Malware Analysis Report

2024-10-16 06:53

Sample ID 240616-vdez6azfmf
Target release.zip
SHA256 3a521e8eb6c4a7bc7e8981b6377b5ca5a50b47862cd29c15b394a3e1a91cb4f1
Tags
themida
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

3a521e8eb6c4a7bc7e8981b6377b5ca5a50b47862cd29c15b394a3e1a91cb4f1

Threat Level: Likely malicious

The file release.zip was found to be: Likely malicious.

Malicious Activity Summary

themida

Downloads MZ/PE file

Executes dropped EXE

Themida packer

Drops file in Windows directory

Unsigned PE

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Modifies data under HKEY_USERS

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 16:52

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 16:52

Reported

2024-06-16 17:00

Platform

win10v2004-20240226-en

Max time kernel

447s

Max time network

454s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\release.zip

Signatures

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Monoxide-GDI.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\system32\mspaint.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "221" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\Monoxide-main.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Monoxide-GDI.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1200 wrote to memory of 4888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1200 wrote to memory of 4888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1200 wrote to memory of 4888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1200 wrote to memory of 4888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1200 wrote to memory of 4888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1200 wrote to memory of 4888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1200 wrote to memory of 4888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1200 wrote to memory of 4888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1200 wrote to memory of 4888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1200 wrote to memory of 4888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1200 wrote to memory of 4888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 4072 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 2448 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 2448 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4888 wrote to memory of 2448 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\release.zip

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.0.1462309545\1985564474" -parentBuildID 20221007134813 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b44866fc-2242-41a2-93ed-c677d64b3c4d} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 1964 19339cd6658 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.1.1848007063\750312780" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca99b483-7af8-4afc-9849-79034cbe8597} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 2364 19339630858 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.2.579836168\871963612" -childID 1 -isForBrowser -prefsHandle 3264 -prefMapHandle 3260 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0661cb72-34bd-48f7-9205-0ab75ea3d16d} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 3272 1933dbbef58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.3.129696770\1059686566" -childID 2 -isForBrowser -prefsHandle 3612 -prefMapHandle 3608 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86c47eba-80c0-41a9-8d86-c204d1e75985} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 3624 1933c5b1858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.4.259503799\892863325" -childID 3 -isForBrowser -prefsHandle 3968 -prefMapHandle 3964 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d318c4c4-8c91-421e-9afc-46dd48e7d62a} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 3976 19325f62e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.5.1964622124\543929788" -childID 4 -isForBrowser -prefsHandle 5040 -prefMapHandle 5024 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83d214e9-147f-4b93-b826-05e5054f0706} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 5028 1933c5b1b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.6.234852583\1049873582" -childID 5 -isForBrowser -prefsHandle 4920 -prefMapHandle 4916 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b8a1b24-abaf-4316-8a42-b5923f8ad9dc} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 4940 193401b9a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.7.1537471607\1107913871" -childID 6 -isForBrowser -prefsHandle 5392 -prefMapHandle 5388 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {386f2f53-1d1f-4a10-b0ad-77283abaf4e4} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 5312 193401ba958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.8.1432169618\2012293855" -childID 7 -isForBrowser -prefsHandle 5820 -prefMapHandle 5740 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81e79d7a-997e-4a59-9d82-6c7587c784c5} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 5832 19341beb458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.9.1166256651\1194305810" -childID 8 -isForBrowser -prefsHandle 4496 -prefMapHandle 4824 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e9c72b6-5650-4a71-8349-7e6c8ca0911a} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 4604 1934259bd58 tab

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\Monoxide-main\Monoxide-main\monoxide.ico"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Monoxide-main\Monoxide-main\MonoxideMBR\qemudbg.bat" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Monoxide-main\Monoxide-main\MonoxideMBR\qemudbg.bat" "

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.10.458007887\1327904289" -childID 9 -isForBrowser -prefsHandle 6452 -prefMapHandle 6448 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {049c25cd-6ec3-4c26-a83e-c57026673336} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 6460 1933fbde558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.11.1608731036\58712332" -parentBuildID 20221007134813 -prefsHandle 6448 -prefMapHandle 6428 -prefsLen 26774 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf3c83c0-b114-47eb-a607-a09d4c2f5a99} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 6484 19342be1b58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.12.1871836005\1203952543" -childID 10 -isForBrowser -prefsHandle 6688 -prefMapHandle 6684 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00511aae-89d0-498e-a686-d47bacfbbea3} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 6696 19342dde358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.13.952300629\1630014384" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6200 -prefMapHandle 4880 -prefsLen 26774 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8da418f4-64db-40d5-950f-b93be05f5a17} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 6260 19342fb7858 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.14.1546120645\1403082219" -childID 11 -isForBrowser -prefsHandle 7032 -prefMapHandle 6984 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a944069e-4514-4c01-9598-e434bd27781a} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 7084 193401bbb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.15.1442746920\1519092498" -childID 12 -isForBrowser -prefsHandle 11240 -prefMapHandle 11244 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10f52865-4b7c-4a2a-8283-68f8d11e425a} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 7044 19341d0e558 tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x31c 0x300

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.16.1433615093\1893069762" -childID 13 -isForBrowser -prefsHandle 5276 -prefMapHandle 5196 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b36e4ab8-9c49-492c-bef1-9af3483cfdc1} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 5264 19341dd7c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.17.85060437\1076556470" -childID 14 -isForBrowser -prefsHandle 6328 -prefMapHandle 6136 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a02b01a-d664-46c0-af2f-4ad1b732a8e6} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 5020 19343649b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.18.1024061681\1767300476" -childID 15 -isForBrowser -prefsHandle 6612 -prefMapHandle 6668 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13133e30-ff62-49ca-924e-06558f0c0aca} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 5912 193432c8e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.19.661041170\136619647" -childID 16 -isForBrowser -prefsHandle 6232 -prefMapHandle 5564 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9799257d-2093-4881-b110-12128f127522} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 4492 193401ecd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.20.1467129279\767777806" -childID 17 -isForBrowser -prefsHandle 4684 -prefMapHandle 6720 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {356c7c39-ab33-415d-9418-6f0f25bbbf0a} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 6784 19344568258 tab

