General Info

URL

https://docs.google.com/uc?id=1MH2a2P_q5ikENAQgnJYvRRNMxn_jLVrv

Full analysis
https://app.any.run/tasks/5368d44b-9595-4f12-9618-9c9684d4a8e5
Verdict
Malicious activity
Analysis date
3/14/2019, 16:52:19
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
gozi
ursnif
dreambot
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
URSNIF was detected
  • iexplore.exe (PID: 3608)
Connects to CnC server
  • iexplore.exe (PID: 3608)
Loads dropped or rewritten executable
  • SearchProtocolHost.exe (PID: 608)
Application was dropped or rewritten from another process
  • Emergency Exit Map.exe (PID: 3208)
Executable content was dropped or overwritten
  • firefox.exe (PID: 3528)
  • firefox.exe (PID: 2712)
Reads CPU info
  • firefox.exe (PID: 2328)
  • firefox.exe (PID: 2368)
  • firefox.exe (PID: 2112)
  • firefox.exe (PID: 3528)
  • firefox.exe (PID: 3044)
  • firefox.exe (PID: 3516)
  • firefox.exe (PID: 3224)
  • firefox.exe (PID: 2712)
  • firefox.exe (PID: 3260)
  • firefox.exe (PID: 2548)
  • firefox.exe (PID: 3996)
Reads internet explorer settings
  • iexplore.exe (PID: 3608)
Application launched itself
  • firefox.exe (PID: 3528)
  • iexplore.exe (PID: 3008)
  • firefox.exe (PID: 2712)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3608)
Changes internet zones settings
  • iexplore.exe (PID: 3008)
Creates files in the user directory
  • firefox.exe (PID: 2712)
  • firefox.exe (PID: 3528)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
49
Monitored processes
17
Malicious processes
4
Suspicious processes
1

Behavior graph

+
drop and start start firefox.exe firefox.exe firefox.exe firefox.exe emergency exit map.exe no specs pingsender.exe firefox.exe firefox.exe firefox.exe firefox.exe firefox.exe firefox.exe searchprotocolhost.exe no specs iexplore.exe firefox.exe #URSNIF iexplore.exe iexplore.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
608
CMD
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
Path
C:\Windows\System32\SearchProtocolHost.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft Windows Search Protocol Host
Version
7.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\tquery.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msshooks.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msidle.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\mssph.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\authz.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\notepad.exe
c:\windows\system32\wshext.dll
c:\users\admin\desktop\old firefox data\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll
c:\users\admin\desktop\old firefox data\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.dll
c:\windows\system32\msxml3r.dll

PID
2712
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" https://docs.google.com/uc?id=1MH2a2P_q5ikENAQgnJYvRRNMxn_jLVrv
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wpc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\program files\mozilla firefox\softokn3.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\sspicli.dll
c:\progra~1\mozill~1\nssckbi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\imagehlp.dll
c:\users\admin\downloads\emergency exit map.exe
c:\windows\system32\shdocvw.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll
c:\program files\mozilla firefox\pingsender.exe

PID
3260
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2712.0.546080884\413739282" -childID 1 -isForBrowser -prefsHandle 1372 -prefsLen 8310 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2712 "\\.\pipe\gecko-crash-server-pipe.2712" 1464 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID
2548
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2712.6.257869077\1980912987" -childID 2 -isForBrowser -prefsHandle 2548 -prefsLen 11442 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2712 "\\.\pipe\gecko-crash-server-pipe.2712" 2560 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID
3996
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2712.12.1193435502\955174037" -childID 3 -isForBrowser -prefsHandle 2944 -prefsLen 12017 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2712 "\\.\pipe\gecko-crash-server-pipe.2712" 3004 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll

PID
3208
CMD
"C:\Users\admin\Downloads\Emergency Exit Map.exe"
Path
C:\Users\admin\Downloads\Emergency Exit Map.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Cyrus Innovation
Description
Version
14.3.96.61
Modules
Image
c:\users\admin\downloads\emergency exit map.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\sxs.dll

PID
2988
CMD
"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/16a48971-e7db-46da-8309-754432bad730/main/Firefox/61.0.2/release/20180807170231?v=4 C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\16a48971-e7db-46da-8309-754432bad730
Path
C:\Program Files\Mozilla Firefox\pingsender.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Mozilla Foundation
Description
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\pingsender.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll

PID
3528
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe"
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\macromed\flash\npswf32_26_0_0_131.dll
c:\program files\java\jre1.8.0_92\bin\dtplugin\npdeployjava1.dll
c:\program files\java\jre1.8.0_92\bin\plugin2\npjp2.dll
c:\progra~1\micros~1\office14\npspwrap.dll
c:\progra~1\micros~1\office14\npauthz.dll
c:\program files\google\update\1.3.33.17\npgoogleupdate3.dll
c:\program files\videolan\vlc\npvlc.dll
c:\program files\adobe\acrobat reader dc\reader\air\nppdf32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\progra~1\mozill~1\nssckbi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\progra~1\micros~1\office14\outlook.exe
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe

PID
3224
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3528.0.2129809146\1799550589" -childID 1 -isForBrowser -prefsHandle 1532 -prefsLen 2403 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3528 "\\.\pipe\gecko-crash-server-pipe.3528" 1420 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\mozavutil.dll
c:\program files\mozilla firefox\mozavcodec.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

PID
2368
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3528.6.2118749180\857578112" -childID 2 -isForBrowser -prefsHandle 1820 -prefsLen 2403 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3528 "\\.\pipe\gecko-crash-server-pipe.3528" 1832 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID
2112
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3528.12.276053947\877086840" -childID 3 -isForBrowser -prefsHandle 2016 -prefsLen 2403 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3528 "\\.\pipe\gecko-crash-server-pipe.3528" 2028 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID
2328
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3528.18.412671574\2029076363" -childID 4 -isForBrowser -prefsHandle 2532 -prefsLen 3685 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3528 "\\.\pipe\gecko-crash-server-pipe.3528" 2552 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll

PID
3044
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3528.24.517128234\127205531" -childID 5 -isForBrowser -prefsHandle 3268 -prefsLen 8273 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3528 "\\.\pipe\gecko-crash-server-pipe.3528" 3312 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID
3008
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll

PID
3516
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3528.30.817009275\517736459" -childID 6 -isForBrowser -prefsHandle 3556 -prefsLen 8600 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3528 "\\.\pipe\gecko-crash-server-pipe.3528" 3572 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll

PID
3608
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3008 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll

PID
3588
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3008 CREDAT:203009
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll

Registry activity

Total events
2169
Read events
2094
Write events
72
Delete events
3

Modification events

PID
Process
Operation
Key
Name
Value
608
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
608
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
@C:\Windows\system32\notepad.exe,-469
Text Document
608
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
@C:\Windows\System32\wshext.dll,-4804
JScript Script File
608
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
@C:\Windows\System32\msxml3r.dll,-1
XML Document
2712
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2712
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2712
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2712
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2988
pingsender.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2988
pingsender.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2988
pingsender.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3528
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3528
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006B000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3008
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
3008
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006C000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{4C4EAC65-4671-11E9-BEEC-5254004A04AF}
0
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307030004000E000F00350019003803
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307030004000E000F00350019004703
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307030004000E000F0035001A008603
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
34
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307030004000E000F0035001B005900
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
61
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307030004000E000F0035001B00F600
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
55
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019031420190315
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CachePrefix
:2019031420190315:
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CacheLimit
8192
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CacheOptions
11
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CacheRepair
0
3008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
990126117EDAD401
3608
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019031420190315
3608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CachePrefix
:2019031420190315:
3608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CacheLimit
8192
3608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CacheOptions
11
3608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CacheRepair
0

