ac0b5bdc22a01e9d28677de46021d99f64297e598eb20c4406ffde5d85521b35

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 09:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Setup - Bloxshade.exe
Size

9.3MB
MD5

f624c04cbf7a9e8f334ab2bb34b1a768
SHA1

58f36ccf34cade7f45138176dac97a82cbd03d62
SHA256

1f87570fc2bcd3df9086ef32e22299bd682b0b8269db77f5fa9452a046c4b7d8
SHA512

90b6966b55829019eea33c2722669ca2ffcc9cc1a153e1d78ad081a5ba018f1b737e43695fe481c6a4e6b97ebdaf8c88de9a1ef1f41c4e867456f396d85028d9
SSDEEP

98304:s9gtT1PiZU9sjOH1cyrOijrwS+A5OKTilSaXMnvSk:s9gMJOHnj5+AkSilV8v/

Score

7^/10

evasion trojan

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
708	setup.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	setup.exe

Drops file in Program Files directory 53 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-en-us.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-hy.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-la.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-or.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_243775350\crl-set	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-en-gb.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-te.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-de-1901.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-hu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-nb.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-sl.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\_metadata\verified_contents.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_1793445101\protocols.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-as.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_1525934991\_metadata\verified_contents.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_1793445101\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-da.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-hr.hyb	msedgewebview2.exe
File created	C:\Program Files\Bloxshade\setup.exe	Setup - Bloxshade.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_243775350\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-et.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-kn.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-mn-cyrl.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-pt.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-und-ethi.hyb	msedgewebview2.exe
File created	C:\Program Files\Bloxshade\installer.exe	Setup - Bloxshade.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-be.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-pa.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-ga.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_1525934991\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_1525934991\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_1793445101\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-bg.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-de-1996.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-mr.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-cy.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-hi.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-eu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-nn.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_243775350\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_1525934991\keys.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_1525934991\LICENSE	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-fr.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-bn.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-cu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-es.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-ml.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-de-ch-1901.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-gu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-ta.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-tk.hyb	msedgewebview2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
1180	taskkill.exe
4696	taskkill.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4764	msedgewebview2.exe
4764	msedgewebview2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

pid	Process
3692	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4696	taskkill.exe
Token: SeDebugPrivilege	1180	taskkill.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
708	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 3944	2388	Setup - Bloxshade.exe	91
PID 2388 wrote to memory of 3944	2388	Setup - Bloxshade.exe	91
PID 3944 wrote to memory of 4696	3944	cmd.exe	93
PID 3944 wrote to memory of 4696	3944	cmd.exe	93
PID 2388 wrote to memory of 3124	2388	Setup - Bloxshade.exe	95
PID 2388 wrote to memory of 3124	2388	Setup - Bloxshade.exe	95
PID 3124 wrote to memory of 1180	3124	cmd.exe	97
PID 3124 wrote to memory of 1180	3124	cmd.exe	97
PID 2388 wrote to memory of 708	2388	Setup - Bloxshade.exe	98
PID 2388 wrote to memory of 708	2388	Setup - Bloxshade.exe	98
PID 708 wrote to memory of 3692	708	setup.exe	99
PID 708 wrote to memory of 3692	708	setup.exe	99
PID 3692 wrote to memory of 4240	3692	msedgewebview2.exe	100
PID 3692 wrote to memory of 4240	3692	msedgewebview2.exe	100
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101
PID 3692 wrote to memory of 3744	3692	msedgewebview2.exe	101

