hxxps://steam-card50[.]com/gift

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02-03-2024 17:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steam-card50.com/gift

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings firefox.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

msedge.exemsedge.exe

pid process

5020 msedge.exe
5020 msedge.exe
5312 msedge.exe
5312 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedge.exe

pid process

5312 msedge.exe
5312 msedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings	firefox.exe

pid	process
5020	msedge.exe
5020	msedge.exe
5312	msedge.exe
5312	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	2260	firefox.exe
Token: SeDebugPrivilege	2260	firefox.exe
Token: SeDebugPrivilege	2260	firefox.exe
Token: SeDebugPrivilege	2260	firefox.exe
Token: SeDebugPrivilege	2260	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

Processes:

msedge.exefirefox.exe

pid	process
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
2260	firefox.exe
2260	firefox.exe
2260	firefox.exe
2260	firefox.exe
2260	firefox.exe
2260	firefox.exe

Suspicious use of SendNotifyMessage 29 IoCs

Processes:

msedge.exefirefox.exe

pid	process
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
2260	firefox.exe
2260	firefox.exe
2260	firefox.exe
2260	firefox.exe
2260	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

firefox.exe

pid process

2260 firefox.exe
2260 firefox.exe
2260 firefox.exe
2260 firefox.exe
2260 firefox.exe
2260 firefox.exe
2260 firefox.exe

pid	process
2260	firefox.exe
2260	firefox.exe
2260	firefox.exe
2260	firefox.exe
2260	firefox.exe
2260	firefox.exe
2260	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5312 wrote to memory of 864	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 864	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 4640	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5020	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5020	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5476	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5476	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5476	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5476	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5476	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5476	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5476	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5476	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5476	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5476	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5476	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5476	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5476	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5476	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5476	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5476	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5476	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5476	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5476	5312	msedge.exe	msedge.exe
PID 5312 wrote to memory of 5476	5312	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steam-card50.com/gift
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7ffe08dc46f8,0x7ffe08dc4708,0x7ffe08dc4718
2⤵
PID:864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16545675278867127286,349802234894455807,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
2⤵
PID:4640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,16545675278867127286,349802234894455807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,16545675278867127286,349802234894455807,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
2⤵
PID:5476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16545675278867127286,349802234894455807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:5368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16545675278867127286,349802234894455807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:2792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1572

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5520

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2260

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2260.0.989512294\253576204" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4969391d-ac56-49d8-a5e2-7931fdf004b1} 2260 "\\.\pipe\gecko-crash-server-pipe.2260" 1980 29196bf1158 gpu
3⤵
PID:3168

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2260.1.1516881109\1650251773" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7454c6c1-3179-44e5-b93a-b373cc8ee0b3} 2260 "\\.\pipe\gecko-crash-server-pipe.2260" 2380 29196afc058 socket
3⤵
PID:5240

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2260.2.1848527977\1806459587" -childID 1 -isForBrowser -prefsHandle 2900 -prefMapHandle 3120 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de45e885-3313-4c75-b351-8774b3fdb4a1} 2260 "\\.\pipe\gecko-crash-server-pipe.2260" 3200 2919aaba358 tab
3⤵
PID:3068

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2260.3.2008775303\1709659977" -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3552 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7d80ced-0066-4b4f-806d-8e2180530dda} 2260 "\\.\pipe\gecko-crash-server-pipe.2260" 3564 2919bab2258 tab
3⤵
PID:684

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2260.4.852428101\1785886366" -childID 3 -isForBrowser -prefsHandle 4120 -prefMapHandle 4108 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe4f19a9-095c-4713-8fd9-a9d457140d30} 2260 "\\.\pipe\gecko-crash-server-pipe.2260" 4132 2919bbe8b58 tab
3⤵
PID:4720

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2260.5.1692386863\601728833" -childID 4 -isForBrowser -prefsHandle 5084 -prefMapHandle 5080 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a30dbd61-eb62-408e-9c94-46fb52fcd227} 2260 "\\.\pipe\gecko-crash-server-pipe.2260" 5132 29182f64758 tab
3⤵
PID:4908

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2260.6.1525653004\1907835027" -childID 5 -isForBrowser -prefsHandle 5272 -prefMapHandle 5276 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7f990c4-5c68-4b91-b3ad-6380b0049eaf} 2260 "\\.\pipe\gecko-crash-server-pipe.2260" 5264 2919ce70158 tab
3⤵
PID:3220

