c787cef9e7216be955d5f4ff7b305f3f08d1d283ac3f09a01f821bf7b2d4a9a2

Resubmissions

22-03-2024 10:29

240322-mjq1lsdc6w 8

08-05-2023 11:46

230508-nxdg4sad72 7

08-05-2023 11:33

230508-nn5j8sad52 7

Analysis

max time kernel
181s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22-03-2024 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e1dc058fc8282acb95648c1ee6b0bc36b0d6b5e6853d4f602df5549e67d6d11a.7z
Size

104.3MB
MD5

a5ec3cc8b641474e277c8277d228c490
SHA1

1b1981e09fda2880f6d2914ed8c42c6915376138
SHA256

c787cef9e7216be955d5f4ff7b305f3f08d1d283ac3f09a01f821bf7b2d4a9a2
SHA512

f47331c336bd51fe1594f7bcd414d19c881954205cb5e9e4c0bd964efe1be9ac5f262fb35cf77abba4ad470a2e24f9611329f4a36679d75760664e8055dd8677
SSDEEP

3145728:dXmm9U2pg/nJSeKHDUc2FofSxwj3WpAerPQ1:xmGU2pgP0HDUc2PA3Ek1

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

cmd.exeFlixGrab.tmpFlixGrab.tmpFlixGrab.tmp

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	FlixGrab.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	FlixGrab.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	FlixGrab.tmp

Executes dropped EXE 8 IoCs

Processes:

activator.exeFlixGrab.exeFlixGrab.tmpFlixGrab.exeFlixGrab.tmpFlixGrab.exeFlixGrab.tmpactivator.exe

pid process

464 activator.exe
4872 FlixGrab.exe
4476 FlixGrab.tmp
6052 FlixGrab.exe
6096 FlixGrab.tmp
5444 FlixGrab.exe
5204 FlixGrab.tmp
3176 activator.exe

pid	process
464	activator.exe
4872	FlixGrab.exe
4476	FlixGrab.tmp
6052	FlixGrab.exe
6096	FlixGrab.tmp
5444	FlixGrab.exe
5204	FlixGrab.tmp
3176	activator.exe

Drops file in Program Files directory 2 IoCs

Processes:

activator.exeactivator.exe

description	ioc	process
File created	C:\Program Files (x86)\FreeGrabApp\FlixGrab\FlixGrab.exe	activator.exe
File created	C:\Program Files (x86)\FreeGrabApp\FlixGrab\FlixGrab.exe	activator.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 6 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid process

744 taskkill.exe
4188 taskkill.exe
5304 taskkill.exe
4844 taskkill.exe
4164 taskkill.exe
5368 taskkill.exe
Modifies registry class 1 IoCs

Processes:

cmd.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings cmd.exe

pid	process
744	taskkill.exe
4188	taskkill.exe
5304	taskkill.exe
4844	taskkill.exe
4164	taskkill.exe
5368	taskkill.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	cmd.exe

Script User-Agent 6 IoCs

Uses user-agent string associated with script host/environment.

Processes:

description	flow	ioc
HTTP User-Agent header	165	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	172	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	210	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	218	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	285	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	291	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 15 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
4456	msedge.exe
4456	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
3064	msedge.exe
3064	msedge.exe
3472	msedge.exe
3472	msedge.exe
4376	msedge.exe
4376	msedge.exe
2952	msedge.exe
2952	msedge.exe
2652	identity_helper.exe
2652	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

4676 7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	process
4308	msedge.exe
4308	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes:

7zFM.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

description	pid	process
Token: SeRestorePrivilege	4676	7zFM.exe
Token: 35	4676	7zFM.exe
Token: SeSecurityPrivilege	4676	7zFM.exe
Token: SeDebugPrivilege	744	taskkill.exe
Token: SeDebugPrivilege	4188	taskkill.exe
Token: SeDebugPrivilege	5304	taskkill.exe
Token: SeDebugPrivilege	4844	taskkill.exe
Token: SeDebugPrivilege	4164	taskkill.exe
Token: SeDebugPrivilege	5368	taskkill.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

7zFM.exemsedge.exemsedge.exemsedge.exe

pid	process
4676	7zFM.exe
4676	7zFM.exe
4676	7zFM.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	process
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

activator.exeactivator.exe

pid process

464 activator.exe
464 activator.exe
464 activator.exe
3176 activator.exe
3176 activator.exe
3176 activator.exe

pid	process
464	activator.exe
464	activator.exe
464	activator.exe
3176	activator.exe
3176	activator.exe
3176	activator.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exeFlixGrab.exeFlixGrab.tmpmsedge.exe

description	pid	process	target process
PID 2108 wrote to memory of 4676	2108	cmd.exe	7zFM.exe
PID 2108 wrote to memory of 4676	2108	cmd.exe	7zFM.exe
PID 4872 wrote to memory of 4476	4872	FlixGrab.exe	FlixGrab.tmp
PID 4872 wrote to memory of 4476	4872	FlixGrab.exe	FlixGrab.tmp
PID 4872 wrote to memory of 4476	4872	FlixGrab.exe	FlixGrab.tmp
PID 4476 wrote to memory of 744	4476	FlixGrab.tmp	taskkill.exe
PID 4476 wrote to memory of 744	4476	FlixGrab.tmp	taskkill.exe
PID 4476 wrote to memory of 744	4476	FlixGrab.tmp	taskkill.exe
PID 4476 wrote to memory of 4188	4476	FlixGrab.tmp	taskkill.exe
PID 4476 wrote to memory of 4188	4476	FlixGrab.tmp	taskkill.exe
PID 4476 wrote to memory of 4188	4476	FlixGrab.tmp	taskkill.exe
PID 4476 wrote to memory of 4308	4476	FlixGrab.tmp	msedge.exe
PID 4476 wrote to memory of 4308	4476	FlixGrab.tmp	msedge.exe
PID 4308 wrote to memory of 1496	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 1496	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 2464	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 4456	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 4456	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 4244	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 4244	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 4244	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 4244	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 4244	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 4244	4308	msedge.exe	msedge.exe
PID 4308 wrote to memory of 4244	4308	msedge.exe	msedge.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\e1dc058fc8282acb95648c1ee6b0bc36b0d6b5e6853d4f602df5549e67d6d11a.7z
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2108

