http://www.selectaward.com/presentationtips

Interactive malware hunting service

General Info

URL: http://www.selectaward.com/presentationtips

Full analysis: https://app.any.run/tasks/27756d42-b1cf-4df1-82f2-788a8e1a78fc

Verdict: Malicious activity

Analysis date: 08/11/2019, 12:18:05

OS:: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration: 120 seconds

Additional time used: 60 seconds

Fakenet option: off

Heavy Evaision option: off

MITM proxy: off

Route via Tor: off

Network geolocation: off

Privacy: Public submission

Autoconfirmation of UAC: on

Software preset

Internet Explorer 8.0.7601.17514
Adobe Acrobat Reader DC MUI (15.023.20070)
Adobe Flash Player 26 ActiveX (26.0.0.131)
Adobe Flash Player 26 NPAPI (26.0.0.131)
Adobe Flash Player 26 PPAPI (26.0.0.131)
Adobe Refresh Manager (1.8.0)
CCleaner (5.35)
FileZilla Client 3.36.0 (3.36.0)
Google Chrome (75.0.3770.100)
Google Update Helper (1.3.34.7)
Java 8 Update 92 (8.0.920.14)
Java Auto Updater (2.8.92.14)
Microsoft .NET Framework 4.7.2 (4.7.03062)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
Notepad++ (32-bit x86) (7.5.1)
Opera 12.15 (12.15.1748)
Skype version 8.29 (8.29)
Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
VLC media player (2.2.6)
WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

Client LanguagePack Package
Client Refresh LanguagePack Package
CodecPack Basic Package
Foundation Package
IE Troubleshooters Package
InternetExplorer Optional Package
KB2534111
KB2999226
KB4019990
KB976902
LocalPack AU Package
LocalPack CA Package
LocalPack GB Package
LocalPack US Package
LocalPack ZA Package
ProfessionalEdition
UltimateEdition

Behavior activities

MALICIOUS	SUSPICIOUS	INFO
No malicious indicators.	Creates files in the program directory firefox.exe (PID: 2668)	Reads Internet Cache Settings firefox.exe (PID: 2668) Application launched itself firefox.exe (PID: 2668) firefox.exe (PID: 1608) Creates files in the user directory firefox.exe (PID: 2668) Reads CPU info firefox.exe (PID: 2668)

MALICIOUS

SUSPICIOUS

INFO

No malicious indicators.

Creates files in the program directory

firefox.exe (PID: 2668)

Reads Internet Cache Settings

firefox.exe (PID: 2668)

Application launched itself

firefox.exe (PID: 2668)
firefox.exe (PID: 1608)

Creates files in the user directory

firefox.exe (PID: 2668)

Reads CPU info

firefox.exe (PID: 2668)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Screenshot of unknown taken from 15866 ms from task started

Screenshot of unknown taken from 16877 ms from task started

Screenshot of unknown taken from 18880 ms from task started

Screenshot of unknown taken from 26915 ms from task started

Screenshot of unknown taken from 32945 ms from task started

Screenshot of unknown taken from 40962 ms from task started

Screenshot of unknown taken from 42964 ms from task started

Screenshot of unknown taken from 44974 ms from task started

Screenshot of unknown taken from 47995 ms from task started

Screenshot of unknown taken from 48996 ms from task started

Screenshot of unknown taken from 51045 ms from task started

Screenshot of unknown taken from 53055 ms from task started

Screenshot of unknown taken from 54065 ms from task started

Screenshot of unknown taken from 56082 ms from task started

Screenshot of unknown taken from 62117 ms from task started

Screenshot of unknown taken from 64123 ms from task started

Screenshot of unknown taken from 67123 ms from task started

Screenshot of unknown taken from 68124 ms from task started

Screenshot of unknown taken from 71142 ms from task started

Screenshot of unknown taken from 72143 ms from task started

Screenshot of unknown taken from 74143 ms from task started

Screenshot of unknown taken from 76160 ms from task started

Screenshot of unknown taken from 78160 ms from task started

Screenshot of unknown taken from 80169 ms from task started

Processes

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

–

Specs description

Program did not start

Integrity level elevation

Task сontains an error or was rebooted

Process has crashed

Task contains several apps running

Executable file was dropped

Debug information is available

Process was injected

Network attacks were detected

Application downloaded the executable file

Actions similar to stealing personal data

Behavior similar to exploiting the vulnerability

Inspected object has sucpicious PE structure

File is detected by antivirus software

CPU overrun

RAM overrun

Process starts the services

Process was added to the startup

Behavior similar to spam

Low-level access to the HDD

Probably Tor was used

System was rebooted

Connects to the network

Known threat

Process information

Click at the process to see the details.

