hxxps://igg-games[.]com/beholder-free-948931712-download[.]html

Analysis

max time kernel
149s
max time network
148s
platform
windows10-1703_x64
resource
win10-20240214-en
resource tags

arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
submitted
19/02/2024, 22:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://igg-games.com/beholder-free-948931712-download.html

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 010000008125dc4141720b251b481df2ba92f8c8914e646405479863b6d9461d9aad4b07e98d3b0d0ad9e053a53342498a26571d14beb43b3c2d25cbec8d	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = dc2f1b528263da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "292"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\igg-games.com\Total = "146"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "1148"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\igg-games.com\ = "146"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bluemediadownload.lat\Total = "100"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "357"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\igg-games.com\Total = "147"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "146"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bluemediadownload.lat\Total = "49"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "1469"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "132"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bluemediadownload.lat	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bluemediadownload.lat	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "1517"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "146"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "246"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\igg-games.com\ = "148"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\igg-games.com\ = "2"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bluemediadownload.lat\ = "50"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bluemediadownload.lat\Total = "148"	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 8 IoCs

pid	Process
4516	MicrosoftEdgeCP.exe
4516	MicrosoftEdgeCP.exe
4516	MicrosoftEdgeCP.exe
4516	MicrosoftEdgeCP.exe
4516	MicrosoftEdgeCP.exe
4516	MicrosoftEdgeCP.exe
4516	MicrosoftEdgeCP.exe
4516	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4496	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4496	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4496	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4496	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3568	firefox.exe
Token: SeDebugPrivilege	3568	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3568	firefox.exe
3568	firefox.exe
3568	firefox.exe
3568	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3568	firefox.exe
3568	firefox.exe
3568	firefox.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
4264	MicrosoftEdge.exe
4516	MicrosoftEdgeCP.exe
4496	MicrosoftEdgeCP.exe
4516	MicrosoftEdgeCP.exe
3568	firefox.exe
3568	firefox.exe
3568	firefox.exe
3568	firefox.exe
5904	MicrosoftEdgeCP.exe
4264	MicrosoftEdge.exe
4264	MicrosoftEdge.exe
4264	MicrosoftEdge.exe
4264	MicrosoftEdge.exe
3568	firefox.exe
3568	firefox.exe
3568	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4516 wrote to memory of 4820	4516	MicrosoftEdgeCP.exe	79
PID 4516 wrote to memory of 4820	4516	MicrosoftEdgeCP.exe	79
PID 4516 wrote to memory of 4820	4516	MicrosoftEdgeCP.exe	79
PID 4516 wrote to memory of 4820	4516	MicrosoftEdgeCP.exe	79
PID 4516 wrote to memory of 4820	4516	MicrosoftEdgeCP.exe	79
PID 4516 wrote to memory of 4820	4516	MicrosoftEdgeCP.exe	79
PID 4516 wrote to memory of 4820	4516	MicrosoftEdgeCP.exe	79
PID 4516 wrote to memory of 4820	4516	MicrosoftEdgeCP.exe	79
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4516 wrote to memory of 4220	4516	MicrosoftEdgeCP.exe	81
PID 4908 wrote to memory of 3568	4908	firefox.exe	86
PID 4908 wrote to memory of 3568	4908	firefox.exe	86
PID 4908 wrote to memory of 3568	4908	firefox.exe	86
PID 4908 wrote to memory of 3568	4908	firefox.exe	86
PID 4908 wrote to memory of 3568	4908	firefox.exe	86
PID 4908 wrote to memory of 3568	4908	firefox.exe	86
PID 4908 wrote to memory of 3568	4908	firefox.exe	86
PID 4908 wrote to memory of 3568	4908	firefox.exe	86
PID 4908 wrote to memory of 3568	4908	firefox.exe	86
PID 4908 wrote to memory of 3568	4908	firefox.exe	86
PID 4908 wrote to memory of 3568	4908	firefox.exe	86
PID 3568 wrote to memory of 3372	3568	firefox.exe	87
PID 3568 wrote to memory of 3372	3568	firefox.exe	87
PID 3568 wrote to memory of 4372	3568	firefox.exe	88
PID 3568 wrote to memory of 4372	3568	firefox.exe	88
PID 3568 wrote to memory of 4372	3568	firefox.exe	88
PID 3568 wrote to memory of 4372	3568	firefox.exe	88
PID 3568 wrote to memory of 4372	3568	firefox.exe	88
PID 3568 wrote to memory of 4372	3568	firefox.exe	88
PID 3568 wrote to memory of 4372	3568	firefox.exe	88
PID 3568 wrote to memory of 4372	3568	firefox.exe	88
PID 3568 wrote to memory of 4372	3568	firefox.exe	88
PID 3568 wrote to memory of 4372	3568	firefox.exe	88
PID 3568 wrote to memory of 4372	3568	firefox.exe	88
PID 3568 wrote to memory of 4372	3568	firefox.exe	88
PID 3568 wrote to memory of 4372	3568	firefox.exe	88
PID 3568 wrote to memory of 4372	3568	firefox.exe	88
PID 3568 wrote to memory of 4372	3568	firefox.exe	88
PID 3568 wrote to memory of 4372	3568	firefox.exe	88
PID 3568 wrote to memory of 4372	3568	firefox.exe	88
PID 3568 wrote to memory of 4372	3568	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://igg-games.com/beholder-free-948931712-download.html"
1⤵
PID:1388