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\e1dc058fc8282acb95648c1ee6b0bc36b0d6b5e6853d4f602df5549e67d6d11a.7z"
2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4676

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2688

C:\Users\Admin\file\activator.exe
"C:\Users\Admin\file\activator.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:464

C:\Users\Admin\file\FlixGrab.exe
"C:\Users\Admin\file\FlixGrab.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4872

C:\Users\Admin\AppData\Local\Temp\is-IEK80.tmp\FlixGrab.tmp
"C:\Users\Admin\AppData\Local\Temp\is-IEK80.tmp\FlixGrab.tmp" /SL5="$A02A0,92329271,1199616,C:\Users\Admin\file\FlixGrab.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4476

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /im FlixGrab.exe /f
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:744

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /im FlixGrabMS.exe /f
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://freegrabapp.com/product/flixgrab/
3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffaadd146f8,0x7ffaadd14708,0x7ffaadd14718
4⤵
PID:1496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,13958424485692988103,16000982567823683325,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
4⤵
PID:2464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,13958424485692988103,16000982567823683325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,13958424485692988103,16000982567823683325,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
4⤵
PID:4244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13958424485692988103,16000982567823683325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
4⤵
PID:5124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13958424485692988103,16000982567823683325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
4⤵
PID:5136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5316

C:\Users\Admin\file\FlixGrab.exe
"C:\Users\Admin\file\FlixGrab.exe"
1⤵
- Executes dropped EXE
PID:6052

C:\Users\Admin\AppData\Local\Temp\is-E1LMR.tmp\FlixGrab.tmp
"C:\Users\Admin\AppData\Local\Temp\is-E1LMR.tmp\FlixGrab.tmp" /SL5="$30332,92329271,1199616,C:\Users\Admin\file\FlixGrab.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
PID:6096

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /im FlixGrab.exe /f
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5304

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /im FlixGrabMS.exe /f
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://freegrabapp.com/cancelupdate/
3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaadd146f8,0x7ffaadd14708,0x7ffaadd14718
4⤵
PID:5932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,16599797505879515638,11777015921885149823,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
4⤵
PID:4000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,16599797505879515638,11777015921885149823,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:3064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,16599797505879515638,11777015921885149823,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
4⤵
PID:5136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16599797505879515638,11777015921885149823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
4⤵
PID:5388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16599797505879515638,11777015921885149823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
4⤵
PID:5396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16599797505879515638,11777015921885149823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
4⤵
PID:5820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5548

C:\Users\Admin\file\FlixGrab.exe
"C:\Users\Admin\file\FlixGrab.exe"
1⤵
- Executes dropped EXE
PID:5444

C:\Users\Admin\AppData\Local\Temp\is-H28NT.tmp\FlixGrab.tmp
"C:\Users\Admin\AppData\Local\Temp\is-H28NT.tmp\FlixGrab.tmp" /SL5="$70322,92329271,1199616,C:\Users\Admin\file\FlixGrab.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
PID:5204

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /im FlixGrab.exe /f
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4164

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /im FlixGrabMS.exe /f
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://freegrabapp.com/cancelupdate/
3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaadd146f8,0x7ffaadd14708,0x7ffaadd14718
4⤵
PID:1604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12153623307013702578,11085502085347623303,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
4⤵
PID:5288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,12153623307013702578,11085502085347623303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,12153623307013702578,11085502085347623303,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
4⤵
PID:5488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12153623307013702578,11085502085347623303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
4⤵
PID:4692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12153623307013702578,11085502085347623303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
4⤵
PID:4928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12153623307013702578,11085502085347623303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
4⤵
PID:5764

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12153623307013702578,11085502085347623303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
4⤵
PID:5412

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12153623307013702578,11085502085347623303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:2652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12153623307013702578,11085502085347623303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
4⤵
PID:1616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12153623307013702578,11085502085347623303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
4⤵
PID:3100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12153623307013702578,11085502085347623303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
4⤵
PID:5180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12153623307013702578,11085502085347623303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
4⤵
PID:5788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12153623307013702578,11085502085347623303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
4⤵
PID:3088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12153623307013702578,11085502085347623303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
4⤵
PID:2152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12153623307013702578,11085502085347623303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
4⤵
PID:5532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,12153623307013702578,11085502085347623303,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6216 /prefetch:8
4⤵
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,12153623307013702578,11085502085347623303,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6484 /prefetch:8
4⤵
PID:3772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5660

C:\Users\Admin\file\activator.exe
"C:\Users\Admin\file\activator.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:3176

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
386cb6779177d736bdf48fc2fd334042

SHA1
d6a49988fb106bed2e18c3404621ecbb0332add6

SHA256
5a89175aa0c81bda230ec8bf7680cfdc024d053a52c63fa467c9d87595ac5f65

SHA512
051057ea71ec3b98b13f22e7bee33d13bef5c83b5ce8a43a2a98d6b82551c3f54b6ea10557757f0f99a6c48bfaa4f81fca518c531be69a6d7541fb9ad7a5e605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\273cbdc4-d0fa-480a-a1a5-1cfd124ae38a.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
74326dde725d358cfbe907f1885fb23c

SHA1
a516cce0391971b04f4ef027f63120d0ad9c67e1

SHA256
58d8ef0a68982a3675be43d55cd51099fdec004c3d25f5f62f27616644e5fbf4

SHA512
b898b6bdb2de50cfa2d40ea6a826478def09bf88f5cb44a312d4865b069fbcc5999a7e1ffcd188e826ca8fb98fa7fb1791978c89f37b136e47bf2863e7d30bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
9f232ee3c8d86edc69e7914e30a18ebf