C:\Users\Admin\Downloads\Monoxide-GDI.exe

"C:\Users\Admin\Downloads\Monoxide-GDI.exe"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa39b1055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
GB 216.58.201.106:443 tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
N/A 127.0.0.1:49842 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 52.33.96.36:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 36.96.33.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
DE 142.250.185.68:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
DE 142.250.185.68:443 www.google.com udp
US 8.8.8.8:53 68.185.250.142.in-addr.arpa udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 195.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.181.250.142.in-addr.arpa udp
N/A 127.0.0.1:49849 tcp
US 8.8.8.8:53 play.google.com udp
DE 142.250.186.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
DE 142.250.186.110:443 play.google.com udp
US 8.8.8.8:53 110.186.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
DE 142.250.185.142:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
DE 142.250.185.142:443 consent.google.com udp
US 8.8.8.8:53 142.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
DE 216.58.212.163:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
DE 216.58.212.163:443 id.google.com udp
US 8.8.8.8:53 163.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
DE 172.217.18.22:443 i.ytimg.com tcp
DE 172.217.18.22:443 i.ytimg.com tcp
DE 172.217.18.22:443 i.ytimg.com tcp
DE 172.217.18.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
DE 172.217.18.22:443 i.ytimg.com udp
US 8.8.8.8:53 22.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 162.186.250.142.in-addr.arpa udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
DE 142.250.185.68:443 www.google.com udp
DE 216.58.212.163:443 id.google.com udp
DE 172.217.18.22:443 i.ytimg.com udp
DE 142.250.186.110:443 play.google.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
DE 142.250.184.238:443 encrypted-vtbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
DE 142.250.184.238:443 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 238.184.250.142.in-addr.arpa udp
US 8.8.8.8:53 adservice.google.co.uk udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
DE 172.217.18.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 98.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
NL 216.58.206.78:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 216.58.206.78:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 78.206.58.216.in-addr.arpa udp
DE 172.217.18.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
NL 216.58.206.70:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
DE 172.217.18.98:443 googleads.g.doubleclick.net udp
NL 216.58.206.70:443 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
DE 216.58.212.138:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
DE 142.250.186.74:443 jnn-pa.googleapis.com tcp
DE 216.58.212.138:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 70.206.58.216.in-addr.arpa udp
US 8.8.8.8:53 138.212.58.216.in-addr.arpa udp
DE 216.58.212.138:443 jnn-pa.googleapis.com udp
NL 216.58.206.78:443 youtube-ui.l.google.com tcp
NL 216.58.206.78:443 youtube-ui.l.google.com udp
DE 172.217.18.22:443 i.ytimg.com tcp
DE 172.217.18.22:443 i.ytimg.com tcp
US 8.8.8.8:53 rr5---sn-aigl6ned.googlevideo.com udp
GB 173.194.183.74:443 rr5---sn-aigl6ned.googlevideo.com tcp
GB 173.194.183.74:443 rr5---sn-aigl6ned.googlevideo.com tcp
US 8.8.8.8:53 rr5.sn-aigl6ned.googlevideo.com udp
DE 172.217.18.22:443 i.ytimg.com udp
US 8.8.8.8:53 rr5.sn-aigl6ned.googlevideo.com udp
GB 173.194.183.74:443 rr5.sn-aigl6ned.googlevideo.com udp
US 8.8.8.8:53 74.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 74.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 rr3---sn-aigl6nek.googlevideo.com udp
GB 173.194.183.104:443 rr3---sn-aigl6nek.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-aigl6nek.googlevideo.com udp
US 8.8.8.8:53 rr3.sn-aigl6nek.googlevideo.com udp
GB 173.194.183.104:443 rr3.sn-aigl6nek.googlevideo.com udp
US 8.8.8.8:53 104.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 142.250.185.68:443 www.google.com tcp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
DE 142.250.185.68:443 www.google.com udp
DE 172.217.18.98:443 googleads.g.doubleclick.net tcp
DE 172.217.18.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 i1.ytimg.com udp
DE 142.250.185.110:443 i1.ytimg.com tcp
US 8.8.8.8:53 i1.ytimg.com udp
DE 142.250.185.110:443 i1.ytimg.com udp
US 8.8.8.8:53 i1.ytimg.com udp
US 8.8.8.8:53 110.185.250.142.in-addr.arpa udp
DE 216.58.212.138:443 jnn-pa.googleapis.com tcp
DE 216.58.212.138:443 jnn-pa.googleapis.com tcp
DE 216.58.212.138:443 jnn-pa.googleapis.com udp
DE 142.250.186.110:443 youtube-ui.l.google.com tcp
DE 142.250.186.110:443 youtube-ui.l.google.com udp
DE 216.58.212.138:443 jnn-pa.googleapis.com udp
DE 172.217.18.22:443 i.ytimg.com tcp
DE 172.217.18.22:443 i.ytimg.com udp
NL 216.58.206.70:443 static.doubleclick.net tcp
NL 216.58.206.70:443 static.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
DE 142.250.185.227:443 www.google.co.uk tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 www.google.co.uk udp
DE 142.250.186.161:443 yt3.ggpht.com tcp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
DE 142.250.185.227:443 www.google.co.uk udp
DE 142.250.186.161:443 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 227.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 161.186.250.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
DE 142.250.185.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
DE 142.250.185.238:443 youtube.com udp
US 8.8.8.8:53 238.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 200.201.50.20.in-addr.arpa udp
DE 142.250.185.68:443 www.google.com udp
DE 216.58.212.163:443 id.google.com udp
DE 172.217.18.22:443 i.ytimg.com udp
DE 142.250.186.110:443 play.google.com udp
NL 216.58.206.78:443 youtube-ui.l.google.com udp
DE 172.217.18.98:443 googleads.g.doubleclick.net udp
NL 216.58.206.70:443 static.doubleclick.net udp
DE 216.58.212.138:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
DE 216.58.206.46:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
DE 216.58.206.46:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
DE 142.250.184.238:443 encrypted-tbn2.gstatic.com tcp
DE 142.250.184.238:443 encrypted-tbn2.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
DE 142.250.186.78:443 encrypted-tbn1.gstatic.com tcp
DE 142.250.186.78:443 encrypted-tbn1.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
DE 142.250.184.238:443 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
DE 142.250.186.78:443 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 78.186.250.142.in-addr.arpa udp
DE 172.217.18.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 140.82.114.21:443 glb-db52c2cf8be544.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
NL 2.18.121.79:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 79.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
DE 142.250.185.206:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
DE 142.250.185.206:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1---sn-aigl6ney.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 206.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 166.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
NL 52.142.223.178:80 tcp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\333fa04b-8e80-406f-81d9-1d0beda4a163

