hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/tree/master/Worm

Resubmissions

05/08/2024, 23:16

240805-288dhsvhqd 8

05/08/2024, 23:04

240805-22dkka1fpq 3

05/08/2024, 22:58

240805-2xte8aveqb 8

Analysis

max time kernel
297s
max time network
285s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
05/08/2024, 22:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Worm

Score

8^/10

aspackv2 defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x000900000001ade6-1463.dat	aspack_v212_v242

Executes dropped EXE 2 IoCs

pid	Process
1600	ScreenScrew.exe
3992	Melting.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
241	raw.githubusercontent.com
242	raw.githubusercontent.com
243	raw.githubusercontent.com
238	raw.githubusercontent.com
239	raw.githubusercontent.com
240	raw.githubusercontent.com

Drops file in Windows directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\ScreenScrew.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Melting.exe:Zone.Identifier	firefox.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ScreenScrew.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "23"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = dbc8902e8be7da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e1d53f1b8be7da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "604"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url2 = "https://www.facebook.com/"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url6 = "https://twitter.com/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "33690"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsTime	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount\url5 = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "132"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "705"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount\url2 = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsTime\url4 = 0000000000000000	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsTime\url5 = 0000000000000000	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 525e06398be7da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\ScreenScrew.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Melting.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4760	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 11 IoCs

pid	Process
3056	MicrosoftEdgeCP.exe
3056	MicrosoftEdgeCP.exe
3056	MicrosoftEdgeCP.exe
3056	MicrosoftEdgeCP.exe
3056	MicrosoftEdgeCP.exe
3056	MicrosoftEdgeCP.exe
3056	MicrosoftEdgeCP.exe
3056	MicrosoftEdgeCP.exe
3056	MicrosoftEdgeCP.exe
3056	MicrosoftEdgeCP.exe
3056	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeDebugPrivilege	648	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	648	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	648	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	648	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2996	firefox.exe
Token: SeDebugPrivilege	2996	firefox.exe
Token: SeDebugPrivilege	2996	firefox.exe
Token: SeDebugPrivilege	2996	firefox.exe
Token: SeDebugPrivilege	2996	firefox.exe
Token: SeDebugPrivilege	5444	taskmgr.exe
Token: SeSystemProfilePrivilege	5444	taskmgr.exe
Token: SeCreateGlobalPrivilege	5444	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2996	firefox.exe
2996	firefox.exe
2996	firefox.exe
2996	firefox.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2996	firefox.exe
2996	firefox.exe
2996	firefox.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe
5444	taskmgr.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
3860	MicrosoftEdge.exe
3056	MicrosoftEdgeCP.exe
648	MicrosoftEdgeCP.exe
3056	MicrosoftEdgeCP.exe
4760	MicrosoftEdgeCP.exe
2996	firefox.exe
2996	firefox.exe
2996	firefox.exe
2996	firefox.exe
2996	firefox.exe
2996	firefox.exe
2996	firefox.exe
2996	firefox.exe
2996	firefox.exe
2996	firefox.exe
2996	firefox.exe
2996	firefox.exe
2996	firefox.exe
2996	firefox.exe
2996	firefox.exe
2996	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2612	3056	MicrosoftEdgeCP.exe	86
PID 3056 wrote to memory of 2612	3056	MicrosoftEdgeCP.exe	86
PID 3056 wrote to memory of 2612	3056	MicrosoftEdgeCP.exe	86
PID 3056 wrote to memory of 2612	3056	MicrosoftEdgeCP.exe	86
PID 3056 wrote to memory of 2612	3056	MicrosoftEdgeCP.exe	86
PID 3056 wrote to memory of 2612	3056	MicrosoftEdgeCP.exe	86
PID 3056 wrote to memory of 4656	3056	MicrosoftEdgeCP.exe	93
PID 3056 wrote to memory of 4656	3056	MicrosoftEdgeCP.exe	93
PID 3056 wrote to memory of 4656	3056	MicrosoftEdgeCP.exe	93
PID 3056 wrote to memory of 4656	3056	MicrosoftEdgeCP.exe	93
PID 3056 wrote to memory of 4656	3056	MicrosoftEdgeCP.exe	93
PID 3056 wrote to memory of 4656	3056	MicrosoftEdgeCP.exe	93
PID 2584 wrote to memory of 2996	2584	firefox.exe	96
PID 2584 wrote to memory of 2996	2584	firefox.exe	96
PID 2584 wrote to memory of 2996	2584	firefox.exe	96
PID 2584 wrote to memory of 2996	2584	firefox.exe	96
PID 2584 wrote to memory of 2996	2584	firefox.exe	96
PID 2584 wrote to memory of 2996	2584	firefox.exe	96
PID 2584 wrote to memory of 2996	2584	firefox.exe	96
PID 2584 wrote to memory of 2996	2584	firefox.exe	96
PID 2584 wrote to memory of 2996	2584	firefox.exe	96
PID 2584 wrote to memory of 2996	2584	firefox.exe	96
PID 2584 wrote to memory of 2996	2584	firefox.exe	96
PID 2996 wrote to memory of 3080	2996	firefox.exe	97
PID 2996 wrote to memory of 3080	2996	firefox.exe	97
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98
PID 2996 wrote to memory of 516	2996	firefox.exe	98

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Worm"
1⤵
PID:2196

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3860

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2812

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3056

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:648

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2332

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:2876

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:3504

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2612

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4760

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4452

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2996.0.233737902\253551027" -parentBuildID 20221007134813 -prefsHandle 1748 -prefMapHandle 1536 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1830fa3-2fca-440c-9610-d7e7b63829df} 2996 "\\.\pipe\gecko-crash-server-pipe.2996" 1828 1faed8d6458 gpu
    3⤵
    PID:3080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2996.1.334108973\232982816" -parentBuildID 20221007134813 -prefsHandle 2168 -prefMapHandle 2164 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f2e8894-0e7d-4222-bd41-d3230d1d0f53} 2996 "\\.\pipe\gecko-crash-server-pipe.2996" 2180 1fae286f558 socket
    3⤵
    PID:516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2996.2.833443918\1341999351" -childID 1 -isForBrowser -prefsHandle 3092 -prefMapHandle 3088 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6491a90-a65a-4367-a8cc-b64f55de76c7} 2996 "\\.\pipe\gecko-crash-server-pipe.2996" 3104 1faf1a9e358 tab
    3⤵
    PID:5180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2996.3.687352976\1031474941" -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3552 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {74082b29-7696-4f2a-8c18-37f30ff58a86} 2996 "\\.\pipe\gecko-crash-server-pipe.2996" 3568 1fae286d658 tab
    3⤵
    PID:5288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2996.4.1989872539\532564384" -childID 3 -isForBrowser -prefsHandle 4252 -prefMapHandle 4248 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad007138-2f98-434b-b09a-6266f35969c0} 2996 "\\.\pipe\gecko-crash-server-pipe.2996" 4260 1faf39cf558 tab
    3⤵
    PID:5612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2996.5.940339343\1949319952" -childID 4 -isForBrowser -prefsHandle 4884 -prefMapHandle 4880 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0888786-e994-4430-8c37-0b3bb75d17ca} 2996 "\\.\pipe\gecko-crash-server-pipe.2996" 4892 1faf1a5f558 tab
    3⤵
    PID:6088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2996.6.2141456213\1906623969" -childID 5 -isForBrowser -prefsHandle 5028 -prefMapHandle 5032 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85f439a1-7212-4b6f-860a-bff4d6d1373c} 2996 "\\.\pipe\gecko-crash-server-pipe.2996" 5020 1faf1a5f858 tab
    3⤵
    PID:6096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2996.7.1844239515\701166320" -childID 6 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {379a239d-b512-4eb1-8daf-35cfc950bfb1} 2996 "\\.\pipe\gecko-crash-server-pipe.2996" 5220 1faf1a60158 tab
    3⤵
    PID:6104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2996.8.818876305\1917118345" -childID 7 -isForBrowser -prefsHandle 4600 -prefMapHandle 4604 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1dfdef28-9ac3-44f2-a69f-18964048a6c4} 2996 "\\.\pipe\gecko-crash-server-pipe.2996" 4500 1fae2866e58 tab
    3⤵
    PID:6012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2996.9.1240025327\1174052199" -childID 8 -isForBrowser -prefsHandle 5496 -prefMapHandle 4928 -prefsLen 27074 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8911144c-e9a2-4468-a69c-11bf01764fbf} 2996 "\\.\pipe\gecko-crash-server-pipe.2996" 4932 1faf5b94558 tab
    3⤵
    PID:5992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2996.10.2109015445\723455917" -childID 9 -isForBrowser -prefsHandle 5360 -prefMapHandle 5964 -prefsLen 27074 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80fc5c0f-0073-47ce-a51b-bedf5b48e725} 2996 "\\.\pipe\gecko-crash-server-pipe.2996" 2928 1faf6ff6058 tab
    3⤵
    PID:5676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2996.11.160580179\2082317183" -childID 10 -isForBrowser -prefsHandle 6204 -prefMapHandle 6388 -prefsLen 27074 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ed54cd4-0c14-49ee-b896-30b2847c751b} 2996 "\\.\pipe\gecko-crash-server-pipe.2996" 6452 1faf4137b58 tab
    3⤵
    PID:5584
- - C:\Users\Admin\Downloads\ScreenScrew.exe
    "C:\Users\Admin\Downloads\ScreenScrew.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1600
- - C:\Users\Admin\Downloads\Melting.exe
    "C:\Users\Admin\Downloads\Melting.exe"
    3⤵
    - Executes dropped EXE
    PID:3992

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
0026e9795f140482c85c85418e217c53

SHA1
c0b67d2710d3673d076b83a02121a99c7b058a7d

SHA256
d84fbbd8cc3dabcedafa249644c9357f2f6b540e1bd259b2169eb6394e57a766

SHA512
0e6bff92c6c5e8dfc4b4d8724b0dcbba20c740199bedbe9c7a4c69c5335b917f4fd0acc8aa3490e0e31298e2c2ca108fc61b14884a1067c31fa1335467dca5ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\21816B0DB510050B0FACA059FFBCA789FAFF93A3

Filesize
17KB

MD5
638885c9b3ec5f0b88e4736438062af6

SHA1
a779bd67d29b65b67377d5e0c23c0ab19e639a97

SHA256
e7ae56e8ad5d2b58d5ed1e9bf30b24d0dbf9fa6969e7677f7724b22fb7df8e6d

SHA512
5bf35cd99fe802f7038d9f86e1981261b78345f26ee5464feb8e0cf2dcd16df2ce2665b087de0b0bbec41497d92abedc92b9742ce1def779abf3852ff6553ae9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

Filesize
63KB

MD5
d52a187a78bbdd632f2cb31f5fa482c7

SHA1
eaf1f29740ab6d7229464b58d5290ee7d783ea5a

SHA256
365673e5f7679dfd7104a1a5898b9ac6af5db1276bf0c44c4334aa0fb19632a2

SHA512
2c48d45186d9e6ed195d771f5de3acfd1b71150f3a44d2faa338f8302c879635b2374ad48bad75d83c2c1436a6d82451e05ce77db2b4fcf19bc19bdf261c18be

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\2587B8254FF29804EA8C313AE41DED8329BBA421

Filesize
13KB

MD5
829a793dd962f40ca6d32ed244637e01

SHA1
f3651d6eea8238f9bbbe504c829463c4b919acc0

SHA256
08a5b7040458539ca2f2acde45ab5dd36292ce8e2be94c698a7a90516cd2d388

SHA512
9ee2606a71efe15b1284df025b15bb014abdb6cfa9666878b2d82dd3bcacbcb0a66a0afa72cc73da400fdd8bb4e085cadf815ea8bcb5afe0cd98099d685cf3f7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\A2BD72A3227572715C6CBC7E489B8F9A87263541

Filesize
14KB

MD5
12c818a95b5615f38c56602ad2f488c2

SHA1
aa452ed3f2d8ccb5ac6eda068b6682dcb17e5a3c

SHA256
10beb97cd6d9451494b1a4a9915e3746dc1d48e6a710fceb25cc4399d48d111b

SHA512
035cb3949c41097ddee99dcb27afac9f282130ee5b66597737663a9b15a50787070669449b6fbb9248d7948430e92498872a9ce17219c524dc56db13a57a1f90

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\AF6E7B7DB9908D7B867517AC33D094ABD56E38F7

Filesize
14KB

MD5
63f8de6c84d21847700341b4110d1564

SHA1
81ee8b0f5cd967965bbc4324a63c6e08407a8e41

SHA256
8bfbf9dea06d3fe76f70bbcba6d6fc447711e3848f9c9c629de2c12ef06ee87a

SHA512
0b293dea4f0231b306b56e584a04c3f621a9204f5878ca72e31aff7356c961a1e586ea2e7394b2e39a232e65d261b1611618f84f39a86cf1030b7f017fb39909

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\B47C2290387CA81094036091C984E8DF3E89AE1C

Filesize
14KB

MD5
f2615d5fbbfc10fd4ba771c997210de2

SHA1
3031ebed3850a753476c446ca060b7271529e672

SHA256
7b6abd66d2963a9426b22c2037585623a6583139092e58ec916826381ef387a1

SHA512
6a6252eaa95a576a1a5265cd353ca2c3e792bc164015aed52402ea291a6f733cb9160cbc8e57c2e06712dfe6ca5478de05ce1cf7fbc18fa6ac499282ae8f0b69

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\BF0923D6C9AC3F4148AB74C98E937ACD57DCEAD3

Filesize
16KB

MD5
8c6761d7a4078e42f6e804523fe424bb

SHA1
eb7a56228b174d4562285284e944e45ce5027ef8

SHA256
dc112de9bd62f4479c9ff14e89a9edf647ca42be28f8b1ab121f71fcd84b98b8

SHA512
8d7b27ef8a603be2b40d9e4648b3b15ea61f35c45fe6a9c517c3d9d8f27372d75f43c7a00de08dcfa2fa583e039e1c7e13805d501678e0aff6b9af791911f00d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\21423R2L\warmup[2].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\6APURFWU\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\17019GMF\dark-6b1e37da2254[1].css

Filesize
48KB

MD5
96ba1deb375c1c66bb092fa0a1765be1

SHA1
03f188ec52d09882b8403ed57d7aa73a224ddd62

SHA256
d6bc29d6a4e33c7f4da1d4b8060cce6dedf384d7334b71661c277e985ef8c156

SHA512
6b1e37da22544d5626c6f78691a8d8f723c49c95a782f5195f4b00b0e1b9d4408402c25d5915e097ef31273c3c8d06d81d1ba1bb08e12677941b8b1f24d92848

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\17019GMF\global-9b11316cc1a9[1].css

Filesize
285KB

MD5
68508cc0abd9601cb4b9b265b54c4d2d

SHA1
e8fc30fc6eade183a9b0a94426bdf91f3573051a

SHA256
be2caa1c0ba8df9d5ebd7b121e0bd6ef0cf1821ec9f6d0dcbb000e93148c37b1

SHA512
9b11316cc1a9162d64be95e448a37f11610a6bf7c92052b1cea89e2b097cef72ba54796c2c1b7896fd932842247d974f8ad2961d64699b26b86d31c6e6a4547e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\17019GMF\light-efd2f2257c96[1].css

Filesize
48KB

MD5
b8473fdb0f4749de99341662aec850f2

SHA1
f593c957a26528558217837aead34cf718d27443

SHA256
8aabc55d211fc93acb563c9cf30732577212a998196f73b067f9795c8d1ef72b

SHA512
efd2f2257c96c12eba6da741c677030ac63c34a925846080ec606e5a974706726479bd5babea6dd0ac7e8e421704263787986fb07a9c384994cf403bf8bc3dee

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\17019GMF\primer-38e58d71ea15[1].css

Filesize
333KB

MD5
69a61dc716e08413491c664cd61c2a93

SHA1
9d73d2222720623c57b11eaa90e296b743cb3058

SHA256
5be84dff60d0b63e2cc4d21ba3742d1d22457187fac848569c15300b1eb412c6

SHA512
38e58d71ea150bb7d19051dd0d47c3342c4b608f20111e501c1e572e234f9584828bf87dd9ea7c25fc4a30b58a08f77780163b54cd7d34de2665657533405075

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\17019GMF\vendors-node_modules_github_text-expander-element_dist_index_js-cd48220d74d5[1].js

Filesize
14KB

MD5
69f387b852329683c3f4856ccb905f60

SHA1
a58ffa40abbb4c6f5ef0545c1ffb932c21d73cc1

SHA256
d9cdb2e9f9c648237f22c43f8f12e85d8944c75ab325352059c3e53516635167

SHA512
cd48220d74d52b956312b2c59ec764d2d559e73c51789f9d649e108925f79ae3c910744161904b2840894bfcff64507971d5a19f921e5190a710bda4eceb63e2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\21423R2L\Worm[1].htm

Filesize
270KB

MD5
1ba5ba577f7561bbeee0bb03b8067826

SHA1
725ccd6c6a60b7417de9c2e42b9363b02c7f7965

SHA256
03cb7502e75a2e9cb86e01ace8a1ff9cd7633ff28e46f578d64fa11a821297de

SHA512
926cda168bcc8c879e87237c70b6fa5c7ce4a8b62b278a46bbee5051f120a4b60d7be3bcad473f8e517780e655047653d4a36a5a5796188c2feef6de2ed28aa4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\21423R2L\environment-bcaf5ff1a8f7[1].js

Filesize
13KB

MD5
9fd9c45896ee2ca1ea5c306a8a0d1c58

SHA1
9113ec322802ac10f6874167e2e100a2b80fc93c

SHA256
43db7372eb07401197193ce723ddc6c30a579f5900b75bff41e71a53bb2ff9bf

SHA512
bcaf5ff1a8f71b465358bf7621d2f0d5d0df9fe9d2426195968b74cd9acf011a332dd76eca662c9a71108993375549be7665da88ce76e4236207d60967831339

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\21423R2L\vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_smoothscroll-polyfill_di-75db2e-adf929d695f3[1].js

Filesize
13KB

MD5
39c9822240af7e9d31ad72836ae90bf4

SHA1
809afb6b10419a3429466a2635da80761b91106d

SHA256
a9cf8d3f90605df1ede183ce15eb836e9211fbb0014b0c5ea282942fe96866b0

SHA512
adf929d695f38240a78c0dfac2b5a59a1bd8d78aa1f3b122daa8b3eff311ba441f29d11574934d7bce7aa25bc04b15807f53f9e47aeed1ed865cfe26d3a9ac92

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\21423R2L\vendors-node_modules_github_selector-observer_dist_index_esm_js-f690fd9ae3d5[1].js

Filesize
9KB

MD5
e131f8c9b77918aeb94fd82199a423d6

SHA1
71eaae086cd44a8904f39d27fb5387bb957976f0

SHA256
01f9a0ec0bb24312ae0395b6aa238f8d910dc35c08ef5a25a1e9cd8feac83c32

SHA512
f690fd9ae3d5a240e479fea97ac82940f136f3f2e0262cac840345f2b956123117ca94424dc354d90d13f1c0169c24b19526505bb2fad70c8c364899474a9495

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KQ0CPMEY\code-34406d39e629[1].css

Filesize
31KB

MD5
ee14556fc6c8c5e35d7acf63edb7c840

SHA1
6e106d8fb2bcdbf90a553b2db5ad3faf8b5b1d35

SHA256
e98b22b626274eb24481f138c7aed6681b3ade70d4427bc0cb05ceccd9ef4a61

SHA512
34406d39e629a65f5162757c5142f9b02149d2d18caedf15a528315a5dddccc86f3445c852f7e42a2979004b3c07ffe62c1b0c13cf5b60f6b8a06e5836027b67

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KQ0CPMEY\repository-992e95451f25[1].css

Filesize
29KB

MD5
ba1468dd22fb87a14c2e6e2204531deb

SHA1
ade22d3c001f90fb4998709fa1062c2964742ab1

SHA256
d47b5116f66ce8d8840e44fbcee18453ec46cd6a12f863308a1f456380c35707

SHA512
992e95451f25275a9263e398d325f64591772d9ac887be883b8ad97e09008bd31a0e2f59f62c0cc97a983cbaba7b20bd4ae49748a834c1862323bac59e318bf9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KQ0CPMEY\vendors-node_modules_github_relative-time-element_dist_index_js-f9b958f5f2df[1].js

Filesize
15KB

MD5
46afaaf3a6253f2ce9568db9e301ec8a

SHA1
b365c36e165567048bad614c98baa22bef4b9b91

SHA256
7ef807f7b9fe45ec17faa06e235c7adac46227f7589b91653fe4e0ae3a7a0ff4

SHA512
f9b958f5f2df5e85cfb021de43dac548c271eab2ddfa4463c213d7bf311b7ea3b7b93b7231de9834db884bbe53b012b3a1dde85eef9c6daaf46609aeb446fdb4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KQ0CPMEY\vendors-node_modules_primer_behaviors_dist_esm_focus-zone_js-c9086a4fb62b[1].js

Filesize
8KB

MD5
19e28fe2dcffe5582e6352b53d0b22ce

SHA1
1e656d3443915c4e4bc9782f4366b4eebcf45720

SHA256
345e3daa928a64bc11b3778cfb36228d0025c260defa0b78e4c0ebe66c419737

SHA512
c9086a4fb62b90cd43e0a47621528a23582de79c4bdb1b2eac386f8e331c5ac891aa69975fdfb487a4cf508852c1c3ebc2df24e00ffca5443fb6e22f3b3ee99c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVT5QUYY\app_assets_modules_github_onfocus_ts-ui_packages_trusted-types-policies_policy_ts-ui_packages-6fe316-d8f40351c6bb[1].js

Filesize
8KB

MD5
407ff92ca4fd65e29f7ce09eddb58338

SHA1
64058be928d79d4c05949580a282fe22c9cf6156

SHA256
43a3eac5881a4d9b2ef070517c54c072cc7e6d25a35f2d47164837fae6865a57

SHA512
d8f40351c6bbf635d03a4d268caeb9a7f85692e0b672d394b7a270d13b34c8d8d5eb7a8f8e12ceb7359a1a457df5cec3316c8533c5474ee7d00317d5a6aea418

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVT5QUYY\element-registry-d3ba3606e12c[1].js

Filesize
46KB

MD5
d08198a29f3092a5033090b4a723e0a9

SHA1
12c01f223e1122b61aa2a61ce4cf0506d4e66ddd

SHA256
6e76b14131be4b4f81eed409c11d93065ad41906c00032b00ea0ef0c7a62196b

SHA512
d3ba3606e12c142b68b561f4dbf45858eabce1844db8bef5ee78b64b97ee6b2bafd858cebb27feeb30913d84d79541f0a11dde1c00c2cb7925fb6cd55df804ff

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVT5QUYY\github-4bf1effa8118[1].css

Filesize
125KB

MD5
418283681ac0343ff1b0c1799d220cb5

SHA1
caf0bb7f706325a884b240f939e148487e2e3511

SHA256
a1eb4fa6aa620527b4814dbd830f71905c40595e54301d132c47ab69a9f654ef

SHA512
4bf1effa811897e902f0fc0d73bf0251ce87bdb64d85d2fbf2e4485961ee1a85830dd6b73d23d2925442e9de2b1d7a14a36236db4e1b7ed7ea9f5cc6bd58c3d8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVT5QUYY\github-elements-7505bd7456d8[1].js

Filesize
36KB

MD5
77200e300647c2e5916913ff6ea1ee5c

SHA1
6ce9e7c56e6f9439b64ea4268c293b0cc76dce6e

SHA256
c4bde6dd23ff94a9a0c5284c00c490b8a10399191dd06f7912a045a6de9f24c0

SHA512
7505bd7456d8fa7adbed30703a8a5bb04e9c4bfdb7cef0917ebcdf5a55dd6f2bfa74aa02416e7a24e21c5facfdd9a897e0e1002053d2cb4b922e626d517a79e8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVT5QUYY\primer-primitives-8500c2c7ce5f[1].css

Filesize
8KB

MD5
e9c08b9ba681ad6606bd18f264e73ef6

SHA1
04d1e96739d82e07587f10bd2d953c8e70b93d9d

SHA256
b08c9718118f5b814e632ac3dc0d8e009e5dc2913df183f0ed322e6817e997df

SHA512
8500c2c7ce5fdad5fa01aa92156964108335c704a127ce290d201395009914c814ac6e08a467e45d1ca0fc75b2269b7f09a6d437939d91c9513c659a80cf472e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVT5QUYY\vendors-node_modules_braintree_browser-detection_dist_browser-detection_js-node_modules_stack-68835d-a18220f1db8d[1].js

Filesize
22KB

MD5
0cb967b7b9603edacb27a261ba59bb63

SHA1
ff39f99d51916d3bea1fd5ae853abf93ffe35b2b

SHA256
f4ceffa8ba23288e7d15bdde1bb227559443380c041d0febf6bcd525946bec41

SHA512
a18220f1db8d086f2cae618e9196599eff46935aa7bcbc601276acf10bfa09b700b37122aa00d227e61c1b1257b7304ec064221d8926c330789b2ad3ca0f2824

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVT5QUYY\vendors-node_modules_dompurify_dist_purify_js-89a69c248502[1].js

Filesize
20KB

MD5
36f04458790e19bb99bd77a1cdc16295

SHA1
8f25cd75135fec8c088728f53d39dcc21d375fdf

SHA256
cfac43b55a6b86258b9d3495eff18f26f598313a14cf76a3dbb1e3e7fd341f00

SHA512
89a69c2485029e3393d81637b2eeac776d0765835e6ffcdddb1394f4421c5236b5cfee873568736d8a233b6c9bafe6ea828d2b718133aae8f0d22f220165fb9e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVT5QUYY\vendors-node_modules_github_auto-complete-element_dist_index_js-node_modules_github_details-d-ed9a97-841122a1e9d4[1].js