SHA1
a88e4cb63892c117f63190a150f82f14348b4fd7

SHA256
c182f5fc4fc1654c2644445b2f4d14d8a192380e995d91de2ac85ea6d471deb4

SHA512
46ad2b6d04cfd2b2d9fd0ee0cca6c23f1ab6d0d4d6f97ced838951c67d53296d1593e05f257f8cc58029c20db874e503205f831f24f3b4f054b79e385317bd2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
1.0MB

MD5
026e3d0e7f267f2eb5755cdd92076807

SHA1
a07c9eb81c27927ff0507401c74be066c8d0ffee

SHA256
0176f6b1880a8fde2df78a1bdd7225f16735abb4cfa86fea704e5c52f7ea03c3

SHA512
2e5bc12a4f95d3f3a190e3a1c954f0457e9bfac25316cd161cf9198ea20c4c577c43891ecf29b1c588fac1668fd17d2c0f5ab80dd575bfa6cc0d90885a14c8f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
4.0MB

MD5
f99dc3628427b8f1cd350721d38476ce

SHA1
1a355cb24168ecd4c85a4b33d6c256d29d966ba5

SHA256
c104158aafd06a64494bc04caa5cfaebfebaca0e686e2193c251982c36f5c7f9

SHA512
296cd91d3a57591fac4477b10a5902db1f8bfa20e827e7544aafb2fbb4dd7dbde3e845c13dc44011e2200ecccc35cf0ea7c5d1a621ac04c5d36c69db69356ecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
24KB

MD5
580bbaa709d658a20ce45aafb6bb53c5

SHA1
22db9e57b438f4ef48156217a013f4bdc7e936cb

SHA256
c38be13b014c1d7c6510a78041289a51f121ba657c244eb31ba87feb1a3ca35d

SHA512
88e6e0b05b832c4ca499e59739aba76bddc52b6c0119767791e9f6d72d46adcf13957d881399b55549a6e80c67b5e2b48c6b9451724ba01055523f92c244637e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
16KB

MD5
227beece105f3589288265b3ffd7cc4b

SHA1
98f9963c4da61cd0ee8cba78ca9708a1228719d0

SHA256
4982bc61a07a6cdc7443985cf5b3034426cdf8f0ae6ca12867895b2229b95ce4

SHA512
0ac9318fe18504720fd3825481167f40cb6fe18835d7f084ce1dc9bea75ec0311efa92bd58a32c0175eaa893ede77697be3bd477eeb67c6e2639e543b5c32c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
29KB

MD5
3430607b4301113ad9394c9260eef3f0

SHA1
8c4db68b161b17e31be300e968a30ab0116b3193

SHA256
31e4d11375322cd6f94dba7338570426f2412d6c5fa670427966d45c3648098c

SHA512
e1216fe2eaaa7c1eb8679593177abcef870151a5b11e2db32a655afdabb87bb5fe9ec9b567f101894f37ed335fd4718db05bf076744111786a9dd0b19a68d0db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
36KB

MD5
3c7fb9e94be535b98d45519b8cc6b53c

SHA1
7fd4d9cd8be1aa89036455ee58279e4cf7749340

SHA256
13118d4765cf549058448b476af10c1c5c1cd8d9f3fd5e7ad68f04c750ebd7b2

SHA512
0f4b86a2f6c8a8a0bc60fee7f942fd9894b7dec7d4f090a949f61ec006b4991467dd6214a939213b4faade61af6ee030f667a4a586ec9823f4fa9462110a765d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
93KB

MD5
504275df740d2f01e35dd86454f5a93e

SHA1
c0592426565d7bbc50620407f23b63f54e8e4742

SHA256
a8f52f89a826de81a5344143108848066d6894198a8638767b257cdcbee47a2b

SHA512
3cf44a1d1265950c927fbc6e82532bee4343cdb74417338fcbd157a12b0bc6753f2af5296a27d5c3c8f03e793b4aca331febb26a96ebd207e3d99e1cb3f28d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
Filesize
197KB

MD5
5e28e72b443ded036a4cf369d0dda3bf

SHA1
0500de4480a54243b12d096745c6ba04c9479e66

SHA256
15fc7a054efbb9f76d937448fbb4814d7b3f25a6d137e24c1a69e32947eae71e

SHA512
7d17a5248e54e4dda8fd17a4d662edbb274629161a1e25b3b7f7f5112541663a5040788177268c53b2c78bc7e6d2204ccfb342d93c2ceec0a12d8a41788c088b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\27bde39688be4b89_0
Filesize
218B

MD5
7d477f6eccfbd43c9e59e156e84a33be

SHA1
6ce8b817d5be6d09867406fcdc46958a7742e96d

SHA256
1957493209649de50ce63bbda034edfbe1508cc9b04cd58a6ec48ccb32e0b77a

SHA512
7dac1c7d320ebaf8912e7a23377e5e9f6be7c1be47e8862f3265350b66443a5a9f8d641ce50071dd467246261f0dad4a9352bd90d46f010ceafc028881652bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\475810f4eac6ef41_0
Filesize
250B

MD5
5634e496cc0e205a0041d01498dcbaac

SHA1
793a0eaa04da4f817e10a89f5778ac1937295d2b

SHA256
c03a0c7fe42958b4f6da58ffb0908f9167e6ee6b50d674ed3110183d05a8c8a9

SHA512
350aaad345f73cbcb7508e2c59a4282dde894b5cc6bec5456a0749ee682d87256b06d796b9423172b191873514a614750cb8d8a70574b81e0145957f8d60d99a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78cea2a0c88cc6e0_0
Filesize
249B

MD5
517e9f3ddde01589fd130596bd2cc741

SHA1
d6a7b4aaf3a16c8beca6c5d8d153c7621dcde7d2

SHA256
d8fe46144b7e6fd665adc66743da1c4b45cb24a01c42647f5849928458d13620

SHA512
7524fe8c1e0e280a8bf2e13dda2818fbdac9185789fcdffe2e2ef2ef21c89ecd1e3db924d614deb20d363c62b171cefa3b83559552d350b2fef51b95f20440d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9773f20c58506e0a_0
Filesize
243B

MD5
8771d046414d3851f2437eea5d354b57

SHA1
ab1113e97308e2613a8d96ec34ee8c8da0f79b34

SHA256
797b9ac09481d1f4d79bdf27f1670eb5f109fcc949e02dcc1feae3688494230f

SHA512
98abc862c2e5f359bd4d4c94c94541c0d1fe0fe22a408498d1386ad55881d670ca9eea39988d7e38e6d190695565bac31a050fc8a8f5e309fed28a3cf9dde9d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da772de914cf5758_0
Filesize
254B

MD5
739cd21e0b8cd88b52353b9ee743ecd3

SHA1
e958a4a1366c40d9effd73f17c6f80415d93e955

SHA256
632632ecc9dbdc61f654120346b7d54ba61afb6d1f29fdfa504194278b9b7150

SHA512
1f72e9168d2a8319a016959444ebb4139eba5555d9a0eb9f8780251038b73e3ca62905ffd5981e1c39ac1005e5799d84796a5f9867e536b47f52e663f81c1f1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f6d1cce482e7562b_0
Filesize
243B

MD5
bedc91838ef2d7456ce9481bcdcee5e2

SHA1
98e32a486ca76816498e3cf1f5cdbe2a5f4de54e

SHA256
9f69f0f6e4c6d89bf8fc400c7b5c18d855dcbaf58e8296feaf727a6297454da9

SHA512
999f5ce7e4e359c78e7327311df5fedb46068f4ff2d4a564764aa63946d708815787c9f517514a413754c41e9f1fc5fe9052741a6492edbb1417c9ac1f86ed3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
af34d4e8adaf515d9d6a5114b5c7ed89

SHA1
81cac7ba9267745b8fc098780db71f7dcd1772e2

SHA256
fa03a97663d8bfc06e01d1776623fb8862708b219f680ca59c435a3f8cc1a813

SHA512
5c1d3876e9e6bc0aa70a3d6ae1fd2c8b0b4848ace17d25b7c45e1cadd09b53bfac4cde10cdfa1c5a37c9d665ed76a8fe702815bdecbb101d29b79723a10d47f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
504B

MD5
ec69c1064a56fa559c5a290b122e6eb5

SHA1
b3c0991a2bec6ed5bab13b894688409bce621da5

SHA256
7e7ffca7da5caec8585be87c639df9c3fbe4ded3cd4192d35dee340fe5b9b7c2

SHA512
bb3d3fa176f440ff18000ad9875cdcaa59deb8bf15a6f50ced16a37d521d7463f3430d7148f5c81c1c87053b4e7e4b1911900df6dcfa0bd21468d4b3563555ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
11c746e0539e43d43d663bc24857071b

SHA1
03a8fa65a70c5643a72b3d43dc083ee46d63a87b

SHA256
9120213188ca837b732ae14973a1d9afbc425971562211e7cc633ea08cc4046c

SHA512
a4c61382b575485bdef8aef6dd8a193c7ce70f06dcca15906ec6378e1df966d365d50da074876359dce7879afa86caefb242f3d7960cd57e15b0b907b39e5237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
504B

MD5
525ba723c48dfa2cbb967ffc59ee92e3

SHA1
b0c12571f8fd699798ff736d53a39302b531c9c8

SHA256
6d97a0ee8013d4be9ed4d2c6f541ed1acf22d10aa79b63863ef4905407baa01a

SHA512
a5d1d4d953d08243c23406df22ef8347b608ca7cae6cf43f36b774ee8c587b7d2ec6b2ac13badcef32ae3ee985a9e7467bc4953a3ee880fb9c6d3154f4638c49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
8a43e0cc42c817e442e1f31ac3b4e98d

SHA1
77f998a8e3b30121aea4d0bc5f1e6e05447f673e

SHA256
9005d4142c33fbe9be5e65cb178d662f356f5075960da53448e494048ef6ecde

SHA512
e324da09e97057b1c6c982395daba90965a72eaafbcced19f7014f8ec73d9ae793aeb95612fafc80dc777312fd66e34e01f8c7378030a033ac6548be64ea03b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
319B

MD5
8b07ede1681f34c0874ed3bff4c350da

SHA1
b33bf5f4ac5b58ca1c7fdb39a14bb7244189f6a0

SHA256
f5bd7f1831ba55988a8416116dc4ab5fdb9a006ab91f6b16a10061c3164abeb2

SHA512
c88c95c51bac3bec34e5d6c2cad9de17a949525f546c9b0139907b209da063f3cacbdbfaf93dba426d8a781a0a388fab22a6abff200ece01a319749fb4836a92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
bb5804ec6700c87489d6fb4df92066d9

SHA1
744fe6b18a5f1f27a93c86bad04135f8191325da

SHA256
fe0ed405acc7f4d6747b2ed016f8f0a41d3a5aab6821e1dacd3d977b2468e3c6

SHA512
0982666bd302fd53d1c5767aa6d29c0bbcaf630ebfc2830344c552a094e828eb99c5f1d3f3142176fc5f46957a11dc0c1e72b6217ba9adbcbba09877a0502cbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
885B

MD5
3d22d6169738ceb09ff6464f165f3a7e

SHA1
2ed3eaae654a5b929545da85be84d1eb93c663e3

SHA256
a313434e52060a0da45a72d7b71da4ae78ae5578cd1fd33c0c40c7854300ed07

SHA512
f33fe0a3c0b981d49a7da1bf5363205b4fac75e196cc4a43a6f495cc97eaf05f5efa1f0076a9fcff5e4f06035fbb04bf818de8ef2ebfca63da2f1a423b0adb85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
Filesize
28KB

MD5
db9a957cad5ebe0cf8d61d544f4f7a04

SHA1
22a2d1d83b013dcb51ded7633ab31c0863c3a122

SHA256
196b66c91d856412a1f7894deded9c12a9ee45325d43f866a3066cfb8ae5bd27

SHA512
83bad260fb8f50a4091f0b85aa3470eedc85b30d4bb6e1cf634b7790c868d2840a825b73c83a67d2d1fbd3a700acb6a4400cddd9e1b568b8dc0b9bc6db99a114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
70210c1c697823775083a05362a6c261

