Analysis Overview
Threat Level: Shows suspicious behavior
The file https://github.com/appium/appium was found to be: Shows suspicious behavior.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
Detected potential entity reuse from brand microsoft.
Suspicious use of SendNotifyMessage
Enumerates system info in registry
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-07 15:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-07 15:59
Reported
2024-05-07 16:06
Platform
win10v2004-20240426-en
Max time kernel
412s
Max time network
413s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Detected potential entity reuse from brand microsoft.
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133595714308377056" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\appium-master.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/appium/appium"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/appium/appium
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2748.0.1302467903\575392704" -parentBuildID 20230214051806 -prefsHandle 1808 -prefMapHandle 1800 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {079b859a-800c-462b-bbb3-c28577b42a78} 2748 "\\.\pipe\gecko-crash-server-pipe.2748" 1892 2289720fe58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2748.1.792285781\1899777539" -parentBuildID 20230214051806 -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e1c8424-50fc-4a1b-a17a-5b30c713a00d} 2748 "\\.\pipe\gecko-crash-server-pipe.2748" 2484 22882e85358 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2748.2.1745873518\764121927" -childID 1 -isForBrowser -prefsHandle 3112 -prefMapHandle 3108 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 956 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab378518-6662-4bc6-9759-a5c9c44b849f} 2748 "\\.\pipe\gecko-crash-server-pipe.2748" 3124 2289a144458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2748.3.1965480058\185660432" -childID 2 -isForBrowser -prefsHandle 3976 -prefMapHandle 3972 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 956 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4130ef66-5dc5-4749-a208-c5581fe2f6f6} 2748 "\\.\pipe\gecko-crash-server-pipe.2748" 3964 22882e3f158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2748.4.210888190\807015305" -childID 3 -isForBrowser -prefsHandle 5132 -prefMapHandle 5140 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 956 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {106930e7-04d8-4d63-9099-c0927bc83a20} 2748 "\\.\pipe\gecko-crash-server-pipe.2748" 4800 2289ddfaa58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2748.5.2147215384\1101437621" -childID 4 -isForBrowser -prefsHandle 5380 -prefMapHandle 5356 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 956 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {045332b1-1f65-43f2-b238-cdb3709b2c3e} 2748 "\\.\pipe\gecko-crash-server-pipe.2748" 5264 2289ddfb658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2748.6.1365536953\277227010" -childID 5 -isForBrowser -prefsHandle 5340 -prefMapHandle 5364 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 956 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db462354-a32b-420c-8a31-04209817ee03} 2748 "\\.\pipe\gecko-crash-server-pipe.2748" 5504 2289dee0d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2748.7.500013271\1813994930" -childID 6 -isForBrowser -prefsHandle 6272 -prefMapHandle 6268 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 956 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8044a996-2548-4c61-aac7-a381f23e600f} 2748 "\\.