Malware Analysis Report

2024-10-16 07:08

Sample ID 240529-q6v5magd91
Target Do not download beaming tool thats a rat.exe
SHA256 49e5e80f7c823694fa86addf84783ec0b4303df3edcf3fbc51bda19bebc38e42
Tags
blankgrabber upx execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

49e5e80f7c823694fa86addf84783ec0b4303df3edcf3fbc51bda19bebc38e42

Threat Level: Known bad

The file Do not download beaming tool thats a rat.exe was found to be: Known bad.

Malicious Activity Summary

blankgrabber upx execution

A stealer written in Python and packaged with Pyinstaller

Blankgrabber family

Downloads MZ/PE file

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

UPX packed file

Loads dropped DLL

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies registry class

Uses Task Scheduler COM API

Checks processor information in registry

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Enumerates processes with tasklist

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-29 13:52

Signatures

A stealer written in Python and packaged with Pyinstaller

Description Indicator Process Target
N/A N/A N/A N/A

Blankgrabber family

blankgrabber

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-29 13:52

Reported

2024-05-29 13:56

Platform

win7-20240215-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe

"C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe"

C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe

"C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_MEI18882\python310.dll

MD5 178a0f45fde7db40c238f1340a0c0ec0
SHA1 dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe
SHA256 9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed
SHA512 4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

memory/2628-23-0x000007FEF62D0000-0x000007FEF673E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-29 13:52

Reported

2024-05-29 14:11

Platform

win10v2004-20240226-en

Max time kernel

953s

Max time network

963s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe"

Signatures

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2076 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe
PID 2076 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe
PID 2920 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe C:\Windows\system32\cmd.exe
PID 2920 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe C:\Windows\system32\cmd.exe
PID 2920 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe C:\Windows\system32\cmd.exe
PID 2920 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe C:\Windows\system32\cmd.exe
PID 2920 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe C:\Windows\system32\cmd.exe
PID 2920 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe C:\Windows\system32\cmd.exe
PID 2920 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe C:\Windows\system32\cmd.exe
PID 2920 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe C:\Windows\system32\cmd.exe
PID 2176 wrote to memory of 5012 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2176 wrote to memory of 5012 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2596 wrote to memory of 2832 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2596 wrote to memory of 2832 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1044 wrote to memory of 3652 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\mshta.exe
PID 1044 wrote to memory of 3652 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\mshta.exe
PID 1788 wrote to memory of 5064 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 1788 wrote to memory of 5064 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 2920 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe C:\Windows\system32\cmd.exe
PID 2920 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe C:\Windows\system32\cmd.exe
PID 1880 wrote to memory of 2244 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1880 wrote to memory of 2244 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 3868 wrote to memory of 3000 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3868 wrote to memory of 3000 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3868 wrote to memory of 3000 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3868 wrote to memory of 3000 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3868 wrote to memory of 3000 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3868 wrote to memory of 3000 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3868 wrote to memory of 3000 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3868 wrote to memory of 3000 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3868 wrote to memory of 3000 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3868 wrote to memory of 3000 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3868 wrote to memory of 3000 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 2888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 2888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 4844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe

"C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe"

C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe

"C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe'"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('please run as administrator.', 0, 'error 404', 32+16);close()""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Do not download beaming tool thats a rat.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend

C:\Windows\system32\mshta.exe

mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('please run as administrator.', 0, 'error 404', 32+16);close()"

C:\Windows\system32\tasklist.exe

tasklist /FO LIST

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3000.0.1152932143\992099771" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1788 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {361b445b-0cc3-4bc2-ad8b-818023b30504} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" 1960 29ab99dbb58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3000.1.1984191108\1841340190" -parentBuildID 20221007134813 -prefsHandle 2332 -prefMapHandle 2328 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26ef5c8b-e036-4844-88da-b26eda84b0be} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" 2360 29ab98fa858 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3000.2.1957241856\521553894" -childID 1 -isForBrowser -prefsHandle 2836 -prefMapHandle 2932 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0d3c86c-45c3-4957-839d-6be6cb5ea61e} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" 3080 29abdba9f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3000.3.1748553216\1767439141" -childID 2 -isForBrowser -prefsHandle 3864 -prefMapHandle 3860 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3329b4cf-cbf4-479e-8cd7-a7aef6458f33} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" 3876 29aa5e5c458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3000.4.135175508\518308182" -childID 3 -isForBrowser -prefsHandle 4560 -prefMapHandle 4556 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e714ec29-c2ac-40eb-83e2-507d2409d5c7} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" 4568 29abfe0ab58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3000.5.2035567319\587749519" -childID 4 -isForBrowser -prefsHandle 5040 -prefMapHandle 5044 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f49da0f6-4e46-4c87-8b8e-1002e4533d2c} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" 5056 29abe035258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3000.6.559497502\1011493482" -childID 5 -isForBrowser -prefsHandle 5176 -prefMapHandle 5180 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7ed3857-8420-4de9-9856-d5dc15e9a90a} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" 5168 29abffc5758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3000.7.39804244\1071869266" -childID 6 -isForBrowser -prefsHandle 5372 -prefMapHandle 5376 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d66e084-2904-4f12-9a8c-bb1044046932} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" 5364 29ac052ee58 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1032 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3000.8.1789711150\979446174" -childID 7 -isForBrowser -prefsHandle 4740 -prefMapHandle 4736 -prefsLen 29519 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa8734ab-9d71-4d78-bf45-a98795a1d51e} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" 6020 29ac2be8b58 tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe

"C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe"

C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe

"C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe'"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('please run as administrator.', 0, 'error 404', 32+16);close()""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"

C:\Windows\system32\mshta.exe

mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('please run as administrator.', 0, 'error 404', 32+16);close()"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend

C:\Windows\system32\tasklist.exe

tasklist /FO LIST

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe

"C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe"

C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe

"C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe'"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('please run as administrator.', 0, 'error 404', 32+16);close()""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"

C:\Windows\system32\tasklist.exe

tasklist /FO LIST

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe'

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\system32\mshta.exe

mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('please run as administrator.', 0, 'error 404', 32+16);close()"

C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe

"C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe"

C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe

"C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe'"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('please run as administrator.', 0, 'error 404', 32+16);close()""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"

C:\Windows\system32\tasklist.exe

tasklist /FO LIST

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe'

C:\Windows\system32\mshta.exe

mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('please run as administrator.', 0, 'error 404', 32+16);close()"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Do not download beaming tool thats a rat\" -ad -an -ai#7zMap14991:142:7zEvent6607

