hxxps://drive[.]google[.]com/file/d/110J9mwRap1CDmE8YuJmqGAVUHMGK_9L9/view?usp=sharing

Analysis

max time kernel
1865s
max time network
1869s
platform
windows10-2004_x64
resource
win10v2004-20240802-de
resource tags

arch:x64arch:x86image:win10v2004-20240802-delocale:de-deos:windows10-2004-x64systemwindows
submitted
29/08/2024, 21:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/110J9mwRap1CDmE8YuJmqGAVUHMGK_9L9/view?usp=sharing

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 28 IoCs

pid	Process
5204	blur-installer.exe
4108	blur-installer.tmp
808	VC_redist.x86.exe
6072	VC_redist.x86.exe
4216	blur.exe
1456	blur-installer.exe
2588	blur-installer.tmp
5568	blur-installer.exe
3216	blur-installer.tmp
2560	blur.exe
388	blur.exe
6028	blur.exe
4056	blur.exe
5824	blur.exe
1396	blur.exe
5484	blur.exe
4816	blur.exe
5300	blur.exe
4136	blur.exe
2712	blur.exe
1020	blur.exe
1392	blur.exe
1456	blur.exe
6096	blur.exe
5652	blur.exe
6024	blur.exe
2772	blur.exe
2740	blur.exe

Loads dropped DLL 1 IoCs

pid	Process
6072	VC_redist.x86.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
7	drive.google.com
13	drive.google.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\msmouse.PNF	blur.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	blur-installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	blur-installer.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	blur-installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	blur-installer.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	blur-installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	blur-installer.tmp

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{FA133E87-1935-4052-9BDD-F5A3DA00284D}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{D8B313F8-1DA3-4A77-815F-35E52C67B101}	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Nicht bestätigt 463919.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Nicht bestätigt 134864.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4144	vlc.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
3400	msedge.exe
3400	msedge.exe
2724	identity_helper.exe
2724	identity_helper.exe
4800	msedge.exe
4800	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
5152	msedge.exe
5152	msedge.exe
1636	msedge.exe
1636	msedge.exe
4108	blur-installer.tmp
4108	blur-installer.tmp
4024	msedge.exe
4024	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4144	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	5392	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5392	AUDIODG.EXE
Token: 33	4144	vlc.exe
Token: SeIncBasePriorityPrivilege	4144	vlc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe

Suspicious use of SendNotifyMessage 37 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
4144	vlc.exe
4144	vlc.exe
4144	vlc.exe
4144	vlc.exe
4144	vlc.exe
4144	vlc.exe
4144	vlc.exe
4144	vlc.exe
4144	vlc.exe

Suspicious use of SetWindowsHookEx 24 IoCs

pid	Process
4144	vlc.exe
4144	vlc.exe
4144	vlc.exe
4144	vlc.exe
4216	blur.exe
2560	blur.exe
388	blur.exe
6028	blur.exe
4056	blur.exe
5824	blur.exe
1396	blur.exe
5484	blur.exe
4816	blur.exe
5300	blur.exe
4136	blur.exe
2712	blur.exe
1020	blur.exe
1392	blur.exe
1456	blur.exe
6096	blur.exe
5652	blur.exe
6024	blur.exe
2772	blur.exe
2740	blur.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3400 wrote to memory of 552	3400	msedge.exe	84
PID 3400 wrote to memory of 552	3400	msedge.exe	84
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 1324	3400	msedge.exe	86
PID 3400 wrote to memory of 556	3400	msedge.exe	87
PID 3400 wrote to memory of 556	3400	msedge.exe	87
PID 3400 wrote to memory of 3304	3400	msedge.exe	88
PID 3400 wrote to memory of 3304	3400	msedge.exe	88
PID 3400 wrote to memory of 3304	3400	msedge.exe	88
PID 3400 wrote to memory of 3304	3400	msedge.exe	88
PID 3400 wrote to memory of 3304	3400	msedge.exe	88
PID 3400 wrote to memory of 3304	3400	msedge.exe	88
PID 3400 wrote to memory of 3304	3400	msedge.exe	88
PID 3400 wrote to memory of 3304	3400	msedge.exe	88
PID 3400 wrote to memory of 3304	3400	msedge.exe	88
PID 3400 wrote to memory of 3304	3400	msedge.exe	88
PID 3400 wrote to memory of 3304	3400	msedge.exe	88
PID 3400 wrote to memory of 3304	3400	msedge.exe	88
PID 3400 wrote to memory of 3304	3400	msedge.exe	88
PID 3400 wrote to memory of 3304	3400	msedge.exe	88
PID 3400 wrote to memory of 3304	3400	msedge.exe	88
PID 3400 wrote to memory of 3304	3400	msedge.exe	88
PID 3400 wrote to memory of 3304	3400	msedge.exe	88
PID 3400 wrote to memory of 3304	3400	msedge.exe	88
PID 3400 wrote to memory of 3304	3400	msedge.exe	88
PID 3400 wrote to memory of 3304	3400	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/110J9mwRap1CDmE8YuJmqGAVUHMGK_9L9/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf7c946f8,0x7ffcf7c94708,0x7ffcf7c94718
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --service-sandbox-type=collections --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=6620 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=6620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --service-sandbox-type=audio --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --service-sandbox-type=video_capture --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4732 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7264 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=3052 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5152
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\0820 (1).mp4"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=7572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1636
- C:\Users\Admin\Downloads\blur-installer.exe
  "C:\Users\Admin\Downloads\blur-installer.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5204
- - C:\Users\Admin\AppData\Local\Temp\is-EKH53.tmp\blur-installer.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-EKH53.tmp\blur-installer.tmp" /SL5="$D01CE,59749349,879616,C:\Users\Admin\Downloads\blur-installer.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\is-QHV0V.tmp\VC_redist.x86.exe
      "C:\Users\Admin\AppData\Local\Temp\is-QHV0V.tmp\VC_redist.x86.exe" /install /passive /norestart
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:808
    - - C:\Windows\Temp\{E5F21A7B-09C5-4E0E-9784-243E9D363ACD}\.cr\VC_redist.x86.exe
        