C:\Users\Admin\AppData\Local\Temp\Setup - Bloxshade.exe
"C:\Users\Admin\AppData\Local\Temp\Setup - Bloxshade.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c taskkill /F /IM installer.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3944
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM installer.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4696
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c taskkill /F /IM setup.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3124
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM setup.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1180
- C:\Program Files\Bloxshade\setup.exe
  "C:\Program Files\Bloxshade\setup.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:708
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=setup.exe --webview-exe-version=2.8.0 --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=MojoIpcz --lang=en-US --accept-lang=en-US --mojo-named-platform-channel-pipe=708.1556.4243300213873790583
    3⤵
    - Drops file in Program Files directory
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of WriteProcessMemory
    PID:3692
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.52 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7fff9f0a2e98,0x7fff9f0a2ea4,0x7fff9f0a2eb0
      4⤵
      PID:4240
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1752 --field-trial-handle=1792,i,11083102133009982381,15506012454049362770,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:2
      4⤵
      PID:3744
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2016 --field-trial-handle=1792,i,11083102133009982381,15506012454049362770,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:3
      4⤵
      PID:1108
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2236 --field-trial-handle=1792,i,11083102133009982381,15506012454049362770,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
      4⤵
      PID:4740
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3388 --field-trial-handle=1792,i,11083102133009982381,15506012454049362770,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:1
      4⤵
      PID:2124
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4588 --field-trial-handle=1792,i,11083102133009982381,15506012454049362770,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
      4⤵
      PID:3560
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4728 --field-trial-handle=1792,i,11083102133009982381,15506012454049362770,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
      4⤵
      PID:788
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4528 --field-trial-handle=1792,i,11083102133009982381,15506012454049362770,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
      4⤵
      PID:432
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4660 --field-trial-handle=1792,i,11083102133009982381,15506012454049362770,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4764
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=3984 --field-trial-handle=1792,i,11083102133009982381,15506012454049362770,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
      4⤵
      PID:4204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:3564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Bloxshade\setup.exe

Filesize
6.6MB

MD5
0e6bb6e2181c583bdd2f85787d4de172

SHA1
b17c709701160556890e59602f18c4460d8fc1b2

SHA256
4603a8753118fb2f77a45176941983ed2a0e6dada0dbead8479cc9e430575afc

SHA512
7693eb8cfd64045e4f85cb9c7aa17cee60a5ee8ce43360b83ce0318459ef32241070b8939a1cfe2aa995cef54f2be6ae7d6e814c6da243abc553b42f6675c568

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3692_1525934991\manifest.json

Filesize
78B

MD5
9a8bf54f47c416df62f5df371674963b

SHA1
cc7a28747dd196612fe86c566ca3a66ec0376671

SHA256
f3b0221bb32f8cd0f14dc3bd148eff3ff29bc0834d5fa5a73fe5923e6f4528c3

SHA512
3cef10c8621ed9ee7c8b670dab1a47a4ab44d8384b8c8a4c36fc2578a78abfcd424cfe39b1b32b32198e5cf0f052ff45feca1e49aad845d67aab61f971e79df3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3692_1793445101\manifest.json

Filesize
134B

MD5
58d3ca1189df439d0538a75912496bcf

SHA1
99af5b6a006a6929cc08744d1b54e3623fec2f36

SHA256
a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

SHA512
afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3692_243775350\crl-set

Filesize
21KB

MD5
d246e8dc614619ad838c649e09969503

SHA1
70b7cf937136e17d8cf325b7212f58cba5975b53

SHA256
9dd9fba7c78050b841643e8d12e58ba9cca9084c98039f1ebff13245655652e1

SHA512
736933316ee05520e7839db46da466ef94e5624ba61b414452b818b47d18dcd80d3404b750269da04912dde8f23118f6dfc9752c7bdf1afc5e07016d9c055fdb

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3692_243775350\manifest.json

Filesize
113B

MD5
b6911958067e8d96526537faed1bb9ef

SHA1
a47b5be4fe5bc13948f891d8f92917e3a11ebb6e

SHA256
341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648

SHA512
62802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3692_680812659\manifest.json

Filesize
179B

MD5
273755bb7d5cc315c91f47cab6d88db9

SHA1
c933c95cc07b91294c65016d76b5fa0fa25b323b

SHA256
0e22719a850c49b3fba3f23f69c8ff785ce3dee233030ed1ad6e6563c75a9902

SHA512
0e375846a5b10cc29b7846b20a5a9193ea55ff802f668336519ff275fb3d179d8d6654fe1d410764992b85a309a3e001cede2f4acdec697957eb71bdeb234bd8

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

Filesize
3KB

MD5
6bbb18bb210b0af189f5d76a65f7ad80

SHA1
87b804075e78af64293611a637504273fadfe718

SHA256
01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

SHA512
4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
a6ffe9e1b432e1ea44771ee1b84d2ba9

SHA1
ab93d51962bfc7131606e736adb8e655fc31a5d9

SHA256
04e89313ac396dcf782022aac14e07c60e1fcb2c0aeb411a06fb97d078109ef5

SHA512
260298766a8278f165476e98ac0fd0b62ec8b7d6ee248dda06de54a9408482e121528f052ba9529e74eaee1d6198f39c8c91a85ac99abd4f9bcab322dc2eed55

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
c7c68a13e83039d59d4c4fae184fc41f

SHA1
61764bf861da952fce5778ab7e0c318edea08311

SHA256
e90902ced899d40a3e9a526ce1e9732e97eb0b392821036f4cd61790d862372f

SHA512
6566eda369e6e2a008e3f82e0160eb2755fd5d13ca7f82ca546585fbdea859f518e85e224f20c8d943932d6705bef8fab8cf5fc5546ae9cf6c2b136ab1f5b127

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
858ad1d5de44ad6154ffb5b1639fb361

SHA1
1e8fc346fa86b41af8b1aca4eacbe200fb297ea4

SHA256
f02e2d4a581bd37a241ecd6ed378266ef262b981ffcef9fdf3d6f41bb88fd4d1

SHA512
0aa1a4e144c1f9a23a701da523fa5b130a170fad64f071aeae697e2b3df9e7535932f82cd9f8a041b1c8b5a7d44b2a1246095faada386cd3e0a78a377c65053e

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
73a21b7a81230fef6d958c28e52f1e1e

SHA1
695e4ba977f773037f923434b1a951c34305157a

SHA256
6ca6e4796a8e9300cb501bf0734f724e03aade9dd763a9bab4c1f4ac125937dc

SHA512
ec74a9609a981dd55d089c72e7d81434830e21f70c484fa06c528afdff8964a653d74055c1172d4af0717d6b3b9838227c691e7897df9b086c178f0b9fee37c9

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\DawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Network\Network Persistent State

Filesize
736B

MD5
56b90f3469be8814756a13a487c4aeaa

SHA1
bc95156d8ee79d2e3dac51f531e2329a785034d9

SHA256
8a70317eeee64ce047629a6e7cc3c8e214545e048d7cdc206bd35c8ff149c0e0

SHA512
6ca954cd39e7bf59f122b1efda226ada3c35cb4b51880c2af0f7166f86aada318f497ebc57711e5a91ad0163dab9c6e5bf3b802a32aca5845eba9dfc0ca12d59

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Network\Network Persistent State~RFe591572.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Preferences

Filesize
6KB

MD5
dae2102edc7cd0afd3bcebd90bf9393e

SHA1
f3d34ab2e23fab38b4771f6a39e2d30b7abdcb79

SHA256
d10009b067bdedb0c9fe29c337a7c3c6db53004bd9989856bc913421f62ae3bd

SHA512
eade1878e5f3997079cfdb8a30f45224b64f1cd389fa11d731c23377714e1087bc85af6c76ffb47fea2f6bc4f79d5760b88b6efc5f464f98efae240a371b0f4f

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Preferences

Filesize
6KB

MD5
6d3b74bf85abc585fc5bce90d68b1ea9

SHA1
7017fba82b5e93933389cbaed2f1d41492a43e7c

SHA256
d62a0e30f6c6f045d5cdff6eae4fbaf1438d14c4bcb28cf635e48d8cce601c50

SHA512
d5df145fd3064d13e2aeaa2acb5cb53733e0a752075162178e024d3651e23613bcfe824247e465bfa9b0fa51ee9c087259764367e10f770e8bf20c5c026c3d98

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Local State

Filesize
2KB

MD5
7d13a3b7a760b9223faff13150d306ea

SHA1
b94b38d0abf3c1200b429a1f114f16784b4cbd5a

SHA256
8039d02e00c9cde549ee5bd3bdca64d24d62ee9d39407fe0b29cce9d60981e66

SHA512
e2e92d40db53051b545c17cf4def5e358de95726659ca4957d4291dab7104559e01699adbc8bad61ff6f5c320f707f95af664070db7d5e508e1c9dceb21c25c3

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Local State

Filesize
16KB

MD5
78920212ed487c81d5092b06750d273c

SHA1
03e4faefaccf585baf1ef4195d0722cec4f9498b

SHA256
bf9f6409fb09e3e8ff9e9cd816021c7ed9c316c1e05ff8699597d6a9fc3e6f00

SHA512
eb2d4aedce56acd6421b0d1b7dc772c6ee9e10c7617a709a79df320b3d7027be09dbc6f62da5c22eb07b048ceb22f2efc7914ef3250ab2c29f38b4400a07aef8

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Local State

Filesize
3KB

MD5
a5e248bf31e910c3cb6e97ded76e1b92

SHA1
cf8092cb10cbf2a60c675ac1036de4823ea2848a

SHA256
947412de3f29a60ba665e49fe139f61e46094c6324648b44fdff1da7f7377c59

SHA512
3f369f77aad530227e7b205b966d99c6b2365dea82a03f379cbdc58ce50f7ddbb6e8ca204bd0587109adb0d11966b9dd7f3a80b8e84863cf1bd68642e61357d4

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\TrustTokenKeyCommitments\2024.6.5.1\keys.json

Filesize
6KB

MD5
d7275bbd33c42029c586a3c4162f7727

SHA1
62942a391dedf1eab7bc9ae2fa68ab5885cfc231

SHA256
fc926f3dc9c0051fb2cdae123be615576aa63d636a08b2aa48564311758e702f

SHA512
849a7c5f2617035eb84b88c7b014f2424ae7fd05cc51554e7e4462a836477f1ffec494025f4b09024bd374cbcd5330ee896a8ff90c3e44e96858f5ad72012e67

Download Submit
memory/432-350-0x000001D5133F0000-0x000001D513420000-memory.dmp

Filesize
192KB

Download
memory/788-310-0x000001B2883B0000-0x000001B2883E0000-memory.dmp

Filesize
192KB

Download
memory/2124-81-0x00007FFFC31B0000-0x00007FFFC31B1000-memory.dmp

Filesize
4KB

Download
memory/2124-190-0x000001218D240000-0x000001218D2DB000-memory.dmp

Filesize
620KB

Download
memory/3560-267-0x0000022829D10000-0x0000022829D40000-memory.dmp

Filesize
192KB

Download
memory/3744-171-0x0000023AE9C40000-0x0000023AE9CDB000-memory.dmp

Filesize
620KB

Download
memory/3744-26-0x00007FFFC31B0000-0x00007FFFC31B1000-memory.dmp

Filesize
4KB

Download
memory/4740-189-0x0000019601BA0000-0x0000019601BD0000-memory.dmp

Filesize
192KB

Download
memory/4740-55-0x00007FFFC4990000-0x00007FFFC4991000-memory.dmp

Filesize
4KB

Download
memory/4740-54-0x00007FFFC3EE0000-0x00007FFFC3EE1000-memory.dmp

Filesize
4KB

Download
memory/4764-371-0x00000227551F0000-0x00000227551F1000-memory.dmp

Filesize
4KB

Download
memory/4764-375-0x00000227551F0000-0x00000227551F1000-memory.dmp

Filesize
4KB

Download
memory/4764-374-0x00000227551F0000-0x00000227551F1000-memory.dmp

Filesize
4KB

Download
memory/4764-373-0x00000227551F0000-0x00000227551F1000-memory.dmp

Filesize
4KB

Download
memory/4764-372-0x00000227551F0000-0x00000227551F1000-memory.dmp

Filesize
4KB

Download
memory/4764-376-0x00000227551F0000-0x00000227551F1000-memory.dmp

Filesize
4KB

Download
memory/4764-370-0x00000227551F0000-0x00000227551F1000-memory.dmp

Filesize
4KB

Download
memory/4764-364-0x00000227551F0000-0x00000227551F1000-memory.dmp

Filesize
4KB

Download
memory/4764-366-0x00000227551F0000-0x00000227551F1000-memory.dmp

Filesize
4KB

Download
memory/4764-365-0x00000227551F0000-0x00000227551F1000-memory.dmp

Filesize
4KB

Download