hxxp://valorant76[.]com

Analysis

max time kernel
153s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2024 22:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://valorant76.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1168	msedge.exe
1168	msedge.exe
4368	msedge.exe
4368	msedge.exe
2520	identity_helper.exe
2520	identity_helper.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4368 wrote to memory of 1348	4368	msedge.exe	84
PID 4368 wrote to memory of 1348	4368	msedge.exe	84
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 2516	4368	msedge.exe	87
PID 4368 wrote to memory of 1168	4368	msedge.exe	85
PID 4368 wrote to memory of 1168	4368	msedge.exe	85
PID 4368 wrote to memory of 2088	4368	msedge.exe	86
PID 4368 wrote to memory of 2088	4368	msedge.exe	86
PID 4368 wrote to memory of 2088	4368	msedge.exe	86
PID 4368 wrote to memory of 2088	4368	msedge.exe	86
PID 4368 wrote to memory of 2088	4368	msedge.exe	86
PID 4368 wrote to memory of 2088	4368	msedge.exe	86
PID 4368 wrote to memory of 2088	4368	msedge.exe	86
PID 4368 wrote to memory of 2088	4368	msedge.exe	86
PID 4368 wrote to memory of 2088	4368	msedge.exe	86
PID 4368 wrote to memory of 2088	4368	msedge.exe	86
PID 4368 wrote to memory of 2088	4368	msedge.exe	86
PID 4368 wrote to memory of 2088	4368	msedge.exe	86
PID 4368 wrote to memory of 2088	4368	msedge.exe	86
PID 4368 wrote to memory of 2088	4368	msedge.exe	86
PID 4368 wrote to memory of 2088	4368	msedge.exe	86
PID 4368 wrote to memory of 2088	4368	msedge.exe	86
PID 4368 wrote to memory of 2088	4368	msedge.exe	86
PID 4368 wrote to memory of 2088	4368	msedge.exe	86
PID 4368 wrote to memory of 2088	4368	msedge.exe	86
PID 4368 wrote to memory of 2088	4368	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://valorant76.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff199a46f8,0x7fff199a4708,0x7fff199a4718
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,5857817060051436798,4576795837035945359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,5857817060051436798,4576795837035945359,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5857817060051436798,4576795837035945359,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5857817060051436798,4576795837035945359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5857817060051436798,4576795837035945359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5857817060051436798,4576795837035945359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5857817060051436798,4576795837035945359,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5857817060051436798,4576795837035945359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,5857817060051436798,4576795837035945359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,5857817060051436798,4576795837035945359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5857817060051436798,4576795837035945359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5857817060051436798,4576795837035945359,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5857817060051436798,4576795837035945359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5857817060051436798,4576795837035945359,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5128 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91746379e314b064719e43e3422d0388

SHA1
65f1a2b5a93922d589142a6edf99b5b35d986dba

SHA256
0b3cf8ae20afd84c9bf06546e876c84922cb5800526df72a628479f4d5487df7

SHA512
a783d8d9613cf92020fc36fd27d384dbd4e105a1ebd02c4507bf7263e61ff5b377e6d1734b066700782fa64bcbeb11af31ac3972d404625cbdb587cfa3bc0808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ccf8b7b618672b2da2775b890d06c7af

SHA1
83717bc0ff28b8775a1360ef02882be22e4a5263

SHA256
ef08e2971a9ba903c9b91412275b39aabfd6d4aa5c46ade37d74ff86f0285420

SHA512
eb550889db8c4c0e7d79b2bd85c7d0e61b696df10ce3d76c48ab21b935c7ecc7b12403a00d6570e7d8e4121f72747242c2358f8f0823f804e704bd44ed603b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
106KB

MD5
b01676f57d0f8e6a613232835fb0e6e2

SHA1
427940768d12d841e7ea2e23e1221e4252c987bf

SHA256
052455f750901663f45c62be385d6a5d82e779ddd28b846090ebd85aceb7cf3e

SHA512
5be6d576480ca48ba4879065e413e6f7a54d3dd23b6af0a609486dd317c20d3571102f1bb3ec265f407b35f11670ccc927b745e8d8d698535e405253e9923500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
74KB

MD5
cc764a67bb2fc7bf9e28888199ef2af4

SHA1
05753340214f31cd68beda13cb1e0e271c086b85

SHA256
7b3e586d9348a81db7a735810d28a1112764683878e805db429868c4b1af402c

SHA512
3e1db1c4d1cf42b59c384d094402596cb2c12f2e0d0ddd89ec01070a811a591871dce264dc9a2562913c6c35be82d12d49f8d3bbfb078f11ec13916a4ac31006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
528c03fc6b213b1b491c58bc831a7836

SHA1
047d80e22b761f77b2adc45bb2198b12f2daeb9c

SHA256
51a0691ba6aeaea5532bbde3629a1aebc8707347a6c23f9c9f5e360cdd7957ed

SHA512
118f52f80744b9d254948c8e93a4b0d311de6f7fe5e3f6ce3446500d376a61f2aee74076fa5c6b59c1847d65818c88425f626b068763a20d55a12bbec92d0175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
27ce045ac92a6c7449a382d97d4460ed

SHA1
3ba5bb43dfeca6e9c69bdb97ab834ee2be9f9e0d

SHA256
a55f08ed95253e71d08098773f6a8d28368dae35be245be7c527c293db27f86e

SHA512
63212413634a1f2976dc3d5d257a3a009789465f4863fc584dfddb62b20ce31efd15739e2b6884e40b2c3f76bfc010df9fb3b2c6b50e4e85072741e3895b66c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7256e57386beb39bd97bbf016d90dcef

SHA1
e9919af8368e8530684fe0837a8e9dfcf7523339

SHA256
4f3b40fb938fbd27562ab9daeae1554b42fb9bf2ac7e23e09b34ad5b7195c710

SHA512
1373cc9c7292bbe2be15e2c8255b8fb103b2c89847479409799376f91944c7d807147e0809cbdde89e791503ed78e30af376be7f437d908f255627b2de219afb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
11d63a4cacaa040f34a896543b739bf4

SHA1
a7edb24669317c0d2f58d95a66078276f01d8ef5

SHA256
8b4621e146f513d04f23f422b56d8d01ab8feea96ac5c2a9d43e692e7f2a991d

SHA512
0124b982975ff81f61bed2ec1a59ac1264d805865bdea8e100de2f051169a05a0dcf3cf3a83a855d413f87fdeabffda38deb67c0c629152dd6fbc43a0c28d155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c8c7105662a675b05d3cbe0c90b5b104

SHA1
d91f17fe52ba1bba33c7ba173c49c716019ab151

SHA256
a6fb1967ddfc3c69c197e53c483ba33ac7ebb635ab96648dc7c9c58ae4d4a543

SHA512
8554524cf2a6541506327e18a6a2b358e3e5c5fa529832a458069d43147c7d4c00dbbabe92ed80ef1b51f8e0ec36821b631b431521730c96ef354ca1c01b1b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c47843e6c678895775c0d6621300545b

SHA1
cead36e7428c787a4bdfde74ee7c116472dba370

SHA256
124eb739de8874946b424474f833b51547cdd4b726be11bf64d00064f712fb50

SHA512
8034b6c193e43fd54e075a77f61b8f68b048c60fe1d64b4ede2f5a2e734d6bc89c2eb7c849ac70075e716ea9a74089829b4f555e437d6a1d176d746dd4fd8f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52e5251340a564e8c1b01e68f6b2fe5f

SHA1
4ca1780657e310a04ac163f1ec1f32f8fbc304ff

SHA256
4661615405469ae68bcbdd917ff13383af23179d2cd16bbee72b4a45f977fc47

SHA512
ccce9b3644588de8a7c514efd00590702eef045a363460221235405d744cae3a97faf43adb924cacccdaff1bc6bd3460915e15ccec812010f3f9f2499c75a076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6f783c59abb3910835d6640304d06c15

SHA1
1e5120684da8f931e1441d74f20d84e5a0b03f2e

SHA256
e65efea9a33f3820eb5bb734db8aec6ed408435198c9e1bc1f52b37a661580a6

SHA512
30938dcb5f3767d4ba7496df50ba624e86017990dfba34cd49ff5a18081d0b39d76b01a6d8c86f7c556f777b8e1775fe71bb64573fc3030b7ff73ccbe416f3ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
514b9167cf59348a40842d1922d70e1a

SHA1
2c880ddf34b77c36d07db690c212aafbdb35a867

SHA256
38741955edaf3f0f531172fc815db01dc654abb7d7454a5e9aa7907cf2871e4f

SHA512
0bd7780b5a59dd15ca68bdcd803919ff3a96d977c1c3e91d51d2c5ba65ae1a1e93ae36ec9a088aa44896eaaa6a57ffd4cf077faa92e12ae900a7d0323cd15636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
74f6ed6546c5f99222184fdb655e1fc2

SHA1
3eb45cfeb75a5534b78395c348563adb383df852

SHA256
6326ec420d8cc69c5a72f1be6cce4c8186b8cb4c8e3ca0fef614efaa600603cb

SHA512
9ebaf45311df43802df0acf542872e5f82ab50f339c3a97c8bfbb23a5e64621791be9b8cf2705e05f7dd92ff9333430ee3cb279d5362729ed80c183750c3e647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
bea69948f40c87db41961c0ff81314ab

SHA1
fa82d2a0fb5849b8dd78facd1772c8f51e832d3b

SHA256
f1e0480b7a08129f2406c4ffd6d6629e08a13564f62878fd280c1a4786f8d602

SHA512
69e5ba2951c288d6a27b0d7d71522d24698f2e8af5a41b718a582cff3bb9021363637fd8bcb23814810d3e9ea34c4946e940831ce6216bbb0c9828e461823215

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58337f.TMP

Filesize
708B

MD5
38a81eb3707b69202744e9b790745f5b

SHA1
6a2befcfa0053b5a0e780921e5e7d876d943dc2d

SHA256
88200faf1aed3f645367adb788550a1fa184806c5d3f9c74deb631cb59423738

SHA512
d1174868ffd313cc97a90e8c69b0b516bf879f171c2cf63c56059df6b1bebe69f27ba05b372094a1e6333bd55fbff6b69879539e76ce03dc4992e2e202a6c709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2b7561fc548ace29357bd819b060a7e4

SHA1
e650fabc2a0b7c355ea23d98a1ec05b1475af116

SHA256
b02dfd2d297451e5b4d9a45bdaf2968de272bf61c88628acb07f6857cf890cb7

SHA512
5514f52e42181d17c334fb9d9f4661f0f831e47f66e5a8370e350cbd7a6c135612016fa9801cb8ddf3fa2f9a5e1ba4d1dd2d68d23c89c1aad795c0d1d10d40d0

Download Submit