        "C:\Windows\Temp\{E5F21A7B-09C5-4E0E-9784-243E9D363ACD}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\is-QHV0V.tmp\VC_redist.x86.exe" -burn.filehandle.attached=572 -burn.filehandle.self=584 /install /passive /norestart
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:6072
  - - C:\Users\Admin\AppData\Local\Programs\blur\blur.exe
      "C:\Users\Admin\AppData\Local\Programs\blur\blur.exe"
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,5366413184000886123,2532946128403403364,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=7608 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4024
- C:\Users\Admin\Downloads\blur.exe
  "C:\Users\Admin\Downloads\blur.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4816
- C:\Users\Admin\Downloads\blur.exe
  "C:\Users\Admin\Downloads\blur.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5300
- C:\Users\Admin\Downloads\blur.exe
  "C:\Users\Admin\Downloads\blur.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4136
- C:\Users\Admin\Downloads\blur.exe
  "C:\Users\Admin\Downloads\blur.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2712
- C:\Users\Admin\Downloads\blur.exe
  "C:\Users\Admin\Downloads\blur.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1020
- C:\Users\Admin\Downloads\blur.exe
  "C:\Users\Admin\Downloads\blur.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2912

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:5508

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x48c 0x2cc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5392

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1028

C:\Users\Admin\Downloads\blur-installer.exe
"C:\Users\Admin\Downloads\blur-installer.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1456
- C:\Users\Admin\AppData\Local\Temp\is-2C3AE.tmp\blur-installer.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-2C3AE.tmp\blur-installer.tmp" /SL5="$502F8,59749349,879616,C:\Users\Admin\Downloads\blur-installer.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2588

C:\Users\Admin\Downloads\blur-installer.exe
"C:\Users\Admin\Downloads\blur-installer.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5568
- C:\Users\Admin\AppData\Local\Temp\is-E94N1.tmp\blur-installer.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-E94N1.tmp\blur-installer.tmp" /SL5="$70334,59749349,879616,C:\Users\Admin\Downloads\blur-installer.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3216

C:\Users\Admin\AppData\Local\Programs\blur\blur.exe
"C:\Users\Admin\AppData\Local\Programs\blur\blur.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Programs\blur\blur.exe
"C:\Users\Admin\AppData\Local\Programs\blur\blur.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:388

C:\Users\Admin\AppData\Local\Programs\blur\blur.exe
"C:\Users\Admin\AppData\Local\Programs\blur\blur.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6028

C:\Users\Admin\AppData\Local\Programs\blur\blur.exe
"C:\Users\Admin\AppData\Local\Programs\blur\blur.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4056

C:\Users\Admin\AppData\Local\Programs\blur\blur.exe
"C:\Users\Admin\AppData\Local\Programs\blur\blur.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5824

C:\Users\Admin\AppData\Local\Programs\blur\blur.exe
"C:\Users\Admin\AppData\Local\Programs\blur\blur.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1396

C:\Users\Admin\AppData\Local\Programs\blur\blur.exe
"C:\Users\Admin\AppData\Local\Programs\blur\blur.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5484

C:\Users\Admin\Downloads\blur.exe
"C:\Users\Admin\Downloads\blur.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1456

C:\Users\Admin\Downloads\blur.exe
"C:\Users\Admin\Downloads\blur.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6096

C:\Users\Admin\Downloads\blur.exe
"C:\Users\Admin\Downloads\blur.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5652

C:\Users\Admin\Downloads\blur.exe
"C:\Users\Admin\Downloads\blur.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6024

C:\Users\Admin\AppData\Local\Programs\blur\blur.exe
"C:\Users\Admin\AppData\Local\Programs\blur\blur.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Users\Admin\AppData\Local\Programs\blur\blur.exe
"C:\Users\Admin\AppData\Local\Programs\blur\blur.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
41KB

MD5
f3d0a156d6ecb39d1805d60a28c8501d

SHA1
d26dd641e0b9d7c52b19bc9e89b53b291fb1915c

SHA256
e8be4436fcedf9737ea35d21ec0dcc36c30a1f41e02b3d40aa0bfa2be223a4a3

SHA512
076acfd19e4a43538f347ab460aa0b340a2b60d33f8be5f9b0ef939ef4e9f365277c4ff886d62b7edb20a299aacf50976321f9f90baba8ccd97bc5ac24a580bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
1.2MB

MD5
540af416cc54fd550dcdd8d00b632572

SHA1
644a9d1dfcf928c1e4ed007cd50c2f480a8b7528

SHA256
e4e53d750c57e4d92ab9de185bb37f5d2cc5c4fcc6a2be97386af78082115cbb

SHA512
7692e046e49fcde9c29c7d6ea06ed4f16216ec9fb7ea621d3cc4493364743c03925e74244785588d1a4bfc2bedd32b41e7e66e244990d4076e781d7f4bbb270f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2c9bc1a69f7cc5ef5f77e0913153378c

SHA1
08e0d4753349029cf26602a7e8b697a69380c02d

SHA256
f47fc134d2d472c4775591d723eb964da017930a65da79a3624b9388913ee4b6

SHA512
aacf0e33ecbbe237ee65b2bc81450a923d68b1413391ae80fe699dc2204f47f36d4864c727a8dc786114c88d7781b5c0ac6365fd61cb38b6ec34376947bd14d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
13438585204f5fcd38837da6098d0924

SHA1
9680812b57539b31a2db603682ea519240ecfa2a

SHA256
793f206c9efcffd558619ef3ef305decd6416aa654487ceb7f25d70210ef660b

SHA512
8c4f7d7cf705f3dbbbfe1c92f23e18f7a17a379751558063db4dc87b3c77616999aaf68ac8b9cdd6d446be641cf29918c6ee2fdac20d00b45fa770a62c1b6330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f85198b51533d9fd40134aceb46097b8

SHA1
c34a6da87c5e0c6de9de42dfb2cdc6d1c8414c4e

SHA256
80968b582844db2934b7f8b9897ba6c66f5486eee289c32b93f5540dbe7d32ac

SHA512
7fe896beb13014ba3d4812acd1d6eadd9801a4965ff3228cac13a019525bfd126f4e4220ef450d9fd14fb626c1815599b14270ab904eed974f162bf390c193a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
68a7e1bfc522213bcd7864ae34310369

SHA1
6dd8471ce6fa01ea81210335454666fec6964464

SHA256
095b2ce9bca24c5558efb0a5d03ef1f836f071d1a034d04d90b077161b04f5c2

SHA512
037249e2d80655cdcbb09626080c4e3662d705cb3b2b57b993503efaf5ff5bab3482e292641d1b8ef8cef10682a174acd92f9648cd81293811154e9f30f38b04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
98ed67fef2be909a0948b98304293cbc

SHA1
18f7c65aaf4935a4eb10a1c02cff893e9e8aec95

SHA256
5c5fdb928ba8ecd4054088dc2f1df438f71c746512fc21cd9c900cd25d50b582

SHA512
d78a6c24e3e926f97a442b689077824d04dc5d213cc6cbd8e620205a5784b8b5970eb2aede7303177e3689babdb13c2b54e07792790d47aa4d7ef6b92f96f506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a4fcce9953d8baa667443c5e6ceb8970

SHA1
8ed694df625628c47552c872a056647fca9b1f28

SHA256
c07a5e81a59d7af07e713e854b6e0088e512ad30e237fa322b7fe315c22ec038

SHA512
5503286a6b56db0e6637932e4db44a0442286d4ba811f35ab4a8413bb2601976be20044c1344df4e637590b91717d07352d743dcbbaf467861d4112c8a5e80ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
3faf0f701afa99b4fe0d631e844d06f8

SHA1
718e127263280ff423ca0efc54544b20241f9070

SHA256
1872e3aa6417a6f93d5b41449aba21b0ca17c0087658579bd0f35e1de2452383

SHA512
cbb325643e7427797f182adb0a3a44a6e30d0a38e5ff1dfca27141e341836ceabbadf10756936a227478a4ea1ed561b1f4abe1ab3be7532e7b7b04dcd965e055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f6d4661d5d33d7e14189aa3ae1dcee7d

