Overview
overview
10Static
static
3Reaper.zip
windows10-2004-x64
1Reaper/Rea...er.exe
windows10-2004-x64
3Reaper/Rea...ts.dll
windows10-2004-x64
1Reaper/Rea...er.exe
windows10-2004-x64
10Reaper/Rea...config
windows10-2004-x64
3Reaper/Rea...bot.js
windows10-2004-x64
1Reaper/Rea... v2.js
windows10-2004-x64
1Reaper/Rea...y 2.js
windows10-2004-x64
1Reaper/Rea...or.dll
windows10-2004-x64
1Resubmissions
20-04-2024 17:13
240420-vrrwwadh2z 1012-03-2024 21:36
240312-1f3f5adc57 1010-03-2024 04:41
240310-fbmjwscd28 1010-03-2024 04:40
240310-fan2bscc93 1010-03-2024 04:38
240310-e9wd1scc82 1009-03-2024 07:38
240309-jghpnsdh88 10Analysis
-
max time kernel
149s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10-03-2024 04:41
Static task
static1
Behavioral task
behavioral1
Sample
Reaper.zip
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
Reaper/Reaper/Bin/FpsUnlocker.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Reaper/Reaper/EasyExploits.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
Reaper/Reaper/Reaper.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Reaper/Reaper/Reaper.exe.config
Resource
win10v2004-20240226-en
Behavioral task
behavioral6
Sample
Reaper/Reaper/Scripts/CC Aimbot.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Reaper/Reaper/Scripts/Dex Explorer v2.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral8
Sample
Reaper/Reaper/Scripts/Mad City 2.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
Reaper/Reaper/injector.dll
Resource
win10v2004-20240226-en
General
-
Target
Reaper/Reaper/Bin/FpsUnlocker.exe
-
Size
488KB
-
MD5
52f46ced3b06b19eac3369fbdb4ee2ee
-
SHA1
1bc549fa770b1bf3925248a3853a87af9948381f
-
SHA256
d0685e397486bd9f54eda33133e87e3970dedf5038ef0e4d058de34d796d72ac
-
SHA512
d65a7f73a497e18d0123306c3e940cdd5b22f61ad88fcd9a334c95bab0db665a8e61d11c9c78a656cbfdd7a691e782351fa712aa97c6f38f1d641ae91e3d23af
-
SSDEEP
6144:9nsLTb6hU1R1IDT3nn/b10WyIZUdA8CQ3mAg0y0Noh+p9NWRzbX:6TbgrDT3n/b6qiA8CQqvYogp/6
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2888 msedge.exe 2888 msedge.exe 2804 msedge.exe 2804 msedge.exe 3184 identity_helper.exe 3184 identity_helper.exe 5472 msedge.exe 5472 msedge.exe 5472 msedge.exe 5472 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
FpsUnlocker.exemsedge.exedescription pid process target process PID 1864 wrote to memory of 2804 1864 FpsUnlocker.exe msedge.exe PID 1864 wrote to memory of 2804 1864 FpsUnlocker.exe msedge.exe PID 2804 wrote to memory of 4532 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 4532 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2132 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2888 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 2888 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 4920 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 4920 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 4920 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 4920 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 4920 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 4920 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 4920 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 4920 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 4920 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 4920 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 4920 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 4920 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 4920 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 4920 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 4920 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 4920 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 4920 2804 msedge.exe msedge.exe PID 2804 wrote to memory of 4920 2804 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Reaper\Reaper\Bin\FpsUnlocker.exe"C:\Users\Admin\AppData\Local\Temp\Reaper\Reaper\Bin\FpsUnlocker.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/axstin/rbxfpsunlocker/releases2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8bfa46f8,0x7ffc8bfa4708,0x7ffc8bfa47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15119833561687164649,10416863357320963592,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,15119833561687164649,10416863357320963592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,15119833561687164649,10416863357320963592,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15119833561687164649,10416863357320963592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15119833561687164649,10416863357320963592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15119833561687164649,10416863357320963592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15119833561687164649,10416863357320963592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15119833561687164649,10416863357320963592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15119833561687164649,10416863357320963592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15119833561687164649,10416863357320963592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15119833561687164649,10416863357320963592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15119833561687164649,10416863357320963592,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4768 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25Filesize