Files activity

Executable files
5
Suspicious files
83
Text files
87
Unknown types
100

Dropped files

PID
Process
Filename
Type
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll
executable
MD5: 0ff7bb9561a7934441d4e44c68c8dfd7
SHA256: 123ad18bb0d19cedb94c02a9e90fcc89ec39e3d1813595088c80924fd3b4659d
2712
firefox.exe
C:\Users\admin\Downloads\Emergency Exit Map.exe
executable
MD5: 98a3128874f16924a654c6a9f36537f1
SHA256: 047df77f3370052fcf5b5bd5e8dccc0274ff51bb43506dff29884394a2c59793
2712
firefox.exe
C:\Users\admin\AppData\Local\Temp\+eAl3KOS.exe.part
executable
MD5: 98a3128874f16924a654c6a9f36537f1
SHA256: 047df77f3370052fcf5b5bd5e8dccc0274ff51bb43506dff29884394a2c59793
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AAF1EB78C63E5D90CFEA4B51C417C181921910E9
executable
MD5: 6fdaa81f758940400beff68d9819dfd0
SHA256: f0a196d0f497cfc3b00c526602408ab60c6bc619d4bdf2fdcdea1ca2e1bba292
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.dll
executable
MD5: a2deba04f36b39c63d9079389fcd6b8a
SHA256: 5431279ab15d99b71360075d1f221fcb1ce7bd64ce1695050222ca9cf70b1587
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\datareporting\archived\2018-09\1536510464398.048632c6-c96b-486d-b119-7e1a7a9c9e9a.main.jsonlz4
jsonlz4
MD5: f115f5e3b75135fe26ce05a702f124fc
SHA256: 9f42708f41e6e66bd8f7b4994644d9c1927aae75956621c4dd7f380f631bc1c7
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\474906DE313EE530E18DB69F347517C4CC09B991
cer
MD5: 28628c40dc46068fa43f36c172ec94ee
SHA256: 169091daec448b6e2f3d3fa8d16977d84221f94fa9a0769434b05838d7edfb2c
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\updates\308046B0AF4A39CB\active-update.xml
xml
MD5: 5017b1bc4482a4bf5d5f1ebef856c822
SHA256: e5bda0db3324d6a247c7f1bb20018941c9f71b0222498b1a11764ec7f6733c6d
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\474906DE313EE530E18DB69F347517C4CC09B991
cer
MD5: 0cdec80365168afe47c8271661d0b109
SHA256: e72600007ac750ca4f45228153b658f21176bab39a8b5a8f88b0611210856909
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\updates\308046B0AF4A39CB\active-update.xml.tmp
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\updates\308046B0AF4A39CB\updates\0\update.mar
m
MD5: 18b0ceb7a07d7ca8072318b76b9a5341
SHA256: c5414d031c85a25f4574d68894c12f8a62981a2bd9b0f3b7445e70193a257d9a
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\updates\308046B0AF4A39CB\updates\0\update.mar
m
MD5: f5c2a40c6669a8068695dec528cf51d5
SHA256: 608094500df017ef47eed59db259996f8c2e5999cfa160e4815679d661141561
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\prefs.js
text
MD5: 2945d167012ec1f567d5739703175435
SHA256: 2e3d984d613f01aae9d6f415b78aa49dcba29236f9770a70e3978313cf20b203
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\prefs-1.js
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\startupCache\webext.sc.lz4
binary
MD5: 73c37302345dab1dbe1903a6d6707715
SHA256: ba46d51b6d170634ea0ef1119a0817d6df9b043ad07291e2e931c2dcb08b010a
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\474906DE313EE530E18DB69F347517C4CC09B991
cer
MD5: 8c55278e511ca5d249079bedc30d97f4
SHA256: cfac6d01fee72bbea6183cf4c7d7ff2b8c11ce714a230bb5e6826639fbee4b7c
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\startupCache\webext.sc.lz4.tmp
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\FB3F0178CDEDE2CA610BE416EEF1AE9EE9E689C0
binary
MD5: cad3ebd17f52e30f268ab2d6fe913a1d
SHA256: 0fe80ce9d6e66d739d3384f8215d77da51260239cbab4fd8f89737288f582ba7
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\474906DE313EE530E18DB69F347517C4CC09B991
cer
MD5: 336394b8295bd083df9144e13d140294
SHA256: 4df218c2417b88b400800d777621a860f270624512d09a0e67c9b1eec76bf90a
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\updates\308046B0AF4A39CB\updates\0\update.mar
m
MD5: 5ab7fc37ec7c25f596a0b42627224dd5
SHA256: e9e3a3782f65c65788148adac13a25ab2fc1da90dd4400bc89854dea103fbfb0
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE
compressed
MD5: d11b2788e1445c422270963f7d9e6286
SHA256: 7c17cc37080f46a9130acf1298c012319ad20eedb6309004fce5f0b4e64e6fdc
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\D5D7B247774E63182A9E2C82B62424AAB64C79A8
image
MD5: fdf13061625bb2ad2744536151bdefad
SHA256: 22c7834f67fd11758bbb918efff8cc77dc92caf959f0f56ea5eb1d307586a30c
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\C664ABAE6A070392F60C7BFF721450AA0CF7DBA0
binary
MD5: e4491c73b750222e4d373f1048711d9d
SHA256: 18b55aca161110ded46c9f067c744a1d50edf7fac0ef48ad37bb3c2f3d1d9c85
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\474906DE313EE530E18DB69F347517C4CC09B991
cer
MD5: f66073b337b16d7875f9b90a25c260ec
SHA256: b31eeaac9d3ddbeb7dc5f941ab0a1ca33be169695e051f9e2ceaacb537a90d17
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\prefs.js
text
MD5: cf3745e72abb03a86c3d6a298a56ebd8
SHA256: 46d816cf7c3f2615f7e7c352a45a156bfa42bb0ea2f9ecfe465de9c2ed67df90
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\containers.json
text
MD5: 893b402c9ee27b4086494190d6fa20fa
SHA256: e699874523444c2d75dbff04b73234a4f4d253c5b8ca9b0561fb31ac3b635cef
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\handlers.json
text
MD5: b025c44725094e95ec3a5bb155d2d6ab
SHA256: 3fd74d94328cd6da3c487eb496e413ec5111b6abf2559474c47c19e6f19d2e07
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\updates\308046B0AF4A39CB\updates\0\update.mar
m
MD5: 47917ecf53979c74b9f664e3a7d7d31b
SHA256: afce9ea0e047ca70e472f28457e74c24367ba87107eab9ba48581f61c5f79dcb
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\handlers.json.tmp
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\containers.json.tmp
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\9D2FC9AC62C94CAED58609EED73BA0A78EEB7A6E
der
MD5: 4e3666f0f4e7ddea0a41ea7f06ef0f1d
SHA256: 7f7c7a4603da63935aeca811cf6be828721d073db59103b491242372a7fd4f1d
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\updates\308046B0AF4A39CB\updates\0\update.mar
m
MD5: 90fe0a1e791bcbac1ccac3ac043716bc
SHA256: cdfa0281aa4bdae8e11f3f1ef5f142e1ff1351db1613929665f52759adc6fc84
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\E21F074DBAD1CB7994F383C419228B689766FB1C
compressed
MD5: b4089ad17c7257be78a8c5d222fe2643
SHA256: a0ba454bbbed8e8670e333263f0520180d552dd292f3bb181ceda2055cee9637
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\698AC159A6BCBA0D13FE6F10F1A38E498F826F33
ini
MD5: a1805a6d16fc7e4f4f036bbd36e6a198
SHA256: 5edbd990f5a152687d5d0b639e204bd2adc09ea0ba19cb679e4de90681f0ead8
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite-wal
binary
MD5: be0a7c1c2c6472c24ab532767d9f4a3a
SHA256: 55fc857f4046923ca6ff07d2a0dadd26922aa99e214745b5632e0e2af52582e7
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite
sqlite
MD5: 3cec5e05ea9ab4fc93119f839381f9f0
SHA256: 74bf0b659e04e3e83ed2bf03e1bb97fab13d611cca5e3a97f6b2176b734afde3
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite-shm
binary
MD5: 9130f0640fd5ef7ffacb0ffd41af6946
SHA256: 0e748fa0d98c725a9ab98245df747eed6844087c4ded495c4ad0c8dbb4116186
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite-journal
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F
image
MD5: 36edd1e6320fc4f09c2169620e45591b
SHA256: f0987f50a00ee77f8d8dfa36e42f39b1dfe18aac06fad06c371982799c160b75
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\default\about+newtab\.metadata-v2
binary
MD5: d02c349797f105fabaab2281d41ea807
SHA256: 82775cec59fe11f0c90dac763bd00a331c37d879702d208bc968a6942c582f77
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\default\about+newtab\.metadata
binary
MD5: fe8a7dae5c5c4f2222f2e01ff20283c5
SHA256: ea23aa655148a0926513851c2507834b87eefe2838ba4f82c2db903a719f75b8
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\default\about+newtab\.metadata-v2-tmp
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\default\about+newtab\.metadata-tmp
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\search.json.mozlz4
jsonlz4
MD5: cb38b1822390864222f01b6757c5a5af
SHA256: 126bccf49af3b952146a6bdcab596fd828d6222146b1ba3754e334648e23309e
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\search.json.mozlz4.tmp
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cert9.db
sqlite
MD5: ee9999d413e188ff75e3041347274aab
SHA256: 65200cf51ec72362beb988d568d0c97d71d4c43bf40968c34bf2335a1c4e8189
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cert9.db-journal
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\E80CD8E589B343458FE27207FF0C772293BD471B
der
MD5: cd1600b34d6dad99e4a4f34369cdbd8f
SHA256: 1477bb406c231967c165c6c87430a3a6f1fcc36f2fae498b59d8db1e21f6f2af
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\5123E24B23403BC6D828B951A7F591BA03353423
binary
MD5: dcd719571c93bcc64295e84dffe6bf38
SHA256: fedf7fbacca3f59b243fc25ad0d171cd4c72e700ba8e832738d0cd00c505c3ac
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\D314D4751E1AE30AF1A6827B62A700C465D87E8A
der
MD5: e033e92a23872b03840d42fb3c8c0433
SHA256: 0131a15c1af15def0de8be2351ade5b02f94561aaab5677f092aa19d05a81da6
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\1C05E98130871C0CF867C652AAF325183A6CC50C
der
MD5: b58dba1bd2136407c4f4fe0d2b873626
SHA256: 9c3fe2e28f524d85d8557fc82b3caf7cab2c75a3e08b31dd8468f968c2e4d635
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\5C3B1B4A3AF3BDDFB5E032BA9BA685FAE38E7418
binary
MD5: f4a51eb2660cb7592ee87b0f6aaf6950
SHA256: 997e9d5686636d4e568698b99e508f56877c699f98e370f88d76c71d25ff420c
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9
woff2
MD5: 382fecf6a2a34612c04dd4df39cc03af
SHA256: 432992a264660c6f2f3387ad14b7cc3013ffd95e49596857633e01bbab826c6c
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\2FD2E2A71F89E3A92F68CB796207228217259289
woff2
MD5: 7ad3d0d1aa830faf5873941ba8d4f981
SHA256: 8d4904aacfa4860e8d16de595658c60fd7badae1dea0366a0cd3b8492e59152c
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\57B158DEF1DDA4EB8D7E463C132782854F5F2A22
compressed
MD5: e060867188e07b6833ea90877d9cb425
SHA256: b21493db618b031a150c98d06ce376fa358ed8f11d74ca03277585e4edee29e6
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\3C65B887EA29E617091A5AE14B0D7268FA2053A2
compressed
MD5: 89c643dcbde5f7cd92d23cba070d9b22
SHA256: 9261e024cd1da7362cf53fb970d7d0ce411383920c333c670999a78f36de3a7e
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\A02D5AC48AAEBEAFEED63256030E5B9CD1889379
compressed
MD5: 90b47a609099568bae3d7ed7450ddae3