Filesize
17KB

MD5
d50f30bd48bf15a39fb0de84d338b063

SHA1
c974701a469b2ae91195cc57a42c3157c0210646

SHA256
21c5e70f201ea5ebcaff6f1244e6a7fbfca84d1878cd41d4400696bbbe09af5a

SHA512
841122a1e9d49b8484e68dc82869b7835e54a9d632909ec4f0c386ba843d2eaf20416c75c19c4a250a8cf22de8ef43f1fff6d77d29630132266c6f533c487e2f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVT5QUYY\vendors-node_modules_github_catalyst_lib_index_js-node_modules_github_clipboard-copy-element_-782ca5-54763cd55b96[1].js

Filesize
8KB

MD5
80708c39dbd42e80616bc4a61b51c1bb

SHA1
a87eb08671b07a1c2689a6caca2486727af9ae3e

SHA256
10e085fffc04da9cbf0a46c8a6e120d34947c4ed859f05e26cb0abaae312e094

SHA512
54763cd55b96117e15652c12e9ca5e8ec71e58eabbd9537a7e6c833ec124199eae23091ef59275513f2cacf055e9ae69d7683474fc31f81ef823578118c462ba

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVT5QUYY\vendors-node_modules_github_catalyst_lib_index_js-node_modules_github_hydro-analytics-client_-7901e7-4b84c23ea573[1].js

Filesize
15KB

MD5
5567c8f1746f2e828c361e84220d1305

SHA1
3c038f36ab737689caf12cdc832df1beb7ad782a

SHA256
8fcfc110252d25244107b3cce12be4181bd2b76abfbf58e3392465ffb093003d

SHA512
4b84c23ea57301420ede79e954cf867d2b8f95ed75d568621028f58304b6fa7987d24e5cd829988426a5fdea611b853cc67e94644f4b23e530725c266c6b74d5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVT5QUYY\vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-15cdfa-3077dbaafc30[1].js

Filesize
117KB

MD5
88bbf6472a8c2854ce87874f25db5c33

SHA1
97a713d1e263f1ec6f4585880a3b6d04479265a0

SHA256
040766ec09e0e64adda57d1e4c3e1494c04e02c234779c8284416387c06ad869

SHA512
3077dbaafc30ef9f8414a71fa1625775959508516e3612ca32d27ccb4d2279ed9a0929fe2c8fbf2d02e243275f5723f2f054d864579e24c38dc2a8825c7c90a9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVT5QUYY\vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-b7d8f4-2355048ff048[1].js

Filesize
18KB

MD5
c6175500bbb3bf8dc98aa0d4229caab6

SHA1
59fa80835b3a054500c80573c5403dbe3b6c72dc

SHA256
936cc4f56aef6760208636c671f028f76a6a896b1a113df7f64b4fe10ac9cbfc

SHA512
2355048ff0483d1b53126ffa8506d15da3baf9cac2570b99cf6c1d019b4702231500ec72485e529b4ab8250631e664d080818ec91cf9339770528948489f92a8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVT5QUYY\vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_delegated-events_dist_in-af795d-6b8acebb2278[1].js

Filesize
25KB

MD5
80e14683f48a20d0dfd6ec5e2a5f9061

SHA1
6bdc4222ff5868b5299fb0bc76308113d1219e6a

SHA256
d6e059540c8e0d2c5ce758814b414ffeececa003523b3f24fc3dc973afc0107e

SHA512
6b8acebb2278d1cb6289f583fb8479f2a77150360b995475317e88c8b698077c47f4cf0a62fc256009a973735c04cd86df29248067749c8b75b287d3576f8a94

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVT5QUYY\vendors-node_modules_lit-html_lit-html_js-ce7225a304c5[1].js

Filesize
15KB

MD5
b4de96241178473d9f682dea5a92e41b

SHA1
e274c147c9bcb636b3bf4f9df1acfbada27d8a90

SHA256
c823056c4e37d95cdee809f535000bb37b9c8d956ab0410c98a6f4a8fab4f47f

SHA512
ce7225a304c5935fa3fdab2e736d9738651ed0fa6f4503bb65deaee022bc03c3033170d53adc2c1a77c88904ea14a9603519b87990f04e47885209a53c893056

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVT5QUYY\vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-56729c905fe2[1].js

Filesize
9KB

MD5
2eb9961e08f81bdca617ddb67c2fb708

SHA1
15cb6d7ffe93324b38bb62bcc4ff14d1a57f94bb

SHA256
0f2cd40ad364711db1fee03cf9f6ca04fc56f5c3ba497dc476c5879e129d968b

SHA512
56729c905fe263a6b7978bc67c09b8dab69592e21aa9addba78866790bdb2dbd85e41e6a6663d511e73a8edeb75933b549b3c393a465748790a6fd50b337cee9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVT5QUYY\wp-runtime-c45abd0c1a12[1].js

Filesize
51KB

MD5
307cd6d8f2e539eaf1770932d277f2b4

SHA1
c9eaa7c8ce15291d70cf85eec8a26ecd2feddbd9

SHA256
c393763910b010fe2fac8bd31d6830e9f2b03db95de97a4e99a9599210477381

SHA512
c45abd0c1a12f334fdb5d538d726243d187558713b40ae6ed40dc456701719142527805286a83bf2040b41a2f1e40f0da02a56c4c2b6624c6dbd215f3260d576

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0IQSV0OD.cookie

Filesize
167B

MD5
37dae6192a582867b5c5b5efae91848e

SHA1
0d7a83ff1452bfa17e30cffcc391cf375da487f6

SHA256
6a007a093c3bf388f52e30e19f25063dfb700dab3929e4d9d7559d2da58de24f

SHA512
7154b360f82c31f70af81d4b61fa98d71cf1f590d5f569ecd8b14c73e935d686a8cfcb4a3993f52ac6b3486c2d3ba6e607a873f1bea0a2f8c1503f11c0767747

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\86J19XDE.cookie

Filesize
279B

MD5
1f4c0f2afa6c41af70750eb8917596ae

SHA1
c1a95a4db23204237d135ac97c04edd874c6a09d

SHA256
5db752ac79f5cad34029426a232f52d7f288727f33fbd9f8feddf2da892fe375

SHA512
9f6f7f0321c2acd99e344d4f773b26dba121753f207b790d64288710b5b729e56d81c72a5c969e094a48db19f056b446af82ab8f71c3205e9829f37bd40d18f0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\EX28NZVH.cookie

