Overview

overview

8

Static

static

3

Fluxus V7.exe

windows7-x64

3

Fluxus V7.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    127s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/11/2023, 13:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Fluxus V7.exe

  • Size

    3.9MB

  • MD5

    aa5d196260f56a93d7a9ddf32d202112

  • SHA1

    4abe547da7e38e9facb98523e4795a71af6b4600

  • SHA256

    653eaa58999ff72cd9e858a9661c87b049fc66172d20fc9ae0f1e3b1e2af694b

  • SHA512

    7cf76918a4d04c628cc4e7b3a7f2674c03b97104e98b98ab8407d2e12521e48dc61438d982cfdc9763deaa1b915e4432a972274dd6ac381a5a58f08e1ffd55d5

  • SSDEEP

    49152:XgLIR9JyCns59qfuce05XlWycazyClY1YH8PnGpv80tbvvqVUcZ:XgLIRfyC7egWJa3lY1U82kmvvoUc

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Fluxus V7.exe
    "C:\Users\Admin\AppData\Local\Temp\Fluxus V7.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1828
    • C:\Users\Admin\AppData\Local\Temp\Fluxus\Fluxus V7.exe
      "C:\Users\Admin\AppData\Local\Temp\Fluxus\Fluxus V7.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates connected drives
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:644
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://flux.li/windows/start.php?HWID=8e1c3a2571f611eeb186806e6f6e69639120b4774850a8d91b5b1ab6aea5275a
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:3584
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c00046f8,0x7ff9c0004708,0x7ff9c0004718
          4⤵
            PID:1812
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
            4⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:3428
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
            4⤵
              PID:3808
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
              4⤵
                PID:4524
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
                4⤵
                  PID:2536
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
                  4⤵
                    PID:4872
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
                    4⤵
                      PID:1096
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
                      4⤵
                        PID:3720
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
                        4⤵
                          PID:2076
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
                          4⤵
                            PID:660
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
                            4⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4112
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:1
                            4⤵
                              PID:2200
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
                              4⤵
                                PID:4944
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
                                4⤵
                                  PID:4044
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1
                                  4⤵
                                    PID:4396
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
                                    4⤵
                                      PID:3516
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5548 /prefetch:8
                                      4⤵
                                      • Modifies registry class
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:2628
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6488 /prefetch:8
                                      4⤵
                                        PID:4720
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
                                        4⤵
                                          PID:2124
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
                                          4⤵
                                            PID:4372
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
                                            4⤵
                                              PID:4252
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
                                              4⤵
                                                PID:2104
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
                                                4⤵
                                                  PID:4292
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
                                                  4⤵
                                                    PID:1940
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
                                                    4⤵
                                                      PID:3092
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5120624482544170544,10788539840941614518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
                                                      4⤵
                                                        PID:3992
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:944
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:5036
                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                      1⤵
                                                        PID:2672

                                                      Network

                                                            MITRE ATT&CK Enterprise v15

                                                            Replay Monitor

                                                            Loading Replay Monitor...

                                                            Downloads

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                              Filesize

                                                              152B

                                                              MD5

                                                              8f30b8232b170bdbc7d9c741c82c4a73

                                                              SHA1

                                                              9abfca17624e13728bd7fa6547e7e26e0695d411

                                                              SHA256

                                                              0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                              SHA512

                                                              587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
                                                              Filesize

                                                              91KB

                                                              MD5

                                                              c52f899e5d7593c39df535debe0b9ed3

                                                              SHA1

                                                              d97fc82200b68fbaf4b282a1a724f81df3daeb91

                                                              SHA256

                                                              af4eb506f2afff2f2878975bc72e5dbf27a4a355cfb66801b55c101643c32166

                                                              SHA512

                                                              2c9f2c02249eb9cf2b464e41bf608610324892aa836ffebfb705dd676930ee5f1d3cc2e486bedeea495ae2ad79c5a9ac53a0cc9bb517bb7060b1b882bfbd9768

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
                                                              Filesize

                                                              91KB

                                                              MD5

                                                              fca116bb7c310f70c458d3dbbf58963f

                                                              SHA1

                                                              f0b99b4090de10ce34b92d8b67c7d474404806f4

                                                              SHA256

                                                              e4fc1aa5603ee5ff612501bd83d661fa38a56c47f49ef0716df59e11c9314e59

                                                              SHA512

                                                              3edbc6a0128f55e089f947260c71ac5c8666583374e4dbb379ed694d2f5ad918c488143739c1bd343239157ebd2673d42cb256eca3427fe921bd4d57c08520e1

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
                                                              Filesize