SHA256: 65c558c3a799f6aebf76f2b9a35112326ea45f579df212f87611d8de614fd915
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C
image
MD5: 5c53a66da28546c7db1ef2415ed568d2
SHA256: 809079d1cfe4f25fd1fe126350073184e96b82de6e93d5a1cb76a17c5892df72
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\6D730121FD763F5F1F5C0FA06E1E8AC73C97591D
compressed
MD5: 01cd83d4d46c3badae7a52f14e93ede6
SHA256: 99acea34119b96dc3319789e2e787361afd0ba120c9883e6b07f2d6b8795e485
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\B8A5F2155EDD17DB5450911A00D76BEE987CBDED
compressed
MD5: 54e60d2251a3d2ac5867293660416800
SHA256: 02e25289d7e0472b021c762430a68ff2278fe7b729a4251ababdb17e900e5669
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\8419A2637E780F24D2A2B6A86D7C862193C89CBA
image
MD5: 2a38fe5154bb477a9f8371217d6fb901
SHA256: 1683a5934af37c4a78ce69eb7c5e1d96f92e973229da22cfe3dde0a9330c8944
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\1346BE54AE6E6583412A88030CEAE6A5493C7FEF
compressed
MD5: 0733c1f41b385a39be185facbfa9bfe3
SHA256: 2362489bb0bea66dcdad25fa8d877bad61cbb7ce3909b01d5cc22f051678e4a9
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\DFC42896C791034AA152214A96020985CC5E9195
image
MD5: 5162595c48c88184c4456826ede1c5d7
SHA256: 64b795b09a9438447f977535045b42181f2b7820b723888a789dc0b257a32e5e
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\863C89121F6B8F9B86DAD458CF263CE94F9E75B2
image
MD5: 8190019aa7613447d3bd68cb2c5f16cb
SHA256: d87c03f7a2cf826720b22c080d5dd313fbac1f15e6f1414f1a26d455c7b3288f
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\78DBE55782B7B81AF853B4884323B48C34429A53
image
MD5: caa0ae4e04b5165478ffea98192b72ef
SHA256: a16419f966530c5ec3bb277eb519ce484a4e2de18bbe85a29007ff2ad9efa209
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\9671DB4E21A40D05E565A5211964DD6D443A716F
image
MD5: af8002558117087f70ee71af842eb079
SHA256: 77f22c8b701095a777887b51cdbce44881d91efb8a5edccedf8c40ca8d6a7bdc
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\6509930F4539DB79DA356F2C5D01976D46756302
compressed
MD5: d674e535376c8ef3fcfd6819f77ba9ae
SHA256: 01a56268bf23ca818d9a6de170cc0d61521c50a41d3c6601e7ef9a7efa6bcdd4
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\A7DAB24F8B90B56BB8314B2F376B8D7925FEA175
compressed
MD5: 2dc9611da5bec43ad8f9720133d91b58
SHA256: 6efa4e6d3a39494b79d321ca49e6d435b5bf1df01f4a5ff8ffe1fbc35edf0b8a
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\E2B3F11984D4C00E8B062CE80130AD9645AB5424
compressed
MD5: 95607cf420ed007763462e9b5e60c4ca
SHA256: 7e80acc857a8ff0e99fa02e763ba09c1b71ac5718ac3cea3668f2178ae0109bb
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\C78C77DD43BBA2938E610F2B70201ACCF601FB6E
compressed
MD5: b7224af3a003a7c152fca531d9f1b82a
SHA256: 30c935357819b77c283a6a714017d540e5e778e302e397c0fcf551eeb1c41728
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\prefs.js
text
MD5: a2506a90a7d5caa9bf46ae105fc648e3
SHA256: 3867d44fce279c28688e5cf77738ff6daf37653479ec0752e0e344eb2a5c1ef6
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\AC5E012C1887C7B691A8EA00C4E754025E25C235
compressed
MD5: 869f8a85947d1b36396f47912702d058
SHA256: 559e7917f3377bbe30b69221911611fa02f84815a355e5ad17e1e1eb9dede7f1
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\2C23342715AECEEF3D2F7FA5FB3BB8FAD525F86D
compressed
MD5: 31b45fa69a089600f52882343cddb51d
SHA256: 196c322a207b7eb3318affefef65756e32a769704ecfbbf44b5d74b5c3ce9a75
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\updates\308046B0AF4A39CB\updates\0\update.status
text
MD5: 21b14fa7f5deed372d093de77db5c795
SHA256: ec6c7c37be67a0e4443c2a14b2bb45414fa992d0aee701d18e8b30dd6f99731a
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
sqlite
MD5: 69d7de66dd0cae8ff9cf716b335cf431
SHA256: d45c2d5893d4e41da06b61af14333dfa529bba24a9dd62796aa843d5ee413df1
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-wal
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\E910D1FCE8BF27F5536B88567A4DC32624377CC3
binary
MD5: d18a4f02f62d9ae263a8e4db1c156ec4
SHA256: 4318f3919792d0da18bc7636c2986fb911fee0bfae4fcc85b53eec5e799cc50c
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\BAB5C71955F9E6DBC33A9BC20BA8DDAF32172D21
der
MD5: ffb8e954f2694bfa3c1ee1523927bc7c
SHA256: 65b2c56068bef322a614ecc4d80bc6f27d609fd94cd3e4648be0cff39c1d19b4
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\35897261A84D5E0F8916EA9F73DD87D75CAA15E1
der
MD5: 82344dd237587977c846d65986c1e7f8
SHA256: 10b66351c12aec53058b374b0b2ae7abd6ab4598a570df2a2ad018698eaf98e8
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-journal
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
binary
MD5: 4da665a9e36f808915a0557205d3c165
SHA256: b3ee66bc3d76645ab1ace4e910efda40907fb6da7a0993cde6276c9fac983df1
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal
binary
MD5: 4d54a64af2e3ddd8b281215745677a85
SHA256: 05737f463e54a5f8de0066e8a24620ded4a4f819ba8801e7d5010b4aed116a8c
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
sqlite
MD5: ae9aaec785db4749c7aea5996d803728
SHA256: dc3e1745597c275bf897c7f33249916d520717e2ab6cb43a811aae64d79affa2
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\addonStartup.json.lz4
jsonlz4
MD5: dc18e68dfa6936228353fbb1dc4dd6b3
SHA256: 63a4c7213e12dbc18fe412f71fb5c43912a8072ebcc279559df2f18b3b0cc657
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\addonStartup.json.lz4.tmp
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-journal
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\permanent\chrome\idb\2918063365piupsah.sqlite
sqlite
MD5: 54d9c596f9db5fbfb2a0c8da06e041e9
SHA256: 38794a19462b0edfe8e63e36b3005bc72057e0216bb58d9fb1d17689a6dbf0c6
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\permanent\chrome\idb\2918063365piupsah.sqlite-wal
binary
MD5: 7c84bb69d6ee812560effbf7c20dc4b3
SHA256: 93d125818f68316817cb9622099b5e9b3c10496997870ce42c683e65807d555e
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
binary
MD5: a2dacbcb6e4a7fd9b6b639cf91d81833
SHA256: b38b2a4ae9f1f5bfaaaf9345af1d0e73c29c7b5a4a772b5c80ad699613c18ddf
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\safebrowsing
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\safebrowsing-updating
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\permanent\chrome\idb\2918063365piupsah.sqlite-journal
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\safebrowsing-backup
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\safebrowsing-updating\test-block-simple.sbstore
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\safebrowsing-updating\test-block-simple.pset
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
binary
MD5: 5fd8099f3cdebce947cc1d86a7df8a29
SHA256: b6b4c37a9ff043d9958c097f1a44821c889c2585fec3336dc7e05872effa29d4
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite
sqlite
MD5: 2621ee60e13298aa196bedeb158e942f
SHA256: cc7eee9846c4559ebdbdc1e9ea9a3ef2386fe88962ed262c46c01decf0fb55ac
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-wal
binary
MD5: c1c4d61be88ff3fa02534938f441489c
SHA256: 3c010e1028a8be1285d73522f20aca3fa1c58dd79581310980f908587f68a30d
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\safebrowsing-updating\test-trackwhite-simple.pset
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\safebrowsing-updating\test-trackwhite-simple.sbstore
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\safebrowsing-updating\test-track-simple.pset
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\safebrowsing-updating\test-track-simple.sbstore
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\safebrowsing-updating\test-harmful-simple.pset
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\safebrowsing-updating\test-harmful-simple.sbstore
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\safebrowsing-updating\test-phish-simple.sbstore
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\safebrowsing-updating\test-unwanted-simple.pset
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\OfflineCache\index.sqlite-journal
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\safebrowsing-updating\test-unwanted-simple.sbstore
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-journal
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\safebrowsing-updating\test-phish-simple.pset
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\safebrowsing-updating\test-malware-simple.pset
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\safebrowsing-updating\test-malware-simple.sbstore
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\permanent\chrome\.metadata-v2
binary
MD5: 055ffa853fb3cb6e047be2a67f3ef8a8
SHA256: 899cb133f5c3c7880e327e5aef3d0be22979c8e53d256ad92c159e7fecafa575
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\addons.json
text
MD5: 55b5026150dc3a60d07b8bea2ae0f983
SHA256: a13174f20dde2249a49853d6eae20f07ffc4ddf1e3007ab3e4911e511ecffc1c
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\permanent\chrome\.metadata-v2-tmp
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\addons.json.tmp
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\extensions.json.tmp
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\extensions.json
text
MD5: 246ca1df6f2e9ef705661df5a7cd24cc
SHA256: 68c24cd1a3785e336c5c35581415ee58f32b77db471e6691ffc7b042bab62812
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\permanent\chrome\.metadata
binary
MD5: cf664f6f03a8abb6a9fc955c9b9dad58
SHA256: a99851865ceff4074710f5233fbb8d531c58467841f6ebd1beecfa5f2f383428
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\content-prefs.sqlite-journal
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage\permanent\chrome\.metadata-tmp
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage.sqlite
sqlite
MD5: 65fd234360942b0eb0f33505c416ef5b
SHA256: c25e4307eff684c95edc0c3b4fdc711125224fd69bbe8421d128da2e4f5d8f92
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\storage.sqlite-journal
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\webappsstore.sqlite-journal
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\sessionCheckpoints.json
text
MD5: c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA256: 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\sessionCheckpoints.json.tmp
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\startupCache\scriptCache-child.bin
binary
MD5: e2e00e0d509689739b021d9dcf8bba07
SHA256: 35322eb90a01307f5c28eb9af514c4f389b00717b829c97f3dc038d6c3a036bc
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\startupCache\scriptCache-child-new.bin
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\prefs.js
text
MD5: 38c13460b112b131229ae6b4ee6b304d
SHA256: 03fd9347044f20c5b7899141bd8a533b82165713687da0b76ec0056898890297
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\startupCache\scriptCache.bin
binary
MD5: 46b8553dcc5b2a54c12fe59511fb17b5
SHA256: 812bd491a25f76712e67f16ee20b4c592ed6c535ad64f52982f06e8c12456eed
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\startupCache\scriptCache-new.bin
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\prefs-2.js
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\startupCache\urlCache.bin
binary
MD5: d6b9e56467ee7ba4423e4f3cd6e40e78
SHA256: dd3dce6e16a77a6139b9ce92deb9c7108e218270f5b402cab8e9821859fc7564
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\startupCache\urlCache-new.bin
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\pkcs11.txt
text
MD5: 9f6201fc749afe034dced9250723dda5
SHA256: 4b5f8edae06d2d3cad25f97a6d052c6551e872ec385a8d78189cb713a000603a
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\prefs.js
text
MD5: 11cad5ad0cd4885e8232e6f7f3362380
SHA256: eb3697e7d6ddee4ba897a0cc1887eab767d9b592cc383bee8f6d5f338f497b7d
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\pluginreg.dat
text
MD5: bb41a5eee03ef43a7c1f9fcf0924ea7c
SHA256: b7251b1613038b056a60bc667d0a8982238c9b784485ce2b2e5d5ab302441dcd
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\pluginreg.dat.tmp
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\sessionCheckpoints.json
text
MD5: ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA256: 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\prefs.js
text
MD5: c2dfab2cf107d7fdf9f950640da771bc
SHA256: d43912d77799e964a328ca538f9eeecfb3ee0ff483cd466905409a5572712db5
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\extensions.json
text
MD5: 921fcf31753e9a9f6228d14a309af809
SHA256: cfbed5a2b2df0ab9d6f596919d31ee2efee4e60a5f6081864a448db41a1f66e6
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\blocklist.xml
xml
MD5: da978fdb51d4f9b64b5170ba60335258
SHA256: 89076bd9feee56ec30f06c25d1901ada56ca87c139a80697a34e0b3e34393468
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cookies.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\permissions.sqlite-journal
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini
text
MD5: d000b729384c78b0aa6adcddb532a0ac
SHA256: 2f8b66710eac1620351700c34ef40e8c31ea8ceb998522974f027561c0c35715
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\xulstore.json
text
MD5: c124a73fce388c5cd5dd1410d23cefa1
SHA256: 387da97cc9ca3672704165a643cbc419d0550592245517edd5e9b63885e28035
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\weave\toFetch\tabs.json
text
MD5: f20674a0751f58bbd67ada26a34ad922
SHA256: 8f05bafd61f29998ca102b333f853628502d4e45d53cff41148d6dd15f011792
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\weave\failed\tabs.json
text
MD5: f20674a0751f58bbd67ada26a34ad922
SHA256: 8f05bafd61f29998ca102b333f853628502d4e45d53cff41148d6dd15f011792
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\webappsstore.sqlite
sqlite
MD5: 446fbaa8b14b3c86bfcef8be65ee7d80
SHA256: 47dbd4af1ef0e76fd0fc756d4f3a397c251f63cb1b71b1b4405fca69c1ded6e0
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\storage.sqlite
sqlite
MD5: 65fd234360942b0eb0f33505c416ef5b
SHA256: c25e4307eff684c95edc0c3b4fdc711125224fd69bbe8421d128da2e4f5d8f92
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite
sqlite
MD5: eb54d7420666049766596046d94682ab
SHA256: 457c0979b74b6530fbf0cce85aabf8ccb278294e1102c97e22f13b5242199aa1
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\times.json
text
MD5: 7929ebc421c01545bd31e7a240642929
SHA256: 47dc332ba6b154f684848493cc7b1886d714d40b875c9c8dab3f1d3cbdc36124
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite
sqlite
MD5: 489c022454909460f333b279bb069afb
SHA256: f513adf09c2970b5898d4942672ef1601ec089f0be4231e797c21101db9d78d4
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
sqlite
MD5: 0660c94ba73abbd5d7ad773776a8fc74
SHA256: e765821f9ca3be398a861760a09abcd38634ecb7f7c1e84fc942b517a2d8d456
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite
sqlite
MD5: b17f0aaa5d89f1d37613c541208934b2
SHA256: adbe9ff83054dee5c8d52eefb267ec4af60df1f54bcf04e4cc61d1a8536340e4
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite
sqlite
MD5: 9fb5d058430f7ad16c916003778180f4
SHA256: fe535f1eac6323d3ccc02c08245dbe84a17b22a815182a392f29443d094fffdb
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite
sqlite
MD5: f09df169052e7fc8478b297f66bffced
SHA256: 7f50f5a9395c9926963039335c225603e794e8c20c830e3c2d1f1acc52ad0ed1
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite
sqlite
MD5: 167270b623f8b27f3376c3e7b385cb99
SHA256: 97a00011beb82c2b999c76a60b7ae653325ad7846788b20c8e99f605355c77af
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite
sqlite
MD5: b253b6cdfdb8f01002b812806db97c15
SHA256: fbe083f6e5f10895f9f440417515998b55983f7693470eae01435f5767d9d3c1
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
sqlite
MD5: 63352297ad8c1ea6285ef0f6563d89e1
SHA256: e58d25ec132e8a709dd014f3067f34158182e14b0769e23a101a185302093af3
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\storage\permanent\chrome\.metadata
binary
MD5: 36fd91409594bc22af29fe7d32790bda
SHA256: 762a066726a91f261c65a3d37c8287994a5411d850f56917e8b0dc9f66e07d8e
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\storage\permanent\chrome\.metadata-v2
binary
MD5: 12778684c727cacc57627b0d249f2c0b
SHA256: 4ad62a9ed2f2c3f7d59c1aaeea8512079e30be90af22fef4bf2721e0963b9ff4
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite
sqlite
MD5: 1985c7557ce41ccce454603d4c503a4a
SHA256: 81a822fb068e6c31bb4e937a34d7214ee968c5a8fa03eddb8abd01920c32a4ed
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\storage\default\about+newtab\.metadata-v2
binary
MD5: 6ea576a1be99d1312e936e51310cd6af
SHA256: 2443973700d8255d812eabc80587ffc5790221de4a5de5f3b6e134ba76c39acd
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite
sqlite
MD5: 87b4b40ffd56d49503e97a3eeee0aed3
SHA256: e21b67025f9410f16b3a4ef98909652742c1cd211aa2621a64c9dc7775f816b2
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\storage\default\about+newtab\.metadata
binary
MD5: 40020cc2faa14d73774db0e2a57ca52a
SHA256: f2232593af09c07a850b59c3383878e381a4a01c4b769f2af800efc4d0b71c91
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\1
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\storage\default\about+home\.metadata
binary
MD5: 6eac8fc2b98b4e57c56ff3b224cbfe2d
SHA256: f8a129c7152dae2427b67d1c55e82df4402a0aefa4e842bcf823c6ef6c41d4c8
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\storage\default\about+home\.metadata-v2
binary
MD5: 2ab287e8ffaf0a63504f9edd6bbd86d2
SHA256: 49801532679f3c40427e297b01c81f8b3bbfc58eaf4fa387b820901fa6ab8eb2
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\sessionstore.jsonlz4
jsonlz4
MD5: c6127681467e7ee56c5614ad1421d568
SHA256: 37ef06e28bf97a690cd7aeefd62b3913795a31684ee596954d4816c777acf51e
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\SiteSecurityServiceState.txt
text
MD5: 23504351499ff0ddb081467448a748f1
SHA256: 0c218a6b890747c75720c8713c779cb759d13a23b461f19a2f94bf2ae79461be
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\sessionstore-backups\previous.jsonlz4
jsonlz4
MD5: e381f4a703d1e2f98bbd4060fbe31959
SHA256: 157141f9ba4e70b10098e61b24443e46d527b7e3a554971ab89a0c5ce6fb51f0
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: a80153fcbf5af2d0de11df36de03d9a8
SHA256: 45ba50a393a0dce5977ec1fda997feb7f503c08f26e7e2e647c31c786b409fcb
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\sessionCheckpoints.json
text
MD5: 948a7403e323297c6bb8a5c791b42866
SHA256: 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\revocations.txt
text
MD5: cc749a7f2609a214e1f3600224ee49fd
SHA256: 814e4a31e2472cdb9865483cb7e70523ba93cbe1e57aa2009945992fa2d41fd6
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\prefs.js
text
MD5: 7cba086919a6ef3c13463cbd320f8ce2
SHA256: 0a581f81498a3f9e05286e83c5c3715f62a1c7d6fd8bca3733ad9fbfcfa5cb91
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\pluginreg.dat
text
MD5: afd0b63a476249a706823c08e3f4cce5
SHA256: 7a064920d80084e7d19856e29abd42f9f01406d50c05ed4889b75345e68d8481
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\places.sqlite
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\permissions.sqlite
sqlite
MD5: c3d1fe1c7b67c9dcfd8675436d9dd091
SHA256: e430ea7367545634d080566ee92a8246270e2f540eb459511e67046597785ce5
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\pkcs11.txt
text
MD5: 7649bb6f105448170e7e447e66d8cc3d
SHA256: 687ac2de1316be0e875e2fbbf7dee4547fe0b4eff7987517d216534ef2bbc3c3
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\key4.db
sqlite
MD5: 0b3c43342ce2a99318aa0fe9e531c57b
SHA256: 0ccb4915e00390685621da3d75ebfd5edadc94155a79c66415a7f4e9763d71b8
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\logins.json
text
MD5: e7ce898aadd69f4e4280010b7808116e
SHA256: c9214bb54f10242aa254f0758372a440c8d8f49934021f8f08b6df9fb377eb02
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib
obj
MD5: 82122a5f7794f29a393fa67307940514
SHA256: ef691278374fa5a25b1b0049a8473683a8c7309280ea838ecbeb736ca873c687
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\6EDEF74E4EB3D5BB93DC151A25EDEB42F43B0798
binary
MD5: 2d777ce5fa9a4ab9e5af95ccc0d3ec42
SHA256: 7a1a62fd12d8ddf44f7609e20af834bb7ea0e09af32d4c8ff28dcf778c0e714f
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\handlers.json
text
MD5: b025c44725094e95ec3a5bb155d2d6ab
SHA256: 3fd74d94328cd6da3c487eb496e413ec5111b6abf2559474c47c19e6f19d2e07
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig
pi2
MD5: b1e59508c855ef1cbc7fb89f3a1a6d4d
SHA256: d05bab1e36c62ddce10dcd930d4dcf2095ba654e0747b8a0609a7418aa1c5d26
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt
text
MD5: 49ddb419d96dceb9069018535fb2e2fc
SHA256: 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json
text
MD5: 5c15c32fcf4ac1a5d5c9c7a6b092ece0
SHA256: da88859b0fbf2ae545fe4ecacf709ffe348738b377ad341d727a8915fdbcf9d7
3608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\8w[1].htm
text
MD5: ddae66011c241561cd0733230a3c0eac