Filesize
101B

MD5
43ddcec4b46fb4ffa80e101e5bb37016

SHA1
e50184cd73e133fb392dd6830dac28b933eed9bc

SHA256
9ee882c2cb85f1cdbd2c50f50b6d97e848ff452d74fb81cbc7cbaa8944865888

SHA512
610b7f9d5b2fb57888ac0a9d2d9996a274e0d88231ea5cb6cdcf4d1fda0f11286a93b1398bc1b4d40821ffe14eb816fbcd713d121042c542f4c418844c66136c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

Filesize
313B

MD5
6cc2831f8174261f00d3231d8eb2888a

SHA1
4c5bb36e900d470c3a08453cf21574fd33ed5299

SHA256
69580963d0ec6ef67cd392fa83a6a7cbef478dc778cf27ce50995bac0fa39789

SHA512
c35ef184a6d417320dc5d44fa6be86725097766c85e4c998238273d3e97558a8c06df29a8eef1a92a47081f89295e8b8990fabe70d333d5ec5759d9608d2544d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A66A8DB907BADC9D16AD67B2FBFFDD5C

Filesize
281B

MD5
16939f471f5356716cdafe74dea7d6b3

SHA1
bea3c097c794384960a7b21258b78fdd350dca0c

SHA256
21f92d288fc0ec0d2a1ab9bcff8884bcba9c637e9a810c3eee3e47e34ac3e485

SHA512
956119105e4334640f635866502c7e347c8c4d8fafd688a2e1397ebdaa92850d46e75823183ce856c28f5705520b71113ff4b80204a393b85758729c2134961d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
1KB

MD5
b5ab17d4f916b16f107429fbd0724c93

SHA1
39b2c6bd172c89440129f35b481538eb6e7dd54f

SHA256
cd67b64ae69f04d81477ae47f5fa7156d56a698721cd4d3e5e0ade91734084e5

SHA512
788dd105a5bb65532e3dd64f8091481dd7e9e6d37ff897fc1ececfd23e41cbd1065b79d583713cd035fef81ee677f22cef7aa969641826b1c222ea983481f9aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
978B

MD5
fcd451d100451b87ac42092de358782e

SHA1
f701b9bc3fff61891b31ff0c826f33c874831384

SHA256
116d2c6230b40ac3a295209a862f90abb051b458d16f0a5cbab293935c6e2585

SHA512
1fd1ea3cd1d740d1ac9a25cd48dedb6bea007c89702de2799357a784680f60f649114367d9cbbb1f001e8a9edfa5c9301b00b30be5c63202fd330839be600062

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

Filesize
400B

MD5
e105f219f913348e19d4bd1b0935acbc

SHA1
368b05527d057ea328b7b36f1fa8cecb714dece0

SHA256
05454d57ad54ad8620df5bc83d51d02c1498632597d6bb30de6fb3a407caab34

SHA512
3bfa29237b7821b7063aa728709c95770b1d82027b967377fab4c373dcf16cfcdec2e15aeb61d7cb8b3bf403c4f48b3be0c24d65d3f096fd2fa4935bd75638e7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A66A8DB907BADC9D16AD67B2FBFFDD5C

Filesize
480B

MD5
9a5f62e9d6bbffb2cf522e22b0617ee1

SHA1
b41e5536db767661af6a262ff603ff51879bc94a

SHA256
dcd45aecd6c9e5935086837847af418046c68bd7ec6a4dfdabe8be6a8c45a235

SHA512
584608f2e0b6a9805acc05288869f33956da447f26d5beaa2377ca709884c5448e555782e68084afc01176897eaf2a7631b3d8ec5e820c8b04c5ff2b0c3a04d9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
de899414d6cf872e3e7b6c37d1a5922d

SHA1
61a3c459307f0b7106d599bb7a6602958197ab2e

SHA256
cb9e98f3eaa9d6076906e493b612c36746be1c55b3d09a5262db3185409c6fe6

SHA512
3465d0076e1cf725204815bada72316c4709e7a3d2360202c97695c653b6946458b98e9f33835593d15534658a5ba0c4c283829c5974d4823ba93c40a2a195ad

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
688f6d9390978e087fd21f27e49a976d

SHA1
dd7234507fb395384cea9dd97005bf150c4310cb

SHA256
37746f5b5d0133d5fe871e41b99b9417506f45cc79ab292451add8c01cc1d056

SHA512
1023a220327e4a4d7f366797281a99d6cd4210de0243520c820329020dc625292d2bf67dcb38728b1a65e847d628295e517666e8472cb24fb92ad2cd7873d389

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
d3cd9824c5171a4eb3271042a384dd87

SHA1
43e9b0bb98b364a2d730a9a647b14a9b4c2dbaa3

SHA256
7beec756558f6b60a16a38c565533d1ca332dd0a1d1c88d3ba6e2c8c8e660b29

SHA512
48d4e73964a0e693bd33668430bebda36294be7a0e31f539480b1954e806b2084fd20c229fadc53521c7393cfec50784d5eba9a7443283104b56cfe889155136

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
9d25253f0e9d9974cc54124c98d6987c

SHA1
4f0989e52805ecb7de6733524d69a01ad02e2f6c

SHA256
1e8b40ac4fb70f1362c6a86bdf5a5cfbf4183d01e45271411da1cf4878b879fa

SHA512
2690549ae6a3b23e3157014c49b4ca3456e8de62849e8d48d08235f34ca007f76bccd41363ab6b020d7683acb17e00e90481e06b0805a9eb9898c144030f1dcf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\31f85e13-5221-4b67-a00d-1596dd7e8a1f

Filesize
746B

MD5
d874e4116b22e9ffe0fdb7aeea304082

SHA1
d2ec78dafa3792d77c2d60df2f511ba5f324953b

SHA256
966a2bb129b23e9af9bcb0f6f49a7013354f184189f37d3b72df907749debb10

SHA512
ba3fed352055e23152a0a21ad6e01f26cd8fdd3af6fedb3c5c8edcbb7172252ce8cfae47dd86f5abefdc38e7dbccbd8b45720a789eae43fab752c5a2b4fcaad5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\39185ba7-b75c-4d52-a808-52588fa5c5d9

Filesize
1KB

MD5
de32adc3319d96a42f221c34037e00e4

SHA1
8d5453683809b0c8c1f1e22d89fc2cf0d3b6314a

SHA256
41be107829b485d239ffd8f6660f29a5162ce848c89c9feda69157c260ca5beb

SHA512
106bce9d41df143bb33df5c0d5ca3c7e30873eed791f957d6f6f2f06074aa227d0a4df3c3b4e6c6e5e36a8a7ff7a1dd1f164e91afe688b3b75b635b93b1b1e8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\4e1f994a-da49-4763-b122-a165a4d8c76e

Filesize
12KB

MD5
5bd972e670d20e740d1194ebf791392b

SHA1
b01f82b89c221bfbf885d84eb3dfd631e98c18bb

SHA256
dc929a3a7350c8036ce5696426bd21a2375be624c51e1682ec0529ca832b9a7a

SHA512
d324f125506a73379a497ede2efce81b0eb96a5cd724ad42ae57b6351f8957325d83d22e2b79a5e35b16fa85a0b1f2186a2eddc4d13b148ba5c81d620d14464c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\b293c35d-0164-4fe6-820b-c2480e0109d7

Filesize
856B

MD5
2a5c235a89c446ff41dd9911ac82f1f2

SHA1
d3b5e7c6868801227ad6dde532f7f6e390530578

SHA256
e717879aeeac56e9936740987d0f5a1158a393de1e0a8cd1879208aef7137d6f

SHA512
084a9ba44a95273aff2bca82ec2d436250ff3733504796f57c25e9918c1f50720ec09c406c52182a393ffb9d19191358f8cacf43d9e898bd2e4a1be388d025b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
6KB

MD5
52d07b9cf8376fbdceff49fa74baa62c

SHA1
b52239b9ca6bafe2532e2d9bbfe9ef39c42dce79

SHA256
ab4dfa902259db5e16b12fe26ad5fb98467d16368a24bb4934722ea3485387fd

SHA512
98430d2af0214758b2774a800f0d8780a94b26fe17ee6c42d22ab83bd04dffee22822d1424e3419442bf02edc49e9a775c7a78aa7f1989709e64cdddc07f7980

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js

Filesize
6KB

MD5
315ba9a715f182124529855dd9a85a9a

SHA1
d9ac1ba30ecdef42942c739b7f6186de25592b7c

SHA256
1a8d438a9e7efbff80456212758f28fa9e60cb0893983ecbc81ed7690084962c

SHA512
b9f05cbb39e4a416ab938a3998d2653ab9c3f081936efbe11cd5c70a51848e5699c1784fb84017c0b29e6450692fdd50c4c012455df1ed15ce80400adbaf85c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js

Filesize
6KB

MD5
8e788133d76c6402d56a0be58a84cd76

SHA1
a9993448faf0a219a53c06d9afcd14f03480c8a2

SHA256
6cecc9de0617f78368c6b425ddd07199bbfa4d2f9c25efc537a3a97f5878dc58

SHA512
93603601008f63cb5e3008ba24ba8e13dd7948ddc3a3c40a5b1be2f52030a83f0932e95e911c797decd04dabeb19e1e477d1c94ac0678425c194076c816ecba8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
8888498904694ad6f80c4892c7c969c7

SHA1
58857fb9240a4ab213717b4f1f159cd3963d750c

SHA256
e847992ab275a52eec521a3c1d7821a5de057ebbbdb1a94a5729633379318c13

SHA512
d7b156700c7ff420684ed96c6d9e5479bc012da21c2964e74eae214ed1f9cebf00717c3b37f3d1c3f61f81789807c6244aaf39657283b5ea861ad8f0c8b3bc4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
bc209376d5cb210bede3b41e9c7a5d04

SHA1
d3eaccc0f3df7cf0c6697d0f89dd40dd1e3e7b70

SHA256
620356373dda9b793ef71b2634e3543c8a067687244f519210293022551cbf30

SHA512
45e74046375d9e16f18e45c2523a3c5c1eeec31f5cd548c289137e669d3b4dc73c86f0bacf41d0cccbd0b5dfe33ecba8d256d5fc800c236ec9849a5399c06e65

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
db875560736a665b64035fea97a82ef3

SHA1
ede9f1872a07179a4425d9ea22d6fb0a240e81f6

SHA256
ca4c2f854e8961bed48bf6e945477c50286eb818b9f536f254469105ab06852a

SHA512
824ba3419b43572d220e7a90395d7952f941cf7029d1a4cb3d4f81fd5ce45f85c827f68e35799b7a01615902d8a71d6f72bb96ee51ee750465dc97e8171a37e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
2d7bafe95744fc148543434c79eee227

SHA1
305b3788d2b06ef72c001ca1600010043cca2561

SHA256
49ba1a54155471f037db1a23b5f2203d29b5bc26b6e08eac67901d389b31f69a

SHA512
09afdd9e445a09a2d89c84990fc735106c3c9e431ba043874d7fdf86765190ec6e55dd02d4e43e005bc99da73ec6793f0915f338375f956c27d7f8f564205880

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
41740c8c4068246db7d8e5980527d213

SHA1
292692d4a6398fdab09a538791a91f2d1afdaec8

SHA256
754b06e2fdd6e44f49cb4c1f8e5600a776a6969c959139c5ee4fd8deaa009c9f

SHA512
ce17957adebaf9ba649c2e1c1110210954d2bc9c16361ffa6aee060b381ade0d07fb34cb94a3053b1af13fdd16425114606fbfc51843fe54f9db0ce4a2a74ed9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
a5fdd2068f4086f558d267d4e3f1d7e8

SHA1
da03228c9ed51baba7081ac82d59591b6809b083

SHA256
36cbc73669e3585a5eafee83ecbdb0625c7d06d52b040989704c48990fde6c88

SHA512
0bdf197620d5a481af78e191bacb3c36643d62ebf1dded4fa3a642d460f1bb171b1cfeb27e30831c56df7122a305813a3b984d47b7ea2eb9deb5ece1ef0ede41

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
80b1f84344fd7b873c426d932ee0f700

SHA1
0800fc9b371aaedde1fe35b86cbbf00a40508c40

SHA256
ca3d9ed29a8cb229836298e351d2d47bfd6e1d492b65152b34962ae325edd56e

SHA512
0dabe28ac0c5788f140c5e0ea871569ea4c022f580d845f81b4dc29f4f83febf864fed66f115dcd212344c990b4518b03c373e6d6cc5c2ffe7a0cd0c334a8133

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
83cc7b394e175df93c55398390e66ca6

SHA1
c8be810b6d30f679af91f91da418aeea86546921

SHA256
de6fddbedc418f9c08518b11cee4413551f15fa7802eee76d11d36f31b7aa8ac

SHA512
48723b8d1b86524f42a0d9fabd277cf616ad2c0a5e84b7f11c874b8d8b0eea4cd73af26d6e947b7afc2f7d0d31d7822b1defd349f7e2eedc2ec094956bcf4f88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
46f6770d56be500e2ad8eb1f50acd939

SHA1
08fbd1bb026856181f601c656b1b2d2900e8c583

SHA256
38a83327a434dd37ecb4b583ff0fcc90334f2c47bfc7328ff2217d834f052c70

SHA512
2e5883bf465dae0f59632f409681bbc7085f8e7c88cfd5e476152fe3b8a5ed4e3073d2df28a43e83d8438f981121762e49e690167c72fd304c20ee05e5a6a9d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
a3ebb197958cb0f83479e23d1bc71e2e

SHA1
4c6aab8f20fb98e6762cb0627d0f21baf963b3b3

SHA256
0ebcae4c5a5a778035cf6bdb46174f4f58c82c0b0af73b08388d99adcda5d996

SHA512
17b2cedef34c4f54577aa2cedd60a7f696765c8f102575f8da140a71b5efa59f88dea4fbaa08b8522c2460f775138ce3e4c8ca59088390142ebeb57c7bad7efe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
ed35fdadfb035c69e0a268842bb5ac51

SHA1
6eca72c8d37cd74881004b2c1b153c0d97c65416

SHA256
5bfb0abca7b9113e1ddea57fe331d02eb6289fbf8a8fbccf4634de8e899d46e6

SHA512
9820fd9193896252d2aaf222539211c39a25004a60d9e666f88313c295e47377ed742673932f881e8be6d2956c60d954df96b7dc23177adb4f89000412b9ee3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
731c0e733fe1e3123d366af7c8e578ae

SHA1
9756304ea773dd9cd96e5996dc79de2ed6a9ae9c

SHA256
8f426b4be5e3440fa14d37480f018b7dc3d1a547b0e91c2fbfc6e31d9054a359

SHA512
d29e0f2356a3226f64692b390c122d4d70f09f677d9f5d086f2babaeba6574d670171edb24ff52f928871ec489680f57910e21fac1ca8ec08783a07d21b1f427

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\weave\toFetch\tabs.json.tmp

Filesize
10B

MD5
f20674a0751f58bbd67ada26a34ad922

SHA1
72a8da9e69d207c3b03adcd315cab704d55d5d5f

SHA256
8f05bafd61f29998ca102b333f853628502d4e45d53cff41148d6dd15f011792

SHA512
2bce112a766304daa2725740622d2afb6fe2221b242e4cb0276a8665d631109fbd498a57ca43f9ca67b14e52402abe900f5bac9502eac819a6617d133c1ba6a3

Download Submit
C:\Users\Admin\Downloads\Melting.exe

Filesize
12KB

MD5
833619a4c9e8c808f092bf477af62618

SHA1
b4a0efa26f790e991cb17542c8e6aeb5030d1ebf

SHA256
92a284981c7ca33f1af45ce61738479fbcbb5a4111f5498e2cb54931c8a36c76

SHA512
4f231fc16339d568b5cf9353133aeae835eb262dab68bc80d92f37b43df64dce4fae0e913cbaa3bb61351a759aeecf9d280bc5779b0853c980559a654d6cca11

Download Submit
C:\Users\Admin\Downloads\ScreenScrew.BccvjFv_.exe.part

Filesize
18KB

MD5
e962afc12ceece0b82be5137673a6286

SHA1
062cbbed3c15192693fcaa7d964f994450de4f47

SHA256
6bb23ac7dcac807c3373ccf3bb411568dec9550bc9d33db7c059d5f1401eca46

SHA512
cd0ac20669b232fd9cf17647b4346d7c4679f9340a848ff4745fa4f372d2660b549d4de3ff62df0e889ae5ec6b6e567a92afe7616a05307f2e7829a5a4700c8c

Download Submit
C:\Users\Admin\Downloads\ScreenScrew.exe

Filesize
111KB

MD5
e87a04c270f98bb6b5677cc789d1ad1d

SHA1
8c14cb338e23d4a82f6310d13b36729e543ff0ca

SHA256
e03520794f00fb39ef3cfff012f72a5d03c60f89de28dbe69016f6ed151b5338

SHA512
8784f4d42908e54ecedfb06b254992c63920f43a27903ccedd336daaeed346db44e1f40e7db971735da707b5b32206be1b1571bc0d6a2d6eb90bbf9d1f69de13

Download Submit
memory/648-43-0x00000131F8740000-0x00000131F8840000-memory.dmp

Filesize
1024KB

Download
memory/2332-64-0x0000024ACF600000-0x0000024ACF700000-memory.dmp

Filesize
1024KB

Download
memory/2612-228-0x000001EADA070000-0x000001EADA072000-memory.dmp

Filesize
8KB

Download
memory/2612-222-0x000001EAD9F70000-0x000001EAD9F72000-memory.dmp

Filesize
8KB

Download
memory/2612-217-0x000001EAC9600000-0x000001EAC9700000-memory.dmp

Filesize
1024KB

Download
memory/2612-224-0x000001EAD9F90000-0x000001EAD9F92000-memory.dmp

Filesize
8KB

Download
memory/2612-220-0x000001EAD9F50000-0x000001EAD9F52000-memory.dmp

Filesize
8KB

Download
memory/2612-230-0x000001EADA090000-0x000001EADA092000-memory.dmp

Filesize
8KB

Download
memory/2612-226-0x000001EAD9FB0000-0x000001EAD9FB2000-memory.dmp

Filesize
8KB

Download
memory/2612-216-0x000001EAC9600000-0x000001EAC9700000-memory.dmp

Filesize
1024KB

Download
memory/3504-207-0x000002A0EE300000-0x000002A0EE400000-memory.dmp

Filesize
1024KB

Download
memory/3860-35-0x000002D3483B0000-0x000002D3483B2000-memory.dmp

Filesize
8KB

Download
memory/3860-444-0x000002D3533D0000-0x000002D3533D1000-memory.dmp

Filesize
4KB

Download
memory/3860-445-0x000002D3533E0000-0x000002D3533E1000-memory.dmp

Filesize
4KB

Download
memory/3860-0-0x000002D34AD20000-0x000002D34AD30000-memory.dmp

Filesize
64KB

Download
memory/3860-16-0x000002D34AE20000-0x000002D34AE30000-memory.dmp

Filesize
64KB

Download
memory/4452-434-0x000001DDC8500000-0x000001DDC8600000-memory.dmp

Filesize
1024KB

Download
memory/4656-460-0x00000244A3300000-0x00000244A3400000-memory.dmp

Filesize
1024KB

Download
memory/4760-314-0x0000024E270B0000-0x0000024E270D0000-memory.dmp

Filesize
128KB

Download
memory/4760-269-0x0000024E16400000-0x0000024E16500000-memory.dmp

Filesize
1024KB

Download
memory/4760-309-0x0000024E26E20000-0x0000024E26E40000-memory.dmp

Filesize
128KB

Download