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4456 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 1.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 blank-iejwu.in udp
GB 172.217.169.74:443 tcp
N/A 127.0.0.1:49956 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 44.230.111.112:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 112.111.230.44.in-addr.arpa udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:49963 tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
NL 2.18.121.79:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 79.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1---sn-aigl6ney.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 166.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com udp
US 8.8.8.8:53 196.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 gofile.io udp
FR 51.178.66.33:80 gofile.io tcp
FR 51.178.66.33:80 gofile.io tcp
US 8.8.8.8:53 gofile.io udp
US 8.8.8.8:53 gofile.io udp
FR 51.178.66.33:443 gofile.io tcp
US 8.8.8.8:53 33.66.178.51.in-addr.arpa udp
US 8.8.8.8:53 api.gofile.io udp
US 8.8.8.8:53 api.gofile.io udp
FR 51.38.43.18:443 api.gofile.io tcp
US 8.8.8.8:53 api.gofile.io udp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 s.gofile.io udp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 18.43.38.51.in-addr.arpa udp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
FR 51.75.242.210:443 s.gofile.io tcp
FR 172.217.20.196:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 89.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 gofile.io udp
US 8.8.8.8:53 gofile.io udp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 api.gofile.io udp
US 8.8.8.8:53 api.gofile.io udp
US 8.8.8.8:53 api.gofile.io udp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 store4.gofile.io udp
US 8.8.8.8:53 api.gofile.io udp
US 8.8.8.8:53 store4.gofile.io udp
FR 31.14.70.245:443 store4.gofile.io tcp
US 8.8.8.8:53 store4.gofile.io udp
US 8.8.8.8:53 store4.gofile.io udp
US 8.8.8.8:53 245.70.14.31.in-addr.arpa udp
US 8.8.8.8:53 blank-4qula.in udp
US 8.8.8.8:53 blank-7npkv.in udp
US 8.8.8.8:53 blank-6p2uc.in udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 35.166.253.131:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 131.253.166.35.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI20762\python310.dll

MD5 178a0f45fde7db40c238f1340a0c0ec0
SHA1 dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe
SHA256 9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed
SHA512 4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

memory/2920-24-0x00007FF82E440000-0x00007FF82E8AE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI20762\VCRUNTIME140.dll

MD5 870fea4e961e2fbd00110d3783e529be
SHA1 a948e65c6f73d7da4ffde4e8533c098a00cc7311
SHA256 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644
SHA512 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

C:\Users\Admin\AppData\Local\Temp\_MEI20762\base_library.zip

MD5 6d649e03da81ff46a818ab6ee74e27e2
SHA1 90abc7195d2d98bac836dcc05daab68747770a49
SHA256 afede0c40e05ce5a50ff541b074d878b07753b7c1b21d15f69d17f66101ba8fd
SHA512 e39621c9a63c9c72616ae1f960e928ad4e7bad57bfb5172b296a7cc49e8b8e873be44247a475e7e1ded6bc7e17aa351397cdeb40841258e75193586f4649d737

C:\Users\Admin\AppData\Local\Temp\_MEI20762\_ctypes.pyd

MD5 813fc3981cae89a4f93bf7336d3dc5ef
SHA1 daff28bcd155a84e55d2603be07ca57e3934a0de
SHA256 4ac7fb7b354069e71ebf7fcc193c0f99af559010a0ad82a03b49a92deb0f4d06
SHA512 ce93f21b315d96fde96517a7e13f66aa840d4ad1c6e69e68389e235e43581ad543095582ebcb9d2c6dda11c17851b88f5b1ed1d59d354578fe27e7299bbea1cc

C:\Users\Admin\AppData\Local\Temp\_MEI20762\libffi-7.dll

MD5 6f818913fafe8e4df7fedc46131f201f
SHA1 bbb7ba3edbd4783f7f973d97b0b568cc69cadac5
SHA256 3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56
SHA512 5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639

C:\Users\Admin\AppData\Local\Temp\_MEI20762\_ssl.pyd

MD5 081c878324505d643a70efcc5a80a371
SHA1 8bef8336476d8b7c5c9ef71d7b7db4100de32348
SHA256 fcb70b58f94f5b0f9d027999cce25e99ddcc8124e4ddcc521cb5b96a52faaa66
SHA512 c36293b968a2f83705815ef3a207e444eeb7667ad9af61df75e85151f74f2fe0a299b3b1349de0d410bbbaea9f99cac5228189099a221de5fa1e20c97c648e32

memory/2920-48-0x00007FF840310000-0x00007FF84031F000-memory.dmp

memory/2920-47-0x00007FF83FB60000-0x00007FF83FB84000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI20762\_sqlite3.pyd

MD5 bb4aa2d11444900c549e201eb1a4cdd6
SHA1 ca3bb6fc64d66deaddd804038ea98002d254c50e
SHA256 f44d80ab16c27ca65da23ae5fda17eb842065f3e956f10126322b2ea3ecdf43f
SHA512 cd3c5704e5d99980109fdc505d39ad5b26a951685e9d8e3fed9e0848cd44e24cc4611669dbdb58acc20f1f4a5c37d5e01d9d965cf6fe74f94da1b29aa2ff6931

C:\Users\Admin\AppData\Local\Temp\_MEI20762\_socket.pyd

MD5 7a31bc84c0385590e5a01c4cbe3865c3
SHA1 77c4121abe6e134660575d9015308e4b76c69d7c
SHA256 5614017765322b81cc57d841b3a63cbdc88678ff605e5d4c8fdbbf8f0ac00f36
SHA512 b80cd51e395a3ce6f345b69243d8fc6c46e2e3828bd0a7e63673a508d889a9905d562cac29f1ed394ccfcda72f2f2e22f675963dd96261c19683b06dea0a0882

C:\Users\Admin\AppData\Local\Temp\_MEI20762\_queue.pyd

MD5 0e7612fc1a1fad5a829d4e25cfa87c4f
SHA1 3db2d6274ce3dbe3dbb00d799963df8c3046a1d6
SHA256 9f6965eb89bbf60df0c51ef0750bbd0655675110d6c42eca0274d109bd9f18a8
SHA512 52c57996385b9a573e3105efa09fd6fd24561589b032ef2b2ee60a717f4b33713c35989f2265669f980646d673e3c387b30b9fc98033bb8ca7c59ece1c17e517

C:\Users\Admin\AppData\Local\Temp\_MEI20762\_lzma.pyd

MD5 6f810f46f308f7c6ccddca45d8f50039
SHA1 6ee24ff6d1c95ba67e1275bb82b9d539a7f56cea
SHA256 39497259b87038e86c53e7a39a0b5bbbfcebe00b2f045a148041300b31f33b76
SHA512 c692367a26415016e05ebe828309d3ffec290c6d2fd8cc7419d529a51b0beda00ccdc327c9f187ae3ca0cc96336d23d84a8ff95b729c8958b14fb91b6da9e878

C:\Users\Admin\AppData\Local\Temp\_MEI20762\_hashlib.pyd

MD5 4ae75c47dbdebaa16a596f31b27abd9e
SHA1 a11f963139c715921dedd24bc957ab6d14788c34
SHA256 2308ee238cc849b1110018b211b149d607bf447f4e4c1e61449049eab0cf513d
SHA512 e908fecb52268fac71933e2fdb96e539bdebe4675dfb50065aee26727bac53e07cca862193bcb3ab72d2ae62d660113a47e73e1e16db401480e4d3fd34d54fa8

C:\Users\Admin\AppData\Local\Temp\_MEI20762\_decimal.pyd

MD5 f65d2fed5417feb5fa8c48f106e6caf7
SHA1 9260b1535bb811183c9789c23ddd684a9425ffaa
SHA256 574fe8e01054a5ba07950e41f37e9cf0aea753f20fe1a31f58e19202d1f641d8
SHA512 030502fa4895e0d82c8cce00e78831fc3b2e6d956c8cc3b9fb5e50cb23ef07cd6942949a9f16d02da6908523d9d4ef5f722fb1336d4a80cd944c9f0cb11239ab