SHA1
6b08fa25d1be0ef8cd0c641ff7e84217c604bcd7

SHA256
a4aa8330d015e4c3cf75199d2f85e4f632211bd8c76df3eddb02413533fdaa29

SHA512
fa9e74ff5660213215e5919d8e86f5edca01c6064f3af57c7294292e05944945cff034376ad59e8047c1b100f59f8078a266b0a91d59cb11c7b318681801d83c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8ef19f5ae5965bd6d2015fb17e18d7ff

SHA1
11d2ee318be8e2a6a6e0e1481f62848251a44848

SHA256
dd0b42f717289c0c2d8e81b22c29bc1e22fe9cc491c275b9afd94b19ae4d5bc6

SHA512
cb477a8abdf231bd99d9b4e966466eda13bbd18b9a33bb85c0f9190990b64f125ac15010ec8687c3a3de54eec43e3010cb11f6608fec8f2f1cc9d8daef462f39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
bf8952c160cd2a5ec6f0cfebef7f89e4

SHA1
a51daac4b2e7bccf9c2a2749cff65ce556586b76

SHA256
25ca35ac26d59ea51bbe2ff79096be4822a6787cb6fe2525cae46bf2ab58321d

SHA512
9042d081ae77e4423d34ac14a567fe5ed1d4c8fe294ecf7155df0407f6696cfdf14eda025befad5aaa67ccf9921aa3f74323be78a61f32e39a2f9e1d03ed8dfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
6a5f5b2b1241ca0ca6fd7829cb3282e4

SHA1
3cffc4fbd2e8cb0b56b3ee8967007a9751df74d4

SHA256
d6a320c00a6f129b285ca2919c40d9d9b3866ac54bd299909bbc238c1100d199

SHA512
fbebf3c89f3e18b922555b00c7f5a9081e2bc1a97604aa80d4e8b7a0efc4ee438dc185a4cfb5ef4d244c1b2d976795dda64f435ed5bb66e713fb701a96cbbbf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
180920dd4d81350cf6caca6460c7c1eb

SHA1
708df46d6eae48eeeb91a4bf82641c1c5ef28c0f

SHA256
bac06e50d9c5ccd3f8f32d395de27a35a6ed15d395423b169474426253ad8604

SHA512
93a14104cf7e8f74579095ef4252f3251d1802cc35fe74b149ec1dc584e42083e2783e5654527a978aa761a3b5bac05b6708fee8ebb050eaac6a30114c37da4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
65c9679f9b8ec18aa1efdff33f2d8da1

SHA1
0663d68444c547366fc7d8be34985439a6b87d7b

SHA256
fb34392807ff528644c004d6b64c5d3390b56a2047fa91d4a4e349ac53344c7d

SHA512
f48192e2a90ffbfe0ca4dbe623866d3f187f05b53b0162769ce88278a46d4d106fae6aea5719c7c22f3ae2ad7ed46d9f29f3c7363cb9df66c180a35ba811d6ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
26d946b18d1263a9ce64bfe6ef34560f

SHA1
0e8d4711ad60ae440cf5142cdbd93e7415d844da

SHA256
cc5f5a3f90fb533d5681a51937563e6139f55f4eb8c6e4a024dba162a69e493d

SHA512
982d20858ca55fb492e6cf409c3903c9f1ee17aaa6403f406c81ee032d8ee3f6c5580743bf01a8f1a30164b472546074881d3e1101f248873a50ac80c4baff96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
33a047d832a78c191242802bbce951b4

SHA1
4256fbc75895a9734fadaabfea3dbac6b500164f

SHA256
067d1a087cef568aff2ee8a49cb58bc5ea91dbf4aea38c00191763339fd8b41f

SHA512
8f2b46bbe517e2411bf547c422c6e542a1482992661462dced56e65ccc6a83cd96b145f98296d7692d9a33abe734a56387630f78a312f380018d9e62e7813246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
fbad9bf22abc619f6da4add35008d626

SHA1
223650883f1e6fa7c3bd4f32ed9d8fb3aa04612f

SHA256
91e2c28d13baf1c6975a804d307acf7b3b1ace1b98aa3870f3eb698890057de5

SHA512
204cfd51d879723c63e08703c2bb63d64e2b7af679ae929aff139bdf9a2077176a91da548b679c5b1e84a02a884256e90e67176bbf3ef90b9218c8b1b9afd67e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
075735e18e44ea5b382a97610f9669d5

SHA1
d608738f3ed896cf3225ba80a49a06e7f7326fd6

SHA256
ed347f63af385eeabef49827237d6ef23df8f55783886b415f4220ee823155ed

SHA512
65451fbc280d8d496e8ac3dcf9ff2360fb9c1d79eff548c78e1f5da93cea59f3a46f29eaef451579905cd85f49798e7b5938941f5c629ac78bd5501d27f147a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
cc231e66a15ffbdcd342c9e5d1d9ca61

SHA1
1040a4951baec0c6b344712b34819ad1c141b2cd

SHA256
4598b5deb462f7a68cffc8f2233549bae35276b5da56be776a045e0be5191b6a

SHA512
5ec483acea161a51f7f8feadb233c936aea4ba04b98c108517dda2117375d211d9af14a786ce14bdb0eed80209b9e2229f2b6de6a18794370c9d9cce559633ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
2285c80e8af1c2319b40d6697a6c5012

SHA1
0222d03bcca5564e60028d9e52e705fa788f1002

SHA256
016d69aed0674a5e477f2d022a092f8af6ddbcbc3ec41869f69d69ba2cf02f30

SHA512
d286fca19447ad05321f9933ba9ba36c99190aaf7b4b38ba7a1c0f2efdaa3355e4577a4ae3fb33dd1e6b49b7b7521cdc1971cbb1a0f1a9016dc25f35912d2ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
6aa437e0a3f97982bb4421f3ea9996ed

SHA1
877f29642b0859ce570560774da56b4a61eb2457

SHA256
d471e9f4e06fcbd8bead278f3084362553d37e998c760b56ac59f5fdf9e03f1c

SHA512
275625e63c868e6ea26dc372ad034a988798ac38669e6a1cb0858460f4f0d349e08aa0ec0bef52240efd095df97e54ea7a3e791bfc36d0d46c682fbb4d23cabe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
56953c6e5e112958bf20ded57c4b9227

SHA1
4f21fd8e0d8bfd2d982f2f951ed679f843e85387

SHA256
80d8b25afd8da5c315ad6b535da0416a118f0f73d8da4b1d7df5c9e625377a18

SHA512
010af70cf6b8a3019181d4518d5708ebfd80f3aadd72ba59f23f1559fc583b94fc0201586fcca25cd2f58799c12a3f8894dee0f34a30abee20e85003f909278a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5690f33e6aecde393095adcba0f711dd

SHA1
0141e7c40902e4f1fb4bc9b824509dd6304afbef

SHA256
ca5168b30d486754d54a3b5d695cb9a1d5448bb41a4f7c60992f00ae065a33df

SHA512
e0e55d724604a5e2815c62039c54420ecadfa1e561620c18cc27531062774174d06721faee392065bba3ebabad189b39d9c14e32934dde3542acb31d4aa44423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4512b5e1b825964a21400a036054d1e9

SHA1
d458adee4465d84d3f2e35cf9586d5392acc4081

SHA256
6327abf6eddf1bb0b60a843f5f1ad317e7b81d9d9eb6b2c089a0706c4e954b8a

SHA512
ff210bdc48b22a20a3fff1a89c0e6f950edb742c1dc653d4691b34e4d077a76c9d54b8bbb2a923f07fc41b24af6dec8851554bbe1c367470d139afcbf8b06681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f4cf1e4d04b72079f66f8eae29e78646

SHA1
c97afbbdbf2f8519554e60a14105533fe327d3e3

SHA256
689baa7001d2ac35594bb12a98f2c90ee00659af0debf560b09f28528da02aba

SHA512
3aa1893c95a3c4f227624414e935384f0b1fc225fe9ee516ae1568342898b27c760cbe1cae6e65cc82ae9f668665bbde0b9e1c61fe64e57885fb2da7f8b564ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b9019f2b0fa394331670b472f8d737d1

SHA1
c28f90bca8773a5ef13adc03a3be2605286cf4c8

SHA256
9285ef2d26b7aa5355c10233deb14a0d5a8868c022284eaeef417dd423c13a3c

SHA512
aa95b933df04e203ad109048b40ce5f201458ff666bd9e38110ded3d707277587db3471cd6d5cd99aacb38feb9df7746de57170b1bdded19aef452be5514d6b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f116e212ec07f16352ae3188441235ca

SHA1
a4866152c86d450c83da385075aa14e42f48b635

SHA256
9309fef54af22469a3abb7d7f0d0c77084a64a9ec0116baf5ccb91d5e0c506e9

SHA512
f493ea8965930df622e38fed81972b66ef3b9e7c43d8e217f47d5b910d3dafd38b67c78e56dc6b0f63d0c4d443d6277dd4c287fcd7df035ea37df53c5d4a15ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e0d85fd413cb8011c17b1f8fb4fdcbae

SHA1
257789a918308d8e3ef933b81834033f62fe88b0

SHA256
0b67d3b4c374e467eda3b9c61b971737e00233d51182288c8941584bc5796ff5

SHA512
3c93f898cc1cbabe88b4ace6691d728552883fdaefcdc5ca72f4f1e7de74e5f09dcdd486200091b60f736acd28e1d8f33fbf7267d8e7df30f109544a2577a188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aa8f6830eac96aa736d34a0fa132bcae

