General Info

URL

https://app.box.com/s/jjqjdpu033umaijrpe38y0j3tcmj596p

Full analysis
https://app.any.run/tasks/4214e172-9065-4b06-9eb5-0921ac44e589
Verdict
Malicious activity
Analysis date
4/15/2019, 16:36:24
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

opendir

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
240 seconds
Additional time used
180 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Creates files in the program directory
  • AdobeARM.exe (PID: 676)
Application launched itself
  • RdrCEF.exe (PID: 3932)
  • AcroRd32.exe (PID: 2924)
  • firefox.exe (PID: 2836)
Creates files in the user directory
  • firefox.exe (PID: 2836)
Reads CPU info
  • firefox.exe (PID: 2836)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
47
Monitored processes
13
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe firefox.exe acrord32.exe acrord32.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs adobearm.exe no specs reader_sl.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2836
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" https://app.box.com/s/jjqjdpu033umaijrpe38y0j3tcmj596p
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\psapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\sspicli.dll
c:\progra~1\mozill~1\nssckbi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\actxprxy.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\installer\{ac76ba86-7ad7-ffff-7b44-ac0f074e4100}\pdffile_8.ico
c:\windows\system32\sxs.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\linkinfo.dll

PID
3936
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2836.0.2043988810\512344834" -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - "C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{ce348e4c-7d33-445e-89f9-60108c51bcaf}" 2836 "\\.\pipe\gecko-crash-server-pipe.2836" 1140 gpu
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll

PID
2628
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2836.6.181342058\1211746250" -childID 1 -isForBrowser -prefsHandle 828 -prefMapHandle 1768 -prefsLen 1 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2836 "\\.\pipe\gecko-crash-server-pipe.2836" 1772 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\program files\mozilla firefox\mozavutil.dll
c:\program files\mozilla firefox\mozavcodec.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\mp3dmod.dll
c:\windows\system32\msdmo.dll

PID
3116
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2836.13.533959745\780894971" -childID 2 -isForBrowser -prefsHandle 2600 -prefMapHandle 2604 -prefsLen 216 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2836 "\\.\pipe\gecko-crash-server-pipe.2836" 2616 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

PID
2252
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2836.20.959684223\1414960890" -childID 3 -isForBrowser -prefsHandle 3300 -prefMapHandle 3228 -prefsLen 5824 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2836 "\\.\pipe\gecko-crash-server-pipe.2836" 3472 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID
2180
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2836.27.428333166\1300500139" -childID 4 -isForBrowser -prefsHandle 3760 -prefMapHandle 3792 -prefsLen 5978 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2836 "\\.\pipe\gecko-crash-server-pipe.2836" 3804 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

PID
2924
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\admin\Downloads\Claim_Form_Telecom_Provider_and_Biller_RA.pdf"
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Adobe Systems Incorporated
Description
Adobe Acrobat Reader DC
Version
15.23.20070.215641
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\kbdus.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sspicli.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\program files\common files\adobe\arm\1.0\adobearm.exe

PID
3240
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer "C:\Users\admin\Downloads\Claim_Form_Telecom_Provider_and_Biller_RA.pdf"
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Indicators
No indicators
Parent process
AcroRd32.exe
User
admin
Integrity Level
LOW
Exit code
1
Version:
Company
Adobe Systems Incorporated
Description
Adobe Acrobat Reader DC
Version
15.23.20070.215641
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.dll
c:\program files\adobe\acrobat reader dc\reader\agm.dll
c:\windows\system32\msvcp120.dll
c:\windows\system32\msvcr120.dll
c:\windows\system32\version.dll
c:\program files\adobe\acrobat reader dc\reader\bib.dll
c:\program files\adobe\acrobat reader dc\reader\cooltype.dll
c:\program files\adobe\acrobat reader dc\reader\ace.dll
c:\windows\system32\profapi.dll
c:\program files\adobe\acrobat reader dc\reader\axe8sharedexpat.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\adobe\acrobat reader dc\reader\bibutils.dll
c:\program files\adobe\acrobat reader dc\reader\sqlite.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\program files\adobe\acrobat reader dc\reader\plug_ins\ia32.api
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msimg32.dll
c:\program files\adobe\acrobat reader dc\reader\plug_ins\updater.api

PID
3932
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16448250
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Indicators
No indicators
Parent process
AcroRd32.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221225547
Version:
Company
Adobe Systems Incorporated
Description
Adobe RdrCEF
Version
15.23.20053.211670
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\libcef.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\apphelp.dll

PID
2332
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-3d-apis --disable-databases --disable-direct-npapi-requests --disable-file-system --disable-notifications --disable-shared-workers --disable-direct-write --lang=en-US --lang=en-US --log-severity=disable --product-version="ReaderServices/15.23.20053 Chrome/45.0.2454.85" --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="3932.0.1881114368\1143653741" --allow-no-sandbox-job /prefetch:673131151
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Indicators
No indicators
Parent process
RdrCEF.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Adobe Systems Incorporated
Description
Adobe RdrCEF
Version
15.23.20053.211670
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\libcef.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll

PID
3004
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-3d-apis --disable-databases --disable-direct-npapi-requests --disable-file-system --disable-notifications --disable-shared-workers --disable-direct-write --lang=en-US --lang=en-US --log-severity=disable --product-version="ReaderServices/15.23.20053 Chrome/45.0.2454.85" --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="3932.1.598421289\1783665411" --allow-no-sandbox-job /prefetch:673131151
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Indicators
No indicators
Parent process
RdrCEF.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Adobe Systems Incorporated
Description
Adobe RdrCEF
Version
15.23.20053.211670
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\libcef.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll

PID
676
CMD
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:15.0 /MODE:3
Path
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Indicators
No indicators
Parent process
AcroRd32.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe Reader and Acrobat Manager
Version
1.824.27.2646
Modules
Image
c:\program files\common files\adobe\arm\1.0\adobearm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\wintrust.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\program files\adobe\acrobat reader dc\reader\reader_sl.exe
c:\windows\system32\normaliz.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\wshext.dll
c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
c:\program files\common files\adobe\arm\1.0\adobearmhelper.exe

PID
488
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
Indicators
No indicators
Parent process
AdobeARM.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Adobe Systems Incorporated
Description
Adobe Acrobat SpeedLauncher
Version
15.23.20053.211670
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\reader_sl.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcp120.dll
c:\windows\system32\msvcr120.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

Registry activity

Total events
1547
Read events
1449
Write events
98
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2836
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2836
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006E000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2836
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2836
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2924
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
aFS
DOS
2924
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
tDIText
/C/Users/admin/Downloads/Claim_Form_Telecom_Provider_and_Biller_RA.pdf
2924
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
tFileName
Claim_Form_Telecom_Provider_and_Biller_RA.pdf
2924
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
tFileSource
local
2924
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
sFileAncestors
5B5D00
2924
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
sDI
2F432F55736572732F61646D696E2F446F776E6C6F6164732F436C61696D5F466F726D5F54656C65636F6D5F50726F76696465725F616E645F42696C6C65725F52412E70646600
2924
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
sDate
443A32303139303431353135333734372B30312730302700
2924
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
uFileSize
29011
2924
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
uPageCount
5
2924
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2924
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006F000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2924
AcroRd32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2924
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2924
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2924
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\Privileged
bProtectedMode
1
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\ExitSection
bLastExitNormal
0
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral
bExpandRHPInViewer
1
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral
bPromptBeforeClosingMultipleTabs
1
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFolders\c1
sDI
2F432F55736572732F61646D696E2F446F776E6C6F6164732F00
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFolders\c1
tDIText
/C/Users/admin/Downloads/
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFolders\c1
tDisplayText
Downloads
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFolders\c1
aFS
DOS
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\HomeWelcome
iKillSwitchCheckDay
20190415
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1
xID
42F42FAAE78E464E8363CC80D85FC679
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1
iTime
1555339112
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
iAVDocViewBottomSplitterPos
0
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
iAVDocViewLeftSplitterPos
0
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
bAVDocViewTabsShowing
0
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
bShowingHUD
0
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
bShowingPageGaps
1
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
bShowingHUD
0
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
bShowingPageGaps
1
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
ipageRotation
0
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
xpageViewBead
0000000000000000
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
ipageViewLayoutMode
2
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
ipageViewPageNum
0
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
bpageViewStartThread
0
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
ipageViewThreadIndex
4294967295
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
ipageViewX
0
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
ipageViewY
0
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
dpageViewZoom
1.080215
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView
ipageViewZoomType
2
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
bbringToFront
1
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ioverViewMode
1
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ioverViewPos
0
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ipageRotation
0
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
xpageViewBead
0000000000000000
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ipageViewLayoutMode
2
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ipageViewMaxVisPageNum
0
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ipageViewMinVisPageNum
0
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ipageViewPageNum
0
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
bpageViewStartThread
0
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ipageViewThreadIndex
4294967295
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ipageViewX
0
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ipageViewY
0
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
dpageViewZoom
1.080215
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
ipageViewZoomType
2
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
xwindowFrame
000000002600000000050000B4020000
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles\c1\cViewDef
bwindowMaximized
1
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\Workflows\cServices
bEpdfRhpExpanded
1
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\ExitSection
bLastExitNormal
1
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AcroApp\cRegistered\c2
tDescription
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AcroApp\cRegistered\c10
tDescription
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AcroApp\cRegistered\c11
tDescription
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AcroApp\cRegistered\c12
tDescription
3240
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AcroApp\cRegistered\c17
tDescription
676
AdobeARM.exe
write
HKEY_CURRENT_USER\Software\Adobe\Adobe ARM\1.0\ARM
iSpeedLauncherLogonTime
90062E4340F0D401
676
AdobeARM.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
676
AdobeARM.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
676
AdobeARM.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US