                                                              218KB

                                                              MD5

                                                              0e0cfe42e988e5ce6ce7315f1a064b43

                                                              SHA1

                                                              e35bdca96f09960fec41691f83c3626998c44d37

                                                              SHA256

                                                              12f4c87125d851fc321b401e153b54f46058ee94b147ac71f81eba90df21f594

                                                              SHA512

                                                              674ff1d1a6754f479a6f63a47a9c5c88aedaaf1c36f50dbe5bda23d5ee52e2f92f0e35f083e03f0dc9ded34f1bdb085d5c0d941e9ac1c242224aeffc96054f0a

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                              Filesize

                                                              936B

                                                              MD5

                                                              a50917caf335660538f63422464f60b1

                                                              SHA1

                                                              c7519a9919adef6a5c68855d6ecb74f43e84f61a

                                                              SHA256

                                                              c82005aaa5e3e6a829931f1910aba3eaccad5e07b1b6dbd830edc4b01c137447

                                                              SHA512

                                                              52fe951be52e4ead8aca794e7efb18a33044a09e42d7e71b4d96591d538bed9b34abf8089904cca100ba3992a4d610dad6d3e2bf70691bce235a7953c21a2476

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                              Filesize

                                                              111B

                                                              MD5

                                                              285252a2f6327d41eab203dc2f402c67

                                                              SHA1

                                                              acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                              SHA256

                                                              5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                              SHA512

                                                              11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                              Filesize

                                                              6KB

                                                              MD5

                                                              08796e3cb03cce10e2459514075acb4f

                                                              SHA1

                                                              d5aacef31af960ac7ad7b1e38903a446fb94ccea

                                                              SHA256

                                                              3618c2f3ca7a536c6d03bf45c356c05e323a5977253e8c7f7048bf4cebfb51ce

                                                              SHA512

                                                              e6909f4771da4890af1b9bdbb46aa1366855b40026727ae7b20c8ab22d1f7cb2bcd9d4498a33b46add170435f99eb8e575249a41c842c34f7c2d45d8dcfeeba6

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                              Filesize

                                                              5KB

                                                              MD5

                                                              fe589fea5727df6ca067342b314400f1

                                                              SHA1

                                                              32d690ec78e22c65535c23e53a9de5cd9da922bf

                                                              SHA256

                                                              e216b609bf826261f44ae5e921a0b3639a3e2bc8c36c9f4e20cbc6d7adcd7347

                                                              SHA512

                                                              38e554e942efa456087032cbccf3a2e676e94fb430482f403b702a81b5ff4712efe37c6453bc2a10f85a040eff760806590188257abdae0c05a46715643118c1

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                              Filesize

                                                              7KB

                                                              MD5

                                                              a7e1da61d4077329eecdbd41c283cb85

                                                              SHA1

                                                              c73d43c3570f0ffc325de1c63c2cc3c4066aa198

                                                              SHA256

                                                              5bc602af0df262f7b4accaf6bf9b684d842143a594127c2ef3ea1a743fba790e

                                                              SHA512

                                                              6503f1f64069a2776f0447a131893e8484455e8e0c29bc9ba15463c8cb1a5f2eb95212217f9a60391516b9e29461fb0e10153fcbbc8d159b6baa627323f04329

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                              Filesize

                                                              8KB

                                                              MD5

                                                              414a8b33ce36ebe80a1872fad2796660

                                                              SHA1

                                                              4e074b9e7efab2335fc23419fea0e34cd33f2706

                                                              SHA256

                                                              f66a7b47458f4f5f2d12f64f26b3e529e95972cf73d1fcb96541d85669d7636c

                                                              SHA512

                                                              7c8c3885a0a03723296a416d7e66a4804cf57974bd90ee724c4d3c623d291a22d1f97ccf8502e6993cd4941a15da03e895b4268d99777c427ebc53213c0e6021

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                              Filesize

                                                              24KB

                                                              MD5

                                                              0b8abe9b2d273da395ec7c5c0f376f32

                                                              SHA1

                                                              d7b266fb7310cc71ab5fdb0ef68f5788e702f2ec

                                                              SHA256

                                                              3751deeb9ad3db03e6b42dedcac68c1c9c7926a2beeaaa0820397b6ddb734a99

                                                              SHA512

                                                              3dd503ddf2585038aa2fedc53d20bb9576f4619c3dc18089d7aba2c12dc0288447b2a481327c291456d7958488ba2e2d4028af4ca2d30e92807c8b1cdcffc404

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                              Filesize

                                                              2KB

                                                              MD5

                                                              289d21a454b7a0e4afbc9dd6ce1c3a38

                                                              SHA1

                                                              0bc886a4aba03ae15fa07709c502888eeecd282f

                                                              SHA256

                                                              bb229fff81cdaf05fb34434d29832991d91798e3ee4885eed7d4ac22db0f1f77

                                                              SHA512

                                                              503ce876d77d45fef4f9724ab3380f6111f3fd01772bf1e6e866d52852f8b2ff7ee87ab59e3f94341d3fa63113d52e828c1aae5b2465ce393f375948df21ef50

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                              Filesize

                                                              3KB

                                                              MD5

                                                              3b1f6e11c4e5a3730a70536022979b02

                                                              SHA1

                                                              d1e847930155b847a7b46ffc57844e8cf66dc471

                                                              SHA256

                                                              9bc335a216c589d62e3dcb1368013d5f7117d62be3a09689d2e0d0e15c110e72

                                                              SHA512

                                                              e1f7509aea8637fe6f633b2374b266f64e6bb507eece3b204a4e8b01f1add9dd1ac13837dfe74cef846b653a5c761483127d96bbc968fe40128f232da202c262

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e0a7.TMP
                                                              Filesize

                                                              1KB

                                                              MD5

                                                              54a0c046712af19ee4ed1022e4502c15

                                                              SHA1

                                                              dce3842cc0ac3c9e938c8448b06606032b682c43

                                                              SHA256

                                                              0a39fe4093bdbd1ce42ee3a7a366341ad635db956729187c4e5061905f0b3358

                                                              SHA512

                                                              b16fd72effc4068cdfce9c1230fda753247f42c198b88dee377e79baf29f12f7bc02e64cf99cae1dfd05a385176fc0dc35217d6b37e277a76e800c3280feec24

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                              Filesize

                                                              16B

                                                              MD5

                                                              6752a1d65b201c13b62ea44016eb221f

                                                              SHA1

                                                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                              SHA256

                                                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                              SHA512

                                                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                              Filesize

                                                              10KB

                                                              MD5

                                                              713a363b57039ead6927c52ebbf40edf

                                                              SHA1

                                                              cec16146da3414861ddad554c6ee1ce2a7029951

                                                              SHA256

                                                              9d0d80a0e784d73b4afda27b5cd93f78c02004b1257595749ba05dbcad3f4fd4

                                                              SHA512

                                                              21be36b965ef2f55907c93906c45e71c115e0b632b988d7e3b575e55bd2989b999cc99619e764e5b82e09853a09fb3e1902f003b269fbdc45546c9a710b87eab

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
                                                              Filesize

                                                              9KB

                                                              MD5

                                                              7050d5ae8acfbe560fa11073fef8185d

                                                              SHA1

                                                              5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                                              SHA256

                                                              cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                                              SHA512

                                                              a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                                                              Filesize

                                                              53KB

                                                              MD5

                                                              124edf3ad57549a6e475f3bc4e6cfe51

                                                              SHA1

                                                              80f5187eeebb4a304e9caa0ce66fcd78c113d634

                                                              SHA256

                                                              638c51e173ca6b3469494a7e2e0b656021a761f77b4a83f3e430e82e7b9af675

                                                              SHA512

                                                              b6c1a9051feeffad54ba1092fd799d34a9578368d7e66b31780fe478c1def0eb4094dce2879003f7389f2f9d86b94a3ef3975e78092a604597841c9b8db120ee

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\Fluxus\Fluxus V7.exe
                                                              Filesize

                                                              2.9MB

                                                              MD5

                                                              7558fc97a76572642872cca17f9595ed

                                                              SHA1

                                                              2e1cc9e2eaf98c544d8aa46322634f00d7356890

                                                              SHA256

                                                              9bc663ab6b643e0f2efa6505da5dc765ec47aa57d6b6fd3eae2d3ddcc2b29d70

                                                              SHA512

                                                              f05b003d399392f7a927c5dea9839349a9d49246c67edef7dc2e4de8db33286bf6fd136bda92d1780657754b322a45f3a283bf54ddf76cb3a58fe92204806cf5

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\Fluxus\Fluxus V7.exe
                                                              Filesize

                                                              2.9MB

                                                              MD5

                                                              7558fc97a76572642872cca17f9595ed

                                                              SHA1

                                                              2e1cc9e2eaf98c544d8aa46322634f00d7356890

                                                              SHA256

                                                              9bc663ab6b643e0f2efa6505da5dc765ec47aa57d6b6fd3eae2d3ddcc2b29d70

                                                              SHA512

                                                              f05b003d399392f7a927c5dea9839349a9d49246c67edef7dc2e4de8db33286bf6fd136bda92d1780657754b322a45f3a283bf54ddf76cb3a58fe92204806cf5

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\Fluxus\Fluxus V7.exe
                                                              Filesize

                                                              2.9MB

                                                              MD5

                                                              7558fc97a76572642872cca17f9595ed

                                                              SHA1

                                                              2e1cc9e2eaf98c544d8aa46322634f00d7356890

                                                              SHA256

                                                              9bc663ab6b643e0f2efa6505da5dc765ec47aa57d6b6fd3eae2d3ddcc2b29d70

                                                              SHA512

                                                              f05b003d399392f7a927c5dea9839349a9d49246c67edef7dc2e4de8db33286bf6fd136bda92d1780657754b322a45f3a283bf54ddf76cb3a58fe92204806cf5

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\Fluxus\bin\FluxusAuth.dll
                                                              Filesize

                                                              4.3MB

                                                              MD5

                                                              8b7c95c980646614b4fd21414e489be7

                                                              SHA1

                                                              19c4cfeb0a5c4d2d305022bb34e817d63c6d5f25

                                                              SHA256

                                                              9f766783ca687dc5b7718350b673bc895cb9b0eb7e9185ea0b8044867c2bbbfe

                                                              SHA512

                                                              8027b1036c6ccd18b5f51e95a5ab687c65766cf63d1e619da9c91dca16dbdc68b2d85acde13955f600d0a32a914b4fdb76912e7b1c00a10327835ad6882c402a

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\Fluxus\bin\FluxusAuth.dll
                                                              Filesize

                                                              4.3MB

                                                              MD5

                                                              8b7c95c980646614b4fd21414e489be7

                                                              SHA1

                                                              19c4cfeb0a5c4d2d305022bb34e817d63c6d5f25

                                                              SHA256

                                                              9f766783ca687dc5b7718350b673bc895cb9b0eb7e9185ea0b8044867c2bbbfe

                                                              SHA512

                                                              8027b1036c6ccd18b5f51e95a5ab687c65766cf63d1e619da9c91dca16dbdc68b2d85acde13955f600d0a32a914b4fdb76912e7b1c00a10327835ad6882c402a

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_z0n0knzj.gnx.ps1
                                                              Filesize

                                                              60B

                                                              MD5

                                                              d17fe0a3f47be24a6453e9ef58c94641

                                                              SHA1

                                                              6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                              SHA256

                                                              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                              SHA512

                                                              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                              Download Submit

                                                            • memory/644-82-0x000000006AFB0000-0x000000006B68E000-memory.dmp

                                                              Filesize

                                                              6.9MB

                                                              Download

                                                            • memory/644-158-0x0000000005510000-0x0000000005520000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/644-104-0x0000000005510000-0x0000000005520000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/644-107-0x0000000074E90000-0x0000000075640000-memory.dmp

                                                              Filesize

                                                              7.7MB

                                                              Download

                                                            • memory/644-72-0x0000000074E90000-0x0000000075640000-memory.dmp

                                                              Filesize

                                                              7.7MB

                                                              Download

                                                            • memory/644-73-0x0000000000970000-0x0000000000C54000-memory.dmp

                                                              Filesize

                                                              2.9MB

                                                              Download

                                                            • memory/644-108-0x0000000005510000-0x0000000005520000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/644-115-0x0000000005510000-0x0000000005520000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/1828-26-0x000000000C2F0000-0x000000000C644000-memory.dmp

                                                              Filesize

                                                              3.3MB

                                                              Download

                                                            • memory/1828-29-0x000000000C6F0000-0x000000000C712000-memory.dmp

                                                              Filesize

                                                              136KB

                                                              Download

                                                            • memory/1828-53-0x0000000009EF0000-0x0000000009F02000-memory.dmp

                                                              Filesize

                                                              72KB

                                                              Download

                                                            • memory/1828-61-0x0000000005630000-0x0000000005640000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/1828-50-0x0000000074E90000-0x0000000075640000-memory.dmp

                                                              Filesize

                                                              7.7MB

                                                              Download

                                                            • memory/1828-49-0x000000000C940000-0x000000000C948000-memory.dmp

                                                              Filesize

                                                              32KB

                                                              Download

                                                            • memory/1828-48-0x000000000F6C0000-0x000000000F6C8000-memory.dmp

                                                              Filesize

                                                              32KB

                                                              Download

                                                            • memory/1828-47-0x000000000F6A0000-0x000000000F6BA000-memory.dmp

                                                              Filesize

                                                              104KB

                                                              Download

                                                            • memory/1828-46-0x000000000F2E0000-0x000000000F2F4000-memory.dmp

                                                              Filesize

                                                              80KB

                                                              Download

                                                            • memory/1828-74-0x0000000005630000-0x0000000005640000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/1828-75-0x00000000FFAF0000-0x00000000FFB00000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/1828-45-0x000000000F2D0000-0x000000000F2DE000-memory.dmp