MD5 1239902583b5db398a5aecb2f3873eaa
SHA1 17fa2e2f2f7562a75b988e3e319ad53ff1c22ef7
SHA256 ba51dbb256d6b16d2d0334879d725031528b2a0a34e08261cfe23c7692f42829
SHA512 6edc3c0209da4001f697b5f8a59b11145dd972d2a61cf549c060c8c13a9d5414c1c0fa0d947863be917eb8f1a7f9d9462dc01536323d98d2e2cda84e0a9ae43a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 50bc24baa13c75565514d7fddfc3b631
SHA1 c2d3700752ad96b14603ca09b42ac7073c6eb24d
SHA256 a004a22272468be190e16ecd9560f84173ce440639660e8ab9cf386c2ca569b6
SHA512 369353bba4aa0f36499af204192fde86693566061cef5a5923c55f5db06c1ef04f914dc788711785004fd00324bb2ebeb27c322f7ba9af558bf3d1eec1f3fd63

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

MD5 45f8890e152c2c918139f5ca3a59c37a
SHA1 f3aec1927cc115d0542bd627d93b51239634106c
SHA256 cd82b12b14d0825486338473aa22e6e0be832c21068845c608463007c5dabe50
SHA512 78e357acf714833112434002733ec0a9d73eabe0b82029be2778518a1ffdb11a81a9349c35cb3bd851298d4c1c1ed61dd2fb06cec3f7ef0cabdd20e509373c5b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\1f4f5aae-5855-44d5-a34c-50553b99931c

MD5 9796c66279fbb2d31adfa09a51a2f73f
SHA1 237e97c588d22b951828bf62d2bcbba8aa49622c
SHA256 5026fda1d87ad79e68b96baa7810aa3483f5012ba298a9e1766b0e021fa0ac98
SHA512 dba67c38fbaa08939e790327c3300e72bc4aff79ee7923360c28dcbb9fd4f22d0e9bacbf043b7fb8f8bd38e1d7877756d0af506d2ac5b3109b18e2df4a886183

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 89fb414d778d11d3a12991de60301815
SHA1 1d7a63ca92d9ad28930ce2feaac8c71c3f699ef7
SHA256 935ba660008416f0b46a028a709944f11f9c2858243a2f7bc0b57aa1d96314be
SHA512 49f06dc78f2e08621ba4ed19925d8c7ed040502f13edaeedc7df3d675e77417d8b7b3c0b3feaf7f4fcef989091b363f5af1fa9258de57cee5bd904e1d7a31f9b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 07ebc402bdb78b849aca5b7658f1a373
SHA1 fb281d03e9b826cea381df719b93a79f546f0aa5
SHA256 255141164d581ffbd0ea785e975354d3947944444a41e5cc2632aef670080595
SHA512 c77866641f0f51586c9d16d249c49b7006a9e190274308f02f888efb4a68ed0bf2019ebd974ae47de205fe513f7b0289a91a392cfb1aec14f3de253e4aa6db67

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

MD5 c3c365df679c2078e61583b082c3248f
SHA1 fad59cfd36afc67d29a3dc03848fce8bf80674c2
SHA256 f6c3be44525a09f36f5c748e91f2cd2f50d013452bccfe685bbfab141cc152ab
SHA512 efc7108b9c3c7c56be2052cac7ad33895489727b5e35ea73cdfa799d47bd4eb44d97968301cf9861e6d6390351914213ebcbba1fc9e7fb768b82d41a06ed0c53

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 80d020abaa51161cb80af36b0d58d821
SHA1 1b56512eb6839837162d5fdc2cf7db2e467d2076
SHA256 fa2f3db8439fc6804b3a3893cd297018a37456208500f573c91d171b5cec1c3f
SHA512 9d5c3ae028d825959b9f24828d93a106655b656da95e5b4f6de421705bb371aff58733db0119ce9bd894a1372ac4adb459a5a07176a2f95eea1106e185f04b00

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 377da0a55b222773fccd9760bfc2bc96
SHA1 10c272de4293ed2b64d387696e16fc6b3a95c706
SHA256 20f5da87000e529df31c5c7dbdca87da32936a2c8a98b8ad852ba63b3d8cd4ef
SHA512 b3959733a64e6986cac7b09710817cd152978debe2c70871eeec22d1be1641646dd2fb62bb57022ef4546eee17873c0ed13b1430be8aa270f7f00cdd3c71534e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a5e6d5fa290b20615bec9b6a60a7465a
SHA1 a50cafac6c986d978777c6085785b4bcc1e4996e
SHA256 d63b658fdd3867bd6852adb76aa9456d74c47ea33f8a751c81b4f5cf74c55810
SHA512 f49d18c6977bb66af3d7baa7704efcefcc2cd3ea320e076f81c2c57d3fb679b18e3281e9cc07d97b866233f56cf9b0599bbdd372df589cd9b40ed91ac2601526

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\25129

MD5 baa1e82ae795597680f18379d304616c
SHA1 9a7dc1f3e668bf50255d9f8ab8b1982700e0e7e9
SHA256 52b62357c17f4014d2ecd82a89b615a7d042886d6cdad631e1f94f6408f64b32
SHA512 949d84353c8519416f71e6915577223b2d4e95ec99984cfd2a065d1d4ecebb1c79df1fe8a4f43fa21a41a036d91b37ac9dbef1f8a617ebf5d41a714bcab22e35

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 80bd4dbc9ddf8dbc2c8164de3ab9472f
SHA1 0de4f7b10f7c610977440c8c87731a7d29e9304c
SHA256 e8dcc93e7b8c1fbee92809c5eeb554c16d8ad95b6d4251aa3bf45b27c5865de9
SHA512 43646c1a389c8f313540d43f6da2b85441923e9b8c9aef3b448ee5b0fd6ee4cae497bddee6fa623f122358bb5a07a60d14332a436643d2be9667eb5fe481ed4e

C:\Users\Admin\Downloads\C770TzmA.zip.part

MD5 f9382d06e61df3cd9537978c0cc5bef4
SHA1 46c5cc5ebedbecf6ef71829087a151d4b4398fc8
SHA256 66adb855a6f8361258d2468f4e80cb17fa903eda20db0a1ab7989b26e46f1e10
SHA512 04afea5c05d5ae1157c1bf7324e49d6dbe1233cf356620a189b3941805e7d43c261e2cba116d04f4aab82cab22dc4fe37ee8ecbc24414f835244bf7fee998c3c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6bbb85d6b31cae5fa34e6ca5ff8441a3
SHA1 5c94174f0359903a6aa02b5f56cb3ca4bdd5ddb1
SHA256 0de08a84001fd3946160a04d31126ea87ceaa4eb442287b9eaeadd82429b9896
SHA512 5e044d54c2de5f35fc2c513ffc2ec9453cbeaa74df9e4dd2fbb2aed7873266c0d1fae85f2478d57bffd1e72f13902c5b2580a2e6bac9b821938fe9735b0d68fb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 839dda69ce2f325064cbc16aa8bbdc95
SHA1 6b1f614fb8c6a4802d5d00d3082c08c44ef7c21e
SHA256 004a0419be98f0bcad3d1f67cfc17aaa8449a3bf26d52bef54aba7f82444741f
SHA512 8dffcfeddc6e844722831f382288c57a345034d6fd462814c82e7300bfafa55444c36535713fa5c9e6cf13ca493cc4bd670388954811774a42bae0f8e4a35044

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e59f8fca78a35c497890228867e5ac02
SHA1 28c598e7ed20dc6516bd98bbb54b49919d777820
SHA256 ac4074493055b34ea0c31997fca634fba16eb0e9ae34a43bca30aa95df17e4b7
SHA512 7c8c6d39c4c2db65da5b0cb1e838bea0cf4f1079a92ff2afd5db8671bcaaad637b3ce3ca856a9eb9faafbbb14bfa44477985bbe202cc0593e8701e76ad4fb835

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\82562AD5D143783BE1C9360E60DC9F26284E3818

MD5 99b024a192d54de69bbdacc43d49765a
SHA1 ef7945c920b727a80f8fe5907e6528b84896cc61
SHA256 e2781af7c835913d009db01ec39d95266dad37bbe638213de32d8f9edb159c8c
SHA512 89e3b22e456ad3c1ca2a065ead25e522ffd39e8fd3a73fd14bfe6b812b4f29b505990da84589ce6761a837ba7cfbb816a250ebd5fc4fbdcb273161234c1d7134

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1ba8fe6e87043f3c95fae675b8e18d30
SHA1 865d89d45ca5d41954f04cdd714dc4feb998b61f
SHA256 57f5aa6cf7b87c0b7c28f10263c774f7e486eb0334bfaf53dff134a5b3b00725
SHA512 d8fa8674a09539897c9ff6504c5e0ec1221505c0dfcf56e98b03f983e478efd2bbca7b07bd2dfdef227043d31faeb7bead52d2b514a61ccbb394a7da885e37cb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++www.youtube.com\idb\2171031483YattIedMb.sqlite

MD5 da9b7d3ab8b724067a0c5347f3a5724a
SHA1 318defd2641bef3ba3399fe6649fcfafb8dba5dc
SHA256 4f9ded346909b4c4ab4ea313d39a88c01cff3a4ddc67d76f7b3945799041f604
SHA512 b06852c7df59018f77a2387d15d84065d88c4ff0a43c2ffc8b8d2a05e1c5d9645f6d0df6bbd07e8de96e0c6388b395528b2df7a9fdb6e0b52d1fde32d9618353

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++www.youtube.com\cache\morgue\193\{9f6f013c-ddb3-46eb-a4ba-560f9a0843c1}.final

MD5 60d66e4bb5c8e81f2e74110242be319f
SHA1 7d06f8a849998764c0a8b83a75d6d5de60de1238
SHA256 413d58f8847f0606c70486a3f8af24044303cc5639852b5daf7b8bb81ed8bdde
SHA512 6ad63eaddf057ffe9c211bb5c3af7675105ec6af38d6e844a0efba85dcf9e10fcecfceaa5dccd103ded114bc1b50036c49604e731000b1af4c037f2cc6b680d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

MD5 626f83be1c6b2639cb473a70afc44af2
SHA1 a6e831ef9fe5760dc4e87a307c4f184425f36db8
SHA256 ecca6b4a19ff031e03f1e867e2a70d6195135169ae1b750cef711b6a23d61dd5
SHA512 4331a106d8fc647a3aa2f629039bc9fd965f5f97f38b21447a94ca0d8376cdd8610f11d45be30c8111a5a84de0fee01ded2b389cbadeb4ebd267391039e01a4c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 878805c649bd51b9c321573ecbf2d622
SHA1 576f6ec5b2a63fa22aa301d65538dece3ca9988c
SHA256 95c1f06b60a2f13a41ac692630092618f7cb2213df1e07da6ab3e77639b04ed9
SHA512 aa87ece02ff9477f32a4e8c40f825c919356e215acd5216a76630fdda6caf09730278414dca8a1b46204a096dff1d07c0351fee7881eed14c995e4f766dd30f2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 95846425e8b78003ba6ad52222f147aa
SHA1 9935d66a86c28738ced3e8513609861641e78313
SHA256 4551b7bdaa539c8491e12ad5ccc02662ffbf6e8bfe1775bb37baf9c6a38cff9e
SHA512 f3a48ac03fe4a724a2f40e462ab8bb336a956c2e52bedc08578d6415fb5c0956e88438ca31e0cd0230611519dd9a81e95df459a4fd56d56ea4f2087131c3f907

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ff3afe6064665a9f5e887b9126dcc158
SHA1 860614701688c8572e6c7d2a05e4c42750595368
SHA256 8be44805429d9288d9475eab88ed5915b03c060dd3546cbee3b96a219f7709bc
SHA512 29161462f478afd9dab46aba528736f86b5a9feeb743f786009db660575515ee20b3e0cfe09ec65eada066d7cb780d1a99435930203cf61ab55707a5e6f2a3ee

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

MD5 722540aad90526c741eb5a3f96d809be
SHA1 4760b6864f1ae137e5c7b0d7224ae8b6ba4127ba
SHA256 41fc6499a8e5a800aae18de0e2635067a6c945e4ea35732a812fea6dbb46dcd2
SHA512 5b2058b48895dc2df8ada16b546862251c143fe1b1bedfe3a97d37eb009393f10c82c9b55ae1c201b33a2a43614ebabb31222f8777e410204b9ead6d18c74c6f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\6440C0B35A4A68EC0CB1C1C79C6E06D909B352BB

MD5 f2eea9ace70acbc35330001aa520ba77
SHA1 850e4705fa6d89e1a4f10a6f8329e2cde63c9335
SHA256 5114c31eb917f62f76f330c5500dfa9fb7fa168876c930550fd1cb265f860004
SHA512 27dcba6ce71dfb76c233bda7b3882d0aae5e75ed6357b1bca1c4e10ab9b07fd7bd7200142d0c79fba0f8466fa18e1f41339e8e48db93dcbcfd052ebbe5ff0977

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\278E6F594C4259ACF0A1CD1228A4E566D7844567

MD5 8c7b0658a2da03176ceef59de6915bef
SHA1 da840fab292051c72347c21383a3b7e82b9ed4f0
SHA256 dc52c9b0ecc7522638191cc69999fea4027732f1da8b456f8297f98393f210ba
SHA512 e71ef634452880d0f083cbc7c1844c8ae20040f862706455d8fa412152ddaf18e6af6c4c36534cc3f23b9444803a8dcdcbb10c05112466112ba14fb7c86fcdb0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\DBD0748B69E2548CDFFE21A4A17B9653F0711FE7

MD5 77bed7189472563c10f3601182c3635d
SHA1 ea16efc61b07e7b9f2d9c17aa95124867d2c60d4
SHA256 7d83cdfb18613306c7f0012c3b5c55cf49d133e04c4f725d0a2e709c7171815a
SHA512 6ce510cb40fc45670810b2ce91daa2fbecc96291d4becca8ae9c2712affc122e9bc68311717f6e74729879ad83daf7304d1ef1eeccd37166ddf20eb075c8e261

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\14905

MD5 04a8a21f59ef807df329595cda61af23
SHA1 8e1a941409f12c45d354581139332b641be28b88
SHA256 9e9cba7dc9ee36793cfea0ac8e1749a5e07b0418e05454ab61417126a0f5bc97
SHA512 4b46b715cff25680e6ee8668663d0f4b744932b5f133bef65e139b2aeb0a0dbcce14ca2e849fd014015958f8e85052130129f53cf01cb99c3139ab899a30d090

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\5638

MD5 c845624241dd29558cc98ccd1c79ec8f
SHA1 91207a4dba3cef2abcbb6144467d7ebd47db21eb
SHA256 c7f1aac34105401b7f4c13ae938f6613d69ad9f7a52bad4c78c3f1f16d04e361
SHA512 70df55b13b1e441e9991b671d159931630978867be6fb752876115fd7b0f95e42f2cacb340b174cf4143421fc20251a9f5eadeee919e6a90b054213d4ab9d005

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2256980065LCo7g%sCD7a%t7a8bba3s.sqlite

MD5 622d07092e9fd0838b0c1f42763acdac
SHA1 b363de00d6dc7397c2d6ebd5b214a745c04c414b
SHA256 ce57d9182498a86c248a806e55052942683f4df711748ce3f6504b32aca4b0ad
SHA512 af40c2db141ddbc7e5e10b3e5a775510e8571a51a85149d107168813d14c7d89dab99249711db685437b14a0b9d3458fe314b2ccf9ed139c9420b6c6e7bd1053

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7044c8aa6f6c51f44c81264a9894e1e5
SHA1 ce77641f7453ce2f1722731b08f5468268688896
SHA256 9a8c62c9970d5c9c70840dd8d1c8148e8d1387ea06e6c34df007dcc372b42915
SHA512 8e05aa2b5690aeeee4fe023f96c647e3561641aa352f31fd68ddb66d6ccb927ea5ce4867829780819632fef8f3c8760d10603b78b54e28311347380cc54608e3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 d2ff82f064003f932d3d959fec3eb84d
SHA1 cccc8be9675b7268870a23c082d260b182256c4b
SHA256 f0b9df91c210ab8497092cb864b5490265706b5f71f2f3d6ae3ba6e73d51ceae
SHA512 21fd219c9a99cfdb52d4153179073914919c4c312d1a3beca048aef42bed8660270b303bb2a1a13410c8468422401b81d7e5565b10aa0f4738911339230365e7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 24c7c53974d5fe0f27fcf3fa57b277bf
SHA1 a828fcd48d92c6f6a01b1b0545f65a175ec437e2
SHA256 eb7587f3b79a72937424d94846c1f6ed5ffbb95527870a6bc0e5ce1aefe78ce5
SHA512 a9d924c6b05e3fc27662d2ed4a647f574e41c79560b3a491abfff38e9264daabfa4fb182c25d9fc79fb80fc04f275909a01c48f83e430ca8477ae6b33d282330