Files activity

Executable files
0
Suspicious files
91
Text files
53
Unknown types
69

Dropped files

PID
Process
Filename
Type
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\jumpListCache\FyIfWsxToJ7C+3NcbZgKmw==.ico
image
MD5: 012111c480290d97c36079a025c7e272
SHA256: 840d34f7508683fda7ab7de97cfd5acafe847bb34b7a1f754a6bbe99b5b7a39f
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\jumpListCache\CO6r5hunee4GP9fcCdUpSw==.ico
image
MD5: 31d2d824472a216470d6804b2f353747
SHA256: 338d5d3a77595f922838d916ddb6f932e545d9730cfba3e77f7ef9ed4205fc32
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\jumpListCache\NZ25c8nxXfI0WczfdW84Hw==.ico
image
MD5: 012111c480290d97c36079a025c7e272
SHA256: 840d34f7508683fda7ab7de97cfd5acafe847bb34b7a1f754a6bbe99b5b7a39f
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\jumpListCache\yJckA8PCJDFSIgfm+J_OnQ==.ico
image
MD5: 88b48ce20644063f896b4773c1ac1d91
SHA256: 4910f163a5cd41c4b118e08ed3499191efbe57cb26df84bf39e71e71254404fc
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\jumpListCache\ITOtwrb7+zscVDaRLOsAbQ==.ico
image
MD5: ed12ef64f7849e1a91f7ea54c476daf5
SHA256: ad5f9bd88ec637992b74b1b56d3653423a26cac65c628b5cefdf240e9b416519
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
binary
MD5: e73d3284035090efc335d37fd799423d
SHA256: 68580730e9a51ef8789e8cb68d2c582c1cbe85a90eb31c27d1272a0e64d1fda6
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF14d909.TMP
binary
MD5: e73d3284035090efc335d37fd799423d
SHA256: 68580730e9a51ef8789e8cb68d2c582c1cbe85a90eb31c27d1272a0e64d1fda6
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0JQAHRWJ297U00UZL523.temp
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\startupCache.4.little
compressed
MD5: 93f32df1a61b83125ca73e6cfcf6bf0d
SHA256: f1bacdc130d9ab043e10487ae55ab900c70740be765983235433cf3eb6a03bf4
3932
RdrCEF.exe
C:\Users\admin\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\data_1
binary
MD5: acfd0b5818d57c186580d56c38db125f
SHA256: c84274aa1a773e66c754e670e04a7f7bc2f2fb53b8246dfe3a89840ec9845d52
3240
AcroRd32.exe
C:\Users\admin\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat
binary
MD5: d23609eb9e6297a230ee5379030afc7a
SHA256: f64b0fc99d21c2dbe3011500ed35921bd97f193c09be4c26b16ccdcbcad9336c
676
AdobeARM.exe
C:\ProgramData\Adobe\ARM\ArmReport.ini
text
MD5: a5deee52b298967638b05dc479def3a9
SHA256: 932ad7d7735eabddcecd281d859df90619225c5ff6d3d5c717b4bcbae46b094d
676
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\Tmp9D1A.tmp
––
MD5:  ––
SHA256:  ––
676
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\Tmp9D09.tmp
––
MD5:  ––
SHA256:  ––
676
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\ArmUI.ini
text
MD5: 864c22fb9a1c0670edf01c6ed3e4fbe4
SHA256: b4d4dcd9594d372d7c0c975d80ef5802c88502895ed4b8a26ca62e225f2f18b0
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
text
MD5: d6e6dbb749820e41ef346a0961425dd7
SHA256: 1c5764d055a8c63bfef41c3a3410bfabf4977bbf0142f627c731b0b7b36628e7
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json.tmp
––
MD5:  ––
SHA256:  ––
3240
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: eaf38a0b83c76d49fc64483e9b3d3591
SHA256: 5a56334ea98519de8c33fa7532f29b5a133741cd7f2693ff2d1ff3a1d00f4838
3240
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
––
MD5:  ––
SHA256:  ––
3240
AcroRd32.exe
C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9Rcxkjtu_tk5ncu_2i0.tmp
––
MD5:  ––
SHA256:  ––
3240
AcroRd32.exe
C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9Rmfh4zg_tk5ncs_2i0.tmp
––
MD5:  ––
SHA256:  ––
3240
AcroRd32.exe
C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9R1wwgy9r_tk5nct_2i0.tmp
––
MD5:  ––
SHA256:  ––
3240
AcroRd32.exe
C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9R1cd5dut_tk5ncq_2i0.tmp
––
MD5:  ––
SHA256:  ––
3240
AcroRd32.exe
C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9Rh16at7_tk5ncr_2i0.tmp
––
MD5:  ––
SHA256:  ––
3240
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: 70b43ce5156f69f72ddee70f32838cd3
SHA256: e9a7041e2150f903a86af3cb7f3e553b19e6a65b96820261279556255f86fe8f
3240
AcroRd32.exe
C:\Users\admin\AppData\Local\Adobe\Acrobat\DC\UserCache.bin
binary
MD5: 5c1c459c43bbc98e50861c4ff7223a4d
SHA256: 429bdda31a0df807d3a52e4b57ccc623c468964cb1b452995723249b4919a338
2924
AcroRd32.exe
C:\Users\admin\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst
ps
MD5: 0d5624abbf1c79aec38cbe52b56038b4
SHA256: ab5a46ba09f515e56892c0270d67eed215e56e43557b83a2ce295f2ed87d09d6
3240
AcroRd32.exe
C:\Users\admin\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.3240
––
MD5:  ––
SHA256:  ––
2924
AcroRd32.exe
C:\Users\admin\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst
ps
MD5: 25e48f152f9db94dd9aae6c296e3c98d
SHA256: a26c91de905ebb8932ca931dbb68d589d058e7dedffad02039fc8740e9e7beb5
2924
AcroRd32.exe
C:\Users\admin\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt15.lst
ps
MD5: 76c993d6e29fbe12da4525151364653b
SHA256: f1cbecc2d9952366ce231e4b651ec8354c17288aeb1908b4a01b6e5a29f6270e
3240
AcroRd32.exe
C:\Users\admin\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt16.lst.3240
––
MD5:  ––
SHA256:  ––
3240
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: 26a8885ce9b1e03aac7d6ae6e1343801
SHA256: 37dd44e1ab880b4baefc5abf97b1e24444fe8a3d880a245199ae16e7a520c5a8
3240
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: eab71718813cfe89151bbfdc77f7a471
SHA256: cb34a1f8ae424cd9d25fc4a2081ad0f8a5943a027ec5e30d7a02f5bd56ec80a0
3240
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: 0b8bdbb076b08e5036ed7e9d59564860
SHA256: 60e1fe70c2c455f22d9be3e19cab4ff36c4d12d92b5058ee5ce71a8c8373e3eb
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 5b3a15624117484807d9b711365f85e6
SHA256: a50af8dcc6dde77c6adb04217ab992a6e5975d4261a354236c2671a5523fea54
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: 8187f876bbd9eb13fba5e4293a0e3e04
SHA256: 8c54ae40682cd300185fdeaff78da3d333c9b6940efb397387a81686d255f007
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B08E9F6B7A49093068D91A0B23CA3580D9B31615
der
MD5: fbe240a46515047424a00712f07493b1
SHA256: d75f2674356063221b3e296542f5bf09db0f84ebd26d7e146dc0b09be2094e89
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\FCB21340E8E7340F2F764BE8F0BFEEF8A32B01F5
der
MD5: 55cca5502d42de1419a8ec0949c56da2
SHA256: ad8e14d66cb0afd13c3de07de03f1b2394cb60d852b424f8778ff5fb30754fb2
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DF34FD08A0D34587BBC3E692D106AC2F66AEB180
der
MD5: 68873d9d775657417eb434f6df36cd69
SHA256: cd4c65971abc456d558194c8639f13da3a30a1c1faad6681f33f7ee5dd25c0e0
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\aborted-session-ping
text
MD5: b5d2e9522b8859573fdb187eec851853
SHA256: b5aef2aaf9a095ffb0ce8c374db36c28d0dacd00887f475295ba166bd988704d
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\aborted-session-ping.tmp
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json
text
MD5: 85e5517e2aa144d7fc9ace42141fcf41
SHA256: 211cba54dde7a24910140905109236a3dbf749965472ca5f95dcc6a029a59e86
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json.tmp
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: dbaf0e0c62e7811c4cc0cfb0399735f4
SHA256: 52045856f207987cd5646c845777662818741b3cc9525b567f81451b535315d6
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\Downloads\Claim_Form_Telecom_Provider_and_Biller_RA.pdf:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D1770E2DC49449198CEF9D1A01ACF4FED57E1796
binary
MD5: 4f546e248636faebe704622377e270d4