SHA256: 0c899c540b5a2bb0e6235cbb18b5aee14b0d916733aa2c8918faf335ff46c395
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.info
text
MD5: 18dcab996bc5fde1b1699c4b5c115e29
SHA256: 4e350386f5eeb397e2f0b663103edd5321b4144f78a6df15150888386e2256da
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\formhistory.sqlite
sqlite
MD5: 60b51ba20224ac3783e213ea9f55f125
SHA256: 0e305ba02985f26b29b234cd79d2c2af0a51085da2db2bed98d20f8c61b76254
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\datareporting\state.json
text
MD5: 9c5351bbf9d0212293b813ee59dc9213
SHA256: 38b9c0fbd09cdcbd2703e194f1874948a0ff886bb2f46fd0edf7a39cb6d91f57
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\extensions.json
text
MD5: a48341c8feec497596a6d6bb4442b5e5
SHA256: 606feeb8e5521cb50a2703d2ec2489bf3a8cf06aa9150c265942b7dd91a1e347
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\favicons.sqlite
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\datareporting\session-state.json
text
MD5: d49c4590b6b205af6f5a45c090e57af5
SHA256: c26faeb194f42b0cf59723c062b07e9a34ba6ded64e33ce841eaef530889116a
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\datareporting\archived\2019-03\1552578795863.16a48971-e7db-46da-8309-754432bad730.main.jsonlz4
jsonlz4
MD5: 7c8217a31ac845201214c78758a713f4
SHA256: e6713b59307abbea11b9beb6141a940da2a717af131e8ab31835e0793d1a0923
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\datareporting\archived\2018-09\1536510890757.0bd2c0b0-6051-4678-a27c-37f3c0a0c3bf.main.jsonlz4
jsonlz4
MD5: f9507390d7f1b279543973af34c2b38a
SHA256: 937fbc716c2135ba6f4e229dec6e95e8a66227e8556e7c5f50206ef198e70387
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.bin
binary
MD5: 707c12070c52e55c2a996ac15e219b95
SHA256: 6c5410c655c8efc48d123abe708c8940a4218072c0daf85e03ab45da6d2ce6b9
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\datareporting\archived\2018-09\1536511076670.6fb1a61f-96c8-4004-a260-a8d32e45a07f.main.jsonlz4
jsonlz4
MD5: f6c85edc5d232c8d8ec05a59cb05b4af
SHA256: 0244fe274345109e0307521f985b8d5d67aa558cba0a6920c3a98cbb2ffabbc7
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\crashes\store.json.mozlz4
jsonlz4
MD5: a6338865eb252d0ef8fcf11fa9af3f0d
SHA256: 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\cookies.sqlite
sqlite
MD5: f47a3bb16006a36377ac65a792b24710
SHA256: ce886a3e3de27e6e3ba975c144593d87a4790d8420b33f53c945866b63b34080
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\content-prefs.sqlite
sqlite
MD5: d98c70110cb36f098c925d9143d3e82b
SHA256: f85e01375ff28aa8085ad214a2550edb7c20b147cb08db4a1a09e45d5120227b
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\containers.json
text
MD5: 893b402c9ee27b4086494190d6fa20fa
SHA256: e699874523444c2d75dbff04b73234a4f4d253c5b8ca9b0561fb31ac3b635cef
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\compatibility.ini
ini
MD5: 9953276340d13524a35f38b7564ccad9
SHA256: edbe88747c31a02eca9223a9c9c450669662e6ac0804609ffc6e264f26af998d
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\bookmarkbackups\bookmarks-2018-08-28_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4
jsonlz4
MD5: 8b3a3845e8f6c6076b27362edb8388d7
SHA256: 4f98274fcd24d4a238a86ceec0ddd26c589ebc77ab21c4b18943d1d3ef73dd92
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\cert9.db
sqlite
MD5: 1a5bf66d9571f0a0f3fe504c04efad15
SHA256: 4f9ed8b9f3835a65d637216e95af9fa34e075e62a7c6a08b26d201651d6bebe1
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\blocklists\plugins.json
html
MD5: 7b03f4db62b7c005e08b51a79fadde4f
SHA256: 0b5b0be5d1b857c927603efad762e61a0df6d6adcea30013ac91c394a5e035ab
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\blocklist.xml
xml
MD5: 00c2a5469c121126d06f266810b0623c
SHA256: 44b82063be0b93770afc7f2620313b967b8c1822642b5e12b0c7856dbcc011c7
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\blocklists\addons.json
text
MD5: 46b55aae2b5510f5972b3a09cf03194e
SHA256: 8144fffe7cd14365333f23eca6a538761eb05ea975269f9d26a8fc66361bab55
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\addonStartup.json.lz4
jsonlz4
MD5: dc18e68dfa6936228353fbb1dc4dd6b3
SHA256: 63a4c7213e12dbc18fe412f71fb5c43912a8072ebcc279559df2f18b3b0cc657
3528
firefox.exe
C:\Users\admin\Desktop\Old Firefox Data\qldyz51w.default\addons.json
text
MD5: 55b5026150dc3a60d07b8bea2ae0f983
SHA256: a13174f20dde2249a49853d6eae20f07ffc4ddf1e3007ab3e4911e511ecffc1c
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\sessionstore.jsonlz4
jsonlz4
MD5: a383a2adf7f2f0e5dbe2c258b764700d
SHA256: 62d7f7a789e76775c252a76db41e2747d98a7dda3c2d42c2d795f8b99448bbed
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\prefs.js
text
MD5: eea196c327d05ce9bec7c748b1b100d1
SHA256: 3347a5a46137075c4369b086c83281c9f3a288e1bea59a6e40829ba408159a5c
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\sessionstore.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\times.json
text
MD5: 055880cfa4fc6e5ea9a21ea350235cf2
SHA256: 6f504f55108a1b125b629eb2ee4a0a7ab426167d4ea67fac7a558ae530a870d6
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\datareporting\state.json
text
MD5: 9c5351bbf9d0212293b813ee59dc9213
SHA256: 38b9c0fbd09cdcbd2703e194f1874948a0ff886bb2f46fd0edf7a39cb6d91f57
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\datareporting\session-state.json
text
MD5: d49c4590b6b205af6f5a45c090e57af5
SHA256: c26faeb194f42b0cf59723c062b07e9a34ba6ded64e33ce841eaef530889116a
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\sessionCheckpoints.json
text
MD5: 948a7403e323297c6bb8a5c791b42866
SHA256: 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\times.json.tmp
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\bookmarkbackups\bookmarks-2018-08-28_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4
jsonlz4
MD5: 8b3a3845e8f6c6076b27362edb8388d7
SHA256: 4f98274fcd24d4a238a86ceec0ddd26c589ebc77ab21c4b18943d1d3ef73dd92
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cookies.sqlite
sqlite
MD5: f47a3bb16006a36377ac65a792b24710
SHA256: ce886a3e3de27e6e3ba975c144593d87a4790d8420b33f53c945866b63b34080
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\logins.json
text
MD5: e7ce898aadd69f4e4280010b7808116e
SHA256: c9214bb54f10242aa254f0758372a440c8d8f49934021f8f08b6df9fb377eb02
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\key4.db
sqlite
MD5: 0b3c43342ce2a99318aa0fe9e531c57b
SHA256: 0ccb4915e00390685621da3d75ebfd5edadc94155a79c66415a7f4e9763d71b8
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\formhistory.sqlite
sqlite
MD5: 60b51ba20224ac3783e213ea9f55f125
SHA256: 0e305ba02985f26b29b234cd79d2c2af0a51085da2db2bed98d20f8c61b76254
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\favicons.sqlite
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\places.sqlite
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\compatibility.ini
ini
MD5: 524b31c3b66c0b3a8dd25fb5dbf89ec0
SHA256: 9b485ba1b97b84dc6e9123af91f91700dfd03cce2af9e19d9557426d89b9052f
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini
text
MD5: 80a7fe59bb175ba1f5516fab871d08e9
SHA256: 7facef739c2fe4788ecfef548712ed38f055314459b647707e7b7ee9b1a31bf7
3528
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\times.json
text
MD5: 65f78b2b7b934b2c2559c02e665dc84d
SHA256: 2eae5835585903edb942b548f383ac4d660281179ca75e9553b8ce1b672dd3c7
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\16a48971-e7db-46da-8309-754432bad730
text
MD5: d4198c532e9365773d3e967bc16d2228
SHA256: 78c7bb66099a03b4c80caa98d233c1f1882e48df6c25ec6387b577a45f95b583
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1552578795863.16a48971-e7db-46da-8309-754432bad730.main.jsonlz4
jsonlz4
MD5: 7c8217a31ac845201214c78758a713f4
SHA256: e6713b59307abbea11b9beb6141a940da2a717af131e8ab31835e0793d1a0923
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\16a48971-e7db-46da-8309-754432bad730.tmp
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1552578795863.16a48971-e7db-46da-8309-754432bad730.main.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\aborted-session-ping.tmp
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\aborted-session-ping
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json
text
MD5: d49c4590b6b205af6f5a45c090e57af5
SHA256: c26faeb194f42b0cf59723c062b07e9a34ba6ded64e33ce841eaef530889116a
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 7cba086919a6ef3c13463cbd320f8ce2
SHA256: 0a581f81498a3f9e05286e83c5c3715f62a1c7d6fd8bca3733ad9fbfcfa5cb91
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json.tmp
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite
sqlite
MD5: f47a3bb16006a36377ac65a792b24710
SHA256: ce886a3e3de27e6e3ba975c144593d87a4790d8420b33f53c945866b63b34080
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
sqlite
MD5: 63352297ad8c1ea6285ef0f6563d89e1
SHA256: e58d25ec132e8a709dd014f3067f34158182e14b0769e23a101a185302093af3
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: 948a7403e323297c6bb8a5c791b42866
SHA256: 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-wal
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite-shm
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite-shm
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite-wal
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite-shm
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
text
MD5: c124a73fce388c5cd5dd1410d23cefa1
SHA256: 387da97cc9ca3672704165a643cbc419d0550592245517edd5e9b63885e28035
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json.tmp
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt
text
MD5: 23504351499ff0ddb081467448a748f1
SHA256: 0c218a6b890747c75720c8713c779cb759d13a23b461f19a2f94bf2ae79461be
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4
jsonlz4
MD5: c6127681467e7ee56c5614ad1421d568
SHA256: 37ef06e28bf97a690cd7aeefd62b3913795a31684ee596954d4816c777acf51e
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4
jsonlz4
MD5: e381f4a703d1e2f98bbd4060fbe31959
SHA256: 157141f9ba4e70b10098e61b24443e46d527b7e3a554971ab89a0c5ce6fb51f0
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 785b9b85c379e5be3bd24e8325e66d38
SHA256: c9fcbce6b24c7627bfe301c4f24e9a2369254d8cc0dcced2b8617067a83c9e4c
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: e74fc2282c50c3f65b9b3148e09fff90
SHA256: cae58bb1aa47e8fe28acd17db41c34da9253b460fd92cc80474f918114bd4204
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