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4264

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4568

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4516

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4496

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4820

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4220

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4640

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.0.2042059094\1570651937" -parentBuildID 20221007134813 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2080777-4565-4787-ae94-2549305299fd} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 1828 27dfa204758 gpu
    3⤵
    PID:3372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.1.1244307396\506612589" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3c72765-72e6-490c-b439-019e14308a57} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 2184 27dedf72258 socket
    3⤵
    PID:4372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.2.76967910\1778237773" -childID 1 -isForBrowser -prefsHandle 2848 -prefMapHandle 2936 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {155e0408-eccb-49a1-8e4a-2c8fe233f647} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 2928 27dfd2cb858 tab
    3⤵
    PID:5160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.3.1740804441\134380853" -childID 2 -isForBrowser -prefsHandle 3428 -prefMapHandle 3420 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c88a043b-87b1-480e-af2f-c4bedb50e5ef} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 3452 27dedf61358 tab
    3⤵
    PID:5288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.4.1495771451\200808452" -childID 3 -isForBrowser -prefsHandle 4028 -prefMapHandle 4132 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7067a269-d8ee-47bd-9133-a09d90f63245} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 4136 27dfe697358 tab
    3⤵
    PID:5400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.5.1084922176\25971705" -childID 4 -isForBrowser -prefsHandle 4812 -prefMapHandle 4808 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6f9becb-b62a-4e4d-b228-d4308b132eef} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 4732 27dfa206e58 tab
    3⤵
    PID:5972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.7.716429211\593239558" -childID 6 -isForBrowser -prefsHandle 5108 -prefMapHandle 5112 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdc85250-a6d6-4c3a-b8a9-009b8f495b41} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 4732 27dff659e58 tab
    3⤵
    PID:5988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.6.681842268\354636545" -childID 5 -isForBrowser -prefsHandle 4916 -prefMapHandle 4920 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3612f4a4-09ac-4de8-8579-141c16f32849} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 4908 27dff65bc58 tab
    3⤵
    PID:5980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.10.733257844\1459159088" -childID 9 -isForBrowser -prefsHandle 5916 -prefMapHandle 5924 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee4386b6-5a63-4a12-b569-1f60f0b88c70} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 5996 27e0096c258 tab
    3⤵
    PID:212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.9.2023142294\1768545058" -childID 8 -isForBrowser -prefsHandle 5732 -prefMapHandle 5736 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4aee917e-1186-488d-b41d-9f7f879e9ff8} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 5724 27e0096e658 tab
    3⤵
    PID:1828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.8.475392429\1705711305" -childID 7 -isForBrowser -prefsHandle 5568 -prefMapHandle 5564 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {074cb354-5527-42c5-b300-3c0033f0f867} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 5576 27e004f8058 tab
    3⤵
    PID:5472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.11.1334368558\457299575" -childID 10 -isForBrowser -prefsHandle 5960 -prefMapHandle 5964 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {debf5b7e-db63-4005-ae46-3f0819d6b0d3} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 5948 27dfb8b0858 tab
    3⤵
    PID:6404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.12.360554690\1265922157" -childID 11 -isForBrowser -prefsHandle 5868 -prefMapHandle 5864 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5aa1076-0b0a-41ee-9c1a-be8ec68e79c2} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 5856 27e0096f258 tab
    3⤵
    PID:6940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.13.1865825393\1890901957" -childID 12 -isForBrowser -prefsHandle 5868 -prefMapHandle 6468 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a248bb14-96cd-42da-b57d-a329ee4ad398} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 5576 27dfd23e358 tab
    3⤵
    PID:6580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.14.1222863934\478023856" -childID 13 -isForBrowser -prefsHandle 10568 -prefMapHandle 10592 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ace5225e-dae7-497c-a232-1354074f6e0a} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 10556 27e01e04758 tab
    3⤵
    PID:6340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.15.1627130697\873135592" -childID 14 -isForBrowser -prefsHandle 6384 -prefMapHandle 10432 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {39f3d669-7b78-4b4e-92c8-d89255055fad} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 5880 27e00a93558 tab
    3⤵
    PID:6192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.16.2094876973\1697254788" -childID 15 -isForBrowser -prefsHandle 5996 -prefMapHandle 6108 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1ba1c7c-1c9a-4651-94d6-41c7fb504643} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 6348 27dfd23e358 tab
    3⤵
    PID:6960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.17.675127331\397939193" -childID 16 -isForBrowser -prefsHandle 10252 -prefMapHandle 10256 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {262c5352-db35-45d5-947c-18db35e3c353} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 10244 27e00b05c58 tab
    3⤵
    PID:6968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.18.1672065372\1461810347" -childID 17 -isForBrowser -prefsHandle 4236 -prefMapHandle 5980 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2a9cd3c-39bb-4c2d-a7ae-ada0aeeecb44} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 4196 27dfd2cdc58 tab
    3⤵
    PID:6664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.19.1664326702\278275030" -childID 18 -isForBrowser -prefsHandle 10456 -prefMapHandle 5940 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {efde6702-9579-42a7-ac0e-19bc8e28e05b} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 5832 27e0114fe58 tab
    3⤵
    PID:4632

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\36O6T7NK\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1zsiigt9.default-release\cache2\doomed\13867

Filesize
9KB

MD5
688b1779d1f81616e533a273df8c6447

SHA1
84c6bfc0258b06e7a919328e9b43466cbf15c1c2

SHA256
3eb1e616d5c8c830645efd444c638a488a1974f58da4532a0f2c07c6434e87c5

SHA512
b8471064db045ab63ffdc4ae20ef3e01290559a6728cf2e62f57f0e30dadb01fa45d729838cd7a30d84a8c15e269b716efe08767bc3e8dc76fc8e46cf383b031

