General Info

File name

efattura1707

Full analysis
https://app.any.run/tasks/3052aa4d-1682-4e66-ac65-f471c84af398
Verdict
Malicious activity
Analysis date
7/18/2019, 06:22:23
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
text/html
File info:
HTML document, ASCII text, with CRLF line terminators
MD5

ccb93708ff20e0616aa14be98be1f0ac

SHA1

ca44eed13d22023d6eafb6a58a64ead1b9025cae

SHA256

fd7e5a2ed60e9ba73f1fb60af1aabf102fbc0aa460779bace09912f5f82b1a45

SSDEEP

3:IVK0gLDoOn3++o0ZUc7Mv:IA0o9u+lMv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 67.0.4 (x86 en-US) (67.0.4)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Reads CPU info
  • firefox.exe (PID: 3896)
Modifies the open verb of a shell class
  • rundll32.exe (PID: 2876)
Creates files in the user directory
  • firefox.exe (PID: 3896)
Application launched itself
  • firefox.exe (PID: 3896)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

Screenshots

Processes

Total processes
39
Monitored processes
6
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start rundll32.exe no specs firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2876
CMD
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Temp\efattura1707
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\propsys.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\version.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\ehome\ehshell.exe
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\mspaint.exe
c:\windows\system32\notepad.exe
c:\progra~1\micros~1\office14\ois.exe
c:\program files\opera\opera.exe
c:\program files\windows photo viewer\photoviewer.dll
c:\program files\videolan\vlc\vlc.exe
c:\program files\microsoft office\office14\winword.exe
c:\windows\system32\wmploc.dll
c:\program files\windows media player\wmplayer.exe
c:\program files\windows nt\accessories\wordpad.exe
c:\windows\system32\comdlg32.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\msls31.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\actxprxy.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\psapi.dll
c:\windows\system32\searchfolder.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\program files\mozilla firefox\plugin-hang-ui.exe
c:\program files\mozilla firefox\plugin-container.exe
c:\program files\mozilla firefox\pingsender.exe
c:\program files\mozilla firefox\minidump-analyzer.exe
c:\program files\mozilla firefox\maintenanceservice_installer.exe
c:\program files\mozilla firefox\maintenanceservice.exe
c:\program files\mozilla firefox\firefox.exe
c:\program files\mozilla firefox\crashreporter.exe
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll

PID
3896
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" "C:\Users\admin\AppData\Local\Temp\efattura1707"
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
rundll32.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
67.0.4
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\psapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\winsta.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\d2d1.dll
c:\program files\google\update\1.3.34.11\npgoogleupdate3.dll
c:\windows\system32\msimg32.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\progra~1\mozill~1\nssckbi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\actxprxy.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe

PID
3152
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3896.0.2106141072\1634611199" -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3896 "\\.\pipe\gecko-crash-server-pipe.3896" 1180 gpu
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
67.0.4
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\shell32.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll

PID
3328
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3896.3.472124670\225165080" -childID 1 -isForBrowser -prefsHandle 1656 -prefMapHandle 768 -prefsLen 1 -prefMapSize 188076 -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3896 "\\.\pipe\gecko-crash-server-pipe.3896" 1696 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
67.0.4
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID
2128
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3896.13.2023597004\1807495829" -childID 2 -isForBrowser -prefsHandle 2720 -prefMapHandle 2736 -prefsLen 5842 -prefMapSize 188076 -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3896 "\\.\pipe\gecko-crash-server-pipe.3896" 2748 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
67.0.4
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID
3076
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3896.20.1117597506\859329966" -childID 3 -isForBrowser -prefsHandle 3524 -prefMapHandle 3548 -prefsLen 6720 -prefMapSize 188076 -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3896 "\\.\pipe\gecko-crash-server-pipe.3896" 3560 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
67.0.4
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll

Registry activity

Total events
1332
Read events
1180
Write events
152
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
LangID
0904
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Adobe Acrobat Reader DC
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\eHome\ehshell.exe
Windows Media Center
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Internet Explorer\iexplore.exe
Internet Explorer
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\system32\mspaint.exe
Paint
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\system32\NOTEPAD.EXE
Notepad
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\PROGRA~1\MICROS~1\Office14\OIS.EXE
Microsoft Office 2010
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Opera\Opera.exe
Opera Internet Browser
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Windows Photo Viewer\PhotoViewer.dll
Windows Photo Viewer
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\VideoLAN\VLC\vlc.exe
VLC media player
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Microsoft Word
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
@wmploc.dll,-102
Windows Media Player
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Windows Media Player\wmplayer.exe
Windows Media Player
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
WordPad
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
MRUListEx
0100000002000000000000000700000006000000030000000500000004000000FFFFFFFF
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\35\Shell
SniffedFolderType
Generic
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1
4
6400310000000000774E519810004D4F5A494C4C7E3100004C0008000400EFBE1C4D7D57774E51982A000000CE4300000000040000000000000000000000000000004D006F007A0069006C006C0061002000460069007200650066006F007800000018000000
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1
MRUListEx
0400000003000000010000000000000002000000FFFFFFFF
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
02020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1\4
NodeSlot
100
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1\4
MRUListEx
FFFFFFFF
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\100\Shell
KnownFolderDerivedFolderType
{57807898-8C4F-4462-BB63-71042380B109}
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\35\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Mode
4
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\35\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
LogicalViewMode
1
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\35\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1092616257
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\35\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
IconSize
16
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\35\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
ColInfo
00000000000000000000000000000000FDDFDFFD100000000000000000000000040000001800000030F125B7EF471A10A5F102608C9EEBAC0A0000001001000030F125B7EF471A10A5F102608C9EEBAC0E0000007800000030F125B7EF471A10A5F102608C9EEBAC040000007800000030F125B7EF471A10A5F102608C9EEBAC0C00000050000000
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\35\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Sort
000000000000000000000000000000000100000030F125B7EF471A10A5F102608C9EEBAC0A00000001000000
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\35\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupView
0
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\35\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:FMTID
{00000000-0000-0000-0000-000000000000}
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\35\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:PID
0
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\35\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByDirection
1
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\35\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\100\Shell
SniffedFolderType
Generic
2876
rundll32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDOpen\Modules\GlobalSettings\ProperTreeModuleInner
ProperTreeModuleInner
9C000000980000003153505305D5CDD59C2E1B10939708002B2CF9AE3B0000002A000000004E0061007600500061006E0065005F004300460044005F0046006900720073007400520075006E0000000B000000000000004100000030000000004E0061007600500061006E0065005F00530068006F0077004C00690062007200610072007900500061006E00650000000B000000FFFF00000000000000000000
2876
rundll32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\NavPane
ExpandedState
06000000160014001F8080A63C324DC29940B94D446DD2D7249E0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F4225481E03947BC34DB131E946B44C8DD50000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F43983FFBB4EAC18D42A78AD1F5659CBA930000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D0000000000000000002000000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F580D1A2CF021BE504388B07367FC96EF3C0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B00000000000000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F50E04FD020EA3A6910A2D808002B30309D0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000
2876
rundll32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
1
720075006E0064006C006C00330032002E00650078006500000014001F50E04FD020EA3A6910A2D808002B30309D19002F433A5C000000000000000000000000000000000000008800310000000000774E4799110050524F4752417E310000700008000400EFBEEE3AA314774E47992A0000003C000000000001000000000000000000460000000000500072006F006700720061006D002000460069006C0065007300000040007300680065006C006C00330032002E0064006C006C002C002D0032003100370038003100000018006400310000000000774E519810004D4F5A494C4C7E3100004C0008000400EFBE1C4D7D57774E51982A000000CE4300000000040000000000000000000000000000004D006F007A0069006C006C0061002000460069007200650066006F007800000018000000
2876
rundll32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
MRUListEx
0100000000000000FFFFFFFF
2876
rundll32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\exe
0
14001F50E04FD020EA3A6910A2D808002B30309D19002F433A5C000000000000000000000000000000000000008800310000000000774E4799110050524F4752417E310000700008000400EFBEEE3AA314774E47992A0000003C000000000001000000000000000000460000000000500072006F006700720061006D002000460069006C0065007300000040007300680065006C006C00330032002E0064006C006C002C002D0032003100370038003100000018006400310000000000774E519810004D4F5A494C4C7E3100004C0008000400EFBE1C4D7D57774E51982A000000CE4300000000040000000000000000000000000000004D006F007A0069006C006C0061002000460069007200650066006F007800000018005E00320020880700D44E0910200066697265666F782E65786500440008000400EFBE1C4D7D57774E51982A000000CEB50000000005000000000000000000000000000000660069007200650066006F0078002E0065007800650000001A000000
2876
rundll32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\exe
MRUListEx
00000000FFFFFFFF
2876
rundll32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
1
14001F50E04FD020EA3A6910A2D808002B30309D19002F433A5C000000000000000000000000000000000000008800310000000000774E4799110050524F4752417E310000700008000400EFBEEE3AA314774E47992A0000003C000000000001000000000000000000460000000000500072006F006700720061006D002000460069006C0065007300000040007300680065006C006C00330032002E0064006C006C002C002D0032003100370038003100000018006400310000000000774E519810004D4F5A494C4C7E3100004C0008000400EFBE1C4D7D57774E51982A000000CE4300000000040000000000000000000000000000004D006F007A0069006C006C0061002000460069007200650066006F007800000018005E00320020880700D44E0910200066697265666F782E65786500440008000400EFBE1C4D7D57774E51982A000000CEB50000000005000000000000000000000000000000660069007200650066006F0078002E0065007800650000001A000000
2876
rundll32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
MRUListEx
0100000000000000FFFFFFFF
2876
rundll32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
1
720075006E0064006C006C00330032002E006500780065000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006601000087000000E603000067020000000000000000000000000000000000000100000000000000
2876
rundll32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
1
720075006E0064006C006C00330032002E006500780065000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000063010000710000009C03000042020000000000000000000000000000000000006601000087000000E603000067020000000000000000000000000000000000000100000000000000
2876
rundll32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
MRUListEx
0100000000000000FFFFFFFF
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\100\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Mode
4
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\100\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
LogicalViewMode
1
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\100\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1092616257
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\100\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
IconSize
16
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\100\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
ColInfo
00000000000000000000000000000000FDDFDFFD100000000000000000000000040000001800000030F125B7EF471A10A5F102608C9EEBAC0A0000001001000030F125B7EF471A10A5F102608C9EEBAC0E0000007800000030F125B7EF471A10A5F102608C9EEBAC040000007800000030F125B7EF471A10A5F102608C9EEBAC0C00000050000000
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\100\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Sort
000000000000000000000000000000000100000030F125B7EF471A10A5F102608C9EEBAC0A00000001000000
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\100\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupView
0
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\100\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:FMTID
{00000000-0000-0000-0000-000000000000}
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\100\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:PID
0
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\100\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByDirection
1
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\100\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Applications\firefox.exe\shell\open\command
"C:\Program Files\Mozilla Firefox\firefox.exe" "%1"
2876
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Mozilla Firefox\firefox.exe
Firefox
2876
rundll32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2876
rundll32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3896
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Browser
0000000000000000
3896
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3896
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000077000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000