text
MD5: fc8d407e716a24297e0b0d384ddcc6fe
SHA256: 23ed6eca99d019555b8dbee5186eefd702cb5981b5716a3dfd985170840fcbc8
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-wal
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 356466ea153bc6aff1c10c7a65f38cd8
SHA256: 84f8e708c9ac0707bc0fb5a38af84d9b0139a5354bbb7c0d3771a28483690278
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-backup
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256-1.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256-1.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.pset
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child.bin
binary
MD5: 1037b5d33bffa67582c2de8a78da509f
SHA256: 050991816aad526abd3d9f2faef32ec947577a388c47ed1585dc56b6f1cf6a13
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.pset
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-new.bin
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.pset
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache.bin
binary
MD5: 5ea7150bb523ebdf30a0ef829bfc11c1
SHA256: 1f6d19ce83f360315601b7d6ed121721ee2d9ef6389258fd0836c5f608112710
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache.bin
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-new.bin
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.pset
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-new.bin
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\82988E125234B9D16F6199A14997F555B98E95BF
der
MD5: 2f42ec19e22b629954f62d42eed5913b
SHA256: 7c161f558a0ff2b7deadd4518afe28648f6e80655f22cb282bd5b523a78b1331
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 473dcf5707d3548adbf94925c95a8d1e
SHA256: 50ccfb1a4ad0230d257aab9e6383d69ccd65fb3ec41ea5eea4728dce7c620c40
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
binary
MD5: 65e942614eee70680464ac4be75019fc
SHA256: 34395085da32c8b4efe9959e3b0d756b43ffed17694d66f39b966cd331bd9a94
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
binary
MD5: a5695cc64d77967232b0c1344c6e72b3
SHA256: 042a22b8681d754671d2018ba109b31a53ee3728d48c6379043f8e3394e7fbad
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
binary
MD5: 95f28ede25c301301f25fbbd9a3c56ec
SHA256: 87763df78772f7d750b0fa5a31eec23e931fd3bd1cbb33beddfc61889da36478
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
binary
MD5: e2cf527ca7550b7e7bdf7311e483a2c3
SHA256: f1e07b1d717433f47073dc54a7d98e3e87b3d0fa88e53466f93ea544af885d11
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
binary
MD5: 3d1ce5e50208f0cb3b979186043a548f
SHA256: 1e13d05d482c3d533dc6035af2b2d6e84749412a5748d1435b70cec8b312340b
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
binary
MD5: 3675254e341df799d4307c1f59109185
SHA256: 23d108134bed6099793f7dd6b8b6e62081ec3b945efdbc7c5e0e779fd9b82f98
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
binary
MD5: 051fb32dece757ba112ac36dc72e3a91
SHA256: 0806d98fb3de55f75d7c0b17e26146567e08c483031526659a4a35d09b97ef19
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.pset
binary
MD5: 956da9703243b882baee1b320e9fb606
SHA256: 45a7cfeb7304cedc0fff05247d16ea745384603e46ca63ffcb2f2603d27f26eb
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
binary
MD5: bdaa2a3b4259ebf8dd87e5769b1bf3f4
SHA256: 8408968dae85e51ea6b0ca7123b0ddfd7425d3013ba311bb1cbe135fff0e5bda
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
binary
MD5: d6acf2573e12afdd7939568804d3fcc1
SHA256: 5525cbf8f8dc41d19ac632ed324e55293a510ae0eeba16d0e3f33c707aa58a0c
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
binary
MD5: 09fbbf39cf99ab9c36514819b05bdbfe
SHA256: 6c2f4152ec6fe51c16b83cc39388f3f8179f592f24afcd9584760ef09a0fb496
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
binary
MD5: c834f081a427580ca4661f1646d92b93
SHA256: e3672be937c311b3e6a2a825f4aa0b3d7bb67f93a336874ef00a185866be1b13
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.pset
binary
MD5: cd6e12988fe9f72fe4a2a529c9eb2a6d
SHA256: 835da593f7efc223e291af8eb16b99c3a1bad5a9e89f22e696ada202fb2029d4
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.pset
binary
MD5: b2a6475baaaefda29e3f21b2e51ec23e
SHA256: 2a03b353e4e8412bcf98976ae589b6af24f12ea5802252394e6345200dd0f5b2
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
binary
MD5: 16c5aee35e9d1fd0e735cfbef142be20
SHA256: 00dce01845d833eff11f38b41499714ee6d3d1b343473c2686dc830cf5297fbe
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
binary
MD5: bb9d8f55e9156fa6ffefa41d2102d400
SHA256: fb97e6aaffb325fa27434d746372d9ecf549e59c2b0476b3da39b42435ab6d6a
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
binary
MD5: 578f74adf6e96eef17ba8ab4d5738408
SHA256: e9780c16075e62e66cf47594262edb17da9b3c6a1dad555a5fd1c91969c81621
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.pset
binary
MD5: be469e82d40529c40a46fe86c3e69d03
SHA256: fb21601b552cd7d9cbb8940912d2fcab1d19707b1d5b9ab0fd0199f89a64fafd
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
binary
MD5: ad03bc546b37ef44db3cfa1e00c2ea47
SHA256: 2fca11241229fd4c5948f4c25657a9bcdcdff44237d0d0450b01ed6496c769eb
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
binary
MD5: c921d8e98fa01b4f303481e112202e92
SHA256: 4ef1038730ec8bc7206713c29a936768831b922c5e6c83355fd62d7401d8c1dc
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore
binary
MD5: 04824a1f92353f43ebb9e7f74b7476fd
SHA256: b48e58ebab82e4c376f16150a3fff850c1111ff1f5985d68819cfd6f0db159d2
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
binary
MD5: ba0009932844173bc8f9af264229df24
SHA256: 66d1c00c04d86e313e9a02775cdf906b1be8d4cd6bef423a1b9e21cc4e9f50c1
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
binary
MD5: 6f85bc4b2ecb49e26b0bd83a821065d0
SHA256: c0b3bc9b3dc507ab654caf72d13c3aefa58c9b13b1e4d14dd8816712d80a7e54
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore
binary
MD5: 0e8fe60ccd7e9b4c32589a5743a95302
SHA256: 2b124d4026850a3cffd28dbacb58aec28f7dcd4d40bc14e52bbe96d60ce4e749
2712
firefox.exe
C:\Users\admin\Downloads\Emergency Exit Map.exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\D0A859652EB27F681D823FBFEFACD5514FF94C4C
compressed
MD5: 93aa857074a0eb84b7e0d8ec443b0479
SHA256: ce7efaf7b4d4f36f516e5a89b7aba0722d93ec6d19d97dbee42a135c5e22d5d0
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F6810ADB962FDDB88791FFD17AE693A87695CC4A
binary
MD5: 981375fede7f3a94457dcd839089213f
SHA256: 8af574018585631a86be6505a2d7502d7e09a7b9de3e166a75c4899a5e738113
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: eb71c9bb9b2ad3d6cf0873c5693632dd
SHA256: 1287beb6d4a6c6463450b0580a93acbc65ed72186196eef0bbc8cabdacc9bc39
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\912659DBC0256E9B463F0523B3CE47CE1F6BE4AF
der
MD5: 5bfb223c7ed698bc695a4c30977d3a68
SHA256: 48e6d9328f9c7785cafe43c672ab8e727fe056c5eedeb089f02c5e9d2a3a7a3b
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F9825E7F2B03B1E8575E08767D2F602ADE5F87B7
binary
MD5: 56261d220f25627921d93eed62d59180
SHA256: 8aa7a820005eca91237643042c2e5ed62e9db45e960ae2e8fd369769137022af
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: a80153fcbf5af2d0de11df36de03d9a8
SHA256: 45ba50a393a0dce5977ec1fda997feb7f503c08f26e7e2e647c31c786b409fcb
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.tmp
––
MD5:  ––
SHA256:  ––
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ffih9nqs.default-1552578796192\cache2\entries\66F684AF9CC570C6247262B47C769C601C2A338B
binary
MD5: e9f523d83e5f787f8eaeeb24f6a70d18
SHA256: 0c1c0cc53df3fb27736931483fa41b0f11451b258ca81ff2172e0549515e9c22
3528
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\updates\308046B0AF4A39CB\updates\0\update.mar
m
MD5: f7d5277b32b43a13906ffa3afea0e055
SHA256: 51ff4afc4338964c56674f97240c384c321044668d29c3736ca31bd10f31759e
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\35E42F22BEE9B8FC361E69EAF7C71AA7425C3430
der
MD5: 08c545c7f7242cb6eecc7ca3b1fdeec7
SHA256: 76b9bf19212494f6c9f2b513b588586f7cef73279cbda4858c2bac953a6d5d2a
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\55F3A8141B0F01292545EBF09A1E053D6C64205B
binary
MD5: 2c57a49c8730fd8ab884ebe92903f292
SHA256: 05d049d82d360e01220e2315a4731a1b07a4af69f9b09f57c8e6d0650e7416b7
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\7104
binary
MD5: 2b47f318fdcfabf9b88818d1f266b6ca
SHA256: 552e9205f11d8bed37e6d3c068cd7393893cacae4f21d922e895fb26b3191a54
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\95BAEEC356BEC9D3AD4375E73CE30EFC19BFB86C
der
MD5: 4d0ca7d681d3b6c2534526e6b5e1881a
SHA256: 037a67f97f39bfa4cb47de989cdb40fdf4c6343b030cef8686b8c59b51757fc3
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F8FA5FCB35058F28DFB1C81396A940F6796253F4
mp3
MD5: 7c4da1e30a63d6eebba3fbc74d6efce6
SHA256: 4d66b95bda08866c7664b8b137198df8326ad3c42e6b9405537ec0956c0511c1
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\889ED7D3567AD5FBD1E56C5FC1C99A715273122B
der
MD5: c9f5b7ae7a447575619676a23b83146d
SHA256: 39e159f97eed321ea7b9aeff527f9d90021c26fb72329f5acbd4a66ba39cf6d5
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A559C90A52D277A58B78D2965A4C687C89DF5A8E
der
MD5: 4875046d7ab722c68b2d8ace69a1f86f
SHA256: e0ae1633b73d773822a1e808038ac039cc51f1d914896cde2b5aa0fc289bcd76
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C02951638079F5C8E9155EDC10ABB9BDC3B385CC
der
MD5: 642b0efd263c23bb6f3ef38b7a79a23c
SHA256: d6334de1524fb37e6484055699356c7c0703ab61567ecd40b9957e093e520924
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
binary
MD5: cd82f4495eafe523b9b6b938c828611b
SHA256: 576a0d2c3ad8d66bb202439b18f9fd563f92d9ddd9582a3c4cce0ecafd4f0908
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore
binary
MD5: d886a47c89d9c49c795da345bc236990
SHA256: a03c5e2656d2f292bf5794c8eeb8d223cd6ba4f4bfb2ed1f325460e879d0bcf7
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2712
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
––
MD5:  ––
SHA256:  ––
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 3bc52a024e4d880d6e0a47679e11a396
SHA256: ee24f82701eae7dea782243546c031f840a882a3aeec99a4109cfe9de5ae6058
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA256: 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA256: 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
2712
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\favicon[1].ico
image
MD5: f74755b4757448d71fdcb4650a701816
SHA256: e78286d0f5dfa2c85615d11845d1b29b0bfec227bc077e74cb1ff98ce8df4c5a

