In one of the services created by the attacker, an obfuscated command line is present. By decoding this command line, what program the attacker is trying to launch ?

What’s the local IP and hostname of the attacker ?

What time the task « \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB » will run next time ?

In which native Windows folder does the attacker dropped his files ?

What is the signature Defender detected ?   

What is the PID of the Remote Access Tool service of the attacker that is performing network connection ?

What time did the attacker recover the passwords?

Bonus (flag this question to answer it at the end of the quiz) :

Give some recommendations to the victim to harden their system and network

What

is the name of the archive downloaded by the attacker ?

What’s the difference between ‘WK1\thomas’ and ‘ESILV-TP\thomas’?