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2260.7.2095072724\699613127" -childID 6 -isForBrowser -prefsHandle 5464 -prefMapHandle 5468 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7180329d-066d-428a-93a4-5a2471f2aa6d} 2260 "\\.\pipe\gecko-crash-server-pipe.2260" 5456 2919ce71c58 tab
3⤵
PID:4500

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2260.8.392220881\631353867" -childID 7 -isForBrowser -prefsHandle 2988 -prefMapHandle 3156 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c671cc2-d436-47b7-b9d6-51dd4b56ecd3} 2260 "\\.\pipe\gecko-crash-server-pipe.2260" 1748 2919e1a0b58 tab
3⤵
PID:6112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2260.9.1006331675\2022022349" -childID 8 -isForBrowser -prefsHandle 6272 -prefMapHandle 6268 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4cf7364-e967-401e-91a1-76ea3666a021} 2260 "\\.\pipe\gecko-crash-server-pipe.2260" 6284 2919ee29858 tab
3⤵
PID:5112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2260.10.1478299738\246188328" -childID 9 -isForBrowser -prefsHandle 6408 -prefMapHandle 6412 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d62e5126-f6a0-4055-abc2-5f5a7ceeb2ff} 2260 "\\.\pipe\gecko-crash-server-pipe.2260" 6400 2919f028e58 tab
3⤵
PID:5324

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
624B

MD5
c03f25dd275becc1a10ed63346628f4e

SHA1
27a6decc2f24d7db390940daa0620bb243d41cb5

SHA256
014b9debbb096333484dde6964e6cb9f0c8507fba0c3dd502d23ca627de14ee0

SHA512
68de87097e4ab7d7cd309c1f3a68869c1f1acea7491585de70bd0c5077ada0bab8c4b07ef6dff0f563dda6896ceb76ee60b09952a9be97f00a30e4bad2019985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
b87973fd9caa20e09ed81932d779232b

SHA1
d1058897b21306890c073a186e8c1baf489edd35

SHA256
5e8a12ae350c7f5f24e4c78abbaef60404ca9ad9b770a87ec6953d918ddfcda0

SHA512
44f8c39801929dc7e93acf9f0bb5d5b28371088d04b2948f5ab870d30efda2d8e702c89df6fa50349558f9e50d6df68f4cab5383a56e7b1c53be2323f3c4bed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
55fb13dd8ee142e3ada5705f46978d93

SHA1
1555d3829543e544bf3de92c412b60a3239ebcea

SHA256
befa0ea9291e23b732815d6cf3651177ade18f67b950236704c5f5885a18ef57

SHA512
befbd89e6b843437878dde0ddce2e6a3b76613aeddf7fb0656812d18e9de6a01c022612e35ee7962594df42e88779aafb86b85ca9ef30cfa4ed621a02a8e96d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
988B

MD5
e859ee2fb2097183e7a8f5dd7e579305

SHA1
554a5970152c1045358b446a46980b11a639705c

SHA256
efae93a75b93316e85a939998822f2ee4ed2ddcdd558d0bb97d922593b5eea38

SHA512
55dd1c47fccfc2c118329e0c671b2cb8f30fa1ebd75bf6eb41c34f75a195c22b10fc1d000b2aaef0a8bd30f069cd229463eefe632aaaec2ff1419bec49f09af6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
11297c3becb117243fbb6979074d83ff

SHA1
97c3a0687dd93385190b523af2a8a9116e700b85

SHA256
10833bc352f743baa800ae736487c897fe4b75026454af08b77f2c9381fdaade

SHA512
2c64aaa85839efd1b526c881433ae806cdc1fcb726fb86826ad8c512f2b5e7518480007c6e6aee94dcddc0004d91df36decd2bbed24cb487adf00e1effbc89e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
4778b777342d3fd12d26b9d2cd2742f0

SHA1
69b8b274ce21e322f2a3bdbc5b96079d527a967b

SHA256
74ed87abd666f8de769a22f2de814e3add440238836126d2b214a991e4d2ca41

SHA512
5673dea383e53823a3bda255892e703cdc8cc17f86eaf2149a3b7cb5f7b3e3c5bc6a1a5bab051a4cb272a97a92fd53051e12faf262e9f18442ab015209a20778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
7f786fcfa07ad0b77ba1e730be6a720e

