35d158c1b66ec8b1d9bb8c53d917f00fd67e6fdb39bdd5b4d0901f999e63431d

Analysis

max time kernel
84s
max time network
147s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
22/12/2023, 12:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

download_repair.js
Size

32KB
MD5

ce36ae008645fecd463e5d0757f18cbd
SHA1

216ac1bca58c11dff7053995f0c2136e64f3e9fa
SHA256

35d158c1b66ec8b1d9bb8c53d917f00fd67e6fdb39bdd5b4d0901f999e63431d
SHA512

af4812ca94f34ea412e904986534f7e135adf9df40036a6540fc49396dca5a2b811481ddae79301e98478c10ce0481d24f8f20eabbcad240121e77cb78220e7a
SSDEEP

768:k5RHm8eSTrSuzqBSrAxou5KxnbK6KwIR3FI5OhqAp:k5RHm8eIrSoqBrxouIbjFIg5OcAp

Score

8^/10

persistence

Malware Config

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe

Checks SCSI registry key(s) 3 TTPs 58 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002	explorer.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SearchHost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	SearchHost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SearchHost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	SearchHost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SearchHost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	SearchHost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SearchHost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	SearchHost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	SearchHost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SearchHost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SearchHost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	SearchHost.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000\Software\Microsoft\Internet Explorer\GPU	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000\Software\Microsoft\Internet Explorer\GPU	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000\Software\Microsoft\Internet Explorer\GPU	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000\Software\Microsoft\Internet Explorer\GPU	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000\Software\Microsoft\Internet Explorer\GPU	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000\Software\Microsoft\Internet Explorer\GPU	SearchHost.exe

Modifies registry class 43 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\IconStreams = 140000000700000001000100050000001400000050003a005c00480066007200650066005c004e0071007a00760061005c004e006300630051006e0067006e005c005900620070006e0079005c005a00760070006500620066006200730067005c00420061007200510065007600690072005c00420061007200510065007600690072002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50100000000000000000000e7070c00420061007200510065007600690072000a00410062006700200066007600740061007200710020007600610000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000053489c68602fda0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e7070c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff75ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e7070c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff81ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e7070c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff82ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e7070c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff83ae2078e323294282c1e41cb67d5b9c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\MuiCache	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHost = 6801000088020000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\MuiCache	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\MuiCache	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\MuiCache	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133471228618594693"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\MuiCache	SearchHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3213149797-706813642-929964373-1000\{DB3B2D8A-6B9C-434B-862B-B14EAAF7F4D4}	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\PastIconsStream = 1400000005000000010001000200000014000000494c2006020004002c0010001000ffffffff2110ffffffffffffffff424d360000000000000036000000280000001000000040000000010020000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000424d3e000000000000003e0000002800000010000000400000000100010000000000000100000000000000000000000000000000000000000000ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff0000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff000000000000000000000000000000000000000000000000010000000800000002000000040000002400000001000000000000000100000000000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings\MuiCache	SearchHost.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4732	explorer.exe
4732	explorer.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeDebugPrivilege	5988	firefox.exe
Token: SeDebugPrivilege	5988	firefox.exe
Token: SeDebugPrivilege	5988	firefox.exe
Token: SeDebugPrivilege	5988	firefox.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe
Token: SeShutdownPrivilege	4732	explorer.exe
Token: SeCreatePagefilePrivilege	4732	explorer.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
5988	firefox.exe
4732	explorer.exe
4732	explorer.exe
5988	firefox.exe
5988	firefox.exe
5988	firefox.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
5988	firefox.exe
5988	firefox.exe
5988	firefox.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
5988	firefox.exe
4732	explorer.exe
5988	firefox.exe
4732	explorer.exe
5988	firefox.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe
4732	explorer.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
5988	firefox.exe
4732	explorer.exe
5388	SearchHost.exe
5496	StartMenuExperienceHost.exe
4732	explorer.exe
836	SearchHost.exe
8	SearchHost.exe
4536	SearchHost.exe
5248	SearchHost.exe
6956	SearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5988 wrote to memory of 4584	5988	firefox.exe	81
PID 5988 wrote to memory of 4584	5988	firefox.exe	81
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5684	5988	firefox.exe	84
PID 5988 wrote to memory of 5596	5988	firefox.exe	85
PID 5988 wrote to memory of 5596	5988	firefox.exe	85
PID 5988 wrote to memory of 5596	5988	firefox.exe	85
PID 5988 wrote to memory of 5596	5988	firefox.exe	85
PID 5988 wrote to memory of 5596	5988	firefox.exe	85
PID 5988 wrote to memory of 5596	5988	firefox.exe	85
PID 5988 wrote to memory of 5596	5988	firefox.exe	85
PID 5988 wrote to memory of 5596	5988	firefox.exe	85
PID 5988 wrote to memory of 5596	5988	firefox.exe	85
PID 5988 wrote to memory of 5596	5988	firefox.exe	85
PID 5988 wrote to memory of 5596	5988	firefox.exe	85
PID 5988 wrote to memory of 5596	5988	firefox.exe	85
PID 5988 wrote to memory of 5596	5988	firefox.exe	85
PID 5988 wrote to memory of 5596	5988	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\download_repair.js
1⤵
PID:5844

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5988
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.0.1209000107\1925456076" -parentBuildID 20221007134813 -prefsHandle 1728 -prefMapHandle 1720 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd009c25-731c-4b08-b54c-56c64b038db0} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 1820 221702dd258 gpu
  2⤵
  PID:4584
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.1.286347026\633599398" -parentBuildID 20221007134813 -prefsHandle 2212 -prefMapHandle 2208 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0ff8416-4e5e-4cfa-aa66-1a5c7e58c493} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 2236 2216486e858 socket
  2⤵
  PID:5684
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.2.1411538727\1837277855" -childID 1 -isForBrowser -prefsHandle 2848 -prefMapHandle 3120 -prefsLen 20821 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68d47e99-8753-4d12-b632-dc79ab631a0e} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 2860 2217026b658 tab
  2⤵
  PID:5596
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.4.1617133205\2119120098" -childID 3 -isForBrowser -prefsHandle 3768 -prefMapHandle 3764 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfbe0abb-d8d1-42be-9f48-3e78229a763a} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 3780 22173b32258 tab
  2⤵
  PID:3360
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.3.1071180372\1272926030" -childID 2 -isForBrowser -prefsHandle 3376 -prefMapHandle 3372 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c06c9bc9-8589-44fa-a956-5d0a73a35ba6} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 3364 2216486d658 tab
  2⤵
  PID:1272
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.7.1085669133\370612510" -childID 6 -isForBrowser -prefsHandle 5280 -prefMapHandle 5284 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3ea959a-f444-42e2-a5ee-e95576560510} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 5272 22178343b58 tab
  2⤵
  PID:3508
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.6.831104509\1745443912" -childID 5 -isForBrowser -prefsHandle 5068 -prefMapHandle 5072 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01210f46-542b-464a-8c17-0ee42a6c28c0} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 4952 22177f0d658 tab
  2⤵
  PID:3428
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.5.881056948\1084157631" -childID 4 -isForBrowser -prefsHandle 4904 -prefMapHandle 4900 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7780db06-933d-4160-abdf-00a82bd406b4} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 4928 22177f0df58 tab
  2⤵
  PID:3248
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.8.114386660\823837230" -childID 7 -isForBrowser -prefsHandle 3396 -prefMapHandle 3392 -prefsLen 26283 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3190214d-5dc6-40d9-b631-b5405312ba56} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 4084 22172f49258 tab
  2⤵
  PID:4996
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.9.305047703\2066308088" -childID 8 -isForBrowser -prefsHandle 3168 -prefMapHandle 1208 -prefsLen 26283 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e278f717-8e47-45b8-9544-82dd8b7cb55f} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 1596 22164864d58 tab
  2⤵
  PID:2900
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.10.1664039260\485559758" -parentBuildID 20221007134813 -prefsHandle 5616 -prefMapHandle 5636 -prefsLen 26283 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa84b3e4-688c-474f-bff6-5f89cae6ca36} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 5632 22172c33558 rdd
  2⤵
  PID:4080
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.11.1592165329\413538744" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3604 -prefMapHandle 6108 -prefsLen 26283 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {125df696-0dde-4fc0-a012-20c87fd62ed8} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 4084 22172c36b58 utility
  2⤵
  PID:3224
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.12.721157259\1075376470" -childID 9 -isForBrowser -prefsHandle 6292 -prefMapHandle 6288 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8449f10-b604-4c5b-92e7-414e254e84c1} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 6300 22176f31d58 tab
  2⤵
  PID:2360
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.13.1492811049\242445828" -childID 10 -isForBrowser -prefsHandle 6272 -prefMapHandle 3428 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd1efaa7-40be-457c-8e86-86e5e4914851} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 6100 221705cb558 tab
  2⤵
  PID:6852
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.14.705644047\1849652994" -childID 11 -isForBrowser -prefsHandle 6944 -prefMapHandle 5432 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f2d8795-2948-4231-be77-d19afddad8d3} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 5300 2217680ab58 tab
  2⤵
  PID:2424
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.15.871556616\2035390153" -childID 12 -isForBrowser -prefsHandle 6704 -prefMapHandle 2740 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c07689fc-b9a8-4379-be5a-4b0eb69d2082} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 7036 2216485d058 tab
  2⤵
  PID:3280
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.16.1414072678\285005828" -childID 13 -isForBrowser -prefsHandle 5532 -prefMapHandle 2896 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a47d40a-9774-4cac-a7d9-4afa59d9c4ae} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 4960 22172f49258 tab
  2⤵
  PID:6876
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.17.496305201\1934935634" -childID 14 -isForBrowser -prefsHandle 10412 -prefMapHandle 10848 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ee1d266-0371-4308-8142-cff44888b379} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 10516 22175e87b58 tab
  2⤵
  PID:6840
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.18.134403882\513558598" -childID 15 -isForBrowser -prefsHandle 10348 -prefMapHandle 10312 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c873698a-a912-4ff4-a41d-c5189ef7fb54} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 11092 2217876d158 tab
  2⤵
  PID:4068
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.20.321823608\263621353" -childID 17 -isForBrowser -prefsHandle 4560 -prefMapHandle 4564 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6132183d-d797-41cf-a024-88066d15bbf7} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 6664 2217876da58 tab
  2⤵
  PID:5916
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.19.192238750\1622979742" -childID 16 -isForBrowser -prefsHandle 11236 -prefMapHandle 11240 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b2fa1ab-6142-47e3-84f3-d569b5fab900} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 11228 2217876ec58 tab
  2⤵
  PID:3936
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5988.21.35129997\34996439" -childID 18 -isForBrowser -prefsHandle 10408 -prefMapHandle 10480 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38cedfe3-3793-4fa9-8c52-cb20d140a8fd} 5988 "\\.\pipe\gecko-crash-server-pipe.5988" 10872 22172df0458 tab
  2⤵
  PID:2456

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\7ba465bf6b3340248935afda878ce6f6 /t 3228 /p 3224
1⤵
PID:4472

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4732
- C:\Users\Admin\Downloads\bestnoclip.exe
  "C:\Users\Admin\Downloads\bestnoclip.exe"
  2⤵
  PID:3676

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5496

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5388

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:836

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:8

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4536

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5248

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6956

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004C8
1⤵
PID:7160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:6236

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\doomed\13244

Filesize
16KB

MD5
7922b5d5bd0aaf7b12b1a07c046216dd

SHA1
8aedc2b4ec947facc694ec099a157d93ad47098b

SHA256
4760a7d84a262d1e4a1a5f207443da17190dd85982b1a49ec7c2a414102ba842

SHA512
e017cd316eb4d6dbdbadd0ca89d0dd95312947e668a9c649553529c34c58bda02f23b18a5d7c1a47ee08dde1a01c05efb5482bcdaafd0b8df4ebdfbe3482091e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\doomed\24736

Filesize
17KB

MD5
617406fe40ea136b5e051e963c67f91b

SHA1
c2c06494ca27a9a3eff2bbd5f08fc6740511b351

SHA256
a2436945a3bdada92d4d665aef039cdff9f1c7a3628e0652c591e5086826b268

SHA512
291a1b30ad1bf0db749e917c10329c7b7fa9e4708edfde842ba8bbdd9d864a7561c49d8b4bc0351fb1d0e0a379a7e61f731b540a06c030b3a7f80dccd783968c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\doomed\25827

Filesize
8KB

MD5
2bf65652e27b48d9257f958fa7eecd04

SHA1
2a6fa0674e4659f6cf539d34520d23fbc316dc06

SHA256
88cc4c1c25dc83cdc4d6963614c8565916f0f37645f231e3d5e0402001748496

SHA512
315d94ad7925895ef43358418c5c6b59218902f32b80bd246e27dfc32bce0a4689e9b9e02f5e87884d5b09cf24575bb78fb36339518396f2e6dcffeccc79b139

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\doomed\2629

Filesize
19KB

MD5
21bd889077ba3b86085211b490366614

SHA1
6ae3898bb038b0936a34585e1933238906492bf4

SHA256
8c8659cb4a966c75bfdc21fa46b28a3cef0d21ae639e0e591e7cf0a8982d613e

SHA512
72f3b9a6e95cfc587c9ed4a0e635eb562ca3bcb263074e37507a0e0a518fb927ddeacde9f2e50e93ff010ea6a7a874854606b93255aaa9a6e880fb237731dc8f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\doomed\26307

Filesize
17KB

MD5
d638a5d4aae52504bfd380bf2a122cd4

SHA1
b77a8aa6a959f2f6021c83946d54374f68d6b5fb

SHA256
109021135947de633bb27eac9eb3488390a2cd84bdfa823f7cd1a05edb65f077

SHA512
d347df6e555d69df06ab329f492773ad6d3969a61e44861e3f9ae5ddf4d944d2caacec05b3707e1c53ae824e5119322430c937d4ea59fadbd6cb3d989683b141

