1e022d3886700317e5c41977de8fd595db5fbb3529164048ed09ee7efdb5711d

Analysis

max time kernel
70s
max time network
74s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
01/10/2023, 08:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fluxus V7.exe
Size

3.9MB
MD5

b4f9cbca656fd34c4dbb1d706a7f1ad3
SHA1

2b95d88a80ccb619b581c420f7435c660cfbb28e
SHA256

1e022d3886700317e5c41977de8fd595db5fbb3529164048ed09ee7efdb5711d
SHA512

5ed86eaf8ae42d9a8f0dca9776e25b3c2232434b32088df7feaa8149886594f1d4b1e37c597597eacebdb4082e0263441a6b78def5eef2ad610a6875c28fe969
SSDEEP

49152:UgLIR9JyCns59qfuce05XlWycazyClY1YH8PnGpv80tbvvqVUcH:UgLIRfyC7egWJa3lY1U82kmvvoUc

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000\Control Panel\International\Geo\Nation	Fluxus V7.exe

Executes dropped EXE 1 IoCs

pid	Process
4696	Fluxus V7.exe

Loads dropped DLL 1 IoCs

pid	Process
4696	Fluxus V7.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	Fluxus V7.exe
File opened (read-only)	\??\I:	Fluxus V7.exe
File opened (read-only)	\??\L:	Fluxus V7.exe
File opened (read-only)	\??\S:	Fluxus V7.exe
File opened (read-only)	\??\A:	Fluxus V7.exe
File opened (read-only)	\??\J:	Fluxus V7.exe
File opened (read-only)	\??\V:	Fluxus V7.exe
File opened (read-only)	\??\Y:	Fluxus V7.exe
File opened (read-only)	\??\H:	Fluxus V7.exe
File opened (read-only)	\??\K:	Fluxus V7.exe
File opened (read-only)	\??\N:	Fluxus V7.exe
File opened (read-only)	\??\U:	Fluxus V7.exe
File opened (read-only)	\??\Q:	Fluxus V7.exe
File opened (read-only)	\??\R:	Fluxus V7.exe
File opened (read-only)	\??\T:	Fluxus V7.exe
File opened (read-only)	\??\B:	Fluxus V7.exe
File opened (read-only)	\??\E:	Fluxus V7.exe
File opened (read-only)	\??\M:	Fluxus V7.exe
File opened (read-only)	\??\O:	Fluxus V7.exe
File opened (read-only)	\??\P:	Fluxus V7.exe
File opened (read-only)	\??\W:	Fluxus V7.exe
File opened (read-only)	\??\X:	Fluxus V7.exe
File opened (read-only)	\??\Z:	Fluxus V7.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Fluxus V7.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Fluxus V7.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 72ca94fe3df4d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d5150e023ef4d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2544fdf83df4d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Pack = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 53b4bffe3df4d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 985d94f83df4d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Fluxus V7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	Fluxus V7.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Fluxus V7.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3272	Fluxus V7.exe
3272	Fluxus V7.exe
3272	Fluxus V7.exe
4696	Fluxus V7.exe
4696	Fluxus V7.exe
4696	Fluxus V7.exe

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
1512	MicrosoftEdgeCP.exe
1512	MicrosoftEdgeCP.exe
1512	MicrosoftEdgeCP.exe
1512	MicrosoftEdgeCP.exe
1512	MicrosoftEdgeCP.exe
1512	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeDebugPrivilege	3272	Fluxus V7.exe
Token: SeDebugPrivilege	4696	Fluxus V7.exe
Token: SeShutdownPrivilege	4696	Fluxus V7.exe
Token: SeCreatePagefilePrivilege	4696	Fluxus V7.exe
Token: SeDebugPrivilege	4376	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4376	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4376	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4376	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1740	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1740	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	800	MicrosoftEdge.exe
Token: SeDebugPrivilege	800	MicrosoftEdge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
800	MicrosoftEdge.exe
1512	MicrosoftEdgeCP.exe
4376	MicrosoftEdgeCP.exe
1512	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3272 wrote to memory of 4696	3272	Fluxus V7.exe	70
PID 3272 wrote to memory of 4696	3272	Fluxus V7.exe	70
PID 3272 wrote to memory of 4696	3272	Fluxus V7.exe	70
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 4672	1512	MicrosoftEdgeCP.exe	76
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79
PID 1512 wrote to memory of 3628	1512	MicrosoftEdgeCP.exe	79

