hxxps://playvalorant[.]com/fr-fr/platform-selection/?gad_source=5&gclid=EAIaIQobChMIit_UrojriQMV3qloCR2tqQhgEAAYASAAEgKtz_D_BwE&gclsrc=aw[.]ds

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 14:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://playvalorant.com/fr-fr/platform-selection/?gad_source=5&gclid=EAIaIQobChMIit_UrojriQMV3qloCR2tqQhgEAAYASAAEgKtz_D_BwE&gclsrc=aw.ds

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 848960.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2004	msedge.exe
2004	msedge.exe
4108	msedge.exe
4108	msedge.exe
5112	identity_helper.exe
5112	identity_helper.exe
5496	msedge.exe
5496	msedge.exe
5496	msedge.exe
5496	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4108 wrote to memory of 4916	4108	msedge.exe	84
PID 4108 wrote to memory of 4916	4108	msedge.exe	84
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2904	4108	msedge.exe	85
PID 4108 wrote to memory of 2004	4108	msedge.exe	86
PID 4108 wrote to memory of 2004	4108	msedge.exe	86
PID 4108 wrote to memory of 708	4108	msedge.exe	87
PID 4108 wrote to memory of 708	4108	msedge.exe	87
PID 4108 wrote to memory of 708	4108	msedge.exe	87
PID 4108 wrote to memory of 708	4108	msedge.exe	87
PID 4108 wrote to memory of 708	4108	msedge.exe	87
PID 4108 wrote to memory of 708	4108	msedge.exe	87
PID 4108 wrote to memory of 708	4108	msedge.exe	87
PID 4108 wrote to memory of 708	4108	msedge.exe	87
PID 4108 wrote to memory of 708	4108	msedge.exe	87
PID 4108 wrote to memory of 708	4108	msedge.exe	87
PID 4108 wrote to memory of 708	4108	msedge.exe	87
PID 4108 wrote to memory of 708	4108	msedge.exe	87
PID 4108 wrote to memory of 708	4108	msedge.exe	87
PID 4108 wrote to memory of 708	4108	msedge.exe	87
PID 4108 wrote to memory of 708	4108	msedge.exe	87
PID 4108 wrote to memory of 708	4108	msedge.exe	87
PID 4108 wrote to memory of 708	4108	msedge.exe	87
PID 4108 wrote to memory of 708	4108	msedge.exe	87
PID 4108 wrote to memory of 708	4108	msedge.exe	87
PID 4108 wrote to memory of 708	4108	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://playvalorant.com/fr-fr/platform-selection/?gad_source=5&gclid=EAIaIQobChMIit_UrojriQMV3qloCR2tqQhgEAAYASAAEgKtz_D_BwE&gclsrc=aw.ds
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe649f46f8,0x7ffe649f4708,0x7ffe649f4718
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6660 /prefetch:8
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1152 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9458744116736676395,1465837322879453220,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4000

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x480 0x38c
1⤵
PID:1420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
1d2fd2d9a4fd90c86b810e5fd12a8cca

SHA1
e3a11d2cbc8929c4731a29e4fe5c94353e99bbe2

SHA256
f20825193977bd15166bf1983e0aa4e4df63e000eea766c865a9082b6c91d665

SHA512
5cc3ac11e00f96df3e260d10e3ec24305c7899429981d8b60a1a2e7db3202fd881e57d003909450c3943e00d012af2045c8828e51e05311feb01cae0a960e9a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0de49a5e167e5176524b28fba70db014

SHA1
ca201e4979ee477cd2f786c5d43bd2bbf3ed239b

SHA256
5e50b07fe73539cbe1a68028d5ac321bf4cc964399acd748f00bc22a8aa0699c

SHA512
1f1550187408fd86238a0d6ad720be090ee087c8ecdcaf7a86c985a27ea5c468ae2c23e013f2cd262f08fb32917d212f82bcb68566bdc3aece77c432c3375348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c9417b29268924899739a8db29be6f18