\pipe\gecko-crash-server-pipe.2748" 5836 2289d2bbf58 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa9e6fab58,0x7ffa9e6fab68,0x7ffa9e6fab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1952,i,645617660824624819,774387099917234454,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1952,i,645617660824624819,774387099917234454,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1952,i,645617660824624819,774387099917234454,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1952,i,645617660824624819,774387099917234454,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1952,i,645617660824624819,774387099917234454,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4376 --field-trial-handle=1952,i,645617660824624819,774387099917234454,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4372 --field-trial-handle=1952,i,645617660824624819,774387099917234454,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1952,i,645617660824624819,774387099917234454,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1952,i,645617660824624819,774387099917234454,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1952,i,645617660824624819,774387099917234454,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1952,i,645617660824624819,774387099917234454,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4872 --field-trial-handle=1952,i,645617660824624819,774387099917234454,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1952,i,645617660824624819,774387099917234454,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1696 --field-trial-handle=1952,i,645617660824624819,774387099917234454,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4928 --field-trial-handle=1952,i,645617660824624819,774387099917234454,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:50467 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 44.237.171.47:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | 47.171.237.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:50474 | tcp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.53.16.96.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 175.117.168.52.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| FR | 23.200.86.251:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.86.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.16.227:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 172.217.169.35:443 | beacons.gvt2.com | tcp |
| GB | 172.217.169.35:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 2.21.18.87:443 | learn.microsoft.com | tcp |
| BE | 2.21.18.87:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 87.18.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mscom.demdex.net | udp |
| IE | 52.18.235.44:443 | mscom.demdex.net | tcp |
| US | 8.8.8.8:53 | microsoftmscompoc.tt.omtrdc.net | udp |
| US | 8.8.8.8:53 | target.microsoft.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 44.235.18.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| AU | 40.79.167.8:443 | browser.events.data.microsoft.com | tcp |
| AU | 40.79.167.8:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.167.79.40.in-addr.arpa | udp |
| AU | 40.79.167.8:443 | browser.events.data.microsoft.com | tcp |
| AU | 40.79.167.8:443 | browser.events.data.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | d7b83faac2cf2f5c02ec571e978055de |
| SHA1 | 35ecc55ecab5857999897604a7e622bcfbda1267 |
| SHA256 | 33e901b9dbe1c0d4f9428c3c16f5dfd39c0d3da28d9d685de780cecece005927 |
| SHA512 | f96499c00da5a8865c8b758c64c50a6271bf73b0038586f837d912c3a058f1583775c976a449ce1a269b4db6a23083914a324ecf2dddd1dd1ca9b13227f124fd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs.js
| MD5 | 701b462e71a8971be069f17ff89bcca3 |
| SHA1 | c990d8508c5037dfc0a230216d7050ae1b6c40d6 |
| SHA256 | 14b8484cc5a72ba25e742b52ee59d6d92b2fa7dcefd70cd8db52837251fd16cf |
| SHA512 | bcbf05196894b77aa176942ee70116e4fd23bb18d205bea642ad81b45b981301a97158cdfc3e653129dbcb871bece30ae7ffa21224a04fbaf3f6c5012d4dbf1a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs-1.js
| MD5 | ce6dd324e8cd1a960018b3805da74d0b |
| SHA1 | 81672e6168691897e02c5d94224dcdd8abb73be2 |
| SHA256 | 1d571ea8a64bef72b67d69e6d61776adeceeeec023072b9fbf2f6eff9d6943de |
| SHA512 | 65da166838b1fe176fc83e0274fe1b8aebf15528ed50afef616d435740d98a2ff60f89c94e3ece256e39c383ccd14c77239918f4bf4620975b04d7a95866f655 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 320e695fe9e447340e709e765e9d1ffb |
| SHA1 | 1bd60171f51737a2863646aa0166cb0be4fb8986 |
| SHA256 | 8bc7ba4bea386391925268d679536a35ddb830ad2373e1dbea60cde32088a47e |
| SHA512 | a6639c4475d6083e69aa7faaeb1ac500a3d15b6c89a37f01b379ea06830f4a8029177d45e35b97c067e801c8a81751049bfe5ee5d299d306cc3d9e518f51361a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs-1.js
| MD5 | dc8378238305ef9b2eb259971ff59a90 |
| SHA1 | 9a95b6c2f32b99463d3598638edf3929b25d829d |
| SHA256 | 06a00312187126fab5c1cd289dc907b97dbd0ae9606194c6e9a434683a14db28 |
| SHA512 | 0ab4ad15963e8e2dc4c93c17aab16a7826f7fbd989d6dffc0d5f6aa624d8c5aba4f68aa09c00b8bc15deb955f03ebf07a963db452d8e398443de59d33cf8a392 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 30cc2748b9a2229e3c5d5b9705fa06bd |
| SHA1 | 34c5c7771cfc0e6df3f8294bb8d1e41b98548b00 |
| SHA256 | 46185caeb32802569e875f81f3a4bc0d3b11a8f3b0f7736b94f5d3e56e6a0bc3 |
| SHA512 | e95e1fde961153d58d619ee6a333dfa015d1771d1fdada641960b4961de9c8833793b73cd63b0a50cc191d501c4616e25bacb4e8b47299958d56eb2c8ae09b40 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\doomed\1223
| MD5 | 8337463a4aa2b6c64c96e01af94734dd |
| SHA1 | 23d423af51257dd44bf86ee7d8ca084fca1070d8 |
| SHA256 | 196972366dfeadfc988fb1b15a4accd7de3a27db32eff439bb089f78d13b1fee |
| SHA512 | 1761ad489850e8fd1089fbd172dc0ee8d5da369a31a17e20da4d9f9159159f37db838da2003b55e889e2bb3b6c9200b287db64c458767b552bf9acf7606b5a3c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\doomed\6114
| MD5 | f95e55d56737b263b45e3ee3ed8e256e |
| SHA1 | c6156ae49b8b5ff77e7575fe7131f4ea9c270323 |
| SHA256 | b226de79e987db15109c6d9d617fc17505a5cd2eb2054f4eec3d65dc84dcc545 |
| SHA512 | 3346b1fbc461fcbf608fbdeaff898c38319289d165136b57183adfc7f0a9739a78e31ef69569c986b9dfd647f062fc07904a83987bb77ea5fd5a16b8e36bc71a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 96307410b41d823ef9f0ef8118745363 |
| SHA1 | 592f104b784ec3098eb2cfd3fa68f379b0a47923 |
| SHA256 | b2e398bd8f28a7387a8aebed682c29c1b6eb1fdc38f11a4a6a5d2a8075d248b9 |
| SHA512 | 5aed664289e637b057c87bda90e1d6ced958de5f64a175c7adb2f7601255ec2cc6ade18030128460edde8b0cc9e986ac413e7a64beac9c1d1c631a6b1aed71b8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\F7C3EDBF4E81D24BEB07D4560C21F78CB7DEFFCB
| MD5 | 6200614e9ca431454bf8421da8987330 |
| SHA1 | f64dce4e9c852f06557fd987b81d557cffd25289 |
| SHA256 | ab4e54861b8f0661fa5e22b3bc1d506b5be7c33464d6ab9f5e7c321239abfe83 |
| SHA512 | 6ba9b4b1891c7f949a5c72ae31d5e601ce1a3f4818bced6ccba5b6992cd46b3f4c8fd9e99b6f0bd67eccd604f9ca302cfbb28eff60539d86e8b3ddf467c37a51 |
C:\Users\Admin\Downloads\appium-master.Qx7uJi_Z.zip.part
| MD5 | 7ffa8c38b5d3df3604d220440719a20b |
| SHA1 | 87057a7865563560aae72c481ae8c8e27707428a |
| SHA256 | f048de2d4f972b6a1c768bf72e00d35dcf046b341df1dee2f8c4210ee01c40af |
| SHA512 | 4bf893fef7619a2b6311ff61f9edf629fe6ff7ff13aa5cb75dd3f9abba4d0e217242f35f79d6f4f906f4ca507d058e0855c42f454233dec1f152f60c8a357e9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs-1.js
| MD5 | 6cf979ea3adc722c9bb374172ee1f8ca |
| SHA1 | 6f709a75c9d60dd2e4b889dba85da5c981523f11 |
| SHA256 | 159295b9077025770d98302c427cf10b7de9e742d7cba53de303291e5c75e9e2 |
| SHA512 | 3651632b97f9643e74e36c22c1df9a04bd25c6da84f928b6a84975e1dec7471853cb1cda36264bb63f86005c7301efd140c7ac18321c68464f7e30440527fee6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 98b27cf4b27457cd71f10af123bb83f0 |
| SHA1 | 7795c86ee7fb91be1c66560fa9aaaed1bc3ceaa6 |
| SHA256 | 456cd2860de753bac72feb6b0fbc5d6eaa96127de4033c27bf57239644797500 |
| SHA512 | 5de3884933ea3865e56eff101812282f2e0fb39b9cfc18eca80dba64b99258c8c0ad0848f35f6ddf8c7cd69274566958f3aed16912fb2b0b454230c38dccb185 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\8889BDA353177B2CBE445A1C3B1F487FCD52CE10
| MD5 | 1c4c31245a10b915df31fc804bec9a3b |
| SHA1 | 540382b647124c39cb1d6032f4697e4d36ea62e2 |
| SHA256 | ac7e75141d311d63ac9cbe827d3feeef95549e5a56081aee2f88f57908ee6e6f |
| SHA512 | 9fa44c079c66d2f27b9ef27261f7b7250485c3331753e1ed2661d1b2dfdc2ca3a58f63ebbca72764e57212d80a4daac13dad5ae654c483649182632b88b72985 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5459717188b572165dd4bf3045a1d94b |
| SHA1 | 0e72122983455c977e4f11fbead723d4ee4a7492 |
| SHA256 | 598f689b9bf259a5c3d0142cadcc7f50f26c8387085c1b89ca1ce9064325d792 |
| SHA512 | c78ff0ef47d958e83923defad5f4e6d91e51cda1d0477b8e10cf7bb2d9cb2efd9ca4643ceb24fe39a0cd3d97089c7d95bfb396173a9125f59f37e1452b72f465 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 048e6088d732555ec01a94183e07b361 |
| SHA1 | d1964bc8c2baeaa0e9e7d8acade9a341da9f2170 |
| SHA256 | b239dfb7a3d87f2b5d193c4c4e06cdbca4fc4a0f989f71d49d93b2e42330cefd |
| SHA512 | 3324e6bdb66df3969b563d159cdd962c18bcaf9b0b721c1215dddcc0c3f354305788813a74d9d269ceeb59f935e439bb115e780e9de5d0090aefd0247da29b5a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs.js
| MD5 | a45fc17e728fce9e867c2b0468d64a9c |
| SHA1 | 5af75365b6d1fc29f82cd9ca0f1c74ff9613ca39 |
| SHA256 | f0ce4b2c0a8d7e77a9e41f4b58538ae3cf5db5af3179822fa52e6722f5cb032a |
| SHA512 | b244857f27ff9fb81f3c835c1979d5e82b838058776384498e72d077dcea746f5b28b121eddea96c30a11c6f62807f11625db3514663337e6f170be935e5556b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA
| MD5 | 8e52c07316760c09c9d989f3e92ffbcf |
| SHA1 | f779ed25bb0028eef72f25a5acc2b290d7fb7d3a |
| SHA256 | f7d40b25b3809d8444423c97c9c6fc2b98f8cf8d9a57c398bdd8d9bd75ab6ca9 |
| SHA512 | ee9aa22fcf3a11f07f9f6eb5fb96d7604416d9eebaa3f61cb51f51fd1535cd8ecd0c9b90ef3915747f4b5e1aca265ad23f8c8fdbad1e9109602ac873f70a3116 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs.js
| MD5 | 4d936d5858a6286c8b2db2e8fd3547fb |
| SHA1 | 884fea73e57039f1e92fefbfd17f98f85274c55b |
| SHA256 | bb5f489324ad79f04651c462614cd3f9650603c762e75499f0f4915e3be0a8a0 |
| SHA512 | 14833f53f2a1a30c19b53e4680dbb49fedd10a8d8f82ab14c112c7bbcd6671418e204c55097c8e46e53f9b4cb9bb3ee0e2b66a5adb9e63fd30fd7eac746f594c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
| MD5 | 7dff727910aed54ec13cdf73e2dc1acd |
| SHA1 | 5b5a66819722d690a735aca4eee1a76548d0d557 |
| SHA256 | 15adba687d72434d4eb38b41b6d66b68a7d6ccd7040515f2fd1ec9ae33ab45ac |
| SHA512 | da00000904c3594149852dfa510e8785453eb1838d75d1176b29f7b119a1ba6e3739d3502aa73a30032b26f7ba0a018d2a4b5f86c1b58e67f94d5bfbf9a84685 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore.jsonlz4
| MD5 | f66a9d603f26fd7601cd02af4dca0880 |
| SHA1 | 9c5ba18952ac990af8ac95e4b9ca45ef7bde4dc2 |
| SHA256 | aad9e4e5226630f3cf29768ac11988d032032462d17f37b009cedcba0895e719 |
| SHA512 | 3d7a28103f26ca1c0abcbef4c3d4ea4516f8c237c6acc6cf58a24d0a3939279f40a6b0637ed7d0c08dddae7bb558504eb37ccb7cc134115b6434407559e5b85e |
\??\pipe\crashpad_4976_NIQEHLXNUZGFQGHA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2bb7b1d3fa3756ab6c6b32a83c276758 |
| SHA1 | 3920ea1e63d49cefab557f6a327071df9363e6aa |
| SHA256 | e1c2c561203105a476fbad132b767e4b14dee6693cfe5309cf7bcfde2f034944 |
| SHA512 | 894840d7083389ba19956deeacda7fd5e3796db48b8145760119ba6b06199902ce571d7ee1b5f50ca7c00f5b1ac53d36412208fa1a783e2a355b7dd99638185d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d07e3deb6b4e9aa49503041f24a35d8f |
| SHA1 | eb43998cdcc63493728c0f4dbb585db989b293f8 |
| SHA256 | 4889a75a3274d91e8abd87f3985286a2efb678c91141ed28f87c0394b2ca0d35 |
| SHA512 | aa85a6910ba6a4eb00f31d8e5837b9243146bd5e303c799c9da617ec2014b74306809d960927d0d60ad009c01268fcd5a9ad6ad082f1c3406f0a3a02695c5cea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f060a35c89bf5b4dbbb576554978885c |
| SHA1 | 9afebc2e5316b4de43a7117c12428602ff73cd78 |
| SHA256 | 48dafa55bf5f73af83f49ca9b1fd9121f0f7ecdb1fe265e47576194b23ec7b6a |
| SHA512 | 6bee51b6abd4e3aa319c3743d8194222558500a1ab834f82bd77ae0f81da874de14527a704ad6e174fb8c27a63a75e065ff316222de937e386c44dbc376a6c7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | c1a0ffcafc289299c7aa7dac85be0492 |
| SHA1 | aa0e340369b943e8f69144503705e445f8d819b5 |
| SHA256 | d1fb721b79339a61456dd7ab2db9f7a24e67437e9eee2faa824bd74f72f57af8 |
| SHA512 | f02c75ac5ef67956ac415d271e59aca933228eff3c6b858228592086602ba864b0a64c5b2e8d881258d07da1f216babbde5adfa1dfb28d3c4a62ac994f073a2d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c4203ef3af798842d485ea2fc2643a71 |
| SHA1 | a2294499a41a95b08573c36648f30ae09cfeef89 |
| SHA256 | c24fb5ec2e4233dcc99dd271b57fcf5e633299a8508e1d57f2a62c86c3e170b0 |
| SHA512 | 58982275a6c273f4b259309c077bc28abd067a9792b05e332c3ae9179b004781a6b9fa57ad29f2af65014b1d6ab100ff315e1b4d9fb42fdb5080d53c67749ca7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b861c6c04af7cb8b0ff7f063e59454ba |
| SHA1 | d86af7cabbcec50331a1c17c369dec64f3849a7b |
| SHA256 | 72241a17ede78860de850135329f17a84c3e6f32c6bca2f83927a1068902d536 |
| SHA512 | e1193caed8270d71bc7b9a740b2f299a048bbb2898ccb5a1c91ef6c653477eb8a547b767274b70d1d6d768ce51a26668f44093ea2ab61feb784bf2fb6185eb07 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 023b22524d921992e2b551c96326a3ef |
| SHA1 | 44a5246afff6f9960a6f81dfd5b17144a9dde74c |
| SHA256 | 32705b9817d2f054153ca5f94b9f66fb73efff820dcf1b1c36e0db09fab4b882 |
| SHA512 | f1c187c9662be7d1de26614cca210d4a4de145eb6c3c668f37669d0f2fb86131d98d5bf619d0082d8f855d9a2d3d27f1c02b42504d6a53777134699f1ad2dc97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1a3ec154afe74c90bc087f33a3e89c5d |
| SHA1 | 35b82e89d66e93e849d921def835699ead45dc95 |
| SHA256 | 2df3eeab28bc7e4cfb0c18798c033dc2300795c5621916f6906bc91f96b77353 |
| SHA512 | 7bbf80b72aa28aa32bb211ecf86da4c0f84760d4b5b7c7d3f9936bf91ad17eb82efc96e48dd0db611101c40b23d969b6a74fcb7a93820ba11a3c6645ded2fec9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | daae24ea7e433a6951398e48411fd37a |
| SHA1 | f4c88f82a6919cb5697b4e3ec14cce28a0373ab7 |
| SHA256 | 35c1ab00d752e6dc655e49a2a9f49016fb69994e7f25aa1832360a4678342f79 |
| SHA512 | 9c164e655ca64ec5c5dbe9cf825b81d87ef5d7d49c56b7dd5e4f68cad8a242ee21e88edb28f4315a4bc2336dd501ec0810f9d58d8a46ac2c70acc04a799a542f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e4ab7c7e2d2e535d4ec4d0f22a0b56ae |
| SHA1 | 8d7054e6eabfe30d82cd3b1ba2279dc94f86a6b2 |
| SHA256 | d0f5b39acf8ab19b11c939949ccf1962db365972fcc7252bace691a28d069c7f |
| SHA512 | c929f917c65cfcfb7c224cd0769f76d83d680c4acbed27b9c75171bd7645f1926dff27d5751c9eb0fd5a4c1fcad7e39b30a84477a75e9df8ec71ab956a948b5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f150ee503bb4157d46203a6583750332 |
| SHA1 | 483a06fe3675ba8f92762f71de5a2295ed7b6fd6 |
| SHA256 | 939faf2d3db4c55f4514db5ac181d28264a57a576c12ba811e535408c25cc487 |
| SHA512 | 7923be64425fc4a63fc04ab3b1d00c2cf0cf7004f2eb03740dfa507e026b5e0a6907f50fa6a01fbb3c14f42ba882adce0b9af5c1853a80059ba5d2cd0da08052 |