SHA256: 3232069a163ec7537207781d067f31664fb3e4f0148714a0660b852be457c857
2836
firefox.exe
C:\Users\admin\Downloads\Claim_Form_Telecom_Provider_and_Biller_RA.pdf
pdf
MD5: 8fbb7fdaf50a68ee68734e126bacf810
SHA256: f205d6f91e2d3b90bb8ba1c1e3a9d01a33a9f9b5010faa9348d3df9e03a4314f
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\362781FC22C0B9648847232B948C11A2BC139EDA
der
MD5: 885e0e02f5634cc5fc2ea38249e624aa
SHA256: a1b412275d98ad0937a54e125fc89c0c82b5de0beadc3ac285ca52d93b32c3b4
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4
jsonlz4
MD5: a6338865eb252d0ef8fcf11fa9af3f0d
SHA256: 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4.tmp
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2A40DB77354F598BF3DBB462B4ECB74995E6478A
binary
MD5: e3a13ab33fde54d1860ac4084a51a857
SHA256: 6a20b24145a11b796323b92f9e2a573c2de2dfc17dd13e8526edd70c549e2d7d
2836
firefox.exe
C:\Users\admin\AppData\Local\Temp\YgvD1_SX.pdf.part
pdf
MD5: 8fbb7fdaf50a68ee68734e126bacf810
SHA256: f205d6f91e2d3b90bb8ba1c1e3a9d01a33a9f9b5010faa9348d3df9e03a4314f
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite-journal
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E83B3D7A34C90144497BF60870CCC479899BD8FE
image
MD5: 692149366df26612b9d99e7639b20b94
SHA256: d5ada8ab2499122b924e1ebc8e091b1d21cefc08bdb89c77b42e2d54cba71988
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: 1944e7e6598b6dd3719f7468c7a53bae
SHA256: 89286a3a2aa6f5c216b02067b2a9747905cedcaab1823c98cd460035081e4b67
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 1cefa416a86dfca6985ed3873202a97e
SHA256: 7fc91b27fdf3cef836cf87411673611229001db51294ec1b29d35c216c17aad1
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 8187f876bbd9eb13fba5e4293a0e3e04
SHA256: 8c54ae40682cd300185fdeaff78da3d333c9b6940efb397387a81686d255f007
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: f10c0e2824a1e75a2c7d2cbea3663d7d
SHA256: 936b8a3d67c1b20907a41ad7b1c5dc47846c9b46977a5638a2761e6de42bb319
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2A40DB77354F598BF3DBB462B4ECB74995E6478A
binary
MD5: 057fddf45fa458f0ff82ebba971f7397
SHA256: 0d7b2ea43e6e85b2c4798e3dc2b88c2ea9d8166bf79c586f37c1dc23aa0494ad
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\31876
binary
MD5: e782670912b5f01dbb4bf30729515a00
SHA256: 092f7d88b627116e821cf55d0bc9a8756266b131224dc0e2b54c821057311948
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\51C896EE80CA30B056D883407709168AE18C9B4D
binary
MD5: 2780a1792191aa19729c76074b769114
SHA256: 79dbf6afd25586f17ca75008bc95a2cbc4881d78a56d5a96025a0469cb28eecc
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\28C0005510F3664486C1325EAFF34B5E9D2C9D7B
compressed
MD5: 12fe861774f8defd624939e6a17b31d5
SHA256: d3283200130f15f4b5f4f0e09af9f3b027e617bef17e0115a17b6903e7f092db
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\039A73C609F28583CB6DF581AE0CF71B36FD14F9
compressed
MD5: 553aaf91620cf2ec7fb4157bbe694dfa
SHA256: f0d91e5e28b6ef195c29379b54596bc9d37abf7eddc0a0d3645ad075c1cbbdc9
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1FEB791537CF73D73D7FCEBF5B95242FB0842D4C
binary
MD5: 3c1824e9652142113e8bad8794006ca4
SHA256: 0caf77f294b2feada76fdaaf9a7c7f8c3b85e00bce3b9b430b1ad9dc89b83463
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
sqlite
MD5: cdd5ddb307c08ca6c3ac988d89a44768
SHA256: 59bd9106363ffcc61b96829ccde28669e9d806ccedacdb2ea281700802332d9b
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: f10c0e2824a1e75a2c7d2cbea3663d7d
SHA256: 936b8a3d67c1b20907a41ad7b1c5dc47846c9b46977a5638a2761e6de42bb319
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: 2ff6d340f919332be5d69fdcce4f3f44
SHA256: 32661148e9635c5ed9e8ddea5d638d76807ade6c63d4e3b9b0070c38c647d0e1
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\67A66CEC2C3F9475DC60706B80D6E820A1C6F7D5
binary
MD5: 042263f6346ff9001334fd146513b374
SHA256: 7852e04ce4dec63b332f010b078b9f917e7c65d904b268f67a704f06026da676
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2A40DB77354F598BF3DBB462B4ECB74995E6478A
binary
MD5: 1fcf3220dff299448d5564d4b7251aae
SHA256: 34b3180571055551ed09d62ad301672b637548636623969aef4f84e22da9612e
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\67A66CEC2C3F9475DC60706B80D6E820A1C6F7D5
binary
MD5: 796695ef86e83a09d5b2d466d2740c78
SHA256: bc8527605364efc343846914b7ed19f6f5b77ba33280c513886dccfde14f9d4d
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: b8696299faf642c027b6c5fdf5f0cf4b
SHA256: 4cd2beb58184c4f33d32473a558eb05998d5adbbb9fd2b5754b3d2a416aec80b
2836
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_uco9VlNyUE7bPfZ
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\491F289AD0B37F176E82D588C95524BD549E78FD
cer
MD5: 51ff4fbf15b608bd80a42bc1cb65966e
SHA256: d770c8bb92f4fc5001f8434142d2070ac2bae902e67606a020664293fcf9be6a
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D00A688072D5E651DFCBF1F615D0FF8CC68B8989
binary
MD5: 2812d4c3ecbfd97516687697a039ba33
SHA256: 2572855e1993a509ab0b26fe5c3cc7f9e42cb3b0326f6167d080a905d51053d6
2836
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_qyJx0FXt4xAb4gs
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt
text
MD5: 7c6486e0e286739cb3bf14195b438d6a
SHA256: d3311f69feb662b1fe2a600c2fd4f7f3e3709d5a7af85a8259c88b80cea9841e
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations-1.txt
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EAD4A64A0AF73119D9717809EB7339F0DEB17892
cer
MD5: f25d92e2c69518eca7131f6051d0d011
SHA256: 5eb1f05b22bc7f0ab86c347ae181c52518cd3d750779d441e797beea107e3e6f
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B8469062C8B9A5098D81A620DCDEBD69BE523333
binary
MD5: 01198e3e93ae0c47631ca533750c345b
SHA256: 3e83bbc7a9cee0c80e7c534006db65626bb7fad84476427c18e7b3eaf1765522
2836
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_SUz6Zm8LsHu44kV
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 299dab0edcbb6a204b7de77daae758c1
SHA256: 344645322351260d36b8e307f923a62f9417e42262a85814ad42522b08d26b9e
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1E137CDCFC633D2DB96378E90D07058F8E2DD90C
cer
MD5: 694317e9387e8a0e4db5412641643d95
SHA256: 5a16c47d3ea4f407b907a907a31fb07e1ec493fbd329863aa791ccc42177da2b
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DE23B389EB6A29BF74711D30F79F0B21683DA2B7
binary
MD5: a2ae2ee77dfb72eda25a15b3afd6f2b5
SHA256: 83c86e5a8410141d1fc793a39cadc1e1595593d2dad724ddf8c54ebaf05cb905
2836
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_guoGJ48b3tqAnaF
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_3jA7c39gCrmMDYB
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: eb1a07c8109ceed5a889de0e32d8150e
SHA256: 25cc035eed89d74169f060dac515756a6aa52b4fdafde92c07dd15f07f019391
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1E137CDCFC633D2DB96378E90D07058F8E2DD90C
cer
MD5: dbf12489829736eb4bb7a5101766c466
SHA256: 600724bbc73247452250758d15ba44ebb6f2bcc253fc42a4b304bda0aa317193
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\28C0005510F3664486C1325EAFF34B5E9D2C9D7B
compressed
MD5: 68d0ad35ab3dcc51e7c678a9049161da
SHA256: 161b2f6adb355fdd4f0b282029294c4aac078339fcaeb1b1239f7fc96d286de8
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\BB28204BC6067E25A3AD8D1A461D3E6D70343DF1
image
MD5: 9007d1f2d951279b19edd6dcbc4c3f6c
SHA256: b5c39ceaabc3ad9c676911149026feeadb046678e0da76ef71d80defd50fb1d2
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A62DAA8951D1736AA922A207513B2B70D523ABAF
binary
MD5: 994f3c64b1724e47c47b962664799e7c
