Malware Analysis Report

2025-03-15 03:31

Sample ID 231227-3p3vcseeb2
Target BloomReducer_5uTR_C8r.bat
SHA256 3c6ab7f65df199368cf3f381e41e047c70a8bd2e93d95b8dd893b0f6ab811cc8
Tags
evasion persistence pyinstaller upx empyrean
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3c6ab7f65df199368cf3f381e41e047c70a8bd2e93d95b8dd893b0f6ab811cc8

Threat Level: Known bad

The file BloomReducer_5uTR_C8r.bat was found to be: Known bad.

Malicious Activity Summary

evasion persistence pyinstaller upx empyrean

Empyrean family

Modifies visiblity of hidden/system files in Explorer

Detects Empyrean stealer

Loads dropped DLL

UPX packed file

Executes dropped EXE

Looks up external IP address via web service

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Detects Pyinstaller

Unsigned PE

Enumerates physical storage devices

Opens file in notepad (likely ransom note)

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

NTFS ADS

Modifies registry class

Checks processor information in registry

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-27 23:42

Signatures

Detects Empyrean stealer

Description Indicator Process Target
N/A N/A N/A N/A

Empyrean family

empyrean

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-27 23:42

Reported

2023-12-28 00:16

Platform

win10-20231215-en

Max time kernel

1801s

Max time network

1596s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe"

Signatures

Modifies visiblity of hidden/system files in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" \??\c:\windows\resources\themes\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" \??\c:\windows\resources\svchost.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" \??\c:\windows\resources\themes\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" \??\c:\windows\resources\themes\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" \??\c:\windows\resources\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" \??\c:\windows\resources\svchost.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\explorer.exe \??\c:\windows\resources\themes\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\explorer.exe \??\c:\windows\resources\svchost.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Resources\Themes\icsys.icn.exe C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
File opened for modification \??\c:\windows\resources\themes\explorer.exe C:\Windows\Resources\Themes\icsys.icn.exe N/A
File opened for modification \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\themes\explorer.exe N/A
File opened for modification \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe N/A
File opened for modification C:\Windows\Resources\tjud.exe \??\c:\windows\resources\themes\explorer.exe N/A
File opened for modification C:\Windows\Resources\Themes\tjcm.cmn \??\c:\windows\resources\themes\explorer.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "3" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\4.bat:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\BloomReducer_5uTR_C8r.bat:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\System32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\System32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2420 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe 
PID 2420 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe 
PID 3472 wrote to memory of 2488 N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe 
PID 3472 wrote to memory of 2488 N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe 
PID 2488 wrote to memory of 3960 N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  C:\Windows\system32\cmd.exe
PID 2488 wrote to memory of 3960 N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  C:\Windows\system32\cmd.exe
PID 2420 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 2420 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 2420 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 3024 wrote to memory of 3872 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 3024 wrote to memory of 3872 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 3024 wrote to memory of 3872 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 3872 wrote to memory of 1636 N/A \??\c:\windows\resources\themes\explorer.exe \??\c:\windows\resources\spoolsv.exe
PID 3872 wrote to memory of 1636 N/A \??\c:\windows\resources\themes\explorer.exe \??\c:\windows\resources\spoolsv.exe
PID 3872 wrote to memory of 1636 N/A \??\c:\windows\resources\themes\explorer.exe \??\c:\windows\resources\spoolsv.exe
PID 1636 wrote to memory of 1456 N/A \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\svchost.exe
PID 1636 wrote to memory of 1456 N/A \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\svchost.exe
PID 1636 wrote to memory of 1456 N/A \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\svchost.exe
PID 1456 wrote to memory of 2456 N/A \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe
PID 1456 wrote to memory of 2456 N/A \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe
PID 1456 wrote to memory of 2456 N/A \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe
PID 2488 wrote to memory of 2132 N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  C:\Windows\system32\cmd.exe
PID 2488 wrote to memory of 2132 N/A \??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe  C:\Windows\system32\cmd.exe
PID 2132 wrote to memory of 4340 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\wbem\WMIC.exe
PID 2132 wrote to memory of 4340 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\wbem\WMIC.exe
PID 4048 wrote to memory of 2304 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4048 wrote to memory of 2304 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4048 wrote to memory of 2304 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4048 wrote to memory of 2304 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4048 wrote to memory of 2304 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4048 wrote to memory of 2304 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4048 wrote to memory of 2304 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4048 wrote to memory of 2304 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4048 wrote to memory of 2304 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4048 wrote to memory of 2304 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4048 wrote to memory of 2304 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3444 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3444 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2304 wrote to memory of 3960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe

"C:\Users\Admin\AppData\Local\Temp\BloomReducer_5uTR_C8r.exe"

\??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe 

c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe 

\??\c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe 

c:\users\admin\appdata\local\temp\bloomreducer_5utr_c8r.exe 

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\Resources\Themes\icsys.icn.exe

C:\Windows\Resources\Themes\icsys.icn.exe

\??\c:\windows\resources\themes\explorer.exe

c:\windows\resources\themes\explorer.exe

\??\c:\windows\resources\spoolsv.exe

c:\windows\resources\spoolsv.exe SE

\??\c:\windows\resources\svchost.exe

c:\windows\resources\svchost.exe

\??\c:\windows\resources\spoolsv.exe

c:\windows\resources\spoolsv.exe PR

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.0.148662491\1905566638" -parentBuildID 20221007134813 -prefsHandle 1672 -prefMapHandle 1660 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e154f734-25c3-4902-8d84-1a56e86c1179} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 1792 167efed8958 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.1.911868281\1679507905" -parentBuildID 20221007134813 -prefsHandle 2100 -prefMapHandle 1516 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4632b4c4-0d7c-41dd-9c90-b93da1453b3b} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 2164 167ef9e4a58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.2.120040269\917016259" -childID 1 -isForBrowser -prefsHandle 2848 -prefMapHandle 2808 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32b23357-b638-4f2c-bb14-362c2fd239c7} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 2692 167efe62458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.3.1654005110\811036183" -childID 2 -isForBrowser -prefsHandle 3464 -prefMapHandle 3460 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b1b6238-f335-413e-989c-d7203fbcfd6c} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 3476 167e4a62258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.4.319944519\1613647553" -childID 3 -isForBrowser -prefsHandle 4268 -prefMapHandle 4264 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e346ec54-f26f-4151-903a-0c6f2d3fdb1e} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 4284 167f5a3f458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.5.1718476815\1081457125" -childID 4 -isForBrowser -prefsHandle 4928 -prefMapHandle 4920 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {19e962d8-cddd-403b-8758-a2f36a0ecad9} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 4916 167f1f3c758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.7.87685435\1541587853" -childID 6 -isForBrowser -prefsHandle 5232 -prefMapHandle 5236 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a22348d-3013-454c-b205-edd6f104cc32} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 5224 167f64d5258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.6.406039207\1182071967" -childID 5 -isForBrowser -prefsHandle 5068 -prefMapHandle 5072 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73ba76a7-6155-43fe-bcdf-7a90201873a6} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 5060 167f6206558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.8.989581482\699370064" -childID 7 -isForBrowser -prefsHandle 4060 -prefMapHandle 3048 -prefsLen 29562 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {663c05fa-869a-40d2-9f3f-f46a8ccb25b6} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 5716 167f7bf3358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.9.185318904\1683957303" -childID 8 -isForBrowser -prefsHandle 5036 -prefMapHandle 4804 -prefsLen 29746 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67f371b5-5454-4659-8798-b666243efd26} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 5024 167e4a63258 tab

C:\Windows\System32\NOTEPAD.EXE

"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\4.bat

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\4.bat" C:\Users\Admin\Downloads\BloomReducer_5uTR_C8r.bat"

C:\Windows\system32\findstr.exe

findstr "^"

C:\Windows\System32\NOTEPAD.EXE

"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\BloomReducer_5uTR_C8r___.bat

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.10.1816890012\907356418" -childID 9 -isForBrowser -prefsHandle 4928 -prefMapHandle 5732 -prefsLen 29813 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9298ad36-c551-4955-8b3b-bee8e2851977} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 4720 167f6f38358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.11.417199687\1782536331" -childID 10 -isForBrowser -prefsHandle 7644 -prefMapHandle 6288 -prefsLen 29813 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9d9a09c-e94b-430e-8ddb-42305cedc7b5} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 6356 167efe63358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.12.612514556\1891231249" -childID 11 -isForBrowser -prefsHandle 5844 -prefMapHandle 5568 -prefsLen 29813 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f3e44d9-2681-40f8-948d-b6064db133a7} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 6272 167e4a68d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.13.1215529824\1925344999" -childID 12 -isForBrowser -prefsHandle 5872 -prefMapHandle 5428 -prefsLen 29813 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cea50174-00c1-455e-ba01-78f853cc9d64} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 4072 167e4a5f558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.14.318553505\1715244998" -childID 13 -isForBrowser -prefsHandle 5188 -prefMapHandle 5172 -prefsLen 29880 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8565ab39-49d1-4c90-9cac-dfaca2572683} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 5148 167f64d5258 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 ipapi.co udp
US 104.26.9.44:443 ipapi.co tcp
US 8.8.8.8:53 44.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 52.13.8.30:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 30.8.13.52.in-addr.arpa udp
N/A 127.0.0.1:50173 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:50205 tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 88.221.134.155:80 a19.dscg10.akamai.net tcp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.180.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.180.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 134.162.125.74.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 88.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 zentimine.xyz udp
DE 5.189.149.42:443 zentimine.xyz tcp
US 8.8.8.8:53 zentimine.xyz udp
US 8.8.8.8:53 zentimine.xyz udp
US 8.8.8.8:53 42.149.189.5.in-addr.arpa udp
DE 5.189.149.42:443 zentimine.xyz tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 catbox.moe udp
CA 108.181.20.35:80 catbox.moe tcp
CA 108.181.20.35:80 catbox.moe tcp
US 8.8.8.8:53 catbox.moe udp
US 8.8.8.8:53 catbox.moe udp
CA 108.181.20.35:443 catbox.moe tcp
US 8.8.8.8:53 35.20.181.108.in-addr.arpa udp
CA 108.181.20.35:443 catbox.moe tcp
US 8.8.8.8:53 catbox.moe udp
US 8.8.8.8:53 catbox.moe udp
US 8.8.8.8:53 catbox.moe udp
CA 108.181.20.35:443 catbox.moe tcp
US 8.8.8.8:53 codecmd01.googlecode.com udp
US 142.250.145.82:80 codecmd01.googlecode.com tcp
US 8.8.8.8:53 82.145.250.142.in-addr.arpa udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 44.239.61.189:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 189.61.239.44.in-addr.arpa udp
US 8.8.8.8:53 gofile.io udp
FR 51.38.43.18:80 gofile.io tcp
FR 51.38.43.18:80 gofile.io tcp
US 8.8.8.8:53 gofile.io udp
US 8.8.8.8:53 gofile.io udp
FR 51.38.43.18:443 gofile.io tcp
US 8.8.8.8:53 18.43.38.51.in-addr.arpa udp
US 8.8.8.8:53 api.gofile.io udp
US 8.8.8.8:53 api.gofile.io udp
FR 51.178.66.33:443 api.gofile.io tcp
US 8.8.8.8:53 api.gofile.io udp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 33.66.178.51.in-addr.arpa udp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 s.gofile.io udp
FR 51.75.242.210:443 s.gofile.io tcp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 store5.gofile.io udp
FR 31.14.70.246:443 store5.gofile.io tcp
FR 31.14.70.246:443 store5.gofile.io tcp
US 8.8.8.8:53 store5.gofile.io udp
US 8.8.8.8:53 store5.gofile.io udp
US 8.8.8.8:53 246.70.14.31.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 codecmd02.googlecode.com udp
US 142.250.153.82:80 codecmd02.googlecode.com tcp
US 8.8.8.8:53 82.153.250.142.in-addr.arpa udp

Files

memory/2420-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\bloomreducer_5utr_c8r.exe 

MD5 1fc4b3752e4abfc1dd9da5d88f4e287c
SHA1 b6f02d8dab6c5e85be1615a20c7700e4f824ff84
SHA256 dff89ada36d3e2626bf130f9b8c00ef834643b82d92caafad97b50c9c49c7c57
SHA512 7463bf65371340bb88677c9245ddb254e7e2474785a786499ccda74fbd059728e04ec9c8370f051000080d1bf9cc28a39194925daf533d7f7914cca76caee491

C:\Users\Admin\AppData\Local\Temp\_MEI34722\python310.dll

MD5 69d4f13fbaeee9b551c2d9a4a94d4458
SHA1 69540d8dfc0ee299a7ff6585018c7db0662aa629
SHA256 801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046
SHA512 8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

\Users\Admin\AppData\Local\Temp\_MEI34722\VCRUNTIME140.dll

MD5 870fea4e961e2fbd00110d3783e529be
SHA1 a948e65c6f73d7da4ffde4e8533c098a00cc7311
SHA256 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644
SHA512 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

memory/2488-129-0x00007FFB74240000-0x00007FFB746AE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34722\base_library.zip

MD5 fbd6be906ac7cd45f1d98f5cb05f8275
SHA1 5d563877a549f493da805b4d049641604a6a0408
SHA256 ae35709e6b8538827e3999e61a0345680c5167962296ac7bef62d6b813227fb0
SHA512 1547b02875f3e547c4f5e15c964719c93d7088c7f4fd044f6561bebd29658a54ef044211f9d5cfb4570ca49ed0f17b08011d27fe85914e8c3ea12024c8071e8a

C:\Users\Admin\AppData\Local\Temp\_MEI34722\_ctypes.pyd

MD5 6ca9a99c75a0b7b6a22681aa8e5ad77b
SHA1 dd1118b7d77be6bb33b81da65f6b5dc153a4b1e8
SHA256 d39390552c55d8fd4940864905cd4437bc3f8efe7ff3ca220543b2c0efab04f8
SHA512 b0b5f2979747d2f6796d415dd300848f32b4e79ede59827ac447af0f4ea8709b60d6935d09e579299b3bc54b6c0f10972f17f6c0d1759c5388ad5b14689a23fe

\Users\Admin\AppData\Local\Temp\_MEI34722\python3.dll

MD5 c17b7a4b853827f538576f4c3521c653
SHA1 6115047d02fbbad4ff32afb4ebd439f5d529485a
SHA256 d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68
SHA512 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

memory/2488-137-0x00007FFB87A70000-0x00007FFB87A94000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34722\libffi-7.dll

MD5 b5150b41ca910f212a1dd236832eb472
SHA1 a17809732c562524b185953ffe60dfa91ba3ce7d
SHA256 1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a
SHA512 9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

memory/2488-139-0x00007FFB87E10000-0x00007FFB87E1F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34722\_socket.pyd

MD5 afd296823375e106c4b1ac8b39927f8b
SHA1 b05d811e5a5921d5b5cc90b9e4763fd63783587b
SHA256 e423a7c2ce5825dfdd41cfc99c049ff92abfb2aa394c85d0a9a11de7f8673007
SHA512 95e98a24be9e603b2870b787349e2aa7734014ac088c691063e4078e11a04898c9c547d6998224b1b171fc4802039c3078a28c7e81d59f6497f2f9230d8c9369

memory/2488-142-0x00007FFB87A50000-0x00007FFB87A69000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI34722\select.pyd

MD5 72009cde5945de0673a11efb521c8ccd
SHA1 bddb47ac13c6302a871a53ba303001837939f837
SHA256 5aaa15868421a46461156e7817a69eeeb10b29c1e826a9155b5f8854facf3dca
SHA512 d00a42700c9201f23a44fd9407fea7ea9df1014c976133f33ff711150727bf160941373d53f3a973f7dd6ca7b5502e178c2b88ea1815ca8bce1a239ed5d8256d

memory/2488-145-0x00007FFB835C0000-0x00007FFB835CD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34722\pywintypes310.dll

MD5 6f2aa8fa02f59671f99083f9cef12cda
SHA1 9fd0716bcde6ac01cd916be28aa4297c5d4791cd
SHA256 1a15d98d4f9622fa81b60876a5f359707a88fbbbae3ae4e0c799192c378ef8c6
SHA512 f5d5112e63307068cdb1d0670fe24b65a9f4942a39416f537bdbc17dedfd99963861bf0f4e94299cdce874816f27b3d86c4bebb889c3162c666d5ee92229c211

memory/2488-149-0x00007FFB83590000-0x00007FFB835BE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34722\VCRUNTIME140_1.dll

MD5 bba9680bc310d8d25e97b12463196c92
SHA1 9a480c0cf9d377a4caedd4ea60e90fa79001f03a
SHA256 e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab
SHA512 1575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739

C:\Users\Admin\AppData\Local\Temp\_MEI34722\_bz2.pyd

MD5 758fff1d194a7ac7a1e3d98bcf143a44
SHA1 de1c61a8e1fb90666340f8b0a34e4d8bfc56da07
SHA256 f5e913a9f2adf7d599ea9bb105e144ba11699bbcb1514e73edcf7e062354e708
SHA512 468d7c52f14812d5bde1e505c95cb630e22d71282bda05bf66324f31560bfa06095cf60fc0d34877f8b361ccd65a1b61d0fd1f91d52facb0baf8e74f3fed31cc

memory/2488-153-0x00007FFB83560000-0x00007FFB83579000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34722\_lzma.pyd

MD5 abceeceaeff3798b5b0de412af610f58
SHA1 c3c94c120b5bed8bccf8104d933e96ac6e42ca90
SHA256 216aa4bb6f62dd250fd6d2dcde14709aa82e320b946a21edeec7344ed6c2c62e
SHA512 3e1a2eb86605aa851a0c5153f7be399f6259ecaad86dbcbf12eeae5f985dc2ea2ab25683285e02b787a5b75f7df70b4182ae8f1567946f99ad2ec7b27d4c7955

memory/2488-156-0x00007FFB83330000-0x00007FFB8335D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34722\pythoncom310.dll

MD5 9051abae01a41ea13febdea7d93470c0
SHA1 b06bd4cd4fd453eb827a108e137320d5dc3a002f
SHA256 f12c8141d4795719035c89ff459823ed6174564136020739c106f08a6257b399
SHA512 58d8277ec4101ad468dd8c4b4a9353ab684ecc391e5f9db37de44d5c3316c17d4c7a5ffd547ce9b9a08c56e3dd6d3c87428eae12144dfb72fc448b0f2cfc47da

memory/2488-161-0x00007FFB831B0000-0x00007FFB8326C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34722\win32api.pyd

MD5 561f419a2b44158646ee13cd9af44c60
SHA1 93212788de48e0a91e603d74f071a7c8f42fe39b
SHA256 631465da2a1dad0cb11cd86b14b4a0e4c7708d5b1e8d6f40ae9e794520c3aaf7
SHA512 d76ab089f6dc1beffd5247e81d267f826706e60604a157676e6cbc3b3447f5bcee66a84bf35c21696c020362fadd814c3e0945942cdc5e0dfe44c0bca169945c

\Users\Admin\AppData\Local\Temp\_MEI34722\pyexpat.pyd

MD5 5a328b011fa748939264318a433297e2
SHA1 d46dd2be7c452e5b6525e88a2d29179f4c07de65
SHA256 e8a81b47029e8500e0f4e04ccf81f8bdf23a599a2b5cd627095678cdf2fabc14
SHA512 06fa8262378634a42f5ab8c1e5f6716202544c8b304de327a08aa20c8f888114746f69b725ed3088d975d09094df7c3a37338a93983b957723aa2b7fda597f87

memory/2488-165-0x00007FFB83300000-0x00007FFB8332B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34722\_queue.pyd

MD5 0d267bb65918b55839a9400b0fb11aa2
SHA1 54e66a14bea8ae551ab6f8f48d81560b2add1afc
SHA256 13ee41980b7d0fb9ce07f8e41ee6a309e69a30bbf5b801942f41cbc357d59e9c
SHA512 c2375f46a98e44f54e2dd0a5cc5f016098500090bb78de520dc5e05aef8e6f11405d8f6964850a03060caed3628d0a6303091cba1f28a0aa9b3b814217d71e56

memory/2488-168-0x00007FFB74240000-0x00007FFB746AE000-memory.dmp

memory/2488-169-0x00007FFB83040000-0x00007FFB83074000-memory.dmp

memory/2488-171-0x00007FFB87A70000-0x00007FFB87A94000-memory.dmp

memory/2488-172-0x00007FFB831A0000-0x00007FFB831AD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34722\_decimal.pyd

MD5 eb45ea265a48348ce0ac4124cb72df22
SHA1 ecdc1d76a205f482d1ed9c25445fa6d8f73a1422
SHA256 3881f00dbc4aadf9e87b44c316d93425a8f6ba73d72790987226238defbc7279
SHA512 f7367bf2a2d221a7508d767ad754b61b2b02cdd7ae36ae25b306f3443d4800d50404ac7e503f589450ed023ff79a2fb1de89a30a49aa1dd32746c3e041494013

memory/2488-175-0x00007FFB82FF0000-0x00007FFB83032000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34722\_uuid.pyd

MD5 81dfa68ca3cb20ced73316dbc78423f6
SHA1 8841cf22938aa6ee373ff770716bb9c6d9bc3e26
SHA256 d0cb6dd98a2c9d4134c6ec74e521bad734bc722d6a3b4722428bf79e7b66f190
SHA512 e24288ae627488251682cd47c1884f2dc5f4cd834d7959b9881e5739c42d91fd0a30e75f0de77f5b5a0d63d9baebcafa56851e7e40812df367fd433421c0ccdb

memory/2488-178-0x00007FFB87A50000-0x00007FFB87A69000-memory.dmp

memory/2488-180-0x00007FFB83190000-0x00007FFB8319A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34722\psutil\_psutil_windows.pyd

MD5 fb17b2f2f09725c3ffca6345acd7f0a8
SHA1 b8d747cc0cb9f7646181536d9451d91d83b9fc61
SHA256 9c7d401418db14353db85b54ff8c7773ee5d17cbf9a20085fde4af652bd24fc4
SHA512 b4acb60045da8639779b6bb01175b13344c3705c92ea55f9c2942f06c89e5f43cedae8c691836d63183cacf2d0a98aa3bcb0354528f1707956b252206991bf63

memory/2488-182-0x00007FFB82FD0000-0x00007FFB82FEC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34722\_ssl.pyd

MD5 1e643c629f993a63045b0ff70d6cf7c6
SHA1 9af2d22226e57dc16c199cad002e3beb6a0a0058
SHA256 4a50b4b77bf9e5d6f62c7850589b80b4caa775c81856b0d84cb1a73d397eb38a
SHA512 9d8cd6e9c03880cc015e87059db28ff588881679f8e3f5a26a90f13e2c34a5bd03fb7329d9a4e33c4a01209c85a36fc999e77d9ece42cebdb738c2f1fd6775af

memory/2488-185-0x00007FFB83590000-0x00007FFB835BE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34722\libcrypto-1_1.dll

MD5 da5fe6e5cfc41381025994f261df7148
SHA1 13998e241464952d2d34eb6e8ecfcd2eb1f19a64
SHA256 de045c36ae437a5b40fc90a8a7cc037facd5b7e307cfcf9a9087c5f1a6a2cf18
SHA512 a0d7ebf83204065236439d495eb3c97be093c41daac2e6cfbbb1aa8ffeac049402a3dea7139b1770d2e1a45e08623a56a94d64c8f0c5be74c5bae039a2bc6ca9

memory/2488-187-0x00007FFB83560000-0x00007FFB83579000-memory.dmp

memory/2488-189-0x00007FFB82F50000-0x00007FFB82F7E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34722\libssl-1_1.dll

MD5 48d792202922fffe8ea12798f03d94de
SHA1 f8818be47becb8ccf2907399f62019c3be0efeb5
SHA256 8221a76831a103b2b2ae01c3702d0bba4f82f2afd4390a3727056e60b28650cc
SHA512 69f3a8b556dd517ae89084623f499ef89bd0f97031e3006677ceed330ed13fcc56bf3cde5c9ed0fc6c440487d13899ffda775e6a967966294cadfd70069b2833

memory/2488-191-0x00007FFB82E90000-0x00007FFB82F48000-memory.dmp

memory/2488-194-0x0000015EBEF60000-0x0000015EBF2D5000-memory.dmp

memory/2488-195-0x00007FFB83330000-0x00007FFB8335D000-memory.dmp

memory/2488-197-0x00007FFB73EC0000-0x00007FFB74235000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34722\_hashlib.pyd

MD5 0d723bc34592d5bb2b32cf259858d80e
SHA1 eacfabd037ba5890885656f2485c2d7226a19d17
SHA256 f2b927aaa856d23f628b01380d5a19bfe9233db39c9078c0e0585d376948c13f
SHA512 3e79455554d527d380adca39ac10dbf3914ca4980d8ee009b7daf30aeb4e9359d9d890403da9cc2b69327c695c57374c390fa780a8fd6148bbea3136138ead33

memory/2488-199-0x00007FFB831B0000-0x00007FFB8326C000-memory.dmp

memory/2488-204-0x00007FFB83180000-0x00007FFB8318B000-memory.dmp

memory/2488-207-0x00007FFB82E40000-0x00007FFB82E66000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI34722\unicodedata.pyd

