d80f9618ef8369e54986f2abf564e5eeccf961d3ddaca515622412b1e4648d4c

Resubmissions

20-04-2024 17:13

240420-vrrwwadh2z 10

12-03-2024 21:36

10-03-2024 04:41

10-03-2024 04:40

10-03-2024 04:38

09-03-2024 07:38

Analysis

max time kernel
57s
max time network
58s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
09-03-2024 07:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Reaper/Reaper/Bin/FpsUnlocker.exe
Size

488KB
MD5

52f46ced3b06b19eac3369fbdb4ee2ee
SHA1

1bc549fa770b1bf3925248a3853a87af9948381f
SHA256

d0685e397486bd9f54eda33133e87e3970dedf5038ef0e4d058de34d796d72ac
SHA512

d65a7f73a497e18d0123306c3e940cdd5b22f61ad88fcd9a334c95bab0db665a8e61d11c9c78a656cbfdd7a691e782351fa712aa97c6f38f1d641ae91e3d23af
SSDEEP

6144:9nsLTb6hU1R1IDT3nn/b10WyIZUdA8CQ3mAg0y0Noh+p9NWRzbX:6TbgrDT3n/b6qiA8CQqvYogp/6

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid process

2252 msedge.exe
2252 msedge.exe
4780 msedge.exe
4780 msedge.exe
2264 msedge.exe
2264 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

4780 msedge.exe
4780 msedge.exe
4780 msedge.exe
4780 msedge.exe
4780 msedge.exe
4780 msedge.exe

pid	process
2252	msedge.exe
2252	msedge.exe
4780	msedge.exe
4780	msedge.exe
2264	msedge.exe
2264	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

FpsUnlocker.exemsedge.exe

description	pid	process	target process
PID 4788 wrote to memory of 4780	4788	FpsUnlocker.exe	msedge.exe
PID 4788 wrote to memory of 4780	4788	FpsUnlocker.exe	msedge.exe
PID 4780 wrote to memory of 2500	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2500	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2552	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2252	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 2252	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 3148	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 3148	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 3148	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 3148	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 3148	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 3148	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 3148	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 3148	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 3148	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 3148	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 3148	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 3148	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 3148	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 3148	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 3148	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 3148	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 3148	4780	msedge.exe	msedge.exe
PID 4780 wrote to memory of 3148	4780	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\Reaper\Reaper\Bin\FpsUnlocker.exe
"C:\Users\Admin\AppData\Local\Temp\Reaper\Reaper\Bin\FpsUnlocker.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/axstin/rbxfpsunlocker/releases
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdce323cb8,0x7ffdce323cc8,0x7ffdce323cd8
3⤵
PID:2500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,9195999049940425681,11266413925497278047,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
3⤵
PID:2552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,9195999049940425681,11266413925497278047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,9195999049940425681,11266413925497278047,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
3⤵
PID:3148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9195999049940425681,11266413925497278047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
3⤵
PID:1104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9195999049940425681,11266413925497278047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
3⤵
PID:1452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,9195999049940425681,11266413925497278047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9195999049940425681,11266413925497278047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
3⤵
PID:1860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9195999049940425681,11266413925497278047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
3⤵
PID:3356

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,9195999049940425681,11266413925497278047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
3⤵
PID:3540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9195999049940425681,11266413925497278047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
3⤵
PID:2704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9195999049940425681,11266413925497278047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
3⤵
PID:2956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
Filesize
1KB

MD5
894e7aefbaee349dce6e9338952cfd5a

SHA1
bde7382775a58d52500690eb787c595dc93c2571

SHA256
ff815a815416aa5102f3c60611a250cfb01e7b70074e7eb8936da1f8173ba206

SHA512
031dbc977f2e7cbad425e990acd501e33845a8aa0afe0053602df604a09316fdcf8b61227fb5b14bae57e4b1c490228a764d933286d8d4716a76b3e3f7ec56b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C38AC6B0EBDA4044A36E2ADF650F8E22
Filesize
282B

MD5
876fb259e72be7dab4e277922af26eda

SHA1
32b773eb9704fcacbd077ed364eb7070cec67944

SHA256
9ae283e94e326af81b21214a7d6555565261cd706dc5cd4eeba69c7e469c779f

SHA512
55a841564b82885eab6637e106e3af08f9fa214d16fcab27e508e9c5a1fa828e92b28ebe2b54775168d26bbaa62a5d741f16466eda21970e6c76ec803825d0ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
Filesize
979B

MD5
36998c1d14ed9962b6a3d963a214481b

SHA1
67b6de294a2e6b9741365f35ca26940482bef734

SHA256
bf13d219e0f8c7e6bd10d0d9c06050d0b732b029d38b92c851a0a0db244f5007

SHA512
e25bb2c12b84544c042f33ad559a581b6054fa4db51279b5f5ec42ee957dfab61a60dcab1ab1d19bef2dcb7a651489f2e9e872d70357780fc4efca3a7ca78b1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
Filesize
482B

