redline | hxxps://github[.]com/swapperv2/Valorant-hacks

Analysis

max time kernel
62s
max time network
67s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-01-2025 07:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/swapperv2/Valorant-hacks

Score

10^/10

redline discovery infostealer

Malware Config

Extracted

Family

redline

185.215.113.69:15544

Attributes

auth_value
d1d6905d7142cf8913345c5b7f188331

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/99264-264-0x0000000000400000-0x0000000000420000-memory.dmp	family_redline

Redline family
redline

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
57	raw.githubusercontent.com
58	raw.githubusercontent.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2824 set thread context of 99264	2824	hack.exe	117

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AppLaunch.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hack.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4084	msedge.exe
4084	msedge.exe
224	msedge.exe
224	msedge.exe
4432	identity_helper.exe
4432	identity_helper.exe
116	msedge.exe
116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 2060	224	msedge.exe	82
PID 224 wrote to memory of 2060	224	msedge.exe	82
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4052	224	msedge.exe	83
PID 224 wrote to memory of 4084	224	msedge.exe	84
PID 224 wrote to memory of 4084	224	msedge.exe	84
PID 224 wrote to memory of 2776	224	msedge.exe	85
PID 224 wrote to memory of 2776	224	msedge.exe	85
PID 224 wrote to memory of 2776	224	msedge.exe	85
PID 224 wrote to memory of 2776	224	msedge.exe	85
PID 224 wrote to memory of 2776	224	msedge.exe	85
PID 224 wrote to memory of 2776	224	msedge.exe	85
PID 224 wrote to memory of 2776	224	msedge.exe	85
PID 224 wrote to memory of 2776	224	msedge.exe	85
PID 224 wrote to memory of 2776	224	msedge.exe	85
PID 224 wrote to memory of 2776	224	msedge.exe	85
PID 224 wrote to memory of 2776	224	msedge.exe	85
PID 224 wrote to memory of 2776	224	msedge.exe	85
PID 224 wrote to memory of 2776	224	msedge.exe	85
PID 224 wrote to memory of 2776	224	msedge.exe	85
PID 224 wrote to memory of 2776	224	msedge.exe	85
PID 224 wrote to memory of 2776	224	msedge.exe	85
PID 224 wrote to memory of 2776	224	msedge.exe	85
PID 224 wrote to memory of 2776	224	msedge.exe	85
PID 224 wrote to memory of 2776	224	msedge.exe	85
PID 224 wrote to memory of 2776	224	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/swapperv2/Valorant-hacks
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec9a246f8,0x7ffec9a24708,0x7ffec9a24718
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7688526196079182395,2197765433307477245,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,7688526196079182395,2197765433307477245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,7688526196079182395,2197765433307477245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7688526196079182395,2197765433307477245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7688526196079182395,2197765433307477245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7688526196079182395,2197765433307477245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4184 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7688526196079182395,2197765433307477245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7688526196079182395,2197765433307477245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7688526196079182395,2197765433307477245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7688526196079182395,2197765433307477245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7688526196079182395,2197765433307477245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,7688526196079182395,2197765433307477245,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7688526196079182395,2197765433307477245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,7688526196079182395,2197765433307477245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3376

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3836

C:\Users\Admin\Downloads\hack valorant\hack valorant\hack.exe
"C:\Users\Admin\Downloads\hack valorant\hack valorant\hack.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2824
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:99264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0c6763e526e66450db50e0f7f9e9f02f

SHA1
ce4b1967607c6be60bc28c9160fa6c96d63606d3

SHA256
91f3bf1420f960a7bfa016970b1779839be5105d770157402861106e16a2d7ce

SHA512
dc51ea6bde58d567e6f63daef6009c0cbf8828675da5e712c588b68813d21e036e7f4c4b54e6b4ad931082148cdd64cc72b24fdcb1447d6708b2a2fd36efee8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39e1a278dc9d81ff542a2c891548a74d

SHA1
317585ff26d19ef42e97107728b68cdfd7901600

SHA256
4b477dca63577ca4b147451fc4ea3f6ab75d49d6855eb928b3b399515f9d3c5e

SHA512
227e84e7a35813955435b81a5c16371d49ab8dae62c21cd197dc9575b9f4c86c8d17080e2d6e6b9a77e64097e0f0e1d548b6a332425e3d9eae98f973089788cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc911c10e06e90984023b9d380bec1cf

SHA1
b20801e790d74823729f9672863bb10eac7489b3

SHA256
7eb0a30541608ae9f58b0be6a63c36bc72a13f17f267b2d6a7bfb1f972b8bde5

SHA512
d6c5ce53b87e8b034ac7500583855d5f239930c82feefdeae8935f52995faa2ed8da7264776e9e236b24e7810832f8cc07d582a9d54e8ed7918fde1c78717cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a57bff64b581fe1918ad53a288483081

SHA1
44077c3ff8252745ba92846fee2875a5893c143f

SHA256
66513509f391b31ef122f9549530ea2c094f8f7cad4796314c2fd0835abc1f0e

SHA512
c1336a5cc2a328e45314122029d531bd39b0cc976c0a8a665db42a2d6fffaa1045043b0bbde92de4ead3b2ed04a8a8968c3870f95fd82be70839d1ffab1d0444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
65397b98c50320ecce5816d5bd0397a1

SHA1
f04ca6883a8f8cb545a2cfbec3c2cb805e914414

SHA256
16c2c3f601fc7eba8cb980da8c5bfae88a36bc375deea39ddb9738d0e8929a4f

SHA512
8686a81a2dec4c01e154a9cfeebd120b0c029950746ece8c4c57b4ed1c2dc0d95daf3b563f09d5fe8f28e9d74820687025a0750d35b9ae391cd73099b53eaf7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5831b9.TMP

Filesize
874B

MD5
ff2caf71dc6c9c91ab173cd5db23dc34

SHA1
103c19caa22e92e888a88466773286cb008e4412

SHA256
c8780d957d3d0160df662d7aa519063e35ec882829302fd2e64d850c8aa028a8

SHA512
e5a0a78fe457c4a1f8bc9d76381bb0801e64feadf1056553b5089029b17ca55cd4cf58108fc641de0d941de443f765bfa62fbf32acfb0124369d005444b5d7c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0a8ab1196f0efa65e2c363ea7f5f4313

SHA1
2434b60ba7860eaa7681ce0d34f889efd2c7255b

SHA256
064189d85bb9cced69bf320dda4334de44f5804c055013bd047282575f1a565d

SHA512
fe0e174ac05ea98d5608da5c7d5638fd9b4eebfb3f2d9cd23c71e4b338be887fdcd1da5733270cc4ca217e180a110b40cc37a1cf41c9b37fabfd54234cca94a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
02b4e0e3bba1cb3b7237b97b7d6184bb

SHA1
3b739d8cea14307f79f83e1ec61e368acd8b9012

SHA256
383ac3d8370f30cff1fc01af34135389d106ce62d02d7cb239047a5b0fd9ea61

SHA512
6369771204b6078b55697ec4d0007c35df84799d501050abc75afdb9878b88fff551ba535a6a48eb950eb9523f51558710e57e6bdef07ffc6bfa3add02de442c

Download Submit
C:\Users\Admin\Downloads\hack valorant.zip

Filesize
1.1MB

MD5
29e93eda5bd8c3ba4b7c613dea9a9145

SHA1
8eeb8407bec038bd02582b527b2a5ce5f492ed96

SHA256
5be63b99d86b22a8e29bd3b4dfc61e73b0e65bf5860d776cdc7e35ad5036fbc3

SHA512
e558c79990da008028a37b431ec69f8d7d6934d03e9acf687ae33dfcc0bd71ac7db5a45ff9052fc959e3943b408e9611f80646b96f81db1a8e9eb145995641ef

Download Submit
memory/2824-269-0x0000000000400000-0x0000000000594000-memory.dmp

Filesize
1.6MB

Download
memory/99264-264-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/99264-272-0x00000000056D0000-0x0000000005CE8000-memory.dmp

Filesize
6.1MB

Download
memory/99264-273-0x0000000005140000-0x0000000005152000-memory.dmp

Filesize
72KB

Download
memory/99264-279-0x0000000005270000-0x000000000537A000-memory.dmp

Filesize
1.0MB

Download
memory/99264-280-0x00000000051A0000-0x00000000051DC000-memory.dmp

Filesize
240KB

Download
memory/99264-281-0x00000000051E0000-0x000000000522C000-memory.dmp

Filesize
304KB

Download