SHA1
71266e807f5f3ed98752064091f99323e7a92c7b

SHA256
6032c70caaf709e036aee01b647056fa121fc7767fb73c87fe40b7c78462cb7a

SHA512
4409f667f2f4e43b5854c30c1bc4c18a43b948a84cba848b4d07b8c46b6af3253bcc49b6b3f555802bb5f39c0483e691178b8c1b8502619003734dd478fe485e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
bee0591664252cf159c78aee636adaef

SHA1
9322fd949b7368902e3a34d6519541aae003390b

SHA256
dd0a3022a75acb2eb8859da81012127036b40911f09eadf5d92adf4c651affe7

SHA512
595d38138f24928ab0aea5837cf762c62a168d436fb5dfbd8ea5bab0fa1b00b0b4824f78806e63d196d42d37b04049733a8c7051c5ca346616e8494294618fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
649B

MD5
3396f0f0159b517a86f01189a63f811e

SHA1
a995d5ca3dba50d0439f1114f1841386cac1e77a

SHA256
36550344e8a8020d8bb0bd14f200d1a8df63ebfb249d5bd0864bb055a5afe0d6

SHA512
6030a5841841bac6af61e46354d80096902265435b735dd50dc2b2b0d682a3f2ee5077a817d9fe70a1315180e2296e5623c52d61045c9981e6a7a711674f36f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
4ffa662848567f5055394ffa71e9e215

SHA1
2b5ce7d0496760ec727df101f7134f98dc382b6d

SHA256
b54d2941ec7ffed08031a0ccb2a6953d7bff1f3c9007370294621cde197fa90f

SHA512
6f22b6c8319be0c7828224b336ef68103ee6ca932a7559c70bf2ce76cdba2541fa131fb232e58cb4cc32fdde3e3a2a2d5322adbcd56688bbd26cdee76e87a118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8089fd9d25e1185f3b84647b87af710d

SHA1
f8585bdb6660322bc2960e9772df33debbca605b

SHA256
1d91fba5ca72ee23d870c8217b39a58a6d87a59b1421e6ffe87b3953bd47e90b

SHA512
251f1f62f2981eb5765a96aac6a50c6915d74a2472ad4004757c834053e39c1d37ff8ade7691f8d2cd8b3b76b02548f48b7f978528eb702e25d69b9e5862c0f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
94544c84ac0f28fcbf910e0b22bb4080

SHA1
47ba98ec1dd11973cf6a8e66598497f2395b505e

SHA256
58186e6eacd9de90ed7f60193f7a8b237afb5291791d1d94c9808da675cdc1ef

SHA512
fd6dca64b8917c364d22aa02ca43392eb702cb9e36faf0a0441cf0eac4f19e1bff946bb99190aefd5bcc2d91d5235ba3ee32b9859fb3d4ebbb473dcdca177a5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
57cf92b8eb344862c6279fbb5d057446

SHA1
98238ed8c271ea66ee383bac897aa0089d16648f

SHA256
7ee38a850c34ac452e577b9e8ac58bf9e279e02d18ae77206cd40150df6b5278

SHA512
2d909ea313c4b6a6b157e3fa6a5c395d167afe18394894f90502a7b5212505c5cef0f8c15aed252eedd1af776c9e045eae96fb75813feb75a47137a5643c2cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
de390442f7d7eaf610aa0c3ff6470f34

SHA1
face36eb2e8936f5e7821d6a054a989b6ee2ba25

SHA256
c5b16987da56fd1f72768048c9b272c7fe8f9f933100e0d920202277d030c54b

SHA512
bab801030a10e6dab681b37c7c0d710ec8bc65bdf9bf813cdfa6951241e4d53690fa00d962452b153d3928e4ed4658f2e5786c49d4fa5c65835fb342aab51e87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
20c5c477ebb2e2d0d3c53e80b99829cc

SHA1
5fa1e55f9a037e1a2c96f3234d7fffaa2ef797dd

SHA256
6b3d7b730d17ebfa51d6df3bfaac4e714b288a3fd06a07c340ea1397f64408da

SHA512
800e264da80bf14bf2286e5a47860f6c820a7369dc8d82da21eafa4f0832aeae9b63c02b7f0b84d4a6913b9fb1efb4bc98448fc3e2adc928bdb425c273f75bbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
7398c881562089d5a3ebdf09d834ee4a

SHA1
0cf59430fedcd143aa1311a45474239a3dcee0b0

SHA256
ccac51315c5c79a5825831aa8fbf379b4fb4197419cdfa82190b2223d9dab19f

SHA512
10c3d58e6033087a96ef6cc2d5c650c459efbed8cfb7b580276770c462f17ce286d74083add41fee717e4c556cef1f091a59987941b497958c532e6f71872306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
b854dbca88c3b623b41d58140ce543cd

SHA1
a5f9797a728f2bbf32835b97d4678d0915bedd17

SHA256
d39f790ba5915ab3beb78790aabde81c395ddd87507a86825575acebd5eb249a

SHA512
51fdf3bad09783b2855f0301369eaf7d56407104d7b1d883ee5cb3794b862b8cb67e68672b742f76bae25131a491cd097b3d7e32ac504fa05ded24c96ed05ed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
34a30776fd97512bf8de2fc91635433c

SHA1
c027f2e4d13dfb338d427490078fcdb7a47b57fd

SHA256
c24869cb748ee7e1a3be2e05144a812523755b97880e03a55c6a214f0fa57a63

SHA512
3153e9cb7da32debfc25f2303396403d37d91c38605309603806029624044ca9ba8baf68d532cc03d73cb015221d9ee7e6d814c7e46fb26f23dfebc8ff6180a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
319B

