32b5ba87da84c5561e53eddedacaea5ef3d55a9703a72022f0797ec4afd6dbcd

Analysis

max time kernel
976s
max time network
984s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
29-02-2024 08:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8xyz8/Defender_Settings.vbs
Size

313B
MD5

b0bf0a477bcca312021177572311e666
SHA1

ea77332d7779938ae8e92ad35d6dea4f4be37a92
SHA256

af42a17d428c8e9d6f4a6d3393ec268f4d12bbfd01a897d87275482a45c847e9
SHA512

09366608f2670d2eb0e8ddcacd081a7b2d7b680c4cdd02494d08821dbdf17595b30e88f6ce0888591592e7caa422414a895846a268fd63e8243074972c9f52d8

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4612	2188	WerFault.exe	132

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-647252928-2816094679-1307623958-1000\{D996185B-D613-4CFA-A550-7EBD4896D663}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Fluxus.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
2688	msedge.exe
2688	msedge.exe
2024	identity_helper.exe
2024	identity_helper.exe
2004	msedge.exe
2004	msedge.exe
2732	msedge.exe
2732	msedge.exe
3848	msedge.exe
3848	msedge.exe
2188	Fluxus V7.exe
2188	Fluxus V7.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1248	Fluxus V7.exe
Token: SeDebugPrivilege	2188	Fluxus V7.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2188	OpenWith.exe
1592	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 644	2688	msedge.exe	84
PID 2688 wrote to memory of 644	2688	msedge.exe	84
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 3452	2688	msedge.exe	85
PID 2688 wrote to memory of 1912	2688	msedge.exe	87
PID 2688 wrote to memory of 1912	2688	msedge.exe	87
PID 2688 wrote to memory of 3332	2688	msedge.exe	86
PID 2688 wrote to memory of 3332	2688	msedge.exe	86
PID 2688 wrote to memory of 3332	2688	msedge.exe	86
PID 2688 wrote to memory of 3332	2688	msedge.exe	86
PID 2688 wrote to memory of 3332	2688	msedge.exe	86
PID 2688 wrote to memory of 3332	2688	msedge.exe	86
PID 2688 wrote to memory of 3332	2688	msedge.exe	86
PID 2688 wrote to memory of 3332	2688	msedge.exe	86
PID 2688 wrote to memory of 3332	2688	msedge.exe	86
PID 2688 wrote to memory of 3332	2688	msedge.exe	86
PID 2688 wrote to memory of 3332	2688	msedge.exe	86
PID 2688 wrote to memory of 3332	2688	msedge.exe	86
PID 2688 wrote to memory of 3332	2688	msedge.exe	86
PID 2688 wrote to memory of 3332	2688	msedge.exe	86
PID 2688 wrote to memory of 3332	2688	msedge.exe	86
PID 2688 wrote to memory of 3332	2688	msedge.exe	86
PID 2688 wrote to memory of 3332	2688	msedge.exe	86
PID 2688 wrote to memory of 3332	2688	msedge.exe	86
PID 2688 wrote to memory of 3332	2688	msedge.exe	86
PID 2688 wrote to memory of 3332	2688	msedge.exe	86

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8xyz8\Defender_Settings.vbs"
1⤵
- Modifies registry class
PID:1976

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9933f3cb8,0x7ff9933f3cc8,0x7ff9933f3cd8
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3320 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1888 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,13593357073710739253,12216461885573308030,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1560

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:440

C:\Users\Admin\AppData\Local\Temp\Temp1_Fluxus.zip\Fluxus\Fluxus V7.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Fluxus.zip\Fluxus\Fluxus V7.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1248

C:\Users\Admin\Documents\Fluxus\Fluxus V7.exe
"C:\Users\Admin\Documents\Fluxus\Fluxus V7.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2188
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 3248
  2⤵
  - Program crash
  PID:4612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2188 -ip 2188
1⤵
PID:1976

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
12b71c4e45a845b5f29a54abb695e302

SHA1
8699ca2c717839c385f13fb26d111e57a9e61d6f

SHA256
c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0

SHA512
09f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce319bd3ed3c89069337a6292042bbe0

SHA1
7e058bce90e1940293044abffe993adf67d8d888

SHA256
34070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3

SHA512
d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
50KB

MD5
70ed844de1bdd100d4767313720c7063

SHA1
432f80d6bb593010ce37f20fcdcf89c5b7606db4

SHA256
9246797509b2eb4e9febad55cd3a9f3cc1951ccab4e1def991424b7a0c60268c

SHA512
255c5b54c658f00bd71a87ba771f42de274162d36bfafc914de1ae055b03692217fcf8ef2786eff3171e6cf3457e1760689ab3d403faa9e837c7de3a39cb7f44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
93KB

MD5
dc520842b10b65d0e3a2e50d41bfe745

SHA1
a3029e011675227ce1ae5ca51b48c0b31ebe193c

SHA256
5cd845ba082a45f235b5b95268fe553c4523191b6edea6a94cc8b3f91fdb90ab

SHA512
b752a51329fa8bb8e513d18c84929d396b53d4753c22938d8520babd5f9b2eee860a352c0e44288ca7f18c4de7edef7ffdec17284564d23085f1d7b00b88f830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
137KB

MD5
754fe405bc7cac933534adfeef75bc3a

SHA1
97bc4df69f4d886d589f40e31e17d530d53683e1

SHA256
17b995a6fbdb1408b056b0897daf497eb60c2ad8089585673fe4d4090d7a3cf1

SHA512
9f891a874d1379ead03bbc91b6816620931ccdb211ded5c72a8789037386ceb3b65454c5a6a176917da6c64854358337ea4975a74bf4b9ce8e741b270df37b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
52KB

MD5
02bd15c9e2b6d0e3487ce38aaba29184

SHA1
b3fbcd65b6d7b4c93b8fcce50fb3737f3c7baec9

SHA256
a6518e49b68a002c8ef6cfcb905a5caf8a143e831df767758369332aba017719

SHA512
e750e3db0555f43f2456ac53e5197eb89f38691ce6d0adb2631e792221256e6bcbd07f6a9881a31d71d2d87cd767b0cecabde505e2cca359099b427e181f42b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
62KB

MD5
786aac28d5c0120358007b97190cb0f2

SHA1
459e0aae2b1321f596ac49fa51979120a8c35aef

SHA256
8170cce4c1cc4d9017f8a075af0414db3705bae7832c136df76131672393884c

SHA512
6b93ab6154c6750df8f94aee9c46e46f5c993e6608ed21f5eeb341331b474d5ab249b947e701ef236e32d1d6a7f8f9953c66fcdb14d8eaed2ca867e4f2324676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
19KB

MD5
48d1c18e85fcfea27ea3cc03af096856

SHA1
8ef1ad9c6117ca85f4c6fade480b7a046a26cf65

SHA256
d197821560bb140fad520ef7939c2210ab062fbdc78890c52be2b90412b033a3

SHA512
5b900d8eb0f0a185cd637ee16bea8e3458a53f5b300e1133d8274962f596036d90546aedac9044fd4ed9a646db5ff4fb6e255d328998b3c4cc9f32ed5b475848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
31KB

MD5
0b3c3fdba6e9f64476dd43cf8f6d94f3

SHA1
c3d3b16e3ca06c15cc94eb564886610d7f2e18bc

SHA256
dd9dd5d5fcb5ee17f03b96c99f32b48ba4fff798489dc801bc3f2b55ec3e4675

SHA512
8e4d7e2303ed8b8d4243c60dbfa769bc9eba7f90968305a8a4075ed289a25642dc9207cf925290a99efcb99731a8bbba63b06218cafa2a87f1e7d8a98e88a410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
33KB

MD5
c15d33a9508923be839d315a999ab9c7

SHA1
d17f6e786a1464e13d4ec8e842f4eb121b103842

SHA256
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

SHA512
959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
19KB

MD5
9a31b3d6658d584e8d16bbb25cef3ae8

SHA1
6015d2dd9ced18d00934ece35776d97f06cf7f8d

SHA256
46e709f66a851b8819579122320debc189a7242fe2f7c307fefc98f6e9e97e8b

SHA512
ff59f8eaacf725fae5c55a7be92125c73d573b51baadde86a1da28166738351ca9481a0d78edb32f6376f38e4dd421e450a1c8926e6a7ca7f168eb58e6104aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71848a3da7ea1aa8_0

Filesize
301B

MD5
f9bd5b003f3b65c3396b5230689bf1bf

SHA1
ee64ffbc7b2e9880a96e9ed5f2e51559fd6c03e6

SHA256
675a868d99197d2f4a8c85dc0f8cdb0ef87058fb982681ac1540bbcc1e6bbf3d

SHA512
3f7ad82052fb549a9d69eb6bc4e2133a8ab61f849439750c24f737796a2944ec6d41e69dc80c0483f1b4ee9752962621863a773e90ee7ebde63cb9edf75a4f4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
86c7db9949fb43ced47324aa27caab41

SHA1
ded9d4a4fc775022aed2b206e7eff76992b76216

SHA256
8f031a75feef23dc743e861045be0d326ee1f0ec6fe172df0231a044963e14be

SHA512
c3f290256c40187357504cd4bacacfd1373493ccd0052d098a536c600050d4d9f2aacbd6bc255e28a7e346adefd96d0f2d1559d6e98f62c87a179bcd706b28ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
24910c5c1e3eae15d878d5a749369cb9

SHA1
4a82c9092a97a661bf29ff03ffc54c9b529afb1c

SHA256
caf2048a43fdd39c6faa66d10e0a31a2a08c437ff5cc03ac5c5c201ef8256671

SHA512
40b88c1b7af64b419e438886126f48dd60c0878fde0f6fccfc847e674db5876bd967b4ba1528ffe7eea93f1a5acd49b183fece06c33fd5d1573bb9b34a61cb98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ad4ec2bddc358ecf6e745768b4b2e5b7

SHA1
db502552538e055d3ba008020c29f75790bb6816

SHA256
2f01b7e3998092130b5b5727c4fbf6fe1fba9523f430f8bf48a35e66b585d7fd

SHA512
30cdf685b0adaa4726a057cfeb0dc32b89c18f4a7a417d2b33fb0bc6dc477202b14a71f186b55a1caad47e651d7498e0fadbc476c5818b86b94d3668b622080a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f5dd716ad22d70679dd4a8719739df13

SHA1
635e20a720c3c1063ee2f8de2e367126776f3cf5

SHA256
3af16ae15dd461c3ec0e3bf9ecd9d72fda90a3532d959324a59d17d3e9df71b6

SHA512
0089bce85806acc3dbc9ad80dccec0186b3de8672f314f646fa8118ad36d7cfaae8506da4e0e442adb26910b46ea8c2b860aa2e38319255210db2e8dfe8bf17b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
614d78cd7fce33cc7acb2ba4c40b0e91

SHA1
e40bb0debacee26fd3cb0b7fe28ef61563439d71

SHA256
19f13bc203b555980b6b325013646aa4330da3febd39f7f13204153c60577cf4

SHA512
5c75d1e0d736086a56ed980b00f7ca4e475afb9131e07f2147d1617d7cde6edcde53764818f90b0c91127372ea5b52f131631f2aed78b46d96261a3da8f35925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9944dabf1295501aa18894a96fb2f20e

SHA1
2c725b339391def24fbd6f46854ba50d349de483

SHA256
eee34f92b08210db325dfe7c86edbb5fc22f68ef67dda657174283275ed4e645

SHA512
ac5f95a79bfe3259deb00891ae4137be47b44ec8a0a5aa1b8f588900394a9633ba98f331561f5efb308fd7cff6a4fb5b69e4a6236a869858336398cc493a8b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a324bb48b5eb8efbf2503baaa7d49274

SHA1
344c4d816d5ad4a8acbf9f6206247c99a3f08ea6

SHA256
4ba1b5efd58255cb4b1585bb57e4c4c71c733ea764c42a8c0d7a8e990f162507

SHA512
2a9ba37f9684770c9b6c21b7058d88797e997f345ec9ed68fe5dd2443336ca14c1e0af7c7db47b6d3b57914bfdef79786d08bd6cd6e4ddbfca8eddb13b146459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9340c2d683700e31cc9d5dd4b2133eae

SHA1
6198e4e344304066c3e06b4969366561437cc374

SHA256
c4314cb025a47a8ea09814b9d053a4fdf28c2de27e0078989c2b665491718d80

SHA512
ed9f3e2619e564058be276e06671e401565010e0d4e818a0ef7aef429e9300c50b33e6a1251a6c355558ed053d8e924b2c14eb32d5c90ca9a89f3656adfb30ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1cd5420893198cb9f649d2a36adb16b1

SHA1
1de20c796771a726fbaa9a11e4c4c447e0090c68

SHA256
80581ebaf580d65e29342dc78fec801264295a1972379b741b977c7dc12b56ba

SHA512
7741e7cc40630a0f8769b7fb6548dcd661bc1ae8a722e05c2ae7c986b0d22473f38c17bfed67ed6c471d52a45b5e834e96428bd18f4259e82857b4158d822749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584aef.TMP

Filesize
48B

MD5
a69c6be40ae728baf78bc121625e29c1

SHA1
14300a2664705d1c205516b954c01eeb764abf19

SHA256
59ab7310d7480a90b7a10b2a73f09fd8335a655d6dc16d83814e6683b0619a12

SHA512
14734a5732266bb5a0b06ba3aac53eb42c549b490bd9365fb2cac946913d11108f58651e24671cc44dd83a9ea77e48964f14d0fc074d822dc5c31cc6b0e35d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ed752f3716d0efb850cccbcd57b65e50

SHA1
2cae047f6194bd44b297ece9582bb9086420cc10

SHA256
2bce4db6afcc79337ded77b7027d4cf2170c49b2bcb5cff39f1766c473ee5c30

SHA512
b34009f9bc33733d98ee51dee0e298f79f67f20a97bb193a57868acd1fa92646d5d1c19380b0faf2b815a11068c94dc2be87651b32a302416d569af65bd99eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
228b9972fcdf59baad2dc8ef2121f78d

SHA1
c75e8af1aed89f490957c821ed6a49ccb5934d27

SHA256
a2eee26c2f7ce6791e441ee487a09ef64db9f93fd15cfd4b515108ca514299d4

SHA512
2b7b65df48fe11f349acaf4d0ec6fa702fa8492ee950d9f94aec0959567379e44c4c66e45ff7da3e4b83aeb736f13a9fa8e889658b75e81ee20366ca6283b041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
744debb61cf757518465e69fed1ad6bc

SHA1
9569ac21095047b89eb43d7d0194d57b6a068eb4

SHA256
b09b6bf846388f5f48af067322203fcec51b682de0227f1b0ef567961ddf0cbc

SHA512
5b240225646645827960a2c10f3d8e4d34c6d767ca65e8131224bb909793104b9ee527afe7a140b09869ee84d280b4e6e70d50f8bffa82a8dc6101fd7b2639e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581cab.TMP

Filesize
536B

MD5
649b35c9fe1537ca79e33a7013d73f3d

SHA1
c58e663c5ab00bedbb564356a2a791e58f6335d0

SHA256
0251fe4637137c58936b6db3cbe1b0b76ecb11d1005ae4f851adaca981056ec4

SHA512
db7ff98156c23ee290acddfb2f15206a4592cb068f34aefc76be5697da97cc36de638823867b1fb7ff74e3c9ab73ce794381230de526fab5dec479f1ca0f616a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f388604fc18d4ac3af9155433e6b9176

SHA1
2d65bc06bfc18ed8385eb287d6069dff1bc01454

SHA256
651c096051a951074c7439e6b37c4c6ea6176ea822a6cea6c3e9d3f058230bd7

SHA512
e892205a6d29818d89068f51db96d726c16b8b3f2f793ede73b53b72ec06f04a67cbaf951e6652937f7ffcfda0f5acbe99157e7be70536a88232400dac0df92e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
99871c5086b6124fd7c1edc0c524d4a3

SHA1
f54cf137feb55c9b93894b463b48a304affe9141

SHA256
4cf465ff26d6b3e79508ef6f6e54d47660e2cf78cfbd1288b8c5016a5f50fccb

SHA512
46a1609f08eb0f7f3f71e271fbe58507e714c76b3519916b5691349048bc0e0a2546826990d65c4f8fc88c801478ea3074be973149fca013114f3d1238066f5b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
77375d17a8241aa06af550428e413cee

SHA1
ec13b23081e0a9cd92ae4d944deea5f5e0f036e6

SHA256
45d3a9dec1354dbdaa71102c669564b4ed52f1981fd657550f6c1babc20982eb

SHA512
64ba1637e51aa95f61c25c46fe20e597bbcae509cb0f1cd71bf26aa1841b2bb4e06e2941a25cf94addeff2f097d84feeb7fbfbb05729f3cc921dd076e95da56c

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5hf10b3p.hgi.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\Fluxus.zip

Filesize
2.3MB

MD5
120bce5f51303d34ea3635074d5d3ebf

SHA1
1bd5dc87c2788ffe578aec388cd048930613a2da

SHA256
28e904fd216f1fa26962fa9ca0be1bf2bdb1043b72fad7fd56824aa383d4a465

SHA512
f9c300ed468bb9c202658a819902a90cf4c89e9e9d56b56ea7280f0d293b83bd8ce11e28a71d0878ba4b069c3578b2595089dab8d84387299ac977acbe27237b

Download Submit
C:\Users\Admin\Downloads\Fluxus.zip

Filesize
964KB

MD5
183c875cad6af4bb965eb89dc8624c39

SHA1
66d789fa3c86b1f3898a6b9111b9c5c139e17540

SHA256
8a93160f232b07228c53fa63a3f490acb28f9f061c1f260170cca2ba1648156a

SHA512
cfdadd4d886f6faa4a632a66fb36cb000e854af96c5d4a9f927c1c2cbdca1fca5d104cdf12786eb9e307f22e65fc1af932e11eeb65aa31f659540d8813d15de3

Download Submit
C:\Users\Admin\Downloads\Fluxus.zip:Zone.Identifier

Filesize
62B

MD5
ab5ae4c6aede1dbf44ae8e0aa7a933dc

SHA1
2279aa17a3fd6f112c74b38b0fe9e9ac0352074e

SHA256
212f021f74e1be6b5ea9dd7d46ede1ffa2d234d7b2486b4cacdb0df4b3588cdf

SHA512
52071cbd2cf8c9f990c42f52087895241d346bf782274c0d4db13f413d1fd6d5b47dc6507224b781a3afb27c69ee4349ea7251d28df0635abdc2a1d6f5382c56

Download Submit
memory/1248-720-0x0000000006750000-0x0000000006CF6000-memory.dmp

Filesize
5.6MB

Download
memory/1248-718-0x0000000005DF0000-0x0000000005E00000-memory.dmp

Filesize
64KB

Download
memory/1248-719-0x0000000005DF0000-0x0000000005E00000-memory.dmp

Filesize
64KB

Download
memory/1248-740-0x0000000074E20000-0x00000000755D1000-memory.dmp

Filesize
7.7MB

Download
memory/1248-717-0x0000000000F40000-0x0000000001334000-memory.dmp

Filesize
4.0MB

Download
memory/1248-716-0x0000000074E20000-0x00000000755D1000-memory.dmp

Filesize
7.7MB

Download
memory/1248-730-0x0000000006240000-0x00000000062D2000-memory.dmp

Filesize
584KB

Download
memory/2188-765-0x000000000BED0000-0x000000000C227000-memory.dmp

Filesize
3.3MB

Download
memory/2188-768-0x000000000C480000-0x000000000C4CC000-memory.dmp

Filesize
304KB

Download
memory/2188-746-0x0000000009D30000-0x0000000009D68000-memory.dmp

Filesize
224KB

Download
memory/2188-747-0x0000000009CF0000-0x0000000009CFE000-memory.dmp

Filesize
56KB

Download
memory/2188-748-0x000000000AB20000-0x000000000B14A000-memory.dmp

Filesize
6.2MB

Download
memory/2188-744-0x0000000009C90000-0x0000000009C98000-memory.dmp

Filesize
32KB

Download
memory/2188-757-0x000000000AAD0000-0x000000000AAEA000-memory.dmp

Filesize
104KB

Download
memory/2188-758-0x000000000B190000-0x000000000B1C6000-memory.dmp

Filesize
216KB

Download
memory/2188-759-0x000000000B850000-0x000000000BECA000-memory.dmp

Filesize
6.5MB

Download
memory/2188-760-0x000000000B270000-0x000000000B306000-memory.dmp

Filesize
600KB

Download
memory/2188-761-0x000000000B200000-0x000000000B222000-memory.dmp

Filesize
136KB

Download
memory/2188-762-0x000000000B380000-0x000000000B3E6000-memory.dmp

Filesize
408KB

Download
memory/2188-763-0x000000000B230000-0x000000000B24E000-memory.dmp

Filesize
120KB

Download
memory/2188-764-0x000000000B3F0000-0x000000000B43A000-memory.dmp

Filesize
296KB

Download
memory/2188-743-0x00000000052A0000-0x00000000052B0000-memory.dmp

Filesize
64KB

Download
memory/2188-766-0x000000000C230000-0x000000000C296000-memory.dmp

Filesize
408KB

Download
memory/2188-767-0x000000000C2A0000-0x000000000C2C2000-memory.dmp

Filesize
136KB

Download
memory/2188-745-0x00000000052A0000-0x00000000052B0000-memory.dmp

Filesize
64KB

Download
memory/2188-777-0x000000000D790000-0x000000000D7AE000-memory.dmp

Filesize
120KB

Download
memory/2188-778-0x000000000D7B0000-0x000000000D854000-memory.dmp

Filesize
656KB

Download
memory/2188-779-0x000000000D8B0000-0x000000000D8BA000-memory.dmp

Filesize
40KB

Download
memory/2188-780-0x000000000DA70000-0x000000000DA81000-memory.dmp

Filesize
68KB

Download
memory/2188-781-0x000000000DA90000-0x000000000DA9E000-memory.dmp

Filesize
56KB

Download
memory/2188-782-0x000000000DAA0000-0x000000000DAB5000-memory.dmp

Filesize
84KB

Download
memory/2188-783-0x000000000DAE0000-0x000000000DAFA000-memory.dmp

Filesize
104KB

Download
memory/2188-784-0x000000000DB00000-0x000000000DB08000-memory.dmp

Filesize
32KB

Download
memory/2188-785-0x000000000C510000-0x000000000C518000-memory.dmp

Filesize
32KB

Download
memory/2188-786-0x0000000074E20000-0x00000000755D1000-memory.dmp

Filesize
7.7MB

Download
memory/2188-787-0x00000000052A0000-0x00000000052B0000-memory.dmp

Filesize
64KB

Download
memory/2188-788-0x000000000CB20000-0x000000000CB2A000-memory.dmp

Filesize
40KB

Download
memory/2188-789-0x000000000CE80000-0x000000000CE92000-memory.dmp

Filesize
72KB

Download
memory/2188-790-0x0000000074E20000-0x00000000755D1000-memory.dmp

Filesize
7.7MB

Download
memory/2188-742-0x00000000052A0000-0x00000000052B0000-memory.dmp

Filesize
64KB

Download
memory/2188-741-0x0000000074E20000-0x00000000755D1000-memory.dmp

Filesize
7.7MB

Download