Files activity

Executable files
0
Suspicious files
85
Text files
45
Unknown types
71

Dropped files

PID
Process
Filename
Type
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\71AC4FE466B672AC3AA04372348F46ED137544CA
binary
MD5: 6716d62e7d8285ee8958cf3e5a715d5d
SHA256: 648d53bfc6856d0e7d94368eedac85195cb301a70ff21d636c3bbac0bc0ff0fe
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2CEDB0293D552F62B7D033D962A65625047D25F8
der
MD5: 9f7e19935fa9c8914b8a64f8f06d4a73
SHA256: b4d9ae21cafb74f507b3a256037de699be058f294a99bc3a7c341fee042f2f29
3896
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_NMSOqsd02Cpg2ye
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: fac82ccbc0c7ee7fae614468665db0a7
SHA256: 1fa792a3f2ef224a67718bdc92e3f4991271a0e71a5f38336647d4424edf5e9a
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2B8FB3A7C1E8990CE64886D66718692D2B2ED2BC
binary
MD5: 658dac70286eb26ad0ba86e086e50c64
SHA256: b635d9844879f1bde5475f28eaf7ef83f26bf71fd29341b3e6ad8e001ea9d374
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\FB4B2F7D7E7F0E2748F9D0BA79B07F3CAE3C84A7
woff
MD5: 16df11897387bf0409b0985f2816b098
SHA256: ebe77ff71ae823c59da3c7fedf4cf32a4f452f08bf1cb2552bf1467ba82e5773
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B4A08CDA96647B2841A70C4BDC8952559DF4FEA3
binary
MD5: 44b9c1e0f0bb63a252db0d7ab4025b9b
SHA256: 772a688bda78177774080738ed8c1870f47e0e931b6765b263f688c296b0e260
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\11AFF9CFF56E7F590B57A16EAFB0FF3A6AD89318
gax
MD5: fa193fc1ef021f0bf12c8d1ab8be18f3
SHA256: 589fe70f810d0920bef48d5d3b5bdad524a97b8af8f499059b82727ffe3ed3dc
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: 687bc290e025624c2f2f977b4fdcb115
SHA256: f9a91dc8aab045ad740bd37845f145f47508f21da7d04fc2747cd930a15f74cf
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 4fbacafe1ca5cf9d893e651d9e0f1ca3
SHA256: 477fcb29b75dea358fce56b50d305a606a39fcc0380534623b7189716bd3a6f2
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 087e591600e43fcd592c9754a8eaeaf6
SHA256: 36b3562c316e3e2361957fc1f30468635855783a79b022b3332bb5756379c894
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
sqlite
MD5: 28ee0d05e8f02e3ad7ca70a3604c4e8a
SHA256: cd929f8d79d2276917d3045cab4f2f3dd7449a1222dc0ef796f4eb8e71e398c1
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child.bin
binary
MD5: 377acc3af381683cce2a6e1f4e660333
SHA256: 6891da4af0da5eac3629387172668de8df38c4295ad58b846b187f703b8b8a0f
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-new.bin
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache.bin
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache.bin
binary
MD5: 06bf7bc2ab42c44b54ac6a2f77c58200
SHA256: 8b665a7ffd6f385ed733732c1abe6eb8171d4f63390ca7bd71e9d3d055ce53d0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-new.bin
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-new.bin
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: de125652a7b099b819eb430683210dde
SHA256: d25339cad7a0fd7281e4e4a7b14e8c558b90261e711ef21b0349d3f560189e6f
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-backup
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256-1.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256-1.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.vlpset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.vlpset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.vlpset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.vlpset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite
sqlite
MD5: b2dc9f486f5fad357e3e8b9bc25625bb
SHA256: 1eeb94151018096475d67999c9bd11fbcff7afd70ebc3db55a749b714f9828cb
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-wal
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-shm
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 3375ebbe962d4c8a0fc9142d58bad9aa
SHA256: ab656023573b8b4ebe43f30dcdfeb1970161e2949cd26e3e3508a5b363af7189
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2D60E82018B69C0365A0DDF91FC5ECE9314F41EA
der
MD5: 51f63867c49612f693ffdab34f04c86a
SHA256: 7297d46ded7eebf2c0f92cb2e4670aa20b1e74bf7175a8d77cd452995697baa1
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\BF3FF4CC28BA0E8B58CE1B1295EF710A3EBF2794
der
MD5: 73b20ef5e901d97b44a50492a1d89eef
SHA256: fef64752747f80495b91191b15ff4b0f95be899be259d461b445a014961b87bc
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.pset
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 35a0857d7ee663860b46b192bac704e5
SHA256: 4c6d3bd69a3d6407102dd6ccf861c03ae5597110a0a87046e8117b05a3d712a0
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite
sqlite
MD5: c0a75da5a2bd5a42ba1d58c7f9466e86
SHA256: 33a1ce28b9b33d4cfd8461dcac94020b73773fd3db35c94e2ab24c68c88a264e
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-wal
binary
MD5: c896c4fe8110fcd437ebff7c7c80dc41
SHA256: 8f3ca683c8e9d08c8ad679f14b5f18a8a5ba01cdd52329aaebd57226f36974ca
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-shm
binary
MD5: da475c1f00d4898f63056ef05eaa1446
SHA256: 0d1b484966e160420c058fe1552990a9d6bb6fbd6536e59e3a2849fdd4fec10f
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-journal
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\.metadata-v2
binary
MD5: d007ef0df9ec3e7640bd1ffcb93474d1
SHA256: 2bc5eee48165a56ebd72eb24a3a41868b2eeb46eafbc76aa8ba83ffe88d84e91
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\.metadata-v2-tmp
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\.metadata
binary
MD5: 499ca626a61354352c573c1bcffe6df2
SHA256: ef40eb1e80ff08fe81c787472a4285468636cf95ded4d0f45a77ace7253d9d52
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\.metadata-tmp
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E2FC5B7611DF9AF9811CB164F3837AD152C46E6F
binary
MD5: b43b204665be9d1af3e81ef2381a0f21
SHA256: 773d62911564cc7cb57a59bfb4b0bb8f023fb6604d0303416cc316bd5e689236
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1607CAC9E05E4FFE46CC96466C541237190E053A
binary
MD5: 8eabe77d2694c6c1eee9caa221ae5e74
SHA256: 616e856ba289c1f652513f162af9713ebee7f1a6e9864b388d08113558e77e6b
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3EED53C8DA596165679FC7D0C5D784AF2E20ACF8
binary
MD5: 91c67770cc47b2fd8baa94e07c2ad15a
SHA256: 38669d4095a5747ad4c0a24b8c57106b7d83a24b4c35b9acfb5e299268c20668
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4067DAF0AE5B033E92B6F2B562349F78FAC48EBD
binary
MD5: b2ac74715cdc8e7d87fef24b4c6ca179
SHA256: 6d9e9ab74126d297fb2aeb30e49ec1c12fcd19474c179f32ac424eba52f5855f
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E8728208D851301FAE9383F83DFB6A9E4BFB1EB2
ini
MD5: 780c76dbfb9d2778b72b52d83cdd9098
SHA256: 6de89d8a33101a79cad2d70c630c37e35984df6cb42b9bb93d9cc2930357fbe5
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8AE46E0253A6B9711BF42CE92001FC51EDDECBC3
binary
MD5: 721215f732e21adf53609fd1d7ebaad9
SHA256: 663932394903fb78b010be910e9f993908db63ebf5cbd6ef1113e72b3eb78f8f
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7D27D97F2FE20A63B1DCEC0E35D587DCA54D1B2E
binary
MD5: d33715aade9889eaa3814cfcbc17139e
SHA256: 236f3042569037aaff4090b053ead8f86299c8847b5b8e6258369f81f406a0cd
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6E8FB4FA4E33EE79878697C3C306DCF75CB5CD48
binary
MD5: 02dbe59db0d9ec22efe629c8705df84c
SHA256: 0fcababe79396d8d023babffa1605e3c0a5eeaf095781f6e41478bcf0f53f48a
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\11AFF9CFF56E7F590B57A16EAFB0FF3A6AD89318
gax
MD5: 06bf80464fa3c945d118f6c167a21bc4
SHA256: 9946fa296b528a694672ca282c7b13aa988b8a97d6a67da15ca335d319e395af
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0B8A40100E14E8C3F1A3280DC8FA9C90AA0C08E8
compressed
MD5: 8db00ff87b4b439fa24b278884ceeb2e
SHA256: 895d714d0686727961dd0e294d7c514b75fc1de2d80432a6dde7df15485cf1ee
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B1B375AFB401FFAAC0E6D31D98AA9E78D21812CE
der
MD5: fb7255da6e6c5abb1b794acffbf71e92
SHA256: bd6ec1bd1e9d3e364a790abf035539d911d38d83d906ff9fc206b89ec9878ceb
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C55AE379B18195CC71E091C644EFA59BC0E4F080
der
MD5: 3b348148237c8c8e1ca26d86413b06d8
SHA256: 76f1480c327053abf8e3c0ff60017a0b2c9880fedd6c4d43f6a6b1ad6ce8bc6b
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5B0F9308461D0F1B23D2B0D0F488745C8C3B7132
compressed
MD5: cc0b7ca45636a0eef92123218d62f3fd
SHA256: 47fb797143f79aae00c0b4a6dd2ec3cbb6bcce197c0635a0a9b25bd80ad2d568
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9AF6A1C0DC7EB8F771C49ABF2A3363276EC97B77
image
MD5: 9e9dbfc86c76327b231c2625b527af2e
SHA256: 48274177680d4fa3417391a9dd1afa19a86d01d2195848c75ab1c826c71ef2b4
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2B21C09E4883B22E9A75BFB0B41A93A15A3CF8A7
image
MD5: 0645501166b622ebe5ee935abf3b0311
SHA256: c3be0a4b1568bf154ec1deeef09b603f81bdc2f332c6eeca52af96874a8ac86c
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7F2B0CF6933BAF0CB9A7DB5B2B051436EBF7F803
image
MD5: 8896c6ef74ce87d23752fefc19075bc2
SHA256: c5b9d92f311541d898331cbc20050ce2292913155588e6ab612959e6e0e8352b
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9AF2CBC9CD8E3AFBB73975F808E85823076A1FE3
binary
MD5: 935c1a967783e32bd7fa854f66c94f9b
SHA256: 7fa6ffa644a3d723e539def2e3dbfa771c263f847898c3f4769a5add80787e30
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: 8b85e055fb84a6cd7f69339604557276
SHA256: cc1dc7c9a858579e0a51b5d5c050ac19c66549dd7070b1de146a14c1aeb47723
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5AD393F40B7D0E7FE812730FD71333039C193D2A
der
MD5: ecff97611c109055f54a19f590ab87b1
SHA256: af97a1c5c0667705e77c7995700c766847953b41d6b8cc24c1a64540e06677f7
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E3780701E5BF0FF57FDD0A8B6ECB2CC548DEAFDD
der
MD5: a4a43c8406074367d0265af0607503e4
SHA256: f4fe200dbf60031b913758b5a67bdd00a4a9bbceee4b9e37d7d8e2d10b97b19d
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9EA34797E9FEE820C5C70EFAFD1DEA3D3A7602BA
image
MD5: 263d4246499fddd70eae1ccccde796a1
SHA256: 4a21d8f53f6b032bfd67081c594687c07bb877a06522bda58641a192ce8654ea
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F
compressed
MD5: 3dd732b2cd1b39ec4416f13d974fdf72
SHA256: 926efd0c4b3f6b9541b34e73626e1fde46a7d372f888f3b99f66a09651fd9e13
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9A02895EAD35139F92009E2895562E1BCAD48437
compressed
MD5: c0a57b3b4681a6ba591ce2fedd8a2082
SHA256: 4dcf3af6443c5a4cfd5191f2909f8e24ffae6cfd5182cf065f37d55cefc23afd
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\248313E16A12C7BA669DEC01E430690922724647
image
MD5: 9baada8ed3c25ec2af51ad0c12eecc15
SHA256: 98a906d131fbf372f2eaa4dad744fcc0349937b64c13cd0605f4dbe94d258388
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\295F736E228B3E6FC5CF48F29D2DA5A02DFA04AC
binary
MD5: d598f30f73292ade4a30ab3db13eed24
SHA256: e74a284b75075715c8e9cddf4f50fdf0905ba48f005ac6ec6995b00fbb6344be
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\53598272036D8E3C6FCB5D656ABB63C025EBF296
der
MD5: 6af35fba36168022b9b2e536d1d1f971
SHA256: 4f8b89f412ca4d9985b83853c7b9ade79d014459085b69a90c4188541f4509c0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7CD461A62BFBDD8ED531AA700E67E547D9145CE3
image
MD5: 109696146951d7950372ba8db04efb99
SHA256: 4e42ec33c57f180d561e810706c612e9a57adaa1f6c4263215329379ed49c30d
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\06B277FCF2D8E2C70E7543A23BBCD814DDD72D3A
image
MD5: 39dcfdfb92baba4a49ac0ae95989e5dc
SHA256: 86bb8716956470aa91468a9e8240970e863889e6e563942a13c98966283df101
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E4141BB130B43A5DF268434C4E0FFEA0BA65C5AA
image
MD5: 77118843eb1054a764eb896efff564ba
SHA256: cf658e0efa57560a9803437fcf1e10bfef7f75d4a3b52087045d66cc9fc36eeb
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: a5897cbfee41c362cf4491b1e97c9f04
SHA256: fd833e641ad9b4717706d695db42d759c3fbfe2cf6c6af01be7e36cbb74a5c16
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B38F60CC2F61AFD8268FA69E0F8881C69083042A
der
MD5: ac1398a6c9c52ef157a68dbc90aa3258
SHA256: e1535e7499e9d11feebca5a5e80ae1c7585bb9112463ed323cfe11a30a2a8268
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F55ADF308ABF6DA3738201B0DAE5CF109284EB73
image
MD5: 590556d8c3aae5352bbead486a0819ec
SHA256: 01a8a05b5263470dba70938dd4fe651b19dcb86671a04b5c791af356191526c7
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\FC8371DC82985EDFF92BDA127B83B058C95CE4B7
image
MD5: 841b4767797271331ceede1208912133
SHA256: 218030b6710238b4156d7c8f09d4030ee3b259c4e7e40a22130bc2e411810e1a
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\28B0B17C1E888114942227DDF9F5A31FAA2A75A9
gax
MD5: a34117ac2a3b44583d076ff0651b981c
SHA256: efe6d12f8f36f5fd9826a7f0129d5d0f4d9a48049112cb100905882668c0857c
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6763224610756B833B5EE59C791CF2DE97A3C6BD
image
MD5: 0360cb470c8c11f46ca7497ffbe2c61c
SHA256: 9d0ec7dd7e424ebef53a0217cf687808733a548c3f49721fbcb4f940b5e62893
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8D3C6AA6AB3CF36B271B7CD256C14C35C44714DB
binary
MD5: 2dfe9928d185512b2dacc551c850fa25
SHA256: 5ef4cbff76547ad02531a43262ecaa5459178c8a82043187f0a35f87f2f3581e
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EBF66D947894AF16F9D6DE72D6FB738BEA5E91E2
binary
MD5: 5efffbbf5072601c9d7154f796c5746c
SHA256: eb30d88f1b1d06b9e6c35fa533f6b636cd2e9bfa8184af35a1de8af48837ac64
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9C48F4FBB57659D0AF362B9E16A44E7A71FB451E
compressed
MD5: 9d8b4359a596ae03e154113b2bbe3bc3
SHA256: 9e8bf427030c5afa49b0e36c9aa590879cc5f7614bcf889918ce10e74943da33
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6E5CE1626A21BE7CD60CF48E77CF7CE1D57AA356
der
MD5: 689346bad2e98988b10155083224c5dc
SHA256: d196360bb06ea09b3c2e78fdc1df6d61f3ab0a108ea00f19df86f1b4ec479f93
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\51AF364A1656255105F2A1E806F66929A8320AE3
s
MD5: 99c26a26d350991753b9a12aeeede879
SHA256: df6908619875e8a2ee1ae888f18dfb8301ce506787dd3f7ec671abf6754fd7a6
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0B8A40100E14E8C3F1A3280DC8FA9C90AA0C08E8
compressed
MD5: e76d557a04765656796cb9fcd2f47e36
SHA256: e2d1a63642dc57e4e5f33eb1fdd31e0944f3ff1219d85067f9164f4e826596a5
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5BF4E7F94A3D74741E247A952DF03651576C132A
woff2
MD5: e1e2bd7517f5a52cfd6a48f51a467327
SHA256: 9d275791a7d1851a1714723e026df9e7766a5a371f2ac971b33f57c020ed683d
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3694F7FECF0490C69570EC1DEC66DCD3794ABB2B
woff2
MD5: ee756c5dc7250728f42f61e8065aab9c
SHA256: c87eb568e00e11a21e54e374cb4b7f9cf7a9fe424870fb71c81e61d2f031c8cc
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D5B270FE37C19698ED8CE3478530377D695CAF19
woff2
MD5: be76756c3cd8e65a9b906932a4651a1c
SHA256: fe9173419ebac0492c7c06805ce359efe7bac815b66c15f3ea64c4e678eefe92
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CA5F027A1E483492F59E01A38A46E2303799737C
woff2
MD5: 9cc77ecd7f2fdbca7c839fedcde6cf5a
SHA256: 09beae6f923c6cc15d74499b4ec283bb84e4bffbdf811cad2e6cf71533dc62c5
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EBA12F0E4679646E912851B83A6BBFBC718264DA
binary
MD5: cd943bd9dbf946dd7e37be385c78cc6b
SHA256: fc903486b5bfea247ced39dcdae454061d4daaccd5a5d21d41440c36245c7249
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\50CFB43D7120C8A8D9E6956AB58AA20D5B7AD795
image
MD5: d83b43379b6fcb43c9069f0c12fbfa1d
SHA256: f2e4290cee2b6fe6d59c90a124f8d4a11320dd3d3fd1abb7954ef1d47c1da3ad
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EFE7B9B591425E7F9CBBB74DBF49E58FBDD9D7B0
woff
MD5: 04041c2e07d19506c6d649c7d917831c
SHA256: 48401132e90cac43d5130342324809b4dd5043b535032f1b6f768b34387c280d
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1836CC1ECC545FA7B1A59C8B19A2E984D0122ED4
cer
MD5: e0c4c2073e837cd497ed1d129c1d9ed8
SHA256: 19946c3e56961bb03ea7cd8aef1702f544e2084bc29bbe4e9ca668e3f5721622
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9CB98A5A915BCBE0689B465AB5811227BB64C67E
image
MD5: 401c79cfd76b32902ec1a6c9b5077145
SHA256: 50737f3c13450f849d33a412310525867981542142a402e6bd3eda42d4615552
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\61931D864B47C55D66CDB2AC3EC555F51EFC866C
woff2
MD5: 5f4a26e0e82fd1de0afd121f1b8000fe
SHA256: 8a7f9661b77c20f6f8ad272826d7682ec5f68b181891194d7734196424f1bde7
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D78B4E4FF44EADD24F29C501DAE9DA6A56A8DC09
der
MD5: 011e636aceaf08df1ead4882629836e3
SHA256: 03f915ac1bc07c0f4c934b42ac4a9b79c571c89f89c22307d33e87237c0dd0b6
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\996374D53260C01DEE4464FE2EDA62BA8A586EF4
image
MD5: 6cde6c8d4287e63d8d1db292831354e7
SHA256: e53ad51059fddcb0a55fd077757dca33a0b30fb31484ea8691b217dc6853143e
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0D5C992A1219637D84F1FDB639247B4AC69483A2
der
MD5: 4abdffcb2d3949ed72af4dff3d685ded
SHA256: ee6a0c050f0c278eaa1fa267baaa6f6c0957ac7ae70e575a5a09adc34763c41b
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B15EA3F9C37F6BD4913555EC10FEE11D9C3994F5
image
MD5: 0920e0683f699c52238831654bd86986
SHA256: eb80db1852c456d05691dc1b63df441a7a1fce473bb661fe7841af857b4eec89
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DE0252F4B0C89F97B1B33980E46478E3853CE220
image
MD5: 8d2514417dd09ea5de55ce49c7e0b6d3
SHA256: b0609a4469abd310ebad7055e369aeb0d3b4be70f53dc9b3c0f6a561774b2f73
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6694B01F6DF7E63EAF9877CEFB9239CDC180F3BC
image
MD5: 545d2c3c89a993f173ed0e1099c0041c
SHA256: 934093282ef92c70b99a9ef5d0d64fb86213cc574c6b69bc8c6ab7080a104a50
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 687bc290e025624c2f2f977b4fdcb115
SHA256: f9a91dc8aab045ad740bd37845f145f47508f21da7d04fc2747cd930a15f74cf
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4
jsonlz4
MD5: d282be26272e1e2a33d64d5be0e55f51
SHA256: 8e09de9b62723612ca98aca7137289dd00e19fa0d3a81a167341cc8020e310d1
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5E3C9F3A88495DED351AC041EECE27FBB169352D
image
MD5: 2824c2019ea4f5636eff9aa7a79c9313
SHA256: 82d87e17ed3ed88b732a8e45fd4d84637cbab5a02471474754617bd2f0cbd4d9
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\ACE29D5E87C51C09F0889B786248C3E6DF036502
image
MD5: 37c4d5f1186404bbb66ad8541af74adb
SHA256: 4bcb4d8ed659842a3a75b2dfa299f03a59f535aa281ced70d08fe9bb3a3c02dc
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\41221030BE2A9F80923BCF491C784D0C863B1831
image
MD5: ff34175ae3827ce7fe421db03df2a559
SHA256: 43958b3a9e4273118e401fe3173ee4dd8c57d321a60e47a321098a0a1f0e3c4d
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\68A070FABEAC52448A1D3D12C6CB4713C1A8A7BD
image
MD5: 1124827a1f20054bc3cb6c49e80b7dbc
SHA256: d7091b2d61d324e259d2eed3ad7c03b2d50e12302a1b9808bdc4c7b49bae901a
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E2AD9232BF4389DB1ADBE02D05A01230EF08BE5B
image
MD5: 4bcaadaa76cdd2a9fcedd014e251c7b2
SHA256: 3700fc0ac2df3e38c305d814b0d8134a40813362152ef98090353fe36c41d1d9
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F7D0A2BDEBDE38F773BA7A3D48DFBB76448527F5
image
MD5: 2e587704ab1efbdbdd15a06a650cb273
SHA256: a3a28b67c7c603abfbf9a0644674c44f3b3795da1d1ad36fb25f85fae71773c3
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\51AAAF3B0295D32C3DE843F8DCA47BCBF47FA3A0
image
MD5: 207b211179e0a057edda99b2c4e2793c
SHA256: 1a855b6082407be85583577c5e1aca9bade3bf28e853bc516757dff6ebd8bbd2
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\58D3BDD7026198C8CE466AFB614AB7CA2EB46C3A
image
MD5: 91751931b19c12eb119498def1a47118
SHA256: 41cac79720238af1e45fea4acd7f7dafd4fb3b094b26299ecdecb5e64e7e517f
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\62B97B78CE113DFA068E63122B6C70B31437B5D7
image
MD5: fc6be8a252efc3704617063949adb2b4
SHA256: 21691eb659cd50dc857854b382ec6f91b5adb0383207f12b3c05a13ae75602d8
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\25F99414D64AF7A95A81D3346EB5EB0068985E9A
image
MD5: 02d843604b03d34f2f1ef69dfca327c3
SHA256: 34bcec173ea9be85792d731dd5604d228e8cd60cb97a711ce3150adb315e4a6a
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1F20A89745D953E9B0B4704F35042A87CDBA8FEC
image
MD5: 0ffa4f9db6ef6c84aba80b7792f81ca8
SHA256: adb1d54cdb17a66c5a2f3ca3ea022576795275d3f773cb185e5b8849e373c64f
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A90156A05F20B300FF7D569D8905CA8D72F85D8E
image
MD5: 2c1a3050d0b7f400ad7795419e9ceeef
SHA256: 24d2caae180e5b8338a43140a316ccf7dee83580854d76fdd54c6363f87ecbba
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F847684D2160CE83C7AD21A6435B2E32419E60BA
image
MD5: e927bd5a19491428f74e7132e369c4c8
SHA256: 5382a1d6eb0c2304ad4c13776ecaea235d635b9f164bc4fe2b40147779daa664
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1A5CD59B8B459BBF11F7D7CCFE67D0CD3FCD9F0B
binary
MD5: b381e5f0e7b2aa43adf8280f31f79d1d
SHA256: 3272d40c1db14b185e1445fb358f9d5cd4ad7f66206a902a9b11a6dbfb1355c5
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B4A08CDA96647B2841A70C4BDC8952559DF4FEA3
binary
MD5: 359a5ed57e83e97d931e99ae9ba5484f
SHA256: e3ad12059d88359c1add8d7389c1ae2c750ff42e41be8dbb4e44636a50aab863
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A233943BF80D3CDD9B420788C966361F3B3E61AC
binary
MD5: 5f67038dc94b58c7a64a4105697bb9d0
SHA256: 3464068b8c17ee5bdf4075459a23141d6f93276aace68e09ecd44208c59a4c31
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\09700F87FD8C162CF611F8587EA8269D26B8A740
image
MD5: 811cf789119e46944e713fa4f24ea048
SHA256: 827dbd0bb0ec105d3da4d86f099fcf9a269750d1aff59d52592d0148e04f089d
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AED44AF8785BEAE924BACE959583967F1F97D20E
binary
MD5: 819bb67805f9b118e2ac14fee73ecd2d
SHA256: 29dc5eba379fe4ec642bc3c41b9bcb75cb063df51930715f5027544fe7e3b54a
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6BA022232E0207F8C85C8EA6AF988B2D6F9D8D0F
binary
MD5: c23b8ebcc5f615a4644306eab4a54ed2
SHA256: 184abb23fc71a7d5df4ceb9e4876335e8a7b0bc9f508a10539aacac31d69c4c0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\33735D2051ACDA1D21FAF3F1657EE33A05F85970
binary
MD5: 0cc68e103b9e544b2771035e62375cf7
SHA256: 80f18968bae81e5c580b3abe118980f1626ba83849982e87c79658549aa41aaa
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0DAC17824822002EFB17A5835294A666F903D2AE
binary
MD5: 961000e20adf723ea17bafe8fb0c3d9c
SHA256: 1333220c14cc7ed916e4d3dd6cad48cc3eae9cab3f8a6bfb45a5c3740cf6fb9c
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C3D6AC2F6C0F9CC2FC260D0D3F106DD9AE0BE67E
binary
MD5: c2dd1dab4a21a6f313b8b160200d4b9d
SHA256: d55486a2f11835db1089ab05f0f2cdf2f8fef134d0118ab27d9614bbec81f1f2
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1F5F9CDD3A0712D967ECF4B33DA6BBBB3560E071
binary
MD5: 7e27c6e0d1aa6569c0a8a191dc8f6071
SHA256: bd8f21b0d53e60aad7623c516b900b5a5f71e1202843c7c2a98d30b02519e6de
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\749C98A7CE972ADDDF2D2AE8D2B0CBEA5A424ADD
binary
MD5: 8d97d3b750e2d5235963f4c81770e3f7
SHA256: f9ac769606c55cd646d63a1606ac812b96fba720f83649b4f1609b457ef3c3de
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2A478881BF38BB0A54ADABBFB3622B230D8665B0
binary
MD5: aee2a16ebb177343000048879e7108c9
SHA256: 39989c178dcb88507f9843663b011c80968d35d909428aa32ab6dadb453fe0cf
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EBF66D947894AF16F9D6DE72D6FB738BEA5E91E2
binary
MD5: a5cf8a08fd6e9f9bb02dabea299cdb80
SHA256: 8f7cf2fc9660293a6c57159d5f65dea77e0f640d73d57424060e1034bc25ea6a
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
jsonlz4
MD5: 351583f788997971d6d0e40152cefd23
SHA256: fa70ea6714bd13f2e974400187afcd659c62a52712444e8f32e48320ea47d3a7
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.tmp
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E5FFF3296208178A12754467C1B33FB62D60FEFA
compressed
MD5: cc82acb3e0a6e26041bf6ef46edfcc6a
SHA256: f46daa3e7c547c2c9f56196c2cec6af215d43901aff179bcef5ea0b5e456e886
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CEC26C6F5E6DEEE1710A72858E851241DE00CFDF
der
MD5: 24c58baa13a0008a5c17cd2fec8298ed
SHA256: 3a6dc7a6b3d77f58ae40e5bd38dd84cd19297cee2237b240b5613366e5387d46
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AD91F12F5FBCE601B3BE763BB82A22B9A1BA4DF4
compressed
MD5: b463e2f8f6314e76937fc610619b57ab
SHA256: cc6039be4c9a4b3784f4483e03785b9f8b86075b126ac23b6a1f4392318e4cde
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EC79BBD10FA01B756DC61056D12F7EC002E45867
der
MD5: 3eeb61032c4969e51232303e421149b9
SHA256: f35a8f38995a122544a145d39ee5ef32ea5714eb9f72478591c9fe2126ba9bbe
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6559182CC1149F15FB5B3BA21FE8C2193FFC1AAE
compressed
MD5: a143ff4e2af86fa05290fd9e87702263
SHA256: 63652289def59ece79cf9c785bb416f2b1a77b4698ecfbfb2b05a5cd18288ebb
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E445562BD7A626EA63F813215C845B7FF032B33C
compressed
MD5: 8e4913107164978ce07ac6009f2c232a
SHA256: f49b6065a8b8025ce52400ab6ea0ad91730690747471edab1400603da975b984
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EBA12F0E4679646E912851B83A6BBFBC718264DA
binary
MD5: e57c451af54b856275dcd252cc1fdc75
SHA256: 4a5902b5d08c95b62e13f18e75ff021dfc2615e5b678dd6176e5e3ebe4e2b890
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\048CB947E5BAB79BF34927B2E2C4CBC074E92C7A
der
MD5: 9b0c017abd8d080decf09362b312e2ab
SHA256: b3ce3ea509c3fc2f95c1881ca9c7f31c758979f4de9916e1685f8aeb4d244770
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3BCF4DD03B653447FC154CCC9CB6D38AF3C8E532
der
MD5: e01cb9f601531d60aaa432d7fd7131a9
SHA256: 2d14b1e3d369cc82849a99da893e7f4b841437664b6825de4c285e894c37eb6e
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\23115F6D33EFE51529F5B862BDACC9ED919BA0A1
compressed
MD5: de933c0de623570f3e2ba65b3b4b3c8d
SHA256: 7bbfa4c0174373eac6eeb6348c95570fb78e036b9eb6dc48c68eacba0d24eb37
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\0FE7862EE617FA294D2D955BABFEDBACCA45DFF6
compressed
MD5: a19065194b36cb1b41ca25ae2b16fb94
SHA256: ce07cfaf50b4157e4d357807eed35588f6d2679c7faf63922e9124c0dfa9c34f
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2C19D3900CFB36B8009D454ED3A48B094E5E8390
compressed
MD5: 89f3608f139a03ba19961e61eed9feff
SHA256: dd90be27867fb19c50c370b97d9278b48ca8d32ac0d2e834d5f40fe97f691949
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6C3C6C1CFFCD5FCDF747226112F43CBDC90D1089
binary
MD5: 1d762b8a191dd00b23507762de5703f9
SHA256: 8a9c122dd723a5322ab7dad713fa3e61ba8e5437cbe6aa72c288ee6e1ee8c450
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\295F736E228B3E6FC5CF48F29D2DA5A02DFA04AC
binary
MD5: 9ec6711dd7eddac1db70d507b0e8e422
SHA256: 613eddb901b649e806cab08ca57c9b3884145261f4df543fbe72d762de8e4448
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7CA222A79C68C0608A6770EEB9F34823AA86EED5
binary
MD5: dcce74d5bf7fda7add2f3610c1aaf9db
SHA256: 99589697d48396ecc380811e205f31fef8f7f189475ce371ef89b89e5519ab9b
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4079D91FDC30FD2DE7C1203D2E1EF33A3D2138F5
der
MD5: d2e2afecc3c06ab073ea8ee8b884d67b
SHA256: d93ed2208dc4132b14edc2181913b6e96df2fef8a44794c9a5f67f312732677b
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5B78EE3CC547533205EBBCEA12C53749BB432885
compressed
MD5: a382ce4ac5624b763f3933d6c07318d4
SHA256: 4ebcd8d8bc9d1fd26ca920715bab09f2177adc16d3730ce24d37804dda07ba39
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\28B0B17C1E888114942227DDF9F5A31FAA2A75A9
gax
MD5: dc78ba6115cb40ac189814b73c931f17
SHA256: 73a5265d80f81d999683988d650e55da633b5c3897b28c937f59ec004dab2d03
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\11AFF9CFF56E7F590B57A16EAFB0FF3A6AD89318
gax
MD5: 72ea1ca17a5c5bef76f9add906069c6d
SHA256: 0cca431e834c78273efd3cb8dc1434fb3d29e42c9f3fd2e421203235de57c0cd
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C74C681FCB7CF75DBB0D97229D4F838232AAF9F0
der
MD5: 45e179443e9945a33e2753c0b5a3aa2c
SHA256: 281632ae1b46e99b303777b3dd4f144ac5e4460c59b04bc6c8872f556122042e
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: a7469a81f37c1421c1d1fbb42152778d
SHA256: 2ed623274d2c7354fcfc6e61d5891a50e305990c25f3676a7604c5af340aa8e0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9FCDA0A412AC14632F715587B1E9CC98A704F452
der
MD5: 8e540fe54ecb970ee649b6f47e17da5b
SHA256: 989d5de8ea2ecbe8b2a8ed850930dc2e519061efc008271c830fcf00e35c5748
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: e4a9ed292acf62468284b9d08523c176
SHA256: dddb17969f4ed64f3943727e1dc1a8c85d22c62bfde6ab9f8b3f7eb9e56e7c4b
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\55B1AFBF69CC81A20AFF97C86CEC13161032754B
der
MD5: 0b7d87b8eaefa56bb175ce4c14b05a81
SHA256: 59e29d2fee2619900645fe255716ff1d0a1ee4506ef4b2996e450bbfd9eb911c
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: ba5c462c7963433167595132aa008cfe
SHA256: 91456f9b665834772b889ea1343581db9d5c920fd31f7abaa8d4fd4f0cd7708c
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.tmp
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\ACED7ED6B58E417D652571BF82B38E43EE991B42
binary
MD5: eb01e9c9d8e04199474448e518348ab0
SHA256: 6e0d771f5325aa3f15ac53831c798887a4d4c119c4622652695d72c3b3fcce84
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B631CF4201676B40DECC86F46229E148BDA16715
binary
MD5: ba734b758d3168dc4869ab55e4f222c1
SHA256: c96f219523b0baa58cdfc9758064c6e224d201bb71411d53f76082bae405e4f0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\824128874F2811521811C203197D214E52666FEE
der
MD5: 243de7e080380ae4988c787f21800cb3
SHA256: 0f5f321d52b15d3bbbd9e9fc25c811238646153a5474240e3069c3890505203e
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 1155e692a88b2ef3d378408087206686
SHA256: f4d579a582d64bafa34f106c730e7d63fa4e519f13b86b946cb2fa68ce1c16a8
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\55372B89947723C254B5CA1DFD0BA5EB279C57A0
der
MD5: 223b66de6f44e226f91defa46bd2eaf9
SHA256: 278600f28cacd7316e9c281d7995d16ff0d74d589b0feb171a46380ff7d41627
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7E6B8AB0CBA812B9360C7A6A57672B5320A1CF09
der
MD5: 1bd21f764690051b26e0d241aaec6207
SHA256: 1970a8e8d2943e63bf043341bbc57cd8fccd51f57640a369ac89000da31c7bbf
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
binary
MD5: a5695cc64d77967232b0c1344c6e72b3
SHA256: 042a22b8681d754671d2018ba109b31a53ee3728d48c6379043f8e3394e7fbad
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
binary
MD5: 65e942614eee70680464ac4be75019fc
SHA256: 34395085da32c8b4efe9959e3b0d756b43ffed17694d66f39b966cd331bd9a94
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1F92648E1F8CAE627BA93AD03FE92D5BE7211870
ini
MD5: 89f02f76cc7d5c4af6250608c414fd4f
SHA256: ff444e58082052b3a763f1cd8140f9b8c9244965015d22a588b86ad0a9789363
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
binary
MD5: 3d1ce5e50208f0cb3b979186043a548f
SHA256: 1e13d05d482c3d533dc6035af2b2d6e84749412a5748d1435b70cec8b312340b
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
binary
MD5: 95f28ede25c301301f25fbbd9a3c56ec
SHA256: 87763df78772f7d750b0fa5a31eec23e931fd3bd1cbb33beddfc61889da36478
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: a9fb52e6f63d2030c7d121fd9b5801e7
SHA256: 52daa33f02fb234308354d7764e0c8e77345d32c51ae7aa798a0f08e009e52bb
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
binary
MD5: 3675254e341df799d4307c1f59109185
SHA256: 23d108134bed6099793f7dd6b8b6e62081ec3b945efdbc7c5e0e779fd9b82f98
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
binary
MD5: d772261ff33497d3681e094f23282ffe
SHA256: 8ee76fa11d5a67f0c93766da3b1ac0c942020afba15b55a8750a896292cf4dce
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\32CA1AED5DF5836BE729E8C584C43E45375B7017
der
MD5: 9cc42198dc87d9c729f61ca2f4316130
SHA256: cb35d6e357f315d51fa775816fccefa62c2973a5ec1fed4715ba6e6c272948ff
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
binary
MD5: e2cf527ca7550b7e7bdf7311e483a2c3
SHA256: f1e07b1d717433f47073dc54a7d98e3e87b3d0fa88e53466f93ea544af885d11
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
binary
MD5: 051fb32dece757ba112ac36dc72e3a91
SHA256: 0806d98fb3de55f75d7c0b17e26146567e08c483031526659a4a35d09b97ef19
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
binary
MD5: d6acf2573e12afdd7939568804d3fcc1
SHA256: 5525cbf8f8dc41d19ac632ed324e55293a510ae0eeba16d0e3f33c707aa58a0c
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.pset
binary
MD5: 72e2352f7976b0dd90f2a68047493b8c
SHA256: e0d74336b6c041b6087a697dd7f65fa1da7ea035e202e3d977cc6a7e5bdc13a8
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
binary
MD5: eb744b05b13e9410146dab0bd459efa0
SHA256: bfde7f131200eb06c1d54b03d2ce1be1ff31062e8009c937243464712dcd2d50
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
binary
MD5: ddf263974b1925672d369bbcc8f830de
SHA256: 92a7323dd7eb199618a1e2e823a71919285a70196bfe627808c66cf1c1f3c8e3
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.pset
binary
MD5: e608435b687616692a96462e1ac26756
SHA256: 6aa8ee3813d86411d8073a4c2f850b1e8e734c3759d860cbe54ec7f378a82a52
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
binary
MD5: 7655fffe7cfbe1ebf96afea5fe2e1376
SHA256: ff2f663c4e453706b7817109f6a43e8b3389e8cfb1b7d64aace2bfba45f3a359
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
binary
MD5: 704df61fa2e3f587b268ad85126bc689
SHA256: 7e97db3c9370a35f59a6a649e6cf608e4f5ed572f87f433ea652977ac2cc48d5
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
binary
MD5: 498dae4e538658a57f464748f2dabfda
SHA256: 8778f52cd9cb4f4787bf7ba18006d212f8c3004652d163f7786556a8eef3a067
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.pset
binary
MD5: 844aff63a5f67cd54d9814b7b54abf18
SHA256: 8985970b72a7bcfcf54c4a2474c36ea9a911ab3672881ee299d58f5a4e64e690
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
binary
MD5: 778202e2ee08f4b4073413c0b03e05fc
SHA256: 33147037ce75ec0a48b3da60d619bc76c2471f5f20c15f9d075671de2067cfb0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
binary
MD5: ba0009932844173bc8f9af264229df24
SHA256: 66d1c00c04d86e313e9a02775cdf906b1be8d4cd6bef423a1b9e21cc4e9f50c1
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
binary
MD5: 6f85bc4b2ecb49e26b0bd83a821065d0
SHA256: c0b3bc9b3dc507ab654caf72d13c3aefa58c9b13b1e4d14dd8816712d80a7e54
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore
binary
MD5: 04824a1f92353f43ebb9e7f74b7476fd
SHA256: b48e58ebab82e4c376f16150a3fff850c1111ff1f5985d68819cfd6f0db159d2
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
binary
MD5: c921d8e98fa01b4f303481e112202e92
SHA256: 4ef1038730ec8bc7206713c29a936768831b922c5e6c83355fd62d7401d8c1dc
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore
binary
MD5: 0e8fe60ccd7e9b4c32589a5743a95302
SHA256: 2b124d4026850a3cffd28dbacb58aec28f7dcd4d40bc14e52bbe96d60ce4e749
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
binary
MD5: 23e438fd4af1829d4469ff8d0bc83854
SHA256: 96e0d7644aea81d26f039ae633eb405583e11b020363090dac5cad9b4b188846
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore
binary
MD5: d886a47c89d9c49c795da345bc236990
SHA256: a03c5e2656d2f292bf5794c8eeb8d223cd6ba4f4bfb2ed1f325460e879d0bcf7
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B8E7C06EB5CC54609AA0D94C20088C74C5B7E3C7
der
MD5: 2cad1216f11b4c36100e5501ab0c5c06
SHA256: ffb380c67368686259a096ad1936419bf8d58914e59a9530fe3db01b7faf1159
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: 03e22f63ea4be5add7aef9050d485611
SHA256: 0b5a2bcd1edf7ee6252f04b41403e0bc21f2eedf7cbaa6565f6562238c771c13
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA256: 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 61e04f058e592438993dcc5c8087b674
SHA256: 39d3b68fb7d143fe276c1e9ad89d9b4f0aa38e95788fca8278d73407e7e3b51f
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA256: 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat
text
MD5: 37818d9b7248f34395c2db3c0bd4b07f
SHA256: ff229e03d2ab696e81957957ea8d71280b5800a2b0f70ea77998c3fa4e98a8a6
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat.tmp
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: d65b2bd591a1d6cc666241e6eef1afe7
SHA256: 1b94f69a3bf3cb9f7349fe274ca82166c22d675f9b043b19f2770d044ae9bd16
3896
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
––
MD5:  ––
SHA256:  ––
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.bin
binary
MD5: fd4ac055b608cf2c11c9b2c796a4fe1a
SHA256: 1d8a349613f7dcb71bf648c8c7f780f3953a2bc53435846289101fd77d8887af
3896
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-current.bin
binary
MD5: 6a1ef5c5ae2f682a0606848fa329072b
SHA256: 29312a09916820dec3eee29b40c503fee9569204e291320bd9c908b3386b1896

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
29
TCP/UDP connections
60
DNS requests
99
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3896 firefox.exe GET 200 2.16.106.209:80 http://detectportal.firefox.com/success.txt unknown
text
whitelisted
3896 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3896 firefox.exe POST 200 109.70.240.114:80 http://ocsp09.actalis.it/VA/AUTHOV-G2 IT
binary
der
unknown
3896 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3896 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3896 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3896 firefox.exe GET 301 62.149.188.209:80 http://www.aruba.it/ IT
––
––
unknown
3896 firefox.exe GET 301 62.149.188.209:80 http://www.aruba.it/home.aspx IT
––
––
unknown
3896 firefox.exe GET 301 62.149.188.209:80 http://www.aruba.it/en/home.aspx IT
––
––
unknown
3896 firefox.exe POST 200 109.70.240.130:80 http://ocsp05.actalis.it/VA/AUTH-ROOT IT
binary
der
unknown
3896 firefox.exe POST 200 109.70.240.130:80 http://ocsp05.actalis.it/VA/AUTHEV-G2 IT
binary
der
unknown
3896 firefox.exe POST 200 172.217.18.163:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
3896 firefox.exe POST 200 109.70.240.114:80 http://ocsp09.actalis.it/VA/AUTHOV-G2 IT
binary
der
unknown
3896 firefox.exe POST 200 109.70.240.114:80 http://ocsp09.actalis.it/VA/AUTHOV-G2 IT
binary
der
unknown
3896 firefox.exe POST 200 172.217.18.163:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
3896 firefox.exe POST 200 109.70.240.114:80 http://ocsp09.actalis.it/VA/AUTHOV-G2 IT
binary
der
unknown
3896 firefox.exe POST 200 109.70.240.114:80 http://ocsp09.actalis.it/VA/AUTHOV-G2 IT
binary
der
unknown
3896 firefox.exe POST 200 172.217.18.163:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
3896 firefox.exe POST 200 172.217.18.163:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
3896 firefox.exe POST 200 109.70.240.130:80 http://ocsp05.actalis.it/VA/AUTHEV-G2 IT
binary
der
unknown
3896 firefox.exe POST 200 109.70.240.130:80 http://ocsp05.actalis.it/VA/AUTHEV-G2 IT
binary
der
unknown
3896 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3896 firefox.exe POST 200 172.217.18.163:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
3896 firefox.exe POST 200 52.85.188.159:80 http://ocsp.sca1b.amazontrust.com/ US
binary
der
whitelisted
3896 firefox.exe POST 200 151.139.128.14:80 http://ocsp.comodoca4.com/ US
binary
der
whitelisted
3896 firefox.exe POST 200 172.217.18.163:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
3896 firefox.exe POST 200 172.217.18.163:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
3896 firefox.exe POST 200 172.217.18.163:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
3896 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3896 firefox.exe 2.16.106.209:80 Akamai International B.V. –– unknown
–– –– 108.128.247.43:443 AT&T Services, Inc. US unknown
3896 firefox.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3896 firefox.exe 62.149.188.200:443 Aruba S.p.A. IT unknown
3896 firefox.exe 34.209.30.112:443 Amazon.com, Inc. US unknown
3896 firefox.exe 52.26.166.58:443 Amazon.com, Inc. US unknown
3896 firefox.exe 52.85.184.224:443 Amazon.com, Inc. US unknown
3896 firefox.exe 52.11.30.237:443 Amazon.com, Inc. US unknown
3896 firefox.exe 109.70.240.114:80 Aruba S.p.A. IT unknown
3896 firefox.exe 62.149.188.209:80 Aruba S.p.A. IT unknown
3896 firefox.exe 62.149.188.209:443 Aruba S.p.A. IT unknown
3896 firefox.exe 109.70.240.130:80 Aruba S.p.A. IT unknown
3896 firefox.exe 172.217.22.42:443 Google Inc. US whitelisted
3896 firefox.exe 172.217.18.163:80 Google Inc. US whitelisted
3896 firefox.exe 172.217.18.170:443 Google Inc. US whitelisted
3896 firefox.exe 104.20.34.33:443 Cloudflare Inc US unknown
3896 firefox.exe 172.217.16.163:443 Google Inc. US whitelisted
3896 firefox.exe 62.149.188.175:443 Aruba S.p.A. IT unknown
3896 firefox.exe 89.46.108.12:443 Aruba S.p.A. IT unknown
3896 firefox.exe 62.149.188.146:443 Aruba S.p.A. IT unknown
3896 firefox.exe 216.58.205.238:443 Google Inc. US whitelisted
3896 firefox.exe 104.244.42.72:443 Twitter Inc. US unknown
3896 firefox.exe 52.211.94.188:443 Amazon.com, Inc. IE unknown
3896 firefox.exe 104.19.148.8:443 Cloudflare Inc US unknown
3896 firefox.exe 52.85.188.159:80 Amazon.com, Inc. US whitelisted
3896 firefox.exe 151.139.128.14:80 Highwinds Network Group, Inc. US suspicious
–– –– 93.184.220.70:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3896 firefox.exe 93.184.220.70:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3896 firefox.exe 64.233.166.156:443 Google Inc. US whitelisted
3896 firefox.exe 216.58.206.4:443 Google Inc. US whitelisted
3896 firefox.exe 172.217.18.163:443 Google Inc. US whitelisted
3896 firefox.exe 35.166.72.120:443 Amazon.com, Inc. US unknown
3896 firefox.exe 52.85.185.135:443 Amazon.com, Inc. US unknown
3896 firefox.exe 52.85.185.111:443 Amazon.com, Inc. US unknown
–– –– 52.85.185.224:443 Amazon.com, Inc. US unknown

DNS requests

Domain IP Reputation
detectportal.firefox.com 2.16.106.209
2.16.106.152
whitelisted
a1089.dscd.akamai.net 2.16.106.152
2.16.106.209
whitelisted
location.services.mozilla.com 108.128.247.43
52.210.139.31
52.50.56.62
whitelisted
locprod1-elb-eu-west-1.prod.mozaws.net 52.50.56.62
52.210.139.31
108.128.247.43
whitelisted
ocsp.digicert.com 93.184.220.29
whitelisted
cs9.wac.phicdn.net 93.184.220.29
whitelisted
aruba.it 62.149.188.200
whitelisted
push.services.mozilla.com 34.209.30.112
whitelisted
autopush.prod.mozaws.net 34.209.30.112
whitelisted
tiles.services.mozilla.com 52.26.166.58
52.35.96.157
35.166.166.56
52.26.103.165
52.27.87.181
52.34.132.219
52.25.71.236
52.42.232.148
whitelisted
tiles.r53-2.services.mozilla.com 52.42.232.148
52.25.71.236
52.34.132.219
52.27.87.181
52.26.103.165
35.166.166.56
52.35.96.157
52.26.166.58
whitelisted
snippets.cdn.mozilla.net 52.85.184.224
whitelisted
search.services.mozilla.com 52.11.30.237
34.215.70.240
54.190.222.97
whitelisted
search.r53-2.services.mozilla.com 54.190.222.97
34.215.70.240
52.11.30.237
whitelisted
drcwo519tnci7.cloudfront.net 52.85.184.224
whitelisted
ocsp09.actalis.it 109.70.240.114
unknown
www.aruba.it 62.149.188.209
unknown
ocsp05.actalis.it 109.70.240.130
unknown
ocsp.actalis.it No response unknown
safebrowsing.googleapis.com 172.217.22.42
whitelisted
ocsp.pki.goog 172.217.18.163
whitelisted
pki-goog.l.google.com 172.217.18.163
whitelisted
mediacdn.aruba.it 104.20.34.33
104.20.33.33
unknown
fonts.googleapis.com 172.217.18.170
whitelisted
googleadapis.l.google.com 172.217.18.170
whitelisted
mediacdn.aruba.it.cdn.cloudflare.net 104.20.33.33
104.20.34.33
unknown
fonts.gstatic.com 172.217.16.163
whitelisted
gstaticadssl.l.google.com 172.217.16.163
whitelisted
managehosting.aruba.it 62.149.188.175
unknown
www.arubaracing.it 89.46.108.12
unknown
wa.aruba.it 62.149.188.146
unknown
www.google-analytics.com 216.58.205.238
whitelisted
www-google-analytics.l.google.com 216.58.205.238
whitelisted
syndication.twitter.com 104.244.42.72
104.244.42.8
104.244.42.200
104.244.42.136
whitelisted
script.crazyegg.com 104.19.148.8
104.19.147.8
whitelisted
w.usabilla.com 52.211.94.188
34.242.212.186
52.49.49.248
whitelisted
script.crazyegg.com.cdn.cloudflare.net 104.19.147.8
104.19.148.8
whitelisted
ocsp.sca1b.amazontrust.com 52.85.188.159
52.85.188.15
52.85.188.8
52.85.188.193
whitelisted
ocsp.comodoca4.com 151.139.128.14
whitelisted
t3j2g9x7.stackpathcdn.com 151.139.128.14
whitelisted
pbs.twimg.com 93.184.220.70
whitelisted
cs45.wac.edgecastcdn.net No response unknown
stats.g.doubleclick.net 64.233.166.156
64.233.166.155
64.233.166.154
64.233.166.157
whitelisted
stats.l.doubleclick.net No response whitelisted
www.google.com 216.58.206.4
whitelisted
www.google.ie 172.217.18.163
whitelisted
shavar.services.mozilla.com 35.166.72.120
35.155.164.84
52.39.125.163
52.40.28.81
52.26.199.81
52.41.30.135
whitelisted
shavar.prod.mozaws.net No response whitelisted
tracking-protection.cdn.mozilla.net 52.85.185.135
52.85.185.248
52.85.185.237
52.85.185.56
whitelisted
d1zkz3k4cclnv6.cloudfront.net No response whitelisted
firefox.settings.services.mozilla.com 52.85.185.111
52.85.185.53
52.85.185.246
52.85.185.104
whitelisted
d2k03kvdk5cku0.cloudfront.net 52.85.185.104
52.85.185.246
52.85.185.53
52.85.185.111
whitelisted
content-signature.cdn.mozilla.net 52.85.185.224
52.85.185.7
52.85.185.162
52.85.185.181
whitelisted
d12uj65dsn9ho1.cloudfront.net 52.85.185.181
52.85.185.162
52.85.185.7
52.85.185.224
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.