d80f9618ef8369e54986f2abf564e5eeccf961d3ddaca515622412b1e4648d4c

Resubmissions

20-04-2024 17:13

240420-vrrwwadh2z 10

12-03-2024 21:36

10-03-2024 04:41

10-03-2024 04:40

10-03-2024 04:38

09-03-2024 07:38

Analysis

max time kernel
139s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-03-2024 21:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Reaper/Reaper/Bin/FpsUnlocker.exe
Size

488KB
MD5

52f46ced3b06b19eac3369fbdb4ee2ee
SHA1

1bc549fa770b1bf3925248a3853a87af9948381f
SHA256

d0685e397486bd9f54eda33133e87e3970dedf5038ef0e4d058de34d796d72ac
SHA512

d65a7f73a497e18d0123306c3e940cdd5b22f61ad88fcd9a334c95bab0db665a8e61d11c9c78a656cbfdd7a691e782351fa712aa97c6f38f1d641ae91e3d23af
SSDEEP

6144:9nsLTb6hU1R1IDT3nn/b10WyIZUdA8CQ3mAg0y0Noh+p9NWRzbX:6TbgrDT3n/b6qiA8CQqvYogp/6

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4324	msedge.exe
4324	msedge.exe
4828	msedge.exe
4828	msedge.exe
1236	identity_helper.exe
1236	identity_helper.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

4828 msedge.exe
4828 msedge.exe
4828 msedge.exe
4828 msedge.exe
4828 msedge.exe
4828 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

FpsUnlocker.exemsedge.exe

description	pid	process	target process
PID 3132 wrote to memory of 4828	3132	FpsUnlocker.exe	msedge.exe
PID 3132 wrote to memory of 4828	3132	FpsUnlocker.exe	msedge.exe
PID 4828 wrote to memory of 836	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 836	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 2404	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 4324	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 4324	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 1044	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 1044	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 1044	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 1044	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 1044	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 1044	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 1044	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 1044	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 1044	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 1044	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 1044	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 1044	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 1044	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 1044	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 1044	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 1044	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 1044	4828	msedge.exe	msedge.exe
PID 4828 wrote to memory of 1044	4828	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\Reaper\Reaper\Bin\FpsUnlocker.exe
"C:\Users\Admin\AppData\Local\Temp\Reaper\Reaper\Bin\FpsUnlocker.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/axstin/rbxfpsunlocker/releases
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9dc6146f8,0x7ff9dc614708,0x7ff9dc614718
3⤵
PID:836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11920843656040587164,1963344428718597792,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
3⤵
PID:2404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,11920843656040587164,1963344428718597792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,11920843656040587164,1963344428718597792,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
3⤵
PID:1044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11920843656040587164,1963344428718597792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
3⤵
PID:844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11920843656040587164,1963344428718597792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
3⤵
PID:1776

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,11920843656040587164,1963344428718597792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
3⤵
PID:2200

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,11920843656040587164,1963344428718597792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11920843656040587164,1963344428718597792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
3⤵
PID:2152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11920843656040587164,1963344428718597792,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
3⤵
PID:764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11920843656040587164,1963344428718597792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
3⤵
PID:4984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11920843656040587164,1963344428718597792,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
3⤵
PID:1644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11920843656040587164,1963344428718597792,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1932 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4812

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
Filesize
1KB

MD5
d6d6dc1b5fa907601ed19ed2d0bba6e7

SHA1
ca4f6f6fdeaece1e82528c8d37f186da0ec8b19e

SHA256
2cfce700b5a56df3a8cb456e149f5af4e84735259aaac19e593a37e1f0ddd7bb

SHA512
3c2189ae16e7a7826b8e35e366220dfdf383f1c6392c0974f3ae35d7f3bcffdf8038bb09f3fdac1e632570dc11d5ed96388f0167042a53c189764aab3b4b5c8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C38AC6B0EBDA4044A36E2ADF650F8E22
Filesize
281B

MD5
cdb5318f5c156a91e57b6cb39b040411

SHA1
482ec5cdc5df341ee05a35ba1a268192ba5c15a4

SHA256
18ab03588a5ddf777e8b3910ff0267e17cbf8d4ef1f9cbb95ad99faaa0e0d563

SHA512
0455160d425ba441532c3e5c894161ff392259f6b02c5a7c3d5680ff2060a4e4ec21c1e605a844650ef6de51ad66918b3aeb3638f5f041129e7dd0f7a678e9f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
Filesize
978B