C:\Users\Admin\AppData\Local\Temp\Fluxus V7.exe
"C:\Users\Admin\AppData\Local\Temp\Fluxus V7.exe"
1⤵
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3272
- C:\Users\Admin\AppData\Local\Temp\Fluxus\Fluxus V7.exe
  "C:\Users\Admin\AppData\Local\Temp\Fluxus\Fluxus V7.exe" /C Inject.bat
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4696

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:800

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4712

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1512

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4376

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4672

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1740

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
45KB

MD5
0b5d94d20be9eecbaed3dddd04143f07

SHA1
c677d0355f4cc7301075a554adc889bce502e15a

SHA256
3c6f74219d419accdd3de0d14fa46ff290fd430eddcc5352deddd7de59b4928c

SHA512
395e5d0f28819f773b8d53363b7df73cc976124d1accce104390fdb3f5ebf57d8bb357e616910c03e1a9d67985704592640e442bd637009e32086bb1b2088916

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\45WHAWYF\challenge[2].htm

Filesize
342KB

MD5
a4325fa798ef6becdfe810e4d752c440

SHA1
83a10d06c0c7c2763c94f9780331a2d1d9d90fbe

SHA256
9cc2d9b5ca0f447c87454e3c73527a301eb5eda4b66c0c4e6f577f5b6ca2a1b5

SHA512
8c69e6c933281a293ab30d23dffa8dd09457aadc86defdeda2b4d4d48eeed597ee16637be20d35d899df484d441e33ba03b850a67961d6fdb5460d7620bb2950

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\45WHAWYF\css2[2].css

Filesize
716B

MD5
2a7f584ed43e7073e39cd63451d079e1

SHA1
6963da55c305b3bff79a95fdf299fcb113665d31

SHA256
a51b56b7a9dd18f9371dcd9ae13758336d88144417ceb12ef8eccdbc2546f568

SHA512
1eeeef7967ac42817bb7848e95bea210767fee343394ad7865437975f91d0a019518925c0ad5acdf9668a66c2f437123833ad0ffbb7ce615a75a80f9ec1314fe

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8GQWYY60\Poppins-255d561d62b2019af045055ecea1b342746a57e564b2a0c477e27807d483c0fb7c00a681ddbf06dbb0aa375d5cfa0c7d91e9a3ed1352375ca40d28b756248f5[1].woff2

Filesize
50KB

MD5
5666785088e8a75f62ecbde341e86323

SHA1
ad982693d6da14a5171f2c9effa9189b2b49f482

SHA256
64dde3c4628776eae8ef19a7132532371ddc2eb02e6e293325b14820cb8813e8

SHA512
84126dd327417afa0c6fbd45160f016e4e85d4532deff955a5433ca0e25acc8045f85c1365b1a747a6e86630b0dc178c291295a2ecb2bc35cd74f86c33aee8e2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF0EC0D8C89C00175C.TMP

Filesize
24KB

MD5
d3cdb7663712ddb6ef5056c72fe69e86

SHA1
f08bf69934fb2b9ca0aba287c96abe145a69366c

SHA256
3e8c2095986b262ac8fccfabda2d021fc0d3504275e83cffe1f0a333f9efbe15

SHA512
c0acd65db7098a55dae0730eb1dcd8aa94e95a71f39dd40b087be0b06afc5d1bb310f555781853b5a78a8803dba0fb44df44bd2bb14baeca29c7c7410dffc812

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\45WHAWYF\css2[2].css

Filesize
716B

MD5
2a7f584ed43e7073e39cd63451d079e1

SHA1
6963da55c305b3bff79a95fdf299fcb113665d31

SHA256
a51b56b7a9dd18f9371dcd9ae13758336d88144417ceb12ef8eccdbc2546f568

SHA512
1eeeef7967ac42817bb7848e95bea210767fee343394ad7865437975f91d0a019518925c0ad5acdf9668a66c2f437123833ad0ffbb7ce615a75a80f9ec1314fe

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8GQWYY60\Poppins-255d561d62b2019af045055ecea1b342746a57e564b2a0c477e27807d483c0fb7c00a681ddbf06dbb0aa375d5cfa0c7d91e9a3ed1352375ca40d28b756248f5[1].woff2