MD5 ca3baebf8725c7d785710f1dfbb2736d
SHA1 8f9aec2732a252888f3873967d8cc0139ff7f4e5
SHA256 f2d03a39556491d1ace63447b067b38055f32f5f1523c01249ba18052c599b4c
SHA512 5c2397e4dcb361a154cd3887c229bcf7ef980acbb4b851a16294d5df6245b2615cc4b42f6a95cf1d3c49b735c2f7025447247d887ccf4cd964f19f14e4533470

memory/2488-209-0x00007FFB828C0000-0x00007FFB829D8000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI34722\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

MD5 9bb72ad673c91050ecb9f4a3f98b91ef
SHA1 67ff2d6ab21e2bbe84f43a84ecd2fd64161e25f4
SHA256 17fc896275afcd3cdd20836a7379d565d156cd409dc28f95305c32f1b3e99c4f
SHA512 4c1236f9cfbb2ec8e895c134b7965d1ebf5404e5d00acf543b9935bc22d07d58713a75eee793c02dfda29b128412972f00e82a636d33ec8c9e0d9804f465bc40

\Users\Admin\AppData\Local\Temp\_MEI34722\charset_normalizer\md.cp310-win_amd64.pyd

MD5 79f58590559566a010140b0b94a9ff3f
SHA1 e3b6b62886bba487e524cbba4530ca703b24cbda
SHA256 f8eae2b1020024ee92ba116c29bc3c8f80906be2029ddbe0c48ca1d02bf1ea73
SHA512 ecfcd6c58175f3e95195abe9a18bb6dd1d10b989539bf24ea1bcdbd3c435a10bbd2d8835a4c3acf7f9aeb44b160307ae0c377125202b9dbf0dd6e8cfd2603131

memory/2488-201-0x00007FFB82E70000-0x00007FFB82E84000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34722\_sqlite3.pyd

MD5 7b45afc909647c373749ef946c67d7cf
SHA1 81f813c1d8c4b6497c01615dcb6aa40b92a7bd20
SHA256 a5f39bfd2b43799922e303a3490164c882f6e630777a3a0998e89235dc513b5e
SHA512 fe67e58f30a2c95d7d42a102ed818f4d57baa524c5c2d781c933de201028c75084c3e836ff4237e066f3c7dd6a5492933c3da3fee76eb2c50a6915996ef6d7fb

memory/2488-213-0x00007FFB82FF0000-0x00007FFB83032000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34722\sqlite3.dll

MD5 b70d218798c0fec39de1199c796ebce8
SHA1 73b9f8389706790a0fec3c7662c997d0a238a4a0
SHA256 4830e8d4ae005a73834371fe7bb5b91ca8a4c4c3a4b9a838939f18920f10faff
SHA512 2ede15cc8a229bfc599980ce7180a7a3c37c0264415470801cf098ef4dac7bcf857821f647614490c1b0865882619a24e3ac0848b5aea1796fad054c0dd6f718

memory/2488-214-0x00007FFB82E20000-0x00007FFB82E3F000-memory.dmp

memory/2488-216-0x00007FFB82740000-0x00007FFB828B1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34722\Crypto\Cipher\_raw_cbc.pyd

MD5 fe44f698198190de574dc193a0e1b967
SHA1 5bad88c7cc50e61487ec47734877b31f201c5668
SHA256 32fa416a29802eb0017a2c7360bf942edb132d4671168de26bd4c3e94d8de919
SHA512 c841885dd7696f337635ef759e3f61ee7f4286b622a9fb8b695988d93219089e997b944321ca49ca3bd19d41440ee7c8e1d735bd3558052f67f762bf4d1f5fc3

C:\Users\Admin\AppData\Local\Temp\_MEI34722\Crypto\Cipher\_raw_ecb.pyd

MD5 f94726f6b584647142ea6d5818b0349d
SHA1 4aa9931c0ff214bf520c5e82d8e73ceeb08af27c
SHA256 b98297fd093e8af7fca2628c23a9916e767540c3c6fa8894394b5b97ffec3174
SHA512 2b40a9b39f5d09eb8d7ddad849c8a08ab2e73574ee0d5db132fe8c8c3772e60298e0545516c9c26ee0b257ebda59cfe1f56ef6c4357ef5be9017c4db4770d238

memory/2488-221-0x00007FFB82FD0000-0x00007FFB82FEC000-memory.dmp

memory/2488-222-0x00007FFB82E10000-0x00007FFB82E1B000-memory.dmp

memory/2488-224-0x00007FFB82DF0000-0x00007FFB82DFC000-memory.dmp

memory/2488-225-0x00007FFB82DE0000-0x00007FFB82DEB000-memory.dmp

memory/2488-226-0x00007FFB82DD0000-0x00007FFB82DDC000-memory.dmp

memory/2488-223-0x00007FFB82E00000-0x00007FFB82E0B000-memory.dmp

memory/2488-227-0x00007FFB82DB0000-0x00007FFB82DBC000-memory.dmp

memory/2488-228-0x00007FFB82DA0000-0x00007FFB82DAD000-memory.dmp

memory/2488-229-0x00007FFB82D90000-0x00007FFB82D9E000-memory.dmp

memory/2488-230-0x00007FFB82D80000-0x00007FFB82D8C000-memory.dmp

memory/2488-231-0x00007FFB82D70000-0x00007FFB82D7C000-memory.dmp

memory/2488-233-0x00007FFB82D50000-0x00007FFB82D5B000-memory.dmp

memory/2488-232-0x00007FFB82D60000-0x00007FFB82D6B000-memory.dmp

memory/2488-234-0x00007FFB82730000-0x00007FFB8273C000-memory.dmp

memory/2488-236-0x00007FFB81790000-0x00007FFB8179D000-memory.dmp

memory/2488-238-0x00007FFB81760000-0x00007FFB8176C000-memory.dmp

memory/2488-235-0x00007FFB82720000-0x00007FFB8272C000-memory.dmp

memory/2488-237-0x00007FFB81770000-0x00007FFB81782000-memory.dmp

memory/2488-239-0x0000015EBEF60000-0x0000015EBF2D5000-memory.dmp

memory/2488-240-0x00007FFB82DC0000-0x00007FFB82DCB000-memory.dmp

memory/2488-241-0x00007FFB82F50000-0x00007FFB82F7E000-memory.dmp

memory/2488-242-0x00007FFB81740000-0x00007FFB81755000-memory.dmp

memory/2488-243-0x00007FFB82E90000-0x00007FFB82F48000-memory.dmp

memory/2488-244-0x00007FFB81730000-0x00007FFB81740000-memory.dmp

memory/2488-245-0x00007FFB81710000-0x00007FFB81724000-memory.dmp

memory/2488-246-0x00007FFB816E0000-0x00007FFB81702000-memory.dmp

memory/2488-247-0x00007FFB816C0000-0x00007FFB816D7000-memory.dmp

memory/2488-249-0x00007FFB81610000-0x00007FFB8162C000-memory.dmp

memory/2488-248-0x00007FFB81630000-0x00007FFB81641000-memory.dmp

memory/2488-252-0x00007FFB816A0000-0x00007FFB816B9000-memory.dmp

C:\Windows\Resources\Themes\explorer.exe

MD5 8ce7f99572a0fe7ceb1b6c576537c07b
SHA1 3dfbe1fb9b092b38244d60b7bbef8809ec36ad9b
SHA256 d043277514fde08ec11a0c89107b9d4578a928571c38f78af2b2ad30837d392a
SHA512 fcf3827a25286474e54360834233a723a5a42105a511f66a3f43816f9085abf33e4ced13dbc9ec7fc032e0b2e81a43252d7f7fc5f37e5fd95e59af5d57801769

memory/2488-291-0x00007FFB74240000-0x00007FFB746AE000-memory.dmp

memory/2488-292-0x00007FFB87A70000-0x00007FFB87A94000-memory.dmp

memory/2488-295-0x00007FFB835C0000-0x00007FFB835CD000-memory.dmp

memory/2488-296-0x00007FFB74240000-0x00007FFB746AE000-memory.dmp

memory/2488-297-0x00007FFB83590000-0x00007FFB835BE000-memory.dmp

memory/2488-300-0x00007FFB83560000-0x00007FFB83579000-memory.dmp

memory/2488-301-0x00007FFB87A50000-0x00007FFB87A69000-memory.dmp

memory/2488-302-0x00007FFB83330000-0x00007FFB8335D000-memory.dmp

memory/2488-304-0x00007FFB831B0000-0x00007FFB8326C000-memory.dmp

memory/2488-306-0x00007FFB83300000-0x00007FFB8332B000-memory.dmp

memory/2488-308-0x00007FFB83040000-0x00007FFB83074000-memory.dmp

memory/2488-298-0x00007FFB87A70000-0x00007FFB87A94000-memory.dmp

memory/2488-299-0x00007FFB87E10000-0x00007FFB87E1F000-memory.dmp

memory/2488-294-0x00007FFB87A50000-0x00007FFB87A69000-memory.dmp

memory/2488-309-0x00007FFB831A0000-0x00007FFB831AD000-memory.dmp

memory/2488-312-0x00007FFB82FF0000-0x00007FFB83032000-memory.dmp

memory/2488-313-0x00007FFB83190000-0x00007FFB8319A000-memory.dmp

memory/2488-316-0x00007FFB82FD0000-0x00007FFB82FEC000-memory.dmp

memory/2488-319-0x00007FFB82E90000-0x00007FFB82F48000-memory.dmp

memory/2488-321-0x00007FFB73EC0000-0x00007FFB74235000-memory.dmp

memory/2488-318-0x00007FFB82F50000-0x00007FFB82F7E000-memory.dmp

memory/2488-323-0x00007FFB82E70000-0x00007FFB82E84000-memory.dmp

memory/2488-326-0x00007FFB83180000-0x00007FFB8318B000-memory.dmp

memory/2488-328-0x00007FFB82E40000-0x00007FFB82E66000-memory.dmp

memory/2488-331-0x00007FFB82E20000-0x00007FFB82E3F000-memory.dmp

memory/2488-333-0x00007FFB82740000-0x00007FFB828B1000-memory.dmp

memory/2488-335-0x00007FFB82E10000-0x00007FFB82E1B000-memory.dmp

memory/2488-337-0x00007FFB82E00000-0x00007FFB82E0B000-memory.dmp

memory/2488-330-0x00007FFB828C0000-0x00007FFB829D8000-memory.dmp

memory/2488-339-0x00007FFB82DF0000-0x00007FFB82DFC000-memory.dmp

memory/2488-340-0x00007FFB82DE0000-0x00007FFB82DEB000-memory.dmp

memory/2488-342-0x00007FFB82DD0000-0x00007FFB82DDC000-memory.dmp

memory/2488-344-0x00007FFB82DC0000-0x00007FFB82DCB000-memory.dmp

memory/2488-347-0x00007FFB82DB0000-0x00007FFB82DBC000-memory.dmp

memory/2488-349-0x00007FFB82DA0000-0x00007FFB82DAD000-memory.dmp

memory/2488-352-0x00007FFB82D80000-0x00007FFB82D8C000-memory.dmp

memory/2488-354-0x00007FFB82D70000-0x00007FFB82D7C000-memory.dmp

memory/2488-350-0x00007FFB82D90000-0x00007FFB82D9E000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\datareporting\glean\db\data.safe.bin

MD5 a2ad9d3fc8e64a9bdc8474e016fc7b1d
SHA1 a6f7b875b3fc50871b7be14cadfe207dc7769a2f
SHA256 3b378b49a933d4290e1cf9dc48e51f75bdbc860d15b0bfa35b20f7e16cddcd70
SHA512 8ae2ee4aeedd793fa3baf62a495b79915316da796e1c99376534387cad66535c6f37e4a882bf11454b62b76e6f296268543d1937e04e02f6c9cc145dbac44449

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\datareporting\glean\pending_pings\06a6002b-d752-453d-88ae-b533c5bf315e

MD5 b578fb2722fc5899379426ffea147dc9
SHA1 bad3338f4d5c81cad098ecd9cdd44ce95b92bcae
SHA256 5240b3cfd6861478a740259fb108d4aeecbf2315e946719a35e903ba1d11abca
SHA512 218c4b0687886969069c6d39c0af4db0a999095f514cf4380e039bbe22a0ae55f5cf66e348ee7067c1df79dbf890faf5e2fc554eb27dcedcf563a2b7bb7c1233

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\datareporting\glean\pending_pings\24ee96f6-5134-420b-bd75-a80687c21ce1

MD5 ff2a0a54263eb7884e63628b8362e7e3
SHA1 581e69a0eb7d824c33185e773bc9335c8694bdb7
SHA256 15e005beb5928bd418cc91f07d4148bd199e2739429a2afb2bd1ef114de87d5b
SHA512 842862a00ed1e93256dae9f1f4a13db4a2b0f0b6b056421ccb4a2082b68c286380f369c4872a51402891b678ddb70efcac731ad9272d49f16e4db3e24daf4485