SHA1
2f7dc8158811980fec352ee37b648e1e01f64939

SHA256
12d8427ac3da8caa3a40d95afa0762cc34cdba7056fc5ecb6de3a8078ab14f01

SHA512
ee3577feb7a2197ba0e9cd2d7319c4b206eea63c105a9c8d9afca14a91e0540cf79cce2abaaddac74501c286aae90ea954648c8d2d52df46fe40df6907050a4b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\cache2\doomed\5234
Filesize
9KB

MD5
50ec64df85650329a863279bb2068519

SHA1
e7b586ab03f3c1f70b1ccefa4de30f531764e57a

SHA256
977354dd76ec579a3928fc38172a5155d21265fd59638782ac3b348e56507ca8

SHA512
b9b439afb9e78cd05d8ebc7a705ea8a2cd6ae9ece451ce20158c0d9a9dbf0ad5232b4488ec9ff33cc63083e7ca9cb15b53b85f42f45f6feff9340f7cbfd0e590

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\cache2\doomed\8766
Filesize
9KB

MD5
dcd5da70f98d4768c51682ed7829372e

SHA1
c88afcb2e1c2179744c38c3169081eeb7b4cbc01

SHA256
21f501a5933503b1e4c36806de8bddfe88ac05461b82b92a4c8d81f0e75e6ab7

SHA512
b69fb6b8ef7d21f7e024d2d5ea6f321bfacb0dab95ebd094d1a17465673dd945161dcb15ec7e25d00e065682158b1e7ad60f73fabaacb8c36e6a4de4d9c2d15c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
7833540919bc2338747085ef89045083

SHA1
3ba4bdcacc352729bfff358e680a5979a5028932

SHA256
8e0e3172c8ec234737fb4cbb34f9e8892ab39e8fc052e00a7353340fff9cba80

SHA512
af799f108a4aee9825b2ad31aa3172c6bd219d79895f60db4fc0995ad04b45adcfed50aa5791ab100e939f0b26f26c07d8ee7cc360a9326072a638ca25074e44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\datareporting\glean\pending_pings\54de545d-28af-4d80-a42b-716c4bb38478
Filesize
746B

MD5
13aa8c7e606ee8cece0511910f49d06b

SHA1
f7588536740713025d7149b5c7682c8d64d46be1

SHA256
6825551ad2a13fb798038f02e03f40a4aa95aae5b525d16280b07b88de0c7cb2

SHA512
e47cd8cc6e534710334af101f91511ab6e52d4f33e15a93b0f765d30eb10efd08afea913c54da43b3d9ec9d21781c674d1e519f3a42dc862ca8633601fb539d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\datareporting\glean\pending_pings\db7e6076-daab-4f94-b112-5c15f82a0b0a
Filesize
11KB

MD5
bcbd20e697db9eae405f0f42c58b06a4

SHA1
5c67b474768726cfe4ebcb0b0cf03ceefe6ec49d

SHA256
e989c0a5f7bcdc20d157b4ba395c3ae1d70bb4c0575e581b065f702e11d8f0cb

SHA512
c3eae76a4a91f7f07167e3f0fa344bec0c2d5ce189576a1f19d6c426668b50ecb5cbd16e10192c71b14bf90144a722bd7333d540e7695448c73244ec21c0a7d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs-1.js
Filesize
6KB

MD5
69b9f4bb674eeeed07ae41ff3fa8c5d0

SHA1
8c3e1980133760467d7e0f963204eab6b9cc99ce

SHA256
a18a203b94527dd0ac18e4f6d8c95d7a693315a8c430fd0970b901a70d5c08c1

SHA512
0f3b98a8899a911b15486ba8d4f7f1474208ed1a2b53a1707a5cb6e69e851f030b3f82374f964b7e109ec8a05cdf7b9e6b3f31600204799979228583de7900ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs-1.js
Filesize
6KB

MD5
52c50d4b9eed738eba42ff42ab5bd44c

SHA1
9a881d206c2886e2b16e35b60709b9c15c9513c1

SHA256
62d98d265509be0374015e5f61182185758a61027a3cd0ed6930588d220b17a1

SHA512
fef9d09e092244e83138b58d0bb80cb5df8c81a8d372333a1c896d5174de74b46f072f3830b78fec6e1cfb4bd9d51394666700982a5b83367113912dc24eacac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
f2856fc6e14b111b01e8326d6586ee1b

