hxxps://pt-moder[.]itch[.]io/pizzatower

Analysis

max time kernel
62s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24-04-2024 02:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pt-moder.itch.io/pizzatower

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
968	msedge.exe
968	msedge.exe
3636	identity_helper.exe
3636	identity_helper.exe
5872	msedge.exe
5872	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5292	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5292	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5984	PizzaTower.exe
5984	PizzaTower.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 2224	968	msedge.exe	86
PID 968 wrote to memory of 2224	968	msedge.exe	86
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 1520	968	msedge.exe	87
PID 968 wrote to memory of 4988	968	msedge.exe	88
PID 968 wrote to memory of 4988	968	msedge.exe	88
PID 968 wrote to memory of 804	968	msedge.exe	89
PID 968 wrote to memory of 804	968	msedge.exe	89
PID 968 wrote to memory of 804	968	msedge.exe	89
PID 968 wrote to memory of 804	968	msedge.exe	89
PID 968 wrote to memory of 804	968	msedge.exe	89
PID 968 wrote to memory of 804	968	msedge.exe	89
PID 968 wrote to memory of 804	968	msedge.exe	89
PID 968 wrote to memory of 804	968	msedge.exe	89
PID 968 wrote to memory of 804	968	msedge.exe	89
PID 968 wrote to memory of 804	968	msedge.exe	89
PID 968 wrote to memory of 804	968	msedge.exe	89
PID 968 wrote to memory of 804	968	msedge.exe	89
PID 968 wrote to memory of 804	968	msedge.exe	89
PID 968 wrote to memory of 804	968	msedge.exe	89
PID 968 wrote to memory of 804	968	msedge.exe	89
PID 968 wrote to memory of 804	968	msedge.exe	89
PID 968 wrote to memory of 804	968	msedge.exe	89
PID 968 wrote to memory of 804	968	msedge.exe	89
PID 968 wrote to memory of 804	968	msedge.exe	89
PID 968 wrote to memory of 804	968	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pt-moder.itch.io/pizzatower
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8ef546f8,0x7fff8ef54708,0x7fff8ef54718
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4455585831156120934,479789791084159472,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,4455585831156120934,479789791084159472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,4455585831156120934,479789791084159472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4455585831156120934,479789791084159472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4455585831156120934,479789791084159472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,4455585831156120934,479789791084159472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,4455585831156120934,479789791084159472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4455585831156120934,479789791084159472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,4455585831156120934,479789791084159472,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4455585831156120934,479789791084159472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4455585831156120934,479789791084159472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4455585831156120934,479789791084159472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4455585831156120934,479789791084159472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4455585831156120934,479789791084159472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4455585831156120934,479789791084159472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,4455585831156120934,479789791084159472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4455585831156120934,479789791084159472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:6000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4296

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5264

C:\Users\Admin\Downloads\Pizza.Tower.Gamdie.com\Pizza Tower\PizzaTower.exe
"C:\Users\Admin\Downloads\Pizza.Tower.Gamdie.com\Pizza Tower\PizzaTower.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5984

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x508
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e36b219dcae7d32ec82cec3245512f80

SHA1
6b2bd46e4f6628d66f7ec4b5c399b8c9115a9466

SHA256
16bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b

SHA512
fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
559ff144c30d6a7102ec298fb7c261c4

SHA1
badecb08f9a6c849ce5b30c348156b45ac9120b9

SHA256
5444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10

SHA512
3a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
022b167b507336a30a4fa0f69a8b4138

SHA1
c56e6b49bb510400ee23238e3fcc61cf867cf406

SHA256
a3aab7970a604e5db647d03de7e2f0cb27b8b594986562fcaea2013bbe57a788

SHA512
8f749cf11160fe2337c681afcb61e2ce70f7a2e763804b185adf9b17baaeea9e38711537eaab5621cfbe141980884e55b94560fd58d083ecc156cec48d50edb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ea17089a4fe47f72ead2dcc2b3b987e

SHA1
a6e0d9536fa7942c5691539c982c197f31fc15a3

SHA256
fb6faa52ec737a99615eba75ced62de8af8f79bc019509113aabfaff011bfaf4

SHA512
3e26c9d994590f23368a29c3481bb86f01d1d0b71d37ffd44d69cd51d853c2b572bd71deda570515df13f89631d0581d11c6e7db52cf1648ba373b5e1d8b4e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3ac7914f2c8a39185d522c8fb2988251

SHA1
ad5a73712b9115ea6083391b5907229b6912d69c

SHA256
07b76954af0f305a62a64b6734ce9caa23a85bd6235e4047c5d4fc748ceb5f2f

SHA512
3974884fe0d6e9d4cb820a7c22c9c0751f6b36a126e298a6d80ec2bf1538edb7eeab69835adb98274a148dede1c69a0fa94c9093c44d7bf763c81d12b063be2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
036f6a1aa7d3784f4c91dc37598581d8

SHA1
4b7ee6cff87a9bb180007954f5ddf9a1accdbda5

SHA256
32df3755cd4f7f706ccb68baec08d787854ebbc248486a912b4cce39a3475b30

SHA512
e3a048aabb4746ee562e11bdd2360cc001454e31337ae3be02f93c086b85f8cb3f6cc70295cf84413ca2ce12c4ae2253c4108f2629156e7d9409e51cc90d4b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
00e5d1420b10b2da1b6d5faac0b047a1

SHA1
f96d031b1751ddf04c46529b77c9ea1318d4b4e6

SHA256
64ae9c9a863b302253f4f7398bfd5c2a43e6eb31c2783dd73c6ca770919c1bfd

SHA512
c285680c346453cfefcd9ae471468aec44bfe27230b1adc4b4527fb1983f0bedc9e7df6192c2cd0aed6e1fdb3cccac674daa517543ab53013ab309204419c856

Download Submit
C:\Users\Admin\Downloads\Pizza.Tower.Gamdie.com.zip

Filesize
238.1MB

MD5
00b66ad26a4dcdb7aeb74e83927c0978

SHA1
68d9a03190fb9525918cd1d48cbea88fe28a49f1

SHA256
f25ab70f18331a3e9919f586969aade83b34a3a57f4dfa576579b33faa346abd

SHA512
78552b2111c82eaeaea204b727c00b382d15957d28f9cd3f6310362258b96085efc4ef07bac7c40b5678095e59d763b5b21994226b2400ec39fe9c18f2e3a2d1

Download Submit