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\datareporting\glean\db\data.safe.bin

MD5 562f58071dc06b70058f82af7e709ec9
SHA1 11ba9bf1eacecf067adfd0a98f2f6992f3c731ac
SHA256 0364bab814e104e40f1ecf255b118dd064d44ea2dbeedae86c1f86d4c6021286
SHA512 1f276b771e3323588d19a812e473cddf972ad05fdaf53c6fbebb9e86c79191e2501e2cfd9980a06dba662bf5a1ae67e9082ee7a889f086910bddb8d72e0d1bd1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e541ebc250ec86b637fecfee1ed77f55
SHA1 066a9c520e0f302632bcfb0ace4b9de4a3c429da
SHA256 c4d2015e88a9fbf8275521008281a19527364732adff029ed196ee7934a583dc
SHA512 d7d53bf05ce080d21e957c0f8abef4c7fed2795cf9772cb90c9926262a3d2390d37918feb78149f83f03bd62a75b4309a47da0f2b492bc494c30bcde99973005

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\prefs-1.js

MD5 fd0a66040369e1ba029b012345817bf0
SHA1 e1e5883a59c596510ad50a398681bade50c5dcce
SHA256 679f8ac4753dc4cd1038c284c9f31ddc302305e75cf4876ba7e051cc8e60239a
SHA512 20a77a0f461f188ba80e32d465e22bb6b25641c5a6597f208177ca9b135cb46de862e774b2daf7f59c0fd041843a7e28a379a15802ea09b7841563d130c4b623

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\prefs-1.js

MD5 e61a09cc6a22d378ba7a1d1976228d78
SHA1 42f19c7200340a1ef7494535f663949dcb197a17
SHA256 be5ec2a0b75410f3c1a21d435c1792e4726b877810025c480be5a14ce88bf875
SHA512 63deb4a1174de1bdc6c64d6af15475da86f6a0f10e5162ad62050ac73e07cfcd9332cfcd7115ffd5a3fad124a0f524c7791f3759e75d8e9fa211a891b00c8e45

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\prefs-1.js

MD5 34c44bdaefdb4cdfe60f559d303e3ba5
SHA1 df5104d13e3392b1ed2b349cb686bc53402f3fbb
SHA256 68e22539126fc4171e2180c52f6ae75844800edc57269ed73d62e06181e15549
SHA512 807009528121bfaf918d63bdedd96511df87e1acbe9da6f86c54fde8502b5e031f298613859ba50b760123b7c75df4115f86f9e92c7c6ae3b75e4591d8b2b19c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\B573808F9B4F64D3E5F0B069BDAA48EF4086E712

MD5 dcaf38103e27e0027e464f124b75c78a
SHA1 9900eb05cca44080947dc3514b2bc59f4a502879
SHA256 7006cc72c4a931149ae9555e0024bfbc116fb31991b83f16c723da9946c57af9
SHA512 ab092304d4f8cfc9005a06e213e208293ccbfaea76868a730ebcb029b84eb4c407dfd87e4127968ff7c17d3b063a02a953321138c2cbc4a1e33633ddc6aede24

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 83929982767fe4f83bd8271a9a6153b0
SHA1 e00af6a2a98dd07187bb745bd67ebf23c5d6b866
SHA256 2a736c154303a2329ad02a377f5f872d41f04ebf9402721f8b895a62dc0aa97e
SHA512 bef2e558f2095309e79505e282c5afc1b8701de65d7c8a8aa9b3d17757a63d4397a1094ae30c128fd475d2c63be2db5f67096e24785b26f1311f0f707a72e131

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

MD5 c986b094dad7dde6fdf2c928e258c496
SHA1 fba050cdc920b6926a062e8e8d1cb8d5aa1d1549
SHA256 af233654a859eb339b3acb7d875511ce4308012ba50df584c5f29ab27cecabcd
SHA512 1101a3e7719274a769edc578a558b8547f581e37f776fedb10d2fbdf0aa2503be4d3eabe12737e737bc89e9248276d149ce49e82c0139235e6102dbc80f7159c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 eb83d683621f294e9459f8421a622c78
SHA1 3db7ec62cb97751718dfb84f61445f108716df9a
SHA256 cc167231845d7ba2f1014961ce303f46992732888bc4b844aae2222134fb36d2
SHA512 651242db0562915f4d1625944ec6679d4f1c0999ee6ced83f0de0fa974aeccfbb49a9ee6da550c936d1815c3058e83d14f1f40ae3825d289553becf84e89a930

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4bd19cddd62d7c71aca1f564c8530e32
SHA1 18181dde950d00ceca166290e6d5a3ac66665d75
SHA256 4e2a780acae1cac7c4e263ff4822a2bbbaedf7846e09baed0e24e20a87f7f0e8
SHA512 614a20fbfca8e4753f566dcccbde990279bc50f1c6ef8c372ee1ebe4a625283a8f4b7700bc61565764e79b6e86ad4a40680330d3f7f3f7d46c587a617acf95a6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8ad143a4af454a1eda28b6525ede9971
SHA1 10f0254f22ff8cad26247ba4702f1330addc5525
SHA256 8780e7d2cb70e90c3af24c4ed26efb608a5e2749583c56342728ca0cd9e4f7ff
SHA512 88704585e0140ee2c6de98c72101eb35f7f48bdec0953cc3ab9315f8847530ff8ea733edbed86a6e145766d5d57a5f784da78eabbf99f14d9b04d6dc8f66f809

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 de62225890d3c0bc16d9d725f5d2bb76
SHA1 080b6769e9b7ab2fb63c481815d453e8ec5fe10d
SHA256 6edb3abd754ada06c2286cffdca36378a19881163e48c3ca38bda2b364b33eec
SHA512 654b140c7fd19e54adf4145c18cab402d762e1ba073c8ddff199d636ef697b45ef5c4cbb1721e01ac6684d486fdeeadb15eb1747ad76813f6a1b88bc311e5e63

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c068a1ffaa96faf85733659cc499da3d
SHA1 1b11b94b2baf80b6090e34049a4d02b96ef9808d
SHA256 630163338f41d30f60d48371f4d9ed1ea3f7a32d77a5f6e172fa2a3ff73eacda
SHA512 f14a847247eabca55496e8ae40b435b66da6b1d67886d1b0399f92811180f991d96ce80596cb539097c0e30661c7d0cc3e764534bd0157e84820460f294a6ee0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0389c850084150e2c91cd979e41ba765
SHA1 6b6492e65d66bc819fd4915da8b94e3a501641cd
SHA256 0b8682632748df05ffd25f2c94941a08b31012e8e99dd79e292c13bec209ede3
SHA512 fdc827fe72932f835d52bfaa46173a14a36c64331cff723a83cbd0dd71b0db24e97fd717a92114c045edda982c0fea996a0f05ef3cf65861593394457e5d22de

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ed3363763e810a8812ead738739e4302
SHA1 9cdbc8f81eda27a78c3010f1cda6da2450900ead
SHA256 0a9b29dcac813545e51b7a92f4c640651e04ba68549ab8af61f540baf61ec3a5
SHA512 d19b34c2701bdc07c0d464d088a69e4cb86c27cde97b200e4016b60730198d0385b85983767acdefa10e887ac783985559d08c79884bb61d21057247a0e86009

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 aacd4024e5167aa34306929f50b485f4
SHA1 a4c2b1c9b3caca5c37013827774d4f055e7ed9b2
SHA256 3878c0e13a06e1d41df09bcdb5a6b35c7127b0aaa6c25be52e1b15e249ad5f3b
SHA512 9299e6c906c6253a8cada98409c5b8de4d4be719b386543457a6fa0c761d4cd622050618e9147154f5d227610a282946bde74734e45f03f42b608601b4be6059

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\prefs.js

MD5 8952430ffb1afcab8f64924d93e169d4
SHA1 c6cb98edaee6109158740e22c875b774f3f75e87
SHA256 38e6b358a36f122f4dd1e18e88f165ac78ae46fdb9ee9310abf9375fc4e0063a
SHA512 df513f3fce2f3df6704aaab0c4787f94b8a5b91567e366b5235dfb3b20d0ccd7d11326b114def2ef134352f5445bfcbb78121ea67405d746f1b9041f0b5fb866

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2538e8814bdcd390f90ebe6ac0fde44e
SHA1 e9e0c85c3e408b97ddbdac8ffce1e6f8558a4d54
SHA256 30f21267f03dfcc3d92e01d478e0b878be047e0025d4dce4b512529d4ec861a7
SHA512 2ee88232b9ed4173b4d37f6966fbea9bbc57c732c78accb384a01b5a43258c4aeb7aa81d2b83df24e0da7e62ad417202678a1d182cb906bb8210d44caed4e52c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 2b3a8c5ddb745e48ead8abbae873d161
SHA1 26262fea823b059e851bbb6b888ab03e0fba729f
SHA256 6a3f5fa94ec1162b957d2a78ff8ce0864cba5c0c42d060c2e3a19587a2f5bcc8
SHA512 16ae3f5b6363089ee7ad87d9b96c620c2840055042176269656a558284678b39b166132d9c06fcb5426bad5b35ff13983791799c4526136bffddd8dd40fd263f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\prefs.js

MD5 9169b5590d8b2c21cddb11ec2a9099c7
SHA1 2a8acf1c9a390f235d9eeccb9882ec82019df9c5
SHA256 6a2b8e24369fcb1184b2fc6b6249a8b00af98a2d5c8e051e111c613d7389471d
SHA512 3d56ba266d61f66ddf2549d97deab8310999750c2597447d2e067d5646d6881d145f7f795ea0c9dbf6ecedd1f37f261a89aa255a2053688c8d7c4c3fc0259db3

C:\Users\Admin\Downloads\49LFOjNt.bat.part

MD5 e4c0a310dde3d609537c33ef6ab72863
SHA1 047e1b3a8d5a2e921f9f9c973c5283c46a73848d
SHA256 1056b5b3c1b2e2148d7015795a5bc35755f739ca7729659d6b29352f4657d7e2
SHA512 6396d66aba862b97312fa63625284a7f8d39cb66b4d6deaa87ed4823c5695a82fd1eef0e5e36c010c153839839236b2c34e07bbb4ffb97e629d7d6f13f3efc8e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\downloads.json.tmp

MD5 bd4b3282de2f65c469fdddfa45ae34c2
SHA1 2b5898c39ccd0849ca064d5444eeb958a7395e7a
SHA256 9c5eadb25e0fca30682fc5d80b591b41a3b8912f5baf53c56b606859ed942a05
SHA512 68a5090222ddacec1d9f331fb3e09b3fd7f854cb4a4914e95cf2f33e23db2735f4233f306b6ae542c24672119ef176066277cf0dd179664dbd682d6e032dceb2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e686209b535312139b5d6f1b914a940e
SHA1 f45c67c6ccbbfcb4e7766bf817a3d142410887d2
SHA256 d13e0c3de60a34f1d95b0b1dc6e2ff42315052fa54d0d2f113c162b51a940660
SHA512 1b93a35449e10179ddaa123c2fecfb45cb5be25afc0cb21c281b8feeb191351ea5df1c744d65a68e4262230f78186518f8e3c65b137b02973ac261bed5e6be2a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5c1663f8fc6770e5d7c8e0f210477705
SHA1 3c044b28dc1988c24f01d89b4cd4f29c226fd017
SHA256 8a01c0c8cc47370ee4257d99efcab7108c8b387b634fe33937b6799d321ec2dc
SHA512 e62f8d3cdb30dfce1c0178cd89a0619159c60fac8e662a61a70aad39ede479cb4fc0443613decc235f857ccfcd9b1892fea972a3a43ea8c9f8a28c9536760d09

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\prefs.js

MD5 039916cc8ed6060cc53dc8e711bd0237
SHA1 dd86303ec38d8985f469048d4ee5c3b4acfc9a24
SHA256 91d55772aec7da2f53b67a6900960477705c2100ef4cb0011001394641d801f2
SHA512 d4da1374c0b9c79d6472841d2b4684b6e476a0353def27bdd2069ce6344444eea95e0ecc7c5c53806dc4899b9cedc40d7118f1419d113ed85e5c87351a8b5dda

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2dfd80c736fcb0898513616236964df4
SHA1 b367330d4da2e4397e84300415d9cbf6c4a520ae
SHA256 1cae23d9599aa6a9fcbf305259e1b9bb1f8fd22bd427f49361a1a74e74fbbffc
SHA512 80b6eeb2b1a53b9b6ea7e6c32355dc7c3457ff490f1e8439d917bf3505072016238857cf9b36ccdd0d5ba119ee2691139055bf21a64f402a984c21172c3d8871