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
22
TCP/UDP connections
45
DNS requests
99
Threats
10

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2712 firefox.exe GET 200 2.16.186.112:80 http://detectportal.firefox.com/success.txt unknown
text
whitelisted
2712 firefox.exe POST 200 172.217.18.163:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
2712 firefox.exe POST 200 172.217.18.163:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
2712 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2712 firefox.exe POST 200 172.217.18.163:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
2712 firefox.exe POST 200 172.217.18.163:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
2712 firefox.exe POST 200 172.217.18.163:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
2712 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3528 firefox.exe GET 200 2.16.186.112:80 http://detectportal.firefox.com/success.txt unknown
text
whitelisted
3528 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3528 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3528 firefox.exe GET 302 3.87.150.141:80 http://download.mozilla.org/?product=firefox-65.0.2-complete&os=win&lang=en-US US
html
whitelisted
3528 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3528 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3528 firefox.exe POST 200 172.217.18.163:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
3528 firefox.exe GET –– 2.18.69.103:80 http://download.cdn.mozilla.net/pub/firefox/releases/65.0.2/update/win32/en-US/firefox-65.0.2.complete.mar unknown
––
––
whitelisted
3528 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3008 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3608 iexplore.exe GET 200 185.158.249.253:80 http://185.158.249.253/images/oHxu3OjFB6DuXsB336/xwufcMOA9/xMobz6uNQpek4N8kbQEU/ptSdo4tfDsQ2ptvuSoa/nxZGiMApwag_2F2_2BEK6L/P_2FR9z2ICiyb/xC2B88XJ/Y56V_2FOwuLhz6jkF5ZgTd_/2BNAEKfFQY/Q_2BN4tO_2F/aMT1FBwNl/8w.avi NL
text
malicious
3008 iexplore.exe GET 200 185.158.249.253:80 http://185.158.249.253/favicon.ico NL
image
malicious
3008 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
–– –– GET 200 185.158.249.253:80 http://185.158.249.253/images/BQ9fTaeIvTP4OYQk/PDM_2FFY340eD0M/FtyRhnpumddjaDNODk/bmb9z0LiM/AvNgoZ8HASFU15dLm_2B/fy4q8bOUeyRwPRTDaSG/Xs9uNpHTf12TwjS9QKgR6y/dOhhEzqf_2FyL/9eolxNo7/ij3BBkjbqQPGGQF/m.avi NL
text
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
–– –– 172.217.18.174:80 Google Inc. US whitelisted
2712 firefox.exe 216.58.205.238:443 Google Inc. US whitelisted
2712 firefox.exe 2.16.186.112:80 Akamai International B.V. –– whitelisted
2712 firefox.exe 172.217.18.163:80 Google Inc. US whitelisted
2712 firefox.exe 34.218.217.119:443 Amazon.com, Inc. US unknown
2712 firefox.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2712 firefox.exe 52.88.150.81:443 Amazon.com, Inc. US unknown
2712 firefox.exe 172.217.23.129:443 Google Inc. US whitelisted
2712 firefox.exe 172.217.23.170:443 Google Inc. US whitelisted
2712 firefox.exe 216.58.210.14:443 Google Inc. US whitelisted
2712 firefox.exe 54.201.6.28:443 Amazon.com, Inc. US unknown
2712 firefox.exe 13.32.223.224:443 Amazon.com, Inc. US unknown
2988 pingsender.exe 52.34.167.99:443 Amazon.com, Inc. US unknown
3528 firefox.exe 2.16.186.112:80 Akamai International B.V. –– whitelisted
3528 firefox.exe 104.16.40.2:443 Cloudflare Inc US shared
3528 firefox.exe 34.252.164.43:443 Amazon.com, Inc. IE unknown
3528 firefox.exe 54.149.111.157:443 Amazon.com, Inc. US unknown
3528 firefox.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3528 firefox.exe 34.213.175.109:443 Amazon.com, Inc. US unknown
3528 firefox.exe 63.245.208.195:443 Mozilla Corporation US unknown
3528 firefox.exe 13.32.223.94:443 Amazon.com, Inc. US unknown
3528 firefox.exe 3.87.150.141:80 US unknown
3528 firefox.exe 216.58.207.40:443 Google Inc. US whitelisted
3528 firefox.exe 172.217.18.163:80 Google Inc. US whitelisted
3528 firefox.exe 54.187.144.104:443 Amazon.com, Inc. US unknown
3528 firefox.exe 35.244.179.255:443 US unknown
3528 firefox.exe 2.18.69.103:80 Akamai International B.V. –– unknown
3528 firefox.exe 13.32.159.229:443 Amazon.com, Inc. US unknown
3528 firefox.exe 13.32.223.218:443 Amazon.com, Inc. US unknown
3528 firefox.exe 13.32.223.224:443 Amazon.com, Inc. US unknown
3528 firefox.exe 172.217.18.174:443 Google Inc. US whitelisted
3008 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3608 iexplore.exe 185.158.249.253:80 easystores GmbH NL malicious
3528 firefox.exe 34.218.217.119:443 Amazon.com, Inc. US unknown
3008 iexplore.exe 185.158.249.253:80 easystores GmbH NL malicious
–– –– 185.158.249.253:80 easystores GmbH NL malicious

DNS requests

Domain IP Reputation
docs.google.com 216.58.205.238
whitelisted
detectportal.firefox.com 2.16.186.112
2.16.186.50
whitelisted
a1089.dscd.akamai.net 2.16.186.50
2.16.186.112
whitelisted
search.services.mozilla.com 52.88.150.81
35.166.112.39
34.213.175.109
whitelisted
ocsp.pki.goog 172.217.18.163
whitelisted
pki-goog.l.google.com 172.217.18.163
whitelisted
tiles.services.mozilla.com 34.218.217.119
35.164.130.113
34.214.20.242
52.43.91.152
35.160.41.125
34.216.156.21
34.208.7.98
54.149.115.79
whitelisted
tiles.r53-2.services.mozilla.com 54.149.115.79
34.208.7.98
34.216.156.21
35.160.41.125
52.43.91.152
34.214.20.242
35.164.130.113
34.218.217.119
whitelisted
ocsp.digicert.com 93.184.220.29
whitelisted
cs9.wac.phicdn.net 93.184.220.29
whitelisted
search.r53-2.services.mozilla.com 34.213.175.109
52.88.150.81
35.166.112.39
whitelisted
doc-0c-bc-docs.googleusercontent.com 172.217.23.129
whitelisted
googlehosted.l.googleusercontent.com 172.217.23.129
whitelisted
safebrowsing.googleapis.com 172.217.23.170
whitelisted
sb-ssl.google.com 216.58.210.14
whitelisted
sb-ssl.l.google.com 216.58.210.14
whitelisted
shavar.services.mozilla.com 54.201.6.28
52.35.215.194
52.35.21.241
52.88.72.192
54.187.176.55
34.212.119.231
whitelisted
shavar.prod.mozaws.net 34.212.119.231
54.187.176.55
52.88.72.192
52.35.21.241
52.35.215.194
54.201.6.28
whitelisted
tracking-protection.cdn.mozilla.net 13.32.223.224
13.32.223.245
13.32.223.144
13.32.223.13
whitelisted
d1zkz3k4cclnv6.cloudfront.net 13.32.223.13
13.32.223.144
13.32.223.245
13.32.223.224
whitelisted
incoming.telemetry.mozilla.org 52.34.167.99
34.212.55.103
34.217.184.213
52.34.248.21
34.214.252.85
52.27.23.108
52.26.72.3
35.167.70.180
whitelisted
www.mozilla.org 104.16.40.2
104.16.41.2
whitelisted
www.mozilla.org.cdn.cloudflare.net 104.16.41.2
104.16.40.2
whitelisted
locprod1-elb-eu-west-1.prod.mozaws.net 52.18.148.152
34.251.59.153
34.252.164.43
whitelisted
location.services.mozilla.com 34.252.164.43
34.251.59.153
52.18.148.152
whitelisted
aus5.mozilla.org 54.149.111.157
52.32.77.100
54.186.118.41
52.43.79.30
52.37.35.5
35.163.20.157
34.218.159.169
35.164.82.230
whitelisted
balrog-aus5.r53-2.services.mozilla.com 35.164.82.230
34.218.159.169
35.163.20.157
52.37.35.5
52.43.79.30
54.186.118.41
52.32.77.100
54.149.111.157
whitelisted
mozilla.org 63.245.208.195
unknown
normandy.cdn.mozilla.net 13.32.223.94
13.32.223.159
13.32.223.155
13.32.223.175
whitelisted
d6wjo2hisqfy2.cloudfront.net 13.32.223.175
13.32.223.155
13.32.223.159
13.32.223.94
shared
download.mozilla.org 3.87.150.141
100.25.78.252
35.175.2.132
54.196.216.93
54.172.248.130
54.84.150.4
whitelisted
bouncer-bouncer-elb.prod.mozaws.net 54.84.150.4
54.172.248.130
54.196.216.93
35.175.2.132
100.25.78.252
3.87.150.141
unknown
www.googletagmanager.com 216.58.207.40
whitelisted
www-googletagmanager.l.google.com 216.58.207.40
whitelisted
download.cdn.mozilla.net 2.18.69.103
whitelisted
classify-client.services.mozilla.com 35.244.179.255
whitelisted
prod.normandy.prod.cloudops.mozgcp.net 35.244.179.255
whitelisted
e8220.dscd.akamaiedge.net No response whitelisted
snippets.cdn.mozilla.net 13.32.159.229
whitelisted
drcwo519tnci7.cloudfront.net 13.32.159.229
whitelisted
content-signature.cdn.mozilla.net 13.32.223.218
13.32.223.216
13.32.223.221
13.32.223.141
whitelisted
d12uj65dsn9ho1.cloudfront.net 13.32.223.141
13.32.223.221
13.32.223.216
13.32.223.218
whitelisted
www.youtube.com 216.58.208.46
172.217.16.142
172.217.22.46
172.217.22.78
172.217.18.110
172.217.23.174
172.217.21.206
216.58.205.238
172.217.21.238
172.217.22.14
172.217.18.14
172.217.18.174
216.58.206.14
216.58.207.46
216.58.207.78
172.217.16.174
whitelisted
www.facebook.com 157.240.1.35
whitelisted
www.wikipedia.org 91.198.174.192
whitelisted
star-mini.c10r.facebook.com 157.240.1.35
whitelisted
youtube-ui.l.google.com 172.217.16.174
216.58.207.78
216.58.207.46
216.58.206.14
172.217.18.174
172.217.18.14
172.217.22.14
172.217.21.238
216.58.205.238
172.217.21.206
172.217.23.174
172.217.18.110
172.217.22.78
172.217.22.46
172.217.16.142
216.58.208.46
whitelisted
www.reddit.com 151.101.1.140
151.101.65.140
151.101.129.140
151.101.193.140
whitelisted
www.amazon.com 13.32.159.80
whitelisted
d3ag4hukkh62yn.cloudfront.net 13.32.159.80
shared
reddit.map.fastly.net 151.101.193.140
151.101.129.140
151.101.65.140
151.101.1.140
whitelisted
twitter.com 104.244.42.193
104.244.42.129
whitelisted
www.google-analytics.com 172.217.18.174
whitelisted
www-google-analytics.l.google.com 172.217.18.174
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted

Threats

PID Process Class Message
3608 iexplore.exe A Network Trojan was detected MALWARE [PTsecurity] W32.Dreambot HTTP GET Check-in
3608 iexplore.exe A Network Trojan was detected MALWARE [PTsecurity] Spy:Win32/Dreambot/Ursnif
3608 iexplore.exe A Network Trojan was detected MALWARE [PTsecurity] W32.Dreambot/Ursnif HTTP GET Check-in
–– –– A Network Trojan was detected MALWARE [PTsecurity] W32.Dreambot HTTP GET Check-in
–– –– A Network Trojan was detected MALWARE [PTsecurity] Spy:Win32/Dreambot/Ursnif
–– –– A Network Trojan was detected MALWARE [PTsecurity] W32.Dreambot/Ursnif HTTP GET Check-in

4 ETPRO signatures available at the full report

Debug output strings

No debug info.