hxxp://bloxshade[.]com

Analysis

max time kernel
24s
max time network
18s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 12:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://bloxshade.com

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
5276	setup.exe
5928	setup.exe

Drops file in Program Files directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Bloxshade\setup.exe	Setup - Bloxshade.exe
File created	C:\Program Files\Bloxshade\setup.exe	Setup - Bloxshade.exe
File created	C:\Program Files\Bloxshade\installer.exe	Setup - Bloxshade.exe
File created	C:\Program Files\Bloxshade\setup.exe	Setup - Bloxshade.exe
File created	C:\Program Files\Bloxshade\installer.exe	Setup - Bloxshade.exe
File opened for modification	C:\Program Files\Bloxshade	Setup - Bloxshade.exe
File opened for modification	C:\Program Files\Bloxshade\installer.exe	Setup - Bloxshade.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 4 IoCs

evasion

pid	Process
5160	taskkill.exe
5236	taskkill.exe
5812	taskkill.exe
5888	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3044	msedge.exe
3044	msedge.exe
2136	msedge.exe
2136	msedge.exe
892	identity_helper.exe
892	identity_helper.exe
4248	msedge.exe
4248	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	5160	taskkill.exe
Token: SeDebugPrivilege	5236	taskkill.exe
Token: SeDebugPrivilege	5812	taskkill.exe
Token: SeDebugPrivilege	5888	taskkill.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
5276	setup.exe
5928	setup.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1264	Setup - Bloxshade.exe
5276	setup.exe
5744	Setup - Bloxshade.exe
5928	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 1944	2136	msedge.exe	81
PID 2136 wrote to memory of 1944	2136	msedge.exe	81
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 524	2136	msedge.exe	82
PID 2136 wrote to memory of 3044	2136	msedge.exe	83
PID 2136 wrote to memory of 3044	2136	msedge.exe	83
PID 2136 wrote to memory of 2552	2136	msedge.exe	84
PID 2136 wrote to memory of 2552	2136	msedge.exe	84
PID 2136 wrote to memory of 2552	2136	msedge.exe	84
PID 2136 wrote to memory of 2552	2136	msedge.exe	84
PID 2136 wrote to memory of 2552	2136	msedge.exe	84
PID 2136 wrote to memory of 2552	2136	msedge.exe	84
PID 2136 wrote to memory of 2552	2136	msedge.exe	84
PID 2136 wrote to memory of 2552	2136	msedge.exe	84
PID 2136 wrote to memory of 2552	2136	msedge.exe	84
PID 2136 wrote to memory of 2552	2136	msedge.exe	84
PID 2136 wrote to memory of 2552	2136	msedge.exe	84
PID 2136 wrote to memory of 2552	2136	msedge.exe	84
PID 2136 wrote to memory of 2552	2136	msedge.exe	84
PID 2136 wrote to memory of 2552	2136	msedge.exe	84
PID 2136 wrote to memory of 2552	2136	msedge.exe	84
PID 2136 wrote to memory of 2552	2136	msedge.exe	84
PID 2136 wrote to memory of 2552	2136	msedge.exe	84
PID 2136 wrote to memory of 2552	2136	msedge.exe	84
PID 2136 wrote to memory of 2552	2136	msedge.exe	84
PID 2136 wrote to memory of 2552	2136	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bloxshade.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84b6d46f8,0x7ff84b6d4708,0x7ff84b6d4718
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16085305260644888288,7271961211582474178,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,16085305260644888288,7271961211582474178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,16085305260644888288,7271961211582474178,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16085305260644888288,7271961211582474178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16085305260644888288,7271961211582474178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16085305260644888288,7271961211582474178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16085305260644888288,7271961211582474178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,16085305260644888288,7271961211582474178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,16085305260644888288,7271961211582474178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16085305260644888288,7271961211582474178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,16085305260644888288,7271961211582474178,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16085305260644888288,7271961211582474178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,16085305260644888288,7271961211582474178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16085305260644888288,7271961211582474178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16085305260644888288,7271961211582474178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16085305260644888288,7271961211582474178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16085305260644888288,7271961211582474178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:5516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2468

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Temp1_Bloxshade.zip\Setup - Bloxshade.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Bloxshade.zip\Setup - Bloxshade.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:1264
- C:\Windows\system32\cmd.exe
  cmd.exe /c taskkill /F /IM installer.exe
  2⤵
  PID:3900
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM installer.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5160
- C:\Windows\system32\cmd.exe
  cmd.exe /c taskkill /F /IM setup.exe
  2⤵
  PID:5188
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM setup.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5236
- C:\Program Files\Bloxshade\setup.exe
  "C:\Program Files\Bloxshade\setup.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:5276

C:\Users\Admin\AppData\Local\Temp\Temp1_Bloxshade.zip\Setup - Bloxshade.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Bloxshade.zip\Setup - Bloxshade.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:5744
- C:\Windows\system32\cmd.exe
  cmd.exe /c taskkill /F /IM installer.exe
  2⤵
  PID:5760
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM installer.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5812
- C:\Windows\system32\cmd.exe
  cmd.exe /c taskkill /F /IM setup.exe
  2⤵
  PID:5840
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM setup.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5888
- C:\Program Files\Bloxshade\setup.exe
  "C:\Program Files\Bloxshade\setup.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:5928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Bloxshade\installer.exe

Filesize
1.6MB

MD5
717185ab370c3dd143db0ce06369bdc9

SHA1
4d3def9c099b4a2df128d354ed36a017568fc21d

SHA256
9fa736a1ef90623337208246328f440a8858b48de1106226a60f8f19025ce29f

SHA512
55a64ed1adf468d542f1125cc2cd9ebd0c9082b47c3872c00185037bab08279657b0eb23488fbd2168fe78403e9aa1e6ac452fc2877066476ca4d8b77f5cf3ef

Download Submit
C:\Program Files\Bloxshade\setup.exe

Filesize
6.7MB

MD5
53c49eb46e609dc60c4d8c2a399f3b44

SHA1
c90e831199880f0c1c25ee034329a04ccebd60bf

SHA256
8eef87212ca808b830123256be45cc0a800a77507ac9d646d6d656d04243dea6

SHA512
e6bde4b7158ec51b609b16b17e4b3acba83c0cf3890274e243392eac84efbfc492380e8f100330ba9b42135e6bc82cefe25f7a51bdfb8b7b9cd61d4532471844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
c61a9e26c40d897c12d4a7362ef6bd0c

SHA1
831052dda668478b402f3dd80a2ca996a9f63366

SHA256
021ae2fed627457dcc2d155474a258558673bb07b78c7fa6b8fc43a2b24640ec

SHA512
2efcf133d57b866ce3dfb9f18af7535ca3711bc02569079e087b934670a199dbd14ce2969670c78f1276f0c39092f71336218979eacc12409a1a304d3f7184de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
146c883381c958234ff7f008d60915f0

SHA1
b3e2dff19779fcd14fe326eaf1f7ca0ceaee53c5

SHA256
3818092d4fa3489f829eef84a45826012ecb80a81da54dcfd0ec435319473563

SHA512
b01d1eb4b3bca4b24a0b43da25fa0567243753383c14d4df4ff690d469b1a1a61c6028c608e12af7f33828091d1bab3ac2fa0de576c5632be5b47127ee44278a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e4f790cdfaffaa9ed3468ce2c073c3b

SHA1
36a9363cdcee334fd6f9a4c49545ee4d60a3ff5f

SHA256
0359e5a64e27b0368413650895868be1f8ced4692ca608dd1968f4cd05e9b858

SHA512
3334099634bca4b108df8350bbc1c73b23aa862ca020646457df34545fe5e83ce838c01b62c7e9104079d7e02c1ea4d2e7eac7d41bfb9dd92d09c520ce1a7f87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
99B

MD5
d803342cd1fc228a21e7715d9692aa5e

SHA1
c4342e3b7f42e2bc78af7dc86bc687b578614573

SHA256
b96446788747ab96935e5c3c8c84277a9d12a8c69fbf9cf6b007266ff5e121f0

SHA512
6846d8d04d9a6af78a1f530525475d88509a52f3cfc82022f832c66b51e803dfd66c8a5470c315b0d034cb5ea3e8201266164f1734d3b0295c5bbb0f3c862631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
35B

MD5
343859b4ad03856a60d076c8cd8f22c3

SHA1
7954a27de3329b4c5eefd4bdcb8450823881aad6

SHA256
8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f

SHA512
58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
25fb51b92d2cb4f903bfae48dcfcf565

SHA1
2bc9bae5feff7cbc675cc415bc30893342954ba0

SHA256
1e8b9829369cb0c3885d7726b6f2b64ca7114f9f0275452d37cb0f726503a2ca

SHA512
38f3b75bb1b849a3833a2fef64e9e26af10a81e43721f61017e4e0afed99a18bda93726045023f2cf943ed54df98a535bb4658f0eae290540b0a6104770505ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1d419d04c10c369fbb4ed2e3ee0ae8a0

SHA1
268b7b848323ef54f2a879ada81cf8d7e9cf62c8

SHA256
e70b1660b3f5ab51955a17f367afc3f675c3f3d6cecbc915d7d4f554e0bc900e

SHA512
bee8803b086766a2bbcf0b35054bc635adc313b9a5455c534f2bf363e0ec570059f2f396f7ec2e9bbf5c5176f4b32e30fa4add1516d22c1d6509069ae491cf6a

Download Submit
C:\Users\Admin\Downloads\Bloxshade.zip

Filesize
3.9MB

MD5
13b630889e1df11d171c0f0368630885

SHA1
dd7b6d38743d5a090ee8d53fd46cd12862ae8105

SHA256
4a95d9034ae38f6198d39d6e2a8c4d3844c1a0edab402a144a6d678f35e17f1f

SHA512
0ad296afc04b55f39f3b03be189390942aaca6175767a8438450f6717544a976e3f879a6f58f15c6045f81e6f3ba55e733a5fd70c746f02fa1d4ca24090c184c

Download Submit