General Info

URL

https://www.dropbox.com/s/eg5ezaqueu6ux9w/PO%20162352%20-xlxs.tbz2?dl=1

Full analysis
https://app.any.run/tasks/6a402e61-69f6-4736-8329-41227ef57769
Verdict
Malicious activity
Analysis date
4/15/2019, 09:04:28
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

trojan

rat

azorult

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • svhost.exe (PID: 2356)
  • PO 162352 -xlxs.exe (PID: 2648)
Connects to CnC server
  • svhost.exe (PID: 2356)
Loads dropped or rewritten executable
  • svhost.exe (PID: 2356)
Actions looks like stealing of personal data
  • svhost.exe (PID: 2356)
AZORULT was detected
  • svhost.exe (PID: 2356)
Reads the cookies of Google Chrome
  • svhost.exe (PID: 2356)
Executable content was dropped or overwritten
  • svhost.exe (PID: 2356)
  • firefox.exe (PID: 2484)
  • WinRAR.exe (PID: 3932)
  • PO 162352 -xlxs.exe (PID: 2648)
Starts CMD.EXE for commands execution
  • svhost.exe (PID: 2356)
Reads the cookies of Mozilla Firefox
  • svhost.exe (PID: 2356)
Creates files in the user directory
  • svhost.exe (PID: 2356)
Creates files in the user directory
  • firefox.exe (PID: 2484)
Reads CPU info
  • firefox.exe (PID: 2484)
Application launched itself
  • firefox.exe (PID: 2484)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
43
Monitored processes
11
Malicious processes
3
Suspicious processes
1

Behavior graph

+
start drop and start drop and start firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe winrar.exe winrar.exe no specs po 162352 -xlxs.exe #AZORULT svhost.exe cmd.exe no specs timeout.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2484
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.dropbox.com/s/eg5ezaqueu6ux9w/PO%20162352%20-xlxs.tbz2?dl=1
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\psapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\winsta.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\mscms.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\program files\mozilla firefox\softokn3.dll
c:\windows\system32\sspicli.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\progra~1\mozill~1\nssckbi.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\actxprxy.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\program files\winrar\winrar.exe
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll
c:\program files\mozilla firefox\mozavutil.dll
c:\program files\mozilla firefox\mozavcodec.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msmpeg2adec.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\linkinfo.dll

PID
3280
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2484.0.1773809081\22279402" -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - "C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{ce348e4c-7d33-445e-89f9-60108c51bcaf}" 2484 "\\.\pipe\gecko-crash-server-pipe.2484" 1132 gpu
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll

PID
3168
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2484.6.618469142\1727288943" -childID 1 -isForBrowser -prefsHandle 1284 -prefMapHandle 764 -prefsLen 1 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2484 "\\.\pipe\gecko-crash-server-pipe.2484" 1644 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID
676
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2484.13.1488248039\490315826" -childID 2 -isForBrowser -prefsHandle 2592 -prefMapHandle 2596 -prefsLen 216 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2484 "\\.\pipe\gecko-crash-server-pipe.2484" 2608 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID
3148
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2484.20.705063865\1852270082" -childID 3 -isForBrowser -prefsHandle 3324 -prefMapHandle 3336 -prefsLen 5824 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2484 "\\.\pipe\gecko-crash-server-pipe.2484" 3552 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
65.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll

PID
3932
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\PO 162352 -xlxs.tbz2"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\users\admin\appdata\local\temp\rar$exa3932.41817\po 162352 -xlxs.exe

PID
3528
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\PO 162352 -xlxs.tbz2"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll

PID
2648
CMD
"C:\Users\admin\AppData\Local\Temp\Rar$EXa3932.41817\PO 162352 -xlxs.exe"
Path
C:\Users\admin\AppData\Local\Temp\Rar$EXa3932.41817\PO 162352 -xlxs.exe
Indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\rar$exa3932.41817\po 162352 -xlxs.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\system32\bcrypt.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\diasymreader.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\svhost.exe
c:\windows\system32\rpcrtremote.dll

PID
2356
CMD
"C:\Users\admin\AppData\Local\Temp\svhost.exe"
Path
C:\Users\admin\AppData\Local\Temp\svhost.exe
Indicators
Parent process
PO 162352 -xlxs.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual Basic Command Line Compiler
Version
9.0.30729.5420
Modules
Image
c:\users\admin\appdata\local\temp\svhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crtdll.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\users\admin\appdata\local\temp\2fda\nss3.dll
c:\users\admin\appdata\local\temp\2fda\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\users\admin\appdata\local\temp\2fda\msvcp140.dll
c:\users\admin\appdata\local\temp\2fda\vcruntime140.dll
c:\users\admin\appdata\local\temp\2fda\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\api-ms-win-core-file-l1-2-0.dll
c:\users\admin\appdata\local\temp\2fda\api-ms-win-crt-string-l1-1-0.dll
c:\users\admin\appdata\local\temp\2fda\api-ms-win-crt-heap-l1-1-0.dll
c:\users\admin\appdata\local\temp\2fda\api-ms-win-crt-stdio-l1-1-0.dll
c:\users\admin\appdata\local\temp\2fda\api-ms-win-crt-convert-l1-1-0.dll
c:\users\admin\appdata\local\temp\2fda\api-ms-win-crt-locale-l1-1-0.dll
c:\users\admin\appdata\local\temp\2fda\api-ms-win-crt-math-l1-1-0.dll
c:\users\admin\appdata\local\temp\2fda\api-ms-win-crt-multibyte-l1-1-0.dll
c:\users\admin\appdata\local\temp\2fda\api-ms-win-crt-time-l1-1-0.dll
c:\users\admin\appdata\local\temp\2fda\api-ms-win-crt-filesystem-l1-1-0.dll
c:\users\admin\appdata\local\temp\2fda\api-ms-win-crt-environment-l1-1-0.dll
c:\users\admin\appdata\local\temp\2fda\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\users\admin\appdata\local\temp\2fda\softokn3.dll
c:\users\admin\appdata\local\temp\2fda\freebl3.dll
c:\windows\system32\vaultcli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\mlang.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll

PID
1396
CMD
"C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "svhost.exe"
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
svhost.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\timeout.exe

PID
4084
CMD
C:\Windows\system32\timeout.exe 3
Path
C:\Windows\system32\timeout.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
timeout - pauses command processing
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\timeout.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