                                                              Filesize

                                                              56KB

                                                              Download

                                                            • memory/1828-44-0x000000000F2A0000-0x000000000F2B1000-memory.dmp

                                                              Filesize

                                                              68KB

                                                              Download

                                                            • memory/1828-43-0x000000000F230000-0x000000000F23A000-memory.dmp

                                                              Filesize

                                                              40KB

                                                              Download

                                                            • memory/1828-42-0x000000000F180000-0x000000000F223000-memory.dmp

                                                              Filesize

                                                              652KB

                                                              Download

                                                            • memory/1828-41-0x000000000DD60000-0x000000000DD7E000-memory.dmp

                                                              Filesize

                                                              120KB

                                                              Download

                                                            • memory/1828-31-0x00000000FFAF0000-0x00000000FFB00000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/1828-30-0x000000000C8B0000-0x000000000C8FC000-memory.dmp

                                                              Filesize

                                                              304KB

                                                              Download

                                                            • memory/1828-106-0x0000000074E90000-0x0000000075640000-memory.dmp

                                                              Filesize

                                                              7.7MB

                                                              Download

                                                            • memory/1828-52-0x0000000009EC0000-0x0000000009ECA000-memory.dmp

                                                              Filesize

                                                              40KB

                                                              Download

                                                            • memory/1828-28-0x0000000005630000-0x0000000005640000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/1828-27-0x000000000C650000-0x000000000C6B6000-memory.dmp

                                                              Filesize

                                                              408KB

                                                              Download

                                                            • memory/1828-1-0x00000000008F0000-0x0000000000CE4000-memory.dmp

                                                              Filesize

                                                              4.0MB

                                                              Download

                                                            • memory/1828-25-0x000000000B810000-0x000000000B85A000-memory.dmp

                                                              Filesize

                                                              296KB

                                                              Download

                                                            • memory/1828-24-0x000000000B670000-0x000000000B68E000-memory.dmp

                                                              Filesize

                                                              120KB

                                                              Download

                                                            • memory/1828-23-0x000000000B7A0000-0x000000000B806000-memory.dmp

                                                              Filesize

                                                              408KB

                                                              Download

                                                            • memory/1828-22-0x000000000B620000-0x000000000B642000-memory.dmp

                                                              Filesize

                                                              136KB

                                                              Download

                                                            • memory/1828-21-0x000000000B690000-0x000000000B726000-memory.dmp

                                                              Filesize

                                                              600KB

                                                              Download

                                                            • memory/1828-20-0x000000000BC70000-0x000000000C2EA000-memory.dmp

                                                              Filesize

                                                              6.5MB

                                                              Download

                                                            • memory/1828-19-0x000000000B5B0000-0x000000000B5E6000-memory.dmp

                                                              Filesize

                                                              216KB

                                                              Download

                                                            • memory/1828-18-0x000000000B550000-0x000000000B56A000-memory.dmp

                                                              Filesize

                                                              104KB

                                                              Download

                                                            • memory/1828-8-0x000000000AF00000-0x000000000B528000-memory.dmp

                                                              Filesize

                                                              6.2MB

                                                              Download

                                                            • memory/1828-7-0x0000000006900000-0x000000000690E000-memory.dmp

                                                              Filesize

                                                              56KB

                                                              Download

                                                            • memory/1828-6-0x000000000A890000-0x000000000A8C8000-memory.dmp

                                                              Filesize

                                                              224KB

                                                              Download

                                                            • memory/1828-5-0x00000000068B0000-0x00000000068B8000-memory.dmp

                                                              Filesize

                                                              32KB

                                                              Download

                                                            • memory/1828-4-0x0000000005B00000-0x0000000005B92000-memory.dmp

                                                              Filesize

                                                              584KB

                                                              Download

                                                            • memory/1828-3-0x0000000005FD0000-0x0000000006574000-memory.dmp

                                                              Filesize

                                                              5.6MB

                                                              Download

                                                            • memory/1828-2-0x0000000005630000-0x0000000005640000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/1828-0-0x0000000074E90000-0x0000000075640000-memory.dmp

                                                              Filesize

                                                              7.7MB

                                                              Download