MD5
1706589158b555b07a113c38126f6a3d

SHA1
8a2b83a4bb90ddfc7f0cafd1a575e9d1b77ebd96

SHA256
ba87d7d987a5f8dca11a4167afadf7e76ea2a9c76510cf811c87f7569694bf74

SHA512
a473ece8441a416da1c11f81153325b39920260d460626582636d855b7dbb321a6218bc78c5dff88e978ad22c4e1ec92c15b647b6ac783f66bd7c40c471129c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C38AC6B0EBDA4044A36E2ADF650F8E22
Filesize
484B

MD5
28b1dccf7094820a019936c5cdf1a442

SHA1
c7e8d51a3a0f31fad83f92c3f827707c3cee314c

SHA256
3eafb315db0141bdffdabcd2bbbb4f2ab78383ca2330da27cd4fc7f3e52cce3c

SHA512
d463f89e1a396cd1e28d2867487215cbd393d8aa49e9c8a8fc996671853374d7206aad335f3e12cad4b854574868518f6ec9e5c748da701ad470de059ea2633c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
Filesize
480B

MD5
ae310942e65536a414899915acbe114b

SHA1
8ff1103a854a390b235733aeedaa56cab3c36a4e

SHA256
b4a7fa41787e48a1bc613dc573ab238d604c8e2d24c9f4413aea3e76b7f361ee

SHA512
952f30430395796f4de6968d5037e4a67288ae6cd23b14edbe6a6e4303d4249fc80d5a1df2449af0ac979287666070a547b9e2b3ebe466d64f9e2cb9e52ef419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ec7568123e3bee98a389e115698dffeb

SHA1
1542627dbcbaf7d93fcadb771191f18c2248238c

SHA256
5b5e61fe004e83477411dd2b6194e90591d36f2f145cc3b4faa20cf7ae266a75

SHA512
4a53fbbd7281a1a391f0040f6ff5515cedf6e1f97f2dae4ab495b4f76eb4f929dcda6b347f9bf7f66a899330f8897e1ed117314945d1de27b035cc170fa447d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
362e0337b2af1c46512f704704052cec

SHA1
fb581bce64b3950f3599f20a7b95c82111730ffa

SHA256
af5429bbac2f8609c3a7eef5d436f1938ce0c4fe31e135c6dfd2ab0f427f62f5

SHA512
462ba02cb9798b9129655f44a561a095bc8a5ba85b56f90a8a929e9f2107e053795530bfae9534a8254f1dacc89756b854bfc76ba191f2f87fd8f04f32d9088a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
f2f9c1f21d5cc0bc3bc239d53e89ec9b

SHA1
d56aefebbf35be719bcebf2c3a4cecdd3b350d84

SHA256
727117b24470d4246c91ba86a1195e4ebaaddd964135c527b7b51ccad350d8d9

SHA512
238620a3b44127968f6dbfc9b1ed81176a98be725461723f74ebd08b474df41f5dfff2d6f9c25b331737e133fe74e575b67e467709834200cafcce30713f40e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
8e65b22fe0db65e7722c5a0a4d587954

SHA1
96f3ba5099047db6597a832d9987732d4760820c

SHA256
b1b56fdeeeb727c836fb90bcd5d4dae33507ed5031fb637f102985ba23b808c1

SHA512
e012874cbf527b147ee26a315b4835cd353a0c3d3d1d6b1d644f78981698cc50c9191c38b07e6c260a33299cbfa83929b63ba1a01e57762e2d62b713c18546b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
25KB

MD5
0ba15f72ffb0a37243558588d3e78221

SHA1
814bdfffd723f7de9f8d6d6a0bc8d85a9f275cc0

SHA256
3d0223e1f8bb35870db41872cfbbe467f65bf9a1208dcb4d4ad874e250ccc10a

SHA512
02b168ef9cc226a08955092173c3745a55b28faa438b8152acb90d3bc1d9f433de7d8341def8b452db1986392a59cabc7c69689ad00825c58371ca78021183be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
fdf2e56586985b684c7e411d7bf648c5

SHA1
e26dbdefaa6eb691b927458a20a095a0caf232ee

SHA256
eb8c9776bfa38046255e39c1e373b0bddf4372f199d6b2c02121cb285cd07cef

SHA512
cce3fb09ca1700b68e75ecd60bc2caf9a316867e9f94798463778f65dd9df54ab4f4b67ba62ef6a218989b6d5ee551d57f032154942f370d5bbe02d4b9a62376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
240fd01695a7b8066dca86943bd6544d

SHA1
829fa3813c6569f3aa4cd1a84c83297d8781dc91

SHA256
9c14a8f9e0a1a4a42e649050ec75d91d07245fb6d66c93c5c39346f2e295bf04

SHA512
0099e48d4e2121e9baffe69503158071c8c4703502564b62438c770524bf819138760b798540f557a640a446de8973a6f40406c9e3e159b4af8c9d7003e534b1

Download Submit
\??\pipe\LOCAL\crashpad_4780_ZXYPZGHPMMRMFGJT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit