A29505C8D59E2B
htm
MD5: 8865023f4d697f8f2a36fdd918e6e0fe
SHA256: c64c0cde43b488d32f9333ae9a32c6d2153c7a05954858a60a778c8b561591a4
3024
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_H1aAVhel5Jyn3ts
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\04E55B30B274BBCB2DDD23B3D92098BAD7C02F8C
cer
MD5: c45b0ee022dd26296a4f40b58f3479ec
SHA256: 5e7b908a0a4c7abdfaade13e0f1054bba35b1569b6c5918a1c0676d77d2b95d6
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\05B861F36901036BAE90F6BA0AA286A687DDF7B5
binary
MD5: fc2d8fa617f881233892a7ef2e627b68
SHA256: a87a81a86fc413abc4fff961deeb985793d36308ce3599f7d75f1cb620459c52
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D14E89E9C0B1611A544D1BF058490F1AB052C547
text
MD5: 2a484713f61d8a31f55fe3ce892dc1f7
SHA256: 704b627ee53fedb6868021e77a75b7dfa554ba73f6f56276b98aba1d7af211ad
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4D9ADB8813B7A179E7ABDEEB86EB9DEE3F77539E
compressed
MD5: c515c54e01d4b630ded993c77fade453
SHA256: 9615616a2224b8e14ea5722f29ac7c2220516e8889afb2fcad93d9253a283413
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\92D12EC59B397C579BF3258D5F508B5545716994
compressed
MD5: 2fa2ca99533a9028168c651f3287f743
SHA256: a0ed4eb474a5934d7cca1ef2fc6caac3c13342202ea1e2a78ab394b7c96efa14
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F
compressed
MD5: 5c61a56536ce8e9dd17f6542791cdfce
SHA256: 139f0b55a476458187da940d2aa9f11231a7a27c629ec17e7c308b036955e309
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5711447FF3374497ECFB9553C1A29505C8D59E2B
htm
MD5: 893d1076ce29aa793f007d769594533d
SHA256: 3d80b59987125a1167c7dfe44aa92af45ea202332d807dbb85b5690f3b49a04e
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\32D8E14B3C822CEB6DAD7FC7013BEBF97AA99873
binary
MD5: ce93725eb9672f8592e1222f7e8f6fe3
SHA256: 3a2cd114f008258122ad7d82878fe2c487c58f0a4abe944ba81753ffb81e152e
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4AD5D7DE07E381B6E7D971165EBEA6AB99898783
binary
MD5: 22bedbbc617442272a357e26a38ae379
SHA256: ff4096fedcb9c5c14eaaf0927a51bedd21ff64f31adaeb3d77a556e5ce6101e6
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DE1746EFA95C0EFFC5662579E3CDE21D025C23E5
compressed
MD5: 268711ce06bf9b1adeb5dcf43ce4da5c
SHA256: 41e8b9364561d4db53854a95906e12738a4245c878ac54ca65da6cfd0f68018e
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\FA01B5A6FB7BFB8DC545BC67BFC112126461DA42
compressed
MD5: ec169a384ba873d4aa5806c3abb21b96
SHA256: a59ae6f5a885960d1ef6476c915905b7719abf67dad520c7aca95335404fc8a3
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C8B78F55935BEF9AA6F308B3D7F74773A6499147
compressed
MD5: ae566431fc1a82ebf210ed4442af4c28
SHA256: b6f68b9b9234f1f684c064670216cef29ebba5ce80bf7e2c97b9261a0a4667d0
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 7e9a58e969c255772eefa8d67ebebcee
SHA256: 0b1e96f2c1a1dbc602d8dfbe306b143447cf91d43431e6debab3e10258e0be3c
3024
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_oIU6FiyBrvvIEyH
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1836CC1ECC545FA7B1A59C8B19A2E984D0122ED4
cer
MD5: c06a3fc7d2b4b0d6b19e65c5edf50eee
SHA256: 8c88d7c4e7c894ddaa6041e0ecfe9ef6d73d1940f22146215ab57a503a61ea85
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5618649FF649547EADA90BBCB501703A456D3C2F
binary
MD5: 6ce3a53a0d0ea6de48618325b1998cb5
SHA256: 93f6d1f11aa50f9e2bfbc090683191e238cfa148d8de94f6294419e39481e421
3024
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_kMQyFkSvz5VpnFc
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 289849a1d5df86e3017b88b1cf9a4dea
SHA256: df0b6648864102b2f93d100cd034eb2b57b63c871eee517ab7bce31dde0bea43
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2B8FB3A7C1E8990CE64886D66718692D2B2ED2BC
binary
MD5: 0ec221291569bcf5c2ee6c6575bd05b6
SHA256: 19ef6d9ff65b2427f5511494bab54fae1c2926041f9d8988e5a52bbc002648b7
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite-journal
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DAE8C351831B510F3F7A37B0FB340A270A48E646
binary
MD5: 3e2be0adb2b4525d50f9bbc1ce0bec67
SHA256: b11a197559d4ca2aec6d78ad1fb6be6b780a879b8271417e1389dd8d24da7eab
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 43cb970fae5ef0c956576fb850e64fc5
SHA256: defbd9a5182cb35c67426b9dfd1711d89ad791d0bebf312b99c6f6edbb1f8686
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: 6244e0abf397c636664131c11963abab
SHA256: 654fb77e1f6b807dd3b53b91b5d26dda79f8c1f61e0dcd7b80cbbf29e350db4c
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\140FA8F4706951832587BDCAF6A5446E08C78B4B
binary
MD5: ce33a4498ce5e7ce061a6488bda989a6
SHA256: 9f4a60d1c0e340ebc596d0b2fae5c5ad5734d8e9e2d2560d5f7c780c1e43ef60
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4D9ADB8813B7A179E7ABDEEB86EB9DEE3F77539E
compressed
MD5: ad20717f9105d4bb65a357d06ee6abc3
SHA256: 86277f6a8db9c350a342b24b568a1b59c6a63a980195ca42ed02c71c1f89b8ac
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\92D12EC59B397C579BF3258D5F508B5545716994
compressed
MD5: e6d347680c26ee268a92e54e0b7d25fa
SHA256: bfbb4f0a65b300dae16108999f7f51dbcb61a96ecbe048804bac36df738aef13
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F
compressed
MD5: 2c327f7567cbb42371fc39c8a6eaca0a
SHA256: c85e514793ceec3441853ef754fde17fff55764cb0439b7346b1dab435589bd7
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\FA01B5A6FB7BFB8DC545BC67BFC112126461DA42
compressed
MD5: ec1afd14efe8b2dbc1b79defce4942c7
SHA256: 5ae2e61c63c6de19609d174797d9c5dc53e9c83b29558c4ff241e7b3fc5ece4a
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4AD5D7DE07E381B6E7D971165EBEA6AB99898783
binary
MD5: f7949f7a35916992c29ea45000e997af
SHA256: 80ebfccec7ea01aef4930b1634a214cfd8eb1fade3a2deb3feb7ae8b548184fc
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C8B78F55935BEF9AA6F308B3D7F74773A6499147
compressed
MD5: f78c8dba9d08baa05d1e3c0b2405f426
SHA256: 7ee17612d7a2cb8b53088e249632159046d00502ac1df219455c05173bc71b0c
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\32D8E14B3C822CEB6DAD7FC7013BEBF97AA99873
binary
MD5: 220b6bbf4a4856e0d83b1b404b314ade
SHA256: 85b923809febdbe8713b2c03c237b164e29296ed9bc55b6f0385a12ddbcf377f
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DE1746EFA95C0EFFC5662579E3CDE21D025C23E5
compressed
MD5: 410ff4b5e686b04da058da9b3ef61cbd
SHA256: 24c8faf7812a508ee2de894ff8640d88e16290eb2559df31f5f01648a626168d
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
sqlite
MD5: 1cde44f89d07a93cc338e8c4bd869103
SHA256: 031d33923f739b8eedc4d2b4f6b2adca2b7cd343c10d9121719f05606bf5cc20
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child.bin
binary
MD5: 377acc3af381683cce2a6e1f4e660333
SHA256: 6891da4af0da5eac3629387172668de8df38c4295ad58b846b187f703b8b8a0f
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache.bin
binary
MD5: 06bf7bc2ab42c44b54ac6a2f77c58200
SHA256: 8b665a7ffd6f385ed733732c1abe6eb8171d4f63390ca7bd71e9d3d055ce53d0
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-new.bin
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache.bin
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-new.bin
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-new.bin
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite
sqlite
MD5: 6d1ed7d2559a10b61dd51e16b376d26c
SHA256: 32d27a0efccd6747f4745859313eebe3c6527262fba1d2360af164ae90417790
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-wal
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-shm
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 1634bc7cb7bc3db024af703c91f6e76b
SHA256: d62018c6a510bbfb710a2d9dd9fdc8c61590ad63d73937d88a1ea90cafc06d30
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-backup
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256-1.sbstore
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256-1.sbstore
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.vlpset
binary
MD5: 1d024cac490b71c3398229af2dc0d45c
SHA256: ebdba3e09ff6fadc8cbc981eb7435cbe3a8d7d886298caf6239ec1519f30bd2b
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
binary
MD5: 317a3bdc80f8d8a3380efb222e6c48a5
SHA256: 133a1f0d45d74a9f770775ff95e7ffe77101ade474ab1ef4cf6f11c28b0d837b
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.vlpset
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
binary
MD5: a17e73954354f1532a4ca3d9ea89bfcb
SHA256: 9ee4b0bf597143ec82fd156791aae9319afc35a9b7d45ec6a5f4820de0bb0d94
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.vlpset
binary
MD5: 89eef5e4b859d19a9c4ee2a6101d2376
SHA256: 4bd7318458725582858e67b887c7247ce6fa339a1f0f80d1571105c21c0e8263
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
binary
MD5: 7e24bf302958f24f9731fa0fc7f1ebcd
SHA256: af97622f626f8d63a6d52677560a9743455bb5b7736d654edb00c26c1f70502f
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
binary
MD5: dd445b746030ed4afe8e841e7885fae9
SHA256: 4f244af61b856f1ece1d17535f58d84585d44cdc53796e7a5b6182a18bc1f7a5
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.vlpset
binary
MD5: 4bfe92692c51ba8923310675c05b205e
SHA256: cdd1aa118a18686a4d5079bf8dda5e261f690f6595654c52fad1dc26ea8b7dc3
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
binary
MD5: ea5b517ede71b4f38a06c282af2aa7ff
SHA256: 4458ac19ce45d3ce668aec2ea4ab9e723a0b7dd1731dc6da92a2a582da48fe09
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: c40ced05de08e991107e59397c2a6666
SHA256: 869c439a3c6ddaf5f6364183d030c09c6214eb1a2986a8fa29eb4408539a4240
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\909E0CA5C1BACC0517B305E052776EC811341CD2
der
MD5: d717cf34bed10112f2f36586804215c5
SHA256: 01fe171bac15f6c15cfefe6de56f007f91540c5e647574348e0a913d344682a0
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.vlpset
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.vlpset
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.vlpset
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: d5c0395388ae4cdb5a26b93865dd09a0
SHA256: bcdced58035d8b8eea456b54d4ed4dae296d37735acf5be1633a91acc24abb23
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite
sqlite
MD5: 8a9d84591b2a2f4da6964ad0923a34c2
SHA256: 5c00418fc0c0f9418521860d16ff53d73fc3601e97047c6920b19b17d5e9914f
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-wal
binary
MD5: 1bb1dea3608fcbc4fc16db2a6d3d91a4
SHA256: 06e086874ea0f873902360fba038a8f97d6ce17c6753b577adada047a9734fd0
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-shm
binary
MD5: 3709b1700414453b992cc0daa940a492
SHA256: 6d2357bae37d296db91bd94ca8cf365cf58f2ab9167580d4016f5a02c20f2268
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-journal
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\.metadata-v2
binary
MD5: 8631e6ca7f7647e78c4d2f40f1451161
SHA256: b13d26c7e30cf89c30ef8f36a01326a5e788c829c46608aa087f93a89ec1ba1f
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\.metadata
binary
MD5: 80722730eccc3cfc62bdb6a7de07a6fa
SHA256: 53c3729554e15615a879b0c7b190242035b949e9360ee0309ab0b3debc42fd91
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\.metadata-v2-tmp
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\.metadata-tmp
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
binary
MD5: 65e942614eee70680464ac4be75019fc
SHA256: 34395085da32c8b4efe9959e3b0d756b43ffed17694d66f39b966cd331bd9a94
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
binary
MD5: a5695cc64d77967232b0c1344c6e72b3
SHA256: 042a22b8681d754671d2018ba109b31a53ee3728d48c6379043f8e3394e7fbad
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4
jsonlz4
MD5: a6338865eb252d0ef8fcf11fa9af3f0d
SHA256: 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
binary
MD5: 051fb32dece757ba112ac36dc72e3a91
SHA256: 0806d98fb3de55f75d7c0b17e26146567e08c483031526659a4a35d09b97ef19
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
binary
MD5: 3675254e341df799d4307c1f59109185
SHA256: 23d108134bed6099793f7dd6b8b6e62081ec3b945efdbc7c5e0e779fd9b82f98
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
binary
MD5: 3d1ce5e50208f0cb3b979186043a548f
SHA256: 1e13d05d482c3d533dc6035af2b2d6e84749412a5748d1435b70cec8b312340b
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
binary
MD5: e2cf527ca7550b7e7bdf7311e483a2c3
SHA256: f1e07b1d717433f47073dc54a7d98e3e87b3d0fa88e53466f93ea544af885d11
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
binary
MD5: d772261ff33497d3681e094f23282ffe
SHA256: 8ee76fa11d5a67f0c93766da3b1ac0c942020afba15b55a8750a896292cf4dce
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
binary
MD5: eb744b05b13e9410146dab0bd459efa0
SHA256: bfde7f131200eb06c1d54b03d2ce1be1ff31062e8009c937243464712dcd2d50
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.pset
binary
MD5: 72e2352f7976b0dd90f2a68047493b8c
SHA256: e0d74336b6c041b6087a697dd7f65fa1da7ea035e202e3d977cc6a7e5bdc13a8
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
binary
MD5: d6acf2573e12afdd7939568804d3fcc1
SHA256: 5525cbf8f8dc41d19ac632ed324e55293a510ae0eeba16d0e3f33c707aa58a0c
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.pset
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\92D12EC59B397C579BF3258D5F508B5545716994
compressed
MD5: 7fe1853c0d345b004727e9940fd335e0
SHA256: 119cbb24b2060ebd8ba03220e50ab223b2999a85314e2cd171aa4c7f4ac8ca09
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4067DAF0AE5B033E92B6F2B562349F78FAC48EBD
binary
MD5: 6bfb490a334b91fac9674341d042506f
SHA256: 8c1b9aedb69bd4945f84122ab5f2dc9f95d43b7e5a6bc7f2691741218cfb5dca
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DAE8C351831B510F3F7A37B0FB340A270A48E646
binary
MD5: 093711d4bddd1d584c015db1fba4d74a
SHA256: 3cebcf5264c389150a418c02f983306733e4ded5dc0010b4bf898d5f4fc168bb
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\92D12EC59B397C579BF3258D5F508B5545716994
binary
MD5: 413ceebd4b95e4e5134e0b21f4647559
SHA256: 9cab7a481f61f1fd74e47ce2f67a3adde227a9032cc91b24acd08ececb568252
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E312BB54159420958EC4287F454E0CAA245393B4
binary
MD5: 22875c6febc8628677cafe2e52d9c9f6
SHA256: ad451f864b9592e4e7b82b43ac3c3c2841b07583e4f72f0fc93bb326c6ecafba
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 6244e0abf397c636664131c11963abab
SHA256: 654fb77e1f6b807dd3b53b91b5d26dda79f8c1f61e0dcd7b80cbbf29e350db4c
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4
jsonlz4
MD5: d282be26272e1e2a33d64d5be0e55f51
SHA256: 8e09de9b62723612ca98aca7137289dd00e19fa0d3a81a167341cc8020e310d1
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7FE3C0E0A7580A0E89BA10D25FA9A8FAD16777B7
binary
MD5: a4b509e6c1a4a5bf28c27b817aa0c1c0
SHA256: 81824e634252ca3f169246cc996403fffbeaf0199c82e2dc20b3b5b28c34c757
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7F13E34B455123E3D4005538F617C36EE3D3493E
der
MD5: 99e6f31ef9b93d553963e85a43f49c63
SHA256: 55acf7226f0f23b3423abe1ce866ccda512e938febc1141eed1eb19b7394558c
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: c0c9091f476a0c9a5e299dcc95572322
SHA256: 1d6d961a0cf7d744c33aef3ae8f23ac9e83fce42a85f3a377c34925cf8d9ff3d
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4D9ADB8813B7A179E7ABDEEB86EB9DEE3F77539E
compressed
MD5: 00fdd099ad9b2d5373c005adc772da78
SHA256: 541e330d049eaa57717fcb15e01244d7bf29696daa19a250a065c56f98abca16
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
jsonlz4
MD5: 351583f788997971d6d0e40152cefd23
SHA256: fa70ea6714bd13f2e974400187afcd659c62a52712444e8f32e48320ea47d3a7
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: 5b168fb5650e2446c5cb89c83e6d1b27
SHA256: 8c28b125d52751bc51eb1fcdb3e682d4d221d488b451c26a241f45b6db1742af
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.tmp
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DF503C8386C3A1B625B23D3BB02340BC5DFCC86D
der
MD5: 1c3c3c6402203041d569fb65ecad3076
SHA256: 0fb091faadfe920dfc5a960853d08de7d731a9fdc8a109b26565fc2d61c099d2
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F
compressed
MD5: 98b00fb7cc653e8a166a35479ce4652b
SHA256: 93098e618cb12e7a6b73f159c67820cde9c287991f1f473c81c4eb49be3ac5f0
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6AE8E5DFC64F6F9CB5DA0C3D5116E1F2FD7386D4
der
MD5: 40613b1c43a76e75ac8368a8ff026251
SHA256: 2b06d607ec418076c2dff76d5999e078e78af91c2cf77188fd0a84d23fd5462b
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4AD5D7DE07E381B6E7D971165EBEA6AB99898783
binary
MD5: 42dd24aa77f580b89364a1564e56abd9
SHA256: 8352a80571d86f228f21ede92d804112a56f8300f2fd920b14d100317af28433
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\32D8E14B3C822CEB6DAD7FC7013BEBF97AA99873
binary
MD5: d59ceeb37cbb82d3d4c2d858c3435276
SHA256: edac9ecfea592a4920fdd7ba34c6e47d7484412c6409faf03f839e3c03c66fcc
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\82456514B751D70715552A752F14275574F8CD32
der
MD5: 7ec02c8ba6beae02f89ceec8ca5c8a11
SHA256: 9d3238ccd8fadc303e470e425eb9473a0dce4155f0b61bfaa099456d30853f23
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 745a8ce2c2c7790737e2f068effdf62b
SHA256: c2f846d542cfd37a9bb24f998e858d5eaa7938c467a0e46af70305d0fd3ec501
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C8B78F55935BEF9AA6F308B3D7F74773A6499147
compressed
MD5: e78315190d23a706ab8ff608cc7f613d
SHA256: 906ec8e4a7bf72c5bc2c5f8134a9966ef549ae6b49c65566da1d268422292e5e
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DE1746EFA95C0EFFC5662579E3CDE21D025C23E5
compressed
MD5: b0edc04008cf5d1fbc662453202bf568
SHA256: dcc9ad1897b4cd6e54a91a94bdc1498c94295bba45b18d09f0308c317a041ff8
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\562B3B5426C3DE0D0278C1778FC4DA5C62D2F231
der
MD5: 995b8a4b7cd44e70e097ea871beb2ba4
SHA256: 285e8dd1daa7cc34a2831a8c1bea30393f61456f11d08b64a696737ee6d7b471
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3CE3D1DB7907993F9D02DDFD965E6B582483D3E5
der
MD5: cd343bda82d250fd4b770e3e0576d85f
SHA256: 31ce58a25abb371ebc859e7c4ec269cc6d8b2fdb1c071e4c7bfffda1f7878cb8
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\FA01B5A6FB7BFB8DC545BC67BFC112126461DA42
compressed
MD5: c2965e63a4c7f3411dd403e6065f2c8a
SHA256: 287df256b3166a64bd274438f7ed20cb1426f3b6205e7f028fbe120917d3eab6
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: 9af4a35e72469af2b16cf959f7c4db6a
SHA256: e12ffee63920d24a9f24db86418fe233b1560e29b595ce3b62d5b4996daa3fb4
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\808D2B3A0E287F050738D13803F370036BDA9CA6
binary
MD5: 81fa8d38fe5c7681cd24a3fcdb27dcb6
SHA256: 978279a02880d5af8eeaded2f940be62b8efa2762857aeff29ffb90e879bb064
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.tmp
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\815D8DD457231859C62F7E2DE50F5CA410A2870C
binary
MD5: ba96a0d95c3296f6ef87f0ed2c98a91e
SHA256: 09a20fe35b6c2829ee6d8c1807f96a1e7e00030c850928877c1d15ed0027c600
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 3103037a1c8083e95dfe786838391bf3
SHA256: cd43f860bab4081c7f2c894af45b036239244f4880f76df249e4b2b797aa4673
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1362C18F0142CDF860FCB997529DED85116EAF21
der
MD5: fce367bdaedbff0224ebfbc06ea752a6
SHA256: c22aa772a116ec771897729b51df64e261f2df1772af94d728c75ed66144bbc6
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: 3b271827f4763f62c8e0158e86849db4
SHA256: 76b6d0abc8e0de1c70933072d4684b779442c9aab45fe148ce9818bda27e53e3
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4C971E595CE8BA11A67B0AEA55741702ED98D9B9
der
MD5: 7f0b8cf4d824d2463a82e796112f4ebd
SHA256: 62ffeeff18209f129711f4d7fedd960edbc804a0439ccd3fcb3ac5cffddea2a3
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3497E56FC713A9562B6469477B964EF41CE12729
der
MD5: a59b1ebd1fd53d7ece39a91ee63b1585
SHA256: 361126278b92b8023eb67c03184e432b3a69394865fc1496c823b89caea3a6da
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.pset
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
binary
MD5: ddf263974b1925672d369bbcc8f830de
SHA256: 92a7323dd7eb199618a1e2e823a71919285a70196bfe627808c66cf1c1f3c8e3
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.pset
binary
MD5: e608435b687616692a96462e1ac26756
SHA256: 6aa8ee3813d86411d8073a4c2f850b1e8e734c3759d860cbe54ec7f378a82a52
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
binary
MD5: 704df61fa2e3f587b268ad85126bc689
SHA256: 7e97db3c9370a35f59a6a649e6cf608e4f5ed572f87f433ea652977ac2cc48d5
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
binary
MD5: 7655fffe7cfbe1ebf96afea5fe2e1376
SHA256: ff2f663c4e453706b7817109f6a43e8b3389e8cfb1b7d64aace2bfba45f3a359
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.pset
binary
MD5: 844aff63a5f67cd54d9814b7b54abf18
SHA256: 8985970b72a7bcfcf54c4a2474c36ea9a911ab3672881ee299d58f5a4e64e690
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
binary
MD5: 498dae4e538658a57f464748f2dabfda
SHA256: 8778f52cd9cb4f4787bf7ba18006d212f8c3004652d163f7786556a8eef3a067
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
binary
MD5: 778202e2ee08f4b4073413c0b03e05fc
SHA256: 33147037ce75ec0a48b3da60d619bc76c2471f5f20c15f9d075671de2067cfb0
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
binary
MD5: 6f85bc4b2ecb49e26b0bd83a821065d0
SHA256: c0b3bc9b3dc507ab654caf72d13c3aefa58c9b13b1e4d14dd8816712d80a7e54
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DF64E2728DC7FC38F35B2643B7567DEEA4AD68B7
ini
MD5: fccd3203c13429fc4bedeaaaf8dafa0d
SHA256: a6fa70252194666e41e1bfa721c5e48e6699e539630b2c87250854485b0af1b2
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
binary
MD5: ba0009932844173bc8f9af264229df24
SHA256: 66d1c00c04d86e313e9a02775cdf906b1be8d4cd6bef423a1b9e21cc4e9f50c1
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
binary
MD5: c921d8e98fa01b4f303481e112202e92
SHA256: 4ef1038730ec8bc7206713c29a936768831b922c5e6c83355fd62d7401d8c1dc
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore
binary
MD5: 04824a1f92353f43ebb9e7f74b7476fd
SHA256: b48e58ebab82e4c376f16150a3fff850c1111ff1f5985d68819cfd6f0db159d2
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore
binary
MD5: 0e8fe60ccd7e9b4c32589a5743a95302
SHA256: 2b124d4026850a3cffd28dbacb58aec28f7dcd4d40bc14e52bbe96d60ce4e749
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
binary
MD5: 23e438fd4af1829d4469ff8d0bc83854
SHA256: 96e0d7644aea81d26f039ae633eb405583e11b020363090dac5cad9b4b188846
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore
binary
MD5: d886a47c89d9c49c795da345bc236990
SHA256: a03c5e2656d2f292bf5794c8eeb8d223cd6ba4f4bfb2ed1f325460e879d0bcf7
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\BBF89FD862EBA4AED24488441CB06ED8C9932C7E
der
MD5: 9672fa29cb560991c10940181926a4df
SHA256: 9a51a36e4af58e922a71065e266fd22b6537c0c0ff4667ec19797934fbbcbda7
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: 03e22f63ea4be5add7aef9050d485611
SHA256: 0b5a2bcd1edf7ee6252f04b41403e0bc21f2eedf7cbaa6565f6562238c771c13
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 61e04f058e592438993dcc5c8087b674
SHA256: 39d3b68fb7d143fe276c1e9ad89d9b4f0aa38e95788fca8278d73407e7e3b51f
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA256: 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA256: 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat
text
MD5: 37818d9b7248f34395c2db3c0bd4b07f
SHA256: ff229e03d2ab696e81957957ea8d71280b5800a2b0f70ea77998c3fa4e98a8a6
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat.tmp
––
MD5:  ––
SHA256:  ––
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: d65b2bd591a1d6cc666241e6eef1afe7
SHA256: 1b94f69a3bf3cb9f7349fe274ca82166c22d675f9b043b19f2770d044ae9bd16
3024
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.bin
binary
MD5: fd4ac055b608cf2c11c9b2c796a4fe1a
SHA256: 1d8a349613f7dcb71bf648c8c7f780f3953a2bc53435846289101fd77d8887af
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-current.bin
binary
MD5: 6a1ef5c5ae2f682a0606848fa329072b
SHA256: 29312a09916820dec3eee29b40c503fee9569204e291320bd9c908b3386b1896
3024
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
14
TCP/UDP connections
39
DNS requests
79
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3024 firefox.exe GET 200 2.16.106.209:80 http://detectportal.firefox.com/success.txt unknown
text
whitelisted
3024 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3024 firefox.exe POST 200 151.101.2.133:80 http://ocsp2.globalsign.com/gsorganizationvalsha2g2 US
binary
der
whitelisted
3024 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3024 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3024 firefox.exe POST 200 216.58.208.35:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
3024 firefox.exe POST 200 216.58.208.35:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
3024 firefox.exe POST 200 216.58.208.35:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
3024 firefox.exe GET 301 104.17.55.175:80 http://www.constantcontact.com/favicon.ico?version=20161010091324 US
––
––
whitelisted
3024 firefox.exe POST 200 216.58.208.35:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
3024 firefox.exe POST 200 151.139.128.14:80 http://ocsp.comodoca4.com/ US
binary
der
whitelisted
3024 firefox.exe POST 200 93.184.220.29:80 http://status.geotrust.com/ US
binary
der
whitelisted
3024 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3024 firefox.exe GET –– 2.16.106.209:80 http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip unknown
––
––
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3024 firefox.exe 2.16.106.209:80 Akamai International B.V. –– unknown
3024 firefox.exe 34.251.59.153:443 Amazon.com, Inc. IE unknown
3024 firefox.exe 208.75.122.48:443 Constant Contact, Inc US unknown
3024 firefox.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3024 firefox.exe 34.208.111.153:443 Amazon.com, Inc. US unknown
3024 firefox.exe 52.43.91.152:443 Amazon.com, Inc. US unknown
3024 firefox.exe 13.224.95.58:443 US unknown
3024 firefox.exe 34.215.70.240:443 Amazon.com, Inc. US unknown
3024 firefox.exe 151.101.2.133:80 Fastly US unknown
3024 firefox.exe 172.217.21.202:443 Google Inc. US whitelisted
3024 firefox.exe 104.109.88.197:443 Akamai International B.V. NL unknown
3024 firefox.exe 216.58.208.35:80 Google Inc. US whitelisted
3024 firefox.exe 216.58.205.234:443 Google Inc. US whitelisted
3024 firefox.exe 104.17.55.175:80 Cloudflare Inc US shared
3024 firefox.exe 216.58.206.14:443 Google Inc. US whitelisted
3024 firefox.exe 104.17.55.175:443 Cloudflare Inc US shared
3024 firefox.exe 151.139.128.14:80 Highwinds Network Group, Inc. US suspicious
3024 firefox.exe 151.101.2.110:443 Fastly US suspicious
3024 firefox.exe 162.247.242.18:443 New Relic US whitelisted
3024 firefox.exe 35.161.86.234:443 Amazon.com, Inc. US malicious
3024 firefox.exe 13.224.96.123:443 US unknown
3024 firefox.exe 13.35.253.117:443 US unknown
3024 firefox.exe 13.224.96.76:443 US unknown
3024 firefox.exe 13.224.96.126:443 US unknown

DNS requests

Domain IP Reputation
detectportal.firefox.com 2.16.106.209
2.16.106.152
whitelisted
a1089.dscd.akamai.net 2.16.106.152
2.16.106.209
whitelisted