PID: 1608

CMD: "C:\Program Files\Mozilla Firefox\firefox.exe" "http://www.selectaward.com/presentationtips"

Path: C:\Program Files\Mozilla Firefox\firefox.exe

Indicators: No indicators

Parent process: ––

User: admin

Integrity Level: MEDIUM

Exit code: 0

Version:

Company: Mozilla Corporation

Description: Firefox

Version: 68.0.1

Modules

Image
c:\program files\mozilla firefox\firefox.exe
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

PID: 2668

CMD: "C:\Program Files\Mozilla Firefox\firefox.exe" http://www.selectaward.com/presentationtips

Path: C:\Program Files\Mozilla Firefox\firefox.exe

Indicators

Parent process: firefox.exe

User: admin

Integrity Level: MEDIUM

Version:

Company: Mozilla Corporation

Description: Firefox

Version: 68.0.1

Modules

Image
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\program files\mozilla firefox\nss3.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\winnsi.dll
c:\program files\mozilla firefox\firefox.exe
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\psapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winsta.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\progra~1\mozill~1\nssckbi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\actxprxy.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\icm32.dll

PID: 912

CMD: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2668.0.43858104\646726711" -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2668 "\\.\pipe\gecko-crash-server-pipe.2668" 1176 gpu

Path: C:\Program Files\Mozilla Firefox\firefox.exe

Indicators: No indicators

Parent process: firefox.exe

User: admin

Integrity Level: MEDIUM

Version:

Company: Mozilla Corporation

Description: Firefox

Version: 68.0.1

Modules

Image
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll

PID: 4020

CMD: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2668.3.1313555930\489307633" -childID 1 -isForBrowser -prefsHandle 1708 -prefMapHandle 1364 -prefsLen 1 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2668 "\\.\pipe\gecko-crash-server-pipe.2668" 1668 tab

Path: C:\Program Files\Mozilla Firefox\firefox.exe

Indicators

Parent process: firefox.exe

User: admin

Integrity Level: LOW

Version:

Company: Mozilla Corporation

Description: Firefox

Version: 68.0.1

Modules

Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID: 2492

CMD: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2668.13.1389795052\815133544" -childID 2 -isForBrowser -prefsHandle 2876 -prefMapHandle 2880 -prefsLen 5996 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2668 "\\.\pipe\gecko-crash-server-pipe.2668" 2892 tab

Path: C:\Program Files\Mozilla Firefox\firefox.exe

Indicators

Parent process: firefox.exe

User: admin

Integrity Level: LOW

Version:

Company: Mozilla Corporation

Description: Firefox

Version: 68.0.1

Modules

Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\devobj.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

PID: 2408

CMD: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2668.20.960444354\1372974361" -childID 3 -isForBrowser -prefsHandle 3836 -prefMapHandle 3856 -prefsLen 7195 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2668 "\\.\pipe\gecko-crash-server-pipe.2668" 3868 tab

Path: C:\Program Files\Mozilla Firefox\firefox.exe

Indicators

Parent process: firefox.exe

User: admin

Integrity Level: LOW

Version:

Company: Mozilla Corporation

Description: Firefox

Version: 68.0.1

Modules

Image
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wship6.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

Registry activity

Total events

587

Read events

Write events

Delete events

Modification events

PID

Process

Operation

Key

Name

Value

1608

firefox.exe

write

HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher

C:\Program Files\Mozilla Firefox\firefox.exe|Launcher

7F10FC1703000000

2668

firefox.exe

write

HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher

C:\Program Files\Mozilla Firefox\firefox.exe|Browser

8623FF1703000000

2668

firefox.exe

write

HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher

C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry

2668

firefox.exe

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

ProxyEnable

2668

firefox.exe

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

SavedLegacySettings

4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000

Files activity

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID

Process

Filename

Type

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4.tmp

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\aborted-session-ping.tmp

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json.tmp

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4.tmp

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite-journal

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json.tmp

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.vlpset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto-1.vlpset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-backup

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto-1.vlpset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto-1.vlpset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.vlpset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.vlpset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.vlpset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto-1.vlpset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\startupCache.4.little

compressed

MD5: 55b0096208a22d958af0caba35cefa9f

SHA256: 3906197c969402ce138b2966078a4e5f0654217d86574d27db9e6b801ca2b79c

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json

text

MD5: ac415c039126bde7c6c03168c7aa3160

SHA256: b01ae4f76703f2921d384c78239a252273e755c22f00d3d84b31390da31cf988

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4

jsonlz4

MD5: 64dbf125486db93c0b80036a6715ce16

SHA256: a8ee8ed9b65bce6257cd366ea88b493bf22d08c4af81c392b92e99d92d964d4d

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js

text

MD5: 2be6301f0fe8889f416ad45464eedf98

SHA256: 790b4ab230feeaa8a93c875f360949b87ebb70449b41aba992a9ea7f34437d72

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db

sqlite

MD5: 7febf7d22a6e362f04c04f5eadaf330f

SHA256: dc26ab279748f71d7a72c25a18098fa39a7f39ad820d319afba01e5814a0c8d2

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\aborted-session-ping

text

MD5: 016c573cf4a442c694fbc19b594f4bc1

SHA256: 935233b222ce63773d68ab5ea6d7acb4dc9a2991f1c8ed0f64a4bf1249ecbf1a

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4

jsonlz4

MD5: 694cebb643031662a45f590fe52402ea

SHA256: df02bcdd3ecce4f8597dd8a105c78ad1d8961c0b1f3b14f1c145bca38cf911a4

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4

jsonlz4

MD5: a6338865eb252d0ef8fcf11fa9af3f0d

SHA256: 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7F7D9D52FC321F26906DA62EE714E412DE509318