MD5
f673bb24776fa92c66fb2240e87cdadc

SHA1
691a68eed7f8c906cf544d50718528ba5692e3c9

SHA256
2a03ddae1a42ec425421269bebbb0696da38478bb57e4e6da78dd50e356bb120

SHA512
80e0226042d4ee280ce0241b15ff9af4e5e935397579890ce9891518dee0a04925b8ebc639251dd68f93ee73c4f37be5fd498824dfd1b1c8ef7dda698c0fbec5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
Filesize
482B

MD5
9f007cb07baa2aaf26ea9d7c6bc55202

SHA1
5ccc1fd6589f76911d70fd74c272ae9c53a64f57

SHA256
3b249c9113d7ae050c697b2431d4e6ceab834e69bf206598d0fdacaf71dc96b4

SHA512
923a6b41f48c0cc523ed1a6844bf3146b80131137ec595d769ed44dde6f30b9fb7722cfba6ff94cae4afabb66ab99369cbb5f5b3c03b6bbfb14ecdbdb7a89a02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C38AC6B0EBDA4044A36E2ADF650F8E22
Filesize
484B

MD5
13dd462d2afa06b6b4427719e2fa9836

SHA1
8ca7288187fc0c26fed3ba1bc76b384e6f4b247e

SHA256
935681717db9df502f919653a9d0547c2941c396a3885c46a29cc1545e37a77f

SHA512
d9834d2511444a0e97f4cfa1dbf2a34cac7cefca506afd719a4f4f3d51d3f7ab35c833fa309598eb7a5445b9e1e0ccb38a8be8da3dd5438a5c570be45a124680

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
Filesize
480B

MD5
0dad8774a27f6f71a1474fd859005b80

SHA1
bc6967a744a44c89af6fe5c74a39264fe8d30cdc

SHA256
db5336b26e7dde73ea14f8957bce9005e176da7b9efe647f55f529e362f96674

SHA512
76f455a95161930c829ac36b2f7e942fd1bdbe2ab1338b472e8ee4ebcf2c48ba8a19f1b4b7bfc3e789924fc11699457c7d8973b2f463fd32ac6ab2739affe247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
7dd33c1a8eaa76ea335da673784e4385

SHA1
51443c3a96635b5fb1a4cdea4c2fdae92b9e7033

SHA256
8eefac58bf9867522f6ea9caed7c9be548223740f4ae22e082f0260fc53a1d51

SHA512
8c26cf6a38e98677f36048169f146c21edb23628b1ca9cf0363189bb0d3bb373a74f6180e7a1ddac9e4abbf351329788524d0dc839789bcef4a1e77f39dc31f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
496B

MD5
d22266ba3d8db30279b96944f0cec985

SHA1
44e288cdfe75a5e8299ce32e75dd9e0705cdbac9

SHA256
77873629fa695e434160c86ae9116906ff65a97666d7d35a3ed63221b627c0bf

SHA512
d463aecbdac835dace5544b4267c86c2ed7d3165ba95095db6dfc3a25655f2391fa202a81d37b4a76a36f04456ed86df137302ad0e456fd59ecdfee3c69c6c1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
57809b23c5ae0569a44f86276baf8f7d

SHA1
df26969d54d9006fc48338009431b0bb8d0a4f4b

SHA256
12bf1f7c5c8558a49912f685629196dd262d9cb8ee35cf2d08d06c240569386a

SHA512
13784bd50f055650d814169180c660f9f92e9d154ac6d83a8ffd24951191ee47d3f3b6348f25f8956d8f5793f88e4180427777a9573470ef8145a2bbcdc8bd7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ca005131-1279-4f1a-8379-2baf0ae83802.tmp
Filesize
5KB

MD5
4c44149e402634faa77c3ac0d1fe8831

SHA1
5a51647b0e8682ab72e4ae3a41d064d0ffa71a29

SHA256
f5a0c376b73f743c3866cdeaf99d4ab0608266ee8989320083fc85f5a75d663b

SHA512
c898e7963f4bdfc1b6cc191d62453af7d6ad72a2d29502253d87e055f986b080db2c0ecb53c6db9bd8677ae0270ae85706cd934f1faa29766bbd97f3afad33c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
2894a55afe74aa3ebc81eb14b2cc7046

SHA1
d5b220265476b22cedc8e015433c9aabb439172a

SHA256
540831f80d93f464bc33eb076301e56ebe1f61cd05612eb46ec7253f09a8455e

SHA512
7ae5e7a8aedc017e8997138a1231b6062cd4768e76c87ba3efed802e631e2c7c68b579eecf0c5a36d11f5d7f53c25434b7d9f13933eadd001e8c517cd901003a

Download Submit
\??\pipe\LOCAL\crashpad_4828_VHZJRJPATZDGPHAP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit