hxxps://wearedevs[.]net/exploits

Analysis

max time kernel
415s
max time network
422s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04/09/2024, 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wearedevs.net/exploits

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3920	FluxTeam.exe

Loads dropped DLL 4 IoCs

pid	Process
3920	FluxTeam.exe
3920	FluxTeam.exe
3920	FluxTeam.exe
3920	FluxTeam.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
323	pastebin.com
324	pastebin.com
2	pastebin.com
14	raw.githubusercontent.com
61	raw.githubusercontent.com
91	pastebin.com
322	pastebin.com

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
182	api.ipify.org
266	api.ipify.org
112	api.ipify.org
124	api.ipify.org

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Windows directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2008	3920	WerFault.exe	123

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FluxTeam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1100	msedgewebview2.exe
4524	msedgewebview2.exe
3444	msedgewebview2.exe
4692	msedgewebview2.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\FluxTeam.exe = "11001"	FluxTeam.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133699621412080416"	chrome.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2227988167-2813779459-4240799794-1000\{C6AF2770-921D-4BED-B969-C2BB93E1E177}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\FluxTeamB.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\CeleryLatest.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2472	chrome.exe
2472	chrome.exe
1844	msedgewebview2.exe
1844	msedgewebview2.exe
3444	msedgewebview2.exe
3444	msedgewebview2.exe
968	CeleryApp.exe
968	CeleryApp.exe
3208	msedge.exe
3208	msedge.exe
3576	msedge.exe
3576	msedge.exe
644	msedge.exe
644	msedge.exe
5104	identity_helper.exe
5104	identity_helper.exe
4900	chrome.exe
4900	chrome.exe
5216	chrome.exe
5216	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
940	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 42 IoCs

pid	Process
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
4092	msedgewebview2.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe
Token: SeShutdownPrivilege	2472	chrome.exe
Token: SeCreatePagefilePrivilege	2472	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
4092	msedgewebview2.exe
4092	msedgewebview2.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
2472	chrome.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe

Suspicious use of SetWindowsHookEx 33 IoCs

pid	Process
2424	BootStrapper.exe
1932	BootStrapper.exe
5104	identity_helper.exe
940	OpenWith.exe
940	OpenWith.exe
940	OpenWith.exe
940	OpenWith.exe
940	OpenWith.exe
940	OpenWith.exe
940	OpenWith.exe
940	OpenWith.exe
940	OpenWith.exe
940	OpenWith.exe
940	OpenWith.exe
6040	OpenWith.exe
6040	OpenWith.exe
6040	OpenWith.exe
6040	OpenWith.exe
6040	OpenWith.exe
1060	OpenWith.exe
1060	OpenWith.exe
1060	OpenWith.exe
1060	OpenWith.exe
1060	OpenWith.exe
5004	OpenWith.exe
2248	OpenWith.exe
2248	OpenWith.exe
2248	OpenWith.exe
2248	OpenWith.exe
2248	OpenWith.exe
3920	FluxTeam.exe
3920	FluxTeam.exe
4120	BootStrapper.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 3968	2472	chrome.exe	81
PID 2472 wrote to memory of 3968	2472	chrome.exe	81
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 2772	2472	chrome.exe	82
PID 2472 wrote to memory of 4580	2472	chrome.exe	83
PID 2472 wrote to memory of 4580	2472	chrome.exe	83
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84
PID 2472 wrote to memory of 3404	2472	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://wearedevs.net/exploits
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8ea6cc40,0x7fff8ea6cc4c,0x7fff8ea6cc58
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,16144025378750189015,528520742755312327,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,16144025378750189015,528520742755312327,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2144,i,16144025378750189015,528520742755312327,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2360 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,16144025378750189015,528520742755312327,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3056,i,16144025378750189015,528520742755312327,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4344,i,16144025378750189015,528520742755312327,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4584 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4776,i,16144025378750189015,528520742755312327,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4928,i,16144025378750189015,528520742755312327,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5032,i,16144025378750189015,528520742755312327,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4916,i,16144025378750189015,528520742755312327,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5140,i,16144025378750189015,528520742755312327,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3484,i,16144025378750189015,528520742755312327,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4940,i,16144025378750189015,528520742755312327,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4580 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5056,i,16144025378750189015,528520742755312327,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3136,i,16144025378750189015,528520742755312327,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5756,i,16144025378750189015,528520742755312327,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5260,i,16144025378750189015,528520742755312327,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4396

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:552

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2164

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3076

C:\Users\Admin\Downloads\CeleryLatest\CeleryApp.exe
"C:\Users\Admin\Downloads\CeleryLatest\CeleryApp.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:968
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=CeleryApp.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=968.1932.330623962203559768
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:4092
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x1d0,0x7fff76313cb8,0x7fff76313cc8,0x7fff76313cd8
    3⤵
    PID:3216
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1764,17358612222798280102,5460687505589901377,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\EBWebView" --webview-exe-name=CeleryApp.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4692
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1764,17358612222798280102,5460687505589901377,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\EBWebView" --webview-exe-name=CeleryApp.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2112 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1844
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1764,17358612222798280102,5460687505589901377,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\EBWebView" --webview-exe-name=CeleryApp.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2496 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:1100
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1764,17358612222798280102,5460687505589901377,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\EBWebView" --webview-exe-name=CeleryApp.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4524
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1764,17358612222798280102,5460687505589901377,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\EBWebView" --webview-exe-name=CeleryApp.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4016 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3424

C:\Users\Admin\Downloads\FluxTeamB\FluxTeamB\BootStrapper.exe
"C:\Users\Admin\Downloads\FluxTeamB\FluxTeamB\BootStrapper.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2424

C:\Users\Admin\Downloads\FluxTeamB\FluxTeamB\BootStrapper.exe
"C:\Users\Admin\Downloads\FluxTeamB\FluxTeamB\BootStrapper.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1932
- C:\FluxTeam\FluxTeam\FluxTeam.exe
  "C:\FluxTeam\FluxTeam\FluxTeam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://link-hub.net/336183/fluxteamexecuter
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:3576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76313cb8,0x7fff76313cc8,0x7fff76313cd8
      4⤵
      PID:2640
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
      4⤵
      PID:4500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
      4⤵
      PID:884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
      4⤵
      PID:2736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
      4⤵
      PID:4088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
      4⤵
      PID:3096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
      4⤵
      PID:1096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
      4⤵
      PID:3872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6268 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:5104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
      4⤵
      PID:2684
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
      4⤵
      PID:2004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
      4⤵
      PID:2484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
      4⤵
      PID:1268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
      4⤵
      PID:1076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1744 /prefetch:8
      4⤵
      PID:5528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
      4⤵
      PID:5408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
      4⤵
      PID:5180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
      4⤵
      PID:5460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
      4⤵
      PID:5696
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
      4⤵
      PID:1800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,4347693827834191559,13514670081159657397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
      4⤵
      PID:5924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://link-hub.net/336183/fluxteamexecuter
    3⤵
    PID:5468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76313cb8,0x7fff76313cc8,0x7fff76313cd8
      4⤵
      PID:5488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://link-hub.net/336183/fluxteamexecuter
    3⤵
    PID:1100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0x94,0x128,0x7fff76313cb8,0x7fff76313cc8,0x7fff76313cd8
      4⤵
      PID:5432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://link-hub.net/336183/fluxteamexecuter
    3⤵
    PID:5752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7fff76313cb8,0x7fff76313cc8,0x7fff76313cd8
      4⤵
      PID:5776
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument https://link-hub.net/336183/fluxteamexecuter
    3⤵
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of SendNotifyMessage
    PID:5216
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff8ea6cc40,0x7fff8ea6cc4c,0x7fff8ea6cc58
      4⤵
      PID:5868
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,1116260983494893424,13390642931077889485,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=1968 /prefetch:2
      4⤵
      PID:5408
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1824,i,1116260983494893424,13390642931077889485,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=2008 /prefetch:3
      4⤵
      PID:652
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2152,i,1116260983494893424,13390642931077889485,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=2248 /prefetch:8
      4⤵
      PID:6000
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,1116260983494893424,13390642931077889485,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=3160 /prefetch:1
      4⤵
      PID:4404
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,1116260983494893424,13390642931077889485,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=3212 /prefetch:1
      4⤵
      PID:1576
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3572,i,1116260983494893424,13390642931077889485,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=4460 /prefetch:1
      4⤵
      PID:1700
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4440,i,1116260983494893424,13390642931077889485,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=3224 /prefetch:1
      4⤵
      PID:2336
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4180,i,1116260983494893424,13390642931077889485,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=4788 /prefetch:8
      4⤵
      PID:940
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3804,i,1116260983494893424,13390642931077889485,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=4812 /prefetch:8
      4⤵
      Modifies registry class
      PID:5856
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5456,i,1116260983494893424,13390642931077889485,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=5500 /prefetch:8
      4⤵
      PID:5236
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,1116260983494893424,13390642931077889485,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=4900 /prefetch:8
      4⤵
      PID:2400
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4880,i,1116260983494893424,13390642931077889485,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=4336 /prefetch:1
      4⤵
      PID:5096
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4904,i,1116260983494893424,13390642931077889485,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=5084 /prefetch:1
      4⤵
      PID:1972
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 2892
    3⤵
    - Program crash
    PID:2008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8ea6cc40,0x7fff8ea6cc4c,0x7fff8ea6cc58
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1776,i,4295422765854696639,2319871662930743539,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1768 /prefetch:2
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,4295422765854696639,2319871662930743539,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,4295422765854696639,2319871662930743539,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,4295422765854696639,2319871662930743539,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,4295422765854696639,2319871662930743539,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4444,i,4295422765854696639,2319871662930743539,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4936,i,4295422765854696639,2319871662930743539,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3764,i,4295422765854696639,2319871662930743539,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5148,i,4295422765854696639,2319871662930743539,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,4295422765854696639,2319871662930743539,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4932,i,4295422765854696639,2319871662930743539,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4320,i,4295422765854696639,2319871662930743539,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5372,i,4295422765854696639,2319871662930743539,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:5556