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1zsiigt9.default-release\cache2\doomed\14570

Filesize
8KB

MD5
c027298c81b74cb234fcd0184046351b

SHA1
63a01e8aefd1fab6f1bf0400872cfcc85b6ce665

SHA256
fce898fc717fd29d7531fd2a3f030c02eec81ff3bfedfc20d3be9ea7390c14c4

SHA512
275e588302fff702ea1166e62e330b0087c59e72027fa16bfb2f2a2a1c559c4d2cc50d9bc6f3a3cc2ccf9d1a780ef223273811745d54532f0b24c9d9caa2b33e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1zsiigt9.default-release\cache2\doomed\25837

Filesize
8KB

MD5
1c71cd813a7f529b6f1aed496a00a456

SHA1
b48751e8e9b109dcf70b772183a46a00b9a8728d

SHA256
915927d12eca0630abb5a24858b8d8ba2776dd53e3ff112764f77ded10d0d460

SHA512
134ab5113feb9ba58115b12aefd199f6e82e5dbddb5b845a3226d6fa3f636ae0921d23b85f8e4c51f72c0d04a1bbe9a915c3dda133d634a0eec643896037f035

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1zsiigt9.default-release\cache2\entries\EA8584C0EA46173A0776AE7873DAD4F6DE8AF740

Filesize
203KB

MD5
96e27a58c292a32caabe3a995749288f

SHA1
5ce74ee07aaacb641d80b250ce9f9dfde9860d75

SHA256
1e0966cf169966f289ebfc68f71d567b48b3f13dbd0e97fe5990c7e148b9c6f3

SHA512
483a34dd1fea35c2f88c301d94bdd05bd4328702e03fcec250257e6d8564042a7e9a29bb63d8292cf46048c0c3f35039a21268e81399b31b8da9216a5d3aa913

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1zsiigt9.default-release\cache2\entries\F496FA95CDACFB4A967635D804BD828046EE82AF

Filesize
24KB

MD5
483d807e1b5094316ed48e051e1bb27f

SHA1
bf0253f453e3547cf3555fba8a0d408960ac8ec2

SHA256
76b162d729b06f43bee8e6452001692df11ca1f696e0f3e32aec4905cec6af36

SHA512
1b3705060568dfa1ad1ac593fbbfaa72a02db0bc66380813a458af1f6212c26677e11349c13eab333063af218190e1545e55786332bb86ea1c3ff92da0a8d140

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0GYI49ZR\warmup[2].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D73LLTEW\48166[1].js

Filesize
6B

MD5
4fc71bf68a1d477bd1523733e34d1e90

SHA1
15119105cffbe108b6cf290146ab02c9aa8517ba

SHA256
74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce

SHA512
e8e5f5430841f9cdaad492efce3fed11992913ad2b714b27c6fd147c55b2c56dc1b896635f24c2b180d4215c70ba9a042847d7d9cf3ff8a67b636a4c0ca1ce3d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\6LO4SGVG\igg-games[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\6LO4SGVG\igg-games[1].xml

Filesize
422B

MD5
1d4cdb38d2465e844750255b56b8f7bf

SHA1
3ec28693751b7f6544746fbbd24746afe1318352

SHA256
efbf61168ca99ad0871714b4aa4f781ebf7531b64fcf7ba261f0c074c4f53d16

SHA512
e60d10acb78ab3b6358f03489a5d9ddea19b8d0306e709ff0ad1cbde4683107d72d1a1405a9d0a7f0aab184fa9ba47526648b4555fe55b511cb142ac82928f36

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NJ5EYFGJ\bluemediadownload[1].xml

Filesize
422B

MD5
499dc1343c4772cb194f6c9e39af6b55

SHA1
af68598b7316ea5123916e502e0ac414aa50a40c

SHA256
57504efe3427920f9069f4181d2fa890ee616f0279a2edbabcea4c09c579a09c

SHA512
9acc9e9ba888eb2bbd73fec7864a160445b738dac97532a294fe8b2abf3965f468f329777175f2a32af22ea44c0ef2c5d51098ef6ce3a81f43814a7b3bef6053

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NJ5EYFGJ\bluemediadownload[1].xml

Filesize
422B

MD5
ac609bd96394c1123e79917ea01b879f

SHA1
3a4d7a80c9d27de504233f9cb9c3855d68422d05

SHA256
3341a9b73b86d5c115b3dad6ef7689deed6103d0d6fd0e3bbeef56a5c52ec9c8

SHA512
d51f1e3aa4721afd9329f4dcf4a7890733fa8f7ba60aa0473cfa97aa38f2fae6131fcaf5fb7927e6e2783128e0f72baa9d275ae5561a96939640a658c74665d9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4USXU8SF\favicon[1].htm

Filesize
219B

MD5
20a37900d2513d05a22b27c79251df54

SHA1
ab435ddaedab31c9ddb43b8b81c633d7e4febd9a

SHA256
e457dfc1e1528f74a4b7e44462a954a211b2f7a9933cbfbc116ece1361c1d15c

SHA512
8f0f1672271e1b0b77c71451d5f827d7b0299a9da4e097c7c951b54599ef3d0ca9c8a7fde6d9cdd27d7e3cfa7530953187cebe1e2a76ecc73221953502a42b44

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4USXU8SF\favicon[2].ico

Filesize
6KB

MD5
72f13fa5f987ea923a68a818d38fb540

SHA1
f014620d35787fcfdef193c20bb383f5655b9e1e

SHA256
37127c1a29c164cdaa75ec72ae685094c2468fe0577f743cb1f307d23dd35ec1

SHA512
b66af0b6b95560c20584ed033547235d5188981a092131a7c1749926ba1ac208266193bd7fa8a3403a39eee23fcdd53580e9533803d7f52df5fb01d508e292b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\NM7R0GFQ\favicon-16x16[1].png