Filesize
50KB

MD5
5666785088e8a75f62ecbde341e86323

SHA1
ad982693d6da14a5171f2c9effa9189b2b49f482

SHA256
64dde3c4628776eae8ef19a7132532371ddc2eb02e6e293325b14820cb8813e8

SHA512
84126dd327417afa0c6fbd45160f016e4e85d4532deff955a5433ca0e25acc8045f85c1365b1a747a6e86630b0dc178c291295a2ecb2bc35cd74f86c33aee8e2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MSWN74CN\Background[1].svg

Filesize
7KB

MD5
833162ab475d570e3071d3d7a842ead6

SHA1
fabf67d118dfb12eea35d073505a39f375ac66df

SHA256
331c98cef3112777df85fba3dab26fbd29b89a5897324b97f98ebaeafede7de1

SHA512
6f1edae28cd84b91b5fa72014b0ac5f12f15ab2dd6eee61cabab7aa53885ec8507e423c0e50c1806a427768603926988dce5ec11f29a86cf27bc099b02e78f1b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
60fe01df86be2e5331b0cdbe86165686

SHA1
2a79f9713c3f192862ff80508062e64e8e0b29bd

SHA256
c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8

SHA512
ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\21CE7C7BFA208F88A7D16C35385EFE04

Filesize
503B

MD5
35e940fcd52c13cc2f65a2aa00cc7c9a

SHA1
866fac729acb1cd8e325f8fccbea8c1adbcb308a

SHA256
8e08a5de8912e6f519613f7565d9895a4a71a93183d41d472ad77c811ae63b0a

SHA512
5f2255b12422edab06b0d6e0b3e5f0a70bcacf6122f8f5f8dcfbd478329853e2e4bf9f11a5e48ae12548e7e943429330765d5291b5e860c70c08a5a8f0b1c3cd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\51E90E8AC5A3699C401049C353FDC8AA

Filesize
503B

MD5
9e70f7fc7a282f7f1f59c6c1aa63ff55

SHA1
031ec6912c6d40f28e6c33f671b2180b36b00edc

SHA256
16aec5d9b2f82d24357232c9beec61bc3fbb98c586fde7a5b24dabc1c072cc20

SHA512
ea98c72e5ebebc5fdc588b0e7a60e4d62d6dade9229fa62729eaba9ae04e1077210249490182c6ccb6b399f9f6178486ba48daf6a551ed9b86d9e2d10f9d5898

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6C477416838352F36A9046F8726EE331

Filesize
503B

MD5
60ec083467680cc56b876b74dc171167

SHA1
0fb7731bb042c2e83b11aaa64cf3db492edb9979

SHA256
e6b3f54e67309b7155b80dc96b984dd346e5b783971d3242e443f26fc1f7aa11

SHA512
dbb48fa542bbb3cab388c0ae8a46fc965e7628817f8193e497b9c1f71244159932e636954ba18c9460c65f527f5098d32f477cbfe3c95dd919add9a5b8fee87b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\DB134C988B567E7BB846A85986E4ED12

Filesize
503B

MD5
a7b5daef53fdff9c2dde8a8b41454536

SHA1
f7d6460d54c8efa9738979cbb1a3224b582952b6

SHA256
6dd9784045646bbae34bce424562bda596acbb049b44e301e230be5aacf62ac7

SHA512
07743f519e642540498df75d08db7c6c96d437eef6c2a45cca8003bb10d332c27b3b5db150b0765a35b18bfc2660ddca73afb94082ced2057898b8bc5fe2ec58

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
06db581557f99bbee76cf6a7c45b4b77

SHA1
287d45284ddd84cffb3f57676bb71fb586217e55

SHA256
3ea0e51226511d746a8516f98b4ad5ca13fc17ae6954d5914f6ff58a289e7de2

SHA512
ecbcfc89c5bc5ba1bd83bc6a56438f324b0f14c9990020804e01c984a0ba04f05f4e98386f9024588c3f9b83f9389e34b34333d57b932268d08b2d295c91c231

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\21CE7C7BFA208F88A7D16C35385EFE04

Filesize
548B

MD5
3e848bfcf6f3d9b9b35a575ce9d7a552

SHA1
09e4cd882df1614d6a7d44bb43dd50850f93c789

SHA256
019f4629eb768f9cb48354b6b0f440ab6048b9a593bc727bb1476065bff382ce

SHA512
00fd6731b30dab71f237a4aa3941992c417ae0f50d599b2c69d35ea5ca70e880b470c7cbed36655e649d2d79e11c581080779adcee23125e6c37779596392f78

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\51E90E8AC5A3699C401049C353FDC8AA

Filesize
548B

MD5
4375883fde1c531d999ab963ac73fd90

SHA1
f25d264ca21027edab5308b41ccc1d68af8ae3ab

SHA256
cf25b8db593fce13e976c3823a7455761ffe9c3ffe8510246f59d94424813615

SHA512
6b486809a69a2b8dcd670c9c4ccac131eb1877fbdd41505b5f0d4fee7ba85538fb0754cf2ae82280bb016cef38b0ff9ea566d5b79572792dedb6807e7159a1f9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6C477416838352F36A9046F8726EE331

Filesize
552B

MD5
d8a2a1df135e6f32aa50729dbe2d84d4

SHA1
1b86dd8c192f3b8041a31460182bfbaac9a13608

SHA256
5d4e5fc33b4ae98899203885f7e5b132730e1a661dcce7451107025484edd594

SHA512
b647be95c40f298b77fb4e35550db98bb04f183536df3ade73ed4a4f75001d5de4ca891ed61ae8b371dc04796eb3e46cb28fb059e8e24898449f62e9b3fd81c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\DB134C988B567E7BB846A85986E4ED12

Filesize
552B

MD5
757f7a09eb0c0458e64b64528ba81a95

SHA1
fd6323c00cac2ba22b42d87a5aecc317f436a84a

SHA256
ff970cf7b2f7dda0e9b8090512dba06ef1d7921568b60490108e327d196d7d0b

SHA512
e22614dc2f1727580ca3a8c496c706d5c6d4b3afc2c8c94c87e5700def3c4ff1ff3509594393a7c7a049697a04596249bd491cc169e3c667a8decd16771ddd03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Fluxus\Fluxus V7.exe

Filesize
2.9MB

MD5
9a75daf4d0c193193b7e0ac38fde5382

SHA1
22da0286430384889f3db0f5c56c72ebb577b0b0

SHA256
5bec4cee05762294b3dfe2cc4e26ef5f33aaceb4c1f1a0bc40c595f45a321665

SHA512
5274cf52c9086f0248d3298e3b1430451f1a960588cf4e4da3f8b927338fb520232edb056043b70f38031ee397bc0074705feb4a489066f63454fcb15b544bb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Fluxus\Fluxus V7.exe

Filesize
2.9MB

MD5
9a75daf4d0c193193b7e0ac38fde5382

SHA1
22da0286430384889f3db0f5c56c72ebb577b0b0

SHA256
5bec4cee05762294b3dfe2cc4e26ef5f33aaceb4c1f1a0bc40c595f45a321665

SHA512
5274cf52c9086f0248d3298e3b1430451f1a960588cf4e4da3f8b927338fb520232edb056043b70f38031ee397bc0074705feb4a489066f63454fcb15b544bb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Fluxus\bin\FluxusAuth.dll

Filesize
4.3MB

MD5
8b7c95c980646614b4fd21414e489be7

SHA1
19c4cfeb0a5c4d2d305022bb34e817d63c6d5f25

SHA256
9f766783ca687dc5b7718350b673bc895cb9b0eb7e9185ea0b8044867c2bbbfe

SHA512
8027b1036c6ccd18b5f51e95a5ab687c65766cf63d1e619da9c91dca16dbdc68b2d85acde13955f600d0a32a914b4fdb76912e7b1c00a10327835ad6882c402a

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_iho4oxjx.qs3.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
\Users\Admin\AppData\Local\Temp\Fluxus\bin\FluxusAuth.dll

Filesize
4.3MB

MD5
8b7c95c980646614b4fd21414e489be7

SHA1
19c4cfeb0a5c4d2d305022bb34e817d63c6d5f25

SHA256
9f766783ca687dc5b7718350b673bc895cb9b0eb7e9185ea0b8044867c2bbbfe

SHA512
8027b1036c6ccd18b5f51e95a5ab687c65766cf63d1e619da9c91dca16dbdc68b2d85acde13955f600d0a32a914b4fdb76912e7b1c00a10327835ad6882c402a

Download Submit
memory/800-118-0x00000216B99B0000-0x00000216B99B2000-memory.dmp

Filesize
8KB

Download
memory/800-99-0x00000216BAF00000-0x00000216BAF10000-memory.dmp

Filesize
64KB

Download
memory/3272-79-0x00000000736A0000-0x0000000073D8E000-memory.dmp

Filesize
6.9MB

Download
memory/3272-31-0x00000000736A0000-0x0000000073D8E000-memory.dmp

Filesize
6.9MB

Download
memory/3272-32-0x00000000FE5C0000-0x00000000FE5D0000-memory.dmp

Filesize
64KB

Download
memory/3272-33-0x000000000FC20000-0x000000000FC3E000-memory.dmp

Filesize
120KB

Download
memory/3272-34-0x000000000FC50000-0x000000000FCF5000-memory.dmp

Filesize
660KB

Download
memory/3272-35-0x000000000FF40000-0x000000000FF5A000-memory.dmp

Filesize
104KB

Download
memory/3272-36-0x000000000FF30000-0x000000000FF38000-memory.dmp

Filesize
32KB

Download
memory/3272-37-0x000000000D9F0000-0x000000000D9F8000-memory.dmp

Filesize
32KB

Download
memory/3272-38-0x0000000003490000-0x00000000034A0000-memory.dmp

Filesize
64KB

Download
memory/3272-39-0x00000000FE5C0000-0x00000000FE5D0000-memory.dmp

Filesize
64KB

Download
memory/3272-41-0x000000000A360000-0x000000000A36A000-memory.dmp

Filesize
40KB

Download
memory/3272-42-0x000000000A390000-0x000000000A3A2000-memory.dmp

Filesize
72KB

Download
memory/3272-0-0x00000000736A0000-0x0000000073D8E000-memory.dmp

Filesize
6.9MB

Download
memory/3272-1-0x0000000000F70000-0x0000000001364000-memory.dmp

Filesize
4.0MB

Download
memory/3272-22-0x000000000D5B0000-0x000000000D626000-memory.dmp

Filesize
472KB

Download
memory/3272-2-0x0000000003490000-0x00000000034A0000-memory.dmp

Filesize
64KB

Download
memory/3272-3-0x0000000003490000-0x00000000034A0000-memory.dmp

Filesize
64KB

Download
memory/3272-4-0x00000000062D0000-0x00000000067CE000-memory.dmp

Filesize
5.0MB

Download
memory/3272-21-0x000000000D4E0000-0x000000000D52B000-memory.dmp

Filesize
300KB

Download
memory/3272-5-0x0000000005EB0000-0x0000000005F42000-memory.dmp

Filesize
584KB

Download
memory/3272-20-0x000000000C900000-0x000000000C922000-memory.dmp

Filesize
136KB

Download
memory/3272-19-0x000000000C860000-0x000000000C8C6000-memory.dmp

Filesize
408KB

Download
memory/3272-6-0x000000000A5C0000-0x000000000A5C8000-memory.dmp

Filesize
32KB

Download
memory/3272-7-0x0000000003490000-0x00000000034A0000-memory.dmp

Filesize
64KB

Download
memory/3272-8-0x000000000A750000-0x000000000A788000-memory.dmp

Filesize
224KB

Download
memory/3272-18-0x000000000D000000-0x000000000D350000-memory.dmp

Filesize
3.3MB

Download
memory/3272-17-0x000000000C410000-0x000000000C45A000-memory.dmp

Filesize
296KB

Download
memory/3272-9-0x000000000BCD0000-0x000000000C2F8000-memory.dmp

Filesize
6.2MB

Download
memory/3272-10-0x000000000BB10000-0x000000000BB2A000-memory.dmp

Filesize
104KB

Download
memory/3272-11-0x000000000BB70000-0x000000000BBA6000-memory.dmp

Filesize
216KB

Download
memory/3272-12-0x000000000C980000-0x000000000CFF8000-memory.dmp

Filesize
6.5MB

Download
memory/3272-13-0x000000000C300000-0x000000000C394000-memory.dmp

Filesize
592KB

Download
memory/3272-14-0x000000000BC00000-0x000000000BC22000-memory.dmp

Filesize
136KB

Download
memory/3272-15-0x000000000C3A0000-0x000000000C406000-memory.dmp

Filesize
408KB

Download
memory/3272-16-0x000000000BC50000-0x000000000BC6C000-memory.dmp

Filesize
112KB

Download
memory/4672-240-0x0000020778AB0000-0x0000020778AB2000-memory.dmp

Filesize
8KB

Download
memory/4672-170-0x0000020778260000-0x0000020778262000-memory.dmp

Filesize
8KB

Download
memory/4672-182-0x0000020778920000-0x0000020778922000-memory.dmp

Filesize
8KB

Download
memory/4672-187-0x0000020778B70000-0x0000020778B72000-memory.dmp

Filesize
8KB

Download
memory/4672-195-0x0000020778BF0000-0x0000020778BF2000-memory.dmp

Filesize
8KB

Download
memory/4672-199-0x0000020778C10000-0x0000020778C12000-memory.dmp

Filesize
8KB

Download
memory/4672-203-0x0000020778D70000-0x0000020778D72000-memory.dmp

Filesize
8KB

Download
memory/4672-207-0x0000020778E60000-0x0000020778E62000-memory.dmp

Filesize
8KB

Download
memory/4672-218-0x0000020778120000-0x0000020778122000-memory.dmp

Filesize
8KB

Download
memory/4672-221-0x0000020778190000-0x0000020778192000-memory.dmp

Filesize
8KB

Download
memory/4672-225-0x00000207781B0000-0x00000207781B2000-memory.dmp

Filesize
8KB

Download
memory/4672-228-0x0000020778ED0000-0x0000020778ED2000-memory.dmp

Filesize
8KB

Download
memory/4672-230-0x00000207797F0000-0x00000207797F2000-memory.dmp

Filesize
8KB

Download
memory/4672-232-0x000002077A140000-0x000002077A142000-memory.dmp

Filesize
8KB

Download
memory/4672-234-0x000002077A300000-0x000002077A302000-memory.dmp

Filesize
8KB

Download
memory/4672-236-0x000002077A330000-0x000002077A333000-memory.dmp

Filesize
12KB

Download
memory/4672-238-0x000002077A3D0000-0x000002077A3D8000-memory.dmp

Filesize
32KB

Download
memory/4672-175-0x0000020778490000-0x0000020778492000-memory.dmp

Filesize
8KB

Download
memory/4672-242-0x0000020778AD0000-0x0000020778AD2000-memory.dmp

Filesize
8KB

Download
memory/4672-179-0x00000207787F0000-0x00000207787F2000-memory.dmp

Filesize
8KB

Download
memory/4672-162-0x0000020778220000-0x0000020778222000-memory.dmp

Filesize
8KB

Download
memory/4672-158-0x0000020778200000-0x0000020778202000-memory.dmp

Filesize
8KB

Download
memory/4672-156-0x00000207785F0000-0x00000207786F0000-memory.dmp

Filesize
1024KB

Download
memory/4672-155-0x0000020778DA0000-0x0000020778DC0000-memory.dmp

Filesize
128KB

Download
memory/4672-152-0x0000020778D40000-0x0000020778D60000-memory.dmp

Filesize
128KB

Download
memory/4672-151-0x0000020778900000-0x0000020778920000-memory.dmp

Filesize
128KB

Download
memory/4696-141-0x0000000004FF0000-0x0000000005000000-memory.dmp

Filesize
64KB

Download
memory/4696-82-0x0000000004FF0000-0x0000000005000000-memory.dmp

Filesize
64KB

Download
memory/4696-81-0x0000000004FF0000-0x0000000005000000-memory.dmp

Filesize
64KB

Download
memory/4696-80-0x00000000736A0000-0x0000000073D8E000-memory.dmp

Filesize
6.9MB

Download
memory/4696-77-0x0000000004FF0000-0x0000000005000000-memory.dmp

Filesize
64KB

Download
memory/4696-64-0x000000006A860000-0x000000006AF3E000-memory.dmp

Filesize
6.9MB

Download
memory/4696-57-0x0000000004FF0000-0x0000000005000000-memory.dmp

Filesize
64KB

Download
memory/4696-56-0x0000000004FF0000-0x0000000005000000-memory.dmp

Filesize
64KB

Download
memory/4696-55-0x00000000736A0000-0x0000000073D8E000-memory.dmp

Filesize
6.9MB

Download
memory/4696-54-0x0000000000320000-0x0000000000604000-memory.dmp

Filesize
2.9MB

Download
memory/4696-611-0x00000000736A0000-0x0000000073D8E000-memory.dmp

Filesize
6.9MB

Download