C:\Users\Admin\AppData\Local\Temp\_MEI20762\_bz2.pyd

MD5 93fe6d3a67b46370565db12a9969d776
SHA1 ff520df8c24ed8aa6567dd0141ef65c4ea00903b
SHA256 92ec61ca9ac5742e0848a6bbb9b6b4cda8e039e12ab0f17fb9342d082dde471b
SHA512 5c91b56198a8295086c61b4f4e9f16900a7ec43ca4b84e793bc8a3fc8676048cab576e936515bf2971318c7847f1314674b3336fe83b1734f9f70d09615519ac

C:\Users\Admin\AppData\Local\Temp\_MEI20762\unicodedata.pyd

MD5 7a462a10aa1495cef8bfca406fb3637e
SHA1 6dcbd46198b89ef3007c76deb42ab10ba4c4cf40
SHA256 459bca991fcb88082d49d22cc6ebffe37381a5bd3efcc77c5a52f7a4bb3184c0
SHA512 d2b7c6997b4bd390257880a6f3336e88d1dd7159049811f8d7c54e3623e9b033e18e8922422869c81de72fc8c10890c173d8a958d192dd03bfc57cffaea1ac7b

C:\Users\Admin\AppData\Local\Temp\_MEI20762\sqlite3.dll

MD5 bd2819965b59f015ec4233be2c06f0c1
SHA1 cff965068f1659d77be6f4942ca1ada3575ca6e2
SHA256 ab072d20cee82ae925dae78fd41cae7cd6257d14fd867996382a69592091d8ec
SHA512 f7758bd71d2ad236bf3220db0ad26f3866d9977eab311a5912f6e079b59fa918735c852de6dbf7b5fee9e04124bc0cd438c4c71edc0c04309330108ba0085d59

C:\Users\Admin\AppData\Local\Temp\_MEI20762\select.pyd

MD5 666358e0d7752530fc4e074ed7e10e62
SHA1 b9c6215821f5122c5176ce3cf6658c28c22d46ba
SHA256 6615c62fa010bfba5527f5da8af97313a1af986f8564277222a72a1731248841
SHA512 1d3d35c095892562ddd2868fbd08473e48b3bb0cb64ef9ccc5550a06c88dda0d82383a1316b6c5584a49ca28ed1ef1e5ca94ec699a423a001ccd952bd6bd553d

C:\Users\Admin\AppData\Local\Temp\_MEI20762\rarreg.key

MD5 4531984cad7dacf24c086830068c4abe
SHA1 fa7c8c46677af01a83cf652ef30ba39b2aae14c3
SHA256 58209c8ab4191e834ffe2ecd003fd7a830d3650f0fd1355a74eb8a47c61d4211
SHA512 00056f471945d838ef2ce56d51c32967879fe54fcbf93a237ed85a98e27c5c8d2a39bc815b41c15caace2071edd0239d775a31d1794dc4dba49e7ecff1555122

C:\Users\Admin\AppData\Local\Temp\_MEI20762\rar.exe

MD5 9c223575ae5b9544bc3d69ac6364f75e
SHA1 8a1cb5ee02c742e937febc57609ac312247ba386
SHA256 90341ac8dcc9ec5f9efe89945a381eb701fe15c3196f594d9d9f0f67b4fc2213
SHA512 57663e2c07b56024aaae07515ee3a56b2f5068ebb2f2dc42be95d1224376c2458da21c965aab6ae54de780cb874c2fc9de83d9089abf4536de0f50faca582d09

C:\Users\Admin\AppData\Local\Temp\_MEI20762\libssl-1_1.dll

MD5 eac369b3fde5c6e8955bd0b8e31d0830
SHA1 4bf77158c18fe3a290e44abd2ac1834675de66b4
SHA256 60771fb23ee37b4414d364e6477490324f142a907308a691f3dd88dc25e38d6c
SHA512 c51f05d26fda5e995fe6763877d4fcdb89cd92ef2d6ee997e49cc1ee7a77146669d26ec00ad76f940ef55adae82921dede42e55f51bd10d1283ecfe7c5009778

C:\Users\Admin\AppData\Local\Temp\_MEI20762\libcrypto-1_1.dll

MD5 daa2eed9dceafaef826557ff8a754204
SHA1 27d668af7015843104aa5c20ec6bbd30f673e901
SHA256 4dab915333d42f071fe466df5578fd98f38f9e0efa6d9355e9b4445ffa1ca914
SHA512 7044715550b7098277a015219688c7e7a481a60e4d29f5f6558b10c7ac29195c6d5377dc234da57d9def0c217bb3d7feca332a64d632ca105503849f15e057ea

C:\Users\Admin\AppData\Local\Temp\_MEI20762\blank.aes

MD5 2885dfffd44777e6ad42fb79d37a8314
SHA1 2f020d7b099f130549e4eac93641c3a6ccf2c665
SHA256 d9d1db3005c32847ab637ba642bfd70ab2ed6f7b61d2ab5a9d848df941e6d12f
SHA512 592ed6f25d2affd0356a07af7e0c3c343e81915048f100ca42f1ad18a9232fc38310a5deaa0a504ad5f3b1a78e164f79f64d1f5eb0090b09fc8535ff852767d5

memory/2920-54-0x00007FF83F870000-0x00007FF83F89D000-memory.dmp

memory/2920-56-0x00007FF83F550000-0x00007FF83F569000-memory.dmp

memory/2920-58-0x00007FF83F360000-0x00007FF83F37F000-memory.dmp

memory/2920-60-0x00007FF82E2C0000-0x00007FF82E431000-memory.dmp

memory/2920-64-0x00007FF83FC10000-0x00007FF83FC1D000-memory.dmp

memory/2920-63-0x00007FF83F340000-0x00007FF83F359000-memory.dmp

memory/2920-66-0x00007FF83F310000-0x00007FF83F33E000-memory.dmp

memory/2920-68-0x00007FF83EE90000-0x00007FF83EF48000-memory.dmp

memory/2920-71-0x00007FF82DF40000-0x00007FF82E2B5000-memory.dmp

memory/2920-72-0x0000018AE7320000-0x0000018AE7695000-memory.dmp

memory/2920-75-0x00007FF83F2F0000-0x00007FF83F304000-memory.dmp

memory/2920-74-0x00007FF82E440000-0x00007FF82E8AE000-memory.dmp

memory/2920-77-0x00007FF83FB60000-0x00007FF83FB84000-memory.dmp

memory/2920-78-0x00007FF83F6B0000-0x00007FF83F6BD000-memory.dmp

memory/2832-88-0x0000026A3EE30000-0x0000026A3EE52000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_eplyqeya.w3t.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2920-99-0x00007FF827EE0000-0x00007FF827FF8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 d85ba6ff808d9e5444a4b369f5bc2730
SHA1 31aa9d96590fff6981b315e0b391b575e4c0804a
SHA256 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA512 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 3a6bad9528f8e23fb5c77fbd81fa28e8
SHA1 f127317c3bc6407f536c0f0600dcbcf1aabfba36
SHA256 986366767de5873f1b170a63f2a33ce05132d1afd90c8f5017afbca8ef1beb05
SHA512 846002154a0ece6f3e9feda6f115d3161dc21b3789525dd62ae1d9188495171293efdbe7be4710666dd8a15e66b557315b5a02918a741ed1d5f3ff0c515b98e2

memory/2920-107-0x00007FF83FB60000-0x00007FF83FB84000-memory.dmp

memory/2920-120-0x00007FF827EE0000-0x00007FF827FF8000-memory.dmp

memory/2920-117-0x00007FF82DF40000-0x00007FF82E2B5000-memory.dmp

memory/2920-119-0x00007FF83F6B0000-0x00007FF83F6BD000-memory.dmp

memory/2920-118-0x00007FF83F2F0000-0x00007FF83F304000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI20762\blank.aes