SHA1
a6318ccd60f16ed10641cdc53f3e53ace0a92de8

SHA256
e5ce6638a4899e5915af61a20870852cb7e937d585e7e4c1e22479e1478117d3

SHA512
ae42b992f4bc1848045f5e352deb16d038a872fa6e707919d3c69558559c17800786d0a77803db1a8771f19f33d5e933578a42adad140f77112c9facf7d67098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c70480264fa33b0a470ff320f3026198

SHA1
6431fd66266a10a60265499c97c1affb03e2d717

SHA256
3201081bb88a8c8ddc0a0ed560c7e26a6caf281e1f10ae315672faa4fc710a9c

SHA512
7128a3a079cc5f4ba1b4cdacd743f1a6c33a86147168813e6b7bc8fdb2250a1089cb16f0963f567217de42b0e5868390995127cb01a9cb2f0e4a63c11520a0a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d81b99519d354eb1cd96628ba437a95b

SHA1
49efd76d260b2bb3aefdb2ecaec45d3f9dbe6d68

SHA256
f3823f6d4e21f3933f02faf1ba2b83f8b719d217be3411c2be81e72265622d29

SHA512
6dbd3cce92f8769c82ce866647d3c245c39aa40bbfa2531af73c44df921812f58ca79276406f67bdaf850adcf5fbfbaa64e046b283140e2b7c6019cad18811fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ad1fef1bc7f76e20346a65f0f928ba08

SHA1
aef8e3801761e33038242d21edb529532dda9a21

SHA256
9132ffd11f86225609ffa6a5b4af0d35ec3138de507eb33163080c456f6421cb

SHA512
19a11690f8c95f6d8086380d095db63efab8276adb6c7602c3b10a91fad1390099e9e2dc30190b71e33a446cfa9e9e6c17a58de8fd2c472ffbfdb168f8aa8255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0073d6333f426ad9297274946694160a

SHA1
2caae57e8d75a3b19fa02d1ca08c5f9bb10f056d

SHA256
495da8a6b1d4a59192ac471106f27d4c1691643af3da74c725393e51ea48d378

SHA512
3e57eddd45d20f6a2673de1943de7b461cb2739b269603f7080e1d03f849672f8e50d9a6d988b92ae76b3f66a3d1e00235f8f8123b53362e2655759d4f3524fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2cfbfb3bc5c6eceb46db48b67f85e676

SHA1
448b6115ba3281e76e148038bc8dcf490164c82d

SHA256
d14aaf9594cc30156f553c01d955cb6e1baab0d72eef9cbdcd65e10573ba3268

SHA512
9441cab0f5eb75dc983abb044c971c8fad83cf5aa860bd63238a81ac49a2d733fb27f21cfc56ae6bec8946f80fd8eef40acb9db888853468b22687d99548e196

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0ef5f2f6136c181d0171418acc31e33f

SHA1
fd6714cdba75b93b75baca8a28dc801ad80f1a2b

SHA256
864bb3349ebdbc8a0eeadbf9b2e445af4f567292ba938803f1e710b8b5e30250

SHA512
99f4ac365e579ec8bb47947e9c1d564362d68ef74e925cb915e7e082aa7fb78ab770709d7e620c0de546ca04b3da41ecf719e0418be78788f9ce2d76386046d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9b2676582aa4a7e85b83554fe2663685

SHA1
bf49bdcd4dae412b0807b234dc29bad1232086dd

SHA256
89bf8a792d28cf2b46901be0a9036cdcde8a26c22d61576f270b40426104a33e

SHA512
c536a1b0f1d0ca6a902021f584045bfad50c252271f5839149464ab3605a858403530b4dfe16a19526050b1797d2f5d651f67e0ee10731e82d5b92a46e226a12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4d488287fcd359f2599337ac807d6788

SHA1
4e8a5ea45259bd2a5a8feb960b82e5ce6fd118c4

SHA256
ea9aff71aa9a9ff5a31a8926a65ab58c84575dfa0336685e319aeda637aba913

SHA512
354a4f1a382207aae5be6446550242297c8165cda395f2ec1861a897f119c108474d99904b271b8cc856ac49288288878c25f057942d2bfeb6871552be8cf2a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2d60f965eb1c6a15cb2b1935446630b6

SHA1
8a1e59794d1c4319f9f3f6baa59d1ec41913da81

SHA256
75632e93a214d71efa252a906ee106257c41ed3e238e647ff8831bc23536b658

SHA512
1b04a6ff484a31433282c434d8d3844e25c51dd6b98486ebf0eedf044a90e6780388031edb2715966cf0ed3f527d07def3a6bbb3afe70dc228c8fe851635d2d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ed1a6.TMP

