General Info

File name

index.html

Full analysis
https://app.any.run/tasks/07722bf5-69d8-4af9-ad3b-2cfb43297870
Verdict
Malicious activity
Analysis date
4/15/2019, 07:54:18
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
text/html
File info:
HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
MD5

f92e5d6a588411d34a9f766d17ecc2b1

SHA1

6f6c2718755e0b4722c70edc1877b6750a0e43d9

SHA256

cfb33df9c3eb99709d5810a0792ceccff3b98ccebfdc3d45ef07344fe2587faf

SSDEEP

3072:m7WJUSs4xH3H0G28gVr1upr/m7NapCc/+/Uf3PsnHwnKzQWhjbYfLGp2R8:mqDvH3H01srHF/+yvfLGp26

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Executable content was dropped or overwritten
  • firefox.exe (PID: 860)
Dropped object may contain Bitcoin addresses
  • firefox.exe (PID: 860)
Reads settings of System Certificates
  • firefox.exe (PID: 860)
Reads CPU info
  • firefox.exe (PID: 860)
Creates files in the user directory
  • firefox.exe (PID: 860)
Reads internet explorer settings
  • iexplore.exe (PID: 3380)
Application launched itself
  • firefox.exe (PID: 860)
Changes internet zones settings
  • iexplore.exe (PID: 2596)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.htm/html
|   HyperText Markup Language with DOCTYPE (80.6%)
.html
|   HyperText Markup Language (19.3%)
EXIF
HTML
msapplicationTileColor:
#224f7b
msapplicationTileImage:
//static-global-s-msn-com.akamaized.net/hp-neu/sc/1f/08ced4.png
msapplicationConfig:
none
Robots:
noydir,noodp
Title:
MSN UK: Latest news, weather, Hotmail sign in, Outlook email, Bing
Description:
Read today's top stories news, weather, sport, entertainment, lifestyle, money, cars and more, all expertly curated from across top UK and global news providers
viewport:
width=device-width,initial-scale=1.0,maximum-scale=2.0

Screenshots

Processes

Total processes
38
Monitored processes
7
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe no specs firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2596
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll

PID
3380
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2596 CREDAT:79873
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\wintrust.dll

PID
860
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe"
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\psapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\msimg32.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\progra~1\mozill~1\nssckbi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\actxprxy.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\program files\mozilla firefox\mozavutil.dll
c:\program files\mozilla firefox\mozavcodec.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msmpeg2adec.dll
c:\windows\system32\slc.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll

PID
2280
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.0.383361466\1484485054" -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - "C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{ce348e4c-7d33-445e-89f9-60108c51bcaf}" 860 "\\.\pipe\gecko-crash-server-pipe.860" 1092 gpu
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\shell32.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll

PID
2476
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.6.727553358\1543569309" -childID 1 -isForBrowser -prefsHandle 1596 -prefMapHandle 1592 -prefsLen 1 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 860 "\\.\pipe\gecko-crash-server-pipe.860" 1588 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wsock32.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID
3736
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.13.772560425\1067830675" -childID 2 -isForBrowser -prefsHandle 2500 -prefMapHandle 2504 -prefsLen 216 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 860 "\\.\pipe\gecko-crash-server-pipe.860" 2516 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

PID
3424
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.20.618613957\1149471078" -childID 3 -isForBrowser -prefsHandle 3360 -prefMapHandle 3364 -prefsLen 5882 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 860 "\\.\pipe\gecko-crash-server-pipe.860" 3376 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

Registry activity

Total events
820
Read events
755
Write events
65
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{F224DF39-5F42-11E9-B63D-5254004A04AF}
0
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307040001000F00050036002400D300
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307040001000F00050036002400D300
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2596
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3380
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3380
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
3380
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307040001000F000500360024005001
3380
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
14
3380
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3380
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
3380
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307040001000F000500360024006001
3380
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
250
3380
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3380
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
3380
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307040001000F000500360024005A02
3380
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
44
3380
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3380
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
860
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
860
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000072000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
860
firefox.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US

