4b78c95b9a8e9f7e0934cce997b176f85dcb4a662bf134bdb3ce89f3ae47288b

Analysis

max time kernel
90s
max time network
131s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
03-07-2024 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup - Bloxshade.exe
Size

9.2MB
MD5

dfbe896ade6ae361efd045187b9ae9f3
SHA1

a5321f14809ddb9d2663685e63d4bfafb00a9f4a
SHA256

4b78c95b9a8e9f7e0934cce997b176f85dcb4a662bf134bdb3ce89f3ae47288b
SHA512

ff66de45f95b3782df9c3471dd7a8cc1701d9e4de5d8a991e1d7503da15d8bae8322b131b7f8fe1455678a40759b17b1ee9f011629b074dca07b588f1817faa3
SSDEEP

98304:soXaczi2BKW2oqTqYhLsj4xTdhblvVXn9SXm90hSJ:soX3bqTnLsj4xbbl9X9sg0hy

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3908	setup.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\Bloxshade\setup.exe	Setup - Bloxshade.exe
File created	C:\Program Files\Bloxshade\installer.exe	Setup - Bloxshade.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
3808	taskkill.exe
1424	taskkill.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
404	msedgewebview2.exe
404	msedgewebview2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

pid	Process
1144	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3808	taskkill.exe
Token: SeDebugPrivilege	1424	taskkill.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3908	setup.exe
1144	msedgewebview2.exe
1144	msedgewebview2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3708 wrote to memory of 3480	3708	Setup - Bloxshade.exe	78
PID 3708 wrote to memory of 3480	3708	Setup - Bloxshade.exe	78
PID 3480 wrote to memory of 3808	3480	cmd.exe	80
PID 3480 wrote to memory of 3808	3480	cmd.exe	80
PID 3708 wrote to memory of 1596	3708	Setup - Bloxshade.exe	82
PID 3708 wrote to memory of 1596	3708	Setup - Bloxshade.exe	82
PID 1596 wrote to memory of 1424	1596	cmd.exe	84
PID 1596 wrote to memory of 1424	1596	cmd.exe	84
PID 3708 wrote to memory of 3908	3708	Setup - Bloxshade.exe	85
PID 3708 wrote to memory of 3908	3708	Setup - Bloxshade.exe	85
PID 3908 wrote to memory of 1144	3908	setup.exe	86
PID 3908 wrote to memory of 1144	3908	setup.exe	86
PID 1144 wrote to memory of 1140	1144	msedgewebview2.exe	87
PID 1144 wrote to memory of 1140	1144	msedgewebview2.exe	87
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 1620	1144	msedgewebview2.exe	88
PID 1144 wrote to memory of 404	1144	msedgewebview2.exe	89
PID 1144 wrote to memory of 404	1144	msedgewebview2.exe	89
PID 1144 wrote to memory of 576	1144	msedgewebview2.exe	90
PID 1144 wrote to memory of 576	1144	msedgewebview2.exe	90
PID 1144 wrote to memory of 576	1144	msedgewebview2.exe	90
PID 1144 wrote to memory of 576	1144	msedgewebview2.exe	90
PID 1144 wrote to memory of 576	1144	msedgewebview2.exe	90
PID 1144 wrote to memory of 576	1144	msedgewebview2.exe	90
PID 1144 wrote to memory of 576	1144	msedgewebview2.exe	90
PID 1144 wrote to memory of 576	1144	msedgewebview2.exe	90

C:\Users\Admin\AppData\Local\Temp\Setup - Bloxshade.exe
"C:\Users\Admin\AppData\Local\Temp\Setup - Bloxshade.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3708
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c taskkill /F /IM installer.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3480
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM installer.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3808
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c taskkill /F /IM setup.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1596
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM setup.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1424
- C:\Program Files\Bloxshade\setup.exe
  "C:\Program Files\Bloxshade\setup.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3908
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=3908.3496.13585203950171674155
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:1144
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x78,0x1a8,0x7ffd2dc33cb8,0x7ffd2dc33cc8,0x7ffd2dc33cd8
      4⤵
      PID:1140
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1780,11103952869505333533,17481256770020353828,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1812 /prefetch:2
      4⤵
      PID:1620
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1780,11103952869505333533,17481256770020353828,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2072 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:404
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1780,11103952869505333533,17481256770020353828,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2360 /prefetch:8
      4⤵
      PID:576
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1780,11103952869505333533,17481256770020353828,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2944 /prefetch:1
      4⤵
      PID:3884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1576

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Bloxshade\setup.exe

Filesize
6.6MB

MD5
44d7d0810624072116187ac134f99308

SHA1
90429c9c4aa70e4ef0f715913481969363582957

SHA256
d80cd24e2f9e9b754424b107bad7bc6c61c630ee7e280bee03791b1de8dcde60

SHA512
048a47dc4c1b35c74259e7c16d8eee9a57bb614a5d8e278edbe52aec8720c7fc2952032b75cb5654496167a80ff92c375a7fbd76b73a91cd254b55b1c9c07b41

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\18bd358c-b716-4333-9ce8-c58e0d13b38c.tmp

Filesize
2KB

MD5
0e4d13bd59f9b450bac4954aa209ede7

SHA1
23ced695f790fdbd03f3f63eb2be80b8e23055d5

SHA256
963034bbbeb1df7fc4b99866b2b084b77855c3a421c34eb204109753efef64f1

SHA512
6f517487f99d629804a444f34d8233024ff8d14a5abd65f8709694cea397d442791985d23bc8c3aa8fd93c38e5249a57395446b7f1d3e424c6301b823f99569b

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
f49b5baeab64b3cb96a6cb4d7a24209c

SHA1
5ad54dbff30eed6cdf36eaaebe724d5079452fbc

SHA256
dd2282ffab3529a4fbcc4f81005a4679d6cc404a41037eb4f9f08584d6bb8869

SHA512
0e2402503978c04f5931476be87058cf2f0bae6260d538b7324f454d8bacafb12994949b08a176cdcddc81e4bbf1250a9e064f45cbb59094dc4d540b06b5de8a

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
2cd1dc082521ba7c1d52b7e52db6cc2b

SHA1
ae296851ba5b05336883501bdca05b103d742380

SHA256
d454f7705b4ea44cfe2c3b12e332b6b22605cd4550588ee23abd3e021ef6c2e7

SHA512
a8d92a5a2c4383b6c14b207696785328ef9308dcbf092a7cf30ac6973f91126da0bf7b226824e1e34087a13431fa35077d62a92cc6e31021ffdb87d05d60dcee

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
memory/1620-19-0x00007FFD3BD30000-0x00007FFD3BD31000-memory.dmp

Filesize
4KB

Download