MD5
556a3da4d03e2276dc35997763961178

SHA1
0a8f3b03b56e96801224afbb65dc42c6ad40caa9

SHA256
4517d09d64f0e9873c4aa7edbf8d1184eef071bf3c81a15c1da005215055b4af

SHA512
4b12141c51ed582146a7680058f0d0ca0e55f4d2e82e8627096a9c823dc10854a1d616ba5632948029ab45fcf2ea7fcdd267bbc87405c38f4ec096f4ee902e48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13355577314852917
Filesize
3KB

MD5
7d107df8d9f959be0a7c79675c0c77d4

SHA1
258cfe9edb353672ab0cd0112547638201ead1d1

SHA256
c82653a3fcd9d1abf3c916c1573e2c2c8109363d9bba6c10c5549d2f76c416a9

SHA512
e59b45cd7c40a05000c01f886c11f31b1a3e474a5fb547d0a6c8a1f27349c9ef50d0f0274098ea298d3929a76993c14376954df79ac465c70573335447581412

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
a66f98bb096fbdeb1290d8d74af9ec97

SHA1
74296d8141154d19192d6ad7ee2b03e8d1f2fcf1

SHA256
eec77a174009369612ea477b480c6850fb28397cf549214c8dfed63f39d02e6b

SHA512
33cf3594871844a33f7c500794c14cc7557af6e327d80c4b3f8c1b364bce1c0234e37b063aae951b3e65fa647ea4239fe0564e405e075d5fe6d8e20ef1f9417b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
028861888926c8c9f60b767f09b187fb

SHA1
6e5c8fb94ce654bba8a9caa63c7bb9f44c3c9537

SHA256
0e7b9e6d313c7c05e882ff7840a8fb2b225799c48adf5c3f1a9405f7c6f627ac

SHA512
00454db5477cec4335245c5db22cb2d1ec93f016da04e09fffda33395db72a91f8d6fd0d63ff5628551db86f1197ea053f2b7a5260ef2a3df75269d536efcf03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
539B

MD5
f76132e7e3d65f26ad865220124d14ce

SHA1
e0be5c2e86f9882d3184f4fb00e87e636c87750c

SHA256
a663453c4b107013dfb433b2b5b2d5c1f7c038a07bcf021726a42e7ef766d7a8

SHA512
5ffc231981f369ac4d8e04f804a9703d279b527c16bd89d6153b73a038cbe0a3904a7a073efbd178041dbb3cbf94a7b595ea696c83adb649fa366cc60dcdbeec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
707B

MD5
54ee34979013ae08e2c7a916aaab24bd

SHA1
f28f1e1874b23bead7ea93c675881eaf14b30a2a

SHA256
9d22673b17f898d77b409dc1dae703dd5ae1a32e2e9f48e6a4f955b4a943eb06

SHA512
baf61b7da7bfa73b5fb20b5e19cddf5a80be42420702bd1ce41fbb139a995db791e03a87bb8d7885d165636804a3a18fea606bbeb1d35fbbb68d1d3f42a48e28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
539B

MD5
ebf3afb74122653440c458e2213a0439

SHA1
d7f316881da3970a42911c1f92a675d3f5ca85a9

SHA256
01a3749420d703443165d53868c15cce8361061db89e6be96794622aa37e0552

SHA512
58bf354163a7cc93f6b89921dfe3e132ee2bcf5c2a746c1df02e234819ed4c34c4729a46d5c373ef6e593771f47ef24135e4ec6e1c257d60b8f9d5dcefe9cf6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
539B

MD5
4367a57a9c4d6b4df0374576de35e7da

SHA1
30d3f8616d00c809cbf26aa0a7e06c231c60f306

SHA256
85804a58d8eb0ad9f88d54d1ccf3b3752939026506d764fe46e5723162a4d063

SHA512
ce4f537578d121f0e324d780aed531498f15b1c24a1e62d3faf361ba5fdfb62b1f676a03d1a550bc8517b4cdc2db1c2db64ba54d998b015fa586b65ea227a843

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
203B

MD5
687c06f33d418126a8f9bdb70c4e4462

SHA1
a074f32cafa266c215384df4e0961a9abc6e9e2f

SHA256
158b6e8e71bfaed363b5a73d0337a381c911bf59fbf39d3dddce513d94836ff4

SHA512
c0ac5103e426039da45495ebb6b414e0c74cd481c2a30e745a0cce7569e4275b591091ac4087bf7401094d6b5c50baed0f9318c4ed42d3b6627b45807123b685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
e5504a308e11a49f6e5443e73615ce34

SHA1
b474032998954d28667c1cbe094fadcddb22af77

SHA256
2ba141cd962a0a1533a2f708ff61587beccc25e84ee6236c955252de3e03ef0c

SHA512
eafa6df454056b6ad043136aebedf2409bdf52a4d590ed3ac239f7feab2205c4f7fe2ae93e533d4443589144db4e63a700711c27e6a14585ab127d01edb35ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
Filesize
128KB

MD5
46d55e01684d2867575a474b0bd5ea83

SHA1
38748dde060976588cdfc6b4f8051550b0ff2f96

SHA256
98bd87b108f733a909c41b17313401ced899d33ea3bc7d629fb8a4014dee7310

SHA512
47d13c42fae98cae751610fd92daafe4d17493beaaf4cd070046c292a6ad984534b89dd5fdee64f947728370104ed10bb01abe69771f4e6929b7ccd4ddbd1f40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
319B

MD5
bc14517f5a4159735f398448ef653272

SHA1
3353a6ce4886c69eaf7e7fe02e3a3204341b957b

SHA256
4419fc42fbe309d2049c3a5bf2cf992cebd0e37bdf4c129df5457c13ed4592f9

SHA512
975b53820cab43f07823f4606be6499aedae415050a103209243d823447105f4926d8ed54e67b731112a2ba7bb36d692dcc45269378155422909abbf1bdc0834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
594B

MD5
b7e624cf8f33fc361868f84484a0fdff

SHA1
32b710431685c1ffc2df5e640097451646f68716

SHA256
42aa866c7520765fa2f3e555ec52df01aa36615c27eb688d28cb586328816990

SHA512
006a61cc12ca89a357ba32e62cf89e62630d9a4e981844047778b185ff1d4f97a6aab72cbd6b4352fb59f0b22ae5b060898b546bce4d476524c0ed1f557b04fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
337B