MD5 2e604a4780107acbeed49e8a4abdbf10
SHA1 1d88a87b8203b3a0ace6db21a34a535602eb0a17
SHA256 002de15d9f7a00e124c6b7fc176a21e71dda7a3c25eb79b2236e33e3bfda4564
SHA512 ed5dd7e3cc52f7bcbaa8ff5d7de7e4f10b1d25781cab525404206dbecaa4cf6cb28eb77c272ff78e238af66f6cee89105f3ede20de69bd5fba6fcb69a5763f00

memory/2920-116-0x00007FF83EE90000-0x00007FF83EF48000-memory.dmp

memory/2920-115-0x00007FF83F310000-0x00007FF83F33E000-memory.dmp

memory/2920-114-0x00007FF83FC10000-0x00007FF83FC1D000-memory.dmp

memory/2920-111-0x00007FF83F360000-0x00007FF83F37F000-memory.dmp

memory/2920-110-0x00007FF83F550000-0x00007FF83F569000-memory.dmp

memory/2920-109-0x00007FF83F870000-0x00007FF83F89D000-memory.dmp

memory/2920-108-0x00007FF840310000-0x00007FF84031F000-memory.dmp

memory/2920-106-0x00007FF82E440000-0x00007FF82E8AE000-memory.dmp

memory/2920-112-0x00007FF82E2C0000-0x00007FF82E431000-memory.dmp

memory/2920-113-0x00007FF83F340000-0x00007FF83F359000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\9cc71ca0-44bc-4af2-9c9b-f3a31ca45e79

MD5 e28825f4243d5d991d2bc36a148fb784
SHA1 86d7e4741ac5fcb00c5bdb82b95917039887d447
SHA256 db5506c3a985221b83a6bd7cb045f749411e498ac9f6b0640213a65a3e198018
SHA512 bfa51bbfbb3f7240b8a8483a430254b68e4083481d4e4ebedd0e385e81d6e9ee83fe333917115e94147ddcc1e6bc2c0fc27c914b2bb15e69af260f0d12643933

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

MD5 b6a3fd8647feb063aad0529d954d0c4d
SHA1 1f5223c7c43c54d6cb93bbf327903d9f2bb9ef8f
SHA256 244203f88124321feb3d0c5227b4d3ee65854f02901aab666e66888e88d28a93
SHA512 7d5e8cc65d8f09b3c5bf4472ff11d266f4f01a7460650e2847f9eab6b704db17edc447f4407a1716e71afcb51a1e820b87f61809adc178fb2a2117b3a6871459

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\61ba096d-30cc-4257-8f21-15c2887762cb

MD5 eda63dd2579897986303f0831d2053fd
SHA1 e29deb2fd9d88164cdc2fff3501bac6bd02398eb
SHA256 60184fbb3a739459a70996ff99cb9d849b1c8e20217f99301f4928dab914c8f7
SHA512 f2925ab80859e46162a68fd4ce13713eac7e04840a4bef6e4bb5f1d860e18ad4c535cd7e6e216a6e975b7b04d83294b29c842ee8e0dfbe5c7a594f17f12517a3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

MD5 772a5b66516c176a0f8d244443d0f2c9
SHA1 a54a320ea6aa58d90b25233b47bc4e87e0dde01e
SHA256 3ff0417e418d565a7ceee6182a894d38117f3ee8d7cb0ecce86fabc9bb5d560b
SHA512 b59b57c8c2f4d15bf2d344b8de6293841366817754693e91a7324bd02245f0f5f57d7b9e850795b77a25dae46af9333e2b988409f736c946dd5a7ec498641393

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 79e823aa0ef39deb59a6a18dfa4713a5
SHA1 d6b0465da8ad0cf3a1cf7cf9eac3f1e9361d5182
SHA256 4c12ddf25eb96b238c023653eaaa754039be84062616e98ea522121acbafae7e
SHA512 599c61793739c50ed3ee9b59fa29a626029bdba4cb8227d89c93fa19c857a1f21225b5925a21160a3d4459201699ea42057bc27f124b6ccbbaa62d27d2500418

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

MD5 0020f4be9e306063f8849237fa22c7f5
SHA1 3af6e2d54cc5b71e54198b79c32ca7f36fc84b84
SHA256 4abbb8abd43c91a9172d15057a29b71c3b3e6ffe170063ca3f8b6603c6c8190e
SHA512 b16ebdaf66803205cfc4074f22ae3382066b0f4ae424e93009fd23a445f13c3a1cab586e4ad0124505367ec12866dc34a4277c4a2ca2677b676c61be3110c6ff

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 d299493f80cbb4d9a47c79f15622d819
SHA1 9ecb185843fa063c6005161dd6cd125c9e56130e
SHA256 e21ee0cc2d5cfeaa231605d36568aa3b94b63824a582e6e36fb6d1425996f8b5
SHA512 f53555e2b393f3d1dc0a0b190125afb92a0e29f8132022025356009605c722d344197baa0fe6b6f4563887f76899e939cad4f04a34c131bf9455537f6f127aa6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649

MD5 63ee534f6d72aa551ad8d83b74d73e5c
SHA1 073134a0e826d48572568db91a5c6dcf215abe84
SHA256 bb27e52dcd684fad85be7455ea8d86e6e1dd1935f3ee19db0a4e29eb6700e128
SHA512 31004e1177ebd2345e27bfd0584d24e84ff2e4ac18762de7147d2339dab6d6720569adec90ed0fedb7551203d3b63a5efa26769c9bed9bf4259db061e1ffb303

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 81630af3022847858da4cfc36d615328
SHA1 149c0d0f74be6db2b3fe6318ffa1c388036d2036
SHA256 a9b121021530ce209665b156135f79809bebf183dff27f7701f0b4cbf69a0176
SHA512 3e2fd0e4ed57fefa9afdbe27e025ab3ea989b103b238e86b613b3bfbf22b022fa8bee7d46d0ffdde4000f8b1bb02448f904e00104e31a4184fec84df6a925666

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ba70895a1e81999d33620973e92c873a
SHA1 e96f18a6f3a64f40445b3234094fb6fa05b1c716
SHA256 40f24d9cb8c95156ec8797b9fa5603ba0bd5ea80e8bb0dbefb183267eb6a4fd2
SHA512 8d45ca1936ce2cd4ff6b8af4c2ba2cdc91afc28517a7c583c219b4d35dce01c9cb50ee650e02e296f3bf2f86667ad7b5efeb18f58ffc71186809bff615830f3a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ab2894c3bed085ba9b1110c7e83bda30
SHA1 b951bb17bb28f1e9a00d14d4f0abfbc893fa98bf
SHA256 d11e220192cc1b9d09ee53e5ba790ee647375635b7cb3ab7a8edc04d5ed5bcd7
SHA512 22865c1980f6974e844f67cd1d5b3e5145a43cfe285b9bec9625c26a52077df881c286725aff2126c86ad0715f09a4fce9c05938fd83a5c768f62b2f44acc385

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\11100

MD5 061d67d7f86b766ca190d6fe8ccb2f72
SHA1 5b6a2e12d2ee6e1ccdfd96b40b2e26075cf07fdf
SHA256 ebb58f3fa7bcf6e58c494a65af9345c42e04e8ef7e99c3d787235942f5b1c974
SHA512 93461371d9eb3ba574da3e2e78b982f7595ec95dedb172c73ffa1ef7fbeac4391087ae33c2e8c0f6bd3c7df5d1fa2d1959c2bef50fe471a5152f24e4bf836b46

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\9092

MD5 0f35ca099381ce5226f01b754dadfa85
SHA1 da537eb78f95b93d9ac4bdf81baf0b51d7174668
SHA256 13198f2770d180751181a4fcb4e1b2f6ef9e1d8e789479749d4ceec8b19ede9d
SHA512 a9e982c68e2c1337ef81acf55b95e8e89ff0a4e62ce7a953e0f91aec44ef6e65afbe36d1dc381404164227a66cff9d2e6134c92e73326f6faf5cff8a4f0c63e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e25ae63943a2ee9ff7263e9799741a8b
SHA1 882cc064190a02c40c3e33c453a27b1029b2cd2c
SHA256 33fb7f7bb4bb1e0e71ef24fc75059b4fd49c896a028004dd6daaaa289aceb88b
SHA512 4c85de690affe8dfe05f8a8aff6ace8f0a860e56649b70c3f634dd3543065d319b78d246da382875aa7c34b6880b38f88b22ccb9e74c2ba14687323d12a8bbe7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6b9537aeecd7abc99e748fa6a6fd14cb
SHA1 72d144f5b3e3416b30772d67efd6218d37f561ca
SHA256 a9b6b7510ee3023f0508f2d71d73a7a9ba991565c97e54f6d8ae5a26c6c296a9
SHA512 2ccf3508d33e634afde64509ee490289419b0f964ae6667949e1fe61165c765ada9b4156afa254e7ccea9daeed297c638bc8487313e7d5f2c5c54bc25a34cd86

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\25508

MD5 e5dbb6a3ab06b93d209d562b66eda90a
SHA1 3f79028d03eb9b9b44d125d205a8579097839b33
SHA256 b11a0e20d9f59575c6df30c074c374b743219eecb04edb111cd5863ca77ad353
SHA512 f65921146b26da3091455ec9300443a5dc671989b01c717ab0e1cf9eb7db61c3b7b48527980aaf62e18476348cf782ac905dd0502ff3101e52aecf893ae8b14c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\19313

MD5 5617f3c1a6b06f11c235792c6e1d7096
SHA1 3700c7eab7df92bf8af4673b02f9bc09e15c9453
SHA256 c7e026e022d150a8cb2b48f457df802c6e259e110d6fa93b35f5ae232afc0699
SHA512 58963ea2c1066c043c33b582aba3cdaea1917b564c62c2b6146f43dfdaf677837146d39319f01a0ebf222843177f63e284065e57561bbba862b93982f6de21bf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\974258D4EDB32042AAF67803BF1EBC9B34561AA0

MD5 4e1b0bf6271574a4763d74373a1374e5
SHA1 38c654a560191efbcdf024d5fe0f89e4ba854fec
SHA256 7300c708d95a3a77244bb3f04aff8364c4960a53049a963c672288a517923645
SHA512 2f2aa8384b8d3eb85de7a968849604d14905752ef339d543089aff4a175588297716f5b3851359457747322af812374d257434c43e79bdc52d7acb9e53f0f2ef

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\8F9869B3224943C8C2709E31D494BE9CBCE15C5A

MD5 5829e90eac5801f19a8f49de9cc548c3
SHA1 246da83b58479d8d64ba9215ba57d0b2721335ec
SHA256 577b5a43b973a5da4a8af295348877fb6ddfab206ea2c460b5f21a6e42440efe
SHA512 b0fa0e0e11af5a80792e6b30705b5cbbb8813c8c02c7c2be93f69ff30275a567aa7a23ac6aadf078ce3897cd17c59216e32d55351cf6812a17293b3c24043139

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\A59A6A29E932AB44D22AA680C52E5FD3F0523D4F

MD5 6af2f13f6f30c42ea536dce95e4d0c32
SHA1 070f7767bd7d7c4164069ba2faf90047b9e9a3a9
SHA256 7cc8932967c233b23185d3c79b32db1f183514f69fbc20f951d07800f34ee009
SHA512 8cd9966896fa78b8f855ec45b227d6496766412f7cef246c1bc8ab363e37f2fd64425d7996917166c11903b325a141f7e9253a30adc1c6933002e92be290a865

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\08A256C122CC4B6163C84EE1CF3D0E2C8CD28A44

MD5 105f99a24ea2b4d182ff0b3a61d69bf1
SHA1 545d33bb166789f7ccd8b807032b70f19be40f09
SHA256 d80ab96f50999e96ff39bfe88685c4fcf3c4d4c2a7ef3a1f89ffa04f44f4c29a
SHA512 29f1ae415031f149c31b829e0b4c51df605350bc580a90cf66000134836e217a508be194c029390b8ef2447f11648fa3a475433d529fd64f6bb74258c6e45692

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\C45825CFF87F338B0C69AEDA2391314C36CA979B

MD5 779e0c8e71884d3b59529e981598cdcf
SHA1 7522fa3e4fd8017dde5e9996bad80f46b0f1d13b
SHA256 2c9525ca4df35200e430761c897ffb4e43af36c823a05c97b921f0eab57f6aaf
SHA512 cc151c86941fd05d6e547c706810782279a970d5b376480f88f5a6aa8c1c2c7f3e4fd562a77e8b912e267074217d53056e4f585acee0ab5811a9092e1050e15c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\A79E74F56FBC41FC30FA0FC0D79C5FA2072573CF

MD5 991d0fa07add5aa0e01cae3a9a7710d5
SHA1 369de0601190b885caa0c1542444263acc86e9f7
SHA256 1d7f62b5d41f1febabab1580ea30421d20042d74d1eac76b609d91c0cd8beab1
SHA512 bf045a878d59bb2d6470aa958b5ee189084c8408183ae022e6d3c1ff0938355720b6a98f9909cc8ccc10d08e78310cb7e21adcbe2f65303820ed9a0395cded3d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 07d23e68b408582deaae2b125fca0486
SHA1 1bd0e524f5eeb30f19eed34d12f65bd7c77b5faf
SHA256 9c050ed30ee8aad5682367c30fb7d7f338c36ea31e8b67016fbfd9319bf96746
SHA512 87b7b412f874683a08929d10e4b86caf490c0dacc78b667ab4f54010ec64fed9bb102902185717d01ac07d5725945fb0cf5e8fdd3912053d307ba515da24ff61

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\CC74A928AE5940A273BD5B40764E4AC1593405F4

MD5 7d21f76e4105563338c5322e8e4a1fcb
SHA1 37837ab570a287bb569be9108363ed474bd73057
SHA256 00d39d6457e38551a02eab21910c080c6f12d43da91c13d3f944ae7967e3a34c
SHA512 16834093ac81334ce92ba33e3b814c97dd6a2a43397609a8557b1a3e5e26448e722acca5b22166170fa7d9019911898809d304462d8696786f975ba3fbd2027e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\jumpListCache\lUclYvAY08OnrNXE_GH8GQ==.ico

MD5 8ef88a00cafd57a82fdba56ea1948148
SHA1 37e0c91880d4036d67a367132f2d42cdd78c0009
SHA256 29b3504fc1c4a46724b5f4cde8807228eabb0e283618e8f8d34be6742ac50700
SHA512 4fdb26ad4612b7d54ef72e7cdd9c02cd60984a37529d71656ff102ad7d64d2d97cbed5d182484557ef6f87f016bfe6ff34285a05769b7ea7701c4867199e1373

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 426483eb7301b051b7483b27beb76891
SHA1 5402bff60b36d76d844978363c5dead993fbff2f
SHA256 f471b3f4bfda7a2b3b3e976bc3c721bf621cb7ed3b9d319e37eb0ec4d86bdb86
SHA512 cbcdd03ceac79275bae66814df66ace2b13a1e84c8905a82196941e92faab40c5dc492347d53ec4cac92e8b8887ff5a903e9bc99544a9b71dae31700a9cb9885

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b6d4ce7fa0e33581184b666320f9cbae
SHA1 fa17125d558abf74393acbc4756788cc09cdf26e
SHA256 a7a0ede843837117650373ac3e080506bbf51beb60a7f9f885a908aaf5dd541e
SHA512 b70dacb7daa4ca796774541fd3b025edeb4a13e0155d27f485df097bbb22601e974a2934667f27b4f60d84425b7c5003c75932993e25464fe0f25913734e8fe2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\22999

MD5 c2c7006881dd8aef72e1547ee1b09cca
SHA1 ff9908500ba7084af12a4c8e113568639ab6f666
SHA256 27b7c3d11fc68ca77a6e69b9b18f591744465bc95b3012735f5ee5e1fb9f2db1
SHA512 729681ed972b46ac4c91fe2b12fe4ae24a4792c7054b2b9a189ab15a0ff249ce56fd04fadf9f4d853d1528c90435b63ed2ecd3cc4ef5f43cb128f2b2649925b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 34a8588e5b7fe03b81836f3ba938978a
SHA1 cd0fb8f0bdf7f02a6c6d24a2562f8712026792e2
SHA256 90db280669f61ad6d935b422839e4365abc918a8c67a741adfdcfc23494f7a3c
SHA512 16f5877051532c76055fd223135baf75982338ae745facabd283e4bf051a723dd136dc61204d221a68c45a72789fee7d9dbda790a80679916da4e0490c153c6a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\1872BD0D24C0CCDAD6E9B88D5D633466099499E1

MD5 3c8efe070295bb6d330579342c51992c
SHA1 13e9f97291ed207d93b6c662ed0ef409d4599a23
SHA256 002544b86b68d012f2a0006f2531f940213d8ed0bb19487dde539e9b35bca2d9
SHA512 3132e2c6af3c629ac5bc52996a617aa0cbe86a87f83f41c090ec0cf525acb9e47b452138141093e7f01ab63c2615e51d2903fe9f388c8869d3d55665d36de644

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\A7A75F8AC380CC03A0A843025ACC6711B315A371

MD5 6381fd78996038d2cda0993cbc297a7e
SHA1 1c6ec2883473c1334436383884042b16c2331927
SHA256 b93ac67dbe1ff1e29c26bc87ffbcaa50c634c3b8ae3d971190e9245aa4e2500a
SHA512 af87defcfeae9713ccf5387abad7a696d07be2219f396eee99e7ff66743b2f5d1227115ec734b346b5c2cd2cc66df72a8ff603df6bd48849eef4e3143f6886f2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\D12E74796CDDE8770E320801103162E84F51A1BE

MD5 67f62d7260ca755ecfcf69d0639c014f
SHA1 16b4bd8aa9ba10887b3efffa57b1e58cf4a02729
SHA256 69afcb913b17bd57b1ec5da465290648e5b9d817fab7098556988b645bea4f3f
SHA512 f7fb70097f39f19b7ab6438a6b228456f3e139b6cce4de534c431921f696aef6b9c7104a76582f1adefe109dd133aab9c42265ecacf1b61d987adf759bd45140

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\6037C1CC50B71C752D22AF7D89B0F320ADEEB27D

MD5 a92ce5d05186bd7cb18be0db95f40b93
SHA1 f351f310c0f4868ad99a6d12679bb1b1c3139970
SHA256 f9b9c988f69b55a3e8dded82ceed5670eb0182e66cab81f6bc1c593ccc519fde
SHA512 1f364f57a6634444cf14d94d17dc962bba95b0fa069bc51f95db870305c4c6ddbef04a1942e61d8408ebbbab9c229edcb8fee8fed549310d99b73228df55f054

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\10967

MD5 7d5acb55c661056f6362771a0baea376
SHA1 f2f3e54640f70651412ef3776b944a26e695d854
SHA256 8eb7037daf3c00cfd7f04b8e445d47d10a3f461e08e2ce2d8e4e68e9cdf31e44
SHA512 1404b8258f7e5ff73579fec34148000a6293f4bce438d416eb585fc3c38c6673e168cb363243343a6d72a30eacc11244f72b1eae22bf396996213d0f8da67b24

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7f930784f21fd7ddc965b8a557da2dd6
SHA1 6d8d791a0bcf48d362abbf82c34b43be0e303661
SHA256 70620d3bd8946bcfbf40794e51d0b537f4dc010e25d24be2fd68c878dc238586
SHA512 5b2f22cc48ea5769106e25cbd36be6e724633d50b630dfed2e72132f10357271c2e5f99a0bd10265724737d3d0c9be0e2e027ff3290d601f8df1aef81f2e7bc4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 c443542e6c0493a82010dfbd1b42341f
SHA1 cd16e1c1a8b63c3608281cd78236bc74c463e55c
SHA256 d4046a7a5ee7eb9017954b3cb53b38901c9dffebe7da5f2fdcc04b7ea6fdba41
SHA512 940497d1d46044a35fb484ff77dabbe1ce787ecfe50faddf36853e1393dac3b57f95cb420a571f7dacfdbebbd01861c36a48fe364cd32a91e3e3aef333873d12

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\17445

MD5 f204a3819dc0a02fc78214ed8cb09431
SHA1 94307c3ecbb1b9c70c3a68b1409be98ed36d18dc
SHA256 54fa0650359a717708f60016816246ad40568b3ccc2f40cf251f47de33a2618a
SHA512 77fae3a081bf9c591f495ceedaa7c6001b0994e1403e57d6b8d8a29c6f2d51abb46b52c15af77ad2893c8cba6832f547f48c4a0abb2e7b7bd67177bd1ba2d573

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

MD5 eb23ba690a393dacf3c2d7e0fb0f9d18
SHA1 a10ce505d304968bc141758bd0c13f26d24540ce
SHA256 8cd7adc2aaa0d0fa40bbc44d18b5e2e99b8679256def44ead489717010fb8bde
SHA512 c5bc335df9228e2b08825a28064c9cbdd8c599c23e0dacd16582a45445725ac409ecf1a3cbb910099cced08c9a2bfaab718a3a12f241e80a7dd02f24a74c4625