SHA1
3d01e6fb83c7b2e06ab15bcb74c1468e08eaa1e6

SHA256
39ab4453ff58f8db1dd1eff50b7c084da0fb4a1eb1053ae57cdb4e63057dc77d

SHA512
cf61c99e3a81826ef0136ed00604ceae7ce06654afacb2c4e0b6d8332b3611b3f1368157a31878212f34eacd0bdc5d0b291fa8d9dce120c65c24ab869b996752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
557bba8fff539dec7168110cd0032123

SHA1
b04e8bd67aab55457bfc8757711066065ae9df5d

SHA256
e614378c56842494ab4330700b9856f3a6037bdb81936a459f2ea2249b292f62

SHA512
f7941902616c1e2d9bbb7b6bfc34965f450d10add258973046b1c93e91e1052bfe119dfecd9c17798fb692994fba5edc84e3a4220ff5e45f0d76308f260a05ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
afde29aea43e9a83818a7022b3ab3b19

SHA1
3ca4dfd2021378f253a9107ab38a4a494a29455d

SHA256
94925fcd8c7781b76be96461b75a29dffcca0b79b46a1055e3b4dfdaaec9a2b1

SHA512
c4d7f33101b9ea69404a9f5bcd7aec93277d868df19fece14ffea6f08497f618bbe06a19e4aca63a1b8d44a6e22a39d5364e888bc84dce498c62f1dda03a8550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5c247ebe0071e55e7ce97cad79566326

SHA1
0e08b45e3305b4b2a484b66edf5a09bba4fc7744

SHA256
e27eba8119bbd36b3db03ddd96b57c98199867a60dc2da8787869fb0d6bb90db

SHA512
1e5a672bfef45e9ad0b5514600869c902b3bc9ef95a6a90133477eccef3efa2eeb7ec5565c027f5fd7a5986aa7f85ab00defc84141a0acbc1e863a7e6a8a93c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d0bc26c96079133dd528a9ed99129255

SHA1
cfa6d6dd37723d715b9d5f023009f72111c2b0c6

SHA256
3f8c3894c7581de6d1e283d88a567cd1fa832501d66d003f81cc66945c5bd8ea

SHA512
83e664fb462dc5e1c84625e5eef584d6ff443700c6fa3993369e4705b354ec74bed63f4e019a655996cfa6bde35b9e833a5b3b4773de91e1d7c9743df3bfbc24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582546.TMP

Filesize
48B

MD5
6ffc83c822b7ba7739937365484bfb84

SHA1
82cbb5f1e086eead46a88a734ae6576822863bbd

SHA256
8b2cc61ce8ecbcb6aa24a9d567d0258ecf23c07743003529ee675764d7e37cb6

SHA512
1d5cecf4a1f872b138f064f4ae9fdab91f6b385bbcb0ad6d9b534f90437872f74e7a4453bf818cdd1e379dac69714cf0d0708ef14b3dea570a8052444864ee94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
41f8ba8fdebf55c2d713410cdcf7310c

SHA1
13b8af7f73c7099f5013bebbded5977aa8a47260

SHA256
fce41b462ab523e21666e4c1fb6aac66fea607427af8b569a48d5bda0ef2f5a5

SHA512
f7071cdf90927e99c72351e3d27b8c16b882886702cec777e61cfc71e79dc041abf3a8593af7727e754454a0bc7d2af01723ec4d9751152f26e3dd200a3c094f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b31d506de8f6f373c1a5f2726372b06b

SHA1
034b66e987debe6fa18b5610a045dfeb64e43b6c

SHA256
6b9ae2c30ee040bddca3da5c4d757f4662f274b5ae91317814ec33c0692d296f

SHA512
9ab8b7a2c237be644c2e2cf5b7ca703bd5be5415961207227fdfc7d6a7b87ada6564bbc9a3f563f43993f75e7810653f95ff5454738829fb1af9f2f7188cbe89

Download Submit