Registry activity

Total events
2049
Read events
2003
Write events
46
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2484
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2484
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2484
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2484
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2484
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tbz2\OpenWithProgids
WinRAR
3932
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
3932
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
3932
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3932
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\PO 162352 -xlxs.tbz2
3932
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
3932
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
3932
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
3932
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
3932
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3932
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3528
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
3528
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
3528
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3528
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\PO 162352 -xlxs.tbz2
3528
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
3528
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
3528
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
3528
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
2356
svhost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32
EnableFileTracing
0
2356
svhost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32
EnableConsoleTracing
0
2356
svhost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32
FileTracingMask
4294901760
2356
svhost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32
ConsoleTracingMask
4294901760
2356
svhost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32
MaxFileSize
1048576
2356
svhost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32
FileDirectory
%windir%\tracing
2356
svhost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASMANCS
EnableFileTracing
0
2356
svhost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASMANCS
EnableConsoleTracing
0
2356
svhost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASMANCS
FileTracingMask
4294901760
2356
svhost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASMANCS
ConsoleTracingMask
4294901760
2356
svhost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASMANCS
MaxFileSize
1048576
2356
svhost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASMANCS
FileDirectory
%windir%\tracing
2356
svhost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2356
svhost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000072000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2356
svhost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2356
svhost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1

Files activity

Executable files
51
Suspicious files
70
Text files
31
Unknown types
56

Dropped files

PID
Process
Filename
Type
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-interlocked-l1-1-0.dll
executable
MD5: d97a1cb141c6806f0101a5ed2673a63d
SHA256: deccd75fc3fc2bb31338b6fe26deffbd7914c6cd6a907e76fd4931b7d141718c
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-crt-time-l1-1-0.dll
executable
MD5: 849f2c3ebf1fcba33d16153692d5810f
SHA256: 69885fd581641b4a680846f93c2dd21e5dd8e3ba37409783bc5b3160a919cb5d
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-crt-string-l1-1-0.dll
executable
MD5: 404604cd100a1e60dfdaf6ecf5ba14c0
SHA256: 73cc56f20268bfb329ccd891822e2e70dd70fe21fc7101deb3fa30c34a08450c
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-crt-conio-l1-1-0.dll
executable
MD5: 6ea692f862bdeb446e649e4b2893e36f
SHA256: 9ca21763c528584bdb4efebe914faaf792c9d7360677c87e93bd7ba7bb4367f2
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\mozglue.dll
executable
MD5: 9e682f1eb98a9d41468fc3e50f907635
SHA256: 830533bb569594ec2f7c07896b90225006b90a9af108f49d6fb6bebd02428b2d
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-1.dll
executable
MD5: d0289835d97d103bad0dd7b9637538a1
SHA256: 91eeb842973495deb98cef0377240d2f9c3d370ac4cf513fd215857e9f265a6a
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\nssdbm3.dll
executable
MD5: 569a7a65658a46f9412bdfa04f86e2b2
SHA256: 541a293c450e609810279f121a5e9dfa4e924d52e8b0c6c543512b5026efe7ec
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-processenvironment-l1-1-0.dll
executable
MD5: 5f73a814936c8e7e4a2dfd68876143c8
SHA256: 96898930ffb338da45497be019ae1adcd63c5851141169d3023e53ce4c7a483e
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-crt-locale-l1-1-0.dll
executable
MD5: a2f2258c32e3ba9abf9e9e38ef7da8c9
SHA256: 565a2eec5449eeeed68b430f2e9b92507f979174f9c9a71d0c36d58b96051c33
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-memory-l1-1-0.dll
executable
MD5: d500d9e24f33933956df0e26f087fd91
SHA256: bb33a9e906a5863043753c44f6f8165afe4d5edb7e55efa4c7e6e1ed90778eca
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-0.dll
executable
MD5: a2d7d7711f9c0e3e065b2929ff342666
SHA256: 9dab884071b1f7d7a167f9bec94ba2bee875e3365603fa29b31de286c6a97a1d
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\softokn3.dll
executable
MD5: 67827db2380b5848166a411bae9f0632
SHA256: 9a7f11c212d61856dfc494de111911b7a6d9d5e9795b0b70bbbc998896f068ae
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-handle-l1-1-0.dll
executable
MD5: 6db54065b33861967b491dd1c8fd8595
SHA256: 945cc64ee04b1964c1f9fcdc3124dd83973d332f5cfb696cdf128ca5c4cbd0e5
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-2-0.dll
executable
MD5: e2f648ae40d234a3892e1455b4dbbe05
SHA256: c8c499b012d0d63b7afc8b4ca42d6d996b2fcf2e8b5f94cacfbec9e6f33e8a03
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-2-0.dll
executable
MD5: 0d1aa99ed8069ba73cfd74b0fddc7b3a
SHA256: 30d99ce1d732f6c9cf82671e1d9088aa94e720382066b79175e2d16778a3dad1
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\freebl3.dll
executable
MD5: 343aa83574577727aabe537dccfdeafc
SHA256: 393ae7f06fe6cd19ea6d57a93dd0acd839ee39ba386cf1ca774c4c59a3bfebd8
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-crt-environment-l1-1-0.dll
executable
MD5: ac290dad7cb4ca2d93516580452eda1c
SHA256: c0d75d1887c32a1b1006b3cffc29df84a0d73c435cdcb404b6964be176a61382
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-datetime-l1-1-0.dll
executable
MD5: cb978304b79ef53962408c611dfb20f5
SHA256: 90fae0e7c3644a6754833c42b0ac39b6f23859f9a7cf4b6c8624820f59b9dad3
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-crt-filesystem-l1-1-0.dll
executable
MD5: aec2268601470050e62cb8066dd41a59
SHA256: 7633774effe7c0add6752ffe90104d633fc8262c87871d096c2fc07c20018ed2
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-crt-math-l1-1-0.dll
executable
MD5: 8b0ba750e7b15300482ce6c961a932f0
SHA256: bece7bab83a5d0ec5c35f0841cbbf413e01ac878550fbdb34816ed55185dcfed
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-crt-utility-l1-1-0.dll
executable
MD5: b52a0ca52c9c207874639b62b6082242
SHA256: a1d1d6b0cb0a8421d7c0d1297c4c389c95514493cd0a386b49dc517ac1b9a2b0
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-debug-l1-1-0.dll
executable
MD5: 88ff191fd8648099592ed28ee6c442a5
SHA256: c310cc91464c9431ab0902a561af947fa5c973925ff70482d3de017ed3f73b7d
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-string-l1-1-0.dll
executable
MD5: 12cc7d8017023ef04ebdd28ef9558305
SHA256: 7670fdede524a485c13b11a7c878015e9b0d441b7d8eb15ca675ad6b9c9a7311
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-crt-private-l1-1-0.dll
executable
MD5: 9910a1bfdc41c5b39f6af37f0a22aacd
SHA256: 65ded8d2ce159b2f5569f55b2caf0e2c90f3694bd88c89de790a15a49d8386b9
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-heap-l1-1-0.dll
executable
MD5: 2ea3901d7b50bf6071ec8732371b821c
SHA256: 44f6df4280c8ecc9c6e609b1a4bfee041332d337d84679cfe0d6678ce8f2998a
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-file-l2-1-0.dll
executable
MD5: e479444bdd4ae4577fd32314a68f5d28
SHA256: c85dc081b1964b77d289aac43cc64746e7b141d036f248a731601eb98f827719
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-crt-stdio-l1-1-0.dll
executable
MD5: fefb98394cb9ef4368da798deab00e21
SHA256: b1e702b840aebe2e9244cd41512d158a43e6e9516cd2015a84eb962fa3ff0df7
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\msvcp140.dll
executable
MD5: 109f0f02fd37c84bfc7508d4227d7ed5
SHA256: 334e69ac9367f708ce601a6f490ff227d6c20636da5222f148b25831d22e13d4
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-util-l1-1-0.dll
executable
MD5: 0f079489abd2b16751ceb7447512a70d
SHA256: f7d450a0f59151bcefb98d20fcae35f76029df57138002db5651d1b6a33adc86
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-1-0.dll
executable
MD5: 94ae25c7a5497ca0be6882a00644ca64
SHA256: 7ea06b7050f9ea2bcc12af34374bdf1173646d4e5ebf66ad690b37f4df5f3d4e
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-crt-heap-l1-1-0.dll
executable
MD5: 93d3da06bf894f4fa21007bee06b5e7d
SHA256: f5cf623ba14b017af4aec6c15eee446c647ab6d2a5dee9d6975adc69994a113d
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\nss3.dll
executable
MD5: 556ea09421a0f74d31c4c0a89a70dc23
SHA256: f0e6210d4a0d48c7908d8d1c270449c91eb4523e312a61256833bfeaf699abfb
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-sysinfo-l1-1-0.dll
executable
MD5: 19a40af040bd7add901aa967600259d9
SHA256: 4b704b36e1672ae02e697efd1bf46f11b42d776550ba34a90cd189f6c5c61f92
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-errorhandling-l1-1-0.dll
executable
MD5: 6d778e83f74a4c7fe4c077dc279f6867
SHA256: a97dcca76cdb12e985dff71040815f28508c655ab2b073512e386dd63f4da325
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-timezone-l1-1-0.dll
executable
MD5: babf80608fd68a09656871ec8597296c
SHA256: 24c9aa0b70e557a49dac159c825a013a71a190df5e7a837bfa047a06bba59eca
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\vcruntime140.dll
executable
MD5: 7587bf9cb4147022cd5681b015183046
SHA256: c40bb03199a2054dabfc7a8e01d6098e91de7193619effbd0f142a7bf031c14d
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-1-0.dll
executable
MD5: 71af7ed2a72267aaad8564524903cff6
SHA256: 5dd4ccd63e6ed07ca3987ab5634ca4207d69c47c2544dfefc41935617652820f
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-console-l1-1-0.dll
executable
MD5: 502263c56f931df8440d7fd2fa7b7c00
SHA256: 94a5df1227818edbfd0d5091c6a48f86b4117c38550343f780c604eee1cd6231
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-crt-multibyte-l1-1-0.dll
executable
MD5: 35fc66bd813d0f126883e695664e7b83
SHA256: 66abf3a1147751c95689f5bc6a259e55281ec3d06d3332dd0ba464effa716735
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\ucrtbase.dll
executable
MD5: d6326267ae77655f312d2287903db4d3
SHA256: 0bb8c77de80acf9c43de59a8fd75e611cc3eb8200c69f11e94389e8af2ceb7a9
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-crt-convert-l1-1-0.dll
executable
MD5: 72e28c902cd947f9a3425b19ac5a64bd
SHA256: 3cc1377d495260c380e8d225e5ee889cbb2ed22e79862d4278cfa898e58e44d1
2648
PO 162352 -xlxs.exe
C:\Users\admin\AppData\Local\Temp\svhost.exe
executable
MD5: 32827e69b293b99013bbbe37d029245d
SHA256: 9250b89157770e3ab59a2c7e2dd6b12b3c61d9b7c6620c3b4727e4bfff10f01f
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-crt-runtime-l1-1-0.dll
executable
MD5: 41a348f9bedc8681fb30fa78e45edb24
SHA256: c9bbc07a033bab6a828ecc30648b501121586f6f53346b1cd0649d7b648ea60b
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1146.0\widevinecdm.dll
executable
MD5: 7f636be36a85d45a148b0fe13bd311a5
SHA256: 5566c2c4b1839386e1b951b13eeb7aaceb1fb52e9f1cfdbc345c5e4f7b6d9745
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-crt-process-l1-1-0.dll
executable
MD5: 8d02dd4c29bd490e672d271700511371
SHA256: c03124ba691b187917ba79078c66e12cbf5387a3741203070ba23980aa471e8b
3932
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXa3932.41817\PO 162352 -xlxs.exe
executable
MD5: 3368400cef3baa4105e413360fa9b1f3
SHA256: 70a545400f18ed3ba28dde5662b724b6bbd474d7c99ec25e0ac2b9db0ff8d751
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-profile-l1-1-0.dll
executable
MD5: fee0926aa1bf00f2bec9da5db7b2de56
SHA256: 8eb5270fa99069709c846db38be743a1a80a42aa1a88776131f79e1d07cc411c
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-namedpipe-l1-1-0.dll
executable
MD5: 6f6796d1278670cce6e2d85199623e27
SHA256: c4f60f911068ab6d7f578d449ba7b5b9969f08fc683fd0ce8e2705bbf061f507
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-libraryloader-l1-1-0.dll
executable
MD5: d0873e21721d04e20b6ffb038accf2f1
SHA256: bb25ccf8694d1fcfce85a7159dcf6985fdb54728d29b021cb3d14242f65909ce
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-localization-l1-2-0.dll
executable
MD5: eff11130bfe0d9c90c0026bf2fb219ae
SHA256: 03ad57c24ff2cf895b5f533f0ecbd10266fd8634c6b9053cc9cb33b814ad5d97
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\2fda\api-ms-win-core-rtlsupport-l1-1-0.dll
executable
MD5: fdba0db0a1652d86cd471eaa509e56ea
SHA256: 2257fea1e71f7058439b3727ed68ef048bd91dcacd64762eb5c64a9d49df0b57
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: cef74b21b15a8c12ec6cda289e2e3a51
SHA256: 4dac3ba4a9b092dba57e116665991d48da89811166bab6407b39fe1d3be9d4ba
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\broadcast-listeners.json
text
MD5: 0d083c0f4d1848bc3dd006dab592f4c5
SHA256: 80357eabe202535c2d908400c2fac0d7580a878773eeadde61a08d89ea65abcb
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\broadcast-listeners.json.tmp
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E35F193F821DA8CE75AB22055B92D6CC116ADB5C
der
MD5: c99a636f9a65f650a2270e1569a4ee1f
SHA256: 5c35e1dec158207af4521e461e95d38ee95e2e41454aa9a350e15bd899ac78b9
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 9023210dcdbc7909aae69975b6c34050
SHA256: 5465f23ac09642b8935d7a62dca9a85aa3c9c744d3a29186343b7b3cf09f2da6
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1A641E3C13BC80C2737C103F87276CF1469C05CF
der
MD5: bf807e08a7f916bd1cdcc241d0b30764
SHA256: 670e552f8d086209a97b3fc5464e7e9bc5e6682934a55516ea5940a24d18be8b
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9B4FA8D09D0E6F1B23D205DFB904856091BEE633
der
MD5: 93f100a734b68fcb41cfe81c987da461
SHA256: ebf00d37b9255d3b9e93a5ab41950283a16dd2598f355264b953668eab2a07b1
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\223F7769EA2B9039995ACB3E662CC952D817B429
der
MD5: ea066391c97a87a8684d9141db8df9a4
SHA256: 222ebc3875feea56817766bc3374e4ad5720e743b32bb9f0441cefd32941f92f
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: cc6c424eec8c8e17e800c93e40b65280
SHA256: b9717e6b9eb333e1632d78f7cb504987201e3d1e413385fbb194d7aad2db89a4
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
sqlite
MD5: 1da9372b08bc64b86970c2c56bdb3a8d
SHA256: c4a1f1e4c1808246f265f7b7de613934a7fff9c83ec283e1c1d7e908f6e2b7c7
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: d2eb1fe30d4b0d9a55ca30825f33f412
SHA256: 9f4514889cf9b2be1794a0b7f3adf0d7942aabb2e0cd110269b96ab4fa23b6fe
2484
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_dwG33NoInexGk0L
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 7dfc24841154e5df33e14be7b884b515
SHA256: 3abd8ca8279c24f56b14e6ba6a456f1026d09d0128c0c7e63b55c52db7adef3d
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\491F289AD0B37F176E82D588C95524BD549E78FD
cer
MD5: 2da6ff9d1054801ef3ff25bc53dd6cf3
SHA256: c4c78882ee599aecd353866f59b68cc652cfa93e4a3d0de7ec5f5d11a3228c2c
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D00A688072D5E651DFCBF1F615D0FF8CC68B8989
binary
MD5: b6ce3cf1c996e9a063a772c4ba7a5638
SHA256: ccc9a9b1f3ac3f146f0e27c6533065729436386a44bf03f7a9a9bb2a17bc2b79
2484
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_IHBqxWlRqde3TqZ
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt
text
MD5: 7c6486e0e286739cb3bf14195b438d6a
SHA256: d3311f69feb662b1fe2a600c2fd4f7f3e3709d5a7af85a8259c88b80cea9841e
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations-1.txt
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EAD4A64A0AF73119D9717809EB7339F0DEB17892
cer
MD5: c88f7bddc1096a985a027bb86a0e5286
SHA256: 19c87bb52489424595c310c2d94945d0d1afd00706cbcd118e8dcc5d545d61de
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B8469062C8B9A5098D81A620DCDEBD69BE523333
binary
MD5: 8f5fe3aeae5b8158145ade1b8f192f7a
SHA256: 3797d61a1cc07b0e2917ef929ba98a80591911d6837f6c569ec50efcecdfd4e1
2484
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_PRa75WveluSrzqY
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: da1225299fd02c7fee4b569a364f42e7
SHA256: 317c22e74a97d028df943e2bf664e9a16d810f2d9dcab37dca210648519ecf0c
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1E137CDCFC633D2DB96378E90D07058F8E2DD90C
cer
MD5: 907d96fc356d2959160cdb3a1a3186cc
SHA256: 15f27541ce1746363b27c214704e7e1ed6b10cd257007615df984ef08f059676
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DE23B389EB6A29BF74711D30F79F0B21683DA2B7
binary
MD5: ac9bb44c13590b756da18cd31465dec9
SHA256: 961be895c0984135b30c8190fb20714d3fef45f26d3f00b6ae14eb25ab4606a8
2484
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_dMYzKYiyq46VyIX
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_5sqq9OCRQUoUOck
––
MD5:  ––
SHA256:  ––
2356
svhost.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
dat
MD5: d7a950fefd60dbaa01df2d85fefb3862
SHA256: 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1E137CDCFC633D2DB96378E90D07058F8E2DD90C
cer
MD5: 30027950bc8bbcaad2c474d3677367dd
SHA256: ae2de720465b4d67b7d4e3a81c9d540015b0207bbc198db95caf3b46963e464d
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A62DAA8951D1736AA922A207513B2B70D523ABAF
binary
MD5: 9913d46f384521e05e65a9e4b83b0a67
SHA256: d0fb673da2848bfe1f557e6fd30f1b60d137cda0e8f8775f45c5c88310c05fdb
2484
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_AzVe6cHpbUhc9Hh
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 8ae3dd70a167f14d3326bdf04f955009
SHA256: 5b74bdd834cf2705f7b7e588e07f95455d48116708806c36f878db7b74ec4664
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
sqlite
MD5: e46e464adecb0f448a850e8e4d36041a
SHA256: 70e95cb3783ce41c91655811e1d63cbbdff434ef63bf382e35d01c66a2caccd9
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal
binary
MD5: 4233376da97d35568a6226967442e080
SHA256: c4d2334674e15aaf3c42761b891e3e09f1fdf580d7a70b523c4a67919b5003c6
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-journal
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json.tmp
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
text
MD5: d6e6dbb749820e41ef346a0961425dd7
SHA256: 1c5764d055a8c63bfef41c3a3410bfabf4977bbf0142f627c731b0b7b36628e7
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2B8FB3A7C1E8990CE64886D66718692D2B2ED2BC
binary
MD5: 1420d88239be95ef5640ffc7263725ca
SHA256: 722f9f393b49e1a5cbd65f2a4095085f01b2b45fdbd4ca7c9c816d995befe9f2
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\9793753210743122869561.tmp-shm
––
MD5:  ––
SHA256:  ––
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\9793753210743122869561.tmp
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 8854a0ddada7c1888ae417c3c918b323
SHA256: ea3d6f88eaf2e8e0248ed38ce39d71c0eaddc37a07d8093cd355fbc626adb942
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-2.js
––
MD5:  ––
SHA256:  ––
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\974625393127961309315.tmp
sqlite
MD5: 9d0a95819e97b7aa666d2f1e1dc4a6c5
SHA256: b67b09717e75a9e5dc9f7dc4bb9c05069909cab47d9b12a2707d19ff7f6e8cb9
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\974625776739669615630.tmp
––
MD5:  ––
SHA256:  ––
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\97460981545692473954.tmp
––
MD5:  ––
SHA256:  ––
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\974593621721717971348.tmp
––
MD5:  ––
SHA256:  ––
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\9745789396815918349051.tmp
––
MD5:  ––
SHA256:  ––
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\9745789396815918349051.tmp-shm
––
MD5:  ––
SHA256:  ––
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\974562362094918973751.tmp
––
MD5:  ––
SHA256:  ––
2356
svhost.exe
C:\Users\admin\AppData\Local\Temp\97389047136169443523.tmp
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\jumpListCache\FyIfWsxToJ7C+3NcbZgKmw==.ico
image
MD5: 012111c480290d97c36079a025c7e272
SHA256: 840d34f7508683fda7ab7de97cfd5acafe847bb34b7a1f754a6bbe99b5b7a39f
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\jumpListCache\NZ25c8nxXfI0WczfdW84Hw==.ico
image
MD5: 012111c480290d97c36079a025c7e272
SHA256: 840d34f7508683fda7ab7de97cfd5acafe847bb34b7a1f754a6bbe99b5b7a39f
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF10495f.TMP
binary
MD5: b68b164408bf439eec76aa1f30d07de2
SHA256: 6601edaa535b93a949f915dc5a55571b5976a5f6bd98614adc4bad3c9c4cea23
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
binary
MD5: b68b164408bf439eec76aa1f30d07de2
SHA256: 6601edaa535b93a949f915dc5a55571b5976a5f6bd98614adc4bad3c9c4cea23
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5C85GD9RWTY5E3QZ83TK.temp
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: da6f661d8e79bc45a7f236bc120059b7
SHA256: 289aec3c114829790d952e5d86ce7dc8b7595f866fdb2fb8b810c8ed1278de17
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite
sqlite
MD5: 407d8c301d64b0502c0a15695d95b4cd
SHA256: 6d6f8d942fdb943e96e6d37c404d633ea43546614dcfb346d7b1ceb0973bc60d
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite
sqlite
MD5: 5981f37c5d91c46947d6b27e9b6260a5
SHA256: 5aca19c57554e1d93effde192da46bf3a148ea9409fa7abe5203ffcf65ff4b58
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite-wal
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite-shm
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite-wal
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite-shm
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite
sqlite
MD5: 403cc6019207ebfade454c23af82efef
SHA256: aa68f1c5a2582c7bf74dbfe9091c95405d7723e5a1e272380c351d72935b857a
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite-shm
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite-wal
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite-shm
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite-shm
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite
sqlite
MD5: 7a8ba242712726d3e39b909ebf437555
SHA256: a1ece22b7226d2fe218287d1b66079254145087530f4c3c8f1e23bb131e8964f
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite-wal
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite-shm
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite-shm
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: c8d49a66cea8e02f71c037c8d181c160
SHA256: b9605d63afb4499b60f0e5fdd49d910c31e7c6e21f39f2654913b3bbd828df5d
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-wal
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\55B85C9279D5E09E7F8171AB553FB103693CF5AC
der
MD5: d68b7f4ba9c5b9974e519db8f27a5509
SHA256: c2bd67a717cdf9c42262944661b6f17af5f44755e2c9cb99c22d6652c51d2670
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A30FECCEE6591EB03E842F50117E530445FCDED4
der
MD5: 1ce7ca17637442def65487f4dbd02caa
SHA256: 3dcad99e73f3f8dcb3948ddaab50285e2d21ef5c23814a0da1eec8173916763d
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5AC014153D94ADE9674CCE78008F417454B8F48F
der
MD5: 540830609f6a1ca767c8a3e7dd1bbf64
SHA256: 859e0eecc23b82b4ee3211dadc05997794d9b68401d10632ca4f3e06eeedfc8d
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\aborted-session-ping
text
MD5: e7b62682fb2c5909b6536e59d619b005
SHA256: f2f79fb6139c08ab1a3658d7b7a263194761e27e4c6e175de3b6771e14cd676b
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\aborted-session-ping.tmp
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json
text
MD5: bb19c63d99540b9f3fd65762218be745
SHA256: 6410aad8caf3f4f1ad011ed58a534769b61e196bfc3a6935646bc99a0582ac33
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json.tmp
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4
jsonlz4
MD5: a6338865eb252d0ef8fcf11fa9af3f0d
SHA256: 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4.tmp
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\43B6655E5F16BC2535236452C6E5FF7FB6F2BD90
binary
MD5: 4b2a381313877875d6d7eb1fa1a1df0d
SHA256: e3d226f956e2e8dcdea863b7bb296ccb369608d5dd14117748cc14ecd87d2a68
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: d044d774a9be9244063e16c6e3ddaf9d
SHA256: 0b3fdf448a686298139823e5fe028057401dad35612baed3e62c3ca8c4f18871
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1146.0\widevinecdm.dll.sig
pi2
MD5: bba147013aa78944b2530f3e4acf231d
SHA256: 2347297ebdd087df38fad1acc207f625938ff575f0d7c0533c6c5572f042f6c9
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1146.0\widevinecdm.dll.sig.tmp
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1146.0\widevinecdm.dll.lib
obj
MD5: 5a33e95804ea80f06f97453b1a163e27
SHA256: 33bb1b23908e20870aefd100fb10983753b3ffbb308c55316b7b9cb6c9f45a6a
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1146.0\widevinecdm.dll.lib.tmp
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1146.0\widevinecdm.dll.tmp
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1146.0\manifest.json
text
MD5: 6489d53ce5fbfd0eba9deceb95323c61
SHA256: 1a8ce8afcfddd04cfb3dd743b0bcde8d439d9f86a1fe262d2f99fe6876631fc7
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1146.0\LICENSE.txt
text
MD5: 49ddb419d96dceb9069018535fb2e2fc
SHA256: 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1146.0\manifest.json.tmp
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1146.0\LICENSE.txt.tmp
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Temp\tmpaddon
compressed
MD5: c787e9b06b44e979c9aff51c8da64b4e
SHA256: 7e8db6c2e3e62999814d198745067e04e7c61c1580d75cf73534712540df5d9e
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4818E95042577BA03FDDDD179EF1F792537D05DE
compressed
MD5: 8b7e16d29d9af6b48f14d699ccbcbe96
SHA256: aabe0c7e5e30b52fba9e984017bb8c9283a5bc8734f9e3037ec407f40f84835b
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: d42e2272d88235358931b155564055f8
SHA256: 1c9dd636f3c792e5d2ba395c6e27e3ee97259b97d05957e5f4908eb92716aa4b
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
sqlite
MD5: fbf7030ec67767d047b973d604535ae9
SHA256: 18c6d1e2518c67c4e07f1d19ae53bcd6452653489d4312b6a067936d17348982
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-backup
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256-1.sbstore
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256-1.sbstore
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.pset
binary
MD5: b4860ed4b45c834dfbed07f2f9c2ec4c
SHA256: f8da735185c2febc137b18f7b5b1e64928576608115a8399e788db49702c9d11
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
binary
MD5: 88004556840076ef25d4f2ad86eb6afa
SHA256: 09429680a0990cc8bccf38ddd6536b548ae3378319a6ffbfa819d0dc17e9f84a
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.pset
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.pset
binary
MD5: 5f6730f024af5c6090f5cc224761e30e
SHA256: 4c182cbac947045350ae3b05b70264a314ecc78a6ba60bdfe83da78c423bf868
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
binary
MD5: ca5930a5d808bc4c584b00a6d85d88ae
SHA256: 45334b04a6b49b8392371e154363fea7a351d13ccf8825996ede696ebc8aee8f
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child.bin
binary
MD5: ef3cf62e45b9746d1d7bc875d50cad09
SHA256: 14f277495b7ee5dc238da116f2a7681044cea5be7a1e8fc65a4914cd1bd30757
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-new.bin
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache.bin
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-new.bin
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache.bin
binary
MD5: ae9372bd836fab8be31655ebb36e269a
SHA256: d87e60954d8fc6fe071c91e202cc037483bf67168c2d23793e770945946f0de8
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-new.bin
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C6F437F8CA69C823B49DE4479AEDA7B3168286C6
der
MD5: 5aaeaadd74db2d3c49670a9285de2f12
SHA256: 9912c242dd8bdf1bfd40d0f8a9f4dadf4b7eb3874479f11372287f65f906ab90
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: f094b44a1d945f0380f312a93c65a29d
SHA256: b5dc1b64c0aaf41e60e980202bbdd755d92479c1c99846585680d6a83c3f16c5
2484
firefox.exe
C:\Users\admin\AppData\Local\Temp\PO 162352 -xlxs.tbz2:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2484
firefox.exe
C:\Users\admin\AppData\Local\Temp\PO 162352 -xlxs.tbz2
compressed
MD5: 95b9e5e3108147f7ce3b514f3ca230d4
SHA256: 6eb0b94476e204b7559320b153de548fe29710c157aec4f3fd754a4945dd6ea8
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\46996685C2BA53E9D51C25F5D772047F419C4B70
binary
MD5: 1da0148a3012fc46cc447a3df694732c
SHA256: 3104c4d591939ac8c0b502c0d2a1559acfcba205d3217b1315a68d1a5622b10f
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C3CB83D248E9B17A727F978262264E7F9B778C81
der
MD5: c446545c7aedf6d21a45935073aa740b
SHA256: e597980da5be292795f6dc11922d8e872b771d9873bcb605c3897f331f458f60
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: d40c82e6b280b36c3123d4428a8e8163
SHA256: d6107f6f2bf6353b7bca8937cbdf49269220f23915b1cd42f529341ed70168e9
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.pset
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.pset
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
binary
MD5: 7de4c0d8f74dfe63ac9b4f025ab27f38
SHA256: 38ac5e332e3ede73efc5f9e59a6a6f8c4116013e942b2e4f7495716e03d7d997
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.pset
binary
MD5: 837f615307fe8cecb01924a02ff8b19c
SHA256: c394701a286a601a011628fcaddac482c25491ef22ba367311a3a8563c78c892
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
binary
MD5: 2c6a5ece5949ede67d614114b7812ae9
SHA256: af287fbade36dbfda19c1dc42221c345538479b850e21ea8341cc038cfa54bed
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E8D38DA1AE8D07A1EEBE0BC40173D3715C8A0754
binary
MD5: c836e97fcd4d980ae152daf8952eb785
SHA256: 2cfc8ba90000ac537ba499c87e25d37e16a4be0be1214aface0a94851d1d5f9f
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\25218EE79CFF5F3AC18C58CFDF44A674E3560C47
binary
MD5: 78f234d438050eae274f1a90e201a57a
SHA256: e7a2d808631c2ee89789919e2ce56c4f652d915a4e1f5d632314de9a79c799d5
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\82809D5DC5CF2F9410C5BE5592CCDB977F9E631A
binary
MD5: 793621fc347bf16461069efa889f157e
SHA256: c4b74b9dfc9b7c04d00f424251387ee4a035dc6615b5bd3722e1d923484ed43a
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E0D114633D09646187D42CB1D0A2672A94F9B5B1
binary
MD5: 1b1662f606706a57a3ea10c05d380dde
SHA256: 79dacc03919bfc5a733333e5fcb4aa072ed0b75c6127abc357803222086aa3d5
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
jsonlz4
MD5: 7337d087ec76e87a76778b4eec5e8e63
SHA256: aa4398d1716aadeb35a4ddddc4e7d2429c71defd15cb45401938889f5b2f05e0
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.tmp
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Temp\2J41xfY6.tbz2.part
compressed
MD5: 95b9e5e3108147f7ce3b514f3ca230d4
SHA256: 6eb0b94476e204b7559320b153de548fe29710c157aec4f3fd754a4945dd6ea8
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5AAC2AED59A0EFA91AF9EC494A19195494A9B947
compressed
MD5: ffe2153ed18ba70c0b31c7d9c5b6916c
SHA256: ae46b9f7dc62d185aca3d504405a85681c5665bb8b8598e7a2df6cf054521e78
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CAB2A678E4103CBC8B9DC130C7C2AB80282A2448
der
MD5: 0dc227e55b1aaa391c1363f1ba6ba7c6
SHA256: e6cb09da24fa83751670e528819a6695b8334af77422ead3b4a5bcd9a910dd2f
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: c2b2f766a803f3c6ab22ee46d11f1ff2
SHA256: d3ab60c6d41eb81f01325d62769c60f5f96b348ab0f6875755e4830f6bbbaa52
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.tmp
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: 4074efb47aaa564812c9187f36740642
SHA256: dc749283632211a410f9f08c433e2a2b6323028964b59b714e2d00e1c8f32211
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A19C2728E583EFE2AC39F6B1ECC2C5357793965A
der
MD5: 5b0b3ef1c24bcee43dc7bc911a36b4ef
SHA256: d81cc548907988ea2167c39bfce889b9fb549ea2659e89e5fa499df6152274ea
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
binary
MD5: e2cf527ca7550b7e7bdf7311e483a2c3
SHA256: f1e07b1d717433f47073dc54a7d98e3e87b3d0fa88e53466f93ea544af885d11
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
binary
MD5: 65e942614eee70680464ac4be75019fc
SHA256: 34395085da32c8b4efe9959e3b0d756b43ffed17694d66f39b966cd331bd9a94
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
binary
MD5: 051fb32dece757ba112ac36dc72e3a91
SHA256: 0806d98fb3de55f75d7c0b17e26146567e08c483031526659a4a35d09b97ef19
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
binary
MD5: 95f28ede25c301301f25fbbd9a3c56ec
SHA256: 87763df78772f7d750b0fa5a31eec23e931fd3bd1cbb33beddfc61889da36478
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
binary
MD5: a5695cc64d77967232b0c1344c6e72b3
SHA256: 042a22b8681d754671d2018ba109b31a53ee3728d48c6379043f8e3394e7fbad
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
binary
MD5: 3d1ce5e50208f0cb3b979186043a548f
SHA256: 1e13d05d482c3d533dc6035af2b2d6e84749412a5748d1435b70cec8b312340b
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
binary
MD5: 3675254e341df799d4307c1f59109185
SHA256: 23d108134bed6099793f7dd6b8b6e62081ec3b945efdbc7c5e0e779fd9b82f98
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DC319DE0B6B54C13DE5E149F250EC07BB39EFDFC
binary
MD5: 08dfb35f78860335b7650152a5eae4c6
SHA256: ce58d519411160152777a758b5b4415841e873459ccdafab4283fe98c9d9970c
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5F48DD1070FAD8360BDB26A01C8DA8DF85CBFCAD
ini
MD5: aa6ce66efec84fda274fe3ed242d9caa
SHA256: b1bc6917c57c8567dfe069efe7bb5a3b4fa8c98b81b537e5379d122f2611a2da
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
binary
MD5: d772261ff33497d3681e094f23282ffe
SHA256: 8ee76fa11d5a67f0c93766da3b1ac0c942020afba15b55a8750a896292cf4dce
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
binary
MD5: d6acf2573e12afdd7939568804d3fcc1
SHA256: 5525cbf8f8dc41d19ac632ed324e55293a510ae0eeba16d0e3f33c707aa58a0c
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
binary
MD5: eb744b05b13e9410146dab0bd459efa0
SHA256: bfde7f131200eb06c1d54b03d2ce1be1ff31062e8009c937243464712dcd2d50
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.pset
binary
MD5: 72e2352f7976b0dd90f2a68047493b8c
SHA256: e0d74336b6c041b6087a697dd7f65fa1da7ea035e202e3d977cc6a7e5bdc13a8
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
binary
MD5: ddf263974b1925672d369bbcc8f830de
SHA256: 92a7323dd7eb199618a1e2e823a71919285a70196bfe627808c66cf1c1f3c8e3
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\28421
binary
MD5: 502ce89d9b0148f0378b5a280a8bfe80
SHA256: b7234aba0038b402c9f82172b236db7e1532ec45a5e74b485db756457e2cdada
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\49968F5AAF6C3D4E162E052C301E673D6E1D2552
binary
MD5: 61736de0fec05db72ffcdb5cce8e98dd
SHA256: 1c1047aa93981819d5779f11c26b7c64ec90517c53b8a71248d0f7772763dfd4
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.pset
binary
MD5: e608435b687616692a96462e1ac26756
SHA256: 6aa8ee3813d86411d8073a4c2f850b1e8e734c3759d860cbe54ec7f378a82a52
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
binary
MD5: 704df61fa2e3f587b268ad85126bc689
SHA256: 7e97db3c9370a35f59a6a649e6cf608e4f5ed572f87f433ea652977ac2cc48d5
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
binary
MD5: 7655fffe7cfbe1ebf96afea5fe2e1376
SHA256: ff2f663c4e453706b7817109f6a43e8b3389e8cfb1b7d64aace2bfba45f3a359
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
binary
MD5: 498dae4e538658a57f464748f2dabfda
SHA256: 8778f52cd9cb4f4787bf7ba18006d212f8c3004652d163f7786556a8eef3a067
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.pset
binary
MD5: 844aff63a5f67cd54d9814b7b54abf18
SHA256: 8985970b72a7bcfcf54c4a2474c36ea9a911ab3672881ee299d58f5a4e64e690
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\153
binary
MD5: 00845cfa655570ede0374d9c0df85b59
SHA256: a421e6f7103b60091014b90f4118ae00b723d80599d4356e3e150b8f2be2359d
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
binary
MD5: 778202e2ee08f4b4073413c0b03e05fc
SHA256: 33147037ce75ec0a48b3da60d619bc76c2471f5f20c15f9d075671de2067cfb0
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
binary
MD5: ba0009932844173bc8f9af264229df24
SHA256: 66d1c00c04d86e313e9a02775cdf906b1be8d4cd6bef423a1b9e21cc4e9f50c1
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
binary
MD5: 6f85bc4b2ecb49e26b0bd83a821065d0
SHA256: c0b3bc9b3dc507ab654caf72d13c3aefa58c9b13b1e4d14dd8816712d80a7e54
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
binary
MD5: c921d8e98fa01b4f303481e112202e92
SHA256: 4ef1038730ec8bc7206713c29a936768831b922c5e6c83355fd62d7401d8c1dc
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore
binary
MD5: 04824a1f92353f43ebb9e7f74b7476fd
SHA256: b48e58ebab82e4c376f16150a3fff850c1111ff1f5985d68819cfd6f0db159d2
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore
binary
MD5: 0e8fe60ccd7e9b4c32589a5743a95302
SHA256: 2b124d4026850a3cffd28dbacb58aec28f7dcd4d40bc14e52bbe96d60ce4e749
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
binary
MD5: 23e438fd4af1829d4469ff8d0bc83854
SHA256: 96e0d7644aea81d26f039ae633eb405583e11b020363090dac5cad9b4b188846
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore
binary
MD5: d886a47c89d9c49c795da345bc236990
SHA256: a03c5e2656d2f292bf5794c8eeb8d223cd6ba4f4bfb2ed1f325460e879d0bcf7
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\32AEDD73C57D8E360FAD4709E9678BF40A197A40
der
MD5: a9ec8fdf2583de451b218ff62d080b9c
SHA256: 08faeda0d5bb8c31127ce13fd5e04c0aa0860d8a0b6b47a7ca239496ad319ccf
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\880BA3C434E82AFD54B30DC09EA1E78F26DE4F3E
der
MD5: 27ae5e292b08acd5a8888b33326ba78f
SHA256: 199bbc5ff265c706cee089e1fb4b833d488f1be319cf47f56acb12ff073f075e
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\702120E34838AC61F0920A46E558BFDB52477F21
der
MD5: dfa9a628afdc20e5fdeca1d350c1b44e
SHA256: 859a12455a2acaae147c0d50bcd5726bfd1d42792783453f7a63e0e93520d96f
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA256: 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 452f2e7b7dc0753783193590bf6f44eb
SHA256: ea32a98d1c92342db3250b6ac5bfc2940dcf433c1600a7cae1a9d2cb7a5b5684
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA256: 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 8f89a5889e1615f65674daf6a01a2454
SHA256: f6d3fde91836d607a3311a6e0a12463c811f791a9f231d2ff8542d772fa22ed7
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\trash26735
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
––
MD5:  ––
SHA256:  ––
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-current.bin
binary
MD5: 82f61c08d68502377826ca7ea054cea7
SHA256: 85801bce5d7ce3a2abc14e3208151ac9d324a6ea82fb2ada1d10baa8ef58e7df
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.bin
binary
MD5: 6c32cb3fd01869207e7aae8b28598f29
SHA256: 4f8ecf8007f6cc603991256aacf38224adba7d0a16685706072d1aadc0604303
2484
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\jumpListCache\pV+3TL7Nu3EP5juvr_gPjg==.ico
image
MD5: 847cf8580806fda649b20afc264f4736
SHA256: 0697b6004d8408ab86ccee76bb59eb07a9012e6f3e7adbc01f6e390f5c9b8836

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
18
TCP/UDP connections
28
DNS requests
63
Threats
8

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2484 firefox.exe GET 200 2.16.186.50:80 http://detectportal.firefox.com/success.txt unknown
text
whitelisted
2484 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2484 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2484 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2484 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2484 firefox.exe POST 200 172.217.23.163:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
2484 firefox.exe POST 200 172.217.23.163:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
2484 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2356 svhost.exe POST 200 160.153.131.139:80 http://govi.mn/temp/h/index.php US
text
binary
malicious
2356 svhost.exe POST 200 160.153.131.139:80 http://govi.mn/temp/h/index.php US
binary
text
malicious
2484 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2484 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2484 firefox.exe POST 200 172.217.18.163:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
2484 firefox.exe POST 200 172.217.18.163:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
2484 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2484 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2484 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2484 firefox.exe GET 200 2.16.186.50:80 http://detectportal.firefox.com/success.txt unknown
text
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2484 firefox.exe 162.125.66.1:443 Dropbox, Inc. DE shared
2484 firefox.exe 2.16.186.50:80 Akamai International B.V. –– whitelisted
2484 firefox.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2484 firefox.exe 52.88.150.81:443 Amazon.com, Inc. US unknown
2484 firefox.exe 52.34.132.219:443 Amazon.com, Inc. US unknown
2484 firefox.exe 52.222.159.39:443 Amazon.com, Inc. US unknown
2484 firefox.exe 162.125.66.6:443 Dropbox, Inc. DE shared
2484 firefox.exe 172.217.16.170:443 Google Inc. US whitelisted
2484 firefox.exe 172.217.23.163:80 Google Inc. US whitelisted
2484 firefox.exe 172.217.18.14:443 Google Inc. US whitelisted
2484 firefox.exe 52.26.235.130:443 Amazon.com, Inc. US unknown
2484 firefox.exe 52.222.149.174:443 Amazon.com, Inc. US unknown
2356 svhost.exe 160.153.131.139:80 GoDaddy.com, LLC US suspicious
2484 firefox.exe 52.222.149.13:443 Amazon.com, Inc. US whitelisted
2484 firefox.exe 52.222.149.214:443 Amazon.com, Inc. US unknown
2484 firefox.exe 54.186.118.41:443 Amazon.com, Inc. US unknown
2484 firefox.exe 34.212.93.174:443 Amazon.com, Inc. US unknown
2484 firefox.exe 172.217.16.142:443 Google Inc. US whitelisted
2484 firefox.exe 172.217.18.163:80 Google Inc. US whitelisted
2484 firefox.exe 173.194.129.230:443 Google Inc. US whitelisted
2484 firefox.exe 52.41.57.47:443 Amazon.com, Inc. US unknown
–– –– 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted

DNS requests

Domain IP Reputation
www.dropbox.com 162.125.66.1
shared
detectportal.firefox.com 2.16.186.50
2.16.186.112
whitelisted
www.dropbox-dns.com 162.125.66.1
malicious
a1089.dscd.akamai.net 2.16.186.112
2.16.186.50
whitelisted
ocsp.digicert.com 93.184.220.29
whitelisted
search.services.mozilla.com 52.88.150.81
34.213.175.109
35.166.112.39
whitelisted
cs9.wac.phicdn.net 93.184.220.29
whitelisted
search.r53-2.services.mozilla.com 35.166.112.39
34.213.175.109
52.88.150.81
whitelisted
tiles.services.mozilla.com 52.34.132.219
35.162.29.26
35.164.130.113
35.164.197.9
35.165.22.140
52.10.122.55
52.26.103.165
34.208.143.106
whitelisted
tiles.r53-2.services.mozilla.com 34.208.143.106
52.26.103.165
52.10.122.55
35.165.22.140
35.164.197.9
35.164.130.113
35.162.29.26
52.34.132.219
whitelisted
snippets.cdn.mozilla.net 52.222.159.39
whitelisted
drcwo519tnci7.cloudfront.net 52.222.159.39
whitelisted
uc57b7e654b188313c434f13f924.dl.dropboxusercontent.com 162.125.66.6
unknown
edge-block-www.dropbox-dns.com 162.125.66.6
malicious
safebrowsing.googleapis.com 172.217.16.170
whitelisted
ocsp.pki.goog 172.217.23.163
whitelisted
pki-goog.l.google.com 172.217.23.163
whitelisted
sb-ssl.google.com 172.217.18.14
whitelisted
sb-ssl.l.google.com 172.217.18.14
whitelisted
shavar.services.mozilla.com 52.26.235.130
52.24.56.107
35.160.78.190
35.160.231.181
34.223.207.155
52.33.113.226
52.42.83.187
54.187.144.104
whitelisted
shavar.prod.mozaws.net 54.187.144.104
52.42.83.187
52.33.113.226
34.223.207.155
35.160.231.181
35.160.78.190
52.24.56.107
52.26.235.130
whitelisted
tracking-protection.cdn.mozilla.net 52.222.149.174
52.222.149.202
52.222.149.27
52.222.149.173
whitelisted
d1zkz3k4cclnv6.cloudfront.net 52.222.149.173
52.222.149.27
52.222.149.202
52.222.149.174
whitelisted
govi.mn 160.153.131.139
malicious
firefox.settings.services.mozilla.com 52.222.149.13
52.222.149.36
52.222.149.205
52.222.149.99
whitelisted
d2k03kvdk5cku0.cloudfront.net 52.222.149.99
52.222.149.205
52.222.149.36
52.222.149.13
whitelisted
content-signature.cdn.mozilla.net 52.222.149.214
52.222.149.31
52.222.149.185
52.222.149.199
whitelisted
d12uj65dsn9ho1.cloudfront.net 52.222.149.199
52.222.149.185
52.222.149.31
52.222.149.214
whitelisted
aus5.mozilla.org 54.186.118.41
52.32.77.100
52.43.79.30
35.163.20.157
34.218.159.169
35.164.82.230
54.148.123.234
34.214.241.105
whitelisted
push.services.mozilla.com 34.212.93.174
unknown
balrog-aus5.r53-2.services.mozilla.com 34.214.241.105
54.148.123.234
35.164.82.230
34.218.159.169
35.163.20.157
52.43.79.30
52.32.77.100
54.186.118.41
whitelisted
autopush.prod.mozaws.net 34.212.93.174
whitelisted
redirector.gvt1.com 172.217.16.142
whitelisted
r1---sn-q0c7rn76.gvt1.com 173.194.129.230
whitelisted
r1.sn-q0c7rn76.gvt1.com 173.194.129.230
whitelisted
incoming.telemetry.mozilla.org 52.41.57.47
52.89.179.237
54.68.141.132
52.89.114.227
52.36.71.24
52.39.195.123
52.34.248.21
52.34.167.99
whitelisted
pipeline-edge-prod-25-561439127.us-west-2.elb.amazonaws.com 52.34.167.99
52.34.248.21
52.39.195.123
52.36.71.24
52.89.114.227
54.68.141.132
52.89.179.237
52.41.57.47
shared

Threats

PID Process Class Message
2356 svhost.exe A Network Trojan was detected ET TROJAN AZORult Variant.4 Checkin M2
2356 svhost.exe A Network Trojan was detected MALWARE [PTsecurity] AZORult client request
2356 svhost.exe A Network Trojan was detected MALWARE [PTsecurity] AZORult.Stealer HTTP Header
2356 svhost.exe A Network Trojan was detected MALWARE [PTsecurity] AZORult.Stealer HTTP Header
2356 svhost.exe A Network Trojan was detected MALWARE [PTsecurity] AZORult client request
2356 svhost.exe A Network Trojan was detected ET TROJAN Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative)

2 ETPRO signatures available at the full report

Debug output strings

No debug info.