location.services.mozilla.com 34.251.59.153
52.18.148.152
34.243.21.190
whitelisted
locprod1-elb-eu-west-1.prod.mozaws.net No response whitelisted
visitor.constantcontact.com 208.75.122.48
unknown
autopush.prod.mozaws.net 34.208.111.153
whitelisted
push.services.mozilla.com 34.208.111.153
whitelisted
ocsp.digicert.com 93.184.220.29
whitelisted
cs9.wac.phicdn.net 93.184.220.29
whitelisted
snippets.cdn.mozilla.net 13.224.95.58
whitelisted
tiles.services.mozilla.com 52.43.91.152
34.213.89.114
34.210.151.118
35.166.166.56
34.209.86.85
34.208.138.0
54.186.163.246
54.186.90.148
whitelisted
tiles.r53-2.services.mozilla.com 54.186.90.148
54.186.163.246
34.208.138.0
34.209.86.85
35.166.166.56
34.210.151.118
34.213.89.114
52.43.91.152
whitelisted
drcwo519tnci7.cloudfront.net 13.224.95.58
whitelisted
search.services.mozilla.com 34.215.70.240
54.190.222.97
52.11.30.237
whitelisted
search.r53-2.services.mozilla.com 52.11.30.237
54.190.222.97
34.215.70.240
whitelisted
ocsp2.globalsign.com 151.101.2.133
151.101.66.133
151.101.130.133
151.101.194.133
whitelisted
prod.globalsign.map.fastly.net 151.101.194.133
151.101.130.133
151.101.66.133
151.101.2.133
whitelisted
ajax.googleapis.com 172.217.21.202
216.58.205.234
172.217.22.10
172.217.18.10
172.217.18.170
172.217.23.138
216.58.206.10
216.58.207.42
172.217.16.170
216.58.208.42
172.217.16.138
172.217.22.42
172.217.22.74
172.217.22.106
172.217.16.202
172.217.18.106
whitelisted
static.ctctcdn.com 104.109.88.197
whitelisted
googleapis.l.google.com 172.217.18.106
172.217.16.202
172.217.22.106
172.217.22.74
172.217.22.42
172.217.16.138
216.58.208.42
172.217.16.170
216.58.207.42
216.58.206.10
172.217.23.138
172.217.18.170
172.217.18.10
172.217.22.10
216.58.205.234
172.217.21.202
whitelisted
e14320.dscf.akamaiedge.net 104.109.88.197
unknown
ocsp.pki.goog 216.58.208.35
whitelisted
pki-goog.l.google.com No response whitelisted
safebrowsing.googleapis.com 216.58.205.234
whitelisted
www.google-analytics.com 216.58.206.14
whitelisted
www.constantcontact.com 104.17.55.175
104.17.52.175
104.17.53.175
104.17.56.175
104.17.54.175
whitelisted
www.constantcontact.com.cdn.cloudflare.net 104.17.54.175
104.17.56.175
104.17.53.175
104.17.52.175
104.17.55.175
whitelisted
www-google-analytics.l.google.com 216.58.206.14
whitelisted
ocsp.comodoca4.com 151.139.128.14
whitelisted
t3j2g9x7.stackpathcdn.com 151.139.128.14
malicious
js-agent.newrelic.com 151.101.2.110
151.101.66.110
151.101.130.110
151.101.194.110
whitelisted
f4.shared.global.fastly.net 151.101.194.110
151.101.130.110
151.101.66.110
151.101.2.110
whitelisted
bam.nr-data.net 162.247.242.18
162.247.242.19
162.247.242.20
162.247.242.21
whitelisted
status.geotrust.com 93.184.220.29
whitelisted
shavar.services.mozilla.com 35.161.86.234
52.27.116.77
52.41.213.214
52.41.192.187
54.200.216.59
54.201.35.95
whitelisted
shavar.prod.mozaws.net 54.201.35.95
54.200.216.59
52.41.192.187
52.41.213.214
52.27.116.77
35.161.86.234
whitelisted
tracking-protection.cdn.mozilla.net 13.224.96.123
13.224.96.98
13.224.96.16
13.224.96.48
whitelisted
d1zkz3k4cclnv6.cloudfront.net 13.224.96.48
13.224.96.16
13.224.96.98
13.224.96.123
whitelisted
firefox.settings.services.mozilla.com 13.35.253.117
13.35.253.45
13.35.253.101
13.35.253.99
whitelisted
d2k03kvdk5cku0.cloudfront.net No response whitelisted
content-signature.cdn.mozilla.net 13.224.96.76
13.224.96.26
13.224.96.106
13.224.96.16
whitelisted
d12uj65dsn9ho1.cloudfront.net 13.224.96.16
13.224.96.106
13.224.96.26
13.224.96.76
whitelisted
aus5.mozilla.org 13.224.96.126
13.224.96.124
13.224.96.7
13.224.96.93
whitelisted
balrog-cloudfront.prod.mozaws.net 13.224.96.93
13.224.96.7
13.224.96.124
13.224.96.126
suspicious
ciscobinary.openh264.org 2.16.106.209
2.16.106.208
malicious
a19.dscg10.akamai.net 2.16.106.208
2.16.106.209
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.