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\doomed\29239

Filesize
19KB

MD5
b4b70ebcc0e333a35cf699303eb9d1bd

SHA1
443845fb9cdd7980540d7cafd90d81979302bdd4

SHA256
d6b29f27f5032dde14a42a46ff2864fe3ca5fbd9c8d67bdef31101e9b75abe49

SHA512
ce529ca6b586d84fe3325028cd24e070396f72c5ac8709b66167b852c92acb2f0655122ffc6340cf8fa475fb380429fcbf1f80baf68713f276cf6a47a101d2c4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\doomed\31378

Filesize
30KB

MD5
c8664257465b26df45bd8728849ea4f6

SHA1
4f1d118594c522a700ed1592d74d94a3d374dee9

SHA256
c26443f05f5393089774eca21c384f982719ba825da203539d7befdc56e97d53

SHA512
c5a5bb0d080514fd5d056103046521d294234e32ae2909892d73a115dc0320dfbe4dcc5bab6fbca2dd985a60dd0270ec8594fc5fd25f75f5c2d6fd5a1d7838ed

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\doomed\5030

Filesize
21KB

MD5
4948183fb441cd511f305c211d597919

SHA1
76a0426c488d7d82fb6a8045ec24a84428944961

SHA256
2cb116473a9dab3e88206f7f8ea07442534961d792c2fe179d6815b2c10f9656

SHA512
0306ec7043f7f7ae1ec3eb0831bfc47a730d8b7ff6604072579978aac9af4551edf8affaf1df23b37cf944546ff874e2b2964126604378d6df429d67252d45e3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\doomed\549

Filesize
19KB

MD5
68d7fe643a7597eeb9e6ebd219aed02c

SHA1
8d1a598903cb8417fdc7332863828ebc87efe6fb

SHA256
0ce3d5d5cf6482c72eedae9c2126c2e9c5cee48e933a72799f0f0f1a65d00a0a

SHA512
8f7a6f458f9c56a7882b61d5532c9087efd8c6519aaa66d6dcd9b7866be1d58ae583321840d3de16fa5fe89edf83ccaf2fd61cd2700ac5f20b746c0ed0748c01

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\doomed\5697

Filesize
29KB

MD5
f079e8afc722e09ac2971678af9d7a03

SHA1
59dd74f2f9f903568c126a76227f66b0cbd668e3

SHA256
171a1bc42786dc7736e15a57aed7098c9c00d71cd7822b1b88cc9d21fcaf7bed

SHA512
c90f94b86bd3ce6eafc465e101f0e44b81a9377086aa4544df7b14a75e09ebe97b30b3104094d3a9327cd0e066b79b95bb2b52fd66458b32205514e26b3164f3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\doomed\619

Filesize
37KB

MD5
59b346d8dd1e7ea58feedc1a1b946817

SHA1
1307abfb5ff4036b88d2fc14fe767d72b0cbb6bb

SHA256
db17aa003e3d21a9e3df98a4f0d82343966109314c1c24689691623850295cf0

SHA512
4d931870b6aa49e6edd1f577ba7015ba2f44bbd5cfd1659c2e863959acc82ea342dac8493fe363a46ac5e0ed0e067288a5c8f245a94b28e20e0ff2d4fff66d81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
b7aa2e70807b420fee6728db7b60f165

SHA1
8dffc371409a887bb97e398faefaa94aa3d0bfaa

SHA256
14275dcd199b5e74dde1ec94d3195385fe3071419b3e7db6f2b16efdf446cfda

SHA512
33f733441708f970a9123bdda62612712e3ceec32f8fc904f966dec0569000c76ef5115eb95b8b5cb13d326e65da01fcd757e00443e226a671503b47fa4d8eb0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\datareporting\glean\pending_pings\4824fa6c-8a9d-49e7-a1fc-51333b4b0d38

Filesize
746B

MD5
ed37fb9038f4c840be3a33d545b23673

SHA1
ed46b48b452f80f4192bbb0038e5813c4ef08d52

SHA256
cffe1a79fe42584769fe07a0af5679aea3fb012b89b561134ee9f456fb1de68a

SHA512
1ce9f96080e908193721e1f9c44ea0b2b16423d893805db9c90b001b39e17809fc92fdeffbdb53cf2a47e8ac7a746dfd877dd2b13ce45b74d7dcb9b7ed32c566

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\datareporting\glean\pending_pings\ad542a69-2c49-4c2c-8ccf-d15a5c6fcea3

Filesize
10KB

MD5
aab0bdfcaf93e4d688b9c7e1088ec099

SHA1
c5384d9af4004d7405c92a19022c7534346d7a41

SHA256
a85a0a983e573e8a0113857c51fbee433225ee1c1096ea6395a11ac2a135244f

SHA512
4b4442428dae131bccf24b4d34a1077f0429d127f7d3589cd1b61a200333bf90e39638bd03306383dc2806985b0804460f8b5f19dac21b4f0863063c6cc777bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\prefs-1.js

Filesize
6KB

MD5
7e59915f23e73d204172233db1b2f64f

SHA1
b8d15e36b9a67f1f319ef0c5cedff0977748c891

SHA256
258dfeedb6953258103d10b6997442374ce2ec0b55a4e8f0240907978b57bc40

SHA512
18151d5832f477a6a956d127d96aaf0271fa7ed52a5b9dba9d5311aae6340a2325ae8de707feb80b4a986b1982e996e649bda9af2c51a27b5e96bf196529a659

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\prefs-1.js

Filesize
6KB

MD5
eed227e473b3c1a20e471b183fef74ce

SHA1
a2bae06efe34c6867d6c9f07d5904ceb1b77147b

SHA256
94ccf7f619fc53e2aa329bff476dcd347ebd000089820c78b62fb4930eb4319f

SHA512
2fc3c09c1eb856fcdf913cae975e9ac393bd04018dce766d1676cea8c3591a04fe2586c1f721478504357dcf0551fa3ee52059154da8a19c208a718defc66750

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\prefs-1.js

Filesize
6KB

MD5
df36624d83c3ae7024d5bef4819c647c

SHA1
38de1d7647789dcca01e3ceecdfdb6e142dc5bc7

SHA256
a4bb6348a5dced0d42904fd1d6d4451c64e1d3826ed7da35c59142190da38e54

SHA512
3e13b15f58c01a1406cc344cc46e2c08d4c13e59fb79aecf7a32efefaf1da9582cf647da545e812483cf00c1a3e439c5417df710c0160078c21fb64845fcbce2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\prefs.js

Filesize
6KB

MD5
0a80a05a68d0fdca1b8c1b8c3b8fa19f

SHA1
bae99250f87953855cd4368a6946d932c0dafad5

SHA256
677ca3bf5dddcb2abaf56c11874c88344f7b81b4d36161638582f27d89cdd649

SHA512
977aeeb84ca44055af0f91e5485969fd983b3af3ced550bdbebbe509cc9d17f5befd1560f9a96b998c2ba198553c22d4c8b14135c38d78952e9038dde9034931

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
8bea68d151def1820cadb0c46399f22e

SHA1
448ff6d0ff2a0548e983b237f6bad2634e16f2bc

SHA256
36cccfd73076271fb9645cb7411cdd508c7da608289b68e345e5acd017d7754e

SHA512
3f3354f5bb491b234ffc0fa7e470ce361b18878bb53aebfc620fe17ca557062a4efc17da8551acab30da5f88e7a614aacaf8d14f48981baedaa886db8f0b57a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
45d15f5332267a0caa29c22dd6bd382e

SHA1
07a28c4f137902ce21bc0ab3d74be9c31ed0663f

SHA256
74ba2bcc164e9b620e628e38f75344a8422532f6b36e0ce1c5c7b4e61ecd98d2

SHA512
e30814337cf8b7fe12dadea48582a29fc115bef51b02c6152ae616e2d5f856fe77a6ff3a3ce56b4340cc06c5f050cd30000a85dc971e67c8971591ff2f6d915a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
9f1f1ac70c3899fd48a51362c131e96e

SHA1
94aacf3378c1ad32ec1a6dd3ab872ab56ceab794

SHA256
16710f1597a9a26f18437ed756bf25bac1cdf1df4cb71c27891baa01d6593882

SHA512
5c7cbe2397762eb4b56b864444d0b58d4224aecf820ad6518ecd78e46cfc375e6a2d72e41f216ae5ecad0876ac2b8877bf5a2102031dedc9e33e74ac56aa3eca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
b6ab9b9e17f26a1dca2779ff7f514aae

SHA1
04a7827d4b62702bed2f69e13a183f9e7fdbb595

SHA256
37e81e571aff0c385ab86f07f10831dcb53b26f7d3803c0c01ca3b1accaf9c1c

SHA512
1c76d4973f8368f4c6f16fc4bc24b41a70c6043bf11de79f09d83cd3740477af8597d136cf66cc272e00c6b24e44bf387af3f6092f9c848c4edfbb159b5d458c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
a47e8f43fe199e4b83213438dfbf4b80

SHA1
93ae858a0f2ada9317a931c7eb240468f53c40cd

SHA256
c980c6bf066463586f292519dc0e010515b8905bd8a98f95ce584d7cc54b0edc

SHA512
39a8bd745b5b658943f42bc733f09cce021bb554cf70434da75c8785e6009e98efc9a662fee697f89753c4a78fe3f8aa8e8ff703d74b138e387755170b862b14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
c495d2982c96810bca7fb0bbcd8fffce

SHA1
e9475e732cd78d0319b32ab437130148e9b01bd4

SHA256
366699ff82d7d028b7e18269a109a17df614463fd6e6de78fe22969b7abdedcf

SHA512
cd9a802a994fdb5fe528124ea33540165c4e7b5567a833aecc9688145435853e785e815bd9ad5aa0b4c6d263a6c69a3dc1fcc6ec218fa9dc999a5b365e183d62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\sessionstore.jsonlz4

Filesize
10KB

MD5
738c9a0dae5d748dfed144a9a54da9fd

SHA1
29a9dbef7dc0984183331910cfe588488d333d6a

SHA256
2917e99cb1da89c7359b513b2a7779e5c1690690644c49dbc427d822471358be

SHA512
2bafdf52683dd310581201104d056ea915d41f5d4eb7771c479a11a9d039eaf7b0aa542c3221ddc7d59b825f3ab4b636fc5038d622f63eed7ca68cb2f36c58eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\107\{e8768454-4610-454a-9c49-b0d73dd0f76b}.final

Filesize
282B

MD5
3183686d3a59ab0d15fab2be7411e186

SHA1
22d29c6b9fcfa649773e12680f00d868e6714485

SHA256
2a1c50b6d5014af422db7ff5661a5a68cb0c27ee9cc4768c99502ada0eb63867

SHA512
eb7dcb18d20e28d283ea7d4cfdc08c0da81e0499089117ac068194b1ca2be661d380fe7d938d5828c42d711842bd3793b2dc2a3fe6285fab83b90be4fe3c7b16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\108\{da56135d-f4aa-4b97-90bc-0680469cca6c}.final

Filesize
387B

MD5
fb3d6634360a9125ce7edd27c987c8c7

SHA1
d3b094de4065f9302bc48d57637bbe04cca19d0a

SHA256
e75d4b40320638f498c0e1b2daf9a4c9f2ef1f09010d48a88740c48b43d306c3

SHA512
c880e7c9a5174e0e31a733393744e19c82e6a7f424be9e35a6736cc1209d17552e0c5a6cdb8cd725a77a00f15d2e4065b21db78a99abb5f35758d32adb52a53a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\124\{05d6fa1b-bb06-4e9e-9294-ac45f335277c}.final

Filesize
231B

MD5
45e25bb134343fe4a559478cd56f0971

SHA1
79f18ad0b7e3935c3231ced0edd8ea3c7997ca93

SHA256
dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678

SHA512
9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\125\{cdde7cc0-9cb0-4959-aa0e-1126d53bd67d}.final

Filesize
225B

MD5
cedfd917c042bfd5faea22058d451ad1

SHA1
5a98904fbf1c9bea6d27f75c42aa49c66db8c54f

SHA256
9cfc9e25c7e723abf5c14049886f33d836c6ab91b40218920efbdc864764f3f2

SHA512
5f7513b881549aba1fad170019ddf45e780ddb6a576e08365f4c9ab2c8bf4e7d2d5053b1db4ec6a2af570de21a182fc8981a0790881172d8605c023fbbbba4d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\128\{8d9f729e-eeb3-4644-98dd-d26abf769680}.final

Filesize
334B

MD5
5a85b3ec969004ce7b23e6712c04860a

SHA1
dad284278108abf777290add4971eb92142d52aa

SHA256
bfa4bd5ff49d8418628f3a3c0da5b6d8a95d5436168b9482d6de954c0fea74b5

SHA512
37d836d572226967995b3f20557f98e4e55b89c08fdfbddd4dc45a6d4ee90a24e5dc8276d0e1971d7b366712bba3382086183e1498b006905169b758e44394a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\128\{dcdbf8a3-e0f2-4657-98fc-8445a3cadb80}.final

Filesize
216B

MD5
321ea72e49df8692233391c1f36451e6

SHA1
2f016758fc5830a806ed9891e574936db521c034

SHA256
8113ef313d8a5519df57034e29db538c65721112804bf1a1a446b8302ae7e0d0

SHA512
86d5a408e472a62c2cfcf69a5fadc122f7a62dae866a36fdc4a7381de6cc8028af4ba51cec9c827b9815c26f75db82c4813ab25682c728c1f03d3bfc7ff21114

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\128\{f086ab03-6258-4d34-89e7-dcea213d0480}.final

Filesize
669B

MD5
5dac736054f1bfd6efddc9f8941f6513

SHA1
8d333e22dc6fa20e26c4732d5ff91c954433185c

SHA256
e1f390622425670904099ccdffe9b808e555fc402e7015697d49f9f22abf9175

SHA512
3ea570e7041a136d250e5e94c215b468991b70a6d6609ed27907aba24123e068e08559bbd96ca39a615a52dceccd524e3aa52702a8ad544f8a7b952fff935577

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\12\{44168546-a381-4bf8-963c-42cb7d1f780c}.final

Filesize
329B

MD5
06ce5d1f93456bf84d4fbc0a21d3c723

SHA1
e5af6cbbfee1f0f6664598bc5857bf8cdc1babfa

SHA256
0495e9f2a6dd37a787587b96429e7e96a5821085f53507861063e51832f853f0

SHA512
24380f9c2f3945dcaa3ef376c8c0d809ef73d5d88ff16bfc85b8f63cbfc9cdc21c2584f9866e835d93eefbc50ac7b692683c5073c6f92903a1f83b8181b8ad0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\159\{94aeade7-f127-4ac9-bfc5-b09af5af819f}.final

Filesize
168B

MD5
51bb0fe00991a2ae6707b3aefc583918

SHA1
21ec201ebf41ad57faaab02f7961ce5a746e6dbb

SHA256
97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a

SHA512
41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\179\{cf67b50f-c0d6-430e-92f0-75a33977afb3}.final

Filesize
465B

MD5
2300eafff09d478fbf68f49fdafbff49

SHA1
12f127da15a69beece4f71f600975e0503c77ce1

SHA256
f8c94c9f9dd4455eb89053d024bfd28afa482a9c697732ce5acb2df3144e885f

SHA512
93d447b0a87e4c25dbca71a80a198693b12c684c0a96b370693d693899230460bbd8c85c137dcc0b4872bd2d85fd0d10bfe3f4137c1b08f01da3a9bbfa481447

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\185\{fa10aada-3ebb-4b2e-81cf-dc69de8decb9}.final

Filesize
78KB

MD5
13d8c9ed8f81c0492e7474d2caf49bfd

SHA1
898d5672a87a089d82b2cf97611b8609f9c0a537

SHA256
83464bb72472931e6beeaf7abd74ae5527476e06d5bd7187198a91b6a0ebe666

SHA512
9c55b57eae2156475aad24bb6a59496781aec330de9f0b1d3b1882f411594c497841ac83b20219b61105f237e391d8f0307aa8be070b4d308f18765a699bb70a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\212\{c667866a-7bb3-4c89-963b-1aa1deb049d4}.final

Filesize
557B

MD5
329d8ae08d8dc87f86a511b55ecfc6ee

SHA1
46a40fb3e9c046870707b0a98fff5a53cb4857f8

SHA256
a61773d79b8fc91cde32c678a7e7b10cd7ee94c0023a83cce29180c032f5472d

SHA512
6940b02abfbf4cda7439f2b0ddbfb7b63fcc451b12d2a3fd4dee2e0d1f2fa3c23af1b5177d7e6f68db6252d5aaaa702838bbdfac9cbbb12b6588e9db535324ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\212\{ff5b2454-4fb9-43f0-bb96-62202ad839d4}.final

Filesize
4KB

MD5
9162275da3a24ec77988bc391bedb848

SHA1
4920971d0e9ee21774a63c75fb454c6aed3f464b

SHA256
f65216e1f0633f485fd242382097ff38d0834bbda8555cf99e27580ac08a02d1

SHA512
a8d3fe3e53a99536d96d14288f090e023512deb5fd89daaf148fc0c6f7cf7d21b762fada5f257d7b9d75a395dc04a97a0a4fc316c3b3d2df354288a79e8b2741

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\217\{d0cb9797-95f3-435a-8dbd-0d0afa2662d9}.final

Filesize
369B

MD5
2d5401040d875e10273c9d8ca9fc511e

SHA1
79ba0a97214692e52090f4d2063deb4f20ade88c

SHA256
31342b78121940f85212b9b664588235affa0cc7fa398e80d5f3914ea12efe88

SHA512
b82ca313bc8e3daa966316e10c8303d144aebce1c00761df10790b93113b6eac2ebca429f099d88750427dff8de2a7448fa470e5cc2eb000c7cf71ee73c3edc6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\245\{285cb83a-8a30-487c-b74c-b0653977a7f5}.final

Filesize
312B

MD5
7981f433590b9d8b8a3ddcbd9d4a83ed

SHA1
58944a6101a8cd3e37574d26f2d03638c0fe2b2b

SHA256
097ca92e3fe122231764cb6d23deca18894c83cbd4128b39e925c88c061096b1

SHA512
67e541767b07de4f4a1b88b13c5ae2f0b0df41c09b22648d8681cd7e7cb2cc7d0c15f685f8d6165317fa5956687f46731867892d3e811b78a9b6df2eb3565d4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\249\{f9ad0abd-8324-4b6e-b028-b2766d5c12f9}.final

Filesize
197B

MD5
f8a4486578289f338eccea68bf578c6e

SHA1
6cbd17168a35b3f10b74a28f1fa3a83e161a7e35

SHA256
264c3ef4f7bc3f390875ca49d87ec35f9c4f0bbb0eabfdb38073951253ca721a

SHA512
e896ce1bbfd145a4c38f7e81a8afb12c3f354d5632f24f26cf19e8b5f1a466fca8d098e7277a4c0979170c37be25b6cdcc0654ae94f46908bde1810d4c03c3c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\27\{6dff1446-fd86-4ece-a91a-084eb388ab1b}.final

Filesize
232B

MD5
030dd07949fee4d5e67e6885b76ccedf

SHA1
a83002727b38d84882fdc444a3f5d7fd7963acae

SHA256
95c8349deca56128ead6daceb682594a737a5af8a03b70065e1f2c6c4fb84209

SHA512
f094815a8ed89bb7e6376238142cc13887694fb184d9ffffdac56b7fae2bde2ce7acf3d50c0431d14ca2e03620526cc21bfe1b6c44b467e079e30e9dc3a8e87b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\2\{7d9fbbf9-dc9c-47cf-9860-3314ccfdb102}.final

Filesize
258B

MD5
d0d1672cc7d147f9f802ebefdb01e914

SHA1
22ed7eb147f695ec1df8ae6f43cb7787dd0ea652

SHA256
62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f

SHA512
7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\44\{bc277055-4936-46f6-affb-d2656e672e2c}.final

Filesize
3KB

MD5
5b0f165bbdb71faa1bb5b26c4f022e96

SHA1
704bbe81e0d8370e675246e1cbb347bf8599aa45

SHA256
b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f

SHA512
6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\46\{9c591700-ba4f-4c2c-83a4-e10ca3626a2e}.final

Filesize
132B

MD5
be203547ce77fa7a91259437b55c0d1f

SHA1
cff2ff2c9469ac96eff7baaa308cdc886fab804d

SHA256
e5f9c781a4756c64455652d9b4bd944aab9ecc1eef556814c00b1797209f4840

SHA512
adf00778a63ea8a143f8fbbf61188392a87a376234e17856339036854cff3a5247aed0b1c0b603332e244d348d58402ba58b32f6df6cc8e18f9d8242f6573f71

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\80\{11fcdcd6-a039-4f28-99a7-62d91ff79a50}.final

Filesize
294B

MD5
b719a3c8378a40cb900349ad2a922921

SHA1
10a71eded94cf7fcf70bb4952a35434526264e88

SHA256
7d6082dff0e7a043a631ee1ac1c1e094458d7f7607d075db809ca60f531539ba

SHA512
5bbfe366cc072b80c4d35c45ec91c4ce60a6f5140e6ad7109554ca3dcecb765336ffe938bf490e99c8edddbc3571d41c8e2a34e1becdbd9adaf334b15207e167

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\cache\morgue\86\{050d0ca9-94da-40bd-803f-0a82dbc2d256}.final

Filesize
192B

MD5
2a252393b98be6348c4ba18003cc3471

SHA1
40f75302fcbe4a8ac2e33a8d9daf801abc2a9598

SHA256
04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee

SHA512
07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\idb\2171031483YattIedMb.sqlite

Filesize
48KB

MD5
cca7e9ed3532f599c0cbbdd19bc0f80c

SHA1
cec4397017f11f447885ca84772cd500264418a2

SHA256
e459a57a7f36bcf05f237d2915d4ce6cc49e744a6c2a00b4d9bce8439354fe64

SHA512
3407acc5b085b46e6d15a8e22b700d737400f41ac4bad73fe0b8e85d063deb8b53e1bd5c42f9d3fc91addba27279dc698a57267bb418c49edaca558ce6ceeed4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

Filesize
40KB

MD5
a296929ef6cd7fd505ba7bffff24b8f5

SHA1
5647168f8d5987abcbe378011952daf70b7ce0ac

SHA256
5a96cedfb8293b131891c6e015d1e7994e0361464435edb9f0a2ef2c84a85f46

SHA512
73923fa196b6a7bc6e1f0251df8fc5734b2245787c68ecd6fb3f54ba29477e16c566e84124d99b5e58ba6d2b9b4bc5451680965c47fa754e7d0ea8afbb6cec47

Download Submit
C:\Users\Admin\Downloads\bestnoclip.exe

Filesize
34KB

MD5
bd5608e6e454dbf96a78b99f9d86f81f

SHA1
9af7cbe17411fc4598d4e8d90ee0ded8a9a52ba7

SHA256
b2fbe4e493e8cdb3b48b8ed110b54676bd63ee9298efcbaaa9c2485aa26a0a33

SHA512
73f119b7168190636e6574ec23d9e5a076958b62aeda37d2a588f58d5ec7d84313818a186fb06dfe9643a8ff369c4c111ad19baf862f387f9664c25ac4a65baa

Download Submit