htm

MD5: 51699cfbdfaef25fd2e8b86626d9b4f8

SHA256: 374f5b65ec7662bd8877a9c6edda307cae03d96e7ea3c85de0beaa8661c07709

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json

text

MD5: 9cf5e9e40b5f764838f42c8f2721957f

SHA256: ad9889206f043a9d31af59d6db2a74d9680930c009a560e8cd158bafa271af8f

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A644302743DE1602C9FFC7FDCD8558A55B833483

htm

MD5: 028280198da3ffec309c91c22aa82312

SHA256: 03715ba397f7034c36b2570c02eda4b1e49aba4fd09e70388d51d54f11ccc27f

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A919BFDB437193C9CFE258DACE163E0997FA8E62

binary

MD5: b04a5e50a7bce095c58f6812c07de1c0

SHA256: 80964712244a6bdc8b69e6a199e921d1b3c319d6160f8c4ce5c5b83745353418

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1B0E68F37187123FFF4B01524068A8D9F838F8A1

image

MD5: eab54fb839f5fef5d561f594d5a90243

SHA256: 2b940becd5832df9363faf5566851ad271bf37ee4185d0c106d0b90b96300130

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B18997EA2C1B18B70EE4613BD3CFB29AEEAC5C54

image

MD5: 72ea14b18b605ca8e7bcf70dca3f104a

SHA256: a07173add23a2b9309303de0d370029df094f5093bb18c68c7ba644aac6b9d0d

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\FDAD1B89E596747CAED235BD515B1C90C704AFCC

image

MD5: 9d0555e891211034f8a6aa0c837997d1

SHA256: 17dd4ea6a51cafe67d928b2992753319de1f8158ef92fb883d9e306f13ab4940

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D76B00C9B64B3391E1272DE628B9110B748C90B2

image

MD5: 56fc92838bc9df8e362997210b6c95c2

SHA256: fe2b041a0e75f020d1fbaa6f2c5a4988e903462f7c32ba82ac2b42a20d21d704

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A6A06A911FDF0442DF16564B09EB8E97BBB9645D

image

MD5: 9b52567c15d8e30dc535a059b809301f

SHA256: 7c3f8d9c93c1fc5dc353baca6647d0401c97cb212ebc0371a68eeafc5a868614

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0BBECF02E6000470EC46F4C6FD07BAE598C707F5

image

MD5: 8de5387b92b8886aa5ebf4ca40afa919

SHA256: e2d709b0071e73024f887c5325a517c7a764bc704e5d9b78259a2c84a06d4e1d

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\76C949DC4B6289A0B4F4ED898579B2D5C6242988

image

MD5: aa65e7ded5d975589336a8684f4d6602

SHA256: 55c1d69cb934d47eff34a81042be29dbde5eebc7f468b8002ecfae04b0380bd5

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7FC4388BE3F6F5E6D227E1410F7D2C0C3D5A5213

image

MD5: ac3dd429c8df0e6f7cf895f14583e78f

SHA256: dbff42578e70ccec96d74f61006f29fc54511e46d9352e7db3f92ebb47344e64

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6D9B36DBDCE157C12B2396AC35C6E8AAE184D2C8

image

MD5: 81e26b162bc7b3bf5b98f4dcd65067f5

SHA256: 067a0bc36cff4569ced9ff164084c09e4c321317f7ded3f82d0b409e879405e8

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0737BFDB7B1830A5C293A08D8C4A04C2FC0F6ED6

image

MD5: baf4590200face7707f6a29cde6c56cc

SHA256: 864e79bca84274e0e5abc534971fe91efd4949f35232ef14a8b445690b9625e2

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0C1CE139B09191E21F48364C90EBB9B56326AC9C

image

MD5: 7b30df6b823876ae5261cef49caa2d5c

SHA256: 4aef35d407746f2b2d5e543844210340354b84db094c88df7b11a0d6a7f1bbe3

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2A6167DDEC15E5E075A97CAE923662B0F7C17073

image

MD5: 6b45a10a8d1c8f237b59afcef4db741b

SHA256: b35f9606e0d25881bd64ec46f276c24f511ac6a85b7f64203f4031f0ffe25c41

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\10C0A7E5E54FAFFB74AC2A900BAA4049DAAE1F03

image

MD5: 9aee3cb4feb319e3c4e4757cc6aa64fc

SHA256: 6026a2b5c9ee64b98548992f3670427564b706df4f72b89d9b1065b72c7e3d7b

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8D489DD1ACFF703F1CA9D96B7276A6E9A5097742

image

MD5: 1f68a37435bf4314bf027bb174c92377

SHA256: 673fff9d940b44a13baf976de216aa4f17f9add5d1e3ab5bec535c8dc487e0a0

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5EC70513378967C17A9CB390EA4A098265989A14

image

MD5: 2f5a84b6d879ffd9740812bb58814274

SHA256: 588c903963ff1c2f69fffe8c3f01bae9ff4e0fd77c367e70f4aecb84cf6247c6

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6C0AE770DBD06AE1E9E71EB31D93D335D963BE29

image

MD5: 448ff3fccb51c463f8b452ccb3cc677d

SHA256: 3d6fdcf6958e0c0e2efac506c60b41877aa1e81c8cba274b1bdd31f68fb877ec

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\02A26BF7639A158D044C4ED5B579C46C8F832518

image

MD5: eccf972dfbd3e63c0fa5cf9f3f8167ca

SHA256: cfe03439d056f89b562902667afb69add077b3f81f6662df4f424e3e738aee15

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4E7F3A1ACE79A6C4019D03D175AA1D31F437FB52

image

MD5: 4236acbc35e8e64ccd2efbb39e6d6d9b

SHA256: a1b852df688138da48782f48e527e6d749737b4ce601f4fb8cf267b72e3ceaa2

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9421BE0AB012E918475BFA335D7C23756C81E9F2

htm

MD5: d632a98e881a8ee8e65fa1d906c5098f

SHA256: 1788b34e599ffcad3f9d79edb98b742f84a0d68c7e7fded0ebdd7a607c77d6f7

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\53622A6D9BF6B900E9B914507F7331B5498CE31F

image

MD5: 6f4a23f8394dbadb24712cb24bc384d5

SHA256: 324f636df204e0d6330db67815f5d8409bb0411dee652a65507d9d5161beb2ab

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-wal

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256-1.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256-1.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-track-digest256.pset

cdxl

MD5: 076933ff9904d1110d896e2c525e39e5

SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-track-digest256.sbstore

binary

MD5: 78dcec0cca3c5d108fda713905cb017d

SHA256: c2bcbf8269fd25481a15d67d990137ccb72e4c9af75b0aeabc884218c1105f6e

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\content-track-digest256.pset

cdxl

MD5: 076933ff9904d1110d896e2c525e39e5

SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

sqlite

MD5: 4a647f51cfb5a75fd5343fbdd93570e7

SHA256: cf5e265e39b0ccfed898c91d64cbf4c7ab78bbd14a2d05a48ad9656f683e5840

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\content-track-digest256.sbstore

binary

MD5: 9702c14e80e6dd390a450909a81d2c8f

SHA256: 92c485c737f5b403bcea9f344de23fd8a8f3ea3629b244f9499e8dad77f3d6d5

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore

binary

MD5: 9582c7d247c75c190135b8f9770b90bd

SHA256: 9936c7df1950b74f63bb7da12e40d95b20e0b8f867737442ee508945aa741ebd

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A27E0F2D24A0D51F3D1A067AE00F7F689069807D

der

MD5: 0b6cbcefe8bb48528ef85468d0ea8609

SHA256: 4d4c3410cb08378ab2f96f44d6e6e2452ba7d6c1606411c7926f39782e5819f8

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-new.bin

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-new.bin

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache.bin

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-new.bin

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\ads-track-digest256.sbstore

binary

MD5: 6e2df5e8f8fb96e4fbb3af02337dcef6

SHA256: afeae83272c9467d7407c516759977393a17d9a332a3c4786fdf6cbeb0888960

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child.bin

binary

MD5: bd09ae31284f5f39c9a1bcc966ee4992

SHA256: 5bff27b82aed4dfefa851620f78a7b6ce97825e32ddaa8e4f96b9bb950801760

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache.bin

binary

MD5: 213837e5f880a8537cdb6d177432a7cd

SHA256: f9f0c7154705af8552768eac003c3e12548c41da04b969f8371fef61e8544177

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\ads-track-digest256.pset

cdxl

MD5: 076933ff9904d1110d896e2c525e39e5

SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\analytics-track-digest256.pset

cdxl

MD5: 076933ff9904d1110d896e2c525e39e5

SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\analytics-track-digest256.sbstore

binary

MD5: 5da8f75ca7d284f87d29a9b3de7f3305

SHA256: 6f612171da4d86018ba74e660239493084b520d7f67227e9b800e6453ef8e3c5

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\broadcast-listeners.json.tmp

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\broadcast-listeners.json

text

MD5: 11431640bde861117baf57975cfa9bb6

SHA256: 8084a523aaae2e9dacbb3d899869a27c8bd920b7c877fd010b43cff81af56886

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations-1.txt

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9A3EF8133F0FA6C3DE8D839A13E7E624CC01FBCC

binary

MD5: b802d68ffe3d3aebf1ddd223288cd510

SHA256: d3ad0a63754e5cb382415631444c9f5493f7b1050af7bf4fe7268de4dd872f5c

2668

firefox.exe

C:\Users\admin\AppData\Local\Temp\mz_etilqs_UwVMBwKaSRoom7v

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Temp\mz_etilqs_VtKIaJgLu9QI5GP