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 50f48d378b7d7a8cf38a200e2d3aae01
SHA1 12ae0619d550c942713746761719d32edc4b42c2
SHA256 7179b7f2dee6ec703e41075459bfaba3be31257eabfea4e03d9f828dd8790342
SHA512 24e0115bf54c335b6a4b294b32f841f3b6aafbaefcd005b32b56dea6ba65c60b1d3ac75094d9cb1322696201717a5bfe1e165d87b8440e29f491e00816e62e6a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c1de742210987c0327b0b58a3cef6fed
SHA1 27a124a1a2464474ca674aed9f0a914d069fc45d
SHA256 4ddcce22a154b688605b0ff904427a677671815f97b12e94fe1f7e9192bede66
SHA512 0ab35bc9a88827ee6a609aafa2a9baef59a68bc9bdf465b375f72807b12b1e8e89de73efd8d65b00debd4d46be1e16f60868bef77face05ef8a260003d49c689

C:\Users\Admin\Downloads\IhjhkLuS.bat.part

MD5 bec98c9c81bf2ec187390cf3737a780f
SHA1 7ee5ff2a6a0079cbb9e6e0ede7c622c2a2c2b32b
SHA256 c990f5134363cc7aa9fee2e69d950ec514bcbcbd89730c8cb34e36a4dd364194
SHA512 5996dd042b5708dea5ba7fc25e0a9f0a60543e5b6167f3b74aac8d1913675583165c1fa3cd72798bcaba16db429e13f409be336f1c220b2cb05306c12df2f47a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 176b4d8e08f5cd8e23cb6f74394d162f
SHA1 4a743e3183f9172c5d895803669f036a311550c7
SHA256 144bfeb9d34430a1ccbeb913683fb99dff69c8126a59159367a6f49ca9c2dc43
SHA512 993859d138d29811cce9c6fefff3e3e85a98bcfa72cf3f826cd15d4c7a4ba90e806c89c16379f6f0ad510668f2d67cc6bf8aca5f1dbfe7919c96d143b88b8302

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\prefs.js

MD5 73f4906b095172416fdf646cc16592af
SHA1 80c81e95622396fdb5d3ebd89f440a9c512a42e2
SHA256 34525f3080c2474a674d43f89a8ae527d1d98aeeb674254f8bc894d8cd469f4a
SHA512 d4719e40223251aa0a6cb060e84c972e634f16d72168c107b0e99008f3e27d6fc53bd33276d4b107fa6bf431d420dca68d03fd7f4c09c49ceee9d533036e2b33

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6cdf53f0707a173c80abc6245a89bd54
SHA1 01c318aa8e0aabd9c846ffb4a3e136fb4456aec8
SHA256 2e02809b83e9decda307680f18be312e3f715227785ed7f025745abc651b3236
SHA512 40e48c3950c2d1cad1c8b23db9e4e9e364719210f4c9bc787a15170cb9d3c4ccdf3f97ea29d605def1c12d125f2651066b68cd2951682f269ef357910716af34

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 86d4ca10b5b1eff0306c4c504753e8e1
SHA1 2a738adcebfcec3521ad426e07b51c85339f438e
SHA256 4f1cb0b65cc09b6150ec9af56ad15f96e3df2eed73e74ed4549580dfae3158a3
SHA512 09ca02e62fbc0484289bb913721f817e0516948b87ad2777a8d8a5880d01a20874a482f277c572337d24e9279160e042ab6ec0ea3001db960dd1ce3fb82862ad

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4f6cc8586b1f5728b5eab4d5ed5b06ae
SHA1 e750353f69444f543a30bbec5eeb02409bcd7944
SHA256 428e4e35ae8329cf7afa641c2af64b0ffc4c7cf2c6f2aa2fbc4db943329a17d2
SHA512 1fb230b7df60525bc59298d79858cda66f8cef59797cf7446ca9c7ab1e28f0c720aa1efcbbf148f23aee4f64122f34c40720bc655e6829868ba240988d8c9566

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 01ea44a1d56355dfe3ec85dd51fd618a
SHA1 c694ee152810003889fdf2f2437d67448e30e60b
SHA256 7350181550890939621eb1cb6f09f6547c83d009ac7cd8d6bd77ca2f9c4cd82c
SHA512 3c690bb7e72c6b25cba2d79ac4759ea5992d024081e79f80312e6fcf1764601eccf346eb79c890f8a60aad888e8611d18129b2e16fea6e7a97468aa71175bbff

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 89b67de1b03060e4f475f98ee1652e57
SHA1 9e22199c8c5c5c6256e59d6bd24bee186c5f6a2d
SHA256 a398ccc539c28de07bd6884dac8e3351f3447b24d362504df690968587a98338
SHA512 5dcbf44d1e0e4c6289881ac28f4b9b8ab826f5667817be66788ebca1bf9816a31f3ddfbb3ec67977493f56a2c798de30e504cfac563ad7106b2f6edcadba3ced

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 970b5df039ee81c25e466810ec89cb5f
SHA1 02e2ec47e5067dec235f418ef162505f5e738e22
SHA256 9d76dd069f3ea7b95ca3613f3266335ec5daddfe13fd6ba8fdd93c3175ff5074
SHA512 3c5aaee64a5ba0f7a024aab03645da1de19d9834956a040e370383686d15bd118b6ffb51b5ed5c59f119754e23d8ce5227230bd410939c9c1cf68c493db66f86

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\SiteSecurityServiceState.txt

MD5 dd10ce4080ad0cf93adc7d15ffb3b585
SHA1 9cb84c498c5f93f283df75c63299cc7ac175b329
SHA256 2b710e9d39af01faffc02c6ced74a99fee79a8aa9dc6408b4156ce030541146b
SHA512 f1ede186f6f83da8da19ce3f955cea79611924d3951b26b12d915bfa75495ce5b6bc4299a36d9b3eeb89b5c3fe63b8fd0ecd941c536c08b817e672672a650c83

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\prefs-1.js

MD5 34fbba12b47e688fc1589eec3ff91fd1
SHA1 0fbd0bd1408cce829e37753c6322aeb4c7e10b39
SHA256 275ac872b7b1c301385c72d5b207e636f50fb8d1d15a9e53abf710229d727498
SHA512 78973e53299bc2b8a5bd28365ccd132be615389ded5eb81b2cab135eddf203d8c0e42ba1a2cf766d818b000b4060e8324130cbbd8681fc4ba1071ec5cd94dc8b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\extensions.json

MD5 61e5ac323f4bb12b922ced408bc60de7
SHA1 e43ca446a091e9a70b0d7bf003d78dc41722b8df
SHA256 06368c0ebc8e1b33de8344668e37ba81b8a6d6fc8577cc5d9015e21d273c7699
SHA512 e64a17d7a84b7f7a9a4775a83e432af8ff24aee3b60fa411cbfcba5ed26e56bc158a4e0f544bc95cf8fe0e3c6e07727a7626d26d00a4b46a7160cecc7484f6b5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\broadcast-listeners.json

MD5 0279ef1613a7a6f502cfde812c514c89
SHA1 a5abe9da904d119575277eb79598936455a7ad36
SHA256 37fd30b09dfc7594adb4d865c1a30f9d32072fb681992be80da9af69ccb5e5ae
SHA512 ef022fc327a81bf71d98c0e87cd32dd7785bd5357a802b6e7f7ab4adf84c52ece962e8eb4d4dd5a0711b4a97235cf9254ce475ea8218dda9c140e55e9cd0cd96

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\F927243E8076D497A160B434512DACE3DAD45D00

MD5 b17f93d3bc67a7ab2a44fbf10b5dfee2
SHA1 be7f89180810154e5a17ea6a45377d096f7c15b0
SHA256 5bcd21704f69a7da4fbb09ec69973e0a0d8c2d7e58bbfcd92e58c2140d462b21
SHA512 047ed1dab794b981aec5edafb9863102f87ef9e0feb830dbd475855edae5757bf0bbd1ad9295efdd6ba7a6e05c4417b2f18dc0926570538470b9c648f825057f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\7943793AD6EF12CA229A1DF7A721B44C210BBC82

MD5 715dc206834b33801399995fd702e70a
SHA1 33f86d54c8c780fbb9241994cf5c9b4abab8377e
SHA256 314db5b89c18ce314b56c18ace1016a3429cb8c7eb7a4060f6cd58d9c308ab14
SHA512 7b7be0d56ee5083860d6d18c2cdc42b4b4e13b928d628718c7742af75da7a92c8fdb2d0f71a8aab63ae9e88a078760f26a7d6a04d44898baeac4877496fc8902

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\E842FB247D92FD6FF4BB332AAA7E237C13601374

MD5 879daaa34bc6d68321f0e03534e06e2f
SHA1 b1bdf4713aaacc60e60205f65e856c52c5746545
SHA256 3e673290e9d0f53860582683fa6d9e90275312a81561ff5c09dd1e1e8befa7ee
SHA512 05f6f2d12ce8631c60318530fa6bc6fdf58219f98084a86ac891bd0bc37480b44dedc3df8b32c283f5139d348781d3442f399816079e9a72aa818dc13e153d99

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\B7284C931149D27BAED0C5463E7ADF44394863D9

MD5 bd03067a15932a28766168173d492d50
SHA1 f7b3c51018dff24863ce029a1feafb966bc64248
SHA256 3d1994210e861a00723582c846a09122bdfd4c33c296508c76bffc64e7477d3a
SHA512 b3875d917221effe3f60c92d26fb22fc231e6aab5982273864fce29eb0430af9747aaa3ca96ebba5d1f1e8a28d0b97e5ed8ce14007da31299adc14be528ae473

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\82C47FA9F5F29D08908329A836215460FD85B37B

MD5 95f5c19075fec6c9b8e3198f870fb39d
SHA1 b6f8d93c187166469e05d03024d0493f25e99b1a
SHA256 255716db7d4755900bbe867eea40d7825b998bbe1ae702674a461f28f721f23c
SHA512 bd58775d45162fa66fa5b20d3048b6daff6abff7cb1e9b80dfa16cf0885803604674c7e7f8bf4140625e2b9a1ad129d0f1caea8ec171d5b96edd6904e69ab8af

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\F2126587BD6414870CF551101AFB6D610B7210C5

MD5 433837e892642c5b077f8e3e0a211f02
SHA1 77ba23e83f07ebd9e0d8d4e24d2af3c87584d2d9
SHA256 e6d1d7524dc3b72debe044e4976aeeaca634d304ed4e22ce2219aff09590cac7
SHA512 80f2a74e22ca40471a3d2f1b534b2ade5c08d73123c2e854e127b45084cfff6811b52197a6441f46068c361b4fab9f8fc071dcf418bf34fc715e63568b5e86d8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\B438100AC2CAF0750E2D67AC42F2293E53C838B3

MD5 5f412e136443a36271b96bc4a7e4744a
SHA1 6a78ee7c1d78be8ffbb7c21989ed3cba76329143
SHA256 f201d65d19d7739d3bbf5961fbdc1a14a492e59d7e27054e35310a1978d81557
SHA512 da68740780b0f2bb6631e3996035770200915c26d49cf7ded9c43263b0c1d6dfe55bf3b026b07bd3e5598e074c6b137342d8f0a3aa8cf864f42c7fbc383746a8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\7D6A12780C1B00A95DAA5184DD5E28D24EB1C81D

MD5 fc836c6df9f7997d0f10c2b9a2c33478
SHA1 f48e4b089970fb4f3e166b4ff561fcb701ba5285
SHA256 67b89b190b3f0bc23d42d4ede3a5a65600c759958a8a6bfdecf494ba424618ca
SHA512 3966cbf0476db729598a47ed2ca143411677ed889e436d96a87b5331da01fca34301b0000f604caca8878b0583ac2778cb929dd110d919ea5017844e12ec1f28

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\AAC5CD3560F3EF36DD96FD63E0B5AF18B1F5453A

MD5 37fcd2e0a8c90c0b664c0e6d552513b9
SHA1 12e5241f7c525daf1e69a208ad686e81a0c1b30d
SHA256 bc29472172a05056d71b24a91b8c4e96a20f156cec53fda916bbd2c6c553bc41
SHA512 79fcb87eec06b8f54d1bbfa366d6bbcd3e4e97c6481e3ae3f4a52023bdea34d2e459ca6483976374d918b4231d2116402c225b3337fe0f12f6d468c98693f283

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\8DB02219593943629AD08C278595D9BAC169CECF