MD5
b60cb7a9887cee6bd539937b078a0a7f

SHA1
6076b402c8de29a9b51c2011cd8dfc24539a5cd8

SHA256
dc709f6ae1007179151b59d277b16755633b2397efa34fcf99488e678cf8cb31

SHA512
9afadf69c11476f49ba486a6841a07b8772b1dd258b4a71079f4265df6d6db56ae03ef61f70809cbd02264b742bcbfc809b20d8600b782f4de3ef50850659a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
61bffae93f15635ce7c08897fd50b9d5

SHA1
f68aa00cd97525d092bd62932262b6fca4798f87

SHA256
f606d46e18271ca740a22697c4428022cf53100a6e0ad2b5ae9cf0dba3563d3c

SHA512
6c5cfa982a18de08b2c43177cb67856797fd382ad932bfad36de7b54586116926b47e4c7bbf5666960e895b987a83410360b7e30b2c1d2e293cc86760db52542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
47c2e3c0db090d49d3687f2288d00e67

SHA1
794485d4d583b1aebe7ef9701bea06b8419b400d

SHA256
989d592aa3c4e1b2fe55d5e31042ed44c8dd2c4b69f68ef4deefd91a4369cfbf

SHA512
2df65186b720c228e53447cddff1328681bab57f604e485a4d3c055542b530cb5a19930f45933172018b11b1129782cff022a4ee2ce0587d2f00a878969f8d30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
Filesize
4.0MB

MD5
76748967096159d5d7451ca1a2fa55a7

SHA1
1927d8673d40705d0e146c1284a68d2862d125ba

SHA256
301ab564f7e60a452d75effc79d157356afd4a5b07bc1571f867b0364dbc4318

SHA512
247556bdc4dc540504108578889f8dde93b65b3d77c0172bee3f007bc5e5e73030e615b397c1cf9a16b061d2ec6fd7b2c62d6675f2fcd626acae78f73ad2ba95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
8975d6b856684a9a80151b7a9c4982e8

SHA1
a41cb1bd764f1fbfbfc70349135f812d1e1d1c11

SHA256
6240b3ca4f7a9a70f2d690696fda5cba2107b12f82183d0a4c4ce237ddb82c23

SHA512
b15d47db2a6004d64df02689bc7e6817f9f23a39475c9073bd7c560b3949f70b99895adeddeda52ebb481fecb2319c27c721977a76362d092884ee046ed9345c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
036a4d9bd4b39364c5a0d6bfb359086d

SHA1
8f86a90b3d2735a008b8aaf64738cc4aa3aa21a7

SHA256
2a9996bc1e39bac70141c58e0293a9e39695f546bcdaabf045aa33b62b669aad

SHA512
f9a881f64452217852ae2a24836b909d9617b197204a295e25b81885fa0579f13f3f08b11f6e47bf3916bd0f4dfab465dc4441c200c319ca0e0954d4ff18a934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
1a31e063ee26bf7bd91154047ccbe1a6

SHA1
c8252120dab16657866555a4bb8ed501fe589126

SHA256
32fbc56cf4e9c7ab0e18a3c78d4573082b67e657394fd005877a45d15f8f769a

SHA512
f66be502c6b1009d887bbc13e0d546c9ef513c138f8787b32852c75bf11cdf0caa27586a7348476e888444e1e2648e4ef62a4aa73b3574af0d838c093285ed36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize
4KB

MD5
cb2cd5ef4ee9118e7764326583d17a09

SHA1
838c0cf78ce4fe7800d3788128a1f97b3c5cfbd4

SHA256
dd7847002c68076eb857359ea525e416b0068f99ee2f504ca51b29493dd36c61

SHA512
27669f51ea49f99408de0ffd0305bd271fac262e9873a49151a20fcdf44930a1761f2c5817ca8a47eeaaf9ddd6b0263c0c54f3125a54976172f227465fa57498

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-E1LMR.tmp\FlixGrab.tmp
Filesize
2.7MB

MD5
fff398cbd18aa9ba4aec4cb5f024b1e5

SHA1
3bde3f4a72e72c64752b6548174456984462ef29

SHA256
fd2827c9fff27fac9b1826544d3b0835795c41560a9d1af56dd764636a9c276c

SHA512
5c9d14184126e792482971ad40d772b9bf92416a07a56e747a217ff061361c5de1668831883c9d3a18714665a1e196244f53074c291d63df28e2ef2e2ef1931a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-H28NT.tmp\FlixGrab.tmp
Filesize
3.4MB

MD5
3eab4a4bc4b893805806c9edb6bab9f9

SHA1
1cfe1a478e2168150c256dce1826dd9db083f04a

SHA256
e332511ac0e7a35540a676567814d2c8ce47cb2e596a6af9d02fd2e01fa414bf

SHA512
4fe9818e5ef3852a378deae1a3c0aa1ab4bb2996e8a899883215c4f9da7a124962332dbdd02969aa5b762012916cd464335f9ac5fae1382607360ef8635a797d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IEK80.tmp\FlixGrab.tmp
Filesize
1.8MB

MD5
aea96603531482930e58328ad12ce44c

SHA1
eef0d6d5012c71ff9dd5c88bbfd955c2b7b340a4

SHA256
72f0c67920983ee221b0d8e35e98348bc42bda6d3e56a4fed16b6c2b18d12e9f

SHA512
1a4952909bcfbca8ed73fd043f3064b51c2424b7e78c4ea41ae9ed25518687829728b568b033d6d0d83dc33063999ed8f51437b6a8fa5749e063edd33c70b879

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IEK80.tmp\FlixGrab.tmp
Filesize
1.8MB