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Temp\mz_etilqs_DU51NNXvDhK56bg

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\530D7C695D0CF20404B9E2774111E6E8DC295281

binary

MD5: 1a413fe64c42e764911ce485eae5e0eb

SHA256: 95fac79e29c381eb7810cddced1af003be2eeaa389c52f8e8bf4bba5a66201dd

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2A9891055DAB480C7578451E12C28484DF20BAA3

htm

MD5: ddb50f616483169fbbc11a5078c9e627

SHA256: 4669cca6de93d8cd1da5d8bee62119472ee140855f273cfb60fc951f71a808b2

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt

text

MD5: bef8ec74021a23512d2724a28c7dffa5

SHA256: f3f0fed4885bef62a9e666dd47c41b76adb1bd63a2ab14c30e524eb5d91046f6

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\ABEAA48B501FBD6A530EC9F222A741DA79987BC8

binary

MD5: 3b07bb0d723e614082386ca2539f64df

SHA256: 94bd60865902a5030e0265b13aa55ed2dbb07ca730cd44f3df3e41d4b4467673

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DBAADDBE936AB2F853A9CA618FF84448E7790B44

cer

MD5: f26c7ddfc2ff72186c0d8fde68476264

SHA256: c416f9c7f53c565816296b16c50bf7bbce5aebc57acf65eaab23b7aee933ca73

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1D934245BFF92F546D1D205CC7BEBD74CC72A72A

binary

MD5: bd2a74c4461b4ef1f62614ce4c1ab035

SHA256: ae216f68f71a2d817ec19c33edcff38c5475c2080a2a642a51ac2120e81bc9fa

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4

jsonlz4

MD5: da5a84a2615e68822fa04e81e66ea403

SHA256: 1c43e3fbd8cf850c863bba57a263da38355b9021b4a9bcc9f1d59ecaf9841ce9

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9177A730A75A3AED965C9E07E7094239DD45F8CA

cer

MD5: 609cb83df03ec6c414d8afe5d9b97b26

SHA256: 47c98a419f29fc7915c20e6db79bc15b1496142ce76a8b35b08e8242aae77f04

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F36BA6E65505B424864C5907B9DCD4FA685F2145

binary

MD5: 62d1b4a6d0f825127519aa60853fa87b

SHA256: 11471fd6db6c855215d072fe50aeaa6f9276df933e2f3d4577762bf79dc4e81d

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.tmp

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Temp\mz_etilqs_XPttLc1U49xwZUn

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\ED4CE6DCD5C1EA4EBEB3F5CE4968C13FBFBA7575

binary

MD5: 928de9b7a0a46765d72f5ad3194d1684

SHA256: ba5d5db5ccf0239beb87faf1a3ab6ade71054a1ccd53d50447cab418a7f6a35f

2668

firefox.exe

C:\Users\admin\AppData\Local\Temp\mz_etilqs_RV1gfXRqVRdBsmm

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\20389B09730504F72FC74211F1E3B3EDD49F6C91

binary

MD5: bb80d75c072dfd1930f5652a512650f4

SHA256: ddba59c34052e1c7e5b507721f2feb6cc9564c315ac0e12f40457c8b48a28ff9

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4

jsonlz4

MD5: 65a8568f72fdf05a592210c52784c82a

SHA256: 353279aec0402d3777cd400ecfa22ece3e3e882cb1e57056965db44bd1306465

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AB423DCD1B1F2AC64DFC45A9DF00554A51D532F5

binary

MD5: 8c6c771f30ee532833605a6ce463db40

SHA256: 49fd753c2e5599f00c9b932c8163ed9db930b47284e8809562ace0450c525829

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B7009CBDEBE6D3C0774EAFB6E1A0FE7E67A470B8

image

MD5: d48259f53f356b4e6483642ed7b6ff7a

SHA256: 5d2c13f238487f2e9c7463da59dcd9988f1afe830bf1d330bf5d3aceb0fcaa4b

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\04D6E68AF96624593930D3F12A2D16E9873A3EC6

image

MD5: 775627b35cb1f4a3b96f653ce4a5db7e

SHA256: 9bd9e4de39a7a39e1d23c9c06fef36763fa163f71f50ed874096a71a43ca20e5

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\587EC1E447CCF71011A76CBC36316000A45C8BEA

image

MD5: f64babab90047a1aebf07a8c2a21d807

SHA256: 7c720274edac4995051f52f5383e2374ba2c6fe1917ce834cb4c695c40cc33bf

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0544D179E914DAACAF3EE7C7761C9C8FBAB5AF3D

image

MD5: 3e54a5195031ca03b6dcd6bee096c915

SHA256: 3e1cc368497b0fe9a2ed93c53fa3571b30f93ac22c6fe35ecf02e7e6f6272813

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\77510ACC4EAD31B7C77E7615D594627A3D055D75

image

MD5: b50f660245a3b4083a40f43c4e2b9a11

SHA256: 4766401ce8cd147d222acc01a4cfd734e210036f419bb90e1b342ef078dd1d95

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B06E1D29677C5C3714B3982BF0DADEE29A0C9B96

binary

MD5: 756e32e03bd453e2ebe6bc2824453f43

SHA256: dbf318fbdd9436c9404a37c0417de6760275c97c329a83966fa65673009af27d

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\88C36AFB7B51B51AB57B2D81684E55FB4C454906

image

MD5: b7dbbed701722a44a2535bccd0a87c73

SHA256: 3e2ea5ffc884aaf76cff98861f1b09adf84cb44897dea6b978ad65015000d1d0

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B76AE19835CDEA86B521946719284134832ED132

binary

MD5: f09dff794643573a7fdc5b77a2cc70b5

SHA256: f2a29f1cdad5a37a6127c8dc271c81790997b23cba9fac86cc2ca2381d0f2cda

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\376767EF8F79280A703544B55C1FDBBA070C6C4A

image

MD5: 5fe1b5fc7336594d5062609d612609c5

SHA256: 4cea2d899363d0caba3b5c12fd5743deb08714d6592a0f6645ad1e8fdd1017e5

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\402C0CE4DF91187CB5A00B5B605444BC41F64477

image

MD5: aedd111c5f2b5aacd10533e1fd413271

SHA256: d1dca1a15e8709688ec538bb743df9aa47567fecabadbe2148b2443eb8a9a178

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B54DF4506D0E7C9EF5BCF923DDAAA00DD8B8F6E4

image

MD5: f93c41ee045ec571fc093fd49e5483d0

SHA256: a236482e0f947b79c80182c81af52c4952d049de8004d643fa90d74ce1ab5734

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EE197B20CAB0419D1C0BD23EE03034F880EDC296

image

MD5: 6cf24e9f659e833ae24f1417d5157778

SHA256: 3d55b78acd1c895135695647dbd70e9421c4419c5073dfc763ccdac9f7be1b23

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6C2DD3A4BC3F211FD943713F165115C7CBEEFB95

der

MD5: ebc5d0c2c4b66c2905dfba5cb52fc3c1

SHA256: bdddf7a90281ea86feff97f992451cf225b097ef8c03ba4331adeab0c34f496b

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\BAFB43B216B6A746600FA9F995615D463FDA24D6

binary

MD5: 1ac6f3a0fe182bd3b1c7108455bb7021

SHA256: 5d569d9880902a222be8db62a23a69b2636d60438cf4318ac89c6e372384ce17

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\BE0CCFDEED023C83BCD6BAB4E7FA39C986B3EA5A

ini

MD5: 824a529280d647547643017e735da3da

SHA256: 90938fce1a2442364ced5168181e436f7ab5462b92bc0cb1346a3e313d0925e9

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.tmp

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple-1.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A5D93CC48B83C8124FEB6A2E9448677EACA5BA86

binary

MD5: 5f84dc4431b8f1bbb5b623c9dd78943b

SHA256: 48696ca8793fac95f140a0bdf96316c0bb9ecb52309ba2c2458d22a5d13d7946

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple-1.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple-1.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4

jsonlz4

MD5: d07c6911889dd712a42cb9e4becf48d3

SHA256: 050f374024faabf4af939e96555aaa2b06af5a33eb0b70985517cfef57c79a0d

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\4630

binary

MD5: a57eac8c4e0d59d6d62c92b05e210c46

SHA256: ba0e89eca0b891a962786df3685c27588ad196a7c42c5218c3e2fa6873f31e89

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\227FE98397462CE3F5FF9D2D8D3E225F4F9B7C90

der

MD5: 933f77051df009888eaa041d83f17642

SHA256: e59e6a0a5f9811631b7f223672a0b87b5408659581a6b6ed7f7cdacdaf3f4d24

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B7CA2A2F93E531BB710D6B71A50F307FE0C68C1D

der

MD5: 4377ed020ee3804fde6ef5565cb1b41e

SHA256: a9fbbec2ec51615b53b1e218fbf01c9b5ecbbdf1b60988c5779b9d02a8ae818c

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple-1.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple-1.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple-1.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple-1.sbstore

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\29048

binary

MD5: e2ad220e176539d8470f5661a7777caa

SHA256: 48f6f4550310d8a7a573960035008a92744fd448be98fc836612c5e9c5e51938

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin

––

MD5: ––

SHA256: ––

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.bin

binary

MD5: de9496aca551ade408ef6466a11833a1

SHA256: 8f9c7fdb3e0bc01024e43a8e242468fc4dd4f74c725e32a883571635203dc10a

2668

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json

text

MD5: c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA256: 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

2668

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-current.bin

binary

MD5: 5027177f513cdae07db2330e1ded5934

SHA256: 0c53f16051e738287a4612f68e296238087627e594cfd6ddfa1fecc2e998328b

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2668	firefox.exe	GET	200	2.16.186.112:80	http://detectportal.firefox.com/success.txt	unknown	text	8 b	shared
2668	firefox.exe	GET	301	204.57.96.138:80	http://www.selectaward.com/presentationtips	US	html	167 b	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/	US	html	2.08 Kb	unknown
2668	firefox.exe	POST	200	93.184.220.29:80	http://ocsp.digicert.com/	US	binary der	83 b 471 b	shared
2668	firefox.exe	POST	200	93.184.220.29:80	http://ocsp.digicert.com/	US	binary der	83 b 471 b	shared
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/homeimages/Home_01.jpg	US	image	6.64 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/homeimages/Home_02.jpg	US	image	7.40 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/homeimages/Home_03.jpg	US	image	7.32 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/homeimages/Home_04.jpg	US	image	7.10 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/homeimages/Home_05.gif	US	image	100 b	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/homeimages/Home_06.gif	US	image	145 b	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/homeimages/Home_07.gif	US	image	1.90 Kb	unknown
2668	firefox.exe	POST	200	216.58.206.3:80	http://ocsp.pki.goog/gts1o1	US	binary der	84 b 472 b	shared
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/homeimages/Home_08.jpg	US	image	362 b	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/favicon.ico	US	image	1.37 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/Prestips3.html	US	html	511 b	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/Frame3.html	US	html	3.93 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/Frame1.html	US	html	14.2 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/navbar/NavBar_01.gif	US	image	3.63 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/navbar/NavBar_02.gif	US	image	2.45 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/navbar/NavBar_04.gif	US	image	2.18 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/navbar/NavBar_03.gif	US	image	2.34 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/navbar/NavBar_05.gif	US	image	2.19 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/navbar/NavBar_06.gif	US	image	2.50 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/navbar/NavBar_07.gif	US	image	4.39 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/handshake.jpg	US	image	21.7 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/manshake.jpg	US	image	20.5 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/Present.jpg	US	image	17.7 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/checklist.jpg	US	image	19.2 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/navbar/NavBar_01over.gif	US	image	3.62 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/navbar/NavBar_02over.gif	US	image	2.44 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/navbar/NavBar_04over.gif	US	image	2.17 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/navbar/NavBar_03over.gif	US	image	2.33 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/navbar/NavBar_05over.gif	US	image	2.18 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/navbar/NavBar_06over.gif	US	image	2.49 Kb	unknown
2668	firefox.exe	GET	200	204.57.96.138:80	http://www.selectaward.com/presentationtips/pres2004images/images/navbar/NavBar_07over.gif	US	image	4.39 Kb	unknown
2668	firefox.exe	GET	200	2.16.186.112:80	http://detectportal.firefox.com/success.txt	unknown	text	8 b	shared

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	ASN	CN	Reputation
2668	firefox.exe	2.16.186.112:80	Akamai International B.V.	––	whitelisted
2668	firefox.exe	35.164.109.147:443	Amazon.com, Inc.	US	unknown
2668	firefox.exe	35.161.207.109:443	Amazon.com, Inc.	US	malicious
2668	firefox.exe	52.40.98.65:443	Amazon.com, Inc.	US	unknown
2668	firefox.exe	204.57.96.138:80	Level 3 Communications, Inc.	US	unknown
2668	firefox.exe	172.217.18.10:443	Google Inc.	US	whitelisted
2668	firefox.exe	216.58.206.3:80	Google Inc.	US	whitelisted
2668	firefox.exe	13.32.158.24:443	Amazon.com, Inc.	US	unknown
2668	firefox.exe	13.35.253.101:443		US	suspicious
2668	firefox.exe	99.86.243.30:443	AT&T Services, Inc.	US	unknown
2668	firefox.exe	35.167.176.126:443	Amazon.com, Inc.	US	unknown
2668	firefox.exe	93.184.220.29:80	MCI Communications Services, Inc. d/b/a Verizon Business	US	whitelisted
2668	firefox.exe	13.35.253.79:443		US	suspicious
2668	firefox.exe	104.17.116.180:80	Cloudflare Inc	US	shared
2668	firefox.exe	52.39.125.254:443	Amazon.com, Inc.	US	unknown
2668	firefox.exe	2.16.186.50:80	Akamai International B.V.	––	whitelisted

DNS requests

Domain	IP	Reputation
a1089.dscd.akamai.net	2.16.186.50 2.16.186.112	whitelisted
www.selectaward.com	204.57.96.138	unknown
search.services.mozilla.com	35.164.109.147 52.35.182.58 52.89.218.39	whitelisted
search.r53-2.services.mozilla.com	52.89.218.39 52.35.182.58 35.164.109.147	shared
autopush.prod.mozaws.net	35.161.207.109	whitelisted
push.services.mozilla.com	35.161.207.109	shared
snippets.cdn.mozilla.net	13.32.158.24 13.32.158.69 13.32.158.121 13.32.158.60	shared
tiles.services.mozilla.com	52.40.98.65 52.35.188.24 52.39.125.254 52.39.224.180 52.89.51.22 52.33.184.165 54.186.225.209 54.68.132.173	whitelisted
tiles.r53-2.services.mozilla.com	54.68.132.173 54.186.225.209 52.33.184.165 52.89.51.22 52.39.224.180 52.39.125.254 52.35.188.24 52.40.98.65	whitelisted
d228z91au11ukj.cloudfront.net	13.32.158.60 13.32.158.121 13.32.158.69 13.32.158.24	whitelisted
ocsp.digicert.com	93.184.220.29	shared
cs9.wac.phicdn.net	93.184.220.29	shared
safebrowsing.googleapis.com	172.217.18.10	shared
ocsp.pki.goog	216.58.206.3	shared
pki-goog.l.google.com	216.58.206.3	whitelisted
firefox.settings.services.mozilla.com	13.35.253.101 13.35.253.99 13.35.253.117 13.35.253.45	shared
d2k03kvdk5cku0.cloudfront.net	13.35.253.45 13.35.253.117 13.35.253.99 13.35.253.101	whitelisted
content-signature-2.cdn.mozilla.net	99.86.243.30 99.86.243.90 99.86.243.85 99.86.243.68	shared
d2nxq2uap88usk.cloudfront.net	99.86.243.68 99.86.243.85 99.86.243.90 99.86.243.30	shared
www.youtube.com	216.58.207.46 216.58.207.78 172.217.23.110 172.217.16.174 172.217.16.142 172.217.22.46 172.217.22.78 172.217.22.110 172.217.16.206 172.217.21.206 172.217.23.174 172.217.21.238 172.217.23.142 172.217.18.174 216.58.206.14 172.217.18.110	shared
www.facebook.com	31.13.92.36	shared
www.inspirus.com	104.17.116.180 104.17.114.180 104.17.112.180 104.17.113.180 104.17.115.180	suspicious
star-mini.c10r.facebook.com	31.13.92.36	whitelisted
youtube-ui.l.google.com	172.217.18.110 216.58.206.14 172.217.18.174 172.217.23.142 172.217.21.238 172.217.23.174 172.217.21.206 172.217.16.206 172.217.22.110 172.217.22.78 172.217.22.46 172.217.16.142 172.217.16.174 172.217.23.110 216.58.207.78 216.58.207.46	whitelisted
group41.sites.hscoscdn40.net	104.17.115.180 104.17.113.180 104.17.112.180 104.17.114.180 104.17.116.180	suspicious
www.ebay.de	72.247.226.12	shared
www.wikipedia.org	91.198.174.192	shared
e11847.g.akamaiedge.net	72.247.226.12	shared
www.reddit.com	151.101.1.140 151.101.65.140 151.101.129.140 151.101.193.140	whitelisted
www.mozilla.org	104.16.142.228 104.16.143.228	whitelisted
www.mozilla.org.cdn.cloudflare.net	104.16.143.228 104.16.142.228	whitelisted
reddit.map.fastly.net	151.101.193.140 151.101.129.140 151.101.65.140 151.101.1.140	whitelisted
dyna.wikimedia.org	91.198.174.192	shared
support.mozilla.org	34.209.95.119 34.213.134.214	whitelisted
blog.mozilla.org	35.197.18.156	whitelisted
prod-tp.sumo.mozit.cloud	34.213.134.214 34.209.95.119	whitelisted
mozilla.wpengine.com	35.197.18.156	whitelisted
shavar.services.mozilla.com	35.167.176.126 52.25.50.137 34.209.199.162 35.164.178.120 18.236.49.179 52.32.91.14 52.39.168.38 34.213.241.62	shared
shavar.prod.mozaws.net	34.213.241.62 52.39.168.38 52.32.91.14 18.236.49.179 35.164.178.120 34.209.199.162 52.25.50.137 35.167.176.126	shared
tracking-protection.cdn.mozilla.net	13.35.253.79 13.35.253.81 13.35.253.94 13.35.253.114	shared
d1zkz3k4cclnv6.cloudfront.net	13.35.253.114 13.35.253.94 13.35.253.81 13.35.253.79	shared
detectportal.firefox.com	2.16.186.50 2.16.186.112	shared

Threats

PID	Process	Class	Message
––	––	Potentially Bad Traffic	ET INFO Observed DNS Query to .cloud TLD
––	––	Potentially Bad Traffic	ET INFO Observed DNS Query to .cloud TLD

Debug output strings

No debug info.

General Info

Take your security to the next level

Launch configuration

Software preset

Hotfixes

Behavior activities

Screenshots

Processes

Behavior graph

Process information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings

Take your security
to the next level