MD5 87481d0e60c42b62fa1f7c693467a182
SHA1 0ef7c739813cd358690df75c90d4a7c2c9d9875f
SHA256 637e15eb2e566816b6459e755ab0cda34a5e52b874dc193d943a133e32ce081a
SHA512 7db725b8a4e9bdb7e8c77a092a41df7ffb7c70e45ea3ac636ecdbda49ea9aee19a14673cc97e6b2025688ec84d76166ac109fcacedd8a8cc7391aeb95bb2c94b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\9FDA5F75D7EEA76BEFB716484853B4A10D7C73A1

MD5 ce5d8f3a3a66532dd41b2aa5f8e4887e
SHA1 ae869c62840308bde4383d17fbeb884b90d15f1a
SHA256 95dd4b85f43d449a6cebd31fb07d8f209a61d6e830b2fe34b2306eaaf688d2bc
SHA512 dbcae52cfbd286c4db9d2b9f6a70676a959250e6fd914ed73dc083845e8de65b87550a979309fca90a1903d5f92a47a8f52a02505f21ff04c62341f1a69c6189

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\AE134BBADA814FC6EBEDA74939D310F5C534BF7B

MD5 202466c98576f3f699d9917eef9c1ede
SHA1 491403de58eda59e8b512a71e897a83bbf8bc8b6
SHA256 47622de45e32f108b0a892dd7bd15b5491478d465f197fca69dcab0f39d744b1
SHA512 604c05823599765a2b6182791097a59b6e38f6942f80397ae55390a3ff03bb342968e885043bdec2c092966ea27e4a97e77c98714346b59df8b5224f49fb4339

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\8BEF30DAF9E2434EED4B7575BCD80C38A5A19D6A

MD5 d86226c0f834b57143c361f24c72b6b7
SHA1 5cef2e7db92f5113730df54388292fc7d4cc78f2
SHA256 e7d4764081f47db75e2cc2d725776b624b9a1d779a2dab6a2deb0f1dc7b20249
SHA512 714025bda9fb8e730589ee60bc50754b815402d6b147ee6ec6420545f9df0472600533fedb840d36927f6d8007353f967061b014f0051665c24c790b9871f692

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\3ED6CA071AC6785EADB68D23E1F92DCF6FBC9AFE

MD5 e45c6d9352c57a2971eadb1ea05ac1cc
SHA1 d0f16eefa39995ffe03e8cf5e8b8fcefcd378330
SHA256 c40e68a8a04e5a5bb7cad6a9cbf6a219db53e610b148ab573d366db13c28d09d
SHA512 517937fea61d18a55bb01f53af878df214e7b0b40ecf7eee4289d650a560b208d36b5af4184a8a140b4207b34b1202b029b824ec578626203559903ea0ff400d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\06055E8787A249CB2536658098CE760742A08CA8

MD5 36ee734f897b7b7e4c40c250e4c8f763
SHA1 ea03fa0d021dc1267a277b72614ed8bab464e86b
SHA256 7a832e94791d75e482dfcaf2b96cc5717843d74d8ad4bc4b3122b753adf1cb7a
SHA512 314f8c1825a24dd958478716a041fae5d36625608086f2da28ad7dccd44df9cc60d69ff964a2a415b5bcc6c4b1d37754250c0a246a238eb53e0417f9a6a89ea1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\DBA3BF51F2D6997C752A07E98BF71F827EE9D68B

MD5 1ed0419ef74710972b64788650f0ccaf
SHA1 ee7d80e343a016e5499d39d13fbd5050255e941f
SHA256 8fbd6662eac922f7c50c6eab976482657198fd721b10b73933e0ef3f6ed97449
SHA512 47da06814bea2ed93196e891a4efd3a876d9568c5fdbcd6eec700ec51a51b2c8b2ebf6f1cabbc3004f0bc0678f31497dee9efdf59096a0d0323a9ce89ef9f47f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\F15311EFDA1E6B1C71A65847CF468B014240F575

MD5 e336628fe5b6cdd70aab4a36eefc7057
SHA1 331eff232479d1f005592a9dbfde7ccb70e75f44
SHA256 1e337b726666f9e0c9d8834dd14e4d446d78582767c78c4c32dcdf5a758290de
SHA512 039493edf2cbab2a840ec1e3e0e7e9c1907f155eac671dcd6b2297963f19446c1c513f91785d2ef9fc29c5828b6f20c910eec328a145a86c8f9b5df1dcf4704e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\92E1C0F8C47C885B1D2C8B58F6038BE64A5AB235

MD5 0c54de186a965fc6ebc33e224b459cbb
SHA1 bad4f5d9b2408b39d0e3994face869860c8f57d1
SHA256 7d87b7d764f2979932b3d7af0ec4de18866fd5c4fe33b686a207d7f3fd084ec6
SHA512 42251bb16b34a1b980ddfe0f19899134bfcd237bc112642fe6e09c18024489ceb0ab3d8fc64606634c0cc8c39471e5879bce496037e182736fd5232cf140ec82

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\BBA3B62C6926A57DE7109C39EF9E1ABEE487F7F3

MD5 3aa879edcddb782c191172b56cb6b228
SHA1 53cbe8a5ddc251106b55931656a39ebb55a69bb6
SHA256 b109d9d9df68d8666f66cd6ab7ba776fc473e0e6f0a07f3898c1854de162c073
SHA512 b84d75cbb6469f663aeb8e299563c1872c0b2f01c90d27265b940e20dff7fddf130a82734087f003b11bfdb010487a4bdd3cebfe940dfd1db5b2239eb27ac306

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\8219CF99073EE581ACFFEAF0C4E7498904117C18

MD5 23ee57c128796961838f6491a2a6c5ec
SHA1 31fdda880f9dfca5ac703f8c89af0533d4b50a67
SHA256 9d179c7b5cc836ff3dd9f1204c1b39b8ec8263ea65731a14ac1b285e85f658f0
SHA512 b78c805a449505687f0885caa629f6839cb1aff363dd26f9b5320af7c793fae70618ff649709aa05f268515247ef37dc63b48f4017ba6939b45e1a69261e8b2f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\4A889395B2C0D7A533F4584B580B5D05DEFE1F80

MD5 56afad22e8ded313abb0f2a0d06cff79
SHA1 ad1f5c75e44889c2f5d22538e44472f57f376341
SHA256 4ea2fe06a552c49d451f52aec54503428e5b8e1eec2370b06326463bf2b73429
SHA512 db68c0978d35dc5bc16fc5b28563941d109522581910ea923fd48978a8dfdd4658c184fb96df5261f01e526f8644729607f66ea3c76239091978fde7d61797d8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\62A40316509CAF83D1DB51BE295BD32E42AA66A1

MD5 3ad8932d58bf887ee6ad9701f86f281a
SHA1 5c158d876b52c927815c564f2916aeaaab254fdd
SHA256 058af20335bbfdd08f4b6bd917816fdc4e06ed9dbd319775391f47fe5b1590d0
SHA512 a98f372f988f9b1b51f69620da0dbab0608a5144f6fedbdbd879090de6c26b9d1b77ceea769445a6220e5a5cde8444b51557f439839c18962568e51a5226f232

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\7166C647870CACEF3CF41546215940F59B032BDF

MD5 238b76982472d24a60fdf7044cce446b
SHA1 b0613fd1c9870eea13cb1d996a4b15fdffcf41b1
SHA256 d6f5b2d642b11f5af47b26541f0d5b057f1ba2abd1e25d7d576c86d9ed7614fb
SHA512 5c7e402063e87f3542602965f51e6edd8231e62891b2e89c5e10cd6b0d701b68fd6bb90161500dbcee87d17ce73ae6ca303d9ed2d74e7f5d244df1057573f4dc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\52FE414CCA6B045953221960B34F1F6E566B3A45

MD5 1d0796923864cc4fe4d46ae2bde4de8e
SHA1 b2f98553712405d6862648090801ccc7f79b62ae
SHA256 04b94772d6f97bb8b653cc79c1c219783b1d7df67a300d66fd791222e99730bd
SHA512 0f2522e5a8e68bebffc01b523302bd49b448a338ee24b02d16b84e86eb1a21a8a5c38eb8a727499c4285f1890afd9cd18eb287d5a10b6a8eb200a69aefdbeaea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\CC93F9CFC2E58464CAE2A349369CDBDB308DB9D7

MD5 472c30f3f9db656d65fddd522a1cf0ff
SHA1 18b35f4609bdca6d5f6d1ebf99bdcf35a030e1eb
SHA256 982b90d2a9ed3616595f53939ad8f5ae50d4e2da1d59f017c97c276305638bcd
SHA512 ffba58d9ab9b23e79b0c1d73b6fff084506c1dffa4c762814e065e60441499b8276731e9b11f69767138753b8bdfbe6de996b5367fdf1e0d297e477ada7a77f0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\F6CCED277AE7064C456EFA4CAAA1489F1422B44B

MD5 72b43dca7a876349f86a5560cd2e376a
SHA1 6a84b9302748190c5c1d479843203263f2d75b48
SHA256 51f04d3376691ce4a437fc46a1eec024778a2306019f80c953288439aaf90b1b
SHA512 7e8f7801fecf07ea07e4f2e066955783d378e0a7ae9fb6115d543f47b0a85b9249cb158dc7aca447aa60ca2a5eeab5abed0df81ac78b0326c7944bf4ad6f7cb4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\396F36B3CB87EDEAC3CD5A248F941B2CEEC626F6

MD5 aea2bd0a8a22996e3f776e605d958831
SHA1 1de4e0c112fd7889cf27d85d7ec4296c16854dd4
SHA256 037eba1e76164b8976d98fe8b1aa50e9449b5ad6a1e2c233a2a827b643648a86
SHA512 537d46c1c352891592b5e4354a741b007c8301239cea565bc18882b78d924ed140b5891f50503f2e4ed9f81e9175bc1f777da41dfe01b973fb3fa0501b3be910

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\86FF4EACDFDB9F9471EC8D0510B962F1F7B8B10E

MD5 611791a172ff396524483ccec9247e6f
SHA1 a9384cb706b3387e2d07628414e725543797dba3
SHA256 6d17b795cb0748156264278c6b9770607adf93b9ecadda6d0c9339116be80bf8
SHA512 a3d7e502cbcad8ccf5b630aebc864d2b6d2d4b2186f12b49f601842abb0d1248c1d60cece38bd454463f6c0401a834134c89dfaa097debdd7f9c0ec0a4b71481

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\586856AB9277E251A2D833F52F3B582CE92F42CA

MD5 18311ec970b9de13564221600fc7e4b7
SHA1 98f8f29d65d85d62745fff10c7d85fa77008d3b8
SHA256 a0ce2e1e5127f0e51fe00b8e9990c373405425f85c88c1cf57167964e710bc64
SHA512 b0c56d222ef61115c9c527dee41bc2f76daeff090ebed909a5c5a6689094e52a7275798f3feab19b1ca8a179e57a508231ba2b74b82c3ad562d0447ed0fee813

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\100FFF054C84EE1936E094E798645A7774BB1FAA

MD5 22d07fd0fffb0b8f5897e21c31d8d9e3
SHA1 b46012e7f8a7701878b16115fd3fd030d138bcfa
SHA256 5e6cc95f93739661cc6f187c830eaca54a515c69fba193caf179e3fca86b9587
SHA512 facc403a981e1f11be5715399718fe1dfbbd376f6102f964ff219ea950e37763f7abae134bf00cbd05b469ce81731ba35250edf1a6117351292b82d82f934182

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\A76368F510FC68624CCBFA28900DD7A4100D210A

MD5 a34534e744ef874fbfa128d64d685ef2
SHA1 6af1f55e2be881030c38d282a709dbf031035dc6
SHA256 4e0e9a2f1f32a59b0874a6d08ed48798106cb236544681bc5afdb3c252daa695
SHA512 57e5db9ba6dadd3332480d2efc67f7c7a1d56d9ca8b0cf1411373f25888f3483e669fc29725badfe8bf075b00edaae2853f3fab26d0ae6bf86075f96a45ef3ac

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\A6877B5E4B65591E79F947DE32FF50DD2546EDFB

MD5 c57d74f3008e0f10761de79752d8d103
SHA1 4516b790091e33dcbdd30f14b5818833fd05581c
SHA256 9e8d129be02ebc6f6858ace72a2276b15ed87a85953f1540fd699a8c0da28c91
SHA512 bea792feb8dc2c5d2bdc82e9a5cad369f05285961a48126d7e573808cd6ce5ff44181186c90a0351c523e14ab0122e3b940e7feb6585370cfcebde766a04e15d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\F685C96D5849C768002686833B2766B2E03865B1

MD5 c72c10f706376a012a54d59e14b6203b
SHA1 b2fd9955bd7ba00f4e455fb73f87c3da9bb97131
SHA256 50c82dc0f7c80666f7643cf0af0e92891e77bbe0e8358f43edee8960b6fcf0ad
SHA512 12829ef65458f17875395d4185262b3e6ffc6c4da41f4505f62146294e48e0c1c21a92ff6d9ae605cf4c67cbcf4c311d429ac33a2155630ae877d0dc9085b644