MD5
41b9d422f54aa81b235be2bc1c5ea4ef

SHA1
a39a41b216aa4821fa7fc638ea21e2231a2f1203

SHA256
f4b45bafdbff40b6e6188b8caf6ec4014a55ffb9502a592e2c170375d01662ce

SHA512
b03da68976b763aadd7337a2d7f01fb684ff79123e5d02950f4f0dcabfc9692314ee3e39cfb51fce92f948a6e99cdb82f348e8980d236b6e3ddbc9641f6fc88f

Download Submit
C:\Users\Admin\AppData\Roaming\FreeGrabApp\common.ini
Filesize
57B

MD5
682268c3144f1e6b2cc93d9651d8c12f

SHA1
b472133c02d5805904f5e103514c4ab062676032

SHA256
7b8fbc8a7cf6a46b066baac2c60d2989b8a9578f1ba66cda68447ef6f1329cfd

SHA512
f5d1748fdac0c62e25d14529b2a0cfa996286ffa70aaed242258f249819d81b667b63d1d8b495c4a4eb3b41cf11df43d3043d6c975fdadd19926ae4fc74e21b1

Download Submit
C:\Users\Admin\file\FlixGrab.exe
Filesize
1.9MB

MD5
8d09646d86d6a3a492c023c57dc38f41

SHA1
3f61c1045ab1fee07929f62e371e9331c8d1deba

SHA256
c80c8ee94c2a8366dbc8b66b7f9fab577e733ccc9c074a28482ec80e8c8091f9

SHA512
d19b43be5d6ed7b4cc494c8d10a287565917e81e559e93315e5666027ea39fb2881ca9d7fe72cb93b239f9a914181341cd210fd058e593c59ae8b29084a9c4a1

Download Submit
C:\Users\Admin\file\FlixGrab.exe
Filesize
1.9MB

MD5
579b2cbeff4ecaece0a0688e57a2c7be

SHA1
81467795e2c9859b71f5768d780a2fea01cfd68c

SHA256
ffd460251e8a89d6c415e591ec9e18e43133c74a1e5471a6e9f665081c74862b

SHA512
cff61632ffbe4a163387a4c8ecc6713200f8063d33c99aa943d600c3a20bac4d7694f55f1be4460e6dde96a308a3f711cbab1ff6ff4a8753535c8a6298151132

Download Submit
C:\Users\Admin\file\FlixGrab.exe
Filesize
3.5MB

MD5
8a9c5f568047a2e7b94902d00c77d301

SHA1
472b1da9b3c4d513527a8c9d4a6fd67a609d3f86

SHA256
85318363712cab09a5412e37636a496ef9a49c003da7ff61d5bc3ba8c1c71887

SHA512
5e63a77876b7c975be6afad73a8b9e69e0fc95b45b6c260c0f0ad50b3582fd10ea8ffc3211fe98ca14d377ab24bdc5daa352cf9ce5bf61af510af35eb275a292

Download Submit
C:\Users\Admin\file\activator.exe
Filesize
6.1MB

MD5
de15ecf83789971c964926bf56aba2ad

SHA1
f05636ced4bf8e843d077479275baeb976918edb

SHA256
524343948a0c04db46ce2f9c23b9605a442e7d54931c3f03002f85541012b2fa

SHA512
f3b31fe5ed0a3405b0b90e393c3e7e66985d9bc08d5e2aa5f17f1cdc5db841fa867e1e78ea94494425e78ca257196acdcf319b75380e98d4cb58ed27db079acd

Download Submit
C:\Users\Admin\file\activator.exe
Filesize
5.8MB

MD5
8018c49ba84118149015bd7275822eef

SHA1
b087e6bab4dfda15ffcc1a193c4c5c81f5a01937

SHA256
ac663c3dfbeb97f1c61138f4aae014b074accd9f493b227321a9c94ed9007b60

SHA512
7d2e66334e652e62be9481e33b40c9868ccc441843d3503c8efb09aa3fcf0ed0ff9588846a93c96bb752e0524820465ff4e40e89bdf6e67715d2601ea0489077

Download Submit
\??\pipe\LOCAL\crashpad_4308_NWHWKBXHVBJZPFRD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/464-8-0x00007FF7660B0000-0x00007FF767C60000-memory.dmp

Filesize
27.7MB

Download
memory/464-9-0x00007FF7660B0000-0x00007FF767C60000-memory.dmp

Filesize
27.7MB

Download
memory/3176-440-0x00007FF7660B0000-0x00007FF767C60000-memory.dmp

Filesize
27.7MB

Download
memory/3176-464-0x00007FF7660B0000-0x00007FF767C60000-memory.dmp

Filesize
27.7MB

Download
memory/4476-23-0x0000000000400000-0x000000000076C000-memory.dmp

Filesize
3.4MB

Download
memory/4476-19-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/4872-12-0x0000000000400000-0x0000000000532000-memory.dmp

Filesize
1.2MB

Download
memory/4872-22-0x0000000000400000-0x0000000000532000-memory.dmp

Filesize
1.2MB

Download
memory/4872-14-0x0000000000400000-0x0000000000532000-memory.dmp

Filesize
1.2MB

Download
memory/5204-403-0x0000000000400000-0x000000000076C000-memory.dmp

Filesize
3.4MB

Download
memory/5204-400-0x0000000000880000-0x0000000000881000-memory.dmp

Filesize
4KB

Download
memory/5444-395-0x0000000000400000-0x0000000000532000-memory.dmp

Filesize
1.2MB

Download
memory/5444-402-0x0000000000400000-0x0000000000532000-memory.dmp

Filesize
1.2MB

Download
memory/5444-397-0x0000000000400000-0x0000000000532000-memory.dmp

Filesize
1.2MB

Download
memory/6052-166-0x0000000000400000-0x0000000000532000-memory.dmp

Filesize
1.2MB

Download
memory/6052-174-0x0000000000400000-0x0000000000532000-memory.dmp

Filesize
1.2MB

Download
memory/6096-171-0x0000000000DD0000-0x0000000000DD1000-memory.dmp

Filesize
4KB

Download
memory/6096-175-0x0000000000400000-0x000000000076C000-memory.dmp

Filesize
3.4MB

Download