b6129cbb04b56add0cecefe73fcb25f30bc35c98cc90ee14cbda9b8b773a0a99

Resubmissions

08-12-2024 04:22

241208-eznw7axncr 8

08-12-2024 04:18

241208-ewyxzsxmaq 7

Analysis

max time kernel
342s
max time network
345s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-12-2024 04:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FluxTeam.7z
Size

20.8MB
MD5

712567a666b820cda4fcea9cf5dc6b61
SHA1

efb6f5378de5120b60152c8a3366b6d0d8b536f5
SHA256

b6129cbb04b56add0cecefe73fcb25f30bc35c98cc90ee14cbda9b8b773a0a99
SHA512

707e8260d3dce6d884ec18c74b6ec6f81e707b0117ce45f88a595f9ccc3f16b357e36ef5f4bd8c5c15c9ff4b9496d23d0e3378194f1e4df936e36ecd5a591d3f
SSDEEP

393216:iETU+8dwON1Dy0fxtgtpKzwNFffPcGZRpDaLX7hJ9qvzZWJxy1h:iETUECJy0fzgtIzwk+RpU7EVGED

Score

8^/10

discovery evasion persistence privilege_escalation trojan

Malware Config

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Checks computer location settings 2 TTPs 13 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	dotnet-sdk-8.0.404-win-x64.exe
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 52 IoCs

pid	Process
5596	MicrosoftEdgeWebView2RuntimeInstallerX64.exe
1724	MicrosoftEdgeWebView2RuntimeInstallerX64.exe
6132	MicrosoftEdgeWebView2RuntimeInstallerX64.exe
2592	MicrosoftEdgeWebView2RuntimeInstallerX64.exe
5912	MicrosoftEdgeUpdate.exe
2608	MicrosoftEdgeUpdate.exe
4280	MicrosoftEdgeUpdate.exe
6136	MicrosoftEdgeUpdate.exe
1068	MicrosoftEdgeUpdate.exe
3860	MicrosoftEdgeUpdateComRegisterShell64.exe
2448	MicrosoftEdgeUpdateComRegisterShell64.exe
3580	MicrosoftEdgeUpdateComRegisterShell64.exe
5796	MicrosoftEdgeUpdate.exe
2420	MicrosoftEdgeUpdate.exe
5668	MicrosoftEdgeUpdate.exe
4020	MicrosoftEdgeUpdate.exe
5636	MicrosoftEdgeUpdate.exe
1872	MicrosoftEdgeWebview_X64_131.0.2903.86.exe
5716	MicrosoftEdgeUpdate.exe
2556	setup.exe
5492	setup.exe
4536	MicrosoftEdgeUpdate.exe
692	MicrosoftEdgeUpdate.exe
5312	MicrosoftEdgeUpdate.exe
5164	MicrosoftEdgeUpdate.exe
6616	MicrosoftEdgeUpdate.exe
4948	MicrosoftEdgeUpdate.exe
5268	dotnet-sdk-8.0.404-win-x64.exe
6864	dotnet-sdk-8.0.404-win-x64.exe
7116	dotnet-sdk-8.0.404-win-x64.exe
5360	dotnet.exe
2460	FluxTeam.exe
4032	msedgewebview2.exe
6716	msedgewebview2.exe
1908	msedgewebview2.exe
3560	msedgewebview2.exe
5908	msedgewebview2.exe
4808	msedgewebview2.exe
4420	FluxTeam.exe
5736	msedgewebview2.exe
6208	msedgewebview2.exe
6996	msedgewebview2.exe
2800	msedgewebview2.exe
7128	msedgewebview2.exe
408	msedgewebview2.exe
2940	FluxTeam.exe
6036	msedgewebview2.exe
4200	msedgewebview2.exe
6684	msedgewebview2.exe
5408	msedgewebview2.exe
1096	msedgewebview2.exe
6916	msedgewebview2.exe

Loads dropped DLL 64 IoCs

pid	Process
5912	MicrosoftEdgeUpdate.exe
2608	MicrosoftEdgeUpdate.exe
4280	MicrosoftEdgeUpdate.exe
6136	MicrosoftEdgeUpdate.exe
1068	MicrosoftEdgeUpdate.exe
3860	MicrosoftEdgeUpdateComRegisterShell64.exe
1068	MicrosoftEdgeUpdate.exe
2448	MicrosoftEdgeUpdateComRegisterShell64.exe
1068	MicrosoftEdgeUpdate.exe
3580	MicrosoftEdgeUpdateComRegisterShell64.exe
1068	MicrosoftEdgeUpdate.exe
5796	MicrosoftEdgeUpdate.exe
2420	MicrosoftEdgeUpdate.exe
5668	MicrosoftEdgeUpdate.exe
5668	MicrosoftEdgeUpdate.exe
2420	MicrosoftEdgeUpdate.exe
4020	MicrosoftEdgeUpdate.exe
5636	MicrosoftEdgeUpdate.exe
5716	MicrosoftEdgeUpdate.exe
4536	MicrosoftEdgeUpdate.exe
692	MicrosoftEdgeUpdate.exe
5312	MicrosoftEdgeUpdate.exe
5164	MicrosoftEdgeUpdate.exe
5164	MicrosoftEdgeUpdate.exe
6616	MicrosoftEdgeUpdate.exe
4948	MicrosoftEdgeUpdate.exe
6864	dotnet-sdk-8.0.404-win-x64.exe
5920	MsiExec.exe
5920	MsiExec.exe
2608	MsiExec.exe
2608	MsiExec.exe
3888	MsiExec.exe
3888	MsiExec.exe
3888	MsiExec.exe
3888	MsiExec.exe
4352	MsiExec.exe
4352	MsiExec.exe
6684	MsiExec.exe
6684	MsiExec.exe
7012	MsiExec.exe
7012	MsiExec.exe
4024	MsiExec.exe
4024	MsiExec.exe
6564	MsiExec.exe
2156	MsiExec.exe
2156	MsiExec.exe
5604	MsiExec.exe
5604	MsiExec.exe
5920	MsiExec.exe
5328	MsiExec.exe
404	MsiExec.exe
6556	MsiExec.exe
3620	MsiExec.exe
4460	MsiExec.exe
6620	MsiExec.exe
2160	MsiExec.exe
5540	MsiExec.exe
6904	MsiExec.exe
5360	MsiExec.exe
3196	MsiExec.exe
5364	MsiExec.exe
5220	MsiExec.exe
6260	MsiExec.exe
5412	MsiExec.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{4a00e948-fdc8-4ba4-b60a-22a977c39142} = "\"C:\\ProgramData\\Package Cache\\{4a00e948-fdc8-4ba4-b60a-22a977c39142}\\dotnet-sdk-8.0.404-win-x64.exe\" /burn.runonce"	dotnet-sdk-8.0.404-win-x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	FluxTeam.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	FluxTeam.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	FluxTeam.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 13 IoCs

Web Service

T1102

flow	ioc
205	pastebin.com
211	raw.githubusercontent.com
212	raw.githubusercontent.com
184	pastebin.com
188	pastebin.com
190	discord.com
199	raw.githubusercontent.com
200	raw.githubusercontent.com
224	pastebin.com
189	discord.com
198	raw.githubusercontent.com
213	raw.githubusercontent.com
232	discord.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Checks system information in the registry 2 TTPs 30 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.Build.Tasks.Git\tools\core\ru\Microsoft.Build.Tasks.Git.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelglobalization_7_recommended.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\DotnetTools\dotnet-format\tr\Microsoft.CodeAnalysis.VisualBasic.Features.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\de\Microsoft.TestPlatform.VsTestConsole.TranslationLayer.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\TestHostNetFramework\testhost.x86.exe.config	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.11\data\PlatformManifest.txt	msiexec.exe
File created	C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Net.NetworkInformation.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\runtimes\any\native\NuGet.props	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.NET.Sdk.StaticWebAssets\targets\Microsoft.NET.Sdk.StaticWebAssets.CrossTargeting.targets	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\DotnetTools\dotnet-format\zh-Hant\Microsoft.CodeAnalysis.VisualBasic.Features.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\de\Microsoft.TestPlatform.CoreUtilities.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\8.0.11\ref\net8.0\Microsoft.VisualBasic.dll	msiexec.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUE049.tmp\psuser_arm64.dll	MicrosoftEdgeWebView2RuntimeInstallerX64.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.86\dxcompiler.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.86\Locales\nb.pak	setup.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.11\ref\net8.0\System.IO.Compression.ZipFile.xml	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.11\ref\net8.0\System.Runtime.CompilerServices.Unsafe.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework-SystemXml.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\tr\WindowsFormsIntegration.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelperformance_8_recommended.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.SourceLink.GitHub\tools\net472\pt-BR\Microsoft.SourceLink.GitHub.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\Microsoft.Extensions.Configuration.Abstractions.dll	msiexec.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU3195.tmp\msedgeupdateres_hu.dll	MicrosoftEdgeWebView2RuntimeInstallerX64.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.86\Locales\or.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.86\Locales\hr.pak	setup.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.11\ref\net8.0\System.Xml.Serialization.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.11\ref\net8.0\Microsoft.AspNetCore.Authentication.Cookies.xml	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.11\ref\net8.0\Microsoft.AspNetCore.Hosting.Abstractions.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysisleveldesign_9_none.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\Containers\containerize\pt-BR\Microsoft.NET.Build.Containers.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelmaintainability_7_default.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\DotnetTools\dotnet-watch\8.0.404-servicing.24521.39\tools\net8.0\any\pl\Microsoft.CodeAnalysis.CSharp.Features.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.NET.Sdk\tools\net8.0\zh-Hant\Microsoft.DotNet.ApiCompatibility.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUDE55.tmp\msedgeupdateres_pt-BR.dll	MicrosoftEdgeWebView2RuntimeInstallerX64.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.86\identity_proxy\win10\identity_helper.Sparse.Beta.msix	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\Locales\tr.pak	setup.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.11\ref\net8.0\System.ComponentModel.EventBasedAsync.xml	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelmaintainability_7_minimum.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\TestHostNetFramework\System.Net.Http.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.NET.Sdk\tools\net8.0\ru\Microsoft.NET.Build.Tasks.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\NuGet.Frameworks.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.11\Microsoft.Extensions.FileProviders.Abstractions.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\pt-BR\NuGet.Commands.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelnaming_6_default.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.SourceLink.AzureRepos.Git\tools\net472\cs\Microsoft.SourceLink.AzureRepos.Git.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\PresentationFramework.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\System.Windows.Extensions.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\8.0.11\ref\net8.0\System.Threading.AccessControl.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.11\ref\net8.0\Microsoft.AspNetCore.Authorization.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.NET.Sdk\tools\net472\tr\Microsoft.Deployment.DotNet.Releases.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\zh-Hans\Microsoft.TestPlatform.VsTestConsole.TranslationLayer.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\Microsoft\Microsoft.NET.Build.Extensions\net461\lib\System.Runtime.Serialization.Xml.dll	msiexec.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU3195.tmp\EdgeUpdate.dat	MicrosoftEdgeWebView2RuntimeInstallerX64.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.11\ref\net8.0\System.Runtime.Extensions.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.11\pt-BR\UIAutomationTypes.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.11\analyzers\dotnet\roslyn4.4\cs\it\Microsoft.Extensions.Options.SourceGeneration.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelinteroperability_8_all_warnaserror.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelusage_8_default_warnaserror.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\DotnetTools\dotnet-watch\8.0.404-servicing.24521.39\tools\net8.0\any\zh-Hant\Microsoft.CodeAnalysis.Scripting.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.SecureString.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.11\analyzers\dotnet\cs\pl\System.Text.Json.SourceGeneration.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Resources.ResourceManager.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.NET.Sdk.BlazorWebAssembly\tools\net8.0\Microsoft.NET.Sdk.BlazorWebAssembly.Tool.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.404\TestHostNetFramework\testhost.net47.exe	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI2E2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3FB5.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAC85.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC9D0.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5a9546.msi	msiexec.exe
File created	C:\Windows\Installer\e5a954b.msi	msiexec.exe
File created	C:\Windows\Installer\e5a9550.msi	msiexec.exe
File created	C:\Windows\Installer\e5a9586.msi	msiexec.exe
File created	C:\Windows\Installer\e5a959a.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA122.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2F0A.tmp	msiexec.exe
File created	C:\Windows\Installer\e5a95a4.msi	msiexec.exe
File created	C:\Windows\Installer\e5a955f.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6DB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEEF.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI286F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF243.tmp	msiexec.exe
File created	C:\Windows\Installer\e5a9596.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9D97.tmp	msiexec.exe
File created	C:\Windows\Installer\e5a9563.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI11FD.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI207C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5a9591.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBF77.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICED3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEDEB.tmp	msiexec.exe
File created	C:\Windows\Installer\e5a95a0.msi	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\64.8.8795\fileCoreHostExe	msiexec.exe
File created	C:\Windows\Installer\e5a957d.msi	msiexec.exe
File created	C:\Windows\Installer\e5a959f.msi	msiexec.exe
File created	C:\Windows\Installer\e5a958c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2DFF.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5a95a0.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA742.tmp	msiexec.exe
File created	C:\Windows\Installer\e5a9540.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC848.tmp	msiexec.exe
File created	C:\Windows\Installer\e5a9582.msi	msiexec.exe
File created	C:\Windows\Installer\e5a9522.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAA32.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5a9578.msi	msiexec.exe
File created	C:\Windows\Installer\e5a9587.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{A3861873-37BC-4E5C-A8E4-C97BB657C573}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC528.tmp	msiexec.exe
File created	C:\Windows\Installer\e5a9541.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1EB6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI23BA.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5a957d.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{F59C11F0-D73F-452B-8D1D-8C33B82D8507}	msiexec.exe
File created	C:\Windows\Installer\e5a9536.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEF25.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5a955f.msi	msiexec.exe
File created	C:\Windows\Installer\e5a9590.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA81D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE8E9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1D4E.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{3637B142-2A82-43D9-BE0F-7176F99C6FB8}	msiexec.exe
File created	C:\Windows\Installer\e5a9578.msi	msiexec.exe
File created	C:\Windows\Installer\e5a9532.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5a953c.msi	msiexec.exe
File created	C:\Windows\Installer\e5a9546.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{B5A57BF9-FC7A-4FA6-BAEB-46E173986DF3}	msiexec.exe
File opened for modification	C:\Windows\Installer\e5a9596.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI99EC.tmp	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 56 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wermgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dotnet-sdk-8.0.404-win-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebView2RuntimeInstallerX64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wermgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wermgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebView2RuntimeInstallerX64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebView2RuntimeInstallerX64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dotnet-sdk-8.0.404-win-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wermgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dotnet-sdk-8.0.404-win-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebView2RuntimeInstallerX64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 7 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4020	MicrosoftEdgeUpdate.exe
5636	MicrosoftEdgeUpdate.exe
5716	MicrosoftEdgeUpdate.exe
5312	MicrosoftEdgeUpdate.exe
6616	MicrosoftEdgeUpdate.exe
4948	MicrosoftEdgeUpdate.exe
5796	MicrosoftEdgeUpdate.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 26 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 62 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3B	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3d	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3D	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\41	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\42	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3F	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133781054291879748"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\40	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3C	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3f	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\40	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\DeveloperTools	dotnet.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\DeveloperTools\deviceid = "c534b44f-9bc8-4cd9-a8c1-8369fbb6ce7e"	dotnet.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\41	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3c	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3E	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.39\\MicrosoftEdgeUpdateOnDemand.exe\""	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA0970C04F06384582B76B77826E536\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{42580F9E-2678-4BB9-A2BC-F22A1D432A1A}\InprocHandler32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5C4468FE3565AB83087730C09CB7D161	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D6FE611E8EAD6E40B8DFE1F54DC54AD\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\41452C3C2D4A75241A19694CA47DF828\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{C3C25414-A4D2-4257-A191-96C44AD78F82}v64.44.23191\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ = "Google Update Policy Status Class"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ProgID\ = "MicrosoftEdgeUpdate.CoreMachineClass.1"	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F11C95FF37DB254D8D1C8338BD25870\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\Enabled = "1"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachine.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1A56630F40152E84B66E93BB148C6C6B\8C6DC37BF9A9EDB44A768A6ECC222415	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\Assignment = "1"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2F1AC97A044D04F38989C6A1E5D14DE0\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC4835B8981DEFC4D80FD2504BAE4899\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\3CF9421CA24E9364C943DFF339104758	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0D1016310EC5E275D54D0F38E92C9968\23618B4C0838FEB4C8ACCD65164F9DF2	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AC4835B8981DEFC4D80FD2504BAE4899\F_PackageContents	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\NetCore_Templates_8.0_32.10.60788_x64	dotnet-sdk-8.0.404-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D0D06DDCB848DF0458EF6F3F26F9325C\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassSvc"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\Elevation	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\PROGID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8C7869EC91890CF4DA54A30A5DEBF066	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8C7869EC91890CF4DA54A30A5DEBF066\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{CE9687C8-9819-4FC0-AD45-3AA0D5BE0F66}v64.44.23093\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8C6DC37BF9A9EDB44A768A6ECC222415\ProductName = "Microsoft .NET 8.0 Templates 8.0.404 (x64)"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine\CLSID\ = "{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D0D4B2638348AD44682BEF4CE400F0AC\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{362B4D0D-8438-44DA-86B2-FEC44E000FCA}v64.44.23191\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC4835B8981DEFC4D80FD2504BAE4899\PackageCode = "66303D4B51054E0419EB241E70A0E316"	msiexec.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 94316.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 776099.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3476	chrome.exe
3476	chrome.exe
512	msedge.exe
512	msedge.exe
1412	msedge.exe
1412	msedge.exe
6116	identity_helper.exe
6116	identity_helper.exe
5912	msedge.exe
5912	msedge.exe
2608	MicrosoftEdgeUpdate.exe
2608	MicrosoftEdgeUpdate.exe
4280	MicrosoftEdgeUpdate.exe
4280	MicrosoftEdgeUpdate.exe
4280	MicrosoftEdgeUpdate.exe
4280	MicrosoftEdgeUpdate.exe
4280	MicrosoftEdgeUpdate.exe
4280	MicrosoftEdgeUpdate.exe
4280	MicrosoftEdgeUpdate.exe
4280	MicrosoftEdgeUpdate.exe
5912	MicrosoftEdgeUpdate.exe
5912	MicrosoftEdgeUpdate.exe
5912	MicrosoftEdgeUpdate.exe
5912	MicrosoftEdgeUpdate.exe
5912	MicrosoftEdgeUpdate.exe
5912	MicrosoftEdgeUpdate.exe
5912	MicrosoftEdgeUpdate.exe
5912	MicrosoftEdgeUpdate.exe
5912	MicrosoftEdgeUpdate.exe
5912	MicrosoftEdgeUpdate.exe
5912	MicrosoftEdgeUpdate.exe
5912	MicrosoftEdgeUpdate.exe
4280	MicrosoftEdgeUpdate.exe
4280	MicrosoftEdgeUpdate.exe
4280	MicrosoftEdgeUpdate.exe
4280	MicrosoftEdgeUpdate.exe
4536	MicrosoftEdgeUpdate.exe
4536	MicrosoftEdgeUpdate.exe
4536	MicrosoftEdgeUpdate.exe
4536	MicrosoftEdgeUpdate.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
2608	MicrosoftEdgeUpdate.exe
2608	MicrosoftEdgeUpdate.exe
2608	MicrosoftEdgeUpdate.exe
2608	MicrosoftEdgeUpdate.exe
5136	msedge.exe
5136	msedge.exe
2592	msiexec.exe
2592	msiexec.exe
2592	msiexec.exe
2592	msiexec.exe
2592	msiexec.exe
2592	msiexec.exe
2592	msiexec.exe
2592	msiexec.exe
2592	msiexec.exe
2592	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1168	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 38 IoCs

pid	Process
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
4032	msedgewebview2.exe
1412	msedge.exe
1412	msedge.exe
5736	msedgewebview2.exe
3936	msedge.exe
3936	msedge.exe
6036	msedgewebview2.exe
3936	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	1168	7zFM.exe
Token: 35	1168	7zFM.exe
Token: SeSecurityPrivilege	1168	7zFM.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1168	7zFM.exe
1168	7zFM.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3476 wrote to memory of 5092	3476	chrome.exe	91
PID 3476 wrote to memory of 5092	3476	chrome.exe	91
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 5072	3476	chrome.exe	92
PID 3476 wrote to memory of 2052	3476	chrome.exe	93
PID 3476 wrote to memory of 2052	3476	chrome.exe	93
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94
PID 3476 wrote to memory of 4420	3476	chrome.exe	94

System policy modification 1 TTPs 3 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection	msedgewebview2.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection	msedgewebview2.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection	msedgewebview2.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\FluxTeam.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff856d9cc40,0x7ff856d9cc4c,0x7ff856d9cc58
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2012,i,13477863995302379122,13830787897217124531,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1844,i,13477863995302379122,13830787897217124531,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,13477863995302379122,13830787897217124531,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,13477863995302379122,13830787897217124531,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,13477863995302379122,13830787897217124531,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3688,i,13477863995302379122,13830787897217124531,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,13477863995302379122,13830787897217124531,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,13477863995302379122,13830787897217124531,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4796,i,13477863995302379122,13830787897217124531,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5140,i,13477863995302379122,13830787897217124531,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5132,i,13477863995302379122,13830787897217124531,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,13477863995302379122,13830787897217124531,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5472,i,13477863995302379122,13830787897217124531,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5452 /prefetch:2
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4992,i,13477863995302379122,13830787897217124531,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2732

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1644

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff852b546f8,0x7ff852b54708,0x7ff852b54718
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 /prefetch:8
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6440 /prefetch:8
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5912
- C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe
  "C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:5596
- - C:\Program Files (x86)\Microsoft\Temp\EUDE55.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EUDE55.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2608
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:6136
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:1068
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3860
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2448
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3580
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjA0MkU3MjAtOTkwNy00MTg5LUE5RTEtNjM1QTA5MUVCMzZEfSIgdXNlcmlkPSJ7OUM3OURDRkItRUY1My00RjY0LUExMDMtRTQ2NUQ3QkM3Q0YxfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezcyQUNERjYyLTZFODQtNDVGOC04QjFDLTE3N0Q1QTEwMTk0Nn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0Ny4zNyIgbmV4dHZlcnNpb249IjEuMy4xOTUuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU4NjYwMDMyNTAiIGluc3RhbGxfdGltZV9tcz0iMzA1MCIvPjwvYXBwPjwvcmVxdWVzdD4
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:5796
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers" /installsource offline /sessionid "{2042E720-9907-4189-A9E1-635A091EB36D}" /offlinedir "{6AB09CC9-5DEA-4CD3-9041-6E42D578618D}"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:2420
- C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe
  "C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1724
- - C:\Program Files (x86)\Microsoft\Temp\EUE049.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EUE049.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4280
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkFCMjA1NEEtQzkyRC00RDdGLTlDN0EtMUNDOEIxNDcyNjkzfSIgdXNlcmlkPSJ7OUM3OURDRkItRUY1My00RjY0LUExMDMtRTQ2NUQ3QkM3Q0YxfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezhBNjg0QkRGLTRCM0ItNEQ2Qi05RTgwLUE5MjBFNERGNDFDNH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtjQllFWVg4NzF0c0d1S0phbzYzWGpVdDV2SkU5WHhDVG5FN0gwUGdVaktFPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTQ3LjM3IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4zOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcyMTk2OTYiIGV4dHJhY29kZTE9IjEyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1OTU5MzYwOTU0Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcyMTk2OTYiIGV4dHJhY29kZTE9IjEyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1OTU5MzYwOTU0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:5716
  - - C:\Windows\SysWOW64\wermgr.exe
      "C:\Windows\system32\wermgr.exe" "-outproc" "0" "4280" "1188" "696" "1184" "0" "0" "0" "0" "0" "0" "0" "0"
      4⤵
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      Enumerates system info in registry
      PID:6232
- C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe
  "C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6132
- - C:\Program Files (x86)\Microsoft\Temp\EUE1A1.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EUE1A1.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:5912
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTg1M0VDRDUtQzgyMy00MDUwLTg0RjgtRTE2NkI0NjBFRjAwfSIgdXNlcmlkPSJ7OUM3OURDRkItRUY1My00RjY0LUExMDMtRTQ2NUQ3QkM3Q0YxfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezJENzU1NjRELTYwQ0YtNEQ0OS04MUU5LURFNTY1MkU4MEM0NH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4zOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcyMTk2OTYiIGV4dHJhY29kZTE9IjEyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1OTQxMTUxMDA3Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcyMTk2OTYiIGV4dHJhY29kZTE9IjEyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1OTQxMTUxMDA3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:5636
  - - C:\Windows\SysWOW64\wermgr.exe
      "C:\Windows\system32\wermgr.exe" "-outproc" "0" "5912" "1032" "880" "1000" "0" "0" "0" "0" "0" "0" "0" "0"
      4⤵
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      Enumerates system info in registry
      PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  PID:2556
- C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe
  "C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2592
- - C:\Program Files (x86)\Microsoft\Temp\EU3195.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EU3195.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4536
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /healthcheck
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:692
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzEyNkE4QjctRTE0QS00QjhFLThEMUEtNDcyNUZCMzQ2MzBDfSIgdXNlcmlkPSJ7OUM3OURDRkItRUY1My00RjY0LUExMDMtRTQ2NUQ3QkM3Q0YxfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezZFOUIzM0IyLUU4QkQtNDMyNi1CMkI1LTIzM0FGNUU0M0MzN30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtjQllFWVg4NzF0c0d1S0phbzYzWGpVdDV2SkU5WHhDVG5FN0gwUGdVaktFPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4zOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjAzMDA5NTA4MCIgaW5zdGFsbF90aW1lX21zPSIxMTYiLz48L2FwcD48L3JlcXVlc3Q-
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:5312
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers" /installsource offline /sessionid "{C126A8B7-E14A-4B8E-8D1A-4725FB34630C}" /offlinedir "{2269FE6A-26D3-4CBD-9ABD-BE58037B4587}"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:5164
    - - C:\Windows\SysWOW64\wermgr.exe
        
        "C:\Windows\system32\wermgr.exe" "-outproc" "0" "5164" "1196" "1064" "1192" "0" "0" "0" "0" "0" "0" "0" "0"
        5⤵
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:2160
  - - C:\Windows\SysWOW64\wermgr.exe
      "C:\Windows\system32\wermgr.exe" "-outproc" "0" "4536" "1444" "1356" "1448" "0" "0" "0" "0" "0" "0" "0" "0"
      4⤵
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      Enumerates system info in registry
      PID:6764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7596 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5136
- C:\Users\Admin\Downloads\dotnet-sdk-8.0.404-win-x64.exe
  "C:\Users\Admin\Downloads\dotnet-sdk-8.0.404-win-x64.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5268
- - C:\Windows\Temp\{E2D71A77-B2F7-417E-9BAF-073C05AB4478}\.cr\dotnet-sdk-8.0.404-win-x64.exe
    "C:\Windows\Temp\{E2D71A77-B2F7-417E-9BAF-073C05AB4478}\.cr\dotnet-sdk-8.0.404-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-8.0.404-win-x64.exe" -burn.filehandle.attached=584 -burn.filehandle.self=720
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:6864
  - - C:\Windows\Temp\{A7235459-99D4-46CF-B2BE-8A809E1FB46E}\.be\dotnet-sdk-8.0.404-win-x64.exe
      "C:\Windows\Temp\{A7235459-99D4-46CF-B2BE-8A809E1FB46E}\.be\dotnet-sdk-8.0.404-win-x64.exe" -q -burn.elevated BurnPipe.{FA0D222E-3B60-40E3-B9F1-259FB319DDF0} {24563345-D1F7-485A-AB21-07A0600473FA} 6864
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:7116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2084 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7132 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1
  2⤵
  PID:6576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12066803942986685808,1524035414253847735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1
  2⤵
  PID:6220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2932

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
PID:5668
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjA0MkU3MjAtOTkwNy00MTg5LUE5RTEtNjM1QTA5MUVCMzZEfSIgdXNlcmlkPSJ7OUM3OURDRkItRUY1My00RjY0LUExMDMtRTQ2NUQ3QkM3Q0YxfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NUM0QTg3RDgtMTM4QS00QUE5LTgyMUMtNjI2QjFDMzRFRUQ4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O2NCWUVZWDg3MXRzR3VLSmFvNjNYalV0NXZKRTlYeENUbkU3SDBQZ1VqS0U9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI2MSIgaW5zdGFsbGRhdGV0aW1lPSIxNzI4MjkzMDY1IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNzI3NjU3MjYzMzUwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTg5NzcxMTY5OCIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4020
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D4A3BECA-C774-463B-A7B7-A53CA3D3F39A}\MicrosoftEdgeWebview_X64_131.0.2903.86.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D4A3BECA-C774-463B-A7B7-A53CA3D3F39A}\MicrosoftEdgeWebview_X64_131.0.2903.86.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:1872
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D4A3BECA-C774-463B-A7B7-A53CA3D3F39A}\EDGEMITMP_1D2F7.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D4A3BECA-C774-463B-A7B7-A53CA3D3F39A}\EDGEMITMP_1D2F7.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D4A3BECA-C774-463B-A7B7-A53CA3D3F39A}\MicrosoftEdgeWebview_X64_131.0.2903.86.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:2556
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D4A3BECA-C774-463B-A7B7-A53CA3D3F39A}\EDGEMITMP_1D2F7.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D4A3BECA-C774-463B-A7B7-A53CA3D3F39A}\EDGEMITMP_1D2F7.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.109 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D4A3BECA-C774-463B-A7B7-A53CA3D3F39A}\EDGEMITMP_1D2F7.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.86 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff6168c2918,0x7ff6168c2924,0x7ff6168c2930
      4⤵
      Executes dropped EXE
      PID:5492
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzEyNkE4QjctRTE0QS00QjhFLThEMUEtNDcyNUZCMzQ2MzBDfSIgdXNlcmlkPSJ7OUM3OURDRkItRUY1My00RjY0LUExMDMtRTQ2NUQ3QkM3Q0YxfSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7MEVDOEVEMEEtMTNGRS00QTQwLUI2Q0ItRkEzM0JBRjM0REYyfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O2NCWUVZWDg3MXRzR3VLSmFvNjNYalV0NXZKRTlYeENUbkU3SDBQZ1VqS0U9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMS4wLjI5MDMuODYiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYwNDc5OTc3OTYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iNCIgZXJyb3Jjb2RlPSItMjE0NzIxOTQ0MCIgZXh0cmFjb2RlMT0iMjY4NDM1NDYxIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MTUxMDYxODUyIiBpc19idW5kbGVkPSIwIiBzdGF0ZV9jYW5jZWxsZWQ9IjUiIHRpbWVfc2luY2VfdXBkYXRlX2F2YWlsYWJsZV9tcz0iMTAzMDciLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6616
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjA0MkU3MjAtOTkwNy00MTg5LUE5RTEtNjM1QTA5MUVCMzZEfSIgdXNlcmlkPSJ7OUM3OURDRkItRUY1My00RjY0LUExMDMtRTQ2NUQ3QkM3Q0YxfSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7ODM0OUNEOTktOEEyMy00QUMxLTk3RTAtRkFFNkVDMEU1MkUwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O2NCWUVZWDg3MXRzR3VLSmFvNjNYalV0NXZKRTlYeENUbkU3SDBQZ1VqS0U9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMS4wLjI5MDMuODYiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU5MDg2NDUwNTEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1OTA4ODU5MjI0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTkyMzY2MTM4MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU5NDIwNjEwNDUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjY2MDkxODA1MzciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZWQ9IjE3NjY3NjQwOCIgdG90YWw9IjE3NjY3NjQwOCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjEiIGluc3RhbGxfdGltZV9tcz0iNjY3MDkiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4948

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5892

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2592
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 529ACA8F7F17131C7E409129F893D567
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5920
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 5B2F15AEAFB05082EDACCCA817828368
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2608
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9C20FB74F7E6A01BBEF0D309EDF6BA15
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3888
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8294CC7CAF0B67364B0A8946D1B13159
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4352
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 69135E0AC159DCD3B7E5E543464633F3
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6684
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 131185F05B7A59F68A72AF5A3EDC123D
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:7012
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 1952DF5331DF4664F2B749505F59203A
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4024
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 880065D4E28C1B8ECA14C462EA5DFA20
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6564
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 4240033921C8C04467B59342666F47A3
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2156
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding E2217C549E36C205BA168A13E9017A04
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5604
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 3C968B03DB7DB5C44F7EBA4C778FE67E
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5920
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 41DC2875DAB73059934FC96B37E72963
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5328
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 01AE10E21B59285DF01048F169D91D1B
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:404
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C6B2EE56EC64C164984BC8A9DABE70F1
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6556
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 17988E61C2EFA01E9CB0202F617B29E0
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3620
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B53A8199ED130F3BDCB64BC5EC4EFA06
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4460
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 975EBB246F2FA18B137CB8593F405E7F
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6620
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2424C049B8AB90792F8D6045C5C1FD36
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2160
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 38A14DF6B1E8CD93885464C44CF562D1
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5540
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 676A17E765D328F44CAE25118A8876EB
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6904
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 08EEDA5D1612F490975B4A7AD814924D
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5360
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding EDDF59EBB50E2498B07054EC63C14ABE
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3196
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B2F791BA437AF57A03301ACBBF1D0FD1
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5364
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding AFEFB88385F44127098F35DC803EF452
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5220
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 720E4D22EC4263429D4B7CC1C64AE4DD
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6260
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 86DCCA3F9A999C2714F647F5C9932907
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5412
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D0BB0BF2955BD48909CC20F3620ABC3F E Global\MSI0000
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6252
- - C:\Program Files\dotnet\dotnet.exe
    "C:\Program Files\dotnet\\dotnet.exe" exec "C:\Program Files\dotnet\\sdk\8.0.404\dotnet.dll" internal-reportinstallsuccess "C:\Users\Admin\Downloads\dotnet-sdk-8.0.404-win-x64.exe"
    3⤵
    - Executes dropped EXE
    - Modifies data under HKEY_USERS
    PID:5360
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:6344
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:2384
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:5316
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:4468
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:5640
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 016F08DDB814CF595672146713744737
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4632

C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe
"C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe"
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/fluxus
  2⤵
  PID:3668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff852b546f8,0x7ff852b54708,0x7ff852b54718
    3⤵
    PID:1056
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=FluxTeam.exe --webview-exe-version=1.0.4 --user-data-dir="C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --mojo-named-platform-channel-pipe=2460.4576.16404062481853814016
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks system information in the registry
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - System policy modification
  PID:4032
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.109 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=131.0.2903.86 --initial-client-data=0x184,0x188,0x18c,0x160,0x40,0x7ff84aee6070,0x7ff84aee607c,0x7ff84aee6088
    3⤵
    - Executes dropped EXE
    PID:6716
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView" --webview-exe-name=FluxTeam.exe --webview-exe-version=1.0.4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1824,i,15757273839499912479,2098554324458125000,262144 --variations-seed-version --mojo-platform-channel-handle=1816 /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:1908
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView" --webview-exe-name=FluxTeam.exe --webview-exe-version=1.0.4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1676,i,15757273839499912479,2098554324458125000,262144 --variations-seed-version --mojo-platform-channel-handle=2080 /prefetch:3
    3⤵
    - Executes dropped EXE
    PID:3560
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView" --webview-exe-name=FluxTeam.exe --webview-exe-version=1.0.4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2304,i,15757273839499912479,2098554324458125000,262144 --variations-seed-version --mojo-platform-channel-handle=2316 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:5908
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView" --webview-exe-name=FluxTeam.exe --webview-exe-version=1.0.4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3624,i,15757273839499912479,2098554324458125000,262144 --variations-seed-version --mojo-platform-channel-handle=3636 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:4808

C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe
"C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe"
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/fluxus
  2⤵
  PID:4872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff852b546f8,0x7ff852b54708,0x7ff852b54718
    3⤵
    PID:840
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=FluxTeam.exe --webview-exe-version=1.0.4 --user-data-dir="C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --mojo-named-platform-channel-pipe=4420.6288.15991082527357094309
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks system information in the registry
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - System policy modification
  PID:5736
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.109 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=131.0.2903.86 --initial-client-data=0x160,0x164,0x168,0xf0,0x194,0x7ff84aee6070,0x7ff84aee607c,0x7ff84aee6088
    3⤵
    - Executes dropped EXE
    PID:6208
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView" --webview-exe-name=FluxTeam.exe --webview-exe-version=1.0.4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1880,i,6262306689674444442,3097345657065156316,262144 --variations-seed-version --mojo-platform-channel-handle=1876 /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:6996
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView" --webview-exe-name=FluxTeam.exe --webview-exe-version=1.0.4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1832,i,6262306689674444442,3097345657065156316,262144 --variations-seed-version --mojo-platform-channel-handle=2044 /prefetch:3
    3⤵
    - Executes dropped EXE
    PID:2800
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView" --webview-exe-name=FluxTeam.exe --webview-exe-version=1.0.4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2168,i,6262306689674444442,3097345657065156316,262144 --variations-seed-version --mojo-platform-channel-handle=2292 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:7128
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView" --webview-exe-name=FluxTeam.exe --webview-exe-version=1.0.4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3552,i,6262306689674444442,3097345657065156316,262144 --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:408

C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe
"C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe"
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/fluxus
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:3936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff852b546f8,0x7ff852b54708,0x7ff852b54718
    3⤵
    PID:3480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,7148909952665577029,15545939721358237494,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
    3⤵
    PID:5256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,7148909952665577029,15545939721358237494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
    3⤵
    PID:6712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,7148909952665577029,15545939721358237494,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
    3⤵
    PID:6244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,7148909952665577029,15545939721358237494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
    3⤵
    PID:2928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,7148909952665577029,15545939721358237494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:3040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,7148909952665577029,15545939721358237494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
    3⤵
    PID:1524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2016,7148909952665577029,15545939721358237494,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5156 /prefetch:8
    3⤵
    PID:2932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2016,7148909952665577029,15545939721358237494,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4064 /prefetch:8
    3⤵
    PID:6440
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,7148909952665577029,15545939721358237494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
    3⤵
    PID:6044
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,7148909952665577029,15545939721358237494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
    3⤵
    PID:6056
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=FluxTeam.exe --webview-exe-version=1.0.4 --user-data-dir="C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --mojo-named-platform-channel-pipe=2940.5956.8015571062609827125
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks system information in the registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - System policy modification
  PID:6036
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.109 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=131.0.2903.86 --initial-client-data=0x160,0x164,0x168,0x13c,0x170,0x7ff84aee6070,0x7ff84aee607c,0x7ff84aee6088
    3⤵
    - Executes dropped EXE
    PID:4200
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView" --webview-exe-name=FluxTeam.exe --webview-exe-version=1.0.4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1764,i,12378034736697961043,17368337585713791255,262144 --variations-seed-version --mojo-platform-channel-handle=1760 /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:6684
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView" --webview-exe-name=FluxTeam.exe --webview-exe-version=1.0.4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2012,i,12378034736697961043,17368337585713791255,262144 --variations-seed-version --mojo-platform-channel-handle=2032 /prefetch:3
    3⤵
    - Executes dropped EXE
    PID:5408
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView" --webview-exe-name=FluxTeam.exe --webview-exe-version=1.0.4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2276,i,12378034736697961043,17368337585713791255,262144 --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:1096
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView" --webview-exe-name=FluxTeam.exe --webview-exe-version=1.0.4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3548,i,12378034736697961043,17368337585713791255,262144 --variations-seed-version --mojo-platform-channel-handle=3596 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:6916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5a9520.rbs

Filesize
48KB

MD5
78023cf9eeed1d6678b1a202d2531e87

SHA1
2c45506dc73a675ad9cd83ffa339f3a25b56c860

SHA256
c66e6c02a786165465d6fb5c7a2a8dabe6bcb673c1aa524a5f2a6162bae5b942

SHA512
cb4e9c7ff6d26f1bf024f599877e5bd0728a108a9611d46a864819c877b174daf16755880b76d54c692a3a01ca981f590f1c85d394993a1a66097674b5dcac19

Download Submit
C:\Config.Msi\e5a9525.rbs

Filesize
9KB

MD5
3916d6e4e6e77cf88b43954f0e174d32

SHA1
8e6c7a373974eaa670c00c86f533e7cec6693e25

SHA256
2b104d69ac01c294b1920842f65ae27ed3c50847d635f05a9f347eaa6729620f

SHA512
8a0a78a8da71859fe1e40294235706d81b82f155a9b3ff3a9311d9a97d34d9295586eb66465f9243785ca1592ce1050178760fe97f479dfbce1ca4873e0e7ea0

Download Submit
C:\Config.Msi\e5a952a.rbs

Filesize
11KB

MD5
a9616458b1ec37a80b46c99ccc288c2c

SHA1
cbe08e2bdb4835182f1f5942b8219231305b19c9

SHA256
e4fdaccd3cccbab4832a73fbb83be4e0ac38c375c4301e09e0376d55e02d541d

SHA512
b2f06d8c6709c4cb0d0f6596881a65a80f20e5b841bda02984190f7d875be8a81668b3936fd36732342ed6aa84b7efe0375bb04665e993d050931a509fd72406

Download Submit
C:\Config.Msi\e5a952f.rbs

Filesize
8KB

MD5
5d4ef1361241cce7a506a1f18fb1422d

SHA1
4f1465300164c61f4d42699a399291171a21fc96

SHA256
c577db97bec81f836b24f5d084ce70b5c90a384ca4019ffdb37bf4dca378da8c

SHA512
ad300516b2b0356941a0b89514faf958704cee684951ed50adfdbb81b72c4c0558285c1b2f5f363282d277d415334baac0e4d38621b13956d6ae9cbf04c900f9

Download Submit
C:\Config.Msi\e5a9530.rbf

Filesize
143KB

MD5
33b4c87f18b4c49114d7a8980241657a

SHA1
254c67b915e45ad8584434a4af5e06ca730baa3b

SHA256
587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662

SHA512
42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

Download Submit
C:\Config.Msi\e5a9531.rbf

Filesize
3B

MD5
21438ef4b9ad4fc266b6129a2f60de29

SHA1
5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

SHA256
13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

SHA512
37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

Download Submit
C:\Config.Msi\e5a9535.rbs

Filesize
93KB

MD5
0ce77f8ccd8babb067d832ef798c49ac

SHA1
f9f9d3dc5ff8b4f0a4311c2c4e771d263675052f

SHA256
aabac0d44b6a6dad104ffb31906e8818c04897147e46eae6d4d31b7cf598674e

SHA512
dadbd574d694db330a7deea53c6c20c15f5b292af1f0e22567c73370bf4dcde3d094a7b2f173a185dddc7b7b68dbad25739832719f2d6d72cabd2f04a1484b8f

Download Submit
C:\Config.Msi\e5a953a.rbs

Filesize
11KB

MD5
f0083a7c10b1beb036024e25a0e25278

SHA1
ed9f58276c375d4afdb5a5a7f40ebc48cf2b8bbd

SHA256
8d180fcfd5e8ede7450a6d793bfab5150d0c8271193a920b9135f1828b641c18

SHA512
4108ef280379504e8bc46aec9deaa065606d7dcaf80015f36013dd57a7b1cfad11539bc5a2ea742b621c4cecca6b325d5bfe22bb03e5188297c20eece9e3d165

Download Submit
C:\Config.Msi\e5a953f.rbs

Filesize
11KB

MD5
d99c4115e7f64afdb33e2f30b45d9022

SHA1
eea794bd18dce2c966d6e09b2955cf9fd124bd8c

SHA256
1b2c98d56059b87b09730181293f7376c3788168a6204427d0546724a230b6cb

SHA512
568fac62ce1c79a95d48868083dd1a3ed98c85d84912bf64358e53ad0d732f682a5505c5d0bfeac5cc1e5a8eaa1c06ca6a033740f56bcc57d5b8a4db7591a095

Download Submit
C:\Config.Msi\e5a9544.rbs

Filesize
11KB

MD5
bc6af66354e70c8a51f69a941545c818

SHA1
7f468856c363d933461d4558d407c26109a6b7f0

SHA256
a250674754e8b1bde38779365fa504595d09fc419ec59d6ee44b1ecf78ba3856

SHA512
4f74924b604b6388b2f25cca74a92dd6ee8e6bd5294c3106c417fd99303f1c0431f845b78ce654ff7deb238c63d99332a3c4e94922a1d13a12715dc6abcd5fa9

Download Submit
C:\Config.Msi\e5a9549.rbs

Filesize
35KB

MD5
6be3476559995fb7b7a9dc28e6804ccb

SHA1
2e772dbb1c33716bcd91f7bd2d01ea4209daf87c

SHA256
0e2dcec56ab92cb7ba4e03bc6cf120471f83b9b0c7201fe50d08c2f73b23d862

SHA512
c843f75f8a944689a17eae35e57ebbcfa458d3d95d2dd1486723ad7d4739fa88b26310739f96f5864dc9ca61f39f9309c955853e335d2b8e07f3ebfee7539a35

Download Submit
C:\Config.Msi\e5a954e.rbs

Filesize
87KB

MD5
9bf30f4322912d39adabfc5a3c077460

SHA1
7c2ce1918530add631dc672bb40af8956ca4b314

SHA256
8a2ee303de6c48da644b157cdb2efa2e228cb5c8f93726e5bacb5f177194a653

SHA512
02d4efb5f368e09a98eeeaeacd20c1c464c8eafd3cb4baa084dc3a0881de62ec2331052cf2e34b7804a14c853403ce95560f2e2a537c18f9df7dbd48b55aa2c4

Download Submit
C:\Config.Msi\e5a9553.rbs

Filesize
40KB

MD5
39d7ad99c6ac18df4ca1542384a71915

SHA1
f62628397a1ebb502473b78e15e3ae3898be8e3e

SHA256
0f4c443f43b9045bbc7aa47425a1028769d1bad25b95383ae817375e42be901f

SHA512
43bdf66e500feabff747d71c0a9338320c72ef1fa263d15bca5330730829848c4fcf008d3805f1dfe135a910c394208797298899e1c054d0e4f57c27ec4611f5

Download Submit
C:\Config.Msi\e5a9558.rbs

Filesize
93KB

MD5
ff60d39852c7e1cd1c61d93f4d93e23f

SHA1
db53038bc0eb2523f001a0fd641cd5773021fc78

SHA256
2d7737326ed1dcb78bbd04d70357469a4985d9bc2d74c3e68bd1da9d36abecb7

SHA512
a5276c447b0f6b1dccc2d67579ed18ce179bde8954c93a281593ac49f524d8020d42ad4b650592db33845ca1ba0aee209ac004182d873573526a91dd3f2567ce

Download Submit
C:\Config.Msi\e5a955d.rbs

Filesize
9KB

MD5
da8243844e66783f3dd9ef54db562a3e

SHA1
1455a9ae7949164f44aaf5d4d9164a39e4be94c7

SHA256
d6553e21ea6baef2331b91d98fc41facf5278b0f7b495d297ed0b3b298110780

SHA512
fd92ea0590bf8d2e1ce3b2eb49f3473bfd94fc05880fbe8514a065bff18186cd3b28f90c0c4a4da72207a4be95ad427220c1bd8370a665106d15afb19fcaff7c

Download Submit
C:\Config.Msi\e5a9562.rbs

Filesize
8KB

MD5
49e3d159c7d70990aa98fe436fe8d6ee

SHA1
b6786d5378458f69629e0133ced208c2243dbc01

SHA256
2253c4eb45503a0ea92745afcbecd292b782d2f03d0754f7373326776ca08adf

SHA512
e0cab21ed7d663f9dd85767b3cc4de233bc40b68aa40922a2c502d52894aa2beb890bc52b451da6c5a249b620da4026209551e29ee4596f195d36f78f2fae1a3

Download Submit
C:\Config.Msi\e5a9567.rbs

Filesize
8KB

MD5
325d0321e0d72f9b213fcc18fe436c88

SHA1
625643c4c801e5b193736ad43a3839236ed7f983

SHA256
85b950b8fa3f5f1bb7b81492932d29c0af7efe3af272c052ed2b5f64501141ee

SHA512
f6e92027e523a8f65671f36741c685d48d01bf457afb7bd942927d9f3b0ebd4e1fe87d6f749b591559cffddead524b0e84717bc062b75087bb7a131888b988f5

Download Submit
C:\Config.Msi\e5a956c.rbs

Filesize
9KB

MD5
604ac321e0d08bfca3a17f4ae19518b2

SHA1
4e46cdc271da851aa5952fc82f1ff65a58c06819

SHA256
faa490701fbd305ed8c808815bff46d4d72d40ce1280b0a1d6c0ac8ceb9c9b9b

SHA512
dd81a696850153c5104d9b90ddb4bbe7984679e2cd2b7c7f47dc3404fe828f6eb0dc18afea2369930afd3f954bddd91e92ff7eb3e9f7c47ae6940775b377c951

Download Submit
C:\Config.Msi\e5a9571.rbs

Filesize
8KB

MD5
a5b0c21709770deaa605e0b9645d6eff

SHA1
0349598138ce7e08c9bf9698f4f0234ec0871952

SHA256
67156a86200fda2da84a406abdac10454a6c5aa42c09e6b315bff67e8d32b987

SHA512
1192fe1f1665315710da16a0ba0849c08fbb0dd3350dc4ae376d1ebeb4080c2cb12df8e52eda282299880b17bc61b04940142087c51dee1e4298c28631516926

Download Submit
C:\Config.Msi\e5a9576.rbs

Filesize
8KB

MD5
ff4d5a0a7ceac6f96c4a70afa7dbc88a

SHA1
38907316aa196a7a86779b8f0ebeaf9ff25a5081

SHA256
ce3e2bdcee7eb3192c4c7d2a1c94aa8c650b061ad594518be3d79f69561830b8

SHA512
d4776603470493eb66310f57d91c4d01590ef38259fa4dd4c5f3a89323c13dcfb0166137a4c3fe5617c0f7abca9cd875a417a3cd1a7d097b4f5718102614d9a7

Download Submit
C:\Config.Msi\e5a957b.rbs

Filesize
8KB

MD5
28b3f2680e74884c519dc4d0fe280ecf

SHA1
30e81435b4ca031892e8467cb279cce60bd57ccc

SHA256
cc238a85155acc45a9c26b69e0f73b1adac52b3b007d79b88fa68be304742f8c

SHA512
7465d5820a7ef5ae5ac90bfcc298544824fcabf47d2fd0440a1ae23cced067053c29fef384df1889df376344075fcbe44d8898a9fde0d5d77d5316fa783c69de

Download Submit
C:\Config.Msi\e5a9580.rbs

Filesize
14KB

MD5
d6b801849ac649e17c40f5b03be3f980

SHA1
3479ee8bef490fd118b581c1ee94220e60c100f5

SHA256
72b2c7c58e47cfe1e00201da0bf0092ae8b6b7e88d2870c4cae2f0274666c626

SHA512
faa1d4b4c2af17ea9878f381e120ce460e8bab1c79fb3f475dfe79a844e9286bc00cbb1ffbd2b4fcd077b52fb90ecb4b628369fa1871fd57bff5513a41d005e1

Download Submit
C:\Config.Msi\e5a9585.rbs

Filesize
10KB

MD5
3a63ae22d0a1e5a97bff164bf8e8c43d

SHA1
82115e7fe8ac7020d0052bd8bfdd8acc33e46c90

SHA256
e91bd03aae77a4c4c94794af8f77e9fa517bd6dc477f87db04d7458a590c184c

SHA512
47dc9b6de5de3cf2e1e1dc8e51f1007fc676031f2c86acd226d0c971e6b432ceafb7c68070d55bd2aabb343111399da36726a82a706f087cb8f28a4dacbf603e

Download Submit
C:\Config.Msi\e5a958a.rbs

Filesize
10KB

MD5
025f33ed45c363f2436b56db2895c64c

SHA1
1cf4d97d625126ae68f33311bf8b2ee8f1ef16c8

SHA256
4dca00a31f6d9057fb13ec912f49c72dcb2479b031c9159e5499ef0a136f66a1

SHA512
b0fc8b8d6bf920d549a367380ef232b638c80ff1c0e537258352c4fa20ea0d59afe1d4e1671ded1e9d2d2fb6dafaddc0e9bdf6bd2b2d9ffbfa8e55eacf5629bf

Download Submit
C:\Config.Msi\e5a958f.rbs

Filesize
10KB

MD5
f60a78dc09757cea257d85b2470cdf9b

SHA1
a98b0e65b9aba5fbe8cb9ad9620a9da2fcf5a537

SHA256
f690c284d6c2b34d2bb521c1ae3975cba8695ef12122ebfce242b20fa531c1ea

SHA512
a37d25ca39f772536ce7e7b9a4fd50665a53b1493ea220cdb2a16aaa98fe0ba7d53eb66da8f81a1ba30ba508aec5ae4505e837aafb226262b258eb14c0ae3bb9

Download Submit
C:\Config.Msi\e5a9594.rbs

Filesize
13KB

MD5
53ee721e82dd92d2e3cadb412462810a

SHA1
2912974bccf6a73be6afeaae630274ff8a84ed62

SHA256
cf3eac3765ca0df5701b1e2518854ab9d28b92d279219748365e9d1d649b5f40

SHA512
c4602cb9e5b02967a889ebf42ec4ff7b347e9fa9bba38d5d6f6c3a3a307815d8bb4b5c82353bbfc41ce8a4442914804f5a6d1b3e9a5c7fd1d978cac0fcf17c97

Download Submit
C:\Config.Msi\e5a9599.rbs

Filesize
13KB

MD5
f47d605357588ea2e31d82f3dae88bf9

SHA1
1f5c6b44f44618230b46184974c494f660bf39e2

SHA256
fd21b2050dee5e093c77c024350788473930b8fe5f6a4f39a7edd322d310eb11

SHA512
436ec980bbd230cc5c0b8e6f8565b81db65d75d9e9542847817ebf1fe9c5f9404d980d05b109461d83291a7a8ac41cea6a0e7f41027288314a7538b600089e7b

Download Submit
C:\Config.Msi\e5a959e.rbs

Filesize
9KB

MD5
e74ae45deaedfb05698fbbe3287ec463

SHA1
d8869f0b809071eb31f9aea87ef1d7c0c49ddad4

SHA256
e5f9c2fc55cd1dcb660c334ed588984bdffeb99fae6ef5b86ce3da542ba42c2f

SHA512
a9c3380bf3a47dabfedac60ae59f1040e4e9caa8270993bf44720374dbe56ae2272950f4d4fd35d8a18a265fee86ac18b25fb60e3b780899561e8c09ad29e7cf

Download Submit
C:\Config.Msi\e5a95a3.rbs

Filesize
997KB

MD5
51549b2ebbef433f303fa7bdc68fbf28

SHA1
84d47f5081754a80881ddfafb45c5818804e8fd0

SHA256
aa75ebe4d8018983ab8863ad592c5d39fbf2ef60a198704e5580dec00fb6820d

SHA512
de29370187ebb1dcc84dade77fdc1b9201defed3ca6227e4bbd82beaecb0802859dd3dcd06ec035984a5bc0e23555356ae96865485313ef7114e869724db0dbe

Download Submit
C:\Config.Msi\e5a95a8.rbs

Filesize
41KB

MD5
ff97f656a2b62a3c88b556ea3817833d

SHA1
a423cff24bb8f330836d5613b87fa4a636c17b0c

SHA256
89a50bbd0f97b0abcd9d1d0b103e0a075338f3dff55bb16754876e2240337a11

SHA512
90250dccf9e4c9e63875994d074995c597f183ed07716d81d5666eb1ad111dfe316f18ed4e8076ca96c065b944a252f2add666679a6b266feef60e1087d39c12

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.86\Installer\setup.exe

Filesize
6.6MB

MD5
69221ee7ef83d7eb340857b5833eea14

SHA1
d7f27c64b62eefe2c204a323cc812fa56f58ce1e

SHA256
ad14d7268ee8a9c3c89e7cf62a8a9b713c9f37069fe85b3f8fe525dcda8cdfc9

SHA512
8df73f03d7438082b9e8793f5346a7385c91139d879703dd8c32acfdacb200c18231a5a9cedd7836c892ebb7a8888857c68653728b9027ca1f483a1751fbe2e3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3195.tmp\OfflineManifest.gup

Filesize
2KB

MD5
064e3b2428a864e7a0ab7224f5d67005

SHA1
d416cab2a79fbffa6ed2df3430033e846ed67a8c

SHA256
c50a31542bae9a63a6fe6cc2f00bdf80a27ce668cb965b89ddb61c6d093dd442

SHA512
ef37a205e4f1e169b6e68b6111dd12c51ff056c8dc02a7a7a6833961303369937a43adb45c130ef20c9fd082f594102744646a7db69eb13d8112f70619df2a74

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUDE55.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
182KB

MD5
d6092c49adbe6e336129589db40dd865

SHA1
f2727da0cd0fff082401adaf779c4ba8c961e3c7

SHA256
6474d531f1b8788451f9a0d9e421dfa236279466c09d783c3e6bdadf7306b909

SHA512
ff2a7ab954fec2c75e5e61bf752c23e127417eda22a332a40c0e0e7a44757645308c74f7852268eb7de1307907234421e0cf684bab2fea24e1e7a653e601bf1c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUDE55.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
215KB

MD5
d09470f63c3b544d68480425950c6954

SHA1
413c9b4059278aef05eb124028cda19329f9d5de

SHA256
16f4836dfd0647421e492b789928b5aa116f74b85ca91b46ba5873890d008334

SHA512
d47d74e1a80efc6ee775a664269c961f5514b15670d682e1c6e50771a55643b0a2e2b4945a36793a2fcde7d488370275a58ac5552f119e273bb6c84411f46938

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUDE55.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
262KB

MD5
db5cf5b7795b922a9f07561e7213ba01

SHA1
152552ce0f0bb080287b8a9b830577399a6814ee

SHA256
a8ce896d4e64a0246b1cfbba3d3f39a11350c017c7dc19e5bc4dabf0109fb0ef

SHA512
2a2df6ed810ce8fe30f1c42bec81ce8237609d8a490a8bceb31af22eaa6dbe17c39083b20c5100a0ee8b206632fc77854b3ecaac2a76de6ffda2d3d94c92a3e2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUDE55.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUDE55.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
ab3799e458126b774b1bc7a56e75fc5d

SHA1
fb929347c1f92654943a3a0b7611fcc978718ec2

SHA256
bdb3e5dbb6caa9fb77e23e1b5a363400402a6e88eed3e86e55bc9edae8b8bfad

SHA512
25cde70b3d51b1c1cfa7102a745d90ceb5d9c6324c2f9045b213dec000e79fe419744f07e6c87c77e84c0d374259d72cf52ffee26da864e0959d2f3d35f2c851

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE049.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
9da54f5a8726349124dbdca094448a11

SHA1
a80642cf316be9570494a4c74949024f5d59f042

SHA256
f04efee822f9b2baf2f9b4ea576b9908804b6990497b82c549a34ba54b1b4807

SHA512
d84a5ac786f8bd0eabe4b1c50c7cbac8828ed2e3eb9a064936b65f0cf07f30e7362d44bda1c95a6652708ebb94e139781acf9cf7c0bdc642620136c6d01e2d62

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE049.tmp\msedgeupdate.dll

Filesize
2.1MB

MD5
3f84ac83fa44fb5e069640648e1660e7

SHA1
d54e05bbef5f9abad7f6b506cd699a281305ee73

SHA256
17c62e9ed5bebdcce2ac0cb41a255c5f63f6544fb5ab148b6810617b854f6319

SHA512
3c23d6d616249c20759ea3cdf8221dbab0684c745aa362fdf1e505547fb651b08ee33acc3471af27e32bc66e7b1397eb56cded5650b5f43da52291569d48a813

Download Submit
C:\Program Files\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
ed2dbcee27648df84e19dd72e4ce5122

SHA1
7e071e6f09cffaef73778cecd0902fd65ead9024

SHA256
b11a3ab59e5ce2beaee630c296418ee80d81e68503e52f8311d4bedfe63a4dbf

SHA512
b3762fd478d6f3bdace4f877322150854468e071ab3dd9cc8ecef43c41392486d0baf2dda605f3d2e947b8e37a5af59abdc9810fa634355513524e61c4a82f62

Download Submit
C:\Program Files\MsEdgeCrashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
143KB

MD5
71026b098f8fb39c88b003df746d9fa0

SHA1
013ca259f551ad6f33db53fff0e121e74408e20e

SHA256
11058e8c2cd05f30dcf1775644bf19d2913c9a6d674c12f91d1896d95d9cc5c2

SHA512
9830be3444225a4b2f9fa4aedbc8af4f45fdb2548f0b6a2eba2a2a407ea3c7d8fd78c0e37fac66cafbdfad781ae78b076d225fd5c836a451f57a54053ccef9ad

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\Containers\containerize\fr\System.CommandLine.resources.dll

Filesize
19KB

MD5
aa8eeb801d74a4e562fd8c044e03fa8c

SHA1
8653841bd62dc74f605f608ed8f354dd692faaa2

SHA256
7ad12924769e5e85266ebd510fb4be141cf5092f0f8988345f80f5bacce0479b

SHA512
388ad6fcb298ad170e45f214ea4b1d1e5844efc1612800341a4b1b651ee3ca25b4bcdf541bf2f8f0975a1da50dbe8f60ff8651c100f8675b9e3ce924b0f08db3

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\Containers\containerize\ru\System.CommandLine.resources.dll

Filesize
19KB

MD5
7717b3eae55b3ec74f40699c1b9896c0

SHA1
1483166af6059633de2e20545bc3f3cb6f035304

SHA256
8a24f850a71065e93ae80d3a62903653e1aaff9ff478e05831f288761e4bcc02

SHA512
c988f566875ee73f0e568fb90df423424d9f3f237ebc8cda6b19e6b685ac778435a4fc654ce923a70090579216f6afb14a5663381c505ceaa919ebdda97b239b

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\Containers\tasks\net472\System.Numerics.Vectors.dll

Filesize
113KB

MD5
aaa2cbf14e06e9d3586d8a4ed455db33

SHA1
3d216458740ad5cb05bc5f7c3491cde44a1e5df0

SHA256
1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183

SHA512
0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\Containers\tasks\net472\System.Threading.Tasks.Extensions.dll

Filesize
25KB

MD5
e1e9d7d46e5cd9525c5927dc98d9ecc7

SHA1
2242627282f9e07e37b274ea36fac2d3cd9c9110

SHA256
4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6

SHA512
da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\Containers\tasks\net472\System.ValueTuple.dll

Filesize
24KB

MD5
23ee4302e85013a1eb4324c414d561d5

SHA1
d1664731719e85aad7a2273685d77feb0204ec98

SHA256
e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4

SHA512
6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\Containers\tasks\net8.0\ja\System.CommandLine.resources.dll

Filesize
19KB

MD5
5d26652b0f420ca6ba2bfa00b84eea38

SHA1
8dc1d2a7cb6b857344c120544f842fccdaa97e79

SHA256
654efb9ccd7c39ce7992616f8aad94e5855f01a3b1ad5dbf21710b1b6d24f00c

SHA512
5e066b399ce519202f2dc8299787ad47bd37467e85598489489bd5f0f49c424518ed6c4e89cb6ea44c038ceec9a5169aa0c1afcccb0de55ea805e1e0641a7419

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\Containers\tasks\net8.0\zh-Hant\System.CommandLine.resources.dll

Filesize
18KB

MD5
9101e8227a7ab83cafd27e4ec222ba10

SHA1
3a80807f7cd695bd9258eaaadf8b2d7dccefc125

SHA256
8508d85c0fcf1040b05d2a2f0c7e4f74ac476f9a46f414e05e8d47d565367e5e

SHA512
e017142f816299ea430a980db1b15298e4f45b4d8264b06160194061f7cb9c8cd3c9a1a8976eedee1f67d6a94b6a393583909c7c167e4407a5c47cb686f23412

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\DotnetTools\dotnet-format\cs\System.CommandLine.resources.dll

Filesize
18KB

MD5
2f679e46823cf54660405eda0dbf0842

SHA1
29fdcbd753e36022b6308425dad9323e5f3472fb

SHA256
6c9e8a37d656c8ee738cb0db392d49e908505a82175266e072a4552a7c98adcf

SHA512
f07fac0e45c87ea34fd1e9354fbdcaeb61f0a52b23cfd993def3c71f8c5d7249f861dc8c2dab427fb93e2bfbcd156d2f0518faffb91853e70530e2ad71e4cef5

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\DotnetTools\dotnet-format\ko\System.CommandLine.resources.dll

Filesize
19KB

MD5
ea1fc85ccabec5aa1ae22452afbafac1

SHA1
8ea9da27d9335f80c76867837688218b78311148

SHA256
f3d814678daa95c4609d723548edef7a76bb87423a4e78a20e48fded87089483

SHA512
42a8c0fd58cad8765712b0379a9ea8adaabaabfa2fb5e2760756e0cac80c30484da491065634aa406ec6fd2ffef0dcb386fa6378e191afb6fcb48a7845c8c479

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\DotnetTools\dotnet-format\pl\System.CommandLine.resources.dll

Filesize
18KB

MD5
3f14df8e4be6100673090c43eb3c3476

SHA1
61c1e35aeb6cb477077416f050c344fb18f5f87b

SHA256
09eafe24bde0110f526b49001d97673e533ffd9d361d9be9c4b511eac4dd1bc2

SHA512
7988759407514f6a6d3792ce58c582420eba75bb1871d8392f0f018f403557bc99d665c7655f913c9021d6ed777f7bb8b3d12a52ba5869abf48ea29e7c2d977c

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\DotnetTools\dotnet-format\pt-BR\System.CommandLine.resources.dll

Filesize
18KB

MD5
c7f0f7e0a7562225d7b60b88459bde92

SHA1
96c432044ecf7d346e09c6c46f5ca163396d97f8

SHA256
516e73295a8c886807ef125de6dfdcc3b783133603655c7a105b38a953ca3353

SHA512
05cd9ad86c824d498ab7e0be7656c233cb051b056dabefd9d037923f7d3a1bb967182f575dee89896c47912fca4a2227c56f8f26f0c2949ee18a38d7e041b999

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\DotnetTools\dotnet-watch\8.0.404-servicing.24521.39\tools\net8.0\any\BuildHost-net472\System.Buffers.dll

Filesize
20KB

MD5
ecdfe8ede869d2ccc6bf99981ea96400

SHA1
2f410a0396bc148ed533ad49b6415fb58dd4d641

SHA256
accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb

SHA512
5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\DotnetTools\dotnet-watch\8.0.404-servicing.24521.39\tools\net8.0\any\BuildHost-net472\System.Collections.Immutable.dll

Filesize
246KB

MD5
af7880a90c02c0115cd169c7182ab378

SHA1
6e3ccf50bb1d30805dce58ab6bdd63e0196669e6

SHA256
d5ec0837bb176abf13dcd52c658c4e84c5264f67065b9c19679b6643f7d21564

SHA512
5377f83cfb8b9892727ed22ba0b9b1a75b2d4750caa6da04f4eeb0f6f9c0f75949226b2ca00876ad1f4c9de02f8ffb1cbcdb3048fbe6d26a6119148282e818a1

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\DotnetTools\dotnet-watch\8.0.404-servicing.24521.39\tools\net8.0\any\es\System.CommandLine.resources.dll

Filesize
19KB

MD5
79e57433e70b5a0a300303dfc5d759b4

SHA1
cfe5862964f3b389cbac01e157e9ade0031e45ef

SHA256
b58c35c328c383e3461c3ea2f1f0c46e7a48446d863f2c2c63f42aa466e002b8

SHA512
8f2ee3b02c4bee0483ed702d283bd9e513917044bb77aa4412dd85de501a8a52c966510df948a9f5f36177407bd111633047686d727fe32de14599e17b229de4

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.Build.Tasks.Git\buildMultiTargeting\Microsoft.Build.Tasks.Git.targets

Filesize
297B

MD5
5725a6d47308db618d015c3e55dd499c

SHA1
9b3e1ac8d62d522505f57fee89a249ac33325edd

SHA256
61af182d230365161e831fc573eaa7a2c9ea413e01ca2c446e3aa623e3ee37a1

SHA512
ab4ff2bd624295eb15d22377bf1c1bdee135f24e534cc40e86cb569d7af846c990552bd4947b32c2bc74bd92e6ec42bc775e4954fd2142af89c2dcc75fe5f798

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.NET.Sdk.Razor\tasks\net472\System.Runtime.CompilerServices.Unsafe.dll

Filesize
17KB

MD5
c610e828b54001574d86dd2ed730e392

SHA1
180a7baafbc820a838bbaca434032d9d33cceebe

SHA256
37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf

SHA512
441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\Microsoft.Bcl.AsyncInterfaces.dll

Filesize
26KB

MD5
ff34978b62d5e0be84a895d9c30f99ae

SHA1
74dc07a8cccee0ca3bf5cf64320230ca1a37ad85

SHA256
80678203bd0203a6594f4e330b22543c0de5059382bb1c9334b7868b8f31b1bc

SHA512
7f207f2e3f9f371b465bca5402db0e5cec3cb842a1f943d3e3dcedc8e5d134f58c7c4df99303c24501c103494b4f16160f86db80893779ce41b287a23574ee28

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Text.Json.dll

Filesize
629KB

MD5
9032166f2163fad2bbda83028ad7bb41

SHA1
0c3445d27ef83a481c3203152cca77d1798c362f

SHA256
a6f537e0b2ba9b999840ce237ab4197a76b600daac1fe35149e32fc2759c4ab6

SHA512
deb4d6456e5acf938d331592054ff018665be029ea965aef6c7f9359482f5347bcd6aa9d7700592bdfbb38659e67665aed43f815a3b814a22031e1e2404e9146

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.NET.Sdk\tools\net472\System.Memory.dll

Filesize
138KB

MD5
f09441a1ee47fb3e6571a3a448e05baf

SHA1
3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde

SHA256
bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f

SHA512
0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.NET.Sdk\tools\net472\System.Text.Encodings.Web.dll

Filesize
77KB

MD5
fa9d0d182c63c49a4c567f7c1652b6e6

SHA1
55ddfbe80762c02f9a9c65809f9ec3ef8f7f2ccc

SHA256
e9c4f5eed186cb129c527c4b8d67d163ea2f2396e9d8b96e30b5e7c12203ce84

SHA512
58f468c982ab66930ff37efb5a941db116e8c1aed66ebc23720a7b18f71bebe1e929bea76680294edb25f430c23d520b8a87e3a22064c5993d0396819a21cbe7

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\Sdks\Microsoft.SourceLink.Common\buildMultiTargeting\Microsoft.SourceLink.Common.props

Filesize
295B

MD5
a5dcc9e5bf323d748b26652e11956905

SHA1
7f8c7a2523d1f4600e0f8bf347d10564cef36780

SHA256
2ddb662297ebfb51e70bc61ca7695dc62124a1edd342c82e87e6302cc03f016c

SHA512
79d324b12b375ccf888828fd64c303a669ab00657dbf6fe76bba522c7683b7aff8b0c216905fed00284ddf8841fabcf8e2bb64b6849956572d11bbbc8e1540ae

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\TestHostNetFramework\testhost.net472.exe.config

Filesize
4KB

MD5
a22cdd3374234d3a50c2ace2dc33a63f

SHA1
d71bb2417cb805c3da21ebcc0e1ae5a102823c9b

SHA256
b60b80763571c22739c4a688a46ee12c65bb66d1e9ac7d0933c2e4222e618874

SHA512
71d27f36a5b03c6b470f720196d3d67706f47f3b1d4f88f55960676b3a5024c9ceb1228e7dd6173d24270af556c0d3898fb5395e3823801691deac8ea6026d61

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\de\System.CommandLine.resources.dll

Filesize
18KB

MD5
e771e643a2f47b5d527aa4dd1e857aed

SHA1
ddb6ebbdc354122989c67ed9cc2555da640b16e5

SHA256
8c4a1a6e84875ae583fc032a723e934f0d8805d452b43a81b4eec624b5ea7e15

SHA512
14d17e82464fb813ff044b4e5dad1a429f0fd8fc5973ba2bcdb50edbef7e129048133d99b5c50f86a3f82d33b9faddbbeafff222d92b80e31ff963345c4b29e9

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\dotnet.runtimeconfig.json

Filesize
341B

MD5
cb4c7ae4414250eef2c130cbcbe70c40

SHA1
9d9d36710b0f51c13734877499da1869dbb7b0c7

SHA256
20460cd02cd102faf9567057a074ed4772b7b83449de9f24ec742193e6e3cc16

SHA512
fa735c949b60eb48b6850145dd1dcde8e9f979f08ca7725983e4453ae9952995a924c40c0a652287c11bd2ac419fa69bf64ca6564a5ae9edba42e7466ccc851d

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\it\System.CommandLine.resources.dll

Filesize
19KB

MD5
4e92ced559ff6f26d238fc5393dab39f

SHA1
400983302371c5a7ba38e3dba8fbc4c5f8192018

SHA256
37ab1ac8eafeb21cdca5418d01ee65671dacad3fe206f13e8ddb5b199e5ee471

SHA512
0c77f4392b804a0f47e6c535ac7497182cd4a47e19d1d437d15d73ccfc03bb8febe45ae01965eb9e70a77059ed271bcad210f5495998c75b4ec46c1858fc14c3

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\tr\System.CommandLine.resources.dll

Filesize
18KB

MD5
c9c8df325a05d227bc32a5d854713c4a

SHA1
cf9ea69ccebd1ef0bd46beff01254a02c5fb0131

SHA256
7a2ada59d84ae17791ca23ff010f1251d98a72df15d1c7355274557349c124bf

SHA512
fc38b3d241bb8315202d2b40821d9a8ca4075ad7ccffe60a97268805e9cb00e83e6136d872f248661843753415b6eee22858a7de829cf60affc4c89c3793dd97

Download Submit
C:\Program Files\dotnet\sdk\8.0.404\zh-Hans\System.CommandLine.resources.dll

Filesize
18KB

MD5
c182eebde556be386ca5b656974993fa

SHA1
864aab5c6e71bc3537612c2541e7737d02e6f4c0

SHA256
d8682c24396dd5093f4e4bee6cc021148ed2558039b2682bebb60dbb95db56cd

SHA512
3613cf324c708564185f021404215202dc2fd5340890db115bd906716a9ce74900aba954c68ab13900c79bbe869b916739157e426a0196c1843426beb9d4ef52

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
98KB

MD5
a0976ab71a22e7ccf9fd2d8fcfefcf75

SHA1
fb4b9b9b828f5936c59377f4dcaf275115e4cd11

SHA256
ae405a1c9ea5b633c7856237d47db720820b78fc816bf4395d50a52b905b20ed

SHA512
99ea60bad3c56a99e74ff00a2dba1da8cf1cf816fd9c8e8a8b6112d9aebe2d727fd39f0da16e121e7a4ef830c397a66c14009d3b809ea753cb5224c6ce825a1d

Download Submit
C:\Users\Admin\.dotnet\TelemetryStorageService\20241208042747_e3db0ebe641442e796a8922f478a0d3a.trn

Filesize
1KB

MD5
636871b8481680d4c968d3a067b82fd7

SHA1
6d91d67b9f444a22fa61e809bb4d18b889fa0a9c

SHA256
74dfcbdc67d13573049c452428b53279977bcce32a2eae0e97d7da260c49990a

SHA512
7609b9d39ce25cda3dcae46e55f9cd766529a66176ce0348d19f564487750e297e801bc64eda010844b4ea7f4a51e52e2af6d0649496bd882249dcd9f3d771b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c71f9d7c6eaaab1a47a564aed5a5dd5f

SHA1
f17be92c01338038404d2beef7fac8eb51ac001c

SHA256
b1cfd6e694111bf76c73dab138e4a09132ab98cb393e202ff68992cb7c231656

SHA512
29e5b5a91b1d9389cff2a6f26c53e70427e5fd872c5b71c6397894d0ab6c0bf45ed5c01a6e56737859d782be6faeae5c8ae5bf7d2eed17129d7c99d1ea8ec040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
32c99148654737ef4078a71727ad0631

SHA1
9cbe1400ef4a891bf1f7a9a9619d71792258885f

SHA256
e4a6f5a4d265ac09d2430637e7b0a50c8d65490d9f58f96d932eb9a894f81ea7

SHA512
59f81018dc8429c627cd050ee332e6ce3e4f302c355250d9f67c2298c8871ec5efa0743ab8e5f7e64cfcb1bf2727a73f3b6162c4c7b22c45490f1612d97bc6f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e91ba97968256fbfc73ff5c7b31f040a

SHA1
6f2a58021c298c779748918d3d74c18e30d048ce

SHA256
760a92feefac4697972f45b126463116a02fa9f7190edd9353206febcdd79cd4

SHA512
04a7c87551910c39fa9c3214c0673edfa3a93004f6e1c697080505e5b566637ab6d079523c724640b2e3b61dc787577aa600dc9b1f5d2ae67176fec1b18ce73e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5b2fdbe4cf206566f39a6dd83212082b

SHA1
84acb13949d70910b950fd509b610064203c8e20

SHA256
4e38ace357b3354be89f4dfd67b3994321621a950c14c8ab490897fb92783e29

SHA512
ae4ad1964ef760897c0e1a24f01ce6cf6670e01050b0f16b9ef1b5ec52cf11b83ee9cbabe45f36593be5795ad599168db2b9aaa8c952ad603eb33544810f966e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\ec6315c5-bbf7-42e2-979c-e343cd0dc0c1.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8ecb273034c48e962f2595362895c065

SHA1
31a8c265b3982cb1326393ae62dfe765580a9f91

SHA256
0f16d83032d2eb8a8cd749691a494d6c665e8794e4ac62a58042b292e8025a9e

SHA512
e66a7c085eff6a6672382c45d740b1c533aa275991bdfbf2a7a53d2e1f91d239dc7a7f4f4f929f86460c18ace6fc40ffdecc11e0105684449764dc8e4ddb6349

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e230cfd5796e3e691cd7636efd29f82

SHA1
37c63b3385c88581496c57746b93e1280eb3af9f

SHA256
6db66ecb30b51e79f0eecfd16f79a4859710c73f4752866a2b30934c0950d94a

SHA512
c9686b597821f474b857296debdf1db4fa26fb09b89c1f79ec03a93302258c845e5bd4f4175db5f8235e2ef1ecb9ab112ebe9f3a193571e8f1607db731a5184e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
13076573f7721909167cea4afe143394

SHA1
2c5d8de79a69ecd82a25a386a9dcdb7150c01820

SHA256
91d08e08fdc4f80e3f6f8e341012f37d616b1f548f19713ae0023fa36b676baf

SHA512
8230ae6507de29328b9f1493aa5ee91aedaf10a15f3cabf13c7ec85783f067512fe306ec35a85eca46bea22bfc82771e2fe567111bdb61401a05df8e9be6d09f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc2762b685edc0f02b7360ddc1f239dd

SHA1
cd8663642ad168d54993145eb184c9432dc53049

SHA256
a348e94da5d180b6e7514dc64c08921fa623852c1d16d9f10b9dfe2c8ef38aff

SHA512
e63d97ed61b5cab2d6a52ec770a47f1fb81e6651038d8f57a807aa6629013e3697cb7fdaedfc18c73bde2cf80980011896cb177147d7be5a953fe9d0f00989a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
86501a51305e9b249947c15389e94949

SHA1
4e3a7757f3875eb5cdf02ab490261a9a6f78ce2f

SHA256
8576e0e61dc10c59d15683659b6c7e1209e627689893e6af5fb066b0d084c60d

SHA512
c7e796e7d2874a661e8d39a91880e8ce6b8d85d33509bdfcb18a60b7908789ff1266e125e2b597400435364eec62f60051c400b5f7282d8287b7cb211a414c6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b7b25ce648fd4500c33a5cbe1e99aab4

SHA1
49ceb1dd0236bb524be26d776f4ef1b9de1889cf

SHA256
052981b49ab4f93e7499833386291d495fc175e6011fe01f9f7b119d1e65199d

SHA512
7566e1b39ba082a780c3767429d568b18b7e508cd6476412ac2389f1522a55c58bd11f7438b43f19d4e2e129c241e9e28b266a7b0a304455a06156d4a680c081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1bddc7cda367b9718f9bc1b4f85ffdef

SHA1
a0bba63dcd0ef8951d2fda873878234df3b19676

SHA256
684cba4eb659c111d32f4c546e6406520b42a51fc0ddb71fac2758102a806d19

SHA512
e53528ee4f88938da3085903de5c0c333005ede5a9d27233bab2882d6d029c5c41ce1e51191dde9021a46e4970addca07e6c2deff29a34c76e3a6b10cf36893e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e9c92521f34eff246d6efdc772ea4022

SHA1
7668d3b4024015dc73dbabd024e895a349582c5c

SHA256
cc12772b16cdbc71d35874bbde7003ffea6228a339efd189727a90692a4a54b3

SHA512
ecf07544580b104af1d0251a4ff2f0d9e9c50d08adc4af2a395042ec7c8ceaf05a56cca3a391a2b870826fcf21c1101e56457112b404dccca05f192b9725def7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c3faf458591139811a193f0be58a012c

SHA1
0fabe9f8d174888fc89dcec59fab9fc56378a865

SHA256
fe9825b6ec99ec7249eee68a37295690c97e3b6556c775701831fad85cdcf903

SHA512
4c3ed84febc03e1af8c661e8e6a5df055a3e1e489b1e9a20ceec506306349e802dd1cd9ca0aeecb610d3344aa38c188ef62f70cb07f2ed21addfefa149781605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bdf6b0963d1a0f489c359ea6f46b0c1b

SHA1
bf9cf951e63f994a90cff3b6be5cf4d8ebb72fda

SHA256
a160882f7d221a662e147bab8bb68c11faff173e00b412959805b661cbec371c

SHA512
e3f5c3cc10ca7d1e584c2d0a8a954950147f6f59656f688e8a47175e8742017f6cff4c30e797b3a7eff38b8f5869af068751c74d82fd7e9c537b24981aade0a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
567277159862bad7dcdc6cc94f1494b7

SHA1
16895f1693075f133385e18131f8152cb8d6dfa1

SHA256
10cb37339adc2d71f69be92a54c08128a875ea19172c34554d176c0d8c698eee

SHA512
9fc91723432aac50365d03021259ceaa2ea2a88dfae0a98b69e0b4cc98a7432345d6d024bb329fc3b3d98e3b224ce22b998f49d786c2a999636337bfbf76a142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
74be0f51850c93d0f9a2081a61c3c18c

SHA1
d2fa99e7d9efacaa60cd27fdfe1e4a1df386ecb3

SHA256
ae027963434d7cba0cbee40fd89acce5274e15a19132ca95036c00b60b6e9d6c

SHA512
c434fca3bf45dad393d37c7871b7999952843188de03b82fec9d82465b983e418e4fb5b6749da064cba67a90964f638cfd9db72e65ef2a17bbb321e4c9b74c06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75d93c75ef6ad2830069b195f44b2203

SHA1
f560d503283ba4c7ff8e8f185d0542339347c216

SHA256
194e3e8752eeee8938cb9b69b409d7821f8e10b0fa7de8f8930cef477de44924

SHA512
02d71eb6951086ff7e86731ffa522729bf9391f3438186b0c227bdcc3363f7188d4f80d46497541c322da5afdcd4d9ffd04047f65e0a0bbf7ed9dac12dba3486

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
22c5a8e7cd6c5721eaa2767864c5adaf

SHA1
eb0a743940d2cd36c59e32561a108d8e8ae29148

SHA256
063063fec48d3feabef01b586d01d085fa5a47f19f7beadfb6460ed0cbc38d87

SHA512
257e2ebcc25ff5729b9dfc549fb2c793bde0d0bdcc5f1f842e51dd0139f9bbbd3bdd3a059bff579f610fada6b66f9b906d412895e61b302d18c2780bea84913b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cbe71207148452a696c6d36e62fdfba3

SHA1
fbac0c32ca94df54b86fffbaca7ce94444fa71db

SHA256
bddcc69679ff059875b731340832b8764afcf17312e4a454252bb808913c13de

SHA512
4a52a0f7facd61add81ec92f88d273f01ceb8b72fd13d0169c657109de9cbfef7a71ff4ec30519a91e45b004e736a09a5405f136b86759ce096c3f700708a074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cebb92e36fec000e695dcaf85e71bc88

SHA1
96c023b2e08b5649c2be622f6109ac3a9ea685d8

SHA256
e14cab0bcba57405bf5f30826cf91ee0dbc71226a7731d3ff06a7c00bc87e8dd

SHA512
7e7046a85414afbe07372be8ab0552416bc6ed3284d0e13fe1b41b776d460a345b9fdf244801aab4f73b7250b0dc85ee91f0a965e24484d149d4f07e8da297fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f7ec00ddead2a83a6b1453a22af66faa

SHA1
1d47d289593ac348ae4b4fa6aaf4992fed82a547

SHA256
301d05a9a18b52d92083a39c901b60bd127409fe63805b6a6033eb2b8c23d775

SHA512
21fed55ade132df61dac865b322e00249810f75f3d90837409b5741dea6f6a559538dde78e2a1b4280e2e94b11ced549f33b7bbecde79f7153363e244d8eb1b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb1e516cf162d83bd0b164ee900acd02

SHA1
9218158a718b77a62ff4abfc6190301325410fd0

SHA256
7679498dca2fc0b64f36e800a9510c1c370e8906399c5603eb10e39bd01f384f

SHA512
79fe0109bb0ca95070422d6d1770a6169716d0f137453a4b8cfbff5392422097b2c254b251a1dd0b0698cd19c9e98630949e7f0d0a6d86e676dfe5d7bab5242e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ac60c6933bb4232a9e53afeb2b35ae23

SHA1
7557789f3cd2d5c65ea71c2967d16d157983d435

SHA256
10ee325e5f4faa7a7a2e970bdb41d04dda87dde127019cbf3e323fdce24f7401

SHA512
b05c6a403d21a9a1d3f35eb9137d35b033927af29be6663bcfdedbdffdf93aad1641350e5849c7f9422c945795416027b18e1a355ad387e5a00d7c4f5b837529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4ad7038c1fc27f3a47d9aceccd3d3bc2

SHA1
0ebbd70f95c9f56f3d77613fcc00e30f757e0310

SHA256
c1154a4c8fe336b0e5737e7dde7abe58e8cf08656562b46a199546c39d8fe511

SHA512
63bf061f0a7053ae93860cd908f6b0a30e46857e4c52b8fc161affcf3eae00276e851d6bc7026c4f97f2e44e8b978501ea13754a0a7268c0b7f481a3df38df16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
581808f873b8e5e8e5c49fc28c63b7b3

SHA1
ef7c975b0b023ec7d4420c5789994a9becac39b2

SHA256
5acad3b6a72eef9e36c06d96d707c58dd703a591e9ad1cabcfcf9293486bfa14

SHA512
59cc248660caaef4ec6cbea06ba36f3275a687c63a088c045f70f4f011b59385e85310780f6e3d5383f022372c222e0b0ecee17ddc2eb2ceca07c1605378455c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ff78a28276e0db997a537ed6ff51e517

SHA1
08fd9422b2b7c1887387120c76097d0eb6009307

SHA256
7ea2691a14962b7ce0c69df9b22b469a393ca6a96a0bcc18c4e8b5c3444bcf84

SHA512
364d1d17a5cf2f645ebb3c3c85e24759105e2f48d1d7b9cf327cf6d0255bc88b858ec50153c9c9abff06806864051d2f1d21a68281406142af62bb3c32b1090c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
30247e74cdf307b5cb87066b17e46963

SHA1
2d4510345e50e55fc8a5fdbd86c9f5ac22255ba2

SHA256
0acae0d9292ba94772b612a87ac27e8f075ddf9fdcd1e8d88154cb8d4c80c551

SHA512
bd631a0f63a9434179e8098203f2a94c05cb504820d60eb84ba30c78c6701cb1a3f1bd3fc45a023c1c566a4405eadb40d4221f766ffbc8245cf033dda3e40e41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
8429f5050c21ec3c40c587eae25321a8

SHA1
077eaeb540ed952e0d832f0317987bbb21699efe

SHA256
185f8a6484ea540e5107fa244a081c3fb58df315a30229a50c32d11be5b7aef7

SHA512
e0919ab292fa463ef0bdc2234d2ee348d0c445dfbbbb52639818f258e0e1faadfd7b54232098754dbeb473cf63d3b329bf69cdd41630860c18cac8fe91450891

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
eba237c0166eb9ac9989ffbacef5d51a

SHA1
367e6c5f27c890ad84edbc973024f1909609c344

SHA256
c2dc59526c6a8d5bcabef4e912efaf270fc03486d400eeb6d69818a56a98155a

SHA512
0d7a74ff21986d77a9b662282b8dc7c43e06feb3fe7e6cb5619d63efc169b7b43054c5921057aef4121776d21f2d992b4a9b517459145a1bc294b39635780a93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
74d75945aed1c6f3a3ecf9ef23a30acc

SHA1
7d49a615f48589f735b7dc003e83adabe7331fa2

SHA256
91ff472b5efa0b6dea52621534a58a90e7f6de9234c81658f939da89263c1da6

SHA512
98ec24fef768c385fdeb518beb0430510553de5d4e41dda8c7f737e44f9cb072caff867a2f6f4ac0b11303145e2de77e86891ef89ce40544e57c1d8f44b3aee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bcbbf4e2fef25fee65008a76505d3087

SHA1
812c0f76f881ece87084ba8089d2af7932a6c119

SHA256
5f89e2800bd39c0b0f7d5472c194c8498beb6021231b94cf26a4bb46ac6e9074

SHA512
f228845a5670f4802fb405a6e0897664027c19ed7d7abac247ab6eccd8d53a91a23d5effe035fc093e497b2aee61f76152025c74343725f7af30ffe9971c403b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
67KB

MD5
27d9344de055e50044e074ec3b54231d

SHA1
d07ff356acb90c9d4fa1c1e3e48188b1a2eeaf8d

SHA256
d5c1eb2d4d0a13aa42ee68f03218ae01f420003f64f572b77cbff7d61edff388

SHA512
ad045b2f4e6d58e43de1e26a1d5c0a46d912b65caed68ac4bc07f0c26223c5a9927a74ccc8956e074ee74db6e7b05415f3baa3634a714f3048278982bcddf26a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f22b4cabe25cee64c6ae9a329bccb265

SHA1
8b0a257fb9672b590e97ce0733fb70f9d47c7f36

SHA256
a4c70daad01d1edb6324d844e16102eff83134d75b3ff06d12024737bb55ff69

SHA512
90f077c40ad4601582987f4c97805064d8c52a2e7cb2cb64b6e54b93400a68aadc29bc9d686889b39dbf7d5ae1f2c40cb7a4e4af5fa1c91bee535b5f07e418a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0bd837f8e89ce3f062bb6c278c1e5fcc

SHA1
92cada9d276cbb5c55abccf5e7b55ae5c4bd4a4d

SHA256
7bc156e178221b73046d188e5d4d5a28512b6b6ee581db14e5ef1582e47e067a

SHA512
cdf749aac849347590eee4fed672fc516af9ef97f0d22f824293bf73be91c41bb9c53fb7548e4dba9c7c43b31fefccd7018d33717dd800e715e62b09878aa8ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f705114d4ce5c908bd1fcb2232745ccb

SHA1
b54d35b7669ea15a3b185943cc9893ad779900e9

SHA256
0cc11dbcf4bc142e49d03f7e3a34c5d0d33bdde29cb6ea6fbabacacb754d0087

SHA512
770fa41112fa0de8be580aaef47d2e55297a1df9fb42a2421bb249ead1d200a7a152a9326503516d11b554244e263ab3b738b86c5b76d7ecf3470239ea59c8bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b3b439551e1ce0eb22bfa8b3c589695d

SHA1
5eeae1793b4ff9b65482922f4ab746ea759b1bce

SHA256
5b6db506b56181c3bdc36809f931ee07e2dd4ec8fd9d12103e49fe18561d8df3

SHA512
c3eb9caaa569b8e0dce5f06154dd44d97a6219668bd0b0851bbb8a5c97e334752002d1a48319ae23526f30f17b11064d54db3549d4a5268d918106569ea6caa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b918a6e90d257fa08260ae66fa852497

SHA1
8e18b1dfe4a1ae33c2a8076e2bbc6bfd09877d40

SHA256
d982503549212b7e09b95288d1320c4510f564eee632cc91d38c94f2e736fea0

SHA512
9b959984f81d7e2721299606bef93bae54828ff33e6c611aaf2588b05d4b2b481512bda3a950370a7f91b8fdd97c8a2ddcc27712695fb43598fe0a84188d77d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d85d2a69470717b3041316b10321122a

SHA1
07f6bd8e7bb469ddff87c5dff0c33c328fb02d8d

SHA256
5250146193d75fe996fb82082f236113bfb9f513d7cb2727a2829690150e9e15

SHA512
1383c8d6cb66f04fcd55eb0dd99f1ae3c1a836afaea0599e6a3081eb27f6e00539a492b8b8380792bbd4d02e566c778d56f9af7a7bedb28a4ba77a950d7cddc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f8298d97e6a46728f556167da520df33

SHA1
3df9a57ea1726cc1fb7bd281c3428999f27800b0

SHA256
f230a073a2d5e6b6f3edb9e778ab25081c3586d4d61f2f230ef5cad72f781119

SHA512
d877607ed3bfb3f6aa374da217d08ef1770fe4f6a4ac103aeceece9fbaeccc6265603479799209e9ef5ff2e5f5b130c733b6b790b1d93c5489c6337a040d03b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6d4cc42cf3b25d34f5fa99f204068314

SHA1
98f60ea115d23c57e2f4d8fb341444819db0c4a8

SHA256
874494ace89afd7fd1147f316dc06bef48fc50a46be8bb0874c35519969b8063

SHA512
3c90d4207cc95c66a2ac9f0e679466b1e9be8082f02f17dbbac682ae75c69c2bbed072917f8b3d83ab848c90849a348d404aeffbe5d759679eb516f455fed033

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
65c5080c7adf401224d4cbd81decd88f

SHA1
c8c62b72c541e83998e1a83a14c892204917c199

SHA256
7208eaa853d1fd05d3e4e79f74415b34ed4df100a3873dbe18a1b46cc4e665fb

SHA512
5cb2755acbd4ab8519f88111a9ac00abfb6fe66f5986b537b97aef9a1ff121812818c6974c4b54a7c694e8ef30a74fbd20fe44223fabcc1e437346c9ee2c3970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b2ff7f2e43779470791ea45218b67464

SHA1
340140fb030d22e3b913ada27584b5fcd626edad

SHA256
682adcb4bebf863b43ba3259299563b364d1ccacc3e4facac8f9f84764830d0e

SHA512
f6d1a3397ac10ea8f6bf606214024789fc76f5c35a9f7c791681fbce15fa98f14b6cf8407ed32b4704d8497432d301ae52b847a90921d8bb9f56eb9044c1c71b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f7f53c61496405be7616563bccf8cbdb

SHA1
55d057e33bd31c51019467c708019da621e3796a

SHA256
dc500728178f1b35e49b366d08bd9394fdd9cca29ccd98179f2d96e2487903f6

SHA512
98a53165415d3a9aca1749a3d609c469e0504121636f012967024f0eeecf5ff92ead023482a3b010511c13916134c70024c433277296bf74fd0ea9c4bf5e5aa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5b19da11744555411079144c005f10da

SHA1
bf583ee06da7d08b7e62d5f9269b9113f03e3569

SHA256
18bbdda46ce1abefe399e819924b27126373a194ec91007179386439612f6af1

SHA512
2e01553f251e10eee8ea62f0852b245343fe9f646725e34bbd5b5c75c54ba03c1ca17b467f14d44d323c3ed2e320b5165765f634366c51b3763c3f6ec501742e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
48b38b5acb7972e36e98a525192adb74

SHA1
30795ffa7042b9eb149bd7c52d7eb5a9605199d0

SHA256
76acc6b02baacd6db1ba53d1a718c6bca398f4a67056d8d39e5fafdcc09263c4

SHA512
740de3087c8a64cc59d488b9be191087366999b805b513a8c6338638d63ab8e4ab7fd1e68550a8a0cc5e8b965f115bd6f4915144b0912a6e98da7155820551bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
246b5fd4dc0efb5a5cba2511b9974d34

SHA1
25c4d930637a33d2f1cb39988985e07ac83992fe

SHA256
9d22ee81d649c76ec4d905e3b5161f72c8768c19d7b8fe449419dd0b0e4525ac

SHA512
2b1e5d23cf110c977b1faf7c37c278fa33155171a6ac6dc6b5ff324a4e363c309385807c8d674a22d4664265246f5e51d953112150075828a24910b836d9aaa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6da4b4f75c8206af85b18c60fcd6afd

SHA1
4f636a0c2625bbaa51b6a50724e3198f9b9abb34

SHA256
144e99df2f3fd4613e751376db9f2aef1a454d40ac40bae52dd3a252db0f76be

SHA512
3a197c0c0bbaafb28ee684703410ee9069e27a9cf3f574a7033d47be4e05497e49828874613e99eb97c86bf9e9741a7987c1ca0ca6a6f687638f65dfaae9e1c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
42103a439afbf48f4e7961ceb0033cc0

SHA1
b5869e12a427f1b3e3127cd6770452e715146890

SHA256
7496f31e10de8ccaf7a6bdb1b2d209dbafe7c521fb8d712316a2808a2bee2b39

SHA512
2fabdf639d777e0f8d223380a79aab6f1d0554f4da71c3d242f7b1ef26871d6b6e20524ead5e251850e3acf9b8edc8710467da5ac9806f21034c38a273c55b16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
74d29a8cfca90f231bc9ee4d6204dd05

SHA1
bbc6f2534da3142d2204def9e1193bcf9d510312

SHA256
90ff75bb78cd82a7ba3346df772ac3255f046272e885235a924c0c4156862b08

SHA512
431bfa408b45516555d8587d76eb9e94d5a7b1be05ad0502c25244e949d46dceadb01141d822c04bc9d11743ce1eacf725edb431b80444995950e2bd6c71054a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
592c235f5a9da3dd5c372505d77aefa8

SHA1
e9527f4893ef304441bb052124b6dabfbca47282

SHA256
fb342c3a47a6d307c6f1aa2d4b79c6b802e3981df668255b477bda1c5a6ca1e1

SHA512
6388eda73f59220caa7fa8e1e46488ad4621f66dc4b49454c092e6dfa31a43a2bb3eb3ae43376ab69286ecca13f1c65f8bc98fca2d5d2ff980a05e828d721638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
aaf97d4da69da949ad230056532de63a

SHA1
82877c8139b0f81fcea1c963bcb0c9b6f816b6db

SHA256
f76929229d2444da3f124236b47087677ae0e5f683b83ff4d700cd3ad4ffb26f

SHA512
95a4dee1abbb2be8857d49928b2ea55572da1b0154107c14dbc776b1ecc6634e2669137310aa7dd1e85f728fed4c5f0089f32f324968b3442636f4212402c956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2564c761029f0ad72b087fcc8557fb78

SHA1
7005d2cbd3564c7b93210f442be3a957fed64354

SHA256
935b3c1d3ff40011507814e70b229dc9e8e0a08fe94db47c6d65937a23077592

SHA512
78f3566dcdedbeeedaf28a0d8367182e198e77517202fff43581db7678c051594eeefdd3d59880cb54355dd6351fa1d4bdfad3af5f1112943c71e633679d8185

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7b62fb58ace60294cb1a7db1f64774c2

SHA1
7352dd4eb74c2f9b18682540613ed83878174733

SHA256
417c683c43400f6b57a6642b5f3bc6e7db4a6a167db20215162795fb0749a76a

SHA512
8a37248335a8906fba51ff930be48538c1a5642ea2e3272f75b08cbedcda8620fb452d431d6964b076359d600fc87e30fd1d90c2599dface205d4e07371ab0cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
571f91e587ec53263f11b4eff32175d5

SHA1
779986b834649375ecc8974d3ff2604f6f43f336

SHA256
cbe3515d4e2b10fbd480f52b8877b11310ffda4ea25195d160c2aba30df303e9

SHA512
8851b091362849663da8a590466528b412f8c57dce254481f6bad7abef9b8cd237376e97e29fca4ceb895d99aed6994e71265633d799f704510ecff6dd0cfc7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
075adb19e1829b3323e9396666542d39

SHA1
faee9de45724bdf28ca123de7a597f9f2f72fee3

SHA256
ed92a246ad6171fd0f537915c5a20ee706ece0e3f07c169f5fb4c7524f80154c

SHA512
9a5eced315bac6a9357b8b318600d94fa5235bfae987602f74cb67e80aeebe4c448c1210703f8ecbe75b1409d3ca4414f18fbe94d0a3c7396c59eb203e80f84c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
47ba52662292394efe8d3b5284922744

SHA1
076d7e58b27c39dda236b7951d8a9162e1a60449

SHA256
583a6c44caaa81842784d69445f5be459ad58f62961d5589b3ed0db19dfd3c62

SHA512
11b8f207ab606eb8a61a3ac17739e028085f9bf6efd5bd63a8c4e0084c55dca401b5f64835f3aac3ccd053f06083eeb1f6df155a312f9bfb709080d49a4fe67f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a1c904ec587c38f93178f5df6164cd30

SHA1
ba660f6b82cd2cb891fd1e8179a9f3a9d0b03fc7

SHA256
2558002562458cb3921a68b07044a228c75098fe4f66b303327322ed723faf51

SHA512
9b510db00912dd70a6c59ed1346ba9c4a4cfaaecd1b3e6edce1389d12fe9a94e5e3fd44fb412a07274487f94ee61dd8b6ce7056b38a9329375b24bcdd47cdfe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c5e76228b4bff195b4b2213dd0c2e256

SHA1
847c2d84db39b2c15dcf55a1bc5b5ee994b1fa0b

SHA256
54269c9f92d227bf9f9ecd1b7ff6faa5ad505880596e84826f18300277b43780

SHA512
050d294e60e0d18cecd86a6f5ae620541c85ff29a60a8a453c0bac354926db838df66e43fb7a705d1c05281ba0872f42ea64623725c2de75421ff4d353926022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e351f8f8060027f2b02b69d9ee60e23a

SHA1
2c63343762ed64a1f1f50924cfaf6e276c41f736

SHA256
c19c7265ac442e586b578b7ff022965bbf8da1fdbe7c840e286a59fd04d66278

SHA512
7f36257ea3b14d1c4f24b95c6fc394ff4c9c7e53f30d62910d081d0db43db6c408a03bba42e0077189b31b3c19d0133c8487057b653011ba66fd46b948b2570a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5884ac.TMP

Filesize
1KB

MD5
49496530cfda4b7feae0455b505f61d1

SHA1
e3f06ebff634081f3d04d3cc83ebe491e2233832

SHA256
931c7d74adb821c30196892c3730bc8e8a3637a15c0a8706e4cfdc4cb5a4e6b2

SHA512
c4d156d774d7ddf5b14c819f3bd6a747ab9c74858087d39261a59339cbccc2655437dda9d051d5d82f6b6aa945d7faf348936127d9ff38345f0f5fddd3ab9748

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d2e72b89-9dd3-4dd9-9d2b-77b765d28535.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5b6952124217bde06c5fefcf01876296

SHA1
c6dbd5259afd51d4dda418fb72177f3cc8829bfb

SHA256
64b05fcc0ac344c9b4e24424838ced77a3a9db642d3e923d54fd673ad8b4905e

SHA512
024905757f2b371070f84fdc90563af321e63a6ccacdd7466f7da38c6926365046fe4c9ba5218fec674aa3007c489f877ee1e87d1ab2a32c17ebf412b72cf20b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e8598a3f718d167c3b142944a1a4d5d1

SHA1
8dac0011bef735300b42342fd3cbcea6e5642d37

SHA256
a1860fbbce45ad9c9b4f91790cb69ab38afad6a63bfdd46898c0f37a277abd39

SHA512
6c0e1143c6f4aa99dd4a05ac8b3c76fe8f76c57a09004f7707e61e19057d3bd6290641993cbd6843c539e01f46cae63ae0f54bf73dbdde5896b06410525dc783

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d5fdef84d60f27df11a285b74d9d52e5

SHA1
c7fad3b9c005bc9eecf757788ba4e72ceff2dd8f

SHA256
cfca7c13ea41edb1798d3cb797c5a4e92558dbe2274761b64848ce575525e5a2

SHA512
02e34bedacbe48876ecad7ca671a5425382c856cd85e819f592e748aeae396cd79521eec0f9e9cec110608f83e2da5a68616c5b89345a8d5e39274e3616df088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a94ed512e70f74325313913be9cdfceb

SHA1
44e760c0bb423355a38f70bd92186e4ed744e32e

SHA256
2883b264ba26cb03d16c15dec4981ca3b5b68fc3b8ba87fa0c1ebc21ca5afdf5

SHA512
84c760938117b4ad953335153a0262257d948b96bebfedec8e3b4aeb905798bd86ad487a2368e0361229f5e9d10b4494895d5504ab2b36983f6bca9aefebc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e63eb0f1-f1dd-4ca0-8739-004fa84e5efc.tmp

Filesize
10KB

MD5
8f16b8357be980425d03e59c2a57d137

SHA1
76e75d5ad622afef86aea46b8414e7aed350d0c1

SHA256
4148b0c1317a40af2722afdec906f4de9c2e9dd8252a5154dcff7f7b499cdb66

SHA512
e1accf2cd3e656b7bc8636b5386aa09e1b0db00a713f94e2771e9b1f1173482c745a0d90df8d728ca5d6b52fd8b59de3a0cf45d4cf906356a194fb3cf5a3a2a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09433F87\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09433F87\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09433F87\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09433F87\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09433F87\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Default\GPUCache\data_1

Filesize
264KB

MD5
db4b93b7cf8ccefea20d2d0867c3aabc

SHA1
4c30e7c9e9882ab38eb0b191786f1bfc0546223e

SHA256
fb99166ed957565bc86f73bc75ce8f0d66771f7ffc1d34767a2518f529fae06f

SHA512
4eea10541a43dff86d7ade189bb7c3ed68933f0c77fee1644aa0404ad85f2108ef37903ceeeb9834176f1338e43b0312889d6225f8ccfd692987b059f1b3a0b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09433F87\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09433F87\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09433F87\FluxTeam\FluxTeamWindows.exe.WebView2\EBWebView\Default\Extension Rules\000003.log

Filesize
38B

MD5
51a2cbb807f5085530dec18e45cb8569

SHA1
7ad88cd3de5844c7fc269c4500228a630016ab5b

SHA256
1c43a1bda1e458863c46dfae7fb43bfb3e27802169f37320399b1dd799a819ac

SHA512
b643a8fa75eda90c89ab98f79d4d022bb81f1f62f50ed4e5440f487f22d1163671ec3ae73c4742c11830214173ff2935c785018318f4a4cad413ae4eeef985df

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09433F87\FluxTeam\FluxTeamWindows.exe.WebView2\EBWebView\Default\Network\Cookies

Filesize
20KB

MD5
a156bfab7f06800d5287d4616d6f8733

SHA1
8f365ec4db582dc519774dcbbfcc8001dd37b512

SHA256
e87b3d155c7582d4c1d889308b58f84e8fe90a1581014b21b785d6694bd156cc

SHA512
6c8eeab3ae6fb0d5be7758cca521665b216f31aed1aeeeaf121c99dc9f0192b385de0da36e94f90dd4a9bbbac6be2c5a55d2f284a24ccb7dec2c5302fb9b027c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09433F87\FluxTeam\FluxTeamWindows.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09433F87\FluxTeam\FluxTeamWindows.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09433F87\FluxTeam\FluxTeamWindows.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09433F87\FluxTeam\workspace\.tests\isfile.txt

Filesize
7B

MD5
260ca9dd8a4577fc00b7bd5810298076

SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6

SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3476_189609440\21ecd75a-239a-46f5-a9c3-e9357bcdbbd6.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3476_189609440\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
e4e84d0d563861a4b24d8b459bef4136

SHA1
e33f342e571e4dace20153bf71c8dc4ed432bc8b

SHA256
557761c1d3f83c2f3b7eba62c5125d97066000df0fa53afd0c133efa69248bb2

SHA512
12661e797a2579bf325726830dcee28533af52ae1f1da19fd9c43898a3ebed9c309ffe3ad676c482ae741ac50484e25f127328224c8773b657a727ab9ecd4024

Download Submit
C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
ae6e2f4fe66af0a0587cb59d872bcb02

SHA1
57e95e29b26d6874eb2790a1d2c6c7f2234c99f0

SHA256
fab086e4251ea299de888a07063d97969de991283b0ea2482a45570be713f8cd

SHA512
62d733cb6bb0f0c9034aa56f51b3a59928d23d9574b1b635b4e94cf775906487526cbfb9194ec09616be83e2a153b0f623f1517cb383001bede96ef8c671d26a

Download Submit
C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
8cd31180eb5ec01af9e5bbb1e0d84838

SHA1
8df7ef3ea0f857442c7c884f52ef16df9abefcaf

SHA256
4f62bec96b7339a6296c72bee546c4dc2f5b3445cacb0a214db09ece93d34c5b

SHA512
44eff29fc613d912f98ebc492887bfb41170d870682d4792a49bac9c8d91dc738984b45b8227573fd6a48c1b26b69f348d8f40c082e7c4c43528366410b87fb5

Download Submit
C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
05d8fda5e5076dfaf60dc823916a3172

SHA1
7c1689f60912190e425d4830311a6b4aeea48544

SHA256
d37a009e3c320ce1b8908ce9db62bb0b3f3ba8ed7b11084dc1485eac0db67c34

SHA512
1a48fa88c96dc9fccca484208d495fed2c8ad918eceb8dcbd4f38611a96cae402bc7e70e3a7bc13e1deea1d9c77b0a9ef64083fb9892e7fbc7a9f6749d405228

Download Submit
C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
d4d7c37154bf85f5ce5ce412f4892223

SHA1
c31c73dbd6f28e5e98e7292181fc677772eb7b7c

SHA256
9f1b9b43a175b949925e3c5b7835b4cfcb2669b509822f5f4392e905bc042600

SHA512
2291569a1353b7b4ab3d584dcaf8a6ddb1b44758961a4ecd9d10cf8f483efa88162808bb17dff8443ae4676cb93ffe75edcaafacabbc2ce92c0114e52773b7da

Download Submit
C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
df632eaf84ddc42760291c0d5bc84015

SHA1
5af9d3a5b8d310ed0d08e37b4a4f9317faea700a

SHA256
095ed98e584f26828da2bec0eef98bfd50bb033fd5c84253165672ad260f43ce

SHA512
b4a536c45d389646e9ab2361fb89471f448645050825df368891c75570b15740b4b70dc3cf56b74cc8d3ae0f1562ed6e41972c3085acc5e063aec052d50edb36

Download Submit
C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
ac7251b355d319199db6068948d4afca

SHA1
96686ecde0cea172ce2f947d4802d0c836e46d50

SHA256
ae08c895b5c6c559e95c00390711e73bfac8a1c38ce7763ec29dc9cb17f5171d

SHA512
4d7dbb30a2c065b3e9e6fd5b37cdc790c3e17e5aa60f19e63b6856ec2f6b582e9845ae85577651591a7a825883b75a2c34e72563cd282ba3bfe7f99a2c47fb1b

Download Submit
C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Default\Network\9292e515-6975-4549-a3d8-b05c70faa41b.tmp

Filesize
229B

MD5
5c9f79435fd36dd2a8914a542651f839

SHA1
81f4f5faf2f14d448626b3f49618d11fd4295cad

SHA256
153938ecc186cd98a2f1ebd1f53ae88cfe9d9884bd470e9166a53348a071fb2b

SHA512
0e7cf3372f919b11b0c6341bc4df2bb8ba5106463b06c74f0736b14755fa23a78db7e9b3111938570225435169bd01f7198b6124007defa77e90bbe21fd14588

Download Submit
C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Default\Network\Network Persistent State

Filesize
179B

MD5
f1b13d851cec0344b1aaf39437a35f6e

SHA1
f813ee66ed10db4017fb80fec9dd2272c9426bfb

SHA256
d0cb60ee7fed37cab0caadb60e66893e4f87695ecb6a399d406027ce1d058d87

SHA512
2d870b93b2e134a2740e2a668cdddc9bef17cd9cd997acede4822459cb54072bb24cc79bdc0d1710dbaa344872ddb2b8ba73952696d8b6069707625fe77a5185

Download Submit
C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Default\Network\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Default\Network\TransportSecurity

Filesize
356B

MD5
53ec0827e059ddf7c35dea4514563c91

SHA1
8e7a1f39c5a4d55d66a779b09176a3630a2a070c

SHA256
5bc9141c86d8db89392670d17dbe658c3bdfbb7e8d98e9b0664184b467a1c848

SHA512
90c9225d99f8aaa6f5971d1ef60f4684a4fd538846e4249eb1dec0af723a857f5f48030ec75c461460d19ff5cab3bc05c7c941c9036dbbd2a16d7467c4903a37

Download Submit
C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Default\Network\TransportSecurity

Filesize
189B

MD5
d468c109e9e2cc4cfba34232456b4a4d

SHA1
23673cf1f1e1746d8a6286244e55ad1dd6ad067e

SHA256
e214e28c6ff7205f317cfb779edf1f7dbe7984daa5964d5b56c1679b71d34e27

SHA512
b84afc42b80dc16dc68dd9248d50fe153faae218cd72e2c3b287e183efea2ebad4c204a535a679fd4627a3e9cc0589a6b22b00c39004498e14356a769380b947

Download Submit
C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Default\Network\f85e926a-3862-4779-beb2-b0f6a677c00b.tmp

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Default\Preferences

Filesize
8KB

MD5
f7678dbc17e48e9b8106a389ff944246

SHA1
1620bb60595057c3a1d9950e2e5443ace1a5472a

SHA256
f16f6d3ef876e286e419d83d0c38c7d9c389d173de3f256073541c9d57af95f6

SHA512
1bb631bc9e04f561fd24cc2e138703fb3ccc7db2cfbb04141760c15542543ac3e0ead3f616a2d09c9bed8167cc1e2043a5e717d44332cf47559261f88017a5ef

Download Submit
C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Default\Preferences

Filesize
8KB

MD5
c9821b3810a588dde3fca9d75fd798e0

SHA1
130b92d033e7ad3233d1cc8741dbb966aa78f01f

SHA256
5fd6b24b0b63e00230f8924f707d8021c3d55b4339cab6e8ebb54ba5643a3fa8

SHA512
6ec4adb0b31c40ff45560710d3ad3a95d19769b67ecca2cdfc7afa9b0fbb4fc65f6c6fa21e15155bd572968863757a5f68f837c660d1bff2915a365994e0b5ae

Download Submit
C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Default\Preferences

Filesize
8KB

MD5
6dad0f38116aeba3912571955736616b

SHA1
66b770b6814d824c9e5b3eb5b821797d1271866b

SHA256
658f0fe5fed0b10ee57d926e58903cb138d126e158d725c68f2ff49b6910f339

SHA512
d021da84a0f80e2803d90bd0a61ac3530bed5ad99e6b3d8362b58e597fbc5b31943d6dcfe7013d926d781c2178355bc190bc4b99f0a67bb5d45a2f8cda7d962f

Download Submit
C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Default\Secure Preferences

Filesize
6KB

MD5
bc78a407c5ca85b581e6633dcdf54c2c

SHA1
4b2e3cf3a55e2c356f3e91f33985697eae680f89

SHA256
e46a8cb6ea029ddde84cf7ae7b5eef581416b3c4cf3ebd096eb198e2149d5bac

SHA512
a666bbcbd1f5359bf8bf98ee5f2e24f4244a211acb2ff778d3f1c53276b1e8ccac8e1b84e535339f03063cf0bdf7697949b259fe64740b8d21f76d653dc586df

Download Submit
C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\Local State

Filesize
19KB

MD5
a6b90f52333f476ece47014b2b62d5f0

SHA1
95167de2c1bc4fa13440b18792c6e2e87c4a6227

SHA256
93d2a9654e521a54753df790cd5c4716aa29e15be09b4f2f7666548f864f4ee6

SHA512
68dbeb88eb8381950a9d7b5564161f6c7aae17eb755be0604e8bad71acb58b6a86f463a3f313e814f62103397e8e0c3f9186da72290ee06dac2fc982ca126bbe

Download Submit
C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe.WebView2\EBWebView\ddff296d-42c8-4021-9090-72baf373d46b.tmp

Filesize
19KB

MD5
361a49b799c342003c4e2d7b8373c8f0

SHA1
346a90e09ea6bb43bb254f4b2ce8edd7b9f6cbd4

SHA256
a7cff1b86f3037bb62a5e5bfe950e7b09cdfef85a872d5cfcd76ff2c1bb5e749

SHA512
ce3b4da5b932aa41b88afb44de775206901f497e4bd071936980b65be40cad7ddfc3e9fa3e09f8af2a8142e7c9803ab02ec69ef2865d7625a175e4525fecc9be

Download Submit
C:\Windows\Installer\MSIA6B4.tmp

Filesize
219KB

MD5
928f4b0fc68501395f93ad524a36148c

SHA1
084590b18957ca45b4a0d4576d1cc72966c3ea10

SHA256
2bf33a9b9980e44d21d48f04cc6ac4eed4c68f207bd5990b7d3254a310b944ae

SHA512
7f2163f651693f9b73a67e90b5c820af060a23502667a5c32c3beb2d6b043f5459f22d61072a744089d622c05502d80f7485e0f86eb6d565ff711d5680512372

Download Submit
C:\Windows\Installer\MSIFFB3.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\e5a9521.msi

Filesize
26.3MB

MD5
b9c6d23462adef092b8a5b7880531b03

SHA1
9e8c4f7f48d38fb54a93789a583852869c074f2d

SHA256
2e23da54aa1ff64de09021ab089c1be6d4a323bdf0d8f46f78b5c6a33df83109

SHA512
18623991c5690e516541eaf867f22b3a1a02317392178943143bedc7f7eda5e02e69665c3c4a5fa50ade516a191bbbf16fd71e60f3225f660fb10ebc25cd01a5

Download Submit
C:\Windows\Installer\e5a9532.msi

Filesize
4.6MB

MD5
748613565373b2a573e55eaee02112ff

SHA1
d3c5b9db9c64a829f9c98314bcc3c2c1bb7d549a

SHA256
0b10f3e39f0cbf0a27d54e73647c6b619e408f424f1d1f4632d3f886f4f4ad48

SHA512
60aadb585628c6c0e5911530b626e5258dcc64c8418b4967d098dd51fcd968ac083474ffc45779b187849e282eed93c9f0a0a67ac050c7470f807ac6ad3238f1

Download Submit
C:\Windows\Installer\e5a954f.msi

Filesize
29.1MB

MD5
230fed97d6f8eab7800e2316fef53c00

SHA1
7a97f51462584f6a8cc9eb08da654dea4d2b7fba

SHA256
c9aaa2ab9905abbbecff1ad3c3ecbae1f4d7fe8a063f3bfd2fcfe5176fcb169d

SHA512
e0af63d92aecc632b1273e63b5327d2ca9ea3d7a086807205043e4bc76050a22de786e419c1d95a8a8521f39af8c4dc6cf9563dd88e3174e5e87a2d30a6f2352

Download Submit
C:\Windows\Installer\e5a955e.msi

Filesize
2.7MB

MD5
b444780579b876b5d7a5d9898780a196

SHA1
e5ad5d25a33f2c3c94b006adac938d4d302586a0

SHA256
8950da0a51a94493b59e914e0247973434b3255d1b98e9a26c5a76e40c6dca65

SHA512
aa03587c6b39f3e71f7f945c8bc301fd5971bf14cd9ab4f0ae5989378b8040e92af194e55759d3d000f09d4080d1c1ebbae1c44c722ee0e40b499a934634c5ff

Download Submit
C:\Windows\Installer\e5a95a9.msi

Filesize
9.8MB

MD5
952ad1ae981f15835af04bef98865c40

SHA1
65a2b699181aef2e46fd9989edb99b4b9b867d47

SHA256
76fcaa3352cc4c3bcbec2d62c1958c6e824b07d211be96497da284942bb3df4d

SHA512
9ee387d5b6f2dc7c966b23f41978e9e5c8764343878bb34c6b32b170e13b44b15f7d1ed6a653b7de4407273f544ac409aed28f15cdedac130f8168f8c7b90947

Download Submit
C:\Windows\Temp\{A7235459-99D4-46CF-B2BE-8A809E1FB46E}\.ba\bg.png

Filesize
4KB

MD5
9eb0320dfbf2bd541e6a55c01ddc9f20

SHA1
eb282a66d29594346531b1ff886d455e1dcd6d99

SHA256
9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

SHA512
9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

Download Submit
C:\Windows\Temp\{A7235459-99D4-46CF-B2BE-8A809E1FB46E}\.be\dotnet-sdk-8.0.404-win-x64.exe

Filesize
611KB

MD5
6ff717c206058aeca064f0ce9d2969d4

SHA1
9d4839aa383b5c1b1d4898e249781bd307b566a2

SHA256
4260ac2626c9be51110b2a3b02172c2959fd302ee117cbb3a543571ea03e4653

SHA512
f0e30840a2522b9470a324ea0907d7a3be61df63bc9d1f675cb6de93d6028e0d8baff414f3c9c644f045e331d39a3e305d2691cc9ebf29b45e08d82ad3b9181e

Download Submit
C:\Windows\Temp\{A7235459-99D4-46CF-B2BE-8A809E1FB46E}\windowsdesktop_targeting_pack_8.0.11_win_x64.msi

Filesize
3.7MB

MD5
ab71cfa9614c6073723fd659c1858727

SHA1
9dff1487bb04a90df8c332d385c7cc9735572f65

SHA256
492892cde2032ecf06ce57674852fa81d6aa8c74989f5000b9def87881d09f64

SHA512
8f505e4b0e6c398f063d51d8fda12542bf74296f0bc8e617e26945274782d777c77ed2f1f258a480e63369c510f6dc31bba38d586f019001ccdb72e2fe2c85e7

Download Submit
memory/1908-9166-0x00007FF873570000-0x00007FF873571000-memory.dmp

Filesize
4KB

Download
memory/2608-3002-0x0000000074DF0000-0x0000000075016000-memory.dmp

Filesize
2.1MB

Download
memory/2608-3085-0x0000000000440000-0x0000000000475000-memory.dmp

Filesize
212KB

Download
memory/2608-2365-0x0000000000440000-0x0000000000475000-memory.dmp

Filesize
212KB

Download
memory/2608-2366-0x0000000074DF0000-0x0000000075016000-memory.dmp

Filesize
2.1MB

Download
memory/4808-9186-0x00007FF873570000-0x00007FF873571000-memory.dmp

Filesize
4KB

Download
memory/5908-9188-0x00007FF874270000-0x00007FF874271000-memory.dmp

Filesize
4KB

Download
memory/5908-9187-0x00007FF873290000-0x00007FF873291000-memory.dmp

Filesize
4KB

Download