Filesize
1KB

MD5
868a2d23436f008f0c63fd8e0e0ba515

SHA1
d3c84f637c7c71de847aa7167758467c7a76d391

SHA256
b47d45cef48ad6c1d1cd50167396a22b1bfe603c92f5da62269b0bb0242942b4

SHA512
6f841664f384c07e05589809ba1faf9300f67890b82cd302ec915c64ac843400e7b2bfd562412be1e96d92c08ec4f74e16c12b8641f6f1aee401070f52e38d9e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\P3H25W9V\i96x96[1].png

Filesize
2KB

MD5
3df25eb95d1888e160df779d493643ee

SHA1
c4907473c9688b56a7eef2f2e99dfde1b6fa7994

SHA256
c76d5eed7b9849b014957df851fdb3a94a183d56505a4711a90f5bc67d4c64f6

SHA512
c8641a363ec36c355e863101162a34f9104915334d5f9b9cc6a41f2c292af2d161f2f29793a2b50e0785ca600ea7ca5f17e943bd8f9417664bb2b63c599d8306

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\P3H25W9V\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\TFCSJTLH\favicon[1].ico

Filesize
37KB

MD5
8139b90c0ea8734ca14cf8db8d6c4c9b

SHA1
6d178a121c23f4fa919555af4587bd7ba4cb5897

SHA256
7420a89ba96761fd661f99697e03bc765afe6ddf5005edbf1a95c0771474474f

SHA512
cac1feea7471c212c1fe76fae5180c1ab4b461b3a432771bd7b2d8f4bdbd79da59758a733af780c5a179913fa5ed7df4e6b74e6a5d08e089b3b25c6194d59839

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\jmrkutu\imagestore.dat

Filesize
56KB

MD5
a902976c11910368f54f3c9f9b4182be

SHA1
364c329c470b2e8cc0cc7801639647e0fe8b33c8

SHA256
b4691d63495406d1c7a821c826343722b4f3020d88a9ec78b0f06008beab4904

SHA512
e0963dafcf5a780cd0986e07ca03a3d472b944e0fa5650cdf5d1deac67dd35666bf428491dd6009109b3f37c87385c38d181ac318946472d2787e576d22ed8a3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0GYI49ZR\DVNOMJJ0.txt

Filesize
26B

MD5
04faf739d1745346a3d0aa14ba559cbd

SHA1
09d67c4383968be2114a457789814674315eb3f1

SHA256
a0e4eea27cbfd385601bd97f43a98acb36a0c1517e24a37e389069f15ee020bd

SHA512
8a50b2ecba827069bce508edf27ffe855ec9b5de76d6e1427610e1674272daa760f64f9e0a3e8aeb63248e6183ae0b04fa1abf416775a88538f04e7a2336f284

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
e609d7890fd3c03e60c7832dec5e7411

SHA1
a2045e05a9ea76e020fde3c9757dc50ec6a09778

SHA256
0da14abc4cd65dcd8069cab5e3b661f586d9f830590dcd9205208bd1e5229bfa

SHA512
1f892bfc7a5c05a7f30f1d8f3ac1e0339bef44f03e3c143a2137e1363518e0bea7e655f2cef36d1467457861c500a1e1f18435800114c386d51ca996095baad2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_FE7F1376F45429175076B763EBF8B3E6

Filesize
471B

MD5
3a43a2953ebdaebe4968599e020c348c

SHA1
28cc9f5ffe51aaf4ad673f49856e596bcc49f6ac

SHA256
96aaa28e3e40afff2c0704483e82ef079faa746fa35394ace0db432a193333f7

SHA512
029f7995825cb6810dc71434467db2cfca3f11c51edcbee3221e538d51c775b1c8d6440681f095e9071fc3b5cb74d327918ac6b13e673c4273e4624f56f191b1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

Filesize
1KB

MD5
4c3cf2d388ed9deb9d3a87f89e2d2993

SHA1
e537582b72d5f97dd8c753a70a13ee46425e618e

SHA256
074fd2c7f376735bd3eedeec97e3f85a082850e40500035415e579c5bc9630d2

SHA512
512076ac488a4e607769ee0de89b04b1492dc654f076777386cad6795e5f25596ecbda79a0d87e16c0117f4419a2319b5240ea740d1d46afc362aa0a26180e06

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

Filesize
1KB

MD5
f8c0b4972e7aa22a04064680383fd2ef

SHA1
f73d2179c7fbfaf8a483578aa49da4f471af872f

SHA256
a20cb69f864214b593960fe429b850d7a4f770802b70554453caac167841b048

SHA512
6e94065e78ea3743cf5c0f22b28318569018f34257a1108b476439cb65768773ec691bd7f730e2e2804572fe263c73cb9cfd6fb0f4742358833b2e6fbf6bbe8c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_8F986B155B6342EE1ACF678AFF6889B0

Filesize
471B

MD5
921f865987498981b8799e3358c955aa

SHA1
d1540581fb09f69737b8f44f5f04a61985bf204e

SHA256
4344e0bc60beaea2b418018735c4bc61b3beb595d361994faaa761886b1c42e0

SHA512
eeef99b2bec587a19a76c161135237e37ff976da103e536c1991093047bf7487fe81a211fe0001b2406f8d32be92cae39a9d5f4bf39ce9f9b151d0da8c1b602c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_FC81B3040A3979C87E07C970CA7A4407

Filesize
472B

MD5
399d7656ae2e7cb18421214a3efe6da6

SHA1
87865a0564ea31f4686d8539edd0360099928cae

SHA256
9f9e42b564944863b38f44ab1e28229a8b60691799097e485159e157077e3dfe

SHA512
b2aab4c103713fabfe18aab9f306a607cf363ddd3f4fcbd47118efccc6062829e996d86bca64bb54f8eb7a7517e6f0ae0bd38f424408fb9120b19d32c5b49525

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
a76bafe68800e5197aaec9095e9f0897

SHA1
291605d788932972834e518d8e23195c2b7fb42b

SHA256
6e3200dc66c566ce62ae26a54221736c513acf84f7cb58d25d43e84c3ecc9b4f

SHA512
64e5be059871f9799088520a1567dc590e411eb7f708f599cc90608e06c6e8f7c6cf3d221d8d00170581894137428dfd2dcb0735e4569b4cc47365c5ebe706ae

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
ca490e658cfc1e94694f371e44b95378

SHA1
81acd656b966f8ad9f06de6f0b895c6d4299e8a7

SHA256
a61b16cf5b13529a9bdb67349d562e31d80b1a4557d8e6da130ba9db15cdf8e0

SHA512
19f56d0879a875d7ab63a02db549c8b106fa5abc0430f67b91603f6737710b778fef1db2bad5b9e2940065212bd304711b72d3f8dc7206d28b67abf6af9a9ffd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\C63D8CF3EDF8E3D437663ADCD93A5DA9

Filesize
503B

MD5
867d343a524963bf91c73207ab5e837f

SHA1
e9eeb24db7f5e9bbfc5c33509732bcb5ef8e47f0

SHA256
f8f1bcf9da52297970f4164cc2d72a27654a503c3c66e32c66796da871873d4f

SHA512
4a3e330366edce135abcb7037478309bb6b0a384308feafa0341fc4349fae07414b2362b7ecae71764ffd89b2617aa137352dea13c3d6c5490f83d5a15a954f7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CB30BC3057811AD8A6FF91AACAF97692

Filesize
503B

MD5
914511e51c2cabb03a6a0871c85b1151

SHA1
9d0a9e8da325b7aff4f3c2dd86fc7d054c94c7b6

SHA256
a817daff72ca15499032cedd5da43dd9f32463c7c4c03ef6e4e6cdc246720246

SHA512
c84f051dab6f7e18ffab230ef848ee2996a338428f615950eb88b1c9c2f146f9b26db7d97e311353915e44bd673cb15878f85fd7546e037d514af4307ccbe05f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

Filesize
471B

MD5
76a105ba18375e6c18d1d5badbf61eba

SHA1
94cbddcb09609e4804e6aff9e51711dc411e201a

SHA256
2ebb6013e50efade4b9227efa1a16d1fd8eb8a774c94198bff2146366a8cdd33

SHA512
515aa5d7e33c1ef16cc2dd6b4e9b21473d35cb3bad633c04c1460e39b71cf0e004e8ca1d6f8dca7f384fc5139235d859698d4d7d58d6f94cdfa6872cee2600b1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

Filesize
471B

MD5
8a9febce6956635e8e57417e8d6a57bc

SHA1
0b35fb18b713b949365946a0245949db1c2b9ec4

SHA256
2a421908a3d46f6086dc8c916d096dd7a3947cb72f854fdc67cf3b1fedfe4ce6

SHA512
5ad853fc2c384f946144e0517d479b6c805121e9cf8754d27180159d937774b9ce403fdf7343613df714c3b45cb782869381f1057f57efaa957baeaff36bd4aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
8309031b4706bd5e7bbdbbd5b9cfeb96

SHA1
dfeca4cedcc094030e7790eab6e69f66927a0b02

SHA256
001af2d8b3c71699319ca5a152a02ffa5a648550c620c899630af5e8164331f5

SHA512
e2880b8c00168f7729ab3d307e569ed705f588293f3668bc423482e99bca82f0c887f312aff2e02543b85639908efc2ba5d460692d203abb6d7228487a53e206

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
bd6b20cdfa1d18676eb629c0e0f42869

SHA1
27f1ae111769fb072b24fb2054f7d4d2157b5c06

SHA256
c0198fae92262243a115160fc79bb9707f2e78b3f5d52b286f1294cce36044cb

SHA512
7de36cf3acf8e99b29c78b4c72c3299060145761ebdfeb81aa912432c786420ca7518c2d67d7fb52d18f37b5cdd768cbea903a30694dc36737dddaf133725bd0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_FE7F1376F45429175076B763EBF8B3E6

Filesize
408B

MD5
9942bca46d8bcc71dccea058dcaba836

SHA1
491b8115e76718285fd8d0b90a739a38d191096b

SHA256
92f7aee2d274f6f840a90396a8124e4a30a6540979fc079b5ba4a81efd7237fd

SHA512
13647f02774250061d480ed1cc7fb7b3ac215bdd45c9bcf5094eccfa6fc5f3688f70901f2e66d0a5a1f21ad2304aab27b75c1fd7600343f1093528dd5eaa3cf9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

Filesize
434B

MD5
b24656794202ee71245d20bb73d91131

SHA1
e5769410dacdb5aa3b6770ebb924189d3967aa23

SHA256
692decb4e349f2294b75d55851e5099b6469d2ac77e7db7ef502488b92103e98

SHA512
cc3f6a464122ab93bb906a0f4610b0b0333e48a97d75d421eb5af51055c5317657e8ef9f3e75cdfe2f357aed70fc1d89e96e981088b0e0cad97a00b13025dc0f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

Filesize
438B

MD5
e3958ddf8e4dd63ef5e06b62ffaf0031

SHA1
f381648ab4428af55a570b202aff1cbcf99a338a

SHA256
359ad412e93ce12d388cf88c3e9c083f3787b1e5cf5c6a6da1c72da712f5a230

SHA512
1cfcfb66d72922ea11deb327e8542a3861103541f4fc0915630e97f745154685f22cd324e93c5fc6b25ba4e0f4b17f9497a32cf16fa45a2dda75b58231e13a67

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_8F986B155B6342EE1ACF678AFF6889B0

Filesize
406B

MD5
14681170469ac9aae964e65b4a1a5746

SHA1
4a4293067b1a088b1c10c32d37e9b67cecb0e491

SHA256
735d793819bcf8b7fd87bffef0fff2171ef833f6459177c8261fbeb00e2b079f

SHA512
304d1c3aa05e747a1e85d0a1009abd114ffd060a97c8658c9389e2742b0609a348cfbac70e8d30dd6be04b31f00a95b15f8948132ec767c3f933a78d2444ec92

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_FC81B3040A3979C87E07C970CA7A4407

Filesize
402B

MD5
e68cb8927104c9e62ed26cb0a6a0e74c

SHA1
7af069cf5a9c265d967bba5975cb07629d3d2c3e

SHA256
b35faaef659d2be3fdfb3ba4f0ab688e448679b77714193b810f80665b478451

SHA512
4b96a68945ce86de662ce37d8274c8fe006f7bda054ff2081dc23aee8b57af325f959f7d56ce47c1df91d5b9f4cfce1b05eea18b60da5793d56f788d0ded1b57

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
a8c57ab515aee5d5633f072aae18e312

SHA1
f71beb38dd63e64136f2bab07667b2df73cd5802

SHA256
61354f886b0252f9f85f4144ca28642ec735eca600e8c941e385c723639ed390

SHA512
53b29488af7f4035802b5e7665613c31dd5fd31fc69c9e8423e782218bd83c0432dbffa1def8a8c9889d99af4030dc60cf2e1b4dc009613ae952a77e41baf23a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
2fbe93b3cdd3d19b682bede53d99158b

SHA1
e69ed506994338dc075d919aa9bbd7cdb8f68fe4

SHA256
4868d65294fa255f4c25073f09c68237ab09e3f862130b9e10233a44e68fb713

SHA512
54fae980a1c0f2a271bb519c65251b47733991722fc03ceeeb67d916a51fe485f7a1174d461e45d7b40fba623279c5ce1dd200c2cee978edcc22b477be232f7e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\C63D8CF3EDF8E3D437663ADCD93A5DA9

Filesize
548B

MD5
a2ced7fce16ee690f3aae67e70e24b4c

SHA1
eee5600defa81033742ff50bfd4ed2f469903d30

SHA256
5af74d507bbc10ad8fbc8f227645e62f461d790a2b4b4ad8d516bc8a45d61967

SHA512
450a0b176c930afd805dd39196592df3d4f46058a4dc2adeba03ce0012043515306b37f8df2200c0410acb5a6ec8e4e44a63fa8a04ee434aabe232af53f0ef8c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
87cb9c44deb443ab9935104c5dbf827a

SHA1
9d3a703b9e50ae2c158cc762bc6faba8b223075a

SHA256
7a8c9fd4b30a1e8e6b79a1cc85a0a4fc4f9ee2473d309080a1d7f00dbe04a65a

SHA512
225cf23238ee787fffc1cf28cdcb44ecd1170e3a41a9472c6d77eea4fd0ab64911a3291e75cf44b653991995142be99ef13099e13c3b8ee15a2769c034667417

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
f320cb3b331da8020ff14dc32a893ba4

SHA1
0cbc308df4ced25694fe045b85522b9087ea1391

SHA256
8d754a4650a483e569d9d4667fb63b9cfe48df330b4c217ade668849ebd8ec6a

SHA512
30bfa501fdf0356c8231f16815875531365eef05f06ce463fd9cbf5f72ffc6696cfd3cb9041675c40e4e4b7f3ce7c0df221820f3adc5915989274289def54520

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CB30BC3057811AD8A6FF91AACAF97692

Filesize
548B

MD5
8b1b93e9d400871e98019547a29b5f14

SHA1
3dc04f8fa1e7264fda37ab4052b27fa7d3b8e08f

SHA256
a228f6c2194dc47446c6ee548e761d8096c6ef0b0e20626c8d082d33482731c3

SHA512
9d3a861b188c311587943d9a66c6c8471b99784b207f501b265d39dfa3627541afab1809b18ea8277caa20612aaad6b14bac583dd87735c1bf8e575e0e317821

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

Filesize
396B

MD5
f1f0bf87c73adb6d34cafd02a1ea6439

SHA1
42a2ee2e93aa9309d1b365763034ec1d5efbb26a

SHA256
520d55cd05b659331d8af97af5c818f3185e5cb1766c3c048899c703a72845d3

SHA512
3dd84669ae19b7292a265c7730945a4fa6c4f785b765be2281e3a3dee57da27941e6dbdd4bbb433d0ffbe1d9ada736a8d76e36067286af470487205a96ada7f1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

Filesize
406B

MD5
ca15d6ca4ef9ca1029cd5c26c076771c

SHA1
233c8caf5680a23b37584279b83883d5f844c207

SHA256
8c647f80650bfad6f662d577f0eb7c8fe6ce31206c56fef215de6f21c308664c

SHA512
009db662d0148a0aa73ec02ba3d2ee9d9a74c10b51396dd984c1970d82b21248e3d94737d7fd617d3a5fc571d453d5c855674b28cbd6628f8087b979ea7d7840

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
71dff3765eeefb4f20730382135fa8ee

SHA1
b330aab5c3c0be3f42855d805cc19e8dd0dc0528

SHA256
503c6f30bddd4711dc4dc8b2522493b2ff1915677fb48fe63541bcadd7a25cf6

SHA512
8e760aa2df2e2f5206a2ae86a32af48dc47f0446a4134ab7742a299bbab07a437288f9c58a77dc0bb4b1eadd719ff86845098ca56f45767d685911b018f3155d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\datareporting\glean\pending_pings\f16008d9-84a3-4b3a-8c0f-75ac9dafee3d

Filesize
746B

MD5
8098a4cc8a3bcf481fd2918c5098cf6d

SHA1
d58b196eac43c658bf25710fc8cf710bc6062ac1

SHA256
4a770532135cf4dfcbcb58b846e84fe5d1b5f98007a0b8126c7ea978efba9ac8

SHA512
0a412131ca32bd306422a0220dce3deef471b33aaf3b7919d85d83a8fb729c7996092a7f00610182d2a5a36266089b2b3b3cd9b7d2c445839b539b996b01b520

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\datareporting\glean\pending_pings\f3e466f9-61ba-4b65-996c-fb536465c00f

Filesize
10KB

MD5
0b8ef63f74123cdcd6ef1f461d3c9d34

SHA1
534a12c970988ebdfda19ead7c7c4a0e7af115c6

SHA256
060239ebdfeef7e22b01025c42ac2788a46ac282dae326e972b6f9aa98d67284

SHA512
587963daa025297d34c2b0638f5c6a15770945cdae8a127df7bb511f1689918a8657d9f7d4bc2e500327c8e4478661dcce3844609fa396b51848cb0c74442dca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\prefs-1.js

Filesize
6KB

MD5
f0f28d3bcf011399e5d8ae3789a8d24e

SHA1
e27e99dfe89c7a38c95ea3672d18e6d9efd29bb2

SHA256
9f96b0992e336edf5621357f3030144710d350c9abdb0d6b4d66c70353253ef2

SHA512
e4b27d746c1d88e1459713c8117bf9e0e70a29d99470c654546557600eef9a64932be9e1f76a5ec3f7f8038636f34121b20812685712c83ee46a910d93392e9a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\prefs-1.js

Filesize
6KB

MD5
d7e0be61c6af9fad0a03a563af8fb893

SHA1
157da40f323af7e2f0f0a6b9a1fc9bb07a83eac7

SHA256
aa80589546ea49ef47b1efd4e812ae66e23146592f3ea29f252a4445866e4c2a

SHA512
b6da8c9034f4f602cc3f913821234dcf1ffb31771740431a411c674932afc809db5eb39052390d325b3efec1251ebe95c00a5b2c66c3e8644a5fb45cdd0c9cf7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
53a02fbc40f85aae756aa7d1e55e3aca

SHA1
0d63a15cb8c50d7661229949c4587b797d189285

SHA256
786b42abf1f84bcd09e35413d865436bf51a127d7d3baa7694286b1eae30034a

SHA512
94e08137eba56bf4b0ca72b2ce761fce81aefe260414254aaa6525cdde6aa06591d8816db7382f1b68c176f8a4091ab610691ec65df9c250dc1b5ad3beb9a4c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
dd3ac14ca5126fe8587bf05acf71703b

SHA1
17ec16bd28ce53887d8b8a27885a33458d2729ca

SHA256
8d8946ff987288e45c7ca02ec0fef9e42dcede131e780c0ccaca6437bad8d2d9

SHA512
30ef505d4a587b4b672a91df524fdfc8ed44791510cd906e2d210ebe1f1f742180be196e13fe7beba9ac9d044106dde2647c3487a4fc50dc91fb6ffb7ba05c7b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
aaf109a3c653ad426647ad3398666da4

SHA1
6480c27834e67938632e476e08b3bcb0c724f093

SHA256
f6a39cf870c5558102cc10b5ca96a2bc68c7ee969aa9fff3c1cfd2db6b6bb611

SHA512
5468815641135fb337a51a48b5d10a6113f2b229903904eabb0c9a4fa95cd80894ec8d1cfa2c6c970f521a242590a461114323b707a354112b3f7c551ae3aa86

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
97782a83dd68c55ff4e321bbdb130656

SHA1
5c625a6ea6cf4606808d4399b46a02984bc778e2

SHA256
8dafa22c4b7815ac86112c093399a6cf4e67c54cfae1d4bf8722813d8f5e5c61

SHA512
c24c9f2c4685871e21e5190c69d241983aae88f82204866c96e3f5b8db5e90020c393f4430f71ee910922af04eb46fa0a36f5d2a5fb97742fada91f8231d16f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
a602e72b2b5733573ad9444609c1d565

SHA1
1a196f5646d9a6f11ae13686529352adf8c2c95e

SHA256
19299492b66e74f5cb466e51801f74671081b5c513a58aa12f4810a61d4c85cb

SHA512
bb1b5b04c9e094441892456b90c3727045052d4679a66ef8601e929ad5bcefe935ca76f15adfc691b0992506540d79ade484d42094f79fe0ca4b18c676643904

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
339e25bb323dfe9e6f5b342e6e76ec5b