1KB
MD5894e7aefbaee349dce6e9338952cfd5a
SHA1bde7382775a58d52500690eb787c595dc93c2571
SHA256ff815a815416aa5102f3c60611a250cfb01e7b70074e7eb8936da1f8173ba206
SHA512031dbc977f2e7cbad425e990acd501e33845a8aa0afe0053602df604a09316fdcf8b61227fb5b14bae57e4b1c490228a764d933286d8d4716a76b3e3f7ec56b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C38AC6B0EBDA4044A36E2ADF650F8E22Filesize
282B
MD5876fb259e72be7dab4e277922af26eda
SHA132b773eb9704fcacbd077ed364eb7070cec67944
SHA2569ae283e94e326af81b21214a7d6555565261cd706dc5cd4eeba69c7e469c779f
SHA51255a841564b82885eab6637e106e3af08f9fa214d16fcab27e508e9c5a1fa828e92b28ebe2b54775168d26bbaa62a5d741f16466eda21970e6c76ec803825d0ee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90Filesize
978B
MD5f673bb24776fa92c66fb2240e87cdadc
SHA1691a68eed7f8c906cf544d50718528ba5692e3c9
SHA2562a03ddae1a42ec425421269bebbb0696da38478bb57e4e6da78dd50e356bb120
SHA51280e0226042d4ee280ce0241b15ff9af4e5e935397579890ce9891518dee0a04925b8ebc639251dd68f93ee73c4f37be5fd498824dfd1b1c8ef7dda698c0fbec5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25Filesize
482B
MD5043072e52f688bc897050d2d1dc951d0
SHA192fd40d141b4b5a1a5e6b2e16bed736b89384020
SHA2562558350c7ce5d55dbd9bc63c82a62955ec3f0716d4db833aa6c37345980e38fb
SHA5129184a50f2f860c1313d62ca37e92bec4b2b78c4236bd7985e878dd8d31ec1d374d65bdc3596496a3ce81030a2c7e13a2168e1011a0d47d00ad8c5c7bd1764a47
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C38AC6B0EBDA4044A36E2ADF650F8E22Filesize
484B
MD5f95eae4ece0e1803b021ae0765884d47
SHA11629724928035fb2e4bc3a8998299bffaba07809
SHA25644e23d164e3ed3b62b6ce8384ab938ab8b01249b7f4a41a9bcb044f6ef64fd8b
SHA512c7b9cffb6266f2c45a274b26426dde5e5baf9724bb2b4b3744a55047c6e3b3c73f490f64765fc2b3376db390e97de40b576bcaf31de887db684a9f41422a9e66
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90Filesize
480B
MD5f96f703b2e7a84e66297245105c99ba9
SHA1555ac8aaf30acc89d33562a0083db96aa57ad5d4
SHA25697c138d439f4fe3e3803fbf43c725a2fbdc870c632ef6e5a59a80da60edaba2e
SHA5128eab9da5aafe1ebe4adb88ef8eb905ac4c78fc1cf4cdaba7c340e6b04e85f11f001f5748a9d56967563b3bbaf7115c8994aa494d69cf853ca6220dcce5609959
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a774512b00820b61a51258335097b2c9
SHA138c28d1ea3907a1af6c0443255ab610dd9285095
SHA25601946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4
SHA512ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5fd7944a4ff1be37517983ffaf5700b11
SHA1c4287796d78e00969af85b7e16a2d04230961240
SHA256b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74
SHA51228c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5d44ec2761488689a4a3fac14a4bc8f8a
SHA106f28a56cf8cb81f1821c538ebd7a00fc4179d43
SHA256d84ba61658fcaad924f17483d9a339492f89f632220aceae74f1798ff7a4d717
SHA512e35a0e09c0429e0cf966a5bac7cf8927ec0e53fb090f17b333639b2aa7039ef22cdbf331b2f256623c192c40a6f6fc17e9be2f321de20bbea119ec34b1741681
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
496B
MD5aadae93b8d636d034aee972c3635d7b5
SHA1d8c1119ed585b5403056f37515b98d32d3275ab9
SHA256baf498aa585a836559bfdfeba511aa8392d8fac7d57e594062dbad9bbd5c8327
SHA5120a27888dc32f54cf0f1dff75e1f38813c60a0e0d04c16eb2f0a6bd898455f31f0008aa550b1e36f342527d777e71d9ef3e7e88788366f6b64cfdf8ece6e7bd81
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD568bcd2e396e43f19cfdf0df034af3dd7
SHA1e79151bf608ce47ac76b5f034c85280957e2f436
SHA25629556cf7fbc47c5fb6fb7fee02cf4c9d43319d946e4d536107ff7153e2719505
SHA51296a244e63d617ae46403f6d9a3c57a771e4039c97aed714aaa7f50da116b0f976b4cf39e15af8de972bb96bfd024f6edb1bfae810781f19b86e1617d26037928
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD512865ce5631fd2ccc4ed934ab20dd75a
SHA1e8acc396a6359aeeca9bb0c3a1bf8ddfbdb7484b
SHA2569f11b10d4d10800e35dc4c302382d17efe78d15ea880d09878211d1a26ca9966
SHA5122bf41897335de0e234e2e5112745b0a428137ea53c4bee6a5be0c3ed0df278adc72aab1410f3770603bf58e5d4d580e50af2babca8baff201b7bbf7417b9fd1a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5685bfd969bf2888eac2127a9fd2ea2b0
SHA1a06d46606343de769992ef3dacb8dfb2f7018351
SHA256b32a6d99bdfb0236d702b5519d9401728e5ebc28d3624ff453e7e103795b4319
SHA51204948595ce3ea658e5b633fdeced6a293e5eb8bd40a3efb9829c196d9c1e93638160a8e82f679fa67127e2b1eab39a7066c2157e8598161aa1b02a72902019e0
-
\??\pipe\LOCAL\crashpad_2804_UBHSZAABBPZUSLWDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e