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\jumpListCache\OkMQAhOddqnLG3Evn+JN+Q==.ico

MD5 42ed60b3ba4df36716ca7633794b1735
SHA1 c33aa40eed3608369e964e22c935d640e38aa768
SHA256 6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8
SHA512 4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

C:\Users\Admin\Downloads\Monoxide-GDI.gd8kZ5SN.exe.part

MD5 567807ffd4dc5918c342138051a07902
SHA1 b2e19490673977db2442a10cab691f6bae2a07de
SHA256 a4ad6bb531bd8268d624f264910b15600f902fd634cef18a500c0f75a25a8042
SHA512 63f776e3df52662dab41e97fe934b08b590a055126db4ba6d829208d627e79ecc367da19e433e981d7f4ea8214d9114673bf10c1b3bd88c12bef63fdbf6379fc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1a341a47a5796225c968a9d828f49fb5
SHA1 0b607a7f7c4ebbe62a9fc09c19505c2814902e12
SHA256 c99ce297ec425bab9e3abc1bd975b6ed3c82677e87e6564b6d66c7601522d038
SHA512 74e750b2949a11d4395cdfcaae414fd4c73ca2597e7f5d6fc830388702fdd16cbb23136978a4c81e328bcb08e36db8e152e313fb09e61f232c0d692b635ac879

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 cc0a9630ac10b7937f7add83fdb99557
SHA1 f8071a97d20d65dae335a46eeb40ce5625fa9ed2
SHA256 ab7112d9694e5013b928a44962d4628c37736977c9603efb7e8be10912231f68
SHA512 1b7a93d8741a4644e1c1bf1c7b3be65f773d3827b9a4927504ac9a055414ff06900f92b5c589ec7462f762c2dc16e97280e235be12b151ed952747992c91326a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 13ea1f04a285bc3105ede96351245f28
SHA1 bb4d1d997b481e6d7b4c6d166762d29b93fdb2c0
SHA256 5f383ae7bfb429cb594d7e95ee9ea831569c68f096fac0250bc9857685c388dd
SHA512 5fe7e7989d0c3a72ded44e02b287e53994a6405a37c82d4d697633d74c940187b5e57648e65cdfb986ac77a1f97e9740fdd75ef6468ea7292e88f531e57732dc

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json.tmp

MD5 66bdbb6de2094027600e5df8fbbf28f4
SHA1 ce033f719ebce89ac8e5c6f0c9fed58c52eca985
SHA256 df49028535e3efe4ed524570624866cca8152de6b0069ebb25580fce27dccebc
SHA512 18782069ef647653df0b91cb13ba13174a09ce2a201e8f4adfb7b145baf6c3a9246ef74bdad0774a3023ec5b8b67aba320641e11dd4b8a195e1c2b448202a660

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore.jsonlz4

MD5 5efcd61c091db01dbbb6edfce0593a00
SHA1 35451efc5e5b02260679d8de58d4ced2c479db23
SHA256 5d2e89edd11c971142b93af5918ae527f099cb535f0c09d24386237d0656c2a5
SHA512 f50a58621ab0f84d879b4f6c4605e38bd664061c8f09d4fb4bc82d285ce62a9da0ca213ea607cb2629abffe2dedaf0e471278e523fcc7044475f4fcfd6e51130

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 19f40bd4af47d3f291bb62fc44358ac0
SHA1 26d7ba450ecdb89bf332bca016a55b4aad949f9a
SHA256 95306095420101d04da9b344d79d89d958f3df1393049d741663d4510dbdf215
SHA512 b77780f508fd66b51c0d086298bc3763df96bf0fe691bc1aff2784c808fd80fb87e9337751543893603e8a102f081c5ca557aadc1bec7f8bc17967a7bf9d403c