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2832

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2832

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3904

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:4308

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:5420

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:940

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6040

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1060

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5004

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3920 -ip 3920
1⤵
PID:1672

C:\Users\Admin\Downloads\FluxTeamB\FluxTeamB\BootStrapper.exe
"C:\Users\Admin\Downloads\FluxTeamB\FluxTeamB\BootStrapper.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\FluxTeam\FluxTeam.zip

Filesize
17.3MB

MD5
7922ec6ac4975a684dee90bffc77cea2

SHA1
49f58b385a0389cfab68dbb5b521d9b6394039c7

SHA256
bbb1946b30acecd8e3c2dcf60105df4c5e222fc17a8a2f0a1e768cc8984ce4e7

SHA512
a79ab7f2e68c96f670c4993655f1c2a7436b88de15a01eaa9a33e99d1f14bfaba8d2e5b897fc34692be7537aa7355b2642146fa4a00e70f4cdaf2bfc68fc0847

Download Submit
C:\FluxTeam\FluxTeam\FluxTeam.exe

Filesize
443KB

MD5
b6e04da5eede61b18938203e5c46a5d8

SHA1
a7d3bad06862f78635a78e6298f0a0507234bcbe

SHA256
36fd27ba0feb91f99c1fc416d5314f5b52f2173615037064da6106c53233a4b6

SHA512
9f432c830c82ac1a4e3ae2a7d975060be21209bafad82243a86e52cda3ce5f296abdf93bd727f263bae7f9f64cae87ce3c354670726f5e0a6256cf77069d2c16

Download Submit
C:\FluxTeam\FluxTeam\FluxTeam.exe.config

Filesize
184B

MD5
13ff21470b63470978e08e4933eb8e56

SHA1
3fa7077272c55e85141236d90d302975e3d14b2e

SHA256
16286566d54d81c3721f7ecf7f426d965de364e9be2f9e628d7363b684b6fe6a

SHA512
56d0e52874744df091ba8421eeda9c37854ece32a826bd251f74b88b6334df69736b8cd97104e6e7b2279ef01d2144fee100392744cc1afb7025ebbad5c307a8

Download Submit
C:\FluxTeam\FluxTeam\Guna.UI2.dll

Filesize
3.8MB

MD5
846a7e5993282e220b26b82e7a39a40a

SHA1
e37fe15d2fb33753c042e16d1d008d412e7d99e7

SHA256
5613682635617cd43720807448f69b10090932e8571a358b92361d2a2c7a4597

SHA512
fcf608391d7f8406bb538aca0e9dafb804cceda6c590dcd98d684645bc3bfc0c1d43455a74854988b4b30e56a68ef8be886e92e993f1504b49f0e4baa1c0cc0b

Download Submit
C:\FluxTeam\FluxTeam\Siticone.UI.dll

Filesize
1.3MB

MD5
750c58af2e56b6addecffcf152520ab8

SHA1
14995e7f1d12498606d9d209d78d55fe6fd87802

SHA256
27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26

SHA512
2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5

Download Submit
C:\FluxTeam\FluxTeam\workspace\.tests\isfile.txt

Filesize
7B

MD5
260ca9dd8a4577fc00b7bd5810298076

SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6

SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

Filesize
471B

MD5
e73d5dabaa4a6fa94ec04726eb6da52d

SHA1
cde98e01ed08cb18665258da65c20b40804f1df6

SHA256
98f280760fdda7416f4ef7cb4feebe0f517f48b0389c0b4bf8006499a7543651

SHA512
80f74e3f94313ec897d0cd104e7a6bae96f201d15395f9b02b0abd7e70da0d7e55a0fe6413575506413944712986d6d604e327fc003821cc6c8ca086fe83ae6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

Filesize
420B

MD5
46f95fda964f444dc4ad2f058fe7b696

SHA1
1eed7c0b016936b7abc2e94be8a42abde23baef2

SHA256
aa406a851ad378309a17f42aa5ef94292961e512cc781296482e6e3aa9a8b302

SHA512
9ffded3b07d73fe5148434e9d3ea1d19350f07bcdf1b467aad8e3800991a1cd08045096466dc2dcec932642a4a9c60f02af842a05907b8b0076b0679ccbcac11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
002032ef86b63e0918832b475a2c3e76

SHA1
a2f6e0542b8bd7a9964a082a8c95ec07abb3630e

SHA256
b2e4d29196b60ef492cfb2468cc2aceb91314e33cfcdc3fdca696c23b453f621

SHA512
43dca9f89fe685499717cf6ee5cc5f0a737be929034027907187c0dca272d6427c600f9e87b4cdd1f2c1b6747ce36388f11a8f9cf61f2c62bbb0ee0be6798097

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1d66739615300161e754a3d21e980af5

SHA1
cad612d5ff50c89f3231483af77b07bc4abd1c3b

SHA256
8faa52e6b0333cff13adef878906b69136bf8c00841a28362c4539c60834ae06

SHA512
dea2dc04f51ae94962519bb2766c8f0b08be7879ebf874c74721dfda69fbde8bd9d5b87a65b33a1ebef1c7478d28407daa6190e7875ab425c741768223bdf779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
e099740835187593ca0b78786e810240

SHA1
a3feae7097450d1613c31e8b6bd05be1cf133ed7

SHA256
c5360e67add70949dd0e49ee15a890e71c7354ce168d8166387b20b200357f13

SHA512
cd01792df8a5928932f19e3d76cbe014d902268ae7476ce3ba279f381cf7d6efa6a1d537bcaeb7d141fdbe5489a9a03b9d486cf85ed51158e4734a3f7b46961d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
51KB

MD5
297a175ebc80c25a94f85aebcac83d21

SHA1
03df690e86cfba54989ba62bc7dbce6e3293b3f7

SHA256
56a424a2a5c42cb16dea8f7a27a1b17681eb66d25784d82545db8b9790c2bedc

SHA512
87537d6e87a9368f0809f2efcb8a1ec47451825fffba025bfba18b0b12d9d0c416bea7cca7c811b6dd1522810d6a694578dded0d4f3676225c92388a149d5bae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
20KB

MD5
539edf66442db711e30298f14bdaea66

SHA1
c53554b10e8cb864833334595ca7b0197bc7980b

SHA256
a5d3ed6f18a833435981321f9448442201bb8d58d99e96907233eb1a8af2a4a8

SHA512
a6890e1ae57b191465ea08eb5d98bf360e86c9ea8d9f17512a115590718b5bccb70c3e38c50a8e8d85fc67f89cb257743be33ddf0ad733b05d90a24c77f5c248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
20KB

MD5
d834f8c84ae2caf1d826424ad16580b2

SHA1
abf084cde4603bd2a8a38635c1e4a4dbd189f3ff

SHA256
2afd8b4aada9e0d65d38e52e1ddc128abb12933d2f19449ecc31be9ccf9eed62

SHA512
65e8578b2445a8cd20808e6e228b5ede28c28f979fb042486bc3b7b52ecdbe277b0473907305fdebbc62b9ebb8b4e5540639041b0ce9129b80272b54a8b5a688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
274d45bbbce99eedcddfe05f630f438d

SHA1
08198c88e793ae4fb83f38b334fdb79e91d0df9c

SHA256
81363a33edb1905c0ca7eb64b6701be86c00c571cdc88e319cca0c736d5ebe73

SHA512
b8cd76b549c1cf757f808caeb81206ffd406bfb5fec6eba182afda0729b21f4fc7ba5a4db350d0c118208fd01f3145a6d9a9f2802c99646eebe24141df630941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e742db74940af5339aef36c9db90c4ff

SHA1
8c2020aa2951add8c5632dac4a72007838ccd217

SHA256
aaca83eb7a0204d40811b811803afd7ec19a9567b6bc921aae8ef731709e6133

SHA512
fa0188d9bba1c2b9a9423423f514ae536cad888af4c59ce3794be5c22d34d2f3bc761c31f00f7c8e1d17455b0a70358fad09ebcdddb3ac46d93709a3d3442a56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f4d3591500894a4961b40a87872ef1e9

SHA1
ee846558c9f97b85b8a12fb7b64dbf151f40f7df

SHA256
57121cc83806541ffbcaecb1ee322e6f411ec4015e80d97821765387aa3a0691

SHA512
948239e7ee469f19c0cbd5683c4afc5b1b0d2ace1e1f80ac760245e65af160621fe5cc3b8da30e0ea2628e1a35d3184f18f05cd5705177d0accc72265bd660d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
403d3bdd2d83b321d832e3515137e6a0

SHA1
6f8dcb03109b431bab0e83b889294df16fae7c48

SHA256
89b6d5a7a6622ac4a907680882d5f5c04df1e50e9000175f66a1484878006ccf

SHA512
91f414062b1684f23c10671dcc956ed1b0270ad094117dfaf50f2df2840d8b30d102407566a75c52966e9e1871b3645d3d81f67b0dc9a3316ae9f26ab138a80d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
b48ed90a2c6176c1876bded433bf83c9

SHA1
827df90a26ea439a54d06b2b1f0a39479b98c481

SHA256
d1f6b15c2a7d289a58306fd12de7ea62a7a72fca20e62fb277af917080b087f2

SHA512
271dc0ea39d577d6f4bad729de1e9102ee66a597cd6000a2339edec926f78fbcfb9f4ac904ac8e074b0fa976a07ac952e282fc17bf1e3a60892e91e8fd7c6f93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
c5e2c3c68f3b7d6a9bd2daf7164764a1

SHA1
2ac22c24cdf322cacade466401967fc4027b944e

SHA256
b9f96e162d8901ebe2a425aa8d1df24337dddf9c20201949096925d7e473fffc

SHA512
f3095699a546e4e929e18a74900a1f55031ac60aefef6a672bab1e87dede42134d190fc836373d7b66da28cc47f6edef23e8048f30999e9252fe0f7875fa1369

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
8d85f8feb62aab6bb65503deaf36f684

SHA1
0f83dba9bbd961d494c714f26c465bef1d10ae5d

SHA256
fbc4424099e3722875b21cd9133c382efcfaaa88795542cbace36460a5d4433b

SHA512
d012584f8134b6e6a48443f08b9b0ba08a1a3536d05049b4fbdc78be6674a1cad6af5274dceb766548a10c558c482971f5c27e9a71e92578e220b2a379f63926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
87246c9ac6fd6818909b37e127648f15

SHA1
ff019893e3e57b30be7f468d246c1fb254525ab7

SHA256
2045e4b4661fd880b7c60cf56d8ac6e3128311c907a912101e9b632f1306e937

SHA512
366aca299a878953ca2707c78f202c9ac95a9f66f045ca41b1e336822ce70a126360324fefa67b36edaf82bc5f491a1e222ad42db479a87c6242625b2ff9160c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
8e3b89429d860440bd9d2ffa84410b3c

SHA1
960d3e4d1c3aca2917c7fa4a755310e3676814e7

SHA256
19b22fbfbc1e709de4939ff9a8de6ed3bc994407226c16e861db27f0a379e23a

SHA512
a28ce4a26d136de1e23c839b13c29f6c6f39a8ed4ae899d69c4440ff19ce07d456fcfb4e6c29daec6a461d21608d8d6d8716cfae3187691cc595e9d2c718e28d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e9dc5b2a0eadf967abd5b08d53e9a31d

SHA1
c90ed02f43046fc9e4c1d9090269ff3928b351b6

SHA256
16e65d11251bb71dce6e08fb336547042454c2241534aed107a8528aa205ba37

SHA512
7d0291a62bc3969ed357d2fd9d3d34ffea8d8e8be9844775af5d407e4455cf5bd5dbf83b9e4118e65b96fc623bbb93e3473f12cc025276d1c87e732926692d0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
40c545e4664bdc0814a5ecd136a7253d

SHA1
9a8a4234c9e12e02326f8d8fa88d2ae576ff291f

SHA256
c2c501e11096a58dec5b5ac9908bd2e081f8f65b0d59f216b4ce25c2d94175c0

SHA512
327e04e2b85470b5eed43d889b2615bad74d45ad79525967c07c9fdbb8fc0e70ed3d35a674681f58496d9313d1eb85b59f01131736bc6663e992d9c5dbe0c55a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b86f836f8272169570cb444c9f5173dc

SHA1
8103eb45b282ea72a690c681a7b6f6dbf8fe6794

SHA256
9b39c70041be5e86fc87a3ad5ce1161923d340ba4328ef16ea67aee9eef2d1ca

SHA512
d1c68baf515bb4537ce068fed2f32c1816872d285514890e5a455a046480f5e83e6f32ef080107bad804bad0d04808eae177463a1c47a9c675e0d813ecdf2265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
52828c59d0621c62a21e78aa26c5f64f

SHA1
d1de22fa0705ec9460b90bc1a2e04d5a45537efe

SHA256
b7da54b9211b4c10c3ae5df9a23b778c2556b876aae2c12415fe8012561372e3

SHA512
7d2bc116acdcc160842bb6a714e4c041ae97b20c7cdd62264ea6c17e9e644757c504b1f3f5b37d3600566fda763ada13533ec90e0d2088dbf531c69d33a13cb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9be5a42f03d5457243abc6b1733022d6

SHA1
50f1fe7b9d5e5d4a78ba5b1a7f2299d32ad80b1a

SHA256
638c0d17d0f565ae8c65648425828c66bf4755b48159f919cdf985d4e3665f4a

SHA512
c19442d086a7e6ace6a08e120f53a165afca522a2f74e90f683ff35fde4f8c11c5852b8b3a790644d220333cf1e1f2433d67b22403d70b885ccb9c438f6b9378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4fe4cb011d477385de8c685677e164f0

SHA1
719f016dd692f03a48398fa58c44cb8a663474f3

SHA256
d5ad7ee51aae772d73c105d75f93324582c6be63843fb3d04bf8eacc78e2414a

SHA512
7f18455ef1fe432c1a21cbb4e53ed93817d07d27c6125f6e3e60173bcedaeb703492329bd9c329cd57922498f1cc4f4129ee79f7373550cabcdca3d2bfb75dbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
967bf83644e265991ae283c10fe082f0

SHA1
d1a6fce3f62eda7296abda341e3fde872f4e13ef

SHA256
268d7c715a0f049f208459e144fea33308271866fbe1d0a9d358a9bdbd1c7008

SHA512
d33eae4d91cadb94f05fd27eec0cfc6dfc3e16fbf94ef9aeb0f0a1379a385c777cf05499b2125378fb3e9cdab3242d6289fe9e0abda7b15523a22fb4b102f715

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
81e0e7c33f9adfb02acbada5131775af

SHA1
a628795340e549474fe70875615d8f21db443b2e

SHA256
865e694e607c8ee7e4558106b750fe7bc14bb8f29c4a277356714e50f4dd1956

SHA512
e55f84223b3840925571c8feba8b69e87d5e771a234a57ee8f4f4fbd43a860b9c22c3fb41b9fb8c7404ece5ef28ea34764323c43d5ea987068e8a4fe47ea0d6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cd4ad5e1b7c3fc1b0fe9448ca82c5e93

SHA1
3d300270e0f065bdd20d9048e82ba33d0e6c8d9c

SHA256
58324175fd6caa0a37fb6007eb68f8ec1029dd017bf10c53d05fb457445f20a8

SHA512
60cb6ff226dcb15129c4220b85e0fe38ccdcebb7d2a070f9499eea1a637854963511ff5ee03c8427428b061ba39b7a13f5628d6ba43936e15cb42418f5bfe0a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
59a35ef544e4f672eb71c92c26425d5a

SHA1
95b5cbb0d993a35dcc1d2995f9127deb621d3db0

SHA256
d6459ec7881e7eaacbb32b1a2aebfccd750350076d6a34de9e5fb14494aed618

SHA512
e7193e6406cb2405b368936b54c10ec80ca16e609034d47a34917711e31f7dd83d711290521ee0b25126855b34f1b62efcffdcf7f1e332c9bf73e7636f107cf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4dcb539cf97237d0f5ca4507d5df708a

SHA1
d356473e4b240724db1511e60c897bafda816257

SHA256
3f6eaf2ee1afffd74aff14f3fe395522071ab066722fef6bc8dc379b767cd945

SHA512
8df3cf81ed92260618faf96ccb905b7d264291385415f96461dbddd7b16e14ec3f9ee36bed8130c823ac16aabec0aa349309dfef8b6c469c785c1884cdf3a1f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7bc7fbd1264c667642b7a85351cffdf0

SHA1
0a058e1d681dd752defe229b25aeb970bb17c671

SHA256
0b53d5fd42dbd351ae1de4a468dcbf7197c178ad5ac62a5c4d00072d294141c3

SHA512
0c902e9057c5ef6b6281574a87ac4701426a816d7656883991e7904759ffd594393966f3879d937373871c02964ca0072d139a7d04de249e006ee15636a3c56b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d69da28b063af7d197615079b57339c

SHA1
48ea984267e5c307035cb07768c8ed892be68046

SHA256
4894af125fb8544bdeba9a19804ddd83b3df27e3ec0c76578f65ad2e13d10232

SHA512
cddeb80547a94eb62ce6adda9f8e3fa1af017d0721e85339575918220bd933ef8e579f7ae84a523eb817ab9a26bb372a85e26855923c454d5a5df3115cd0371d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9f728805f2e3afecf6c8d41350449a66

SHA1
91565ecc643a4498932f351b3fde9f441e6f137e

SHA256
1f0f6da5014026aa5e1550a95b7d87ef859fa28a3c499d406a1d50d1b06408c7

SHA512
7fd60d8da56812da650347124268d3535e100822e3817b8c1314ee10cd6cf64a04f8dacab9b7552afe370bd719cc87275d99bcdabdcb4a42a4a4f97f8a98d320

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
31bb7e028d303a18435c427dd2eed2ad

SHA1
200769d7e9a420bf840030649e17666b03f8bf58

SHA256
6f2c3b590d3d31c2d5f9e86d855886dfc2f5a1d154c584ca91125f2d278e150d

SHA512
f434fcf25d267547357188b45095f241c84e1038e0671a8fa1c0e14b056f24938f274566f5106f8f95bc749fba64cf453af90847b91bf07348a78ff2879f009b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
af1e03037575478cd2de807d3d33abe3

SHA1
ca6916677ba85231bcead709d960f94ac3dbea19

SHA256
54b5a51e37391424d8c058eaeeecac7274db08f255f92d1da3a4344d735c6895

SHA512
91ec0392a137845fd34b9ed0e1be9b14592155d8c84f24a6356ba617e3ba7618b2dfa823d7f81c31056663b14efe89022dfbf32b749386c2cbf0df962a024575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
383bb93e517f288b4df2103425d0fa8e

SHA1
fe77a766c1ee195507025769a8215f7a5e9bb7f9

SHA256
46a143f66cc5863a7820e617b5265d7f51ad1919ae4330ccde835ca98aa1efff

SHA512
b6b1b00abcf1f6a4a50b274bff5fd891f2a77812da8af2ebc756c342c906b21acdadb32e8215d0f6f503458242c9eff2ffa218eb2fe599b78ac872ee6d01966c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f38d345570adbb787311b6cd95580359

SHA1
bb15c62cfbc297df476051230caf8f86d23b7144

SHA256
ea6b08d010a26a664928dc3b95703394a92a5112efef7331ddc06184b28bb971

SHA512
b22c8f5f53818af22b49b740b3b59cceb9dbf3c809b1fcb74a07d4515b04ddc268d6411c7dc2583c3553f13f94e568bd1291de2bf232f68d2a453937eee85a28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a90219f34a1a443ba355514207189190

SHA1
06c388120859fbd2f472ed931a9ffb6204180df2

SHA256
b24ac544ca431fa71bff63d90f6df1bd50204c3a437f3c6feda651579755e1e6

SHA512
d928ba11960313846aaa5a72d5997571449d7881f56d16b65b75972797a73fa81a696ea39719c0c199eb112ab955309cdb494510c97a0489eb17aba718e18587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
56b021c36e0f5e275c5f4ef040f248be

SHA1
66f12ff4f4b1f213cbd9b278cd40f72466fe48f1

SHA256
af5337040cf24946bc231f28e3931a37cfd23f9d4089eec0aa8bde596d98f2ec

SHA512
bf369e0ab28565a0f82ad53c6159c11bbf476d97122c859a7e16c4cc0be2514ab26c6e455d160fef6c1ad53e2d11b131da434e6cac398bb8c0e390671a9b160b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
126750968948fafa65c6311516d45835

SHA1
9b461a81e8fbbd51da7a2fe3364b4ac2842ac53d

SHA256
4410a628c0a4b6e4bcaead1aa891ebe2b10881b4c5959e78dd9e2536bb76e3a1

SHA512
63cd42dcffed6c3fd39d56823a496b27f3004bafe32f263cf5d4ee59c46c1a96da8b2dafcd3030c7ab16013f02b84943a54c9e7c4b7df7b467e983587262c869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b014f4c566ae2e5a54a247bbbf129b58

SHA1
46e895eefc129fce1a614c75e8ae4b00a6cc88c9

SHA256
8149563055b657d1914bfe0ce0369c22a215b8c6b8dcb4bb64f465f4d41160fb

SHA512
606ac6ddcb519a11fbbd0320ded48798d4e5e2b43b4f84c8f3e7bba7e86bdcbe4e5312439b923bd1a6ae67eba9e70259c6beef8387f469313eefea491871216c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
93d0a2fc33560e3ff1b5fbbb5b7e3fbd

SHA1
a99ebf3d0c6a0fbc3c20adbfaf9e12f21c078e97

SHA256
6d8286e0c88985048099d57a8066459403a14f14c8ffbf366b7be44f28954d86

SHA512
26333d14593459761c3ddff6c4c0355bbe4c0762980351e8a58dd69de54f8eab5e57c019d1d314dca28cfc91184f8305e32ad42d5c3d5a956068e99f9402e965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a705633befb132dc6619ff87dd079417

SHA1
cd4b38339ef907a66e3969451d0e82ee85e3d867

SHA256
ca0febe77d9d155d88b5588f8cf68871dc36c592c9d1ab9816eab33d4e49d4a1

SHA512
57386e19648f20884e936cf86b7aacac285ec2bad38c6297daf1dd625a0742aa924058177f0b0a9cb79e457a4b8cca9aef4cd23e2831dd90009d81bfb790a3a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a9340788e3705142f07764f9d865353b

SHA1
1132ab8ea5acf1f14f3342fb3e03d7f38fe57e17

SHA256
8a4a2b5f93c2632a2d5b8adf836cc64ffc1e2aa3786a43ed42a49da0ff89c546

SHA512
036dc18274e1fbc43741486b34da776e428a46082eac42f3b3b4830e5bd497807890a2c508b1b97c7249c7e9438656dfa468bf0949969b12145ac69118408b54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
67b914d31e30b8458b6166ef1c5f9635

SHA1
5ad7903dc904b27794faa221e5e8f533419cd0d0

SHA256
21f9127b466ba24b36ced569f13fad2a080abf4c611059535506874a1c823cd9

SHA512
ad48714a8595b626c7d1fed0dfae7f95506ad78f98fa749083ce01792ddc9f38f7709b500aee510cedf0a915130dc107ea8c5e892a7509cc2cbae2c0ec7e4fdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
65c0304007ac5ec90e236e49a85d1678

SHA1
c4dad187718c553a443fd5bd0900376ad6038875

SHA256
3d4c2dfb24fb90cb37b6871e0a803a7083cbd1464891448edf9f94defaf4dcd9

SHA512
a7a9a1156aebfcc08e3487262ba27656ad7c84cd50c5950bf4e10646426d3c60433fb77dfd5772f44c5b74e8c34abc0ea60521c33a7b853db981af2ccb8877b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
576a7082487361c8b1457d4ed55894da

SHA1
6da16ffa50ef8170d1d5b1c5e951993234ea8a63

SHA256
67bb9b6a9e58848106195030ba36b181d9c2b5a95463455799cb1b9332f14117

SHA512
c65f9d5cd567893902d863ed9ebd59589d0a5face6b54c06611ce314860e8cf1f3eb8a20c4d1b6c293f0b5276e5d28ced5f92c5ce03cc4f13e0c1d60b0910d5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
207438de64c6d4207fbe85677da49608

SHA1
be86670079601c69354d9246292ad8353d7383fb

SHA256
4f31561cfb4fd4b8173290fd9fb478c70226e0b2a23d51e295c5a2dfbf35354c

SHA512
6d621bd338ac50c42f6617edb9eddb5591648a427abf3a6d6091b2b7bd48cbabd3e51d4cd7cd3730a0c5371c5e9d1033106bf9ec5e884ba9038df8a2c8affac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
94f17c0c816a10936b9cc6196daa05e5

SHA1
a70dbd2672f9774753bdc88fe1c215cc36364cb5

SHA256
68347665e0579a12ff1753d86dd1d2c0aa9e56edb3e53d7f65bba6199699fd7a

SHA512
41bbc22ffc70f89942e1f81aecc7a5e9f69c95395295218571956b71f0c68a235ae27016a6f70d368580792ec8e47959243803f22953e4db2b967955a87a492e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e9e0c244e80360c7ffec241e856db429

SHA1
b3433b737fcec87b4ce47c1c26fc2ba978553909

SHA256
458220452024dea4e649626d1c7ba93685eae59d6ff949c6ac918bdea220f072

SHA512
9429290b2bafbabf043146160453d57e39ebcefcfd2b39c098a79b6feb97965f6bb94c4b114051429218bc9a98f40e98ab8cb46570989efee310f17a59368b46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
69b1b8a246f43ac57d32c619c1718e79

SHA1
3d6ac11b26ce2cae77ce6c039cbb5ca24aec50f6

SHA256
cc3bf735e71469a2e499a7983c03df6dd1cb18079767df5c68fd72ab024c52e3

SHA512
4434ea33399c19651141db5ef3ce03659e5cd6575456de22528b4e57837822d0395de49f3bc9fc58124a6509709ae269885a40c59f7bc90214d70f4ba7755637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
8de2fb6bf2b900bee6108eab3278f217

SHA1
117002aee119a98c363979d343e9345846071d9a

SHA256
299516388cd4e9f2844221190ee18bc352b0372383c09510c3adf9bda93ac053

SHA512
f542a496ff93da871fd0e2b030405e81bfa8ea6fdabae820c238d35ce25d00bc5288a9089e0ce178f13a6cb3efbdd895d27359ddc2e1f07622c23f5b662d0b20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
c04b8af84a44fe250eae4cf55eabf916

SHA1
54218b18abb76ea2c9682eec670ca6da511b3ec8

SHA256
e756a536645e472457b8a9eb744b04f8ad11ec465ccba729e43b473a4b8da1ee

SHA512
6a3e7dfc04af6fcc1481c241dca023c7e54a9ee6c4840fae22995afc75072d35eb8a6a14a6473d6cdb758fb3365a8288798ea7ce5cb43da5021676106e39b442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
09f152ecb03ea4960cdff61607909a93

SHA1
3760583b5f7d380e18824a4077204090aab73e40

SHA256
4772cd0f19cf88b080f60f688d1e4db3d97fcdb7bbb1d4277af6c4688c80dc78

SHA512
d84f01841ba8a4b5f8717c9b9ffcf615834dd0499570fae9869e44f246ca0709f095274195804d224005c28e94d9922d92b3f8dce68f6bf008628590df4e47fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
29a0d8e27510531ed5220c342cd250a6

SHA1
e1d6b1c7c2ddadd2c377b32edce28594cdb6365d

SHA256
95fa8e6fd9563b2d926d0e025d7ae5f57f7a6f12d10def195b3fccd73f6dd61d

SHA512
c9182e5870ad8b5a40284b9d6b3c774706158adabc9483d54a3e7a172e8fdab4b9d2c40b4ab6d0e3f49721273b0b8c11ce1d6126999af9d9123de7cf660595da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
f440378b032acb1449e78525429064df

SHA1
79f4acb4d5c4e003669cdec74d90c5761873439b

SHA256
e3aa43474ec669a0f105adcdd6788c1f65dd00ce7c6db0406fd535c6ed69fb8d

SHA512
41cf936a8957814acc43e2bfc2a6f00166d9109238747df8110b00778a935769be54e068aa119f501c1edd9ca09f4adacbb1a184dfee5c60ab7c300ed5b7020e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
110KB

MD5
47df01ed43482f937f55ac1ded8d335e

SHA1
96bad0dfabfc1df646e71733dcc02ce22824ee41

SHA256
98347e5e6d0a55ff8b10e686a96a1fb40dacdda50fdd0b77bbe4d1be21785587

SHA512
031df2bd2b37efe98962e6e3a7af53dd3c74a76d456028f19379c235472deac8ed2dde74e934b4f2a3f5482d9b5553f59cb8af514c491b62a27647134ad0a393

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
110KB

MD5
8a45feb31d717091874399dfd49cc592

SHA1
596f9e08516dace40a0c63dd7376470230f734a6

SHA256
5f908c2c17d55bac48a6f1339599a4ff1e208a0a16be3c726ff39ae062fe584e

SHA512
7dc952355b431d6ec18c580655a192c284ed34a17452dd64b928e5a4cbb3a2617bca38b3c45bda6fc0d7f67d8c7b7b144c7c17e682fd4fad36f13400ac1a8bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
110KB

MD5
36328697cd9a3cbd8204c717c6b1d582

SHA1
e0a82936d184bbf2fa2131bb36aa613fbc54b191

SHA256
7bb9721e8feab7062f97a391220a1eeb830eb06e857e011da68bdeefd382de79

SHA512
7743fc32ce65f6f4ce93bfec0f280758d3a45d66b447b67f76308d92a2eaaaf44b4d365928ff89beb2499e0d93aeab98a71f5866a6649093e40a4dbea1ceaf95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
9f919cbde880463eff6d8ed9b81bd38b

SHA1
c62242a93f2bed5b7e8c6a57e0d1e357bba3dc92

SHA256
96ca4b3c731b33e88141cdf94f05e05ab07c003ca198ccc319ec5abf268b9ee3

SHA512
2eefb210168b225660dd70cdce03f0212972d8c29bf32f4ad51bd5b7388b3510d2c73a50f862a83ad59b88f1e94736cadf58292e42df7edfef5f6258d399a697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
fb8fa8c8d1de5a2b7a29f9022df4b037

SHA1
1331dafa609e43f43ec7dd47b2e45a5bf2ee562b

SHA256
cb49a423e0666b0bdb6b48993cdf868873c2211571fde0112ee8f02b050e6d4f

SHA512
39d77f69ab9f5be6990ac47a06287e07976d0f0785089d918088c351b49a88b1eed7fb13f341dc588d98df5827e959bb05002b6b0ad52a3b3fc9c5efa98963f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

Filesize
20KB

MD5
c0b626ec7eac8d2e3d5dc5e3e2844c47

SHA1
54e48ab741163333a3036749e15d7c585406c92e

SHA256
050291b950efbc747f04a20cd019f087d5d27a1229a3ff369655a34994b4ab6a

SHA512
e72eb8861fae6a28de9901738d41dc70eab994b676bdb26d2ffa20a4af5b22ae12db73c8c4411bb02ebdab5493ffded522ff2825f626067d42c4c5f7591bc90f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8115549491cca16e7bfdfec9db7f89a

SHA1
d1eb5c8263cbe146cd88953bb9886c3aeb262742

SHA256
dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e

SHA512
851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e2612636cf368bc811fdc8db09e037d

SHA1
d69e34379f97e35083f4c4ea1249e6f1a5f51d56

SHA256
2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9

SHA512
b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\92abbb18-bcf7-443b-9765-df837712458e.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
27KB

MD5
638a4990025383a0f83ebf29bdb84a68

SHA1
153e8818dc42f598e47fde8cf398f1447649a4d0

SHA256
878e34b89800bb271d3588e526eb3598eb3822e263f3bdaf53645847d39d0ad6

SHA512
59a505fa1a3bea1511e8fed16dced733299928b4081665d3e3fa4fc71d6f0ed0b09934805f442bf190c9093937e1494ac938167f9beaca0223243703f73efe87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
16KB

MD5
61e4576e6aa91cd435fe92f085fb0a3c

SHA1
fa21a6bad3a461c8f0e27b75913c8f1cbe0b2b62

SHA256
78d8aca4e50e6ba58890b68f8c3d6e562ff0b16516a0c3df56be18b69dca6aa9

SHA512
b250c2940f7ca24b763bfcd4d39d0022d6441bad54c415b9848ef949f8871f219289f044301de03313bf8cfa53bb2797c5590acc1b32889b0641f7a13b710bfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
903KB

MD5
15df92d2d972684d54b42e620a127be3

SHA1
ccd847f372b2d317a376a4452ee9462f3632807d

SHA256
0fe4a4e46f5a6aaa7239e61d04c7c3c465bc273c8cfaf850cb427339f559f4d0

SHA512
8308a1b3aa56871a8a738a00886fa5cd771a2e1fa597dc682cf27eedc8007a3b9473fccb00abad23b86c717287ade22d12aa54e624a7220af0704babf694524e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
86KB

MD5
236f5342ebc772aa156930e1b898835b

SHA1
6a5361c43fcf37f754188d310b7452db7e18a327

SHA256
7e6bb0abe211d7c136316f01ff4e0ebf9e3f63b128323f23c80290bfc2dd6d7c

SHA512
1f1275f6d5625117b7b7230cf8ef79c409bb36b2b405b1d3d1ff35f8cd2235b1c6b1e26ea599024dde9748d39f482b7d289ec90166ff92a42f642f12453e73f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
25KB

MD5
6c9f24607a85011c8fa145f30be632ad

SHA1
8f130cec0d0a6579fe8d398bc7e62451e7badda0

SHA256
7d5a1d5cc0ff324a2faa264a6d1a40115aa945a8d7c71808108da456125dc784

SHA512
79ef710010892897b208f4b4c61c043523454ae3bc9a765057ddf0b8e9f702d4a6ee1c13317b1fdf95caeda2b9d9fd182140614eb409b5fc72cbffc6c723b48b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
51KB

MD5
d75383a91311f1f9ce34073fa6a0d1b9

SHA1
2568432f875bfbad37d01fa9ce5d63348ea2bb20

SHA256
4cc4df290c3718664cc75f884583c891acc3a278832507df469e6eada61f0031

SHA512
4df83b2f9d6423021053f11d4850098bda4dbdfa7d2cd2b17cc0026fe8c164238003b5d2502b57921410174ff0d12d8bf9d861f3bf5303169987eb27b5bf0d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
61KB

MD5
a20832825be2cfbcf22354bb0f4f545a

SHA1
7bd5eb70db536d973463b615811a250fe1319401

SHA256
2dc933844aae76925e609e5d1a842e710a4f2f1a07b0bf01dc502a443623d614

SHA512
9b8e9cb9ead47b536dcaa3ca265cbc955d4f37b70cfdbf87ea6103f7b480730243ac3b8ee4f14f834451bcfac369582c637b5a862964b4eae8e65665865db5be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
36KB

MD5
1e9745d57ae6cf05818224aefab48371

SHA1
af8f20ceb36d23d5ca149e8738fbab671fbc74c2

SHA256
5d401e3960c05537a1b5ad574c2739258ce34b3d1c82dbfd249d7567e5c4d027

SHA512
a82b5458938a272e56e8eb15197a4b3b1046f02a30becfeb7c61cdb122831a816753ddcb22d8a849efe3b098337252dd8ca77c693fbe3463c310a6f64f1d68f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
38KB

MD5
56885b21ce007128b9dd3d5848a9bafe

SHA1
c7c0008e6d0215c459743764b78b787245c75860

SHA256
1923e18f21b26b519b303649d6bfdef15a08efd0e3b718e71ccf1a36359ca9e7

SHA512
f1945824c0dec49b608eebfbddfa31d00cf4e2c89cc0f4e1c9e8240d02044e58adb87c9856b61854cb81c16e4a5ff4063a583b8406afb19b2cb53e92eb98ff1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
142KB

MD5
45c725c3fb75727e147641393ff6a520

SHA1
80fa75da8c440fecbfbc00d4e891fbadf33e6fa8

SHA256
0f6bd1f2972bd5ab706856b06f4fe324550ebae6de91f4110e11da0578724b21

SHA512
4ca35774d643b115b885fc308007a1752e1e3fd8df1472c71d6eabfe327138b8c0f36a4331c05aafa5e9343b5fcec0a6314b5f570518db8a0a94c0ab6ff57638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
73KB

MD5
38d99b8e2baf9d312b9b34df5abf12e7

SHA1
1752be0554d23a9c5711ac8b7e6a3c5e798a85cb

SHA256
e1f9d950771bcd628e0d8aab827d66f03a17db10bfcdc88a0e251d167b762637

SHA512
641961703aa8627183bbdf783ca8eab2c58551af48a8f715b02cd9f70ed726bf49ea3bd2d900ccccc02aa5219e7aba30f2ca0f7c5c0912f053098db68f96c18c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
98KB

MD5
0d045011c7df219475b8660aeb05ff0d

SHA1
d01e4abd504db6405773bccd47ed2e77e99946c3

SHA256
6cfaa3e77ebc59122dd97174d2c613e6be2e6efdb474b75bcb367a6c5d39db28

SHA512
ae0f1276802473aa74b6cae6fa7900d6de62b60b6306f5e197664011718621cbe2ff2bf4902732290f4a15100b85b78c36c0e5cfd7a039aff8de36957303f18c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
26KB

MD5
97a3bed6457d042c94c28ed74ec2d887

SHA1
02ce7a6171fb1261fde13a8c7cbb58992e9d5299

SHA256
ae56cf83207570afbb8a6ab7cbc4128b37f859cb6f55661e69e97a3314c02f67

SHA512
6c8cf955ec73ad9d97bbb36c7ce723bfa58c9aef849aa775ee64ce15afa70afb40e8cd45989dadec420d2e8edda9ec0f05cc76a0602df0b6c4e5d45de0f4ce7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
50KB

MD5
cd2f3074326840d55a3c3ea1e99e83fe

SHA1
3a2e1d1a93506526ae3ed2b44d584af7771ff8d0

SHA256
9ec9f50ac6a5dfdf7ace0a047ab4e86a7f8ff297030f93f9b8b4e27c57fdaa51

SHA512
0685f7e50451e87f8d7d47f3373d653f7d6163ffa8ccd143a85b179d2c5c51cf494e8b5f7e561436c35bfb8ffb9304f0c49962a8bf7065830f0cc95281f4ae6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
28KB

MD5
49fdcc607fb80ec3e984f62a9db2085f

SHA1
34f806addfa7537ea2a1a715d2ea9de0c5193127

SHA256
fb94084557eafb5b19d6cb75161c3f8d5d3b737dea7741ae6b7c08826c1682aa

SHA512
41d9279f38ee05f469f6fda8fa80377e31c1c9bce590b0c1ba456432bd2db8126d904016634f1810360f908a0089cfe6b102a43b3dc09f835d3ddd26999ba463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\08b2db8606665a17_0

Filesize
264B

MD5
f20b84bed98544880f06b3bcccd4ef3a

SHA1
c38698deae282d989395aad3a0af530a3d6ecdc1

SHA256
0d66ecf4d1c4d588bf855b89edc03e9465fc2f254d8142afad1957665f5bd0e3

SHA512
65ed35f605c6eac1a8c7bb4ed6e97e5b493365e248a4a15f953aa01d1b2f9f2a23809641253a3ed4ed443dc9707c1254f9fede0b3e4d690852f26fad4acfc9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\18fa68b32e738ffb_0

Filesize
27KB

MD5
cc813e6c3511c342d2e915bd4f3dde57

SHA1
a1225ebc6d7b52d0646700436701f0904c9cb25b

SHA256
345ac039f30b9fa5fd4d0fafff1a06114e3f2ff725563947ddb021e6ea8166fe

SHA512
c8c0b6c5d70e8c84ee1e957efa00f43004be6f0ff15e72eec0d01c9137338c11cda83e87e885e98dc59ef5596ea08d0ea8d4b3465ed2e2e1d986ac86acfb4f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\20f6605f61b200b8_0

Filesize
303B

MD5
f1327778423a02fd7aeb7aa6adb701ad

SHA1
a4a18dd8dcef93979ca98f94049285ef249c9965

SHA256
0868a3dc62c188e27c123da1fbe6304709800edf68ec39ae0b62c9f79a7915ee

SHA512
18d9de77956807d050d06ba949eb0b4422fda270c37055037fc802d47df9fca88eb8cb19c8deb41083c38bfc7276add1743a2d612f1c9795012691fac1c20547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\24b1625614db4525_0

Filesize
447KB

MD5
7781b055bb248b898e02623455edef2b

SHA1
bbf767d72f411468f49315a157fe9e518b9f5dd2

SHA256
6dc3169b0b12556ab785a0e10b975a041503e8fcd1fa09a99953ba5dcae538bd

SHA512
62ca74f9c8bf6bfd1af10304978a26522dbc197013d40435ff14651d4087825d5d0e54d9e0ffd2503bb5ba0ada5c5164e92ad6e9e0d573b762ea828ccfe5130c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3e986d609ad22b96_0

Filesize
252B

MD5
3958dfddaf022fe10d768693651d40ce

SHA1
4397d4eaf3713b4dbd012e75b986a760f6ee7b7f

SHA256
1ac6dac1d27051f01132d58ca74e8ed6f4f9a4adac6bb2c7b993f62ae6d597dc

SHA512
de488f8bb60b628a678a1ffa6a725938a83e945bfc691a1d606b93980e9c3dbdefdc8c95932dcfc2c47cbd27a155c1f8cfd593aee382fc2725ec15e48bd02d4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45c86861b03bb76f_0

Filesize
222KB

MD5
4d3994f87711ebe0c76997be8bfc1e28

SHA1
178adc5ef403ab98239686a17e09d5a1b59af6a4

SHA256
4d32e755642226db95fc1847befc6c0b7c6064004837e5cc2b9cb8ae752e6044

SHA512
d8b826e4ca94f6e42e77126e921c8740e1dfd4e71dc827c1dc3d85c256b8b10a4fdd694e6421606bd9c373526b24a8173e7126e38db19b0fc8dfe4578eab4e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ac86d127ef9d042_0

Filesize
19KB

MD5
3a08dd11cfc84945664b6a3d0c4ba742

SHA1
aaa1559715b841b69b15c649dbcd37ccfbfd108e

SHA256
77be561980c0c301f3f38596473bd18e8ca15f2ada75250c55bc00d39b41c333

SHA512
0fb1815159f67a334a6032e4d943052ffa8855521e26118b875c8302a9679e3a57e5d21dbc457e0ac8d546cc9e411214a796cb0e846287b7ee5c0f4f81d5af4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a9f79e96838e0e5_0

Filesize
119KB

MD5
e1df597b61d6eb6f1e704abfbe031297

SHA1
ffb8a3a9b2617f995c0d5ab9dec1e483855fdcee

SHA256
ceab617028ab4daf4d131286ea2417c8c1ca64c7fd00df342e96defd8771881e

SHA512
314cad800903c0ccdc006ecfa3e39fd6e4cebc5a86e5c15671e2e90aebc04890446eb31e45357749bcd23af10b6f650f602476f00ecda83362675f470675972c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\95db8cab64bb2cbe_0

Filesize
76KB

MD5
da392b48050b420f7b083c47558065dc

SHA1
12282f94a43d4b1f182a57dbd479538c93ab13df

SHA256
991ca674ff285cb987f62dfafef9899d890e972aa9d4a430f49ae8dd184fc822

SHA512
a771346fe58f218749ded4083889de24e3d48b30e7d9aef7666301d649d59fa259362fe678947aa63f3176ec95859f3902bd09738b9bcffbbd43bf505efa7c01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b4be24df3006372f_0

Filesize
386B

MD5
f433608c1920c938abece3e50d20a097

SHA1
4eba71b6d99647e58d4108873737121a8f93441a

SHA256
b3ffcfbdf65593c0dfcebe964b2c0d9f60882ea02e327a447c7dcab592e48704

SHA512
0849ac0401ca8be247d3bf3dec66bf4b10b3ca523c70cc8539ce19ed4a7d243c2174aeaef217be9f8cb1f7eeafc205f238184702db8b5daf0fc669d3a17229bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b612736f017fcce4_0

Filesize
283B

MD5
94233340899afe84dc72f4f5c6b6ad6d

SHA1
eb863d8f4d63009339ae6dc07ab0f6446ae3e7ee

SHA256
cf0c217cc1b8e38d1cf8bad3207c6d01fa4735c4b189637fe75e17f270d91e2d

SHA512
eb98d871fbf0239fc968efbe4e87b759fed69d37a04b71fea4547979c355154513b8c435a49a47d1689db6562c8dd9d5a1fc86326aac9d3a48e895c9500afd25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d07cf9c319d2e32c_0

Filesize
439KB

MD5
4d005cce311845bb4c739c14281c25fc

SHA1
de26f7280fb991130ccbc4bbb2c189b086a22950

SHA256
431497731ad20ffdfdc65cb9a2f6a64685579c351ce4e0826d37be3514a40676

SHA512
f782b56bebfe4e469a2275a4e2548bd852257165e7ed204eb873e771138abca2bb6f379bdb1a3e4c5f9a96db338b5c05cf9d344f3fbd7b4ae3c980d9c245bd7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e99d82effb9a0cd1_0

Filesize
265B

MD5
d9912702e39e39da58f541048a10f2de

SHA1
2e139279366217850de7e57c9f7f09bc690d2d03

SHA256
0b588c92d0b94238514ce0437a559f456afff3dc65ff1e7ffc02c299747f98b6

SHA512
c85a52c5e45b38d749bb96d69eb4ddfd642dd9983f39121ce0bd48c6e342d5ecae38f921439158df2f2123d68ff7138e71c9d4f6d4cc27f7d127792be53921bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eb4bb671dded4061_0

Filesize
261KB

MD5
de08e8d8950f189c7d163b946dba273d

SHA1
f5963ac816ec4cf80f3b563e16311076966491c0

SHA256
c5ce5f384baa1601c7bcba138270c9ec125405da43bdacea1bcf914a5536f53f

SHA512
441c571b6f2bc29313672f0637b732e27ab0d2f723cd69845ae9471430db1121138f12d76185c0ba184ca816d7acf015c4597ae5cfebfe9d3d21bafc7248fccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
355c9ac63169b950ae8a3d6e1827a94b

SHA1
2f0254112907f9b015c1ff0d40fa1522ec862452

SHA256
96c919a756973a02d431193484eb98017ad420a1b1e7b2abac6f836602af01c3

SHA512
c6455f193d4a2f5b6e0b50bdaf24c97d9d5ebadc4bb20e3cb367f2c38b2e4d4356e31dfc23bb9659da610e5805c79947648e6192519f513bc5d69e214ab90eaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
9aef84ec885b40248324191f2e3d2f2b

SHA1
b6c081886ebf19c6936e954abae5479478def1f8

SHA256
82206775fd670183670b4dbcdbee6a30c6b9f1768461753020168796bd0d9563

SHA512
c1f9ce3070d6bdbb002131027a45883b3c09aee51798b03fe94f051ac80427006b3bf1069649d73c5d46f7e3ec7a068e419acea31d2f6022f39d13a791e0fc07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
eec879a5ac3f2373210c695357d0ca31

SHA1
084528bcc3143b81c4a187e15ade546689b49644

SHA256
a90852f924b05d71ff24fc10ad3a34cacaf97c29fac773a0b9a15bfdaa000840

SHA512
d91b2853232143eac15f326fa44e80b2e0a5be904c027bc2b4bd7d5f831f3e1a92dabeb8036b28b619208d6300da9c7b8fc08e0ccf0da2cf54949ab0ae37c9e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
49c7df0762865c786e96760a88c809cf

SHA1
53fb8df97deee277fce99e01578d12fa5dbbdcf2

SHA256
229b3a2048e7706a91046bde4ffe9a07ea9f60b5549508482c948afa96df4573

SHA512
e379f26fbdd024d1e439361132994138e3de396efbf0e70311dcf6ef5d292b0a3bdbfcc613b928302f9bd145acaa2ca95de26a6e235eb9de4d1d2dd9a6e480be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7e4ec845f932d383780e50915ca53e68

SHA1
0c06a08f5b5c067de8e3a38e98b173eab1f9fcc1

SHA256
3c60077ce5244a1a4c137ddf612649e2fcd4c27175e02792767386ad6747fa8a

SHA512
05325fb94191e562025ea6cef4dd60c6ff048d920e1358d0e6643f074181203b1ed150222103eaa59d7b3dd9d9406ba37927a02186735395f2eb20daae85096f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
49670b4cbd4b91ae5ca68b440fd0fc20

SHA1
4b697733d6bbd713b218f51e143a5a5b4be2d52a

SHA256
bfc6c4933a0bb4940495baf3020f58afe31e448fe64d7b02e988118bb4e4dac6

SHA512
0209f54320fbed5629c6e61c5cd0239b36ab9ce328fe9a495fee232019e981f4b9e94403aaaae0ec02e09b960c514810052ddb936fecf05667f7f6da9e65f97d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e79119ae76d4b02564805cee46a6be3e

SHA1
5705b028eb0ee2769a18446dc517aa8eb50e4860

SHA256
79a398cee984c68d410b369ab104dcbe489c4e7987b4fac3b31b482f7156a734

SHA512
0d12a95eee47c38c5655ba25302d3cc3ce580cc2bb47f8988364f4409bcbccde848170235d754f76bdeea00a725875d6fb07846bc7d58bf930064c9b686e99f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a83376d7bcd6b6e4931ccb386a3b8e58

SHA1
0b4fe32017441b8222e68e513ee010aaa0a543b5

SHA256
701521e0395061cfa5ac28cf46ef6b4ea173088a2a4b807af2e9434ba40000da

SHA512
86439e680fdec5ac766cca885e643ab45f731228d5b3b3757753818f24fce9a5cfffd558cc0eaebc0a4690d93c9210eb7190ac162493e22ef2c16d897ea5531a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
47615fbaaf3c2a6a79f94db318745b34

SHA1
a519877ec01acbdc73560765df1bedcd21705a62

SHA256
698b8068cb6f433351290b6b4d04af14a649c3c7625b8f823cb88aab7e2a2aff

SHA512
59782d3f67e888a2754ad62dd5847727a46e7c2f50af20d9847c2d65a077205ed83eee0bbe51f35f1a968289ed3fc584b56e5cd42d7948e46c661854977f6e7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7cc1d3141ce79128ff40665f4703b92f

SHA1
aa3add16492270c645eba26c217723e7a2b7ff9a

SHA256
8eef388a2ac0b985ebb567ad628689a7c9730a000e9beb149a9e61bbb3464ac5

SHA512
3e8adfd09bd1eaa50cc5f9e207f61c765d293225f709c6ce279e8852cfc8f77e65549e0ac1a7a1b033673e8e1550debdcf048ec3614bc853583a3c62d5c77b47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
86710829f3f7a6ac6a5b7338615cf317

SHA1
e8fed96abfefb2b329bede5a24778c4b76086f2d

SHA256
43e39bc829651634a531817a6720e5df187702599f38e66dcc8edc4082c94f8e

SHA512
08570af54021d5728cba0edf1726b6bf7098493af64006ef5f914267163e44fc4939bbfd861dcf78eabdcf174da48dc4e7a86523a932138d3b97ad5e4f67e05c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6a4ee9f8d9033c58e1be14061f5b9a94

SHA1
47a0867f482709b48a0e060941aa456c0b6d7f35

SHA256
970a670814b21375df4f1b7991d4060293dd386cf40b60654159889c0a4adae7

SHA512
80f9b7c3a6a97a94c08600201ba99c29c1ca1105b1dc72666a4970a9aa2979d75d1a322c23d2bcf3d6e5eca4b91044f3206992d905a1d9043fee699cf24644e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
50157e74e400ed2fd25b7145c16841e7

SHA1
349d2e314654de997aafe37781a95b2781d1314a

SHA256
e0fc8d4b44ce86d9e0e54c2728ebb74b3ad9439c9b9e635201bdfc12f52d908e

SHA512
f3dbf28dc5ee7429049c3276d0d49d64b182a415c3d6feb51d4b27328ede5694c8299a25e7ea6a80b0820b5543003ffbbf5d364236d4d1d28c58bf0e73162191

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0e4353aa5ac17ebea5b2fd317e6f6f78

SHA1
897850d41899b05b4526f60f28cd2970c643d5f3

SHA256
cf978ff8d224f613100b0291104093af00d2413538e2a1e513d7504c0d508598

SHA512
4ead2772060f8c8510c1ef711206b7c52059ce9c42dbbd70e6e4a8cdcf055da0676263d57043b430ac4c6cf267474b2fc3fac8c83f679cfd848d617439e1791d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ae4a4.TMP

Filesize
1KB

MD5
a6d3e019ffb651f422c55d83f761f604

SHA1
a23ca04878403e2dc343ed07f96ccaabaf60a486

SHA256
d237215b04ff66430a0aac05eaa6b8d7ff89dae844a3d1c9aeaa2b125adfb8bb

SHA512
a09257c2ebf29d243b784d2f22c56736a56e966bbabc3d02a92233f57b15fff6d409ed9ba75258fadf6dc35ce94d1cecedaca620cd18e8416852996105281e92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b59bf9568e60786619a8776492daeaba

SHA1
607841dd811a0a546bf3f73cfaa63dc98d9af1f9

SHA256
1f2b94f1a6803d565994f14b1d7be97ffd646167da0a577366ad9daf13c036bc

SHA512
8d53f4a15aa4e9d95d3dcafa94a327ddcf46cf41256ac9cc35a763ca8773a0043f2f8a7eb688c1a8e370d1f1ce4efdbf8f5de5e9fb714d5c53c8509084144e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
73df4f3abeba06e45af409c12852e155

SHA1
fa16b3dbbe19288f3d450920f7a7101d68bbe33a

SHA256
f28ba74474d90f61813c10b98cb4b9357599c9f11d14cd7fe88b67ad0f8044eb

SHA512
b82d49f6f094362e14a55112c115b57472034e39d3977e3ea31634dc238b2d43bbcba044cbcce692d4aefba3afc2d00fa741cabe4cfd8a2f42add5d052700991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e48f40b90e2f9f460654c18a159ff53e

SHA1
603f6696ad1f83f6903fa7fb9c08bebb9e55d495

SHA256
e73071fd571121d0757c5a75e884d3f624c4ea27b1d35c83cdf2f9e5e8c6a323

SHA512
5642e44e30681698452fc3af02694d9c90ce00d043cbd5780106e4ee63300dbea5d7893595b468d34a47adb7a1c6b1e39c873b6390dddda7ee2ace5a4becb7e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6dfd9c6e4c5539f056b128206c0da789

SHA1
73d86e095d1faf3e47a227ceaec6208ca2ea1444

SHA256
f619884618764dea9dca697af09f7a9afd47d6849aebfaa10bf2fb184fb4fd36

SHA512
795a59acb0c13951952a82c818bdd43e1fc018ac72037cf8a4c2204e93553510f18e75ade103fbc3400d3ef427329278be60be7b8e05004b631ad3a9dbe44716

Download Submit
C:\Users\Admin\AppData\Local\Temp\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
230b23390271498db5aa9161567d1a63

SHA1
1537b228b59b27fd20ef16bbac9995c963bf52dd

SHA256
8f8d428ce8ca8da08636677699da6b5d85224f265691729963d9103001a2ad92

SHA512
c04a8c8eb5483da6bb7b4326f8cf5f24b1afbc3577fc29a8df3c5dedbcb21d3e302ecca771b6ea4c54511cf34ffa26d78f614374b3138f42bc28efba880bb109

Download Submit
C:\Users\Admin\AppData\Local\Temp\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
08447e61ae80bf4214b84914c1631434

SHA1
c6e11203a112a48f5987699600335056a888a0e1

SHA256
e5a98e2a3a7493989ff1dbf06a3e40593fd134fdec87a21dd12b78360969a09c

SHA512
e83f3217df99feed946df3a5ac62a996dfa710c4f0ea3e54e0b047d5c69b09f3f5a61d8c5faa6db589c0c94402c3f19bce52342bd879393bd094aaffa8d85ba8

Download Submit
C:\Users\Admin\AppData\Local\Temp\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\EBWebView\Default\Cache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\EBWebView\Default\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\EBWebView\Default\Cache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\EBWebView\Default\Network Persistent State

Filesize
299B

MD5
3318f9c5314b99140a19ad3a326ecf0c

SHA1
d02df1a91b963cb559d0e85d93534daaa73b151b

SHA256
fe810c8bc4542a9b48069e5830f34a4bd0a6909f6de5aa96799058cb69403d13

SHA512
6dacd650dca04231d472320540b2f501f6d4b93458611e07cd2835a8622e77dcce9edb74c2f0a416275ec6c730378d48971a30d08786a275f35d583574a109b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\EBWebView\Default\Network Persistent State~RFe5986da.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Temp\EBWebView\Default\Preferences

Filesize
4KB

MD5
cd9ca67c5edc4c848bf301cee40a84f1

SHA1
401e4e52b7a9d679b34471802532e4e8ce85cf70

SHA256
d10e89505e8806aa0d13e1ed1ad5895aeb104036a3115240d05c90c34710a6f3

SHA512
1cbefcc401566e7d244fb5515c6872bf5a2f5a5ab593131acd9b699f16ac83a48e3f1d06c48b26d3786297a0af4e1148a5dde79dcb5d7e4fbf020f2f78f2778f

Download Submit
C:\Users\Admin\AppData\Local\Temp\EBWebView\Default\Preferences~RFe5986ab.TMP

Filesize
3KB

MD5
34d21577ff3abcd7284738eaac697da6

SHA1
c6539e9e6b01b5bc34bba79ad941cca51076f4df

SHA256
53d4a8c869e6941c65aba807756bab6f1b9db0075205060e64770f16d73e0ae3

SHA512
3a734e9f854859e9f4c10f69edb778a3043d5b77575ebb66eb104f141d476d358230a17a25e3037ff168e8c9ae88e00cd1388a56faf4ad675d11250557bc2a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Temp\EBWebView\Local State

Filesize
8KB

MD5
b112fafb3daaf26b916173d8bef7a3b4

SHA1
56dc366475074ad317568bc308ba45290fb357b9

SHA256
d77c7753d7de9f82349cf9e9eef34a2462c069abd3fcb145d7827e716f1c1b5c

SHA512
a2a0480334fa53557a327279e18c1b07dabf69b65beef55bbbbd3809455c151e72c80ba5e2a850fd1789fa20f5d693baef8f754c93e9a1decaf36bee582d783d

Download Submit
C:\Users\Admin\AppData\Local\Temp\EBWebView\Local State~RFe595337.TMP

Filesize
8KB

MD5
eddc30ac805d689ac53417e11b13f58e

SHA1
f785e39fa37058ebcec0b889681ee46d00883608

SHA256
717695404e1e8f99c5f1eaa275a416cbdf55a5ef94d13742448e6e1b09c2bcbf

SHA512
66d004c0dea2e24db86462a90cb8d7b8b7ed66e671a054621405790ac0efd3860623346656c864b9043051a227307a7c9eaa30aaa43e437aff0a96c0351c311d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\FluxTeamB.zip.crdownload

Filesize
71KB

MD5
5b983519f5d1ad44ed85f8eb6c010bc1

SHA1
e86f542b1b5d172bb78819232119d80b23d24f54

SHA256
64cb9ff36c82878a84768c6eb138d2e9adf8ed9df0eb58cfe44ada8bc56f6060

SHA512
49dc71aa6b3fc01a825f46d3c39b8de1cb22cf06c361a56aa2ad5e82c280d5687e0ed0d2e308cb1130143ca617f56c223af2b450ae87dd312d5226e583042916

Download Submit
C:\Users\Admin\Downloads\FluxTeamB.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/968-734-0x00007FFF7C830000-0x00007FFF7D2F2000-memory.dmp

Filesize
10.8MB

Download
memory/968-500-0x000002925D520000-0x000002925D5DA000-memory.dmp

Filesize
744KB

Download
memory/968-494-0x00007FFF7C833000-0x00007FFF7C835000-memory.dmp

Filesize
8KB

Download
memory/968-495-0x00000292419C0000-0x0000029242286000-memory.dmp

Filesize
8.8MB

Download
memory/968-496-0x0000029243F30000-0x0000029243F70000-memory.dmp

Filesize
256KB

Download
memory/968-497-0x000002925C900000-0x000002925C950000-memory.dmp

Filesize
320KB

Download
memory/968-602-0x00007FFF7C830000-0x00007FFF7D2F2000-memory.dmp

Filesize
10.8MB

Download
memory/968-601-0x00007FFF7C833000-0x00007FFF7C835000-memory.dmp

Filesize
8KB

Download
memory/968-595-0x0000029263E20000-0x0000029264348000-memory.dmp

Filesize
5.2MB

Download
memory/968-498-0x00007FFF7C830000-0x00007FFF7D2F2000-memory.dmp

Filesize
10.8MB

Download
memory/968-499-0x000002925C950000-0x000002925D26E000-memory.dmp

Filesize
9.1MB

Download
memory/968-501-0x000002925C880000-0x000002925C88E000-memory.dmp

Filesize
56KB

Download
memory/968-502-0x000002925D5E0000-0x000002925D654000-memory.dmp

Filesize
464KB

Download
memory/968-503-0x000002925D470000-0x000002925D478000-memory.dmp

Filesize
32KB

Download
memory/968-505-0x000002925D480000-0x000002925D48E000-memory.dmp

Filesize
56KB

Download
memory/968-504-0x000002925D4C0000-0x000002925D4F8000-memory.dmp

Filesize
224KB

Download
memory/1100-642-0x00000183344D0000-0x00000183345F0000-memory.dmp

Filesize
1.1MB

Download
memory/3920-1001-0x0000000005E70000-0x0000000006246000-memory.dmp

Filesize
3.8MB

Download
memory/3920-997-0x0000000005000000-0x000000000500A000-memory.dmp

Filesize
40KB

Download
memory/3920-996-0x0000000005010000-0x00000000050A2000-memory.dmp

Filesize
584KB

Download
memory/3920-995-0x00000000054E0000-0x0000000005A86000-memory.dmp

Filesize
5.6MB

Download
memory/3920-994-0x00000000004D0000-0x0000000000544000-memory.dmp

Filesize
464KB

Download
memory/3920-1005-0x0000000005CE0000-0x0000000005E2E000-memory.dmp

Filesize
1.3MB

Download
memory/3920-1006-0x00000000054C0000-0x00000000054D4000-memory.dmp

Filesize
80KB

Download
memory/4524-643-0x000001CF01E50000-0x000001CF01F70000-memory.dmp

Filesize
1.1MB

Download
memory/4692-528-0x00007FFF9CDA0000-0x00007FFF9CDA1000-memory.dmp

Filesize
4KB

Download
memory/4692-658-0x000001908D4F0000-0x000001908D610000-memory.dmp

Filesize
1.1MB

Download
memory/4692-607-0x000001908D4F0000-0x000001908D610000-memory.dmp

Filesize
1.1MB

Download