Files activity

Executable files
1
Suspicious files
78
Text files
44
Unknown types
93

Dropped files

PID
Process
Filename
Type
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1146.0\widevinecdm.dll
executable
MD5: 7f636be36a85d45a148b0fe13bd311a5
SHA256: 5566c2c4b1839386e1b951b13eeb7aaceb1fb52e9f1cfdbc345c5e4f7b6d9745
2596
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\25263C68272AE72244EA7E757AB6D27299F4B064
binary
MD5: 7a0230a19221d021bb81b7e06d7a5310
SHA256: 2d11bf7c639745aa106e7aa7a174f0f463c699cd995d1d87aef0b4e32d66c2f1
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\357BE559462164AD4E311B6DA1D4094D94E7DD16
xml
MD5: baa05ed434e8e7c95f5d2037573ebede
SHA256: 8536cb677ee15824a056acb1e0ea83fb986900d2f60e9e163dda5159b9c0acab
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8C02606701F2448F594C25AE56995697FE4B979F
xml
MD5: 3a6c8a12588503c4acf409c45f7c5cd3
SHA256: ab78f47eb65bae48374a2e0eabfb106b03e9c878fe7d65f202cd7cb2acf7db1a
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\startupCache.4.little
compressed
MD5: c3b9128cc5421240e99f2db8e1bc6b76
SHA256: e02767bd990455a6d470f49ad8c7e91ed53626ff1a2514690a3675d36af336a3
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-04\1555307857977.6ffc691c-2c48-4b26-b32f-9ffecc9c19a4.modules.jsonlz4
jsonlz4
MD5: 7b4fde032d0a99674e54987dd5fe61ac
SHA256: 70e5663c058c39efd531b824a962bd75e2b826d02f5360f1aafeedebd731cb37
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-04\1555307857977.6ffc691c-2c48-4b26-b32f-9ffecc9c19a4.modules.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 9d5f73564c191320c03fc8c77865d211
SHA256: e780254525383e6d0ce2e2411c441ba8716cb1b5c85dbc60628faf36959048e5
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite-journal
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 9e7aa2cfbc7cd95a798603c091c91514
SHA256: f566d1b6f307c70d5ed2700aa275b01940d1f3d56e2e24082a1a44141ce7959f
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: 8a37674e9ccb7e356c4755a0250a88e6
SHA256: 50accefbe9df0254de7aa82e886d61fc2f25428336a2b5ec0edf723855551a79
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\25263C68272AE72244EA7E757AB6D27299F4B064
binary
MD5: aa885c76114b09bbaf30a62c84bb35b1
SHA256: 98a7774bb621aa6ae6337d0080efa9a8230834b75c6d2efae94e7f7dbf5fdb0e
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\682C68059E13BF1E930BD11F6234F21FD2921938
binary
MD5: 7402322c01d46b86047faab53abd5497
SHA256: 9e885b765c62f0ed168e480cc4eadd07a0f5aedc37a6655a14f54f8f62521f28
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 8a37674e9ccb7e356c4755a0250a88e6
SHA256: 50accefbe9df0254de7aa82e886d61fc2f25428336a2b5ec0edf723855551a79
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: 4f48caa0d088e32cb0c50b16558da966
SHA256: 8610c0bea8e684de1f839c87d8078003edd56c7d2a269e4239930acef685e2b0
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: dc1bf0afaba617f09e337b15ad86b9d9
SHA256: 4160daa8fadab3c266ad47973a0bac86f1c0aab0393183068c730cdc01c053e8
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 0f1ca3155992ffe471176bffde1c7f1d
SHA256: 995c5984eb73937c1c42112eb1b694f4790ceb24ea9ffef121029ad1960875a7
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\jumpListCache\FyIfWsxToJ7C+3NcbZgKmw==.ico
image
MD5: 012111c480290d97c36079a025c7e272
SHA256: 840d34f7508683fda7ab7de97cfd5acafe847bb34b7a1f754a6bbe99b5b7a39f
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\jumpListCache\pV+3TL7Nu3EP5juvr_gPjg==.ico
image
MD5: 847cf8580806fda649b20afc264f4736
SHA256: 0697b6004d8408ab86ccee76bb59eb07a9012e6f3e7adbc01f6e390f5c9b8836
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\jumpListCache\NZ25c8nxXfI0WczfdW84Hw==.ico
image
MD5: 012111c480290d97c36079a025c7e272
SHA256: 840d34f7508683fda7ab7de97cfd5acafe847bb34b7a1f754a6bbe99b5b7a39f
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\jumpListCache\V0ToYoD2+Z_UNmqmjVbqPw==.ico
image
MD5: 88b48ce20644063f896b4773c1ac1d91
SHA256: 4910f163a5cd41c4b118e08ed3499191efbe57cb26df84bf39e71e71254404fc
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\jumpListCache\sP6ccZA9AeHJr09Bk4uARw==.ico
image
MD5: 88b48ce20644063f896b4773c1ac1d91
SHA256: 4910f163a5cd41c4b118e08ed3499191efbe57cb26df84bf39e71e71254404fc
860
firefox.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
binary
MD5: 4f5c610d2daa69181fa2a7527bc2d36f
SHA256: 866cfb9c056b3587fc87bdcfedd3bc7c57cf8ed8ce763d614e977e363ad89dea
860
firefox.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF12ad11.TMP
binary
MD5: 4f5c610d2daa69181fa2a7527bc2d36f
SHA256: 866cfb9c056b3587fc87bdcfedd3bc7c57cf8ed8ce763d614e977e363ad89dea
860
firefox.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RS1WQ43W6FQ5TC2VJL3Y.temp
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 4f48caa0d088e32cb0c50b16558da966
SHA256: 8610c0bea8e684de1f839c87d8078003edd56c7d2a269e4239930acef685e2b0
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: 490f9a2dcb6a4a700f0d0c9a90d572cd
SHA256: fd36b47a31c57e74614bb9f113ab425738913bf74378496daf8544f96f1d73e3
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: 9999cd081468f1a719ae7670e93e3886
SHA256: bb103b13fe41c71849883ea5d3f2987b7db32fb5a574fc52537972c8e6f32dc8
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 490f9a2dcb6a4a700f0d0c9a90d572cd
SHA256: fd36b47a31c57e74614bb9f113ab425738913bf74378496daf8544f96f1d73e3
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\682C68059E13BF1E930BD11F6234F21FD2921938
binary
MD5: a8183c6de07e1cefbd8bbe47bacdaae5
SHA256: aca7c227a0eced345fc68136777c01a9c734835f08d74d5d1e16a05b5e75b196
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 9999cd081468f1a719ae7670e93e3886
SHA256: bb103b13fe41c71849883ea5d3f2987b7db32fb5a574fc52537972c8e6f32dc8
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: 13435a445e84aa9a616d90845c35b103
SHA256: ffd10f19d3fb02e23520d68ee8ffa871f9c0820dcd17211fe30a0e0f6050c8db
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\682C68059E13BF1E930BD11F6234F21FD2921938
binary
MD5: 7e06ff6a58543b1c9f9aa42f6e01c3a2
SHA256: 4412bc344408d120b13ff70de353738b0b3d2ca5104e09395784f74139794bc3
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\320
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\41D9C79B5980154BCBC1207F01F746A167D1EFA8
binary
MD5: c5088c4e13ed8ba53641e744072a525d
SHA256: 85571c5f9674974b71c86f4ce0eb5b694a7fa83da1b1c45c3f1e9eb7e5d6013d
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: cd9e3044af8353718a4e5538ca71fb89
SHA256: 13022a43ac307495a98ca76504caa5c50002f552a80d24e425ebdcb20eae3349
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 13435a445e84aa9a616d90845c35b103
SHA256: ffd10f19d3fb02e23520d68ee8ffa871f9c0820dcd17211fe30a0e0f6050c8db
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\682C68059E13BF1E930BD11F6234F21FD2921938
binary
MD5: 76bf1ab5af15d7838906f39a4bdcfeeb
SHA256: 65724ca5e507d6bf13f7134d31c737342416dcf918f5ced5848677379439987e
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B450C6AC5F4B0D68C41F72C07996DCD68979572B
der
MD5: 7f1aaa16ed5b0a99cbe7385add7a3906
SHA256: c8e35a91473d0b6596fcc6c8401afc75b78984d6984124b5559a1b82017c9764
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CDCAB64801D3D1268B28C84A929AB2F0238F5239
der
MD5: f5cf51019946c3716cf0697c28a18af7
SHA256: a2a66599be50387604ec0f66408a2e6eef0e05b9b9624041af39794317617830
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3A7912637731B28838D58DF1DD61FBD0ABDDA0DE
der
MD5: b9192ae5bb9e8e308eee51627a7bcab4
SHA256: 3d4e0bbc4797ffe2ee38e95cb3647dc73f3d2acf74419cbd725c2f747c4641c3
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\aborted-session-ping
text
MD5: fcd6739eb0eec67f358ec430e2ec6df0
SHA256: 9a3de91125d0977cd0d09d54e861ff23bffbacbb283c515c42bf1e97f62832e3
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\aborted-session-ping.tmp
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json
text
MD5: 29a892d280e8774ea4544c643fd7d80d
SHA256: 62e6b81ded971e41b3435be72b20d66bfa217643aecd798d5d640028b0ad93e8
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json.tmp
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4
jsonlz4
MD5: a6338865eb252d0ef8fcf11fa9af3f0d
SHA256: 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4.tmp
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 9135527f09fbc3788ac154c5e416d192
SHA256: 33c11cae43414ab4cc12483663d6ebfe22e12296b76961e24580a20ff66dc368
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\682C68059E13BF1E930BD11F6234F21FD2921938
binary
MD5: c290bfb06d486d6128b8bb10cd146c79
SHA256: d9718b11e85d3224a9cc4746de3ef6d0cabbb3499287dabf3706c21921337262
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\10436
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E3F9BA54DBA5FAFFF2257D35BB1F94F17941D539
binary
MD5: 93f4571f6e25dde41b4badf077b67a93
SHA256: d0c18111bba3b473e42406761b0bd2d3e6d6e819330ca6e09dfaed190f9ffdee
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B42FA37DDB30073E46C242D4E86A7ABB4DF1B560
der
MD5: 3d67efa91f54224c104f20b55929c03b
SHA256: 60c568389404f9d2fe1d2a4ef66df1cbcff8e945e756f658778d39131118ca6b
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: 5bffb5b7cc7ac118d64d2214a8a3038f
SHA256: cfac4f9b367ce439f05a215188fd43e8e9b216bed0d8711c317acb8a3d611f38
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: cd9e3044af8353718a4e5538ca71fb89
SHA256: 13022a43ac307495a98ca76504caa5c50002f552a80d24e425ebdcb20eae3349
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\25263C68272AE72244EA7E757AB6D27299F4B064
binary
MD5: bbfc64c44503a120c2bc4f61fa2ffdef
SHA256: bf0b215a8a68ff6b4742cf5b3913d556a6932a45f836fbc9b21c2e7979a24224
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-wal
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4902023A176D6771FA9BE32B30856C1BB2837A3A
woff2
MD5: fd93baeef970ae1387db21ca0c25126a
SHA256: f808dd88642b3b8356b2f351cf77f4cbbafb88ba8cf9902d824b33c661162336
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\682C68059E13BF1E930BD11F6234F21FD2921938
binary
MD5: 76387eff6a7872cbd7eb15927d1a427d
SHA256: 074a28c32c4663dd71c69c2a5e69b13964c09926cfa6daf6bcc640b3eddf9fb3
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
sqlite
MD5: 6484a9fed7595999876157283b501f83
SHA256: 78b6c157320582c1c09f2c67306e83659c1c938aa0dd3a6e3eca1ed10387dfa0
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 13f9d0cab8fc72249cefa8501376cf7b
SHA256: 7d25d23689d83fd47841151cf922c5eb60bf14c23b11df2b6c3dcbbbe9a28b14
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: db01eb84e46c1584bc25ee22b96d6963
SHA256: bccfac9471d6084757269ffc199bbc93276d4ee5cabc5c7a454ac4781f05a52e
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\43B6655E5F16BC2535236452C6E5FF7FB6F2BD90
binary
MD5: f0f7000c28259a5bec5adba78d14aef5
SHA256: 214c7ea7400b351b55c4be7458ba5e4afe6da6df08b2e0a9d127c639bfb4b602
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\broadcast-listeners.json
text
MD5: 0d083c0f4d1848bc3dd006dab592f4c5
SHA256: 80357eabe202535c2d908400c2fac0d7580a878773eeadde61a08d89ea65abcb
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\broadcast-listeners.json.tmp
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: c7299918374e49f83189426e62c33046
SHA256: 2c3c36aa68c9bd7679b17b221b61ecd5341faa4ba73d827e039e8222f8312630
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1146.0\widevinecdm.dll.lib
obj
MD5: 5a33e95804ea80f06f97453b1a163e27
SHA256: 33bb1b23908e20870aefd100fb10983753b3ffbb308c55316b7b9cb6c9f45a6a
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: c54317d34ef7fab82444c205fa4a2b1c
SHA256: 5bb4e7ba11622bdf4d42fe701abaaa1035c4072386ea4fbda8fab5b9b0f25949
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1146.0\widevinecdm.dll.sig
pi2
MD5: bba147013aa78944b2530f3e4acf231d
SHA256: 2347297ebdd087df38fad1acc207f625938ff575f0d7c0533c6c5572f042f6c9
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1146.0\widevinecdm.dll.sig.tmp
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1146.0\widevinecdm.dll.lib.tmp
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1146.0\widevinecdm.dll.tmp
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1146.0\manifest.json
text
MD5: 6489d53ce5fbfd0eba9deceb95323c61
SHA256: 1a8ce8afcfddd04cfb3dd743b0bcde8d439d9f86a1fe262d2f99fe6876631fc7
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1146.0\manifest.json.tmp
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1146.0\LICENSE.txt
text
MD5: 49ddb419d96dceb9069018535fb2e2fc
SHA256: 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1146.0\LICENSE.txt.tmp
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Temp\tmpaddon
compressed
MD5: c787e9b06b44e979c9aff51c8da64b4e
SHA256: 7e8db6c2e3e62999814d198745067e04e7c61c1580d75cf73534712540df5d9e
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7F8371295BE343057602766FFC814753AD06F96B
compressed
MD5: 66d353a7e5e6348814f2787b17a8c1a2
SHA256: 708fe506689a72a38c4e2ed7db7cb5891d3e517d5d61d10bd8f929cbf60fbcb4
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: ef7f0a6e74bbae13fde0d5f487bce672
SHA256: 40106e2a491c64f0cbc7af9aad778eaaf01955f3021147026f8f856baeb800ea
860
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_igIRXvB9aAtUaXJ
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\491F289AD0B37F176E82D588C95524BD549E78FD
cer
MD5: e8ceaa9e42be8344b24e1a4146ec6a1d
SHA256: 376f4fe63e1d4d47b265c942210f1c2ac4bdaf4716cfbdb5292f1577c277a6fb
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D00A688072D5E651DFCBF1F615D0FF8CC68B8989
binary
MD5: cf40e711825d535b36875d49de711b96
SHA256: 5d6a741641cfc5279197201a4d0081b0e04824276653623c4019e3b26bc016dc
860
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_rqa8bMyjVFQORDh
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt
text
MD5: 7c6486e0e286739cb3bf14195b438d6a
SHA256: d3311f69feb662b1fe2a600c2fd4f7f3e3709d5a7af85a8259c88b80cea9841e
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations-1.txt
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EAD4A64A0AF73119D9717809EB7339F0DEB17892
cer
MD5: 240159051148a92c7a342e70efc13d20
SHA256: de9be860315eeee32eefbfb1f2e0a7663117c980592b4f347c43fd8459dd84bc
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B8469062C8B9A5098D81A620DCDEBD69BE523333
binary
MD5: a351279a57e409e0e11e0abe3c9f5d8f
SHA256: 47782e76e42cbd580da9e2dd0a701081d8e025f76ba148293b2e8dc881ccbcb3
860
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_tVJcyYubcWX0fT7
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: d7ab7c4c06a8ba40d1766a0491774e36
SHA256: c04a7ba83b5e1750933c5dbee22148f83a48dee9b79568558f4ee3ce038635d0
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1E137CDCFC633D2DB96378E90D07058F8E2DD90C
cer
MD5: 3231ee4caa91f1405c10eb5db50e0402
SHA256: 479370fb0699b00f79a74e16d9129a8551ef2ab58d0781f5eed6be9621537736
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DE23B389EB6A29BF74711D30F79F0B21683DA2B7
binary
MD5: e87b3458380c8be964e3649adfa84ecc
SHA256: b4814beb321129418b116ff5c5c50c03f561385d979c8f54a77784e91e90b350
860
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_uPrCKEmegbdckuP
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_nkBeYe2j0qeKAHl
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: f46a41d57f1780db32bd0479f5c2c7cd
SHA256: f515fafd42960184f0c5f2a56a5f428554c98105a0b279142c85f93f7c67ed17
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1E137CDCFC633D2DB96378E90D07058F8E2DD90C
cer
MD5: 91cef4949c5dfa4b7ceeb206bdb616cd
SHA256: 051b92f7c2144cd3c772aa5dc12b81e081fbe4a5b83ebe6c49e693f5feb2ff32
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\92344FB9142967FF09C6AD066D9330AD12C51687
der
MD5: 18c0124259cd7b42551290a2f6c302e8
SHA256: 337492c228a40fe7bbd453731051bc7292aa73e4ba685ae0c7c7cf5e2dea9ace
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\broadcast-listeners.json
text
MD5: 72c95709e1a3b27919e13d28bbe8e8a2
SHA256: 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A62DAA8951D1736AA922A207513B2B70D523ABAF
binary
MD5: 72dd2286b3339e1bf3a81920caf85996
SHA256: 779350fcb08053d5f489197d7001b480ab6729023aca1d8abe4f9602961c3935
860
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_WesHobveCMSiqvP
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal
binary
MD5: aceb474a9cfbb181dd18d6e085da6f75
SHA256: 6157c37f5522a7a6992166fad0b36fa45564b7c473d0a0bfd52aa9516d918ed4
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
sqlite
MD5: 19c2d8008d65d1717be1e9db4485f9fe
SHA256: c31b84433a0b0eb389da03661d9a9fd0223e57aa8a2c2edd3c15cb80192c3927
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-journal
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 418c33bc7f0219050d5b3e5f520e5944
SHA256: f77dc8d4b98dae639c26b08538488a27b5e99ff5aab4c857263d2a3b6ae60f92
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A63F302D4AC817DC41AAF9E8D1E347445D22F536
binary
MD5: 3b9c3e7ccc4d4887b8dceb8768ecc97b
SHA256: 4d23142fc5cd266143bd023005b19a981fc5ff6f761178fa3c4d36a0306a64a0
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C3206E32E3ECD73A5A5299702E6538BFEDDD7DA6
der
MD5: b1a7cedeec0341a5fb46865fe97c4de6
SHA256: e7055a11158a997af09e63d8df9b67b37cf99e372db1f2f387850db92ae23494
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 7dd3f71595c3677125bb3345e27b6027
SHA256: 146fe23122d86089f0d794edde3a9bfad2b60a6c25a0bc7a68ed396ece1399c1
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9C71EBB4FA73ED9370753E751B87FDB94A1F0086
der
MD5: ce52e6fbfb4239e0b621c15efba1c514
SHA256: 95170729a76d7ac50fa88340f0a406567a58cc7a055ff34980968d853604207a
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AB1445A1EED148844B2DB071AD6D5C56C1D7EECB
der
MD5: d7414849696dd87dd40b46626871de30
SHA256: 6f45880d853abb34b01225bcb42b0392d10b3aac27d718f520a24de2def743eb
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: 2891330cbb7a0d51dd0145c00d78daf2
SHA256: 4be63deb571dd78e0b7e11918a34fd61a88ed47e5359fc535d4b3cca4c84a70f
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 5bffb5b7cc7ac118d64d2214a8a3038f
SHA256: cfac4f9b367ce439f05a215188fd43e8e9b216bed0d8711c317acb8a3d611f38
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
sqlite
MD5: 57445cafdcddac4a263ff0062ebd6c51
SHA256: af0de6dc12a7395d0486c34bcb3f7065a4c1f1b413af12eba54e8a2a3e1058cb
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child.bin
binary
MD5: 4f73f43fffe7741494c3429b0f477dae
SHA256: 940bf6f46ee0333e0e35b375675a3e8abc81dfb3df87a331640671a8e979c5dd
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache.bin
binary
MD5: ae9372bd836fab8be31655ebb36e269a
SHA256: d87e60954d8fc6fe071c91e202cc037483bf67168c2d23793e770945946f0de8
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-new.bin
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-new.bin
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: a9739e211a3336e5c8f56247a833d430
SHA256: c766b96490db27cbe2cb87229f32f2597dd098149b3ff3f26d9322a41c81464f
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-backup
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256-1.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256-1.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.pset
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.pset
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.pset
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.pset
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 6851c7bc0d94f6c0325bcb9ebbc7778e
SHA256: ee4248fe2cc1848fcf1e91006915b461ec08b4852366919dd94e35f719d936b4
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C5F30D097ED08D0B9B0F61D6EB205CF5245E33A1
der
MD5: ee779fe7b0e8af2542f2e3b3f32aa70e
SHA256: d41ccfe9960e86c8f8cba0e92aa1207fece7c5f64e7c0a5b0c6e28b6467ae413
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
binary
MD5: a5695cc64d77967232b0c1344c6e72b3
SHA256: 042a22b8681d754671d2018ba109b31a53ee3728d48c6379043f8e3394e7fbad
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
binary
MD5: 65e942614eee70680464ac4be75019fc
SHA256: 34395085da32c8b4efe9959e3b0d756b43ffed17694d66f39b966cd331bd9a94
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
binary
MD5: 95f28ede25c301301f25fbbd9a3c56ec
SHA256: 87763df78772f7d750b0fa5a31eec23e931fd3bd1cbb33beddfc61889da36478
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\thumbnails\5744e86280f6f99fd4366aa68d56ea3f.png
image
MD5: b8f9d8afdab3a9445d75fcebdfe2da18
SHA256: 8ca93f1523255ed443ec0eb439c8413926d9429f059c806d9cd4ab69b70f345e
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\thumbnails\5744e86280f6f99fd4366aa68d56ea3f.png.tmp
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\86B7D8A168EC48679FF2D8E20D467AF59943185F
binary
MD5: 68c2f776d3b71c4119bd3568d72b3e6f
SHA256: b50f77720c2588da7ba30911fd35a3c8a8311d3fc505ddacd53e086a1705bea0
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\25218EE79CFF5F3AC18C58CFDF44A674E3560C47
binary
MD5: 82eae6ddc93c32557dc1a3264828547b
SHA256: 1c783a81d9ce79e9947ce1b99ff132b622580d488c0213273f2fa08f37de6c0e
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\25263C68272AE72244EA7E757AB6D27299F4B064
mp3
MD5: 9e3536402aa92662d0964148e2872cef
SHA256: efc9757ac036a4a050b6303278b42ea89b6cc19ea4824daf29d5de7ee734a56a
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\682C68059E13BF1E930BD11F6234F21FD2921938
binary
MD5: c7261498886a4a9539af97513256baaf
SHA256: fb7372e0a416378db0e3517e4aa18abba3e2bcd1f1440883d01c4cde531b6303
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DF4D24A2F47FB1E53CA4A2AA93CF8123004A1AC8
compressed
MD5: 57a2d8afb99efe59bd82e2be5615a60f
SHA256: 71c5ff8bf5bce367c53ed4dffe42cbb2dc6ee4ba0ccd910b61947c5e98f91986
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\285F838FB22B5BF580B7FC949DD389EF5E0D4817
compressed
MD5: 3050c53141492845c939a12d6605e781
SHA256: cf70672f5383bd2ef0b5571f05d0468ea72cba20162f05cf184bbe3acbafbad6
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9A2A031EDD8F7BA90FEF5008C61B39EAD1202FCF
binary
MD5: 6bb00b41caf6a7c63715352ae90b9977
SHA256: 66125ec952631cc7abc05890644f301740b04a05693bb5f3b7166262508f918b
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: c3e22ff5e8717d4b8ec3e54a403c3e9f
SHA256: 3f20da1e85bb0a5f0459516b55e81b36f461c30cd4b0f8130fd6909e6a753003
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3E966CC8E78C7203863D194287896E0F7798753A
compressed
MD5: fb5fb1f377731fd25c6e3b90493c0232
SHA256: a02a2d874012ad92851a8c151aa6eceb9b1626a8d900c12ee0189753dd6bdf05
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2C257EB446C0521A6A4C712C6536A728FB6A6F26
image
MD5: ad059e438083b315a7a7270984c85a5c
SHA256: 7696046b2c9f6d4856e238143f6c5d1ada089ccac99ca52086782911ecbe9d2c
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\601AE17A0D7E7E15817217E605C053416FC698CF
image
MD5: 344e40bff56472824228e798bafdcb5c
SHA256: d4fd2b596c8435d86ca1a8aa599d174a37cfe8b62bb06763f7034520620fecc9
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1446C89C3547A166E23B6F5F03BAE21634010FB5
image
MD5: 83171973959aa40d61ca94b2e93d6b06
SHA256: b1a2c54c1ec2d7e4c3b1f8ac1e547035ed3f5b9a0840bcb91b24f209027c3b69
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DCB1F724F63893E5D3BD8A4FB4581254F7C3A3DA
der
MD5: 63f29e98029975cdfcc8314c5ee2aa23
SHA256: dac365bfdf027a6b617aa631f0cc748c01113271d37ac93fa5d97ecf6437a50b
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C1275022F8FA8942C806B2BDD4DE80F8A6E4274D
der
MD5: 3cb863b54af6e4471bf0f4cbcf9f0144
SHA256: 12897cbdb26a9da84eb153acb90949ac153ed4ff2163b5fa4d8d74a03e0a5c5d
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F36521409B5CE39137FF1547178E9EB079C86185
der
MD5: 73b4ce51d1532376d7260d53ef8e602e
SHA256: aa054b7d951ecf635dc9183bd6a833345db904e700be45ca59e1b85e1d84f382
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E70EB00B1BCA51223B7295A6A0B62602AD82656B
der
MD5: 8000003b011b0b6baea05fe83e844538
SHA256: 0e84c041330a1c9aa18564cf00a76bc8f29eab80073950fb966c24cc82b52c8b
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\63CE4782CDDAD89E75D15C9E30659A2D5158A33C
image
MD5: 0096e9e47e1e632cff8945a80a020d3b
SHA256: c1d4bf689e4dd4d443e54191a8919474061a33446336a721e1efef70e13b9117
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E92B9CCF29999D01523EB1E1572D0ADB946CA592
compressed
MD5: b2288abf345fe7ad87d11ba940bebee3
SHA256: 6cec3f700a417e43e4399d9b5727ca97d95a62f9041699e99ee9e97bb6285aaa
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4B7EC4C907F86B5231ECD77EF5491A898E169146
der
MD5: 61d75b49912abfc458d3ea68895fd404
SHA256: 6edf0ee630324fa1ca0ba48a8ac122653ea48ebf7410d6f85aa7d464fb4bb9a4
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\ED9E80DB8F3338F3B77E5F3B263CAA14559E70D8
image
MD5: 50cb43b8fcf8e610ae74e3e878ee1280
SHA256: 6ddbe9017c8a027d46483039b89ce1106e313db2485ae0a02c125fa896d18206
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\752B6722EA1D008364E97276432883108CA4A477
image
MD5: 25448b1a685f4098366135e4b7fa0003
SHA256: c3b1b4b010d40204bded3f7d76399d503eeada768ded5bfa9bb6ef6184f397fd
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B611F730F0194250B03C6656F18C367455827609
der
MD5: 7acc9195fdf897d8ee69b624cca3cf4b
SHA256: e99a00f359ce7b849f44d814249021553d17db5ee54ac0a20d8d4c990cd3ad08
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: 1c34fa1892240f8fabbc44ed7b8f1680
SHA256: a5572f0b9a73940fa2db7712ae5e763e23630056037a9a7ca2fa8faa053b5409
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CCCA1D870B585187F3CB394327A54C72A3B3D83A
image
MD5: 5c59bf2683e02d299ce1fa136f5a6dc5
SHA256: 3bb2e211378325b8da2c4085cc001f1f39442b8979b70871fdbf89f79bacf6d3
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6DCAB1BEFC6A9D13061F8980F62B8AFF1F676A8B
der
MD5: b8779ef961ca24755b3b42a1bde8c11b
SHA256: 88a387612abd92f9a740e361c029ecae580822e0e016a2879ca6eec4ce460c79
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\47D3550842F9E7A02A1363019AA18125AD03F7F9
der
MD5: a9a9fa654e81631e55651687a99f5f71
SHA256: de52a7b917834a68ae253cd70c5452f34da6f408aa4a661c9dffb8019be26bc2
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F7E6AF0CBF7E248F527CE71104C47B8894DACCA4
der
MD5: 1cc5b79e22d085cca45dce437c07b1c7
SHA256: 4d1bd2ccee16508db35f8452b798e169c62764cae1f27015c3629012abf1a1e0
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\FADBF7562BAD8B7F7B07873EA3E815E58F2526C6
der
MD5: d3393f10330c596c24b78677f8c53575
SHA256: 34b297735ef5fd20e17a2284adfc1a7dcbfdf1c09b26f438293cd78545cf1788
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8082A3933A67E1CD61CB1E15C6F467E5DCDD4288
der
MD5: 25b277b72f4b02d3a5a6fea1a2c47f47
SHA256: a5b193e6dd6a44ebd97e475c9c96f369c8a8d1a56dc3b43ae6b13074e01a2ebe
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\32D78ABD4AF7FCD5FABE7D36EC1E9250243C9857
compressed
MD5: 73a0eb1eff0444b4ed171289971422db
SHA256: ca35cac6c3c44222927790dc91bc1737dffda10561962ceb816755a968b059d3
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D89F16666FF0AEFF40684120E612E6218C4811F2
der
MD5: 657197014458dc5665eca673e5ef617f
SHA256: 5534553bc21178623e99b68a61d7cd7af8103cc0d5b7740b6a32b9bce5dd1674
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0C3CBA7294D34D9F717CC5E4FBD13B435F455914
compressed
MD5: 6d136310f1000aff540b4816fb2f97cd
SHA256: 5a201fa4fac1efbc7e9d75b29799488bfc8f4c7cfc385da3286a62d34eb79499
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\46875DE5FB0FB79A8F87A0F0F20D6DBE5FBE36B0
compressed
MD5: bfb3d203f2761b8ec2971083180348bd
SHA256: 9e22a0a18dc33152e54ace67eef4b44a39e35fca7c15a9a2a1f08cc35c5faba7
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\067BD128D2409E0CA75E2D71DAC96AA23D9BB601
binary
MD5: cc161621b3600b2c985e39ef531df580
SHA256: e3d9f700fd84fdc3b86bf68ad04018c9c26513c2fe9719c011a49479d7cb840f
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AEEE8F3733FC40F91029E00C34B891A117586D9F
binary
MD5: b07085fc445f4c1a5e3428839c43f930
SHA256: eb0cf33aea48d025d6dff0169d375e3409180819cd283c04b74565466ce34e58
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DE77B61058A64CC0A4B9727F4053CD0975BDA958
der
MD5: 8dea0b5990dc1895245ee82b4580d8b5
SHA256: d02dc1d8e375e9e5339880b72668899d9f76248bb981ddf9abea60195c39711b
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C075DEA4A5660DABFF8361D51EBA934EEF877961
compressed
MD5: 5d3d30bda4504454be52583b84787727
SHA256: 711cc317ac8edb4e7fb83df7d5549286772c57d64c8d542f2f7d355440428e96
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: 353fdb54e6f88a861609fbc7dfbf9a84
SHA256: 20fc5d74b6cc894c46d08482246e5646cef984fe41517124fe555ed9b5f224ea
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AD5B4ECEFA41DDFDC46B18347B760A5BE2821278
der
MD5: e2024f90a22a2b05fab50ac9497e161b
SHA256: 1b38714f2531df454a397d7357e4de9a5af9d09987dfaf2b71916e4869bbeb7c
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8B327963ACCF2221619FEB1C40108F264EDBBDEE
binary
MD5: fbab549e12973bf8f538ae184fc7e20d
SHA256: e4f5d2b13521491ac6a577f189171b260a168a85c353aa771e201f16ad068086
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\682C68059E13BF1E930BD11F6234F21FD2921938
binary
MD5: daa121585239ad861132b383ddd92426
SHA256: 9f7a2678fbc88abbabb9417a34fc98440f519a020782eabf53fa08283c9f971d
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: e326cacec6ae133c5338d29dcbfc1e89
SHA256: bfaac5f2f72769dfdc1c1110a786479748df785da24ced12bd0df0f2bba9a36e
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 2891330cbb7a0d51dd0145c00d78daf2
SHA256: 4be63deb571dd78e0b7e11918a34fd61a88ed47e5359fc535d4b3cca4c84a70f
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4
jsonlz4
MD5: 52e8bc6c145ebbc19b7a267158131fdf
SHA256: d9109ee83aa0203116411da7674ea657ba4a6a506bf9631127b76afd42bfea27
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
jsonlz4
MD5: 7337d087ec76e87a76778b4eec5e8e63
SHA256: aa4398d1716aadeb35a4ddddc4e7d2429c71defd15cb45401938889f5b2f05e0
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.tmp
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\FE7AD0EC425A6F038725F6EB6C2A3E4216DA086F
der
MD5: 2c660b9173d4de1266ee35634338c43e
SHA256: eb77d5e981447cbfa3d007a3bb17774c43ad12509af7b50d150898e26baad652
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: f95e94c0c53bc71fa6468deb83047835
SHA256: 74ed3ea35e929efe70b7d7daaf942af9f835ebcb8d84e0e07fe18542c4394289
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.tmp
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 4491c46c8155f91207af1e5a7ef6acb9
SHA256: 99f8f0aab8874a55efe5c60fa0ad9ac369cf015390139915466a7c9fd965dc8d
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C7E64EAA515C5F94DAA01D1BDC9831D22075FF4F
binary
MD5: 231e0d34705c91c9209ff8576bfaf7ef
SHA256: 6e4484303e0cbdfc5cbb98f704db1a960de74aea008b03b58eb38a17db60017e
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A19EF251B8E2975412E9DD711DE211EC925C8048
binary
MD5: 8cf09c42f280ece143fa6c3606a4cada
SHA256: d446ca2aae638a55f62802bb69727faf31c5b34690875808f7dc77e3e55b59f5
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F2FA369D8C8B1D96BF3BA6C0903CEA55E09E780F
image
MD5: f317dc4ba09bd026573cc77ba7389fe3
SHA256: 6fec44da0be36b04da5322a9d1cba0d079e3e9bf9c7c4792e73e9664c4fbe51c
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
binary
MD5: 3d1ce5e50208f0cb3b979186043a548f
SHA256: 1e13d05d482c3d533dc6035af2b2d6e84749412a5748d1435b70cec8b312340b
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
binary
MD5: 3675254e341df799d4307c1f59109185
SHA256: 23d108134bed6099793f7dd6b8b6e62081ec3b945efdbc7c5e0e779fd9b82f98
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\49968F5AAF6C3D4E162E052C301E673D6E1D2552
binary
MD5: 64ba102a8c116cf027cfabcc26b8e825
SHA256: fb34529f5e258d794e7752c8f0a5cbd558b23efac97719d85ffdc23562025c89
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
binary
MD5: 051fb32dece757ba112ac36dc72e3a91
SHA256: 0806d98fb3de55f75d7c0b17e26146567e08c483031526659a4a35d09b97ef19
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
binary
MD5: d772261ff33497d3681e094f23282ffe
SHA256: 8ee76fa11d5a67f0c93766da3b1ac0c942020afba15b55a8750a896292cf4dce
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
binary
MD5: e2cf527ca7550b7e7bdf7311e483a2c3
SHA256: f1e07b1d717433f47073dc54a7d98e3e87b3d0fa88e53466f93ea544af885d11
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
binary
MD5: d6acf2573e12afdd7939568804d3fcc1
SHA256: 5525cbf8f8dc41d19ac632ed324e55293a510ae0eeba16d0e3f33c707aa58a0c
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.pset
binary
MD5: 72e2352f7976b0dd90f2a68047493b8c
SHA256: e0d74336b6c041b6087a697dd7f65fa1da7ea035e202e3d977cc6a7e5bdc13a8
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
binary
MD5: eb744b05b13e9410146dab0bd459efa0
SHA256: bfde7f131200eb06c1d54b03d2ce1be1ff31062e8009c937243464712dcd2d50
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
binary
MD5: ddf263974b1925672d369bbcc8f830de
SHA256: 92a7323dd7eb199618a1e2e823a71919285a70196bfe627808c66cf1c1f3c8e3
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
binary
MD5: 778202e2ee08f4b4073413c0b03e05fc
SHA256: 33147037ce75ec0a48b3da60d619bc76c2471f5f20c15f9d075671de2067cfb0
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
binary
MD5: 498dae4e538658a57f464748f2dabfda
SHA256: 8778f52cd9cb4f4787bf7ba18006d212f8c3004652d163f7786556a8eef3a067
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
binary
MD5: 7655fffe7cfbe1ebf96afea5fe2e1376
SHA256: ff2f663c4e453706b7817109f6a43e8b3389e8cfb1b7d64aace2bfba45f3a359
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.pset
binary
MD5: e608435b687616692a96462e1ac26756
SHA256: 6aa8ee3813d86411d8073a4c2f850b1e8e734c3759d860cbe54ec7f378a82a52
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.pset
binary
MD5: 844aff63a5f67cd54d9814b7b54abf18
SHA256: 8985970b72a7bcfcf54c4a2474c36ea9a911ab3672881ee299d58f5a4e64e690
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
binary
MD5: 704df61fa2e3f587b268ad85126bc689
SHA256: 7e97db3c9370a35f59a6a649e6cf608e4f5ed572f87f433ea652977ac2cc48d5
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
binary
MD5: 6f85bc4b2ecb49e26b0bd83a821065d0
SHA256: c0b3bc9b3dc507ab654caf72d13c3aefa58c9b13b1e4d14dd8816712d80a7e54
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1267AA3C9F66A72123B6E3A4852F5C9DF399A6AB
ini
MD5: 931fd13d3ec6d2ff86c5ca4be14592c6
SHA256: 41de9b7309375089da6e96272871f9eeb7fae294b5ff26bb17fa308c3d788583
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
binary
MD5: ba0009932844173bc8f9af264229df24
SHA256: 66d1c00c04d86e313e9a02775cdf906b1be8d4cd6bef423a1b9e21cc4e9f50c1
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
binary
MD5: c921d8e98fa01b4f303481e112202e92
SHA256: 4ef1038730ec8bc7206713c29a936768831b922c5e6c83355fd62d7401d8c1dc
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore
binary
MD5: 04824a1f92353f43ebb9e7f74b7476fd
SHA256: b48e58ebab82e4c376f16150a3fff850c1111ff1f5985d68819cfd6f0db159d2
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6927152C44D9561F4BABF936DDD3FAD273F1E88C
der
MD5: 4e15ca5ff82e7aa1ed94b00c4978f0f4
SHA256: 2e60f565fd6bd10787d2cf5d0554eea812c5378b1f432517f03c6f78cdcf2a24
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore
binary
MD5: 0e8fe60ccd7e9b4c32589a5743a95302
SHA256: 2b124d4026850a3cffd28dbacb58aec28f7dcd4d40bc14e52bbe96d60ce4e749
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
binary
MD5: 23e438fd4af1829d4469ff8d0bc83854
SHA256: 96e0d7644aea81d26f039ae633eb405583e11b020363090dac5cad9b4b188846
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore
binary
MD5: d886a47c89d9c49c795da345bc236990
SHA256: a03c5e2656d2f292bf5794c8eeb8d223cd6ba4f4bfb2ed1f325460e879d0bcf7
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 5ef7ec1469e0fbaf1fe4c8c3905f2c80
SHA256: 0650aff1cca7bd0084e817d9289c9591bc5135f36cc2a81954fd83474a7a94ff
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA256: 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA256: 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 78758bc348aaa007a0d29daf59576199
SHA256: b3ea7bb99f42838fb83183420234d778575ca24b0058227b81215a2329afae28
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.bin
binary
MD5: 79262a046a800bc3c3125ff94893cc51
SHA256: ea78cb0e02ca9bd0dc9ae055b82486e63ed4643a53717970a20d5fed7d18a51e
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-current.bin
binary
MD5: 82f61c08d68502377826ca7ea054cea7
SHA256: 85801bce5d7ce3a2abc14e3208151ac9d324a6ea82fb2ada1d10baa8ef58e7df
860
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
––
MD5:  ––
SHA256:  ––
2596
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{F224DF39-5F42-11E9-B63D-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
2596
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFC24E8216EDFDB205.TMP
––
MD5:  ––
SHA256:  ––
3380
iexplore.exe
C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log
text
MD5: d2e436eba3ab72464d22dfdf4e185dd7
SHA256: 3a8650ffc7ae437c1854ecc1d3c1b729bf4c5171848dfca465384bdad9e0ce3d
2596
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{F224DF3A-5F42-11E9-B63D-5254004A04AF}.dat
binary
MD5: 486170417371d141f9f6a52c6a7f352c
SHA256: cf2c6ea587543652c4542337c37df738fea6615e32fde71e84b8f158a69a321e
2596
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFF62FED7CE15F9DB3.TMP
––
MD5:  ––
SHA256:  ––
2596
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{F8E220DC-5F42-11E9-B63D-5254004A04AF}.dat
binary
MD5: eb2458893f167582956c0ec497e55615
SHA256: e10a6d24fa7c467f6ec810ea112c51cef7141e0d49d402794ea024c7082c1770
2596
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{F8E220DD-5F42-11E9-B63D-5254004A04AF}.dat
binary
MD5: 33ff53a36a13cf8e87c6ea161630efdf
SHA256: 70ac5d8859169e207fa2c2f00814bc26d59de02fa0150b7ca234acda9b0ab80d
2596
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF2BE0E6FEF3A93AB0.TMP
––
MD5:  ––
SHA256:  ––
2596
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFAF829D83201335E5.TMP
––
MD5:  ––
SHA256:  ––
2596
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2596
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2596
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
––
MD5:  ––
SHA256:  ––
860
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: 9e7aa2cfbc7cd95a798603c091c91514
SHA256: f566d1b6f307c70d5ed2700aa275b01940d1f3d56e2e24082a1a44141ce7959f