SHA1
6399dc5bb661361d4dda3253ba50529702f1805e

SHA256
3bc7ff9cc2fc0b05c24d070d6f08e8d91f4f9e0b8d23754ab83796b469655f62

SHA512
e2015d18e6ef6f185269101ffe85c06131baf79e44e36ce792a3b14b410d31fa250da337d68bdd6b4a6440d7aacad560a9ee32cc3472567ce9b78c1b7c87bf2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\storage\default\https+++igg-games.com\cache\morgue\97\{685fa202-6d40-42e7-a4e7-a8d53686bb61}.final

Filesize
59KB

MD5
7155678bc67358f39822ab6383229ef8

SHA1
c5f14b8021138398c97fb34cfa63e659f30a85b9

SHA256
30b1de2de9867b75ad66e2f4c6e40b8f00e97f654923eceb3543598b19df181d

SHA512
c0077fe4dda58734dce053440a8a27c014908842a61b67894560c97b4b20835b942b729b0852c57659bed8865261488aeec4a77e41d8a6b01c42f1942dee29ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\storage\default\https+++nugda.natallcolumnsto.info\cache\morgue\245\{dcc115bc-cf9a-4a8c-9597-292b72c870f5}.final

Filesize
19KB

MD5
6ae357d3eca9943bfe405453fb5d3117

SHA1
a7b4e52f5f4172891580d3bd82d799c6e7c3a55f

SHA256
bef6ccc141b4b6b7543e87ba449aeb566375883d7629b47b00a6a0527fb96121

SHA512
feab9d99edee23c942b827dd5ba456f1fae1de89dd32a005d377d9ad1748fc6d576d7fa3e903d05290bcf7e1698357a64b52f1794e4f7af90538b8a34b46f6e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\storage\default\https+++runative-syndicate.com^partitionKey=%28https%2Cigg-games.com%29\idb\301792106ttes.sqlite

Filesize
48KB

MD5
7618030e62580dc2c5eded5a75342ad5

SHA1
af3291e4a23865e3e9d4f5019f05a3b9fab51d29

SHA256
9cf3c388adeba36efb3ec6a5aebc241f694192c4b0533077225290de2b905aee

SHA512
b77fb23bb271be6e006c081bfe279961a08a1d5e595c18c5239eea3b3c014fec5ea58618d28554a84a5282ee12ff1c1c1a1b4276d5b4351e34026840f20517f5

Download Submit
memory/4220-748-0x0000012EE97F0000-0x0000012EE98F0000-memory.dmp

Filesize
1024KB

Download
memory/4220-755-0x0000012EE7F90000-0x0000012EE7F92000-memory.dmp

Filesize
8KB

Download
memory/4220-744-0x0000012EE75A0000-0x0000012EE75A2000-memory.dmp

Filesize
8KB

Download
memory/4220-517-0x0000012EEAAE0000-0x0000012EEAB00000-memory.dmp

Filesize
128KB

Download
memory/4220-655-0x0000012EE8180000-0x0000012EE81A0000-memory.dmp

Filesize
128KB

Download
memory/4220-761-0x0000012EE8970000-0x0000012EE8972000-memory.dmp

Filesize
8KB

Download
memory/4220-759-0x0000012EE8960000-0x0000012EE8962000-memory.dmp

Filesize
8KB

Download
memory/4220-749-0x0000012EE76D0000-0x0000012EE76D2000-memory.dmp

Filesize
8KB

Download
memory/4220-757-0x0000012EE8320000-0x0000012EE8322000-memory.dmp

Filesize
8KB

Download
memory/4220-753-0x0000012EE7F40000-0x0000012EE7F42000-memory.dmp

Filesize
8KB

Download
memory/4264-16-0x0000024A9E700000-0x0000024A9E710000-memory.dmp

Filesize
64KB

Download
memory/4264-35-0x0000024A9D0B0000-0x0000024A9D0B2000-memory.dmp

Filesize
8KB

Download
memory/4264-0-0x0000024A9DF20000-0x0000024A9DF30000-memory.dmp

Filesize
64KB

Download
memory/4264-249-0x0000024AA45F0000-0x0000024AA45F1000-memory.dmp

Filesize
4KB

Download
memory/4264-248-0x0000024AA45E0000-0x0000024AA45E1000-memory.dmp

Filesize
4KB

Download
memory/4820-121-0x000001CCF63B0000-0x000001CCF63B2000-memory.dmp

Filesize
8KB

Download
memory/4820-303-0x000001CCF5CD0000-0x000001CCF5DD0000-memory.dmp

Filesize
1024KB

Download
memory/4820-426-0x000001CCF6300000-0x000001CCF6302000-memory.dmp

Filesize
8KB

Download
memory/4820-117-0x000001CCF62D0000-0x000001CCF62D2000-memory.dmp

Filesize
8KB

Download
memory/4820-110-0x000001CCF5E10000-0x000001CCF5E12000-memory.dmp

Filesize
8KB

Download
memory/4820-112-0x000001CCF61C0000-0x000001CCF61C2000-memory.dmp

Filesize
8KB

Download
memory/4820-428-0x000001CCF6320000-0x000001CCF6322000-memory.dmp

Filesize
8KB

Download
memory/4820-119-0x000001CCF62F0000-0x000001CCF62F2000-memory.dmp

Filesize
8KB

Download
memory/4820-279-0x000001CCF5AD0000-0x000001CCF5BD0000-memory.dmp

Filesize
1024KB

Download
memory/4820-123-0x000001CCF63E0000-0x000001CCF63E2000-memory.dmp

Filesize
8KB

Download