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\779474CB43FBF0C3A1C29270DF2F69473A687CBE

MD5 d586093f16eab3ba1585e692c6c7c072
SHA1 f650d7842f07cb8eddcb19cf4333f7fa37a689be
SHA256 e88f2d7bb9b1419964813302cfb1d37a87192077e3da07577fd69b6b5feb5df2
SHA512 dfbd337b5aa82bac591908612174a31a2227523b5dc9a38d66b6375c4959b4ebaf7b8e8dbc68ea391fd1734803361e8461f074149fd62ada54ecf19276de37ad

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\556754EB9D0DC08F2A4662D4795365626C7D1FE7

MD5 81ab7dd0a3873a92999cb3a045b667a1
SHA1 64ed7df393b21925b76196d6cc2e075d74d2db10
SHA256 b0c86746e51b2b2dbb08e0a15c4d682a6d860c16ff5d8a74fc8813c68ac5d6b5
SHA512 4d7d9d9b8b99bc9f16a30a980699addbbf2546c8902826651b66b3c7ee0693827af9ec9e15b5720d4919f498937fbbd85dd9a88b97d6c6440183f93e28309724

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\8D6AD82CA4CF5DD66683788B4FC86EA48BC8AB26

MD5 d477ef23e8129a67b74e0f2ef2e491f7
SHA1 d256e4a3cbaa7e2f31f8c9fb85e735aa4d5f5467
SHA256 77d11214dae6466c81713d967297edf16eecfd6ffd31a4b4ffd1b618cb7b93f7
SHA512 504f0779667925b145359658756e17e51d5660818aa303722011ea854cd5faa506f24071253c93b8883f7334bc54c0e26faa7c63ca2e127104be0db6d1557595

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\4AF4275C0F1F410C22AFF62D6F56BBD53282C873

MD5 23c34328146488fce38f4f2e5f36f6c2
SHA1 a701e8c1bb912b06ce18ab0fc1fd22d5208ec7d5
SHA256 2f3f7d4be8f7ed12acffdd7b389d1363d0ded68dd841fd9a9a11eda6aeaa5217
SHA512 4188acc80b168e261cc89096921cb74bfd3b5a3fa7c0d8c2e3dbe37d4c9f59e60d38295bde2d025961a409a6fdc709420987134585f33c7a9a136ea9522d4e22

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\F207F254C5628C4BAA9FBB084BC127584AE84D6F

MD5 70b3137d8c02ef0252f5f291a8f675e9
SHA1 87dfb6ffda6b64205a21cd1f28da87de02c1e3ef
SHA256 926bf82333fac4324e30e9c1a45e8f701660b406b54d705832ea5daeec6eb1b9
SHA512 bd8f561954162e19ce9a95d5573ec0b53a9dbd31cf623db95a9cf4a094e66b0cf9bb982f1931c7b2717ed0fdad5d319b8159a05dcfb30616406d0ef8850d405c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\9BB20B62B9628D3FC93B3D8B85F31F815100C99A

MD5 b62d256f4d42d58191b77f0a27508315
SHA1 097a6f57aa6ced2149fd2d0833a10dc39dc8512c
SHA256 02f9580aeaab8f2e4ee2565c67b819c59dd913601568b82ec92fcbd00467d975
SHA512 147b080fbba5c8b20963c7ddbadb500b5145ce2df0794fbac386894886c0ade40ce5eb6eb0063f15160fe5977ba57f65751887ebfe3652e808c2664dabe17da5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\B675C5F5FFACF874E705146520BEB2653D066F16

MD5 3d4af17bf01d3f969cc92697b8f92135
SHA1 4836faed6a3e4d0b8eabfe244d5e3eab07b34208
SHA256 59577760657094aef2dba8dc2fd2898726620266b53b70e0c9d229e34a0bfaac
SHA512 c8f536cd15468c4e0f91938723b1152a3166eb753362b2683c9ff2a34c2405e16cbae8255339d11ab64c6c6d4360cf2b31a9d5ae9ac6b9130b9fb2d2c94dfcab

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\6599CA8BFF8E1B3B2CC11B3A7CEBC9E758E6A501

MD5 85c521f55f2b4a0a7cc1500a8be6baa8
SHA1 064b3f914e403c9ba283b39b9f5c93ca7c182c90
SHA256 1e528ec05940f14bcd192988c647bbc5f3ec0b1915ca26e7e782b09e2643cd94
SHA512 342ae8867552cdea4c65ec743f3b9e9dab6f77d283a9c9ce2b756a8f1d16b6a1bf04790a9455976cc5b3574686b9ea36b1421978e0ac4362eea47c156b985742

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\E796AA2D9BBF23B7F97C1D94FB3DE5B4FF4EAF79

MD5 68eebb5923c7982c93ef0fa17a7ba675
SHA1 1d80a1b562436d3e11663e2c0a259f4a4b1e1013
SHA256 a7e84ba6c4a78fad378c3064ecdfabb2870fc25870bd77a847aa18fa52d354cb
SHA512 b4946c3552e010656ee7a87c4e99684982711b7667348fc8ffcb9bd7c1c3466632f108a4832c20a048451f475d3e30e396824b1b0c6d9edb6a9f8ec3e93e4974

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\6D05B8917869AB28445837BD6236A9BD77E6B9AB

MD5 dd63a4872c4d4331cde6d8b598f347a1
SHA1 5026abc5749ff9533e825a0bd2528a6e2d3612bb
SHA256 46f7fc556ca2f7f21f23ee80e3dfdf50430c57a18893081c97e25ec4b6062fe8
SHA512 eacaafa1fa678feb33c30b81f71d902623f610b995a685ac0dd9049e6679d22c55efd19e092a47b013ff8fd960331553f2cf592a42d8e03e5c5084258b45717c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\5383B91B1EE2E8E2A9324B30A42503ED9ECB212E

MD5 179558bda25cd9227f8dcca021338dda
SHA1 3f3f08d6b9ea951e962b290d899bd1e5dc62971e
SHA256 86ced9ea5bd57716c744f3416cddb915a9d3f95d19dd5cbd7f124cdafea2a4d4
SHA512 fefa288bd68557f12730d1c62165335ccff347eb7658e58e59c43db1c775ecc0c010851cbe71fc0bd284a15552b48f4bce521945dd1fb0d8d4cdf6022d35c514

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\C4A87CD74BF2B1B1B7E78E7BADF58C68B99C3B99

MD5 5133cde59a4e8b49fec5b9779a9a3303
SHA1 a41c578211932c52429de5c6a9480ded662d58e8
SHA256 025abe4517a084bc7aa9c926446b1cbd68976b1deaabe56e85b6c4c8ce2f6bcf
SHA512 59adafd258470124b0de8482fe0dcb199d3c61b97f9cd2b2c8a73de7f98dcf48e96c1ed83ae952cb8542e028112473cbcd705fd83e3ab69201d2523c27969dd4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\02E1349A70FDD9BFC1F6F769C037E479D1E94AF9

MD5 ebe6314ea212134cb9bf97bcdabd9f25
SHA1 a76b7e13150f6773b5a8246b37f042f6428a18aa
SHA256 5c16c9a05c1c7e0e3bcc56a91ca7ac1cf659ab2175afe44259ab4cde2d75d557
SHA512 6f9c7431d7d14d9744649548f2f44a91b341b0001a402ca50e2be90051e19f28cc260369161c96f160b7a5fb8f564b23958b32fe3cc1c441df782df399d88057

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\7ACF6351934894006F5D0364F3DA47095459A705

MD5 987041aaf28c04ae74e9fb3997dd1825
SHA1 48a28a8d91492f062a4be656e809dc987ba52920
SHA256 b13c69e35c87fd148d18c61badccddab9538ec1257dfab458c8cc94dd0f2694c
SHA512 6f425d7bd33bf2ddb749ead86414ea9f14b9ee27618fb8bb1dadc2878c89873b68b398f41b33552ff24666518252f1e7e549537ac9fe4a7c36ffc60b103e2650

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\652A356504EDBB271941176FD0C768EECF7F1E93

MD5 9b80fd54346fb3a9633da43291a7d752
SHA1 4099e3f2afb2cff54005814e1774a2fcce56f291
SHA256 21a640358065c2d52a1e408bf4776b45268355b6f71bd5796b60b4238ae3e9c6
SHA512 0452dab76365d18859e8f728c16a9847f868aeead4ec4eb4784dbf36156b40615da6f6a320e6cfdb67ca30ea74b5336b254b81e4280cb2ffa27b27cf5f1c92fd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\C1C3EA39BE3517EE7FD6D5923628AF68D46266AE

MD5 0e432fddff7f2410e986026cd756fdeb
SHA1 1b4f42a43b9d7dec88cd3077292fe1e5855fad03
SHA256 4ac16d024828218b2657ed62086ae64d9af4d6eb2abae9746a24c5a677140b65
SHA512 e081bf24f37fed926bf971f4437a481beaa0a4403e9ac2f4db12004b37195a8e4e06f0c4aa26f6857e760905074ba754370a5a39d735ba6dc2e089487709c376

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\EDB1E1FAFEF1C33C78663601B92BEF970E47A1F6

MD5 e377cc66549684fe4ca4d0b008334564
SHA1 d93037652ac387bd1a4d21e0fd9b6ce1b71fddf7
SHA256 51896a0667a56f037a84f06d59d9a359d49535701ebe94012c1c493441698ed6
SHA512 617191f63bf50cbb5fa0953cd3ca694f901507e72dbec53f4b30c58bc51d8b90326c30a24e923d791147821ee447ccf81e33a5f9e4a92ff77efbb00b832617c8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\5EA9BFE62314AA46F58502169DC9FFE992EE89A3

MD5 5decacee17839b15318cead461555777
SHA1 31c5b59f90a9a08ecdc2d8a0ccf7dad673681a15
SHA256 11724f9f7f144a15e8f8e25fc64f9090a28773af1f03b0b5009731edb3007af3
SHA512 ccdfab930d66a6cf849ecc985e6302fec64cb82e8aec0d2725e092e7e99a795932d1a2e632f8ae61dedf0ae5e1c6acd760c34242c9c748b1bdf03c4235cd585e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\50C456134936BE38D689438DE08DDD34D0C44D01

MD5 e5d131f3ff2cc0642ccea71cb456bb0b
SHA1 af21b9a7914c36b82ace769fde74475280be28fe
SHA256 c4aadcd2fb59b767867fdb3cbb678dba831ceced7a5b28bae74ed30301cbb03b
SHA512 202abdc118b74c9d942ce863af7a214604cff20aa16a5f4608bc24d0facf93548709e717f06fe73ab34ecaee8717706ed6f2f185a2f6fde4542550a5e9141379

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\61EA98FF3177701DC345A05DC89FA2A968CEE63B

MD5 525dd8a2397533c71f91a8fdff07e5d6
SHA1 745949f6c9b1414f193d1452df985fe885b363df
SHA256 623d68fa180dad160a29e3ea4b4796378fd4db2d67f4d1b7f6f5df4de7cd6f21
SHA512 62684560cd3b52f07a1d4352e938d02063446fa57105823fce32ac54aca5ab44728b756287a91b38bb777917d87366d4a840fe72cdbfbd4c2c17e8372b062ba3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\AC4C04AAF0074BF047AC5FB8869EB1DC7C386754

MD5 5cfe15a826db3f32ca04c1cc44b0ab51
SHA1 a4b5db82defeec1ab4bd3d9d317be70da347fa06
SHA256 9167d6de766970f00602ffe875467286bbd2303d2adc99992331d01b48d488b0
SHA512 ccad05242de640b0caa81d5ed6117cf0a0062fdb78461f9e5623c290c357e60e92e4b7ceaa85df4485c81bcb43173fe17b3d46667335f40e29d8037140e5e9b0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\ED0CAA8BAF2AF51A8207B51AB5166DB697EF3CD2

MD5 9b55f8fbf0a694618c6dccd5cb51fa8d
SHA1 7d252a537b35c9eaa19292092b628ea2cefaf1c5
SHA256 f9d67e0f34a7cfeb087a024e22a9ba93b9def175c85f5d58abe3afd4a33b5113
SHA512 0447fa81545487ed46524b3fb39f2de7a45b98a5f5e39b9d94c28caeee8a401ba5ffc885c37c69390e99d0b65318a868671ef80ae389cb98fc2303cd90445658

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\9FFA4866430F83471AA43239F9084A53ECEAFD3C

MD5 46c0d843b39f27a9fc7fd8000a98abc3
SHA1 c8b8ee23ac75dd0a02c31eab7f125a4bbfaf53cb
SHA256 0ae3355698af3f6cecfde6d25fc98b28de0c22d07f99ee124c77674d9d82e74f
SHA512 741dda069ed54bda48525267027ae45f08077bfded676846b8e3c927e6102b086cae02c6794a7c63ad2101c665041599b14b8049a34597e39206c3ee617c661a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\2A2F2C49639A69B18F6A3173B994B1793B6ABDAD

MD5 5301d77e3d46f4f38e9f90fae39832af
SHA1 3f8eeae26b29a4f2bbbcc1009dee9069387a0926
SHA256 82987cef6538ea419473ac36c753b4580e3f2318421f1febc85ebc09e0d3c16c
SHA512 f8ac59a2508217ca4277bfd349250640d4555d7c8205cb47a9624f1841366bdc22fb96e927984eedca3a1fd7146de9e5833c4b2e816fa2942a353aed4c576578

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\2C033113E46D3048593E0378895288D5FDED5657

MD5 c5d4eab2075ec3fc92eb968040624bc2
SHA1 bfd8fa0e5f1c8ade34114c3d32ff8b423a792d66
SHA256 9748de50be6e473a3d496c155bf238e6552dc8f76c9389113b1f5b6c4aa6c9e0
SHA512 3fc1fe269f585f0ea23f2dfd5eb27422a6dacf34619d1e21257fdc1bded5786236311b71862f033caee8c07e81727a1b56ba49cde6f8cd4d6523fe3678cea013

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\AEF76DE0DBB7AACAA598CEAD49B35E6B5FFE787D

MD5 2ffd304de81aa0b932eceecd7085beca
SHA1 a177b246c7bea44358756ae76caa6e534b51848d
SHA256 fd266c9c53c177e11621ccaf8a79636e279bf7e33d47874ab21f354b555aea4d
SHA512 59894b75b2fe3354987daa25a6d43d1032428a014f9ea68f284f9af786b533d203fbe676ffa93518cc95f0ca188348dc29bb5492d6f275b64f72effb56822483

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\9CBFBF91E9BF3EF3279A51E2902457CEE7F6ACFD

MD5 4fbc5c3d35216ac409c9098d55db7100
SHA1 d427553d303258395d372266e2d9f7e95714d6b3
SHA256 0dd1de2538bd118b2ac9561460c93aff142c6d69bf1023fd608a33d0b50737c0
SHA512 a54a26d62127c419fa1b885cd95ac1a5d46aaf52e1d469fb01554583285ba7a48caee5b9a4c07687387705d162cd1268cd5ba737639b4d26180581c4841547d9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\5B9D47C80BF8F00876DA39662F7F5C8E220DAB88

MD5 98de9df30c4df2156c80fa3fd68ba05f
SHA1 97fa46d14d205a25575569d157af4cdad8667ede
SHA256 2cb198b3686955ed58197b977abb411c8a49d9e4db465e7fd05b808cc5633dcb
SHA512 dd2040949b390295e1b6c0dcd40c24ed1efd3be920cb3da3e11352a8e0550917ef97ae21489018081c7818f0dc39bce84da62527f1c51f4a1f7c19fe9cd1c0ee

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\014C98341EB1374763C7D4C2BC02A7FA5C93DF6A

MD5 18d215e63651cc86c99d8678ddaa84a7
SHA1 3c5f73481522b5f1af9b60bf3f0aa11d2c9a781a
SHA256 61051e5a63422489b5468d523ab41c1d75ddf5b8fb48a76b17fbdcf27130fe22
SHA512 d88ca5def24e9e7551c48c18def961ef10bc6ed8373387e12702bd47d711a19d36dfef2462dd9b5962874b3d35f902ff9b6faea8ef4fd6e950a8c11c3dfc91d2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\A470F9D0E4FC25D5B75047CA094B15ACA83550B6

MD5 30745a5d63488451b273a1eecf0d2c60
SHA1 05163d1f042ca74bb6e110376055b538394ad4a7
SHA256 7d322c648794cdd9ab8bc491face1b25e2a385bd5b7608fa3d3f3c7c33283a49
SHA512 5ee65e77b7d026f25eac119d864b924693a93b743e7474ad429cc5afea1c1082a97b8ae70f00f1ae1ead241a7affec2cc6ca94b04a656f7bcc8626e9d98b3c19

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\B17BB2D15B773E42F1C3A15E9F62824C7DA919A0

MD5 b2992cb0d78ee36c9187cd9efae49027
SHA1 867f51a3bbb6e99f752776afb34c8ba0abc6b83e
SHA256 a40d0e1225d02c47a0094b59ac92cc39947ffb7fec7adea1663e18c9e5773203
SHA512 b8d711884a4f69bfb5b27eb7d0084142676f9543dfcc9e16973e87aaa89dbea31c8008d387f8078feb21321fd6821a4761ad5c988e95fac7c54091632150667d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\FE1374B8CD91A2F96F8552BE9ACF322E7D1B7628

MD5 396915725e4600fef304b2f88913226c
SHA1 be01025eb20ec3727ec9892bee56a4b5387fe0cb
SHA256 14370ac1588b83f234f86ea6dac551a63e3fd1d130d422efe8f0b719c7972820
SHA512 d53fee62f730e7bbf39681f09e1d59a692d6e632609b979a4982f38b77ba7784f168b235fe9f7ceac66cc39f1485e2337b5016c2ff7dc6e4693224dc3332c555

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\58DA1562006C9B8D9B6B9E62A68C4F5BDA816510

MD5 59a236269ae65628e8ea2c89dab2afdd
SHA1 9a68034662bd756a4f517e1198d3f1d06ef1c148
SHA256 fd7d3defd325ec9b98d05255668828efbce5f4c3154c5f178dee34f3452515cf
SHA512 a04eb2e8e73989784623cad687deeba59d029ba0693e9b9afdf1420c04130aede36f98dd5aee3173cd2acf1cd8aa7893250cb800947b7b050490b3cc6cbeadef

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\183B438A3636BF460BE3DF23E02CE65E2610872E

MD5 e77944a4cc3eb8dabfd79769aca70772
SHA1 bfa947e9f62ff5131e0d725b23df96e805a3bedb
SHA256 b3fab3638c811916d01a3ab8f51d460826c9f7777f8ea5a7172c9eef1703fdc0
SHA512 cfa8ba52046b3f7cc1e7722d279b1bcc15534be6fe61c02b9202038799764c3b92b02a365f2c7c125efe1ceb3b79e626018faa8e86a0c4d1de6b8fded328e939

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\038AF74DFA379A26D41C078652150B1B8EFD5DE2

MD5 8db9f3674e21a2524a9cc970ad84cb98
SHA1 e05f39fd6a0fae08f1fae6176a77d5ba2262a2f5
SHA256 0aa053de27b40cca6fbd39f98d37cf264b7e930851bb6d2c7467b4ad4703599d
SHA512 709ac7e50a8dcf34508057af5f4a41e298ce92cf6616ea173b350b6434f99fcf260985d9adc4f3611cbb2825b4fc7836c5fe9e354b99984a0b89a60df6915eaa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\F2DF82944346563244EFACB1668CCB48FDE9BB51

MD5 0b793562ca7c17ff9b9b2bc11d2a9aa7
SHA1 bedc17e31b59b76a46a654c7a35ecd4d2ae6879f
SHA256 669b14209647b4be8867b802e71425cf2c1e6a4a6e1f3b24863aaea4c0a731b7
SHA512 adf0a152424999da0cdb2e78551e20d9c255800bd1efa8dfd054ebb58115dc14e03cb283c6f69c18065e97aaff5829b82ef722e50c2f57848545811fcc5c17fb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\5D122F77DEF2FF3B7ADBCFC0D69872386B34D8CC

MD5 54753655c89aedcafb13a3e4aa74f186
SHA1 b9c3361a71cec7adb5d1df95bdf88062015e676a
SHA256 9458cc4ab8140b821ae743556422ea25d1f07a803a3788fbf034be3b9c0c6b75
SHA512 0fde5267be5f69a72a4f53e16d6a6235735e4586ced22ac394ec8602a55e10532f98cb6889b54e38e4d649d146434290dd976eb139fca5d541a5355173c51bdc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\E955F8DD2742509E600B01698266D9C373F4D5D1

MD5 83495ce947b8efa00715b74096f6cef3
SHA1 b56929b6d747cb5973bdc1520031a344d065ff3a
SHA256 d76e416d9eab8315c25f5ebb4241ee5d885107bdb26dd3c1253fde122225fd81
SHA512 e9de7cac4b862580ae1a0741f96db28a6d323ed4938c4513d4460eb6e30c9b45fc2759afb8789490b3fada55826a2bce94a785488cfd6a9169b08333e1966780

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\250771F509512CCC6F195A247C437E48E65F98E0

MD5 c28f7437579b760c588b4db9dc453140
SHA1 0a9040fa78e846060b2e2c217df5e81e311a35b5
SHA256 4bc246d01cd6a9023436fada1c0735d7de5bb4ac8305b9a5b47ffafe70ab1cda
SHA512 f483ed75d585f2ad47a50ab02c5571f1462d4bd9116c73fc384053468dfc39d4e9526773aa92321877eb12ca9e12022efa51f1a1226c3349f0ad9de333b22e4d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\E124535848F5886057FADED750DE428627ACE499

MD5 0de3b39864411f30c7f0b070643d6789
SHA1 391b4f825262577f13a44e54d56a88e235d8bf5d
SHA256 427b9278b46ed1124f784d466e0e6c7ea79e986846db4eb7fd746a25f85c4f7b
SHA512 69701387bad5011ce6a777dd2b6e6553a65a644acd0ff8f56b0815a4c8a6bfac40f96dcc30c1f4d53fd891bc5b4baa05a11d90729b8cfd2a822c90f87ae9938a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\582BC2CCCFB7DF0EBD97F8F9D7AF8DFEED12C8AA

MD5 8ad9bad65cba45f17051bb08630f3b5e
SHA1 3eebb276adb607135bb238a2adddd34cc41afa8c
SHA256 cc6f71e18a35e561680f0a19551c24716139e52d28a80935a0751daf1118cf58
SHA512 75dbefd1d0a5168f4e21dbfc7cdffb0f99e42c54dba13569f45514861215b0bda42960b04b1f8669d3055235861ec680998cd47b03337a13a2b25c3006e70760

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\7002E71F4F8431A3D59D2158243A0EA278856918

MD5 e25245c2c22fef44225d296bb982d6c5
SHA1 d4a4edd1afb1cfef63a92120fb29d0650200eeb0
SHA256 4d94266d7a2da8994e7fdfc9d33841a2c86c4e2c12465c530d8cac78e36b7ee7
SHA512 cdc27b419285d3ee7dbf1e7276e7d6c738f6675a92a427c8a61d5f74642e24df6ceb3601b94040f2c31b05039b0a1039f61c22b615b856dc214544bf3993d1f8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 cf347f14137e65933d13558cdf81ed39
SHA1 8881703f4cfb58b6fc3d27a9f7a29d760c83ddb6
SHA256 25753bd75ece5bab7c3ab8071e205b65a4eb14f4fd9eeaf4488f81e4cd7d20c5
SHA512 e4d95a2fab9afa19bca626df2e8a78cba3150e5e483c11f9f5e402f69f280805e14cfbfe7be36eb2e28f4edaa5959bf38636ba3c11b5f1999084a7c7401a9aac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\bookmarkbackups\bookmarks-2023-12-28_11_MXsimTdE07JnAHYuzV-HeQ==.jsonlz4

MD5 044b61b1c1f6d225da7deb8f0fca7300
SHA1 f852f95710a224f76e141d47ee92f2004908fd0a
SHA256 2ee7b98ea5e4c8a1a5c0c174d5d9db70867db4eea2dcf0cac40f9e4716c023ec
SHA512 7f30901cbb4bf194a68a2af266f3bbb2988d9f387575569724b6fa977221025294d779d0e9108f5565a2b7acf6a4711a07b1a8711aed20ec6b8fab44375b9042

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 298bc169159a0e71f1f215b1832a1aef
SHA1 9b96d1e0a813f763e6f33f9887ce0864e23d3a70
SHA256 f3e1a4e4b894f50cd3ff6f37c972b20b2c69b6bac246118feee3869155a41fad
SHA512 9cccc3a4675680662adc2ff1f6ca992ccb159998a549cb508de91d9a41960dd9bffa8e824062fb8e5b73aaf40875bed0cec9ef8d91568fabaa539dafe215af92

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-27 23:42

Reported

2023-12-27 23:54

Platform

win10-20231215-en

Max time kernel

459s

Max time network

470s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\main.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2595843030-3811137303-3031389247-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2595843030-3811137303-3031389247-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\main.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 123.10.44.20.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp

Files

N/A