64cb9ff36c82878a84768c6eb138d2e9adf8ed9df0eb58cfe44ada8bc56f6060

Analysis

max time kernel
77s
max time network
78s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2024, 18:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

FluxTeamB/BootStrapper.exe
Size

149KB
MD5

dd742c42283806d63458be56a64ea254
SHA1

bb252ef14c278321b1a6f474a686e224269dd457
SHA256

cf4afbbe58f7a6d7f1888b0a0e2da4f57da6d3ea329dc577c230b806f74aba26
SHA512

7b3a2ca8518f5cd27de93733bf20958053fac4bcd00039f8f73979fcf8fc2e6393dcc7f10bed0971cac15d090375b7292ad9fcc425e29687b04f8b033b197121
SSDEEP

3072:+czkitvo4BpYN/6mBPry8TXROLdW5m4mURp9OOGF0kmGwY:+A4NCmBPry/N2NOOInw

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
724	FluxTeam.exe

Loads dropped DLL 4 IoCs

pid	Process
724	FluxTeam.exe
724	FluxTeam.exe
724	FluxTeam.exe
724	FluxTeam.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
24	pastebin.com
25	pastebin.com
207	discord.com
208	discord.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
103	api.ipify.org
105	api.ipify.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FluxTeam.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2412658365-3084825385-3340777666-1000\{3DB2973F-65C7-4F4B-AA6E-D3E5D21E0B4E}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 37 IoCs

pid	Process
3756	msedge.exe
3756	msedge.exe
4288	msedge.exe
4288	msedge.exe
4332	msedge.exe
4332	msedge.exe
1384	identity_helper.exe
1384	identity_helper.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	724	FluxTeam.exe
Token: SeDebugPrivilege	5512	taskmgr.exe
Token: SeSystemProfilePrivilege	5512	taskmgr.exe
Token: SeCreateGlobalPrivilege	5512	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe
5512	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3372 wrote to memory of 724	3372	BootStrapper.exe	94
PID 3372 wrote to memory of 724	3372	BootStrapper.exe	94
PID 3372 wrote to memory of 724	3372	BootStrapper.exe	94
PID 724 wrote to memory of 4288	724	FluxTeam.exe	96
PID 724 wrote to memory of 4288	724	FluxTeam.exe	96
PID 4288 wrote to memory of 1884	4288	msedge.exe	97
PID 4288 wrote to memory of 1884	4288	msedge.exe	97
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 932	4288	msedge.exe	98
PID 4288 wrote to memory of 3756	4288	msedge.exe	99
PID 4288 wrote to memory of 3756	4288	msedge.exe	99
PID 4288 wrote to memory of 4864	4288	msedge.exe	100
PID 4288 wrote to memory of 4864	4288	msedge.exe	100
PID 4288 wrote to memory of 4864	4288	msedge.exe	100
PID 4288 wrote to memory of 4864	4288	msedge.exe	100
PID 4288 wrote to memory of 4864	4288	msedge.exe	100
PID 4288 wrote to memory of 4864	4288	msedge.exe	100
PID 4288 wrote to memory of 4864	4288	msedge.exe	100
PID 4288 wrote to memory of 4864	4288	msedge.exe	100
PID 4288 wrote to memory of 4864	4288	msedge.exe	100
PID 4288 wrote to memory of 4864	4288	msedge.exe	100
PID 4288 wrote to memory of 4864	4288	msedge.exe	100
PID 4288 wrote to memory of 4864	4288	msedge.exe	100
PID 4288 wrote to memory of 4864	4288	msedge.exe	100
PID 4288 wrote to memory of 4864	4288	msedge.exe	100
PID 4288 wrote to memory of 4864	4288	msedge.exe	100

C:\Users\Admin\AppData\Local\Temp\FluxTeamB\BootStrapper.exe
"C:\Users\Admin\AppData\Local\Temp\FluxTeamB\BootStrapper.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3372
- C:\FluxTeam\FluxTeam\FluxTeam.exe
  "C:\FluxTeam\FluxTeam\FluxTeam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://link-hub.net/336183/fluxteamexecuter
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffaaa6246f8,0x7ffaaa624708,0x7ffaaa624718
      4⤵
      PID:1884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
      4⤵
      PID:932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
      4⤵
      PID:4864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
      4⤵
      PID:4784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
      4⤵
      PID:4432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
      4⤵
      PID:1356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
      4⤵
      PID:2780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
      4⤵
      PID:1960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5668 /prefetch:8
      4⤵
      PID:3908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5640 /prefetch:8
      4⤵
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      PID:4332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
      4⤵
      PID:1976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
      4⤵
      PID:3312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
      4⤵
      PID:2824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
      4⤵
      PID:1880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
      4⤵
      PID:3592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
      4⤵
      PID:4076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
      4⤵
      PID:5088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
      4⤵
      PID:3188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
      4⤵
      PID:1880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
      4⤵
      PID:2840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
      4⤵
      PID:4532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
      4⤵
      PID:2172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
      4⤵
      PID:4184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
      4⤵
      PID:4372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6328 /prefetch:8
      4⤵
      PID:2824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6328 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
      4⤵
      PID:1820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6770939436943595124,8037852669450551683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
      4⤵
      PID:1680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1976

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5512

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\FluxTeam\FluxTeam\FluxTeam.exe

Filesize
443KB

MD5
b6e04da5eede61b18938203e5c46a5d8

SHA1
a7d3bad06862f78635a78e6298f0a0507234bcbe

SHA256
36fd27ba0feb91f99c1fc416d5314f5b52f2173615037064da6106c53233a4b6

SHA512
9f432c830c82ac1a4e3ae2a7d975060be21209bafad82243a86e52cda3ce5f296abdf93bd727f263bae7f9f64cae87ce3c354670726f5e0a6256cf77069d2c16

Download Submit
C:\FluxTeam\FluxTeam\FluxTeam.exe.config

Filesize
184B

MD5
13ff21470b63470978e08e4933eb8e56

SHA1
3fa7077272c55e85141236d90d302975e3d14b2e

SHA256
16286566d54d81c3721f7ecf7f426d965de364e9be2f9e628d7363b684b6fe6a

SHA512
56d0e52874744df091ba8421eeda9c37854ece32a826bd251f74b88b6334df69736b8cd97104e6e7b2279ef01d2144fee100392744cc1afb7025ebbad5c307a8

Download Submit
C:\FluxTeam\FluxTeam\Guna.UI2.dll

Filesize
3.8MB

MD5
846a7e5993282e220b26b82e7a39a40a

SHA1
e37fe15d2fb33753c042e16d1d008d412e7d99e7

SHA256
5613682635617cd43720807448f69b10090932e8571a358b92361d2a2c7a4597

SHA512
fcf608391d7f8406bb538aca0e9dafb804cceda6c590dcd98d684645bc3bfc0c1d43455a74854988b4b30e56a68ef8be886e92e993f1504b49f0e4baa1c0cc0b

Download Submit
C:\FluxTeam\FluxTeam\Siticone.UI.dll

Filesize
1.3MB

MD5
750c58af2e56b6addecffcf152520ab8

SHA1
14995e7f1d12498606d9d209d78d55fe6fd87802

SHA256
27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26

SHA512
2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5

Download Submit
C:\FluxTeam\FluxTeam\workspace\.tests\isfile.txt

Filesize
7B

MD5
260ca9dd8a4577fc00b7bd5810298076

SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6

SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
70KB

MD5
4058c842c36317dcd384b6c2deaa8b95

SHA1
1085ddb12b29b79ffe51937ba9cd1957e5e229b4

SHA256
0e562969cad63d217848a5080273d1745dc4277d210b68a769c822f2fbfd75f6

SHA512
435a67024811360b12339e3916945b0639e2d9319e9d540b73e093848a467b030e91e01917b7fb804eb756dabce2fe53c2d7ea586554ee6cfee70e652a85924a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
41KB

MD5
f3d0a156d6ecb39d1805d60a28c8501d

SHA1
d26dd641e0b9d7c52b19bc9e89b53b291fb1915c

SHA256
e8be4436fcedf9737ea35d21ec0dcc36c30a1f41e02b3d40aa0bfa2be223a4a3

SHA512
076acfd19e4a43538f347ab460aa0b340a2b60d33f8be5f9b0ef939ef4e9f365277c4ff886d62b7edb20a299aacf50976321f9f90baba8ccd97bc5ac24a580bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
38KB

MD5
bff21faca239119a0a3b3cf74ea079c6

SHA1
60a40c7e60425efe81e08f44731e42b4914e8ddf

SHA256
8ea48b2ac756062818bd4ee2d289b88d0d62dc42a36cb6eee5bdd2ff347816c7

SHA512
f9e5baefacae0cdb7b9c93afc43ad6ec3902b28c0cdf569e1a7013f4e5c8dfb7b389b5e2bc724b4ddfe554437320f4f2cc648642944c6f48ad2a78815acd9658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
1.2MB

MD5
540af416cc54fd550dcdd8d00b632572

SHA1
644a9d1dfcf928c1e4ed007cd50c2f480a8b7528

SHA256
e4e53d750c57e4d92ab9de185bb37f5d2cc5c4fcc6a2be97386af78082115cbb

SHA512
7692e046e49fcde9c29c7d6ea06ed4f16216ec9fb7ea621d3cc4493364743c03925e74244785588d1a4bfc2bedd32b41e7e66e244990d4076e781d7f4bbb270f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
26KB

MD5
97a3bed6457d042c94c28ed74ec2d887

SHA1
02ce7a6171fb1261fde13a8c7cbb58992e9d5299

SHA256
ae56cf83207570afbb8a6ab7cbc4128b37f859cb6f55661e69e97a3314c02f67

SHA512
6c8cf955ec73ad9d97bbb36c7ce723bfa58c9aef849aa775ee64ce15afa70afb40e8cd45989dadec420d2e8edda9ec0f05cc76a0602df0b6c4e5d45de0f4ce7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
27KB

MD5
fce654b5b4a84d77e847a5e4dc25dc04

SHA1
d6e63b106e1177dc6cc3cf907d163c6eeb1e4db5

SHA256
c586aa0758a25df7c41c63d2db6edd36026989edb2aa6160eb95e3848d55933c

SHA512
d217c0bba314b54a76e4aa64013867b560d7109432a37c2ea8160e0f476a1507a1e0d04719ca4d520ff287f1ab0debd053a6f1d04b4e233a14dcf86394c694ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3f2c62e7fcee61b5b68382aeea56bcf0

SHA1
0709097238d3780feab0b0b2d58db94716ca1b55

SHA256
c8059e4d220509f03530c1687235816ec38a37d0ef32f71918ea15e0121bf7de

SHA512
95b830f3d84417683b7f438d94e5663643e85f483124cb8029e734fa7e5f47c6145a4af4db3438f82ab5a540a15a958e6c4249da0555aae15a2698a71542a913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
41647b50dab12461c92a48ba633c785d

SHA1
eb2c49ee55c0499546dfe1934f1653424986b79e

SHA256
585189178a4a5e17a8d8f33b5867d2e9c82faabc479569e83d26e7a2cecb67ae

SHA512
a8fc8aa44fa99363443ebf69a226f9675fb5b9a373e2f6649ed1ac4fdbbd7d9d24b0d8dfa76d659a9063f725eeb84db92abc9918da2af23f9fdb6620e9c5976d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
04220314f03bd18b3efce91666b9862f

SHA1
1021d8d90780ee2787f40ad1cd2f7978b0c85497

SHA256
8028a542377420e905af5dd2d2044e6fc4bb243977da8ba81cc52e388fe88f57

SHA512
3a8b90c7286aad40be7ccabcead853aa9ca2222d1075b4c3ba8551f2f779d34e433327935e09521be5ca3c3e74ecff37a58c6fec6bcdc614da89ab8182b6a586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
122c92b4bb4fe1e51ffe8d5ad206a6b2

SHA1
f41b1b1911cb761a155dcdb27285b8ef8573ee38

SHA256
20c37c1ac33206638664184d08946858a8f0a103d88e439ed292e2c32c28fef0

SHA512
74d0ecab7b1854facd0723ab45ae194a03bd0b3ccbdd8afb51949cdada7a57692d23b1e8c50248cbf125e291561f50e20af71933386236ead7d7134a87efed50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f7a3a9784391dd7e586c30f942faf18c

SHA1
e31813304c6202b43b27a76398dc520ab5a6d391

SHA256
c966d187f280c5a03d9200b5099e786e5aa498abd19c81a32e3bdbcf2b1c994a

SHA512
13d13ea8e48c6c2dcbaba592f6a8d00ee42f5f138a5794540f39c97a7602a3437c0defe9dd253f4779705bfaebbca4afbe7a3714492632c5cbcab7fa3842bfd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
372527ef5c29506126d2006b9e202ec5