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
28
TCP/UDP connections
60
DNS requests
150
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2596 iexplore.exe GET 200 13.107.21.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
860 firefox.exe GET 200 2.16.186.50:80 http://detectportal.firefox.com/success.txt unknown
text
whitelisted
860 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
860 firefox.exe POST 200 216.58.207.35:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
860 firefox.exe POST 200 173.223.106.130:80 http://ocsp.comodoca.com/ NL
binary
der
whitelisted
860 firefox.exe POST 200 2.16.186.11:80 http://ocsp.int-x3.letsencrypt.org/ unknown
binary
der
whitelisted
860 firefox.exe POST 200 173.223.106.130:80 http://ocsp.comodoca.com/ NL
binary
der
whitelisted
860 firefox.exe POST 200 104.18.24.243:80 http://ocsp.msocsp.com/ US
binary
der
whitelisted
860 firefox.exe POST 200 104.18.24.243:80 http://ocsp.msocsp.com/ US
binary
der
whitelisted
860 firefox.exe POST 200 104.18.24.243:80 http://ocsp.msocsp.com/ US
binary
der
whitelisted
860 firefox.exe POST 200 104.18.24.243:80 http://ocsp.msocsp.com/ US
binary
der
whitelisted
860 firefox.exe POST 200 173.223.106.130:80 http://ocsp.comodoca.com/ NL
binary
der
whitelisted
860 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
860 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
860 firefox.exe POST 200 104.18.24.243:80 http://ocsp.msocsp.com/ US
binary
der
whitelisted
860 firefox.exe POST 200 104.18.24.243:80 http://ocsp.msocsp.com/ US
binary
der
whitelisted
860 firefox.exe POST 200 104.18.24.243:80 http://ocsp.msocsp.com/ US
binary
der
whitelisted
860 firefox.exe POST 200 104.18.24.243:80 http://ocsp.msocsp.com/ US
binary
der
whitelisted
860 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
860 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
860 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
860 firefox.exe POST 200 216.58.207.35:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
860 firefox.exe POST 200 216.58.207.35:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
860 firefox.exe POST 200 2.16.186.11:80 http://ocsp.int-x3.letsencrypt.org/ unknown
binary
der
whitelisted
860 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
860 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
860 firefox.exe GET 200 2.16.186.50:80 http://detectportal.firefox.com/success.txt unknown
text
whitelisted
860 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
–– –– 2.16.186.9:445 Akamai International B.V. –– whitelisted
2596 iexplore.exe 13.107.21.200:80 Microsoft Corporation US whitelisted
–– –– 2.16.186.35:445 Akamai International B.V. –– whitelisted
–– –– 2.16.186.35:139 Akamai International B.V. –– whitelisted
860 firefox.exe 2.16.186.50:80 Akamai International B.V. –– whitelisted
860 firefox.exe 34.213.175.109:443 Amazon.com, Inc. US unknown
860 firefox.exe 52.10.122.55:443 Amazon.com, Inc. US unknown
860 firefox.exe 13.32.159.2:443 Amazon.com, Inc. US unknown
860 firefox.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
860 firefox.exe 172.217.21.234:443 Google Inc. US whitelisted
860 firefox.exe 216.58.207.35:80 Google Inc. US whitelisted
860 firefox.exe 40.115.227.80:443 Microsoft Corporation JP unknown
860 firefox.exe 104.19.199.151:443 Cloudflare Inc US shared
860 firefox.exe 209.197.3.15:443 Highwinds Network Group, Inc. US whitelisted
860 firefox.exe 205.185.208.52:443 Highwinds Network Group, Inc. US unknown
860 firefox.exe 35.229.33.240:443 US unknown
860 firefox.exe 173.223.106.130:80 Akamai International B.V. NL whitelisted
860 firefox.exe 2.16.186.11:80 Akamai International B.V. –– whitelisted
860 firefox.exe 40.126.9.65:443 Microsoft Corporation US whitelisted
–– –– 209.197.3.15:443 Highwinds Network Group, Inc. US whitelisted
860 firefox.exe 102.132.97.27:443 –– unknown
860 firefox.exe 184.31.91.84:443 Akamai International B.V. NL unknown
860 firefox.exe 95.216.15.24:443 Hetzner Online GmbH DE unknown
860 firefox.exe 104.18.24.243:80 Cloudflare Inc US shared
860 firefox.exe 13.107.246.10:443 Microsoft Corporation US whitelisted
860 firefox.exe 52.26.235.130:443 Amazon.com, Inc. US unknown
860 firefox.exe 13.32.219.91:443 Amazon.com, Inc. US unknown
860 firefox.exe 52.43.79.30:443 Amazon.com, Inc. US unknown
860 firefox.exe 35.166.184.180:443 Amazon.com, Inc. US unknown
860 firefox.exe 172.217.21.238:443 Google Inc. US whitelisted
860 firefox.exe 13.32.219.249:443 Amazon.com, Inc. US unknown
860 firefox.exe 172.217.135.38:443 Google Inc. US unknown
860 firefox.exe 13.32.219.90:443 Amazon.com, Inc. US unknown
860 firefox.exe 192.185.48.203:443 CyrusOne LLC US unknown
860 firefox.exe 52.26.72.3:443 Amazon.com, Inc. US unknown
–– –– 40.115.227.80:443 Microsoft Corporation JP unknown
860 firefox.exe 54.68.141.132:443 Amazon.com, Inc. US unknown