Filesize
874B

MD5
3aff3645d3c5c2efb9a628aa62f83d99

SHA1
c7b9b710d96f9c81d9521450b92199e730c613e1

SHA256
c0ba46c3497fed1f7a3c54c9799b9aa83dd8258aaa7f5dc70dcaeb3883605113

SHA512
a7308697b53f3f8a7d14d622fc25cea10a7ddde224433521abf56f40533903443939b873ff807d8edd6ce055046d4309097c3216e878df591d943990fa5477a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
de242733066a4da9a80d945971eaf3da

SHA1
4e5ff8ea032452fef05c8357a548f6f1048ab1d3

SHA256
926a3fcacad15a8e43b05306aec4b0167b6fc33160051c66b382b7957b5a5e98

SHA512
a29d8934232df026b4438d649e1331ac7f56ec56719d2c53b81e960ce2ac3aa9d0f7d7f029774a4afea4dd86d7c103788d0ee3b6a34a7c7fb331ca087361564f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8a86d1baf6baa1bffbf591c37beac977

SHA1
4de2f0aa13091d2fe12a326392ed9b3b4e4d82a8

SHA256
ef3e3b7c401b3ad0762bdc196d5bbd023359dc2b5bfbbe04888017b3a5f6febe

SHA512
9bb0181a8e7f68c6e53c1fea1ea8bd9515ba5718548d07436cb0241cee3be8a3ecd07ae95e56b35d1982c684baefa4798159c0fdbdf696b62415baa0108bb5fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5d2adc068ee7cd5d4b5f6250a75497f4

SHA1
361f6019bc728a6ad54843a4eb967c3d4e85296e

SHA256
b96a0308aa0636fe9e52ba0c5ab5a71393270fef225c6bbb95479817a5dfb442

SHA512
2462eb80fcdbb84fcd560dfe347858c121c47b1b8982d151efbd6a4a432e7d834f1582cd00aa754b919e2a73151f6e9a63058e5371cf45a3eb77b460fe42dd48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
956f4a451d368e1eebd1e0d11239f55f

SHA1
6674203e718799e81452f51b5c2dcab7f3c5673c

SHA256
b00e07f22f05fa2e06d2adb81a877d38308bf0f44f523f44de924106d6a105ea

SHA512
76109468d74814397062ee926e181ea14e9e539384294921da8a366ec53f1be635a10d06c4744c3a8c09121bb567fbeb22e09d4edb595097a4845fc2950fb70f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
542b9315dfa5f50e54cef8e6dc158f78

SHA1
7e82eac6aca7ac7dfb41d281c469f0d1714276c2

SHA256
5f8e34d02b10579fa2ada6fa0f3266874ca18f138cb6dc0b44d8fd95df37f971

SHA512
4c9190c306ffafcf914a5fb04faec90bd1f22028d0725a2b8e2c188626843ca99442f0d86a2b69a1eef49fdf6c1c6bb8dd112abde5f915bae38c6845ce2713e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cbe53ad631e66c822480bb9fec6686bf

SHA1
220898a7189d78b0919be571619415aefcb8800e

SHA256
088e974ae223cc4e84c94a09cb6e525d878994e908341bfff8e0a128c063df95

SHA512
cde01bfb5453ebe4a63f62e59029b1998cf0941f115ba45efd80e9eb76f2d80f8b7c17e215f2717daed7fcc8754653edaab8e9c135b0b1ca96543f2a58153265

Download Submit
C:\Users\Admin\AppData\Local\Programs\blur\blur.exe

Filesize
1.4MB

MD5
323a74bb63e459f34729743f63b58538

SHA1
e21f16a5ba99426baf79cf7a0c01b6137c41b2b1

SHA256
ee5b5ddadc5d8831c99916385089323505d7d6323fef61a92018ebedfe8f4d10

SHA512
a868f75a11f3ec573751be42393aa6f9908f331be45066023e01d7c76fd61ba4af79fd632e501b29daed8373aa693a2910ebf75872da6a4e06738eb3dc737304

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-EKH53.tmp\blur-installer.tmp

Filesize
3.1MB

MD5
394d7ff9d7f2916c207e2972a70581fa

SHA1
e228c65bf3744637e83ba42d5470f33004321296

SHA256
134ce23699cde0a3d56f44535b989ff80937146e6e9cea47e1808e8b0d6a1102

SHA512
610dcfe7d7c88d9b379933195314ed3a6dd11c6cbbbe8bd6ffb870d59da215e14c01ff437cd4800d81e3922f98f5c77f9c889d81eabe1f89b520ce162dc9c6e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QHV0V.tmp\VC_redist.x86.exe

Filesize
13.1MB

MD5
1fb0faba3d602afe03740db3d145c1e6

SHA1
2c1ae47103e7f8d6072df4a8d9ceb382724ac59b

SHA256
1acd8d5ea1cdc3eb2eb4c87be3ab28722d0825c15449e5c9ceef95d897de52fa

SHA512
4509cfbd5f08cc32d68855edc285e8ba8caa7d2c4d044e4256dd907b205fda9a689c32ad7ef9ff3955e8390ed67498a54039a3cd4bfc9102ed82f9bd1255011a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
C:\Windows\INF\msmouse.PNF

Filesize
96KB

MD5
49edc923a20b6f7b8a2cbd1d5b6dbd87

SHA1
5ab704c694c552c11e81e07e56b34305cd19f075

SHA256
f3902b6a5d0933fa5c5fc12ae75f53379dd83ff18965e122aa7ab91c5a41a43d

SHA512
d928fc61978703dba163b1f45e6fd26eab9b023125ed5030967bce1cf8389ebb83c595de0e319c9988022214d6db21d398c70dbb7ccc2ac1ebdaeb66af73fd30

Download Submit
C:\Windows\Temp\{6FA0D807-5C35-4744-B167-9E6C59B97D90}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Windows\Temp\{6FA0D807-5C35-4744-B167-9E6C59B97D90}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{E5F21A7B-09C5-4E0E-9784-243E9D363ACD}\.cr\VC_redist.x86.exe

Filesize
632KB

MD5
1636039e4940c80acaeb369852f79cef

SHA1
7d2b5110d1bf729d7fcd9e42a2b01a58dcc66a69

SHA256
d116ecd1f04402430eb8ff5e07357f7ab2a2e0aa12dd6c5156e7f92705568e0e

SHA512
3ba5c3225b74594d6121a45f225204e8eb4b80afc60849fe78a933afcc81f8db7221cdcbe5789ade1b3f2d784dc3659c08692f7bd808b85198cb78e601d8da02

Download Submit
memory/1456-1502-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download
memory/1456-1511-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download
memory/2588-1509-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/3216-1529-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/4108-1490-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/4108-1346-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/4144-1168-0x00007FFCFD1F0000-0x00007FFCFD211000-memory.dmp

Filesize
132KB

Download
memory/4144-1159-0x00007FFCFE700000-0x00007FFCFE717000-memory.dmp

Filesize
92KB

Download
memory/4144-1187-0x0000026DD2F00000-0x0000026DD3FB0000-memory.dmp

Filesize
16.7MB

Download
memory/4144-1158-0x00007FFCFF1B0000-0x00007FFCFF1C8000-memory.dmp

Filesize
96KB

Download
memory/4144-1184-0x00007FF7CD3A0000-0x00007FF7CD498000-memory.dmp

Filesize
992KB

Download
memory/4144-1185-0x00007FFCFD960000-0x00007FFCFD994000-memory.dmp

Filesize
208KB

Download
memory/4144-1186-0x00007FFCE68A0000-0x00007FFCE6B56000-memory.dmp

Filesize
2.7MB

Download
memory/4144-1165-0x00007FFCE4DA0000-0x00007FFCE4FAB000-memory.dmp

Filesize
2.0MB

Download
memory/4144-1155-0x00007FF7CD3A0000-0x00007FF7CD498000-memory.dmp

Filesize
992KB

Download
memory/4144-1163-0x00007FFCFD8B0000-0x00007FFCFD8CD000-memory.dmp

Filesize
116KB

Download
memory/4144-1156-0x00007FFCFD960000-0x00007FFCFD994000-memory.dmp

Filesize
208KB

Download
memory/4144-1169-0x00007FFCFD1D0000-0x00007FFCFD1E8000-memory.dmp

Filesize
96KB

Download
memory/4144-1162-0x00007FFCFD8D0000-0x00007FFCFD8E1000-memory.dmp

Filesize
68KB

Download
memory/4144-1164-0x00007FFCFD890000-0x00007FFCFD8A1000-memory.dmp

Filesize
68KB

Download
memory/4144-1157-0x00007FFCE68A0000-0x00007FFCE6B56000-memory.dmp

Filesize
2.7MB

Download
memory/4144-1170-0x00007FFCFD1B0000-0x00007FFCFD1C1000-memory.dmp

Filesize
68KB

Download
memory/4144-1171-0x00007FFCFD190000-0x00007FFCFD1A1000-memory.dmp

Filesize
68KB

Download
memory/4144-1166-0x0000026DD2F00000-0x0000026DD3FB0000-memory.dmp

Filesize
16.7MB

Download
memory/4144-1172-0x00007FFCFD170000-0x00007FFCFD181000-memory.dmp

Filesize
68KB

Download
memory/4144-1167-0x00007FFCFD220000-0x00007FFCFD261000-memory.dmp

Filesize
260KB

Download
memory/4144-1160-0x00007FFCFD910000-0x00007FFCFD921000-memory.dmp

Filesize
68KB

Download
memory/4144-1161-0x00007FFCFD8F0000-0x00007FFCFD907000-memory.dmp

Filesize
92KB

Download
memory/5204-1203-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download
memory/5204-1339-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download
memory/5204-1491-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download
memory/5568-1531-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download
memory/5568-1522-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download