SHA1
0826b36b86e562314a42ee6881024fa1e3d777fe

SHA256
17a2c2b363eaa48059e5e23bb52fa9b1da36ecea43b7b69374a028870d38fd73

SHA512
f8aef4a91a71ca4e84319fef6ba1e363301156232bb5eb0b47300f021db1c806652285c0094a60768936ac8ca1d5e2f19e3247de445ee5a124a6bfe861de58b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a92ce1dc6c02ed41253f60af0e3e7741

SHA1
117374135e307fead589e25524088d5a24df5e1c

SHA256
1487407b55b18cb60d6a8e3ae43d6c4a5a87aef7f97e9b83ac364b4c913dca34

SHA512
69ff47dab7f231fd53453306973ee2f2db32038f86fb6e4f6d96fc553f8c7859703b6686d5161fb8c3fc093b737bb33f1791966104b2ea53c05d07fb922b0aa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\67dfec0b-27ef-489d-90ad-a3a95da033e6\index-dir\the-real-index

Filesize
3KB

MD5
59a8c92499eacf00005a5db44ebea176

SHA1
0cd024e0a4992e87871a61dc96703b80f9d5b0b8

SHA256
e184868bf4fc3d78faf2c5d2de056afc3467e72d85f52051eb1a97e765d4cfc2

SHA512
1cd8594efadf8a866e069fc3c0cd4b6cedfd834ec2cafdca4f58e9742d3afccd3c876d269ebe82d036ff564797f1cc5ea3c9c63fb0489c3424c187b9d52ecf82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\67dfec0b-27ef-489d-90ad-a3a95da033e6\index-dir\the-real-index~RFe5888a3.TMP

Filesize
48B

MD5
eda5e628c3c15c8132b1289a062eaca2

SHA1
f794b02e1e9d636aa63c1b02992f091f70f06915

SHA256
f809e9e5508711f64b609af50eb1fcdae8820e7525928f8d3b1fb2839a9d4899

SHA512
de114601058aae3289e67921edffbedee236f270860f25b661b51e676d4d9a85038210e57914ba2cdb13d0f1ed49e2644b3c32bfbd70181905e7e2a796a9d733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\daa469a1-27bb-41a8-a771-9ba22412c5ed\925a02cd30dd2ad1_0

Filesize
86KB

MD5
7c04c914bc46b2d197cbdfb5053247ef

SHA1
98ab1729f813b7918433b78c59706039e4f27674

SHA256
0c75d89a0556426d047194b9a46f95f850b237faa4a7a68e041ba24bc5f6e6f9

SHA512
adb8c2be208bb56feb2a07e46a3af9daf6c590755f05d037c372a646debfcdd505eecf764b0d5b0c2f3a86c964833b0e3adb695303add49d2a3d8862603d56fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\daa469a1-27bb-41a8-a771-9ba22412c5ed\index-dir\the-real-index

Filesize
72B

MD5
3cadacfb9c7712891cb8b0fb918cad59

SHA1
adaed0a830ce8982df146d028f126921b0fe51b0

SHA256
15669227df267275e1024c6310b5bf9c1fcd81233a0118dbfbd4faf1619dab8f

SHA512
3d5ea8038ced8f9c7fa6a1fa593615ec645df98cf0e7e065810fd232cfcf0625ce21585ad47cb35912bc77c794c6f3dabace4bba1cfd2a0fd9c85ba127e64e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\daa469a1-27bb-41a8-a771-9ba22412c5ed\index-dir\the-real-index~RFe5888a3.TMP

Filesize
48B

MD5
3aaa6a96f7c4780dd7534d9cb4729455

SHA1
92972efb8b092d1ce2e0f4cb51e755a340a722df

SHA256
a9ae7965b8c4c90d050d38214519adb0d28b9868f928a39aaeafd48f1b79b565

SHA512
2d426e450259cfee10da1862072c4055eba6ab0a0f78b919c133febaf0b1f5345e065f66fbce110ec5aafbeea981e98c08d141157c2fdb6bc1947e915c9deae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

Filesize
86B

MD5
8fc072dbec47274adb292c0fd70bc73d

SHA1
198aa74fed55309531e0398e42c8ebb5736e8c10

SHA256
79a70cd147a988cc2730602f01dcbaca1b1725cc7645a36b933a4e6b016cc9f8

SHA512
93ba57cc992e06758b032c5b83ed8e43c08e9120d3218db057b67d6023b76542f0f62842c50c299f156a51b28608caca8f447d9263b3eb9a2cd51e7d8fe5f133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

Filesize
176B

MD5
fc9963bd511e6f8ba4999ee6d7cb068a

SHA1
23e56ce0ea21c6d33d7f4012fc23abf5acaab463

SHA256
30a64b8b74c447fc427fa396204edbbc17601f356522f21f325212422dfcd2d4

SHA512
487da63658f02a6a0b55895fade80e510658a7468367ef55be3c010c1ceea11136ce31ae725400d56ce65be75b36ceab72471534e793e8d34822dbddf91042e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

Filesize
236B

MD5
f4fee9115a84ccfebfc4ca3067aa6251

SHA1
6bebbd09862de63dc5a2f5596c9ac2a1358466df

SHA256
329e801b4c590ebedc6cef03ae9bbb2b3b5acb524cf8b1b25677d2b3178ce0f7

SHA512
648aa681ebfdeef6364420b417f751be279f24a0dc3b7aa26b578461de9f825e529c9b98b20012bc75485d8ac05d1c5fcbe0b68422c1bd1e20b0a45ed1ce3017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

Filesize
229B

MD5
47ab3077facd20ac8376bb7f56519674

SHA1
9f670c6d0e8ef01a45b379de208769a7cb8bd5cc

SHA256
2664d0a76f7eed00bf61a1db527c8b01b33c0bdc34b76d904797615cd87d08c4

SHA512
3f9fc0d3cdcbef0c980f7468078a48a5d53ee89f3c1d4738125ab13534432dc11c5bcce33d93cbb7162a205a8ab1172ba55f63dd3920491adec24d56b2cbedd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
3a27743c8a09d734dd5746eb16c852a6

SHA1
573bfb13a4497ca27d93f035966c763f74cebaeb

SHA256
5bd919ac1a897bf7c8107dc7bb78d9889476776bc02fdd7ff7287e427f39db31

SHA512
02e88b20e058cc83d43a2e54ce8e83fc4d4569249131569dff42177f50f0595de33375056d6a4f4a0f12dcfcdfe669998c5bfe356839f6f3d2471c11eae52f19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5859d3.TMP

Filesize
48B

MD5
a6d5b8977b75ec5b3a9f07dd38327467

SHA1
f05997818eb809278ce5956b532c4ee155a7b731

SHA256
05eed91333cc97c752ae71ed326165f650c7d47d418e31b9ee7261431ccfaacb

SHA512
4f71e1d8507fdf3033c5b7ad4e0869bcfd4498810846241e7868c2a439382dfb8e74235638805af3bcc55674bdb676f793f984f2ddc7dd5dbd82a9987ce5ce71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
86c85d789a12606af32d8de1778c69c2

SHA1
22249414af0984ef7189e805b5f5e50e89ae8e35

SHA256
1d66466062b03ffd46fe6e4f2e3365df722f0c1e2510f30a70bb74418bf5d192

SHA512
8ccf6fe896065e3135056246665e555c11d0165890f8807c5953e5bf1cdeb247c047c9b2d668696af1933d63c14b387efbda0085e6e5a9f34fd35504c97879e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e93fde2e4df16ea3882ba638798f6aee

SHA1
79e1245fc7468d4f8238d4416f39d0f19db9e8c2

SHA256
7aa9ba58bb4e5c77890637fbc3124cf2346759b8353d2c8c8dd2e4dfe8a6d0b6

SHA512
63e72aebc2aa4ede353a577d9c4cd4d492f0fc84814e24ec79bac452c3e393decaf74e628dbb6338d841b646c87985141b0b65af37d35f2adf7b9f391051742f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5813b2.TMP

Filesize
1KB

MD5
a01ea03008d9af2ef3f127bf13bb0305

SHA1
462671cdd2e6dec7f44588014079df3d31b98c52

SHA256
49f708751f429e33144d74c0cc34f5e17c015a1007ca23ef91c30acb853954f3

SHA512
654bc5ba64dba605887ba846fe131cd6f9f09ed086f3b088095701d464243ad3a30aeb2f1ba6e47320e7c2ba970e124d0a898870270a4aae0ad158363e36b114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
93497fed1a364ad9fb4ba4b8d1187a0c

SHA1
81efe2efb1c13b9d0597d2a582ff1eab8548774e

SHA256
f14012d38777b86b0a217285e13105b64df13d392372c8e00322377dc0b7a8fb

SHA512
6d5ea3c7ea22113f0866f19b01258d129a4c7db0cb334c2ae429b896507156880222bb5b9a44080314ad87650a6d764323bc06f6546a6a92d6b2810d135c1cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
527207b52c71229dbe2778d6cafb3c9b

SHA1
03d74100b6fa958f74bdc96b9b2d6f5dbe78c2bd

SHA256
cfa469338a6053ff5cd8e3d28298caa89a8dd26cfb8f5980a227144de6cf9803

SHA512
312fb4b5576e1c5c053b06e982cbcdb46c0960382d860245b76e022069da2cdb616d0cd0a09bfba58338b793a2d376f51df7ffae36a3f8acfa748fbaf53f94fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1d96c8a6785f0767ea806a9980ea9921

SHA1
58982077eb98af1a825ce3dec448175c71647c73

SHA256
7597e8720f1edfea42e4975be4676fe6f1e33d328c256a3a9dfebe79ab52a448

SHA512
250c5fdb694b9a2e787602379246545e1d5441e9e3799b95f910a56dc3b8337627068c8d2fb9eefc4616d52de19862b8d77f853065d45d8880c6131d29f110b8

Download Submit
memory/724-198-0x0000000074E50000-0x0000000075600000-memory.dmp

Filesize
7.7MB

Download
memory/724-183-0x0000000074E5E000-0x0000000074E5F000-memory.dmp

Filesize
4KB

Download
memory/724-184-0x0000000000F80000-0x0000000000FF4000-memory.dmp

Filesize
464KB

Download
memory/724-185-0x0000000005F70000-0x0000000006514000-memory.dmp

Filesize
5.6MB

Download
memory/724-186-0x00000000059C0000-0x0000000005A52000-memory.dmp

Filesize
584KB

Download
memory/724-187-0x0000000074E50000-0x0000000075600000-memory.dmp

Filesize
7.7MB

Download
memory/724-188-0x0000000005B50000-0x0000000005B5A000-memory.dmp

Filesize
40KB

Download
memory/724-192-0x0000000006900000-0x0000000006CD6000-memory.dmp

Filesize
3.8MB

Download
memory/724-196-0x0000000006670000-0x00000000067BE000-memory.dmp

Filesize
1.3MB

Download
memory/724-197-0x0000000006530000-0x0000000006544000-memory.dmp

Filesize
80KB

Download
memory/724-244-0x0000000074E50000-0x0000000075600000-memory.dmp

Filesize
7.7MB

Download
memory/724-223-0x0000000074E5E000-0x0000000074E5F000-memory.dmp

Filesize
4KB

Download
memory/3372-0-0x00007FFAAA44B000-0x00007FFAAA44C000-memory.dmp

Filesize
4KB

Download
memory/3372-1-0x00007FFAAA44B000-0x00007FFAAA44C000-memory.dmp

Filesize
4KB

Download
memory/5512-1057-0x00000207AA8C0000-0x00000207AA8C1000-memory.dmp

Filesize
4KB

Download
memory/5512-1050-0x00000207AA8C0000-0x00000207AA8C1000-memory.dmp

Filesize
4KB

Download
memory/5512-1051-0x00000207AA8C0000-0x00000207AA8C1000-memory.dmp

Filesize
4KB

Download
memory/5512-1052-0x00000207AA8C0000-0x00000207AA8C1000-memory.dmp

Filesize
4KB

Download
memory/5512-1058-0x00000207AA8C0000-0x00000207AA8C1000-memory.dmp

Filesize
4KB

Download
memory/5512-1059-0x00000207AA8C0000-0x00000207AA8C1000-memory.dmp

Filesize
4KB

Download
memory/5512-1060-0x00000207AA8C0000-0x00000207AA8C1000-memory.dmp

Filesize
4KB

Download
memory/5512-1061-0x00000207AA8C0000-0x00000207AA8C1000-memory.dmp

Filesize
4KB

Download
memory/5512-1062-0x00000207AA8C0000-0x00000207AA8C1000-memory.dmp

Filesize
4KB

Download
memory/5512-1063-0x00000207AA8C0000-0x00000207AA8C1000-memory.dmp

Filesize
4KB

Download