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 cb4530daf6cea6d80bcd9ae9c3e8075a
SHA1 3b5d23855e5ff67ffde4a2f68095c72a3562b73c
SHA256 f1de8f4bbee71bdfdd98961b1e65be95d0515bb646922c04d768ee799241f617
SHA512 ede5230f370f2e0655098b792f6cfa101e040688df472a27efc8936ca2e8e18871e75306ae11693f47a689867ad6c76ca232378723eadf9ce7c0a386d564ab97

C:\Users\Admin\Downloads\Do not download beaming tool thats a rat.exe

MD5 003376f4e42b17685b481aa1fefdad2f
SHA1 083da7920a306f61267f9c9bfc6fec775f54c1bd
SHA256 49e5e80f7c823694fa86addf84783ec0b4303df3edcf3fbc51bda19bebc38e42
SHA512 3b5c3b1ed81f75a2bb4ddef3c1f7f7e95e824e284f2532ff99848187a6bdf829f4103d9b7df5c3c6e595562f4c1fe3656cf1ede3ce1f85ec65ca407915a8f166

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 c9189728aca88e77da06fcf5ddb0ca63
SHA1 5f25d5847710d3364e0a1284cce606d7ccaeefe5
SHA256 76591d040f1fdcfdd0273b2ab6650c09174d73c2357db3f83b571161c970cc69
SHA512 2de3e99f969e67877638301977c9d4c69d803f27b97b20ea6dbe5756f39a45e57a16c67b3b5f35e658cb339749cdef13accd400f4d5397b566fa5f61f6728ef4

memory/948-2755-0x00007FF82C900000-0x00007FF82CD6E000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e834f594899b0306cb1623a8215ab9d8
SHA1 5fce5886755b5f20e5d57b2abd1a3306742c789d
SHA256 54668a16dec5422b4dce962d3a163eb4f436cc64fe39876ec232a661513cb85a
SHA512 8a684b9d731c94a3853f33b3035ddda2bf4fbdbdcc9d13e032f83107d21e3eac1590d4ad02d66e97707fc8a254ea9de894865c1a5c2de4714e67872ecd49aa70

memory/948-2762-0x00007FF845410000-0x00007FF84541F000-memory.dmp

memory/948-2761-0x00007FF83F280000-0x00007FF83F2A4000-memory.dmp

memory/948-2785-0x00007FF83EF20000-0x00007FF83EF4D000-memory.dmp

memory/948-2788-0x00007FF82C780000-0x00007FF82C8F1000-memory.dmp

memory/948-2787-0x00007FF83DF60000-0x00007FF83DF7F000-memory.dmp

memory/948-2786-0x00007FF83EF00000-0x00007FF83EF19000-memory.dmp

memory/948-2789-0x00007FF82E7F0000-0x00007FF82E809000-memory.dmp

memory/948-2790-0x00007FF843C50000-0x00007FF843C5D000-memory.dmp

memory/948-2793-0x00007FF82C340000-0x00007FF82C3F8000-memory.dmp

memory/948-2792-0x00007FF82C400000-0x00007FF82C775000-memory.dmp

memory/948-2791-0x00007FF82E030000-0x00007FF82E05E000-memory.dmp

memory/948-2795-0x00007FF840310000-0x00007FF84031D000-memory.dmp

memory/948-2797-0x00007FF82C220000-0x00007FF82C338000-memory.dmp

memory/948-2796-0x00007FF82C900000-0x00007FF82CD6E000-memory.dmp

memory/948-2794-0x00007FF82E010000-0x00007FF82E024000-memory.dmp

memory/948-2825-0x00007FF82C780000-0x00007FF82C8F1000-memory.dmp

memory/948-2828-0x00007FF82E030000-0x00007FF82E05E000-memory.dmp

memory/948-2819-0x00007FF82C900000-0x00007FF82CD6E000-memory.dmp

memory/948-2834-0x00007FF840310000-0x00007FF84031D000-memory.dmp

memory/948-2835-0x00007FF82C400000-0x00007FF82C775000-memory.dmp

memory/948-2833-0x00007FF82C220000-0x00007FF82C338000-memory.dmp

memory/948-2831-0x00007FF82E010000-0x00007FF82E024000-memory.dmp

memory/948-2830-0x00007FF82C340000-0x00007FF82C3F8000-memory.dmp

memory/948-2827-0x00007FF843C50000-0x00007FF843C5D000-memory.dmp

memory/948-2826-0x00007FF82E7F0000-0x00007FF82E809000-memory.dmp

memory/948-2824-0x00007FF83DF60000-0x00007FF83DF7F000-memory.dmp

memory/948-2823-0x00007FF83EF00000-0x00007FF83EF19000-memory.dmp

memory/948-2822-0x00007FF83EF20000-0x00007FF83EF4D000-memory.dmp

memory/948-2821-0x00007FF845410000-0x00007FF84541F000-memory.dmp

memory/948-2820-0x00007FF83F280000-0x00007FF83F2A4000-memory.dmp

memory/6060-2857-0x00007FF82C900000-0x00007FF82CD6E000-memory.dmp

memory/6060-2859-0x00007FF845410000-0x00007FF84541F000-memory.dmp

memory/6060-2858-0x00007FF83F280000-0x00007FF83F2A4000-memory.dmp

memory/6060-2864-0x00007FF83EF20000-0x00007FF83EF4D000-memory.dmp

memory/6060-2866-0x00007FF82C780000-0x00007FF82C8F1000-memory.dmp

memory/6060-2865-0x00007FF83EF00000-0x00007FF83EF19000-memory.dmp

memory/6060-2868-0x00007FF843C50000-0x00007FF843C5D000-memory.dmp

memory/6060-2867-0x00007FF82E7F0000-0x00007FF82E809000-memory.dmp

memory/6060-2871-0x00007FF82C6C0000-0x00007FF82C778000-memory.dmp

memory/6060-2872-0x00007FF82C900000-0x00007FF82CD6E000-memory.dmp

memory/6060-2870-0x00007FF82C340000-0x00007FF82C6B5000-memory.dmp

memory/6060-2869-0x00007FF82E030000-0x00007FF82E05E000-memory.dmp

memory/6060-2873-0x00007FF82E010000-0x00007FF82E024000-memory.dmp

memory/6060-2876-0x00007FF82C220000-0x00007FF82C338000-memory.dmp

memory/6060-2875-0x00007FF83F280000-0x00007FF83F2A4000-memory.dmp

memory/6060-2874-0x00007FF840310000-0x00007FF84031D000-memory.dmp

memory/6060-2916-0x00007FF83DF60000-0x00007FF83DF7F000-memory.dmp

memory/6060-2915-0x00007FF83EF00000-0x00007FF83EF19000-memory.dmp

memory/6060-2914-0x00007FF83EF20000-0x00007FF83EF4D000-memory.dmp

memory/6060-2913-0x00007FF82C6C0000-0x00007FF82C778000-memory.dmp

memory/6060-2912-0x00007FF83F280000-0x00007FF83F2A4000-memory.dmp

memory/6060-2911-0x00007FF845410000-0x00007FF84541F000-memory.dmp

memory/6060-2910-0x00007FF82C220000-0x00007FF82C338000-memory.dmp

memory/6060-2909-0x00007FF840310000-0x00007FF84031D000-memory.dmp

memory/6060-2908-0x00007FF82E010000-0x00007FF82E024000-memory.dmp

memory/6060-2906-0x00007FF82C340000-0x00007FF82C6B5000-memory.dmp

memory/6060-2905-0x00007FF82E030000-0x00007FF82E05E000-memory.dmp

memory/6060-2902-0x00007FF82C780000-0x00007FF82C8F1000-memory.dmp

memory/6060-2904-0x00007FF843C50000-0x00007FF843C5D000-memory.dmp

memory/6060-2903-0x00007FF82E7F0000-0x00007FF82E809000-memory.dmp

memory/6060-2896-0x00007FF82C900000-0x00007FF82CD6E000-memory.dmp

memory/3844-2940-0x00007FF82C900000-0x00007FF82CD6E000-memory.dmp

memory/3844-2942-0x00007FF845410000-0x00007FF84541F000-memory.dmp

memory/3844-2941-0x00007FF83F280000-0x00007FF83F2A4000-memory.dmp

memory/3844-2947-0x00007FF83EF20000-0x00007FF83EF4D000-memory.dmp

memory/3844-2949-0x00007FF82C780000-0x00007FF82C8F1000-memory.dmp

memory/3844-2948-0x00007FF83EF00000-0x00007FF83EF19000-memory.dmp

memory/3844-2951-0x00007FF843C50000-0x00007FF843C5D000-memory.dmp

memory/3844-2950-0x00007FF82E7F0000-0x00007FF82E809000-memory.dmp

memory/3844-2952-0x00007FF82C340000-0x00007FF82C6B5000-memory.dmp

memory/3844-2953-0x00007FF82E010000-0x00007FF82E024000-memory.dmp

memory/3844-2955-0x00007FF840310000-0x00007FF84031D000-memory.dmp

memory/3844-2956-0x00007FF82C220000-0x00007FF82C338000-memory.dmp

memory/3844-2954-0x00007FF82C900000-0x00007FF82CD6E000-memory.dmp

memory/3844-3001-0x00007FF82E010000-0x00007FF82E024000-memory.dmp

memory/3844-3004-0x00007FF82C6C0000-0x00007FF82C778000-memory.dmp

memory/3844-3003-0x00007FF82C220000-0x00007FF82C338000-memory.dmp

memory/3844-3002-0x00007FF840310000-0x00007FF84031D000-memory.dmp

memory/3844-2999-0x00007FF82C340000-0x00007FF82C6B5000-memory.dmp

memory/3844-2989-0x00007FF82C900000-0x00007FF82CD6E000-memory.dmp

memory/3844-2998-0x00007FF82E030000-0x00007FF82E05E000-memory.dmp

memory/3844-2997-0x00007FF843C50000-0x00007FF843C5D000-memory.dmp

memory/3844-2996-0x00007FF82E7F0000-0x00007FF82E809000-memory.dmp

memory/3844-2995-0x00007FF82C780000-0x00007FF82C8F1000-memory.dmp

memory/3844-2994-0x00007FF83DF60000-0x00007FF83DF7F000-memory.dmp

memory/3844-2993-0x00007FF83EF00000-0x00007FF83EF19000-memory.dmp

memory/3844-2992-0x00007FF83EF20000-0x00007FF83EF4D000-memory.dmp

memory/3844-2991-0x00007FF845410000-0x00007FF84541F000-memory.dmp

memory/3844-2990-0x00007FF83F280000-0x00007FF83F2A4000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

MD5 2976aae919c0d7da216a282a3fb19399
SHA1 a15547f4c7f422586c693656d8841101bc8efec4
SHA256 3712a84fc1f96f4ab92dd4a5dfb3fb6f7a0ec298242e66c465848ea4f4b40a1e
SHA512 e1bdba68004082b732306cb12548c841cc24eb97b6bc2a3b186ceae5a8d9fd7c7f572e6cb5d9392c66f333657b6f6326fa82ba3d7c904239ab1a65553b186184

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\broadcast-listeners.json

MD5 5bebcece1b829d7b7c70953dff1ec235
SHA1 ddbe5f5a1351e98fde4943298627e84b452cd96e
SHA256 8db8e5ba92ab6457b0294bd283c70ee0d00c84d4d4e2f81a044d6bc85ede9022
SHA512 93fa5c03651e5ad968a898d34158216af47c630b3a74bed9e43ad393e3b1b1649c6f2495bc77a4ebc5df255e63729d8936b35523a0aa506337aaf7dbd768c439

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\targeting.snapshot.json

MD5 20ebb1d782d94daa399175acf2fe3ed7
SHA1 448b587b827db152e7b88af2c7d803921ac644ee
SHA256 05c73148df69fce074e718cec8ac60eba7aec26ab3ce7c1ac61d50ec387b6387
SHA512 79616ed7e1c66eefaf674442ee9c855c736a6e633b65a79011663c25bc4e013030c2e21bc82bb2da9fefb6bf0fc34c15ad440eb8aafdd859fabeed162e72393e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\bookmarkbackups\bookmarks-2024-05-29_11_8isp+gHyP3QyHg7eXV012w==.jsonlz4

MD5 4f250385aeaa84a357a344af5ad6354a
SHA1 4f1ca11ca083ed02b315c489223a20017a6ecbc4
SHA256 1496d4f20935c304d2e661264713fb152b1558850d404b59353a09e7f830c264
SHA512 16e9f6c632ecb3f96663d06f567445f294a0195a922e9e2105893550fba609767602cbaa87dd5380c5888274d7988b25e937335f58200e91db9cce6cc375c0e5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\SiteSecurityServiceState.txt

MD5 773467575afe438ffcb3c7b6eaece29b
SHA1 6a8d3cb7c2e6ec4ed50ff65d845257c1b1c769d5
SHA256 17832b9012d2f00721155aa04ae48a491bb5b44a16b9c9d0f251697b2e8b7c0d
SHA512 ef0500cd0d6d969eb3a84ebce2b651041f996aeb07f145ac1b89c678de2c6f13bcc315ef9c732440bd663dce0dfd97789b39c671f887750f3b1a873136c4e5fb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 8500e05eacf08cbebbe1921a1456c0b2
SHA1 a5770c39be3fb74bb3a6ca3f50c53f61c2fd084b
SHA256 7ccda6a69ef5264ff519e5fd611fbc56361c239a0a105f2e86375dbc42a8963d
SHA512 75a4d1fad146bdb18afbfe5029445d921b2753ce25ade1a2ba10c1ba16214e8f93b8f8b8337e2c72d7b8934aa75de46b2335991efa0b7609008068052019738f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\extensions.json.tmp

MD5 f7016d8a2229e3f56d1e6d90b11654f8
SHA1 fd5b74a4a1c3da00e7489da745fc77af3f2b70dd
SHA256 3c2e04a2ecb5f25269a5a123019dbcb32be9131208a02b28e1222508871522be
SHA512 9f7a14a5f58230dccd61b1fd9583fb995d57b004aef7dfd2bd1778865b5fc60a0a6a0fd6b35f31992d7de41e69b915a252b8419b50bf4e4a8e5bc0e28fdcec65