SHA256: ce182b4f99cb533ae5eceb06fb20425c8fe2752714f122b9a33d3496781b437a
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\51C896EE80CA30B056D883407709168AE18C9B4D
binary
MD5: e782670912b5f01dbb4bf30729515a00
SHA256: 092f7d88b627116e821cf55d0bc9a8756266b131224dc0e2b54c821057311948
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C7E0E7DCECB1DDCA4BA2F4CD7D519A7BBF68B33C
image
MD5: b23698aabf80290786f985a1706577eb
SHA256: b2fc8cbeef5003f52f74405f72234574218714807095969329bc7b4fff98f3cd
2836
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_1zLpRA1mLnrllXg
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: 71876408b957a2bcf3adad209e7e4eab
SHA256: d85031041e179f4276cc9abc44c2d3529d825d7ea10e5f36e5b0d9c58352e95b
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 67fa989719482c73348b318d5b07f944
SHA256: a756236f1c2fad134521de4c521e159ef43560f3891b8a74d67fd639da01413f
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3BB6BB23EC6DC3901868DDBA7EB41DE2293E7178
der
MD5: 88e3a693002e943380f9a45f5b39faf8
SHA256: 2f1256c5915fee92b1ee94437a200d9eaac9185e1e92737ec288ad8c48c79429
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\40ACA0237B577926D3E07B1EE8A424A40040E371
der
MD5: fa6ad6e6953116a8d1a6191dd16a24b5
SHA256: 0d476ca571c99641c8b885c0926f03e0aafbca076fa9d2ba3f4ff7cc7a0b7e9a
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
sqlite
MD5: bdc6179478471bde0a1b043b60ac1fab
SHA256: ca5ca12a4ea9394fc7106ac855562302426ab8ecf9523e7b26d51eb1c66b5e68
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal
binary
MD5: 93f2dabd455450da1e8665ff8f47e6e5
SHA256: 749c921e5907edbd1e55de63f243f12c77e2c2cb14b37e87c58d945260b8ffdc
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\84290E5E89E072326CC6F80FF0D23C898E9B600B
binary
MD5: 6d0d78eb7ca79e6621dfa6f7b359e14b
SHA256: 225a59a01bca7b7a80d30647196ac9bbce22e3d4ae83cb6de37c948dbaebc984
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-journal
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1FEB791537CF73D73D7FCEBF5B95242FB0842D4C
binary
MD5: 0f446d9a23d0a59546f093692632a80a
SHA256: d6334746db18e53296c4fb629c3a5bac1b7c56513d504faedff1e7ac8740c3dc
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2B8FB3A7C1E8990CE64886D66718692D2B2ED2BC
binary
MD5: 1a563a5a43223a75c6c74b232c0843bc
SHA256: b1069729fccb547c22e4e131f0047e4523b80275f5b3d4cd52907dba5259a4fa
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\039A73C609F28583CB6DF581AE0CF71B36FD14F9
compressed
MD5: 6b5d238d7f692665b8a46271736c2735
SHA256: 71809d29ec6ddfe4e01afb9a3f8afd80bcbc7cc7099404f3d2e534cddc64d142
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite-journal
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 2ff6d340f919332be5d69fdcce4f3f44
SHA256: 32661148e9635c5ed9e8ddea5d638d76807ade6c63d4e3b9b0070c38c647d0e1
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: c46d60b9b7bc82a2c3b10b5231161ff3
SHA256: 8aad6ca196c770ce09868d15ea3e320e47420faccd1d8ede6e24a890f3849223
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\72372322B7F5712509885396E5BE4232E19E8C56
binary
MD5: af50fe4304a857831885b44d1420036d
SHA256: 192e680308dc28299f1795dc393e026d10d92f481b24350a4517751a1ab42194
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\40E7E75FDC90051B3924D71C7B2CDAB284F8E0C1
binary
MD5: a8b8c49fc0500b8fa2aa4c8906209b87
SHA256: 21979881c0f232c83714d14fdd91f38605fb21e98f02b43f87540c5a6702b94c
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\472AD0894F4FF4E703845C9827F196666DCB4F93
binary
MD5: 69abe5e44de478dab9d7837374b51e57
SHA256: 8b4de9f47a9e30cec490019830698887e2ac3039ae17b8094e17fece74120c5b
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\54CC554065563E0D6548911235C7337877A55BB0
binary
MD5: d0ea1900b53231bb97902fa0eab14396
SHA256: 3c487b3cb208644164ac6bfd3aec3b4a1c51ad2122d129d7cef4c3e9d628cb85
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F0DAD3BA81E8B5FFD2A41E7AD151E5FE58D9336E
image
MD5: c83f9d318d85e052fb484d85b0801b6e
SHA256: 1641688e443aca07996f6b14193bbe8905ff6c47a06c23a06e5fe446f23c6ac1
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9EB5B0BB94BF72B77AB865315ADA9A9FC28C1DF5
image
MD5: c3a72c8e49d791cbced9b651a9b2a58a
SHA256: dbd29b091a6086eb38cb369254223085dac673a02c320aa415be7389fb23e5dc
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\72372322B7F5712509885396E5BE4232E19E8C56
binary
MD5: f1fb498a1e5b451112e488fb563a12bd
SHA256: 4df6a70a00629df9ed07bbc2611f0fef6a355b38bc181177eb29ad17b808c6b7
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3EE4EE619252F359E0BE410E250D07FD161CB240
image
MD5: b2886fd9836962c3068fc691516a5dc1
SHA256: 4a88eb3f7701d6754e0603ccf8a6beaea40ab10fb8f9ed0785f407be21440f73
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E610F61394611BCF81A8385B3B3AB215E6D03337
der
MD5: fb9f58ae1b1a172a0e3b46d41765a0b1
SHA256: 93eda34047df8896626ffa5a33a2959a47a149d87f42440aa0ffa69dd59958d8
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\039A73C609F28583CB6DF581AE0CF71B36FD14F9
compressed
MD5: 9dca445b56dbfe044700fd28df1307ca
SHA256: f8c2a30fc9acae1f304279a529737f6e4ef0f6f77d66a20a4ef3c13f0959a025
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
sqlite
MD5: 4545ef2e7028cb212e260820a7e8042a
SHA256: 4d03b744e63452326d0ff7d54309fbd1e298850212a4eeb1bbfb93a5d0fb17a5
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E2476861566C3B05CC579A35455B2304A0BC3330
compressed
MD5: 4896d9f821c5eb54adeae59a284cc188
SHA256: a95e849062d25eee8185913d07843c0590ba94e7fce6318af31880f629487477
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 012d8499e70ffe8dc48df220e1480e5e
SHA256: 1ff99e768bcfb5ab6f3e8f60cebf1e47160029c6b9b2732c9aa47858f8c5122b
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: 6ff3a090dc44847c36531b125598a799
SHA256: f4e7fcdc919cd70ad916977ce2273a120c66ea46636af315f5c1f7301a2718ed
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-backup
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\jumpListCache\pV+3TL7Nu3EP5juvr_gPjg==.ico
image
MD5: 847cf8580806fda649b20afc264f4736
SHA256: 0697b6004d8408ab86ccee76bb59eb07a9012e6f3e7adbc01f6e390f5c9b8836
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F2FA369D8C8B1D96BF3BA6C0903CEA55E09E780F
image
MD5: e76ec278d896ef1e3b28882cbe37351c
SHA256: 5784d8f452fa329cd544a6055142041a0f97e5a1fb7ab22e8d976773eb01c7b4
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
binary
MD5: 54e9217edb8a341f9395883236bb1c02
SHA256: 22ec20fefe180fab7deda4f96a34c4b2b05b37066a1110d3d1dc33f3d9e11628
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.pset
binary
MD5: c2880f89918d723c065aa683a24ccbf5
SHA256: f654f7f098b599ae27fc9e24e0541a105e02d1c542a6ba96a8de143f29622104
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5C43C819FF396BBB650E7640759874C9E1FA1BA3
der
MD5: 25cd80af7a68e356c209e185d0a45b09
SHA256: f5c77b264dae8415a04cdeaec1923e1b9bea4fb108ccc546ed011007fdecb57f
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4F95509488085F41DBD52ED538916B19657666D3
der
MD5: a3a231fb2bd8f034afd8ecbb3f10c391
SHA256: fa5fc227942ef05dfbed78155ed1f2a5d6c7a8219454e571a2428e5fac3d0796
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child.bin
binary
MD5: 558efecb4cdb09a52b64b7737a278a26
SHA256: 660da5a16623cb99f05b166ef13dc4da9b481c5c73ad9d714bea1c9fca07d4d6
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-new.bin
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache.bin
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-new.bin
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache.bin
binary
MD5: 9bd99b73987464318e8e3a5353bcf613
SHA256: 1a68df2e4081a7028c64c3fcf721df4b4df7cbdcdf4bc8386b76502a6a3f177a
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-new.bin
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9458C65B911A815DA8FA9F140080A22FD5D6C73C
der
MD5: 236dd317c04418cd3002e51bfdbeb287
SHA256: b6063a45e391b70bc2d4c33efaa4715be08fb0617f405cc75533e5b977409c97
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 0cd45f76496bc9399a56f24ea77ba9ca
SHA256: d4a2428884a19827d861602f91cf91d056caea74c20b55fe65233d6858585a37
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.pset
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\5556
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\85D2EFCE8C54C685237D92EDF848BA8D5BAA02D5
pdf
MD5: 490a2d8b216613b45666046f5a23dea8
SHA256: 0faa1caec14efe474cb3eaa1909edea72ead49d9a8c268374a7f9670cd19ff6f
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
binary
MD5: a5695cc64d77967232b0c1344c6e72b3
SHA256: 042a22b8681d754671d2018ba109b31a53ee3728d48c6379043f8e3394e7fbad
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
binary
MD5: 65e942614eee70680464ac4be75019fc
SHA256: 34395085da32c8b4efe9959e3b0d756b43ffed17694d66f39b966cd331bd9a94
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
binary
MD5: 3675254e341df799d4307c1f59109185
SHA256: 23d108134bed6099793f7dd6b8b6e62081ec3b945efdbc7c5e0e779fd9b82f98
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
binary
MD5: 3d1ce5e50208f0cb3b979186043a548f
SHA256: 1e13d05d482c3d533dc6035af2b2d6e84749412a5748d1435b70cec8b312340b
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
binary
MD5: 051fb32dece757ba112ac36dc72e3a91
SHA256: 0806d98fb3de55f75d7c0b17e26146567e08c483031526659a4a35d09b97ef19
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
binary
MD5: 95f28ede25c301301f25fbbd9a3c56ec
SHA256: 87763df78772f7d750b0fa5a31eec23e931fd3bd1cbb33beddfc61889da36478
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
binary
MD5: e2cf527ca7550b7e7bdf7311e483a2c3
SHA256: f1e07b1d717433f47073dc54a7d98e3e87b3d0fa88e53466f93ea544af885d11
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\661BF5E80EC6148E8DD921837E71097A7B944EF3
binary
MD5: f8916253bbb61a896dc0fe800cec3f8c
SHA256: 13dfca813d8eea3eb7be4492d49ee59b2f94a65ecd858f064212b26a7cdfbb09
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1432F645013AD26CBEEFF5A058F5AC2491739FF9
binary
MD5: 6c79e8abfe088964e62abbfedd9dc4ec
SHA256: 3ed6d1f235ad0b0147781b76944b924752eb8e3598e92cc6cd6b77da0a9951a0
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\85D2EFCE8C54C685237D92EDF848BA8D5BAA02D5
binary
MD5: cf442dfe69e80c822fb8d8552bc0f91b
SHA256: 9e2a39ec23cc38d8cfd21f30b03322516e8a05e09ccdba77f202db0feb6d96e6
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\25218EE79CFF5F3AC18C58CFDF44A674E3560C47
binary
MD5: 1640c2e882854a7d562e03112b6270f1
SHA256: 094fd7242b73674231e344c5f044e93f8c69e759b46ecb9ab7d62c8818a57292
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9B131AABC70FD223DBD7BAE9617A33D8663DB757
image
MD5: 616b2ae411ad23b220a3293e8f87952a
SHA256: 65a467421278f9fed5d2251d8bad34f6f51b72c419c981404959aa1fefd7b713
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AE0C57E1DFE4B500C044BA61C074382894D23319
image
MD5: a22a16bed5b89cdd4aed6ce4afdfe3fb
SHA256: 5e9be8945afd7b55644a7ad123459d03eb16e6465b68b6611b68a2c62c068c8a
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\395E16E543FA81A464DF7FA064683D65F5CD5197
compressed
MD5: fa5682af8d7708e846a054943aa2e00d
SHA256: 5c3b3ecccd21f08bf7b2022f038c969188bc964dc1e5b1a632b59aaf24ed8f37
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D860670768BC73FB61BA47E9F5054B07CD0B1DA7
compressed
MD5: f3f4c16849d6592ba57337a425783474
SHA256: cf342ddbf51d0c4aee92cbdddd69a95f21a6d88f9f5848bb35f9edc35ddbb61f
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5F8376F0911D901332EA58D469FFE7FDE7862A6D
compressed
MD5: 6f68341a2dd3861453a11816a324f3f1
SHA256: aceb51df4916edb2366680090271ce47d9e4b67332a12a5fffb704113d5df3f3
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\100710101E1EA61824AE17AE6AB494E75D9ABB78
der
MD5: 2d00ba15b3244dde3b37df6106484f8a
SHA256: 45bb919eecf335de5b78224a5ffb7c1fa1721706d83b231494567e4cdcf9579e
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DEA4738318B11597DFCCD89D8EC3B3182A51B993
compressed
MD5: ebe6cfcd7d733ca2ab1c8f0693aeed16
SHA256: 632d958075d128a88e31070f87ed771cc5b4b4c4083c72db515008939347165f
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: c46d60b9b7bc82a2c3b10b5231161ff3
SHA256: 8aad6ca196c770ce09868d15ea3e320e47420faccd1d8ede6e24a890f3849223
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E11E2186506B9D3660DD4FA0BBB3602D073F6E9C
compressed
MD5: c127cb937a4138f5045430c08817e522
SHA256: 07e56e991389fb643c5b9e41681ccfdb8d9b6f274093f106f447fb5b36e93212
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A7F9FFB8273C4F3B825684AEDAC56830900FBD23
compressed
MD5: c9cd7c60353e4ec9dfc364ad3e595f9d
SHA256: af9f2e30cc732199346f9e59508eb7e76f7c75e95b86f429849a19b3bf1e14ae
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8AAB96AB8E85A8B1AB28AB5F9EC273194BA681D4
compressed
MD5: 8683e2dc7f99a0247e218381f0e4748b
SHA256: 31e5aead4e199d19733506532af13cfed092407dea223c35ffb592eb1d520e9b
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\443EF55EF7FDD272233344CFB417E23313C62643
der
MD5: 2aa380de47edae0d9abdd9d8536c4772
SHA256: b89fb8285d88f5504aabca0e38a89a17e446bd58f5726512ff52b1b105036d52
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4363120B190C6AD1416694BA46276A43152197EB
der
MD5: 358c4894affbf6625371f44d0db0b569
SHA256: fa6c2fa5ef7e4bfe13adb99b628ea481f7403debd157f6f88da3fc487fd8e010
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DBDD2420B96BC346F133A5D838936001A102CCB3
woff2
MD5: 6f6af82f7eae1759b0b55167bbc29781
SHA256: d3261c65e60aa50d373d50c78e0129aa42358173d0d830ae4358427af538318b
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\54CCE34C8661CACA3B1727F05F0A22AA693521BB
woff2
MD5: e27adaa04a8f6590d98b67346627ca4b
SHA256: b3e25fba93ae33e45df1dcbb11ecb7a6d2ca438a69058976a96af93db1170920
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\70A2AAF1F5B5FB48CAF009AECC297145F87BFB9C
compressed
MD5: c7ffdaafd4f24b807ccdc3ee3dcc58de
SHA256: 6f3f1672e71f3cfa70d8f12826dc794ca7d58432c79a60f2cf577649a15893c9
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\248A67E0C28728B44EA2773F3E2772172117AA26
compressed
MD5: 2a60d90ad343cc6365c6cb2785d9b09a
SHA256: de5925e6d1a6bf111553abba0e603fec95cc4e22d68cb3ce28d5b730fb28c9a2
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AF41A4B39267BA2EBC6E1CFB6A8875F3C3CA67D9
compressed
MD5: dd8cbf69dc379aad10da13a51074f74f
SHA256: 630111f39b9db35aaf36a1c0aee0862775cd946c9aee580d1a339ccde29ed2b5
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2C67BDA660CBC4183E0D39227A65F4F5C5B2D409
compressed
MD5: b2d55e7ff8e4244134de0c0a92331791
SHA256: d89bcbca468a520bc84440f70cdbea14f734c0543667f7bfc623e876edef1ebd
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\231B50F0E48C780115C49AA16203A3537E9C1AB5
compressed
MD5: 3d10f05d1ba403865352d59acf9afa6e
SHA256: dc9ecf742a7ec22927741e20e2a8ee74df16acd13cc5b5b63f6b1a15cf922df4
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\11E0BA8BCF457E577EB93339C0026E870365CD8C
compressed
MD5: 3578d73b273507affd38d29db240ab58
SHA256: bfadd4c67a55384f53add3ade6e57ad05d5f798591e28571c9e4def13249ba82
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\temporary\https+++app.box.com\.metadata-v2
binary
MD5: 9bc8d240ed88b397dc5a18dacf843f01
SHA256: 15efd198c1a8300275d2a7143e11f7e182032c5fcbe662cb015aea4ee8171297
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\temporary\https+++app.box.com\.metadata
binary
MD5: c38852691a0e813a85cf428ff5911012
SHA256: dfa362b2df36aadd7100486fbccf955b5b39ad65ccd9e0cb4e31cc7367f16f2f
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\temporary\https+++app.box.com\.metadata-v2-tmp
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\temporary\https+++app.box.com\.metadata-tmp
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
jsonlz4
MD5: 7337d087ec76e87a76778b4eec5e8e63
SHA256: aa4398d1716aadeb35a4ddddc4e7d2429c71defd15cb45401938889f5b2f05e0
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.tmp
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1560FF6BE783988DE5FB8072E06FF93A124E1C63
compressed
MD5: 439fb9796fe14c2e8542816a8f0830fc
SHA256: 9f3d1b73001de6babc150e81ba61a7ce48150c4f756af3793dbab667f7d31185
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4EE7184D7031F673909A40C31A4A5C6AB6E92FF5
compressed
MD5: d26b2cbadb8ec9a91503f3dd4274626d
SHA256: 040623c98d2f79f1d9fac37f7d1cd012419c02f9425c02856f62db909e444c1e
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D5FEA10D93FA58A6B47739826446D1C84CE4FF4E
compressed
MD5: a1bc3f280f13fde1a6db76a4b3f397db
SHA256: 164fb295a8ff395e031749ff6976a85d65706ef60bdff7ff128368ace7cbe781
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\47EEE9E5F2BDCE8B98934566EA57B8E7FE908BA9
compressed
MD5: 4083fa4b03c6c1792265e533021d41e1
SHA256: 2b359af3cf797ac18d4b7e51a6e76c09518d1ee5c0eb6c3dbdefdcfeea589e54
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: 98e3d7c485f129ad24df96ce1988fdea
SHA256: 675f0f68de8aabf989ce451b5bdc56cc6c6ba3c1d9b1923e6e7558f116575c41
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.tmp
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\39126A054E0D18DFDC80C049287FE715D7665C9B
compressed
MD5: 0ad3845be2189a50d634b7c7b35bcf9b
SHA256: a769540b7bb0f11c3cc6e3f035e07679670c9777d9f6e816eafb02dac2f2522e
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1812808C6C025696CB0ABEA861A15D5904DD65CF
compressed
MD5: 01682c7cdb78e0952a5eec974cf8a3ca
SHA256: 52384376a777ab194803b69205732292d4b4683bdffb43c99ac3cdb01dc87c19
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F96BD249C3E373C05382E97AC2537CD3608C71BD
compressed
MD5: a4d69516419553facb277d269e97b0e0
SHA256: ee15b04f587b182686f4abcb2f616c03e008689bdd58a3bc3b0711fd00cb37ca
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\57CB832D360A470E14B1EE21DF2056AE1BCF39FB
compressed
MD5: dd7c7c1b6513bb50ce57e4f407b65254
SHA256: ae165c3f25bc974a95b5daf8db28a0f62d6d392da8af61769263d5847682cc95
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\362A5E62CA0C97E6F5398AF781E1BE47FD0A2069
image
MD5: 19f00d8889ffe1bdb6073e616898d3d9
SHA256: 71646506da72735c234728aec7caea738deca024219051842180305f75eb7cc8
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C3CC3CDEF1021DA2852E154989F223306A47777E
image
MD5: 6592622a8d2fafe24cb7cda5c7cf7fd7
SHA256: 5a1e703bdaf7fc383ab98faaac1747500764dd0176050a1764cd4196922f20de
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\54A43EE44F3E787E437A568DAFCB6CF39DABC799
compressed
MD5: fbfa8160fabb344f2ec1f38f86d77687
SHA256: e739e1db8d2d86de2cba24126d721a035c8bb32f34db23bb89c90d28182922b5
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2B33E3D928D431373581AB2C2AAA9903CD0F3004
compressed
MD5: 00e2073b72ca0d4eeeaaaa469b9f0f7d
SHA256: 35d3583abee329c4faf45a23824f69140b1fa2bc6732f24f84400ef3c8fcfdec
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0372BA0956E713EC1C3DB2B55C3DBB37256F5FDA
compressed
MD5: 1b28f8465913b07e0206972ea08f4f3c
SHA256: 8b5cf62213e158634a38dc0f7342c8d388f9d44def466213fd55e786ba55f1cf
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A1E9F4723FC118CFBB3C2BF75A5C687CC8F1894A
compressed
MD5: eeebe72ed6d99ee2a38c9fc8b7df0d94
SHA256: 194f34a0a0998e1f3602f2f916df83d27b3e12c3b7aeb774cbbba1c5d8dab7d4
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D82F1F9F17D8E98C79380B275CAE253116471E33
compressed
MD5: c8d6096c3e11f6ff480309c4f1b5e72e
SHA256: da85a34fd608ef5a3ddf329493aba46fc7d10575fc0692366e462d484246de2b
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\042CDFC2BA911CA67D37C88BE73F1B91578322E0
der
MD5: 8823536b89180f5de7fa283097d4b4fa
SHA256: 4b7cbefc51e3d66dca3a020e81e127fbbf4b23d21a0e3707d8ef9a5e9e8b5a5a
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\01DF325C7680D2EBD7CDDB1F0DCF8FD049AB7CE0
compressed
MD5: be61971a8d9417fd1affc15678cb57c3
SHA256: 72e6ad7edf6f88c2dd710ccaf41c7988ae551eaa39961995db97bb8a7f99bef9
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5AD40C26CB51780D3B8F06A8F78F4D75B2DD43E7
compressed
MD5: 5ccfe290b82a1c5dd6982a1b00e1b716
SHA256: fff7ecec9a6b35ed365ff72159bea45432fbbaf4483c52cbd729c879381d6059
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: cc6a0025f0ad2fcd7e5a214e5b516907
SHA256: d2756a8bdd3405f22fbd3e0b3d6c781d42d792f0386a5f53d08080598fb9eacf
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F4AF6FE042D90670EA7EE18095A37F9076B22A63
binary
MD5: f79ca5d21589b7224b53a73f9c37e036
SHA256: 3af2a8d3d60b52f1a1d1fbad52a3eb12f054ef200ffd735ae8fcd80e7d0d57b6
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\49968F5AAF6C3D4E162E052C301E673D6E1D2552
binary
MD5: ae8036f573fba17d1ba479d9144a58d8
SHA256: 37caf22975c2975a92ec6806d3e7f806ac780e2b5568a04a74f7c4cc50b81b03
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\32347
binary
MD5: 00845cfa655570ede0374d9c0df85b59
SHA256: a421e6f7103b60091014b90f4118ae00b723d80599d4356e3e150b8f2be2359d
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\66C4D96E471A5E71825E23FEF9130D933EBA49A0
der
MD5: 6ff8719a3d29270a1b9328788ffb3305
SHA256: bb132e2ba06af7e98488d94e8110a519251eab4b46299fced0c62b36fe5c910b
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5F48DD1070FAD8360BDB26A01C8DA8DF85CBFCAD
ini
MD5: 12ba2b7cfbeb949d0bd6a7ff1e507b88
SHA256: b620284f055553abb683bed485b2e0eea44e12be54b072fd00d8c6a23fbeef6b
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: 913d3b201bfcf7d818f4bac6989f4752
SHA256: 73478642fe3bcb6b72b80c0cd0586e96e8a92761c85a92b1268e5fe6e937a3ef
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\03976A7DED34696220BF8D28A83BEE87FE9577D0
der
MD5: c4d00e34df0b898e883919dadb1a0aaf
SHA256: 02857a7b0bfec1017d55433b30e39bd0c50e008583cb044837fb9264f2780202
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 26ac7818d46c84387891866ddfaa8c85
SHA256: 863effb69398957c7f02dda3e2e35007d6985a6efb6ab064755b65d9c93204ca
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA256: 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA256: 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 8f89a5889e1615f65674daf6a01a2454
SHA256: f6d3fde91836d607a3311a6e0a12463c811f791a9f231d2ff8542d772fa22ed7
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\trash28653
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
––
MD5:  ––
SHA256:  ––
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-current.bin
gmc
MD5: eea17f67fd57174d29c5ede8dc944b42
SHA256: 807ad7cf5a6bb45426ca2ed79856ad4a141a11acbdde540fd4c10c8bbf01a687
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.bin
gmc
MD5: 50c27fc71b8eb413f290e0a0e0a0f30e
SHA256: cac301e92bd8b54a2baf8dec1aa1f58707f5ad9fa4958b64eedd900dd667fe45
2836
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
25
TCP/UDP connections
61
DNS requests
107
Threats
1

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2836 firefox.exe GET 200 104.107.216.144:80 http://detectportal.firefox.com/success.txt NL
text
whitelisted
2836 firefox.exe POST 200 93.184.220.29:80 http://status.geotrust.com/ US
binary
der
whitelisted
2836 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2836 firefox.exe POST 200 172.217.18.99:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
2836 firefox.exe POST 200 93.184.220.29:80 http://status.geotrust.com/ US
binary
der
whitelisted
2836 firefox.exe POST 200 93.184.220.29:80 http://status.geotrust.com/ US
binary
der
whitelisted
2836 firefox.exe POST 200 93.184.220.29:80 http://status.geotrust.com/ US
binary
der
whitelisted
2836 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2836 firefox.exe POST 200 172.217.18.99:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
2836 firefox.exe POST 200 172.217.18.99:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
2836 firefox.exe GET 301 104.27.178.8:80 http://wherewildonesgrow.xyz/js/sd/sharepoint/sharepoint/ US
––
––
unknown
2836 firefox.exe GET 200 104.27.179.8:80 http://wherewildonesgrow.xyz/.well-known/http-opportunistic US
text
unknown
2836 firefox.exe POST 200 172.217.18.99:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
2836 firefox.exe POST 200 104.18.24.243:80 http://ocsp.msocsp.com/ US
binary
der
whitelisted
2836 firefox.exe POST 200 104.18.24.243:80 http://ocsp.msocsp.com/ US
binary
der
whitelisted
2836 firefox.exe POST 200 172.217.18.99:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
2836 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2836 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2836 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2836 firefox.exe GET 200 104.107.216.144:80 http://detectportal.firefox.com/success.txt NL
text
whitelisted
2924 AcroRd32.exe GET 304 2.16.186.32:80 http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/278_15_23_20070.zip unknown
––
––
whitelisted
2924 AcroRd32.exe GET 304 2.16.186.32:80 http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/277_15_23_20070.zip unknown
––
––
whitelisted
2924 AcroRd32.exe GET 304 2.16.186.32:80 http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/281_15_23_20070.zip unknown
––
––
whitelisted
2924 AcroRd32.exe GET 304 2.16.186.32:80 http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/280_15_23_20070.zip unknown
––
––
whitelisted
2924 AcroRd32.exe GET 304 2.16.186.32:80 http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/message.zip unknown
––
––
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2836 firefox.exe 104.107.216.144:80 Akamai International B.V. NL suspicious
2836 firefox.exe 185.235.236.198:443 –– unknown
2836 firefox.exe 52.88.150.81:443 Amazon.com, Inc. US unknown
2836 firefox.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2836 firefox.exe 52.34.132.219:443 Amazon.com, Inc. US unknown
2836 firefox.exe 52.222.173.224:443 Amazon.com, Inc. US unknown
2836 firefox.exe 104.16.74.20:443 Cloudflare Inc US unknown
2836 firefox.exe 172.217.16.202:443 Google Inc. US whitelisted
2836 firefox.exe 172.217.18.99:80 Google Inc. US whitelisted
2836 firefox.exe 185.235.236.197:443 –– unknown
2836 firefox.exe 185.235.236.200:443 –– unknown
2836 firefox.exe 52.24.56.107:443 Amazon.com, Inc. US unknown
2836 firefox.exe 52.222.162.38:443 Amazon.com, Inc. US unknown
2836 firefox.exe 172.217.16.206:443 Google Inc. US whitelisted
2836 firefox.exe 104.27.178.8:443 Cloudflare Inc US unknown
2836 firefox.exe 104.27.178.8:80 Cloudflare Inc US unknown
2836 firefox.exe 104.27.179.8:80 Cloudflare Inc US unknown
2836 firefox.exe 172.217.18.170:443 Google Inc. US whitelisted
2836 firefox.exe 34.213.175.109:443 Amazon.com, Inc. US unknown
2836 firefox.exe 35.164.130.113:443 Amazon.com, Inc. US unknown
2836 firefox.exe 52.222.162.135:443 Amazon.com, Inc. US unknown
2836 firefox.exe 184.31.91.81:443 Akamai International B.V. NL whitelisted
2836 firefox.exe 104.18.24.243:80 Cloudflare Inc US shared
2836 firefox.exe 52.222.162.10:443 Amazon.com, Inc. US unknown
2836 firefox.exe 50.201.115.33:443 Comcast Cable Communications, LLC US unknown
2836 firefox.exe 216.58.206.14:443 Google Inc. US whitelisted
2836 firefox.exe 52.26.72.3:443 Amazon.com, Inc. US unknown
2924 AcroRd32.exe 2.18.233.74:443 Akamai International B.V. –– whitelisted
2924 AcroRd32.exe 2.16.186.32:80 Akamai International B.V. –– whitelisted
–– –– 2.18.233.74:443 Akamai International B.V. –– whitelisted
–– –– 2.18.68.206:443 Akamai International B.V. –– whitelisted

DNS requests

Domain IP Reputation
detectportal.firefox.com 104.107.216.144
104.107.216.187
whitelisted
app.box.com 185.235.236.198
whitelisted
a1089.dscd.akamai.net 104.107.216.187
104.107.216.144
whitelisted
search.services.mozilla.com 52.88.150.81
35.166.112.39
34.213.175.109
whitelisted
search.r53-2.services.mozilla.com 34.213.175.109
35.166.112.39
52.88.150.81
whitelisted
status.geotrust.com 93.184.220.29
whitelisted
cs9.wac.phicdn.net 93.184.220.29
whitelisted
tiles.services.mozilla.com 52.34.132.219
35.165.22.140
35.164.130.113
52.39.131.77
52.26.103.165
52.10.122.55
35.164.197.9
52.35.250.5
whitelisted
tiles.r53-2.services.mozilla.com 52.35.250.5
52.34.132.219
35.165.22.140
35.164.130.113
52.39.131.77
52.26.103.165
52.10.122.55
35.164.197.9
whitelisted
snippets.cdn.mozilla.net 52.222.173.224
whitelisted
drcwo519tnci7.cloudfront.net 52.222.173.224
whitelisted
ocsp.digicert.com 93.184.220.29
whitelisted
cdn01.boxcdn.net 104.16.74.20
104.18.103.56
whitelisted
cdn01.boxcdn.net.cdn.cloudflare.net 104.18.103.56
104.16.74.20
whitelisted
safebrowsing.googleapis.com 172.217.16.202
whitelisted
ocsp.pki.goog 172.217.18.99
whitelisted
pki-goog.l.google.com 172.217.18.99
whitelisted
api.box.com 185.235.236.197
whitelisted
public.boxcloud.com 185.235.236.200
unknown
dl.boxcloud.com 185.235.236.200
unknown
shavar.services.mozilla.com 52.24.56.107
35.160.78.190
35.160.231.181
34.223.207.155
52.26.235.130
52.33.113.226
52.42.122.34
54.187.144.104
whitelisted
shavar.prod.mozaws.net 54.187.144.104
52.42.122.34
52.33.113.226
52.26.235.130
34.223.207.155
35.160.231.181
35.160.78.190
52.24.56.107
whitelisted
tracking-protection.cdn.mozilla.net 52.222.162.38
52.222.162.10
52.222.162.48
52.222.162.99
whitelisted
d1zkz3k4cclnv6.cloudfront.net 52.222.162.99
52.222.162.38
52.222.162.10
52.222.162.48
whitelisted
ginav.page.link 172.217.16.206
whitelisted
www.facebook.com 157.240.1.35
whitelisted
www.youtube.com 172.217.16.174
216.58.207.46
216.58.206.14
172.217.18.174
172.217.22.14
172.217.21.238
172.217.18.110
172.217.16.206
216.58.210.14
172.217.22.46
172.217.16.142
whitelisted
youtube-ui.l.google.com 172.217.16.142
172.217.16.174
216.58.207.46
216.58.206.14
172.217.18.174
172.217.22.14
172.217.21.238
172.217.18.110
172.217.16.206
216.58.210.14
172.217.22.46
whitelisted
www.ebay.de 104.111.216.65
unknown
www.amazon.de 52.222.175.133
whitelisted
star-mini.c10r.facebook.com 157.240.1.35
whitelisted
www.wikipedia.org 91.198.174.192
whitelisted
www.reddit.com 151.101.1.140
151.101.65.140
151.101.129.140
151.101.193.140
whitelisted
djvbdz1obemzo.cloudfront.net 52.222.175.133
unknown
www.mozilla.org 104.16.40.2
104.16.41.2
whitelisted
www.mozilla.org.cdn.cloudflare.net No response whitelisted
e11847.g.akamaiedge.net 104.111.216.65
unknown
wherewildonesgrow.xyz 104.27.178.8
104.27.179.8
unknown
reddit.map.fastly.net 151.101.193.140
151.101.129.140
151.101.65.140
151.101.1.140
whitelisted
fonts.googleapis.com 172.217.18.170
whitelisted
googleadapis.l.google.com No response whitelisted
firefox.settings.services.mozilla.com 52.222.162.135
52.222.162.6
52.222.162.126
52.222.162.155
whitelisted
d2k03kvdk5cku0.cloudfront.net 52.222.162.155
52.222.162.135
52.222.162.6
52.222.162.126
whitelisted
auth.gfx.ms 184.31.91.81
whitelisted
e13551.dscg.akamaiedge.net 184.31.91.81
whitelisted
ocsp.msocsp.com 104.18.24.243
104.18.25.243
whitelisted
ocsp.globalsign.cloud No response malicious
content-signature.cdn.mozilla.net 52.222.162.10
52.222.162.99
52.222.162.12
52.222.162.187
whitelisted
d12uj65dsn9ho1.cloudfront.net 52.222.162.187
52.222.162.10
52.222.162.99
52.222.162.12
whitelisted
www.ccah-alliance.org 50.201.115.33
unknown
sb-ssl.google.com 216.58.206.14
whitelisted
sb-ssl.l.google.com 216.58.206.14
whitelisted
incoming.telemetry.mozilla.org 52.26.72.3
34.214.252.85
52.34.248.21
52.36.71.24
52.27.23.108
52.34.167.99
52.39.195.123
52.41.57.47
whitelisted
pipeline-edge-prod-25-561439127.us-west-2.elb.amazonaws.com 52.41.57.47
52.39.195.123
52.34.167.99
52.27.23.108
52.36.71.24
52.34.248.21
34.214.252.85
52.26.72.3
shared
acroipm2.adobe.com 2.16.186.32
2.16.186.33
whitelisted
armmf.adobe.com 2.18.233.74
whitelisted
ardownload2.adobe.com 2.18.68.206
whitelisted

Threats

PID Process Class Message
2836 firefox.exe Generic Protocol Command Decode SURICATA STREAM excessive retransmissions

Debug output strings

No debug info.