DNS requests

Domain IP Reputation
static-global-s-msn-com.akamaized.net 2.16.186.9
2.16.186.35
whitelisted
www.bing.com 13.107.21.200
204.79.197.200
whitelisted
dns.msftncsi.com 131.107.255.255
whitelisted
detectportal.firefox.com 2.16.186.50
2.16.186.112
whitelisted
a1089.dscd.akamai.net 2.16.186.112
2.16.186.50
whitelisted
search.services.mozilla.com 34.213.175.109
52.88.150.81
35.166.112.39
whitelisted
search.r53-2.services.mozilla.com 35.166.112.39
52.88.150.81
34.213.175.109
whitelisted
tiles.services.mozilla.com 52.10.122.55
52.35.250.5
52.34.132.219
52.43.91.152
52.39.131.77
52.43.40.243
52.26.103.165
52.88.59.160
whitelisted
tiles.r53-2.services.mozilla.com 52.88.59.160
52.26.103.165
52.43.40.243
52.39.131.77
52.43.91.152
52.34.132.219
52.35.250.5
52.10.122.55
whitelisted
snippets.cdn.mozilla.net 13.32.159.2
whitelisted
drcwo519tnci7.cloudfront.net No response whitelisted
ocsp.digicert.com 93.184.220.29
whitelisted
cs9.wac.phicdn.net 93.184.220.29
whitelisted
safebrowsing.googleapis.com 172.217.21.234
whitelisted
ocsp.pki.goog 216.58.207.35
whitelisted
pki-goog.l.google.com 216.58.207.35
whitelisted
admof.blob.core.windows.net 40.115.227.80
unknown
blob.ty1prdstr01a.store.core.windows.net 40.115.227.80
unknown
spamegy.club 35.229.33.240
suspicious
maxcdn.bootstrapcdn.com 209.197.3.15
whitelisted
code.jquery.com 205.185.208.52
whitelisted
cdnjs.cloudflare.com 104.19.199.151
104.19.196.151
104.19.195.151
104.19.197.151
104.19.198.151
whitelisted
cds.j3z9t3p6.hwcdn.net 209.197.3.15
whitelisted
cds.s5x3j6q5.hwcdn.net 205.185.208.52
malicious
ocsp.comodoca.com 173.223.106.130
173.223.106.138
whitelisted
a652.dscb.akamai.net No response whitelisted
ocsp.int-x3.letsencrypt.org 2.16.186.11
2.16.186.9
whitelisted
a771.dscq.akamai.net No response whitelisted
login.microsoftonline.com 40.126.9.65
40.126.9.7
40.126.9.67
whitelisted
stackpath.bootstrapcdn.com 209.197.3.15
whitelisted
scontent-hbe1-1.xx.fbcdn.net 102.132.97.27
unknown
secure.aadcdn.microsoftonline-p.com 184.31.91.84
whitelisted
www.freeiconspng.com 95.216.15.24
unknown
gwmigprda.aadg.windows.net.nsatc.net 40.126.9.67
40.126.9.7
40.126.9.65
suspicious
freeiconspng.com 95.216.15.24
whitelisted
e13761.dscg.akamaiedge.net 184.31.91.84
whitelisted
ocsp.msocsp.com 104.18.24.243
104.18.25.243
whitelisted
ocsp.globalsign.cloud 104.18.25.243
104.18.24.243
malicious
aadcdn.msauth.net 13.107.246.10
unknown
standard.t-0001.t-msedge.net 13.107.246.10
unknown
www.amazon.de 13.32.141.163
whitelisted
www.facebook.com 157.240.1.35
whitelisted
www.youtube.com 172.217.18.14
216.58.207.46
172.217.16.142
172.217.22.46
172.217.22.78
172.217.22.110
216.58.210.14
172.217.23.174
216.58.205.238
whitelisted
star-mini.c10r.facebook.com 157.240.1.35
whitelisted
youtube-ui.l.google.com 216.58.205.238
172.217.23.174
216.58.210.14
172.217.22.110
172.217.22.78
172.217.22.46
172.217.16.142
216.58.207.46
172.217.18.14
whitelisted
djvbdz1obemzo.cloudfront.net 13.32.141.163
unknown
www.wikipedia.org 91.198.174.192
whitelisted
www.reddit.com 151.101.1.140
151.101.65.140
151.101.129.140
151.101.193.140
whitelisted
www.ebay.de 2.18.234.244
unknown
reddit.map.fastly.net 151.101.193.140
151.101.129.140
151.101.65.140
151.101.1.140
whitelisted
e11847.g.akamaiedge.net No response unknown
www.mozilla.org.cdn.cloudflare.net 104.16.40.2
104.16.41.2
whitelisted
www.mozilla.org 104.16.41.2
104.16.40.2
whitelisted
shavar.services.mozilla.com 52.26.235.130
34.223.207.155
52.42.83.187
52.24.56.107
35.160.78.190
52.33.113.226
35.160.231.181
54.187.144.104
whitelisted
shavar.prod.mozaws.net 54.187.144.104
35.160.231.181
52.33.113.226
35.160.78.190
52.24.56.107
52.42.83.187
34.223.207.155
52.26.235.130
whitelisted
tracking-protection.cdn.mozilla.net 13.32.219.91
13.32.219.20
13.32.219.178
13.32.219.16
whitelisted
d1zkz3k4cclnv6.cloudfront.net No response whitelisted
aus5.mozilla.org 52.43.79.30
54.148.123.234
35.164.82.230
34.218.159.169
54.186.118.41
52.32.77.100
54.148.138.18
34.214.241.105
whitelisted
push.services.mozilla.com 35.166.184.180
unknown
balrog-aus5.r53-2.services.mozilla.com 34.214.241.105
54.148.138.18
52.32.77.100
54.186.118.41
34.218.159.169
35.164.82.230
54.148.123.234
52.43.79.30
whitelisted
autopush.prod.mozaws.net 35.166.184.180
whitelisted
redirector.gvt1.com 172.217.21.238
whitelisted
d2k03kvdk5cku0.cloudfront.net No response whitelisted
firefox.settings.services.mozilla.com 13.32.219.249
13.32.219.155
13.32.219.222
13.32.219.65
whitelisted
r1---sn-p5qlsndr.gvt1.com 172.217.135.38
whitelisted
r1.sn-p5qlsndr.gvt1.com 172.217.135.38
whitelisted
content-signature.cdn.mozilla.net 13.32.219.90
13.32.219.120
13.32.219.41
13.32.219.181
whitelisted
d12uj65dsn9ho1.cloudfront.net 13.32.219.181
13.32.219.41
13.32.219.120
13.32.219.90
whitelisted
dwsproject.org 192.185.48.203
unknown
incoming.telemetry.mozilla.org 52.26.72.3
52.39.195.123
52.27.23.108
52.34.248.21
52.36.71.24
52.34.167.99
52.41.57.47
52.89.114.227
whitelisted
pipeline-edge-prod-25-561439127.us-west-2.elb.amazonaws.com No response shared
safebrowsing.google.com 216.58.207.46
whitelisted
en-us.phish-error.mozilla.com 63.245.208.212
unknown
www.antiphishing.org 54.191.217.223
whitelisted
sb.l.google.com No response whitelisted
redirects.public.mdc1.mozilla.com 63.245.208.212
unknown
prod-tp.sumo.moz.works 52.11.28.134
52.24.47.144
unknown
developers.google.com 172.217.21.238
whitelisted
support.mozilla.org 52.24.47.144
52.11.28.134
whitelisted
www3.l.google.com No response whitelisted

Threats

No threats detected.

Debug output strings

No debug info.