SHA1
e44ae7a49d9cced9579b7b2d30409d51ed4793c7

SHA256
a1108e7700612ac470fa216df77ec88d2dc6e6128ffa7defda9d7821f888eb1f

SHA512
75866adea83bfbb8c2334028ac0f5f907a42ad821c4f95ea2cdbf2d5d559956ab322e46cb2522c39c065565d15292cdde1bd69dc62c4f9681b6692f7b9601c73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
50ca3b253b6aabd1f3e24c6fc1fd43c1

SHA1
1791e19c51d4874d9df31b78d8a0e992c5e607e0

SHA256
170bfe9c36fbe54e055d0283c79657c356a819550ede8c4937bf00c1e4f03ab3

SHA512
c818ec741c91ecb74126ddd8d4aa7c905bec3f6ab06b85d4adf198e7cf1671d415f35cca42349df21246215c93a1bedc6b0c594597486de72652349f5689cdd8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
63a89d18f6f29e009bd79cb0695a5ec1

SHA1
9ffd2bbc0336c6e4f32868c895811d76fa083972

SHA256
0955825cc90ef5b20c8a67b968727867d2d8630a53ec0bcdfd12d5c0390b4ab9

SHA512
9b4dd31ef29ba2edbedaeacb6e4056d8f637fc6f9c2009df560b2f0237b36224603310d0dabbbdac6fc97da2b975599d5a591d1be89caf69b50de69de5ef7d0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
e0add697ffbe1d4f24a271c6be8ef0e0

SHA1
7cf4abc259990a0e72cd89e61b2b4b081226c315

SHA256
ede6be184b4c6fcf395e14e8bf13947151e4cd7057ebec59a605e665cff2788b

SHA512
446fec7d670f2da3672dc3eda8379ae1e5294f5bee01c5c6c9be7258edb9f9b49cb54e900e0cc4ffbb717e144705ae4f7d0f66dc056440f1c4c4f128ef9b3340

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
969f69a6ed96590e9b5069858f0836cb

SHA1
49fd27de55ce5ece4abf6ef8d9167ed6e1ee3289

SHA256
aa19ac52b902cbc643432c42efff614e4c41beee5858e3044079f4ef87627a1c

SHA512
494f73f9a91b95064f432c837b2818569f88fc99b4a705eb7cd91ed4649a5cc72106c0dbc64b2fd07061c31c5fedeb9ad49b4c841678785e855335d233cf319c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
8e8d559069e1a80b7f32dc656154156a

SHA1
2e63c2408cfe85101de9381ac3c82bf36c58eefe

SHA256
723fe1839e4323b69714a39a5eebbe076f45f1de2d844267f90673c6a886b5d0

SHA512
716451167e9f117c11376c2d085702c6d0dbd4e119e51e363342bb96365cc31bafb1c613f699e4afdec67fe4076783183209df1f733f7d67c3ac70b0656d420c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
5KB

MD5
656058df1eada4b2725c1a62dabe68ee

SHA1
031794b24fb020129656afd21af5fde06edc794c

SHA256
32a7d15661ba8dcbbe85239cb5c8ff0d0c0de0d5f8ef5d05273e6b8b38e4ff1c

SHA512
df261e8e992cafe773b3bb6897bbbf9265a08bcfdabfa69c02ff1061d18007ebd1cb29f8b63d98aeb00a78daa5fb988a5fd0d454c43e08ba468c079847efd766

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
8KB

MD5
a5757cff0c7147492ec568cb4801e99e

SHA1
8a4426d097b3533b37e3b2be67001fa64bcfb25c

SHA256
d1e55f201edc4529971553627230f506bc8ba2f3f71eb8893229e5cc810e41df

SHA512
86870f7c152c141b585be82303b0dba30960dd3601f25daa24de72eb036a9bbf044fd95ac5f16892d321f4422cf33152198fc0f186f5113b3ede953ded90cc9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\storage\default\https+++www.skycheats.com\cache\morgue\47\{6cd60915-62b1-42d0-a242-ca91052d672f}.final
Filesize
4KB

MD5
a0427aeb128d6d1b9800e3737475e2b8

SHA1
5188ecd07f40140d82b777e3869cb956f8ce96a3

SHA256
9ad78392f2ab1ba6e0c957a5964b3d78ab80e6f5c1adc6e039ced1ce8199694a

SHA512
46cf32666a46ad3d76ee5cd9349c166b40895e03b66cff26dcfc51c2615cb87827d60ebbdd77d4ccd07585b4f7955fc8d8e0d51996a273edeb63c5ecdf32bef8

Download Submit
\??\pipe\LOCAL\crashpad_5312_YSONNCOLXCLMEMNC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit