4b78c95b9a8e9f7e0934cce997b176f85dcb4a662bf134bdb3ce89f3ae47288b

Analysis

max time kernel
392s
max time network
398s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 05:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup - Bloxshade.exe
Size

9.2MB
MD5

dfbe896ade6ae361efd045187b9ae9f3
SHA1

a5321f14809ddb9d2663685e63d4bfafb00a9f4a
SHA256

4b78c95b9a8e9f7e0934cce997b176f85dcb4a662bf134bdb3ce89f3ae47288b
SHA512

ff66de45f95b3782df9c3471dd7a8cc1701d9e4de5d8a991e1d7503da15d8bae8322b131b7f8fe1455678a40759b17b1ee9f011629b074dca07b588f1817faa3
SSDEEP

98304:soXaczi2BKW2oqTqYhLsj4xTdhblvVXn9SXm90hSJ:soX3bqTnLsj4xbbl9X9sg0hy

Score

7^/10

evasion trojan

Malware Config

Signatures

Executes dropped EXE 15 IoCs

Processes:

setup.exesetup.exeinstaller.exeRobloxPlayerBeta.exeinstaller.exeinstaller.exeRobloxPlayerBeta.exeinstaller.exeinstaller.exeinstaller.exeinstaller.exeinstaller.exeinstaller.exeRobloxPlayerBeta.exeinstaller.exe

pid	process
1556	setup.exe
5296	setup.exe
4236	installer.exe
5952	RobloxPlayerBeta.exe
5136	installer.exe
324	installer.exe
3892	RobloxPlayerBeta.exe
5816	installer.exe
4836	installer.exe
1692	installer.exe
5892	installer.exe
5584	installer.exe
3036	installer.exe
5124	RobloxPlayerBeta.exe
4648	installer.exe

Loads dropped DLL 3 IoCs

Processes:

RobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exe

pid process

5952 RobloxPlayerBeta.exe
3892 RobloxPlayerBeta.exe
5124 RobloxPlayerBeta.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

setup.exesetup.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	setup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	setup.exe

Suspicious use of NtCreateThreadExHideFromDebugger 3 IoCs

Processes:

RobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exe

pid process

5952 RobloxPlayerBeta.exe
3892 RobloxPlayerBeta.exe
5124 RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 54 IoCs

Processes:

RobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exe

pid	process
5952	RobloxPlayerBeta.exe
5952	RobloxPlayerBeta.exe
5952	RobloxPlayerBeta.exe
5952	RobloxPlayerBeta.exe
5952	RobloxPlayerBeta.exe
5952	RobloxPlayerBeta.exe
5952	RobloxPlayerBeta.exe
5952	RobloxPlayerBeta.exe
5952	RobloxPlayerBeta.exe
5952	RobloxPlayerBeta.exe
5952	RobloxPlayerBeta.exe
5952	RobloxPlayerBeta.exe
5952	RobloxPlayerBeta.exe
5952	RobloxPlayerBeta.exe
5952	RobloxPlayerBeta.exe
5952	RobloxPlayerBeta.exe
5952	RobloxPlayerBeta.exe
5952	RobloxPlayerBeta.exe
3892	RobloxPlayerBeta.exe
3892	RobloxPlayerBeta.exe
3892	RobloxPlayerBeta.exe
3892	RobloxPlayerBeta.exe
3892	RobloxPlayerBeta.exe
3892	RobloxPlayerBeta.exe
3892	RobloxPlayerBeta.exe
3892	RobloxPlayerBeta.exe
3892	RobloxPlayerBeta.exe
3892	RobloxPlayerBeta.exe
3892	RobloxPlayerBeta.exe
3892	RobloxPlayerBeta.exe
3892	RobloxPlayerBeta.exe
3892	RobloxPlayerBeta.exe
3892	RobloxPlayerBeta.exe
3892	RobloxPlayerBeta.exe
3892	RobloxPlayerBeta.exe
3892	RobloxPlayerBeta.exe
5124	RobloxPlayerBeta.exe
5124	RobloxPlayerBeta.exe
5124	RobloxPlayerBeta.exe
5124	RobloxPlayerBeta.exe
5124	RobloxPlayerBeta.exe
5124	RobloxPlayerBeta.exe
5124	RobloxPlayerBeta.exe
5124	RobloxPlayerBeta.exe
5124	RobloxPlayerBeta.exe
5124	RobloxPlayerBeta.exe
5124	RobloxPlayerBeta.exe
5124	RobloxPlayerBeta.exe
5124	RobloxPlayerBeta.exe
5124	RobloxPlayerBeta.exe
5124	RobloxPlayerBeta.exe
5124	RobloxPlayerBeta.exe
5124	RobloxPlayerBeta.exe
5124	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

Processes:

RobloxPlayerInstaller.exeRobloxPlayerInstaller.exemsedgewebview2.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\move.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\SpeakerDark\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\SpeakerNew\Unmuted0.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\MicDark\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\Debugger\Step-In.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\button_control_play.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioSharedUI\clear-hover.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\DeveloperFramework\UIOff_light.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\R15Migrator\start-page-anim.mp4	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\XboxController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ViewSelector\top_zh_cn.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\PlatformContent\pc\textures\water\normal_23.dds	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\PlayerList\Clear.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\InGameMenu\ScrollTop.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Chat\ToggleChatDown.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChatV2\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\SpeakerNew\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\icons\ic-chat-large.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\Voting\thumbs-up-dark-gray.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\DraftsWidget\newSource.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\MaterialGenerator\Materials\Concrete.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\PlayStationController\PS5\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\icon_whitetriangle_up.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\SpeakerLight\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\LayeredClothingEditor\Icon_Pause.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\Clear.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\graphic\gr-indicator-ingame-6x6.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4788_1008255\hyph-bg.hyb	msedgewebview2.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AvatarImporter\icon_error.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\TextureViewer\copy.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\XboxController\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\Misc\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Emotes\TenFoot\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\MenuBar\icon_emote.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\Misc\Unmute.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioSharedUI\RoundedRightBackground.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\SingleButtonDown.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\common\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ViewSelector\face_arrow.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\graphic\shimmer_lightTheme.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\Misc\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\PlayerList\AcceptButton.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Settings\Radial\PlayerList.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioSharedUI\preview_expand.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\models\LivePackages\.placeholder	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\SpeakerDark\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\icon_keyIndicator.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\icons\ic-blue-dot.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\graphic\[email protected]	RobloxPlayerInstaller.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 13 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedgewebview2.exemsedgewebview2.exemsedge.exeRobloxPlayerInstaller.exeRobloxPlayerInstaller.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe

Kills process with taskkill 4 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid process

3424 taskkill.exe
2576 taskkill.exe
3736 taskkill.exe
5072 taskkill.exe

pid	process
3424	taskkill.exe
2576	taskkill.exe
3736	taskkill.exe
5072	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 12 IoCs

adware spyware

Modify Registry

T1112

Processes:

RobloxPlayerInstaller.exeRobloxPlayerInstaller.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe

Modifies registry class 62 IoCs

Processes:

RobloxPlayerInstaller.exeRobloxPlayerInstaller.exefirefox.exemsedge.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-1088f3c8e4a44cc7\\RobloxPlayerBeta.exe"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\version = "version-1088f3c8e4a44cc7"	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\ROBLOX-PLAYER\DEFAULTICON	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-1088f3c8e4a44cc7\\RobloxPlayerBeta.exe\" %1"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\ROBLOX-PLAYER\SHELL\OPEN\COMMAND	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\ROBLOX\SHELL\OPEN\COMMAND	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\version = "version-1088f3c8e4a44cc7"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-1088f3c8e4a44cc7\\RobloxPlayerBeta.exe"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe\" %1"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-1088f3c8e4a44cc7\\RobloxPlayerBeta.exe\" %1"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\version = "version-1088f3c8e4a44cc7"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-1088f3c8e4a44cc7\\RobloxPlayerBeta.exe"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-1088f3c8e4a44cc7\\RobloxPlayerBeta.exe"	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\ROBLOX\DEFAULTICON	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-1088f3c8e4a44cc7\\RobloxPlayerBeta.exe\" %1"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{32E121A5-25D4-466D-817F-BAFB2793501D}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\version = "version-034c0d4a0a9b44cc"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\version = "version-1088f3c8e4a44cc7"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-1088f3c8e4a44cc7\\RobloxPlayerBeta.exe\" %1"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerInstaller.exe

NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\Bloxshade.zip:Zone.Identifier firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\Bloxshade.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

RobloxPlayerInstaller.exeRobloxPlayerBeta.exemsedgewebview2.exemsedge.exeRobloxPlayerInstaller.exeRobloxPlayerBeta.exemsedge.exeRobloxPlayerBeta.exe

pid	process
5356	RobloxPlayerInstaller.exe
5356	RobloxPlayerInstaller.exe
5952	RobloxPlayerBeta.exe
5952	RobloxPlayerBeta.exe
5492	msedgewebview2.exe
5492	msedgewebview2.exe
2068	msedge.exe
2068	msedge.exe
3084	RobloxPlayerInstaller.exe
3084	RobloxPlayerInstaller.exe
3892	RobloxPlayerBeta.exe
3892	RobloxPlayerBeta.exe
5076	msedge.exe
5076	msedge.exe
5124	RobloxPlayerBeta.exe
5124	RobloxPlayerBeta.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedgewebview2.exemsedgewebview2.exe

pid process

3292 msedgewebview2.exe
4788 msedgewebview2.exe

pid	process
3292	msedgewebview2.exe
4788	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

taskkill.exetaskkill.exefirefox.exetaskkill.exetaskkill.exe

description	pid	process
Token: SeDebugPrivilege	3424	taskkill.exe
Token: SeDebugPrivilege	2576	taskkill.exe
Token: SeDebugPrivilege	4348	firefox.exe
Token: SeDebugPrivilege	4348	firefox.exe
Token: SeDebugPrivilege	4348	firefox.exe
Token: SeDebugPrivilege	3736	taskkill.exe
Token: SeDebugPrivilege	5072	taskkill.exe

Suspicious use of FindShellTrayWindow 8 IoCs

Processes:

setup.exefirefox.exesetup.exe

pid process

1556 setup.exe
1556 setup.exe
4348 firefox.exe
4348 firefox.exe
4348 firefox.exe
4348 firefox.exe
5296 setup.exe
5296 setup.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

4348 firefox.exe
4348 firefox.exe
4348 firefox.exe

Suspicious use of SetWindowsHookEx 16 IoCs

Processes:

firefox.exeSetup - Bloxshade.exesetup.exeinstaller.exeinstaller.exeinstaller.exeinstaller.exeinstaller.exeinstaller.exeinstaller.exeinstaller.exeinstaller.exeinstaller.exe

pid	process
4348	firefox.exe
4348	firefox.exe
4348	firefox.exe
4348	firefox.exe
5672	Setup - Bloxshade.exe
5296	setup.exe
4236	installer.exe
5136	installer.exe
324	installer.exe
5816	installer.exe
4836	installer.exe
1692	installer.exe
5892	installer.exe
5584	installer.exe
3036	installer.exe
4648	installer.exe

Suspicious use of UnmapMainImage 3 IoCs

Processes:

RobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exe

pid process

5952 RobloxPlayerBeta.exe
3892 RobloxPlayerBeta.exe
5124 RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Setup - Bloxshade.execmd.execmd.exesetup.exemsedgewebview2.exe

description	pid	process	target process
PID 1368 wrote to memory of 4620	1368	Setup - Bloxshade.exe	cmd.exe
PID 1368 wrote to memory of 4620	1368	Setup - Bloxshade.exe	cmd.exe
PID 4620 wrote to memory of 3424	4620	cmd.exe	taskkill.exe
PID 4620 wrote to memory of 3424	4620	cmd.exe	taskkill.exe
PID 1368 wrote to memory of 4764	1368	Setup - Bloxshade.exe	cmd.exe
PID 1368 wrote to memory of 4764	1368	Setup - Bloxshade.exe	cmd.exe
PID 4764 wrote to memory of 2576	4764	cmd.exe	taskkill.exe
PID 4764 wrote to memory of 2576	4764	cmd.exe	taskkill.exe
PID 1368 wrote to memory of 1556	1368	Setup - Bloxshade.exe	setup.exe
PID 1368 wrote to memory of 1556	1368	Setup - Bloxshade.exe	setup.exe
PID 1556 wrote to memory of 3292	1556	setup.exe	msedgewebview2.exe
PID 1556 wrote to memory of 3292	1556	setup.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2564	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2564	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe
PID 3292 wrote to memory of 2816	3292	msedgewebview2.exe	msedgewebview2.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Setup - Bloxshade.exe
"C:\Users\Admin\AppData\Local\Temp\Setup - Bloxshade.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1368

C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c taskkill /F /IM installer.exe
2⤵
- Suspicious use of WriteProcessMemory
PID:4620

C:\Windows\system32\taskkill.exe
taskkill /F /IM installer.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3424

C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c taskkill /F /IM setup.exe
2⤵
- Suspicious use of WriteProcessMemory
PID:4764

C:\Windows\system32\taskkill.exe
taskkill /F /IM setup.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2576

C:\Program Files\Bloxshade\setup.exe
"C:\Program Files\Bloxshade\setup.exe"
2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1556

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=MojoIpcz --lang=en-US --accept-lang=en-US --mojo-named-platform-channel-pipe=1556.2084.4423602820675636969
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:3292

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.52 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffc1a842e98,0x7ffc1a842ea4,0x7ffc1a842eb0
4⤵
PID:2564

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1784 --field-trial-handle=1788,i,16159316998474899542,4884977955264779407,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:2
4⤵
PID:2816

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2108 --field-trial-handle=1788,i,16159316998474899542,4884977955264779407,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:3
4⤵
PID:1624

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2312 --field-trial-handle=1788,i,16159316998474899542,4884977955264779407,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
4⤵
PID:6052

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2904 --field-trial-handle=1788,i,16159316998474899542,4884977955264779407,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:3
4⤵
PID:5640

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3508 --field-trial-handle=1788,i,16159316998474899542,4884977955264779407,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:1
4⤵
PID:2288

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1212

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4348

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.0.878719102\700793946" -parentBuildID 20221007134813 -prefsHandle 1888 -prefMapHandle 1884 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60f18e85-c3ea-4207-a9e7-20235d4533a8} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 1964 21217ff2e58 gpu
3⤵
PID:4772

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.1.1508345094\998816193" -parentBuildID 20221007134813 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae5b696e-5d15-4a72-aad1-708194920a4e} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 2364 21217b31d58 socket
3⤵
- Checks processor information in registry
PID:4328

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.2.978047379\889981377" -childID 1 -isForBrowser -prefsHandle 3004 -prefMapHandle 2848 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2064e4d6-aab6-4706-9d48-2b5a77956a16} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 3244 2121bef9058 tab
3⤵
PID:1596

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.3.1545514778\1158991361" -childID 2 -isForBrowser -prefsHandle 2500 -prefMapHandle 2364 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4934b4e0-2bea-442f-932d-182c0df7d726} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 3532 2120b769658 tab
3⤵
PID:4184

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.4.1255759513\2060376574" -childID 3 -isForBrowser -prefsHandle 4068 -prefMapHandle 4064 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {820053d3-d17b-43ce-9073-b77dbebc378f} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 4080 2121cf26b58 tab
3⤵
PID:2228

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.5.146713751\511361382" -childID 4 -isForBrowser -prefsHandle 4700 -prefMapHandle 4656 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31b14185-4a83-443b-bb31-827e98bad57a} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 4684 2121d95c558 tab
3⤵
PID:5416

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.6.547016948\1434192292" -childID 5 -isForBrowser -prefsHandle 4756 -prefMapHandle 4768 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a852fb11-c331-4652-ad17-dffc0f1c09be} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 4780 2121d959b58 tab
3⤵
PID:5424

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.7.1241125692\537488220" -childID 6 -isForBrowser -prefsHandle 5200 -prefMapHandle 5196 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ec19baa-3032-45ee-a564-c4b7129c7ad1} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 4708 2121e729e58 tab
3⤵
PID:5644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.8.606732361\673593295" -childID 7 -isForBrowser -prefsHandle 5396 -prefMapHandle 5392 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30e88ca6-29f5-48a1-8bbc-2ace12626467} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 2788 2120b764d58 tab
3⤵
PID:5816

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.9.948332168\1803205958" -childID 8 -isForBrowser -prefsHandle 5104 -prefMapHandle 4696 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a816c94-9458-49d5-a18d-1948efb4f092} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 3960 2121a94b858 tab
3⤵
PID:1356

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.10.544838591\1599683504" -childID 9 -isForBrowser -prefsHandle 3960 -prefMapHandle 4796 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cb3b699-24ca-4a42-adfb-2c981005d89c} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 5932 2121e905c58 tab
3⤵
PID:2032

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.11.1934333227\888675085" -parentBuildID 20221007134813 -prefsHandle 5020 -prefMapHandle 5984 -prefsLen 26725 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2f9660f-848b-4161-815d-3bc2f313bd62} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 5868 2120b769f58 rdd
3⤵
PID:6060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4048 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:5900

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Temp1_Bloxshade.zip\Setup - Bloxshade.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Bloxshade.zip\Setup - Bloxshade.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5672

C:\Windows\system32\cmd.exe
cmd.exe /c taskkill /F /IM installer.exe
2⤵
PID:5200

C:\Windows\system32\taskkill.exe
taskkill /F /IM installer.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3736

C:\Windows\system32\cmd.exe
cmd.exe /c taskkill /F /IM setup.exe
2⤵
PID:4044

C:\Windows\system32\taskkill.exe
taskkill /F /IM setup.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5072

C:\Program Files\Bloxshade\setup.exe
"C:\Program Files\Bloxshade\setup.exe"
2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:5296

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=MojoIpcz --lang=en-US --accept-lang=en-US --mojo-named-platform-channel-pipe=5296.5260.1234599192601808867
3⤵
- Drops file in Program Files directory
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4788

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.52 --initial-client-data=0x17c,0x180,0x184,0x158,0x1b0,0x7ffc1a842e98,0x7ffc1a842ea4,0x7ffc1a842eb0
4⤵
PID:496

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1756 --field-trial-handle=1760,i,16581344192201886432,17813723576809254835,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:2
4⤵
PID:572

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2016 --field-trial-handle=1760,i,16581344192201886432,17813723576809254835,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:3
4⤵
PID:5992

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2188 --field-trial-handle=1760,i,16581344192201886432,17813723576809254835,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
4⤵
PID:6104

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3376 --field-trial-handle=1760,i,16581344192201886432,17813723576809254835,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:1
4⤵
PID:5720

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=3988 --field-trial-handle=1760,i,16581344192201886432,17813723576809254835,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
4⤵
PID:4700

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4436 --field-trial-handle=1760,i,16581344192201886432,17813723576809254835,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
4⤵
PID:536

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4436 --field-trial-handle=1760,i,16581344192201886432,17813723576809254835,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
4⤵
PID:2860

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4668 --field-trial-handle=1760,i,16581344192201886432,17813723576809254835,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5492

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4744 --field-trial-handle=1760,i,16581344192201886432,17813723576809254835,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
4⤵
PID:3424

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4116 --field-trial-handle=1760,i,16581344192201886432,17813723576809254835,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
4⤵
PID:5188

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4024 --field-trial-handle=1760,i,16581344192201886432,17813723576809254835,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
4⤵
PID:6088

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4380 --field-trial-handle=1760,i,16581344192201886432,17813723576809254835,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
4⤵
PID:5768

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4388 --field-trial-handle=1760,i,16581344192201886432,17813723576809254835,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
4⤵
PID:5576

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4660 --field-trial-handle=1760,i,16581344192201886432,17813723576809254835,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
4⤵
PID:3816

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4896 --field-trial-handle=1760,i,16581344192201886432,17813723576809254835,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
4⤵
PID:2948

C:\Program Files\Bloxshade\installer.exe
"C:\Program Files\Bloxshade\installer.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com/download/client
4⤵
PID:2064

C:\Program Files\Bloxshade\installer.exe
"C:\Program Files\Bloxshade\installer.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5136

C:\Program Files\Bloxshade\installer.exe
"C:\Program Files\Bloxshade\installer.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:324

C:\Program Files\Bloxshade\installer.exe
"C:\Program Files\Bloxshade\installer.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5816

C:\Program Files\Bloxshade\installer.exe
"C:\Program Files\Bloxshade\installer.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4836

C:\Program Files\Bloxshade\installer.exe
"C:\Program Files\Bloxshade\installer.exe" -import
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1692

C:\Program Files\Bloxshade\installer.exe
"C:\Program Files\Bloxshade\installer.exe" -open
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5892

C:\Program Files\Bloxshade\installer.exe
"C:\Program Files\Bloxshade\installer.exe" -open
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5584

C:\Program Files\Bloxshade\installer.exe
"C:\Program Files\Bloxshade\installer.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Program Files\Bloxshade\installer.exe
"C:\Program Files\Bloxshade\installer.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3224 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
1⤵
PID:4580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=4928 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
1⤵
PID:5012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5444 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=4840 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:1332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5936 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
1⤵
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6036 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
1⤵
PID:5080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=6996 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:5532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7044 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:2476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7016 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:5876

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
1⤵
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5356

C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe" -app -isInstallerLaunch
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:5952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=5544 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:5956

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x450 0x390
1⤵
PID:556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ffc1a842e98,0x7ffc1a842ea4,0x7ffc1a842eb0
2⤵
PID:3624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2188 --field-trial-handle=2192,i,147829847768970398,16965601619366015937,262144 --variations-seed-version /prefetch:2
2⤵
PID:5456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2228 --field-trial-handle=2192,i,147829847768970398,16965601619366015937,262144 --variations-seed-version /prefetch:3
2⤵
PID:5756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2204 --field-trial-handle=2192,i,147829847768970398,16965601619366015937,262144 --variations-seed-version /prefetch:8
2⤵
PID:3620

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4376 --field-trial-handle=2192,i,147829847768970398,16965601619366015937,262144 --variations-seed-version /prefetch:8
2⤵
PID:5136

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4376 --field-trial-handle=2192,i,147829847768970398,16965601619366015937,262144 --variations-seed-version /prefetch:8
2⤵
PID:5452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4448 --field-trial-handle=2192,i,147829847768970398,16965601619366015937,262144 --variations-seed-version /prefetch:8
2⤵
PID:5608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4436 --field-trial-handle=2192,i,147829847768970398,16965601619366015937,262144 --variations-seed-version /prefetch:8
2⤵
PID:4944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=560 --field-trial-handle=2192,i,147829847768970398,16965601619366015937,262144 --variations-seed-version /prefetch:8
2⤵
PID:3576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4264 --field-trial-handle=2192,i,147829847768970398,16965601619366015937,262144 --variations-seed-version /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1020 --field-trial-handle=2192,i,147829847768970398,16965601619366015937,262144 --variations-seed-version /prefetch:8
2⤵
PID:2884

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
1⤵
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3084

C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe" -app -isInstallerLaunch
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:3892

C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:5124

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
Filesize
5.4MB

MD5
4fa63f4ccb9b1fca93ab82e51c6d4750

SHA1
1f26018c15ed5e14140ed44c28cf52a7b892fc86

SHA256
685f8b14eb645f892a666cf61cf691d086fe0d3e344a245323f1fe75034869fb

SHA512
a25031fb2afe1baebe9b46266192574c6c73b7fcd8e3e2897873d97b3f6232c5228fa4f633b1df98b9410808d5afe1dd470cd8f3f6dbc0c52526311b769554ab

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerInstaller.exe
Filesize
5.5MB

MD5
94740510822524d579f869a81e02f5ea

SHA1
0e87d714e9eec2eee7c3af028e8e66e7478a107f

SHA256
ad927962330c2d2cf2bf7c33c1a5395df5ccd4ceabfb10c72db240041d773dda

SHA512
7cb3e72b0f1bdcbd53096fdec470fec9a6aa56d56b5f4bfa86b6afaa3ddbd2be6878f7874feb2c15647a627cea34a1fee7be35f6d1dffbf6a5a9c0bf8efa1d24

Download Submit
C:\Program Files\Bloxshade\install.txt
Filesize
169B

MD5
a20502d1065f8541bcc11da28f7ecffa

SHA1
82704a0ca096621c3c7ecb711a13e4e5f4e5de16

SHA256
274c9af4cc1086c9e52a4a6381259eb0744fb3db45cc1a43b508753f60cd4967

SHA512
12305e7502979a2d6bbe3fe642fda978f0a7eab17ef153c5821c948a995bc03dcec432d14d25816d03462ab5bb6d22ee959e68b03a973a55e7254b2429c3ff07

Download Submit
C:\Program Files\Bloxshade\installer.exe
Filesize
1.6MB

MD5
b1a88f83ed12c7f1e4d07e8ead1fa807

SHA1
9762f0776c0df648910ec59b0e91a62b59b8f2d9

SHA256
c858a7e8dfd387598c26031c208ddde8a4357eca6225c80021bb67b28fae3afb

SHA512
7466ed9f34b94e5cd8e4d94880ec27804b781e62d54d18a71497ac0f27fe0789c4718ac0be2ea0c62a76410d73cd3729f7489aca729bb4ca69ac03fe1b701a47

Download Submit
C:\Program Files\Bloxshade\setup.exe
Filesize
6.6MB

MD5
44d7d0810624072116187ac134f99308

SHA1
90429c9c4aa70e4ef0f715913481969363582957

SHA256
d80cd24e2f9e9b754424b107bad7bc6c61c630ee7e280bee03791b1de8dcde60

SHA512
048a47dc4c1b35c74259e7c16d8eee9a57bb614a5d8e278edbe52aec8720c7fc2952032b75cb5654496167a80ff92c375a7fbd76b73a91cd254b55b1c9c07b41

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4788_1008255\hyph-as.hyb
Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4788_1008255\hyph-hi.hyb
Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4788_1008255\hyph-nb.hyb
Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4788_1008255\manifest.json
Filesize
179B

MD5
273755bb7d5cc315c91f47cab6d88db9

SHA1
c933c95cc07b91294c65016d76b5fa0fa25b323b

SHA256
0e22719a850c49b3fba3f23f69c8ff785ce3dee233030ed1ad6e6563c75a9902

SHA512
0e375846a5b10cc29b7846b20a5a9193ea55ff802f668336519ff275fb3d179d8d6654fe1d410764992b85a309a3e001cede2f4acdec697957eb71bdeb234bd8

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4788_1019198794\manifest.json
Filesize
102B

MD5
8062e1b9705b274fd46fcd2dd53efc81

SHA1
61912082d21780e22403555a43408c9a6cafc59a

SHA256
2f0e67d8b541936adc77ac9766c15a98e9b5de67477905b38624765e447fcd35

SHA512
98609cf9b126c7c2ad29a6ec92f617659d35251d5f6e226fff78fd9f660f7984e4c188e890495ab05ae6cf3fbe9bf712c81d814fbd94d9f62cf4ff13bbd9521a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4788_1177554080\manifest.json
Filesize
134B

MD5
58d3ca1189df439d0538a75912496bcf

SHA1
99af5b6a006a6929cc08744d1b54e3623fec2f36

SHA256
a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

SHA512
afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4788_1674872249\manifest.json
Filesize
79B

MD5
7a74e28cea0b1a8f1969ff4ef4430047

SHA1
11cbf0dd7060e36283dea377fdfb1105068eddda

SHA256
8fd032d30c7b9340e45428cfef8aa409a5df1f5a89be46ec0ab92e7ac53cc2ca

SHA512
f5cb2e55c0ef4e56fa12bfffe78829109214aa213c193da2e75a51d6bbf5bcaef1e74bb40e091abfded7bdb076b2c266212abeb05aaa87f4cfda804f581c2b0f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4788_1810544930\manifest.json
Filesize
113B

MD5
b6911958067e8d96526537faed1bb9ef

SHA1
a47b5be4fe5bc13948f891d8f92917e3a11ebb6e

SHA256
341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648

SHA512
62802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4788_226081466\manifest.fingerprint
Filesize
66B

MD5
ae188b1f37f7bd50c90f281d08c3a517

SHA1
8a08463ec525d115e566595d27215cd7c9f9a3cd

SHA256
052e7b4b7ead9a368360dd1cfa40cd15767d58ca542240f8a81cf2e13ca90059

SHA512
c950c33880da4509087960743154b9dd5f8e21140077dd37b2d475bfc837feb7430e4d207d8dfbccbba317551e8f63f42508545d91ee481107131a58d386e761

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4788_226081466\manifest.json
Filesize
108B

MD5
763e003bcbb80f3c81522cb052addfa0

SHA1
fa672c6fa9ce939d607a1526ca13ec245514b43d

SHA256
e1d24c2bfb4bc07717aa5833146ed55b67c41ef17fb61ef276eff923bb1ec20f

SHA512
41062cf02794548d6df38205fb369d1aa614ac67030cd909b66a23735473f76de1a3c0bcf0895c932bf9b5c506c1d9659745ec84ec52e361881eb474e92e3fea

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4788_525150119\manifest.json
Filesize
43B

MD5
55cf847309615667a4165f3796268958

SHA1
097d7d123cb0658c6de187e42c653ad7d5bbf527

SHA256
54f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877

SHA512
53c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4788_624197451\manifest.json
Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4788_807861165\manifest.json
Filesize
116B

MD5
1b8cb66d14eda680a0916ab039676df7

SHA1
128affd74315d1efd26563efbfbaca2ac1c18143

SHA256
348c0228163b6c9137b2d3f77f9d302bb790241e1216e44d0f8a1cd46d44863c

SHA512
ab2250a93b8ec1110bcb7f45009d5715c5a3a39459d6deead2fbc7d1477e03e2383c37741772e4a6f8c6133f8a79fbabc5759ff9f44585af6659f9bb46fbe5d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\2e1d8602-4676-4fb5-8036-34887aabb826.tmp
Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
527dc760fe3a5623c1fd942c0189ef7d

SHA1
98fd6543d961b0fb22a0e1605d02c2cad55363b1

SHA256
5441ac8f3da81e0c4a937ebf8ba14cf6b376d14d41ddbc364cfb6f01733739f1

SHA512
e10e3547a44f182375829c661b7ecb733b4a3f6db83aa6af4cfa18e61409887fce1beba608d95355c0c1c450effab8dda4b37ca042c49175193834a309bb92c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
a47a857c2a4e24c0a4a0f1c8338caac3

SHA1
57bef33c46fa38563a8020ba39175a88a424cfb9

SHA256
94ed52d54488ef27000194f146bacedad3662391678a971e8477fff84c0aeb30

SHA512
a473d7b1bcf51f3eaeee45b61d4e29cfe7ac1ee150d3f61cc502d31ff0d41dc59e2150dc5e52bb1c187fb3ebf3c28f3ed76ddc6741f87e7621a9f9cef3fae081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
30KB

MD5
8caefe714e14136e70de7ec081165a36

SHA1
830002e1796eb943425edff7f860a446fa4ccad2

SHA256
6c11c690e4c16a7c207c69c7c661f6979cc6652e742a63c4204649362d5901bb

SHA512
0b3bd6c183e7cf29cd0da3697ee08c237df9824a4d163fc7a63ca10eb0efd6212c491df5a5fa210a9dd6b2bc39059dde57eef8adc069151717cdfc52a325033c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
65KB

MD5
35b6563327bb9f93cfecc25908c0bee8

SHA1
8ee010bd5b32e0e2486f71325f6bd794ebf9511d

SHA256
80dc438e64aea17614880c2626e52b88c4cb723c90c8caabb26cedf09b3b2288

SHA512
4b28907e2d222f60e06275dc6b50d1116e861f22c293f57d4038b225bddb52f3dd05e51565350574d3ad0d3323d6a335ea43589a8f08ad7f98bf720e301e96f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
65KB

MD5
a949e2f24a78320f24a7baae4827293e

SHA1
e17bde903814fa7e37c5835215393b7d2b596055

SHA256
c4c240b960f0f44b15018125cb88b65e9dd7d8a11f6073d81912a611507d7211

SHA512
320e889f4778472548c5047870fe3601c6ce9d0808572e0e3ef1f248c87e21cc883f119b447737615726a0905b1b93adb3d2ec9a96aa0145802df187e7c064ab

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\b022682dd39d113f2d5a65a172dbd28f
Filesize
5.8MB

MD5
b022682dd39d113f2d5a65a172dbd28f

SHA1
aa874df3d3d0a9539c53a8a0c96c4c119bae2c52

SHA256
47a2e8bbef18d5491be3c449d9a5464a8804d9d1a85bc7e24ff80876e85104a3

SHA512
d6746ca7c1e10b1ed7fb48d857210ce5cd0f0542c81fdbf00a6afaf4607f30020ccc09f4c41ef9f50bc2562bf6e4380e7abaef1d5a5b1e91773281bcd9e58525

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\85e28338-4ebd-4fa0-8b07-068a2301667b.tmp
Filesize
18KB

MD5
70de2b7e6dd536ff1c252067cc0f709f

SHA1
0421699125c7005b654160378acf7080e5c0a6c0

SHA256
c70fc4531cda246be2d56cffb2c20b70fe11821eed70c1f52c89927d0a7b5b03

SHA512
9040eda4e1d45f9454b52877aeb4f3db7624fe825363967cad81bd5efad6a55ca9289c709675ee30692370fcd1b92fe36c6cd8986225cd25e01804fe745bc22f

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json
Filesize
3KB

MD5
6bbb18bb210b0af189f5d76a65f7ad80

SHA1
87b804075e78af64293611a637504273fadfe718

SHA256
01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

SHA512
4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\CertificateRevocation\6498.2023.8.1\crl-set
Filesize
21KB

MD5
d246e8dc614619ad838c649e09969503

SHA1
70b7cf937136e17d8cf325b7212f58cba5975b53

SHA256
9dd9fba7c78050b841643e8d12e58ba9cca9084c98039f1ebff13245655652e1

SHA512
736933316ee05520e7839db46da466ef94e5624ba61b414452b818b47d18dcd80d3404b750269da04912dde8f23118f6dfc9752c7bdf1afc5e07016d9c055fdb

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Crashpad\settings.dat
Filesize
280B

MD5
fe3ed833a11e6b52ef4df5edc9f01c82

SHA1
ef8ccbc5eb2d8c0d2d2a6e88ab76cb2d50ac5036

SHA256
a5c4711ef89c3a351c9becc11cc3805252748dbb0362fe9926d2b15579cff560

SHA512
9d74627e555e74dfe30e6762080f0b5642b31db8d36051740e258f0f9ebe85625250c154491eea6f4e05889e0b5f5eb4f6e5a5bdb2fd45e26f3363153c2ddb1d

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Crashpad\settings.dat
Filesize
280B

MD5
fba406e1e9e970545673b14093a5c0ef

SHA1
85968bdc98cf80b2b3870aea4731133e8f527a37

SHA256
ae0e5ffc7b56134d1b7dd1c2aed658d3a6b1f877a5ac3e68c2ecddeea7fa058a

SHA512
9ab2ae5fc9235e0fc046f598f234f0c61595967e656da5c69be331ca29292b67140e6a7f8bdf906b947c4cf477c2fb03d1fd0f818b7d1ab0fc96a4ff0e4a2c66

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Crashpad\settings.dat
Filesize
280B

MD5
ed80e77d11f8fb8ba23b689af88ee7e7

SHA1
1167b632a2e7b21e72672a1b91edd358ae116f5e

SHA256
9fa4ad090abfc6301d44e62ceaafa481413e65ee06a560682ed3ae82a3aa5e75

SHA512
7a6d47f1ffe076e663b85538d91fe7299b90f070846cf10c4bf16cd6b6f3d06537b6b2957e0110e2133972584745332593984f7b00d83c61a733e97e95bc779b

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Crashpad\throttle_store.dat
Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\31af4106-f52f-4811-bcce-807b283a8f6f.tmp
Filesize
6KB

MD5
99f23e36a523753b3b311a3e481f73e3

SHA1
8fe66c7b5e692a8f72eea1324525ff9fdb8d7b6e

SHA256
36332beecf13d172e86c4116a5b51b20e0f08f46fefc40a283f0d567d17260b1

SHA512
ec88a053be9f89d8672e621e4759327e77d08798c4ca76f85f5b26f9ed2d31125a8b88f42ae2b2ad8921323aecc38f02894e8c9401078429f0365c447ff5814c

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\839d9a3e-2563-433a-87f2-526704a283ff.tmp
Filesize
5KB

MD5
efe06b4c0323946587084880278f87dc

SHA1
44d709b3627c8a7cf65aa06277dd1eaac51275dc

SHA256
176cb1dec5044d9be7ba68ea796db447e8e03b887cf88e5a073e952064482a26

SHA512
f4f20f105769337ff523366ca587a76fde9bafce595a19b502f1ee2f7061ac60d7e72254af18c103eec080c5e902b4ed08fffc2873c0cf5bf6b63fe644f40f98

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Cache\Cache_Data\index
Filesize
256KB

MD5
4a3d352f8cac551b99c249d9ecc88d5f

SHA1
1369ae5cef3793851c00e87a7eda42ec61455903

SHA256
971bcf6ebd7289a11ef89da7201e989f567c9758b96861ff8b83c3fc5ab040bb

SHA512
ad37ebb343fd4efb812ff549fe6992e31f2f21066f9d87b3182c062a449c794a7494ae1202d971e3dd7dcb0c838922eef31ef3fe9b557bac8073dccd4939d0a6

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Code Cache\js\0468c443d94a4859_0
Filesize
258B

MD5
b044843f5bda2ed011fce58e8a8600a0

SHA1
425f7e9d303e6e5d57fa7e174ea03449e075465f

SHA256
28efb4ceaefb535352478461f01e69ec0b862e11dc91ff06c453f513e2baa455

SHA512
8f8113631e457c79574c0c1f99c3b62953827508502118d3bd97ed6774f7e324d750baa19da05e22755d47dd0ee234e301478cd8803c898902ab3da6d20110d1

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Code Cache\js\5fa2748cc3ab83d2_0
Filesize
217KB

MD5
18a92e5eaf51c4e82d6ca1b03a6c0565

SHA1
eb0d5a6aed9d3639356a649e7e40ff0249983852

SHA256
aeabdd425750482da5009a1a20343b688d1478e1d372f17e5272507ff3a3f313

SHA512
5d49562d9d3fc0c39511732f2293aa3f01008b5173b4920ccd4e47058f9c2caf6bd1757ee849193d8039de38277818495eff68d9f084ae4523777aa17708ba46

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
b88de581a684fe32bd3725211db477d3

SHA1
932d9405d1467d02c6cb5a3f7fda33e6a492c5f5

SHA256
509eef279534f157c49555ee117d7d44a91d35ce073c0e4fcfe36ded676aa8a6

SHA512
94aea75c85dc1b8886141814d969c671067c82ec462cc3f34466e1f3e81c5d36de6c68cd85f18d1fdd1c115d7bcc81b8f23acaa615af22ce8543bbca5e0f0938

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
7d88cad74a345afb17afe656eeed397c

SHA1
3f6dc24b77280685b065d361178c4a32f5a8562a

SHA256
64fc62d398ca687fc391943c86b42d635406251f9351b6d5608f278119940891

SHA512
6cce13f10f5e51647f3ef0837e86e1bf709e38f02badaa3d234a609be04cb8d940343fe805053e92e7648118ff2dfee85f80823137b371e3995706e827f4c1e1

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
4124445aba5b95b2bc789390e7a81015

SHA1
c3692b6d5b24092579d3141c35a8985d27bb0735

SHA256
4e5dd64b230678f0678346b6c076a799d52b7e5e99979e1f0b7a0c6cb38420f2

SHA512
4a8edc1eee0f09c0700c535fdbab06ced1da7370140c2ac1cd05da869e685a084003580de3c3c0b5dc838f73fada433430ca68708bed45890e820ebbec69d2bf

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
ddfa01bdefd297de953137564e739c42

SHA1
45ea377193f454a30294404bc98aae94ce9ce4ad

SHA256
18c621b65485d98d03d832d07c4e35a2928a1aecbc2af128a70ddadcaca12c1a

SHA512
9860ba3af3c1f9dfa3a9fcb2a810998ae84b12c2d866bf78e7fafe73b6c30a42714355ea7ea9af853e6966d480d7b2e34be617faa47b19ec5cf30e3d562729ab

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
cf3a7146c7a06ce23a462ac75f3e5570

SHA1
cb33c163e465988e76017c90de6346d055214f71

SHA256
acbfcc157d2a45befaf194254473260bead949b3c5d08b9179ad692a58af3235

SHA512
099a8a614d5e4304e7224d8bdf8ca2b1a9bbd65f93e679e41b29cc9d7498df466b5b3705b64cc9aa67a954fdeb31c24ac0052b23d70b8b6765ea9690b547ada1

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
c4acc6afc1a93d29da23e6337a0f505c

SHA1
1c8a756e8562ffb99c7aecc2e54fa25fffe5bc17

SHA256
f3e2f6b7c12adea75ba3b072f41b54bc7d1493c4e456ca00d5dc7c1ca8de12a5

SHA512
051b049ea406b85a1c899b517e4ef79db0ace73741995a77dd12c0fe60927754d2c772ebf319fbb2bc42f94616d059f040e7d4c993d3dacaa0e47df4e90058ec

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Code Cache\wasm\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
7153f0fde8e720c5d56568c372bdf026

SHA1
9b69c0b731c2a044271854a35a3c74770bf82c63

SHA256
70426b6054ba69377a7100ace2cc0a95de55b2c5ca485c5b6cbb3d5f250dd83e

SHA512
4cb27571e1d7a9f80781a7fb4b61e9cc2926ff6cc4f209a8409168eb5b940e830e6ecba581200da750a6f35d344e614e77d3831e1dce48f1a03ccaa33c1361b5

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\DawnCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\DawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\DawnCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Extension Rules\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Favicons
Filesize
20KB

MD5
b40e1be3d7543b6678720c3aeaf3dec3

SHA1
7758593d371b07423ba7cb84f99ebe3416624f56

SHA256
2db221a44885c046a4b116717721b688f9a026c4cae3a17cf61ba9bef3ad97f4

SHA512
fb0664c1c83043f7c41fd0f1cc0714d81ecd71a07041233fb16fefeb25a3e182a77ac8af9910eff81716b1cceee8a7ee84158a564143b0e0d99e00923106cc16

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\History
Filesize
164KB

MD5
a52a55fd35156c4962d5056465aa9d95

SHA1
c22a74097d6717d550758cf6f7ac16c3a4bce1e8

SHA256
deba77bc71479c2e98a7f985233a7dc3a386ebc0dce33a347c6ac21d9ee1c573

SHA512
2683277a6451aec89c9e40cc554ec5d16f22cb44c12ff404ea6c13acd8306552861b279f9a4e6aea3b715ece2e0f1969ff4c37f4c2e4b67336c4aa07d0a2adc7

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Network\Cookies
Filesize
20KB

MD5
91dbaf73c1a8c55254d90272f998e412

SHA1
2b86b31c8c00c937291e5ac3b1d134a5df959acf

SHA256
0628922305d2478ba75a48efadf932d439616eaf1ff908be334793f7bde28107

SHA512
109f4f59616cc1d1682b4d9468804f7668c77ce1878afec06a57037193f31a9c1c39f5d269277462936373b129d26488cddcc34d455c27185534e7754baaa988

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Network\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Network\Network Persistent State
Filesize
826B

MD5
72891971416d69ab7aff5ae3973e810f

SHA1
17c557dd7bc1610a7f0572d59417dee87939e199

SHA256
8f144a2585eaca9cf0448673b7906539d150eb4af06b18614036c9423be8885c

SHA512
130c4328e045e9300df3d6e782ae8d3cec4730f51ec149c0685310052717cfffed2dcca082fd4c979a3a9c3226d013da6efdc93588c576a31934cf3424195174

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Network\Network Persistent State
Filesize
857B

MD5
fea56adb7c945621816ab484e7cc4c98

SHA1
455015f13ad459cd6866525e1d97350070ea5bad

SHA256
bfcdd0052fd01c0f4283ed00c24391e55ac6f80635be30c96d41548b76b6f4f5

SHA512
a5f51fa438da638b112bf7847102fbc7e8f980b18e7dacca00a40b922e4b54ba332b2cff2f6165a777829c4ab7ae9a55283994f7152bdfdd98a19dd28d2b3760

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Network\Network Persistent State
Filesize
857B

MD5
28f590270ca8e458f3d9b49585dcfa31

SHA1
08f77b4ed7e71ae361975e8078c95b4bc957ae88

SHA256
5520cc234dba4e19be5a6eccd9a680e2545744397ac4a46f948611f6f6eaba8c

SHA512
8308fbaec07e68bc3804c0e8e724f8ddc5d705bef34ddfcd18a71e96d02a643c152df9c58a43daf83f5439952e4b3878956081858f1bcf68858075c84e38085c

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Network\Reporting and NEL
Filesize
36KB

MD5
5f080b35a2352f916d574e049ffa88c5

SHA1
bb4cdb42ea2c454bcb92fac028696d65b4b91697

SHA256
10ce46995378459151b5a072d6ef1e54867ce57edcc1520ec6a0965b5ff432ff

SHA512
b9862a5ba6723d3859bb1baecc04df0bf14a3d6c06278fd7cfbbba2412fd0dc5dceca969a9e1fe967a8f29764cb800f475b3270f3d1c2868f56a2d1586125bea

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Network\TransportSecurity
Filesize
352B

MD5
cadbdde891c98fdd7b2b8adecabe9ef9

SHA1
46e8c0864db1a08ce13a2d559b774d55b12289b0

SHA256
ae6695560a01b62f773ed82b7501f613bfd735aca2c830a2e4c8269fb64ecaa8

SHA512
64859de7d333f1ecf2a11fb9b6437472002376ac36743fecf1e06cec9ea600eeaa30f7138d5b224e25467938a2ed81a80102d96678d63d9db99981b5b48058b6

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Network\TransportSecurity
Filesize
352B

MD5
7edd6a043b8a91e5091831ddebae5455

SHA1
cd8d6bb3aa2be95b067f340a5faf12dfdec1e861

SHA256
5695d9ff8843cf58bdf4ee1161da4dfc5c57e22b5db859290738d933a2712abd

SHA512
5ff18a5e877e06c11ea9f3148942179eec6bba6e2cf712cf783af44f122e329607d28313601ecae147f2d1806ab64cdafec4cdd9ffe0d1d51cfb6618027a1470

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Network\TransportSecurity
Filesize
188B

MD5
c0f0beaef729fbe60e99090f522f1b16

SHA1
aad2c317e58c29e84b48bd97662b99f6ce8a1575

SHA256
4b1d260dde19192f5a2dc5d51f29e3d49c8451108f85a57d0baee2fddc1adb62

SHA512
eeb0ff5f6f833217f457aed92d2ef2abd9085fff841ec7ca53b93b79f2f14bcd54185ebd27fff38694ecedc302068c340f1821218000eaa74c80a623d802e859

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Network\TransportSecurity
Filesize
354B

MD5
20d54d20ce3c9e834f4e9f13d36c865d

SHA1
ecacdab72b6852018da43023de240510ea930a70

SHA256
8478fa44ba52102ee065bb61e0899289e60bc02402c8d9cee4665e7292b8e162

SHA512
526a01c674ca4d14d55694d003220234a4793ff0d94091be28c6491a26b29c0d874ddbe9f8768b8439dc8ae724ef83d27bc6cfecc0ba9f4eaf7da6d46c9c2dcf

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Network\TransportSecurity
Filesize
354B

MD5
62dd73e8cb6157eca6ad8d8e13ed5bdf

SHA1
3971ef3126725c4678d27a0ef043fb758052337c

SHA256
b7cc97f3abf67ec285b03f266c39ba4955d3481993e380f7a54c5e72d147eb25

SHA512
655ebcd6ad03855b4d93f784a42e95e231a2c5d932025b1c699865ad2e0c58bc56eca564ce8d11444e3a40cdeae00ed9f8899981302b720a7367283fff5a5dbc

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Network\Trust Tokens
Filesize
36KB

MD5
7289d4bdfbd73ed571278f95cb4c1939

SHA1
7c911f54243d9777a34666f4526a49c7e7aea244

SHA256
2d4ccf8ac8ae4f5c6ec8e0566210ff56585b6ba0290501a1a11ed9b23bfc226e

SHA512
6e7d48e18b0317449807c4ac2c377b3cccf5bd6121077d51152d7e188ba1ea3cf62372b7611036938986dd0c84465dbd747fe8580e3a699f8470229a6d57a749

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Preferences
Filesize
6KB

MD5
b619e8ab46d2b28900f37b364346eaed

SHA1
1d9065d6ed359c17e8591c42a64b17855df64053

SHA256
540c8e0f015804bbab7f68f8e17fe676721ae9a527f9d6a5cb68a2c41f961690

SHA512
0d3c5d9af63d4cc9ad782e7039c47b7bb536ab8d641514b883b2441a5dbab6fd35c9990e1b89dddac32f9feaeffe6664f936cff28b1af1c6870fc336c587451c

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Preferences
Filesize
6KB

MD5
61247989168c064ca447be98a874d836

SHA1
d855b9731d6b4fff3021b11dabfe0d55655c8bb9

SHA256
0f21d0f78f37a7d42029b6bed4f54ff28a90baf168fa3bc340022cc28bd64989

SHA512
1ec0c7eabaf0a37f42aef1e97aaa87d2a005979011bd603ee616b9ce8383ab1b3a5693508cc711ca81dab8d63ac92b05acfb17ef3013b49cac9d0f3289f88f2d

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Preferences
Filesize
6KB

MD5
49a8042643eeb95e81f3978e3c401674

SHA1
8aef027972fb16cda77e11368dc12e84a0e6ce37

SHA256
8dfb93312b0619468185c9cc2c980b9033fbc403ed9866c7c8c090c7bf556fbf

SHA512
10cc170e61ee6e9b7a05e93f77e812f1caa14277a1d0c9002bdb377bdbdda0991520a134cc6d513bbcceff2a58cd29f6ac0f16963b22d237477a84ec4fb0f113

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Preferences
Filesize
6KB

MD5
ee4fdcb742cbceca2612312ac2afc6db

SHA1
bcdc8a3b85b6225669021c8608c1587a61e625a0

SHA256
ed72b9ba41e555b08d0c923e884e46922b6739918d6e898d211e4279c7c3dea0

SHA512
de8db323fe26cb9e4cbda1dac0510b10a1889dee155479b151f2e69791da1a851642f7ea4620634140004ba139a7536aeffce70011acbb9e7ced84ebb5c5e3ac

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Preferences
Filesize
6KB

MD5
d4844e9bb335cd30c53b3be5d430661d

SHA1
78c207b9fc7562b62c10530cec740669550b4995

SHA256
dd90daa2c05943d666518ac4c226c8d3048d66e49c0edd382563988e94c875fe

SHA512
338175514c7b69fadfdf6372649f8d4875860c73ad485ce2e09a2650646fc2ea1ad19ce80afd406b264f0e9d7b577aee5bd542c7d8c12799fbd097a0249059ed

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Preferences
Filesize
6KB

MD5
3457f99577c66b344e28a4b3d0a1c1c0

SHA1
1ca89ec888e9a27af7037d432b8863894f2fab5a

SHA256
ea429584623cf32787ff5a0871b2f8cca3c16b4d25f4f6a58b325863f05bd197

SHA512
88469e17f30e3f2497ce206820b11500562a04cc6fcc73a4be7c07d246d17af69f7355d0fbd4dc1d77512d9cd00729cbb31eb5af10a768ca692d7debbada36e6

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Preferences
Filesize
6KB

MD5
90b022ba59b0aaff4409b3ac761022f0

SHA1
e7984a1d56dc26eb55248f38f2b3a558d2b4e3c9

SHA256
926463b37b33a7dc1f20f49784826cb6bbdf7307ca0b89fcf2a12b621dd4d212

SHA512
00fe48a35c3b2fa0dedf69c2d47eaa04fc4283cded8b8a5bc6620bbd10a428c6de2a8f28e68ca1ea092467316ff95de8902efe9ed0653958b09d7897bfcc2315

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Secure Preferences
Filesize
6KB

MD5
9d726504663f705b6400895d6820bcce

SHA1
0aaca1f5ac022f27258c274b86b80725fdc1359f

SHA256
305ad3b279783b5ce060ec17f6f0bb86441f97815678f12d977404f078b97b29

SHA512
8244f3faa23d406a29ab3a6548c1448d9067579fec1501d9563dc02e91f64235cea0b156821c67d0b08388cfff1d8a20e9a21c68fba36eefcf9b87e321547312

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Shared Dictionary\cache\index-dir\the-real-index
Filesize
48B

MD5
8b24b0d262c65daeb1a79c1a6ed6ba66

SHA1
13a7189ba0b4317ba025d591b70dcbd29e9ae1a8

SHA256
2561daf1e9661adf723da5f5320a45de5aa8204bc1ce74593a00f59081d70077

SHA512
61b627e29356febd7d44676aa97c237ebf5883be92a510111a5700b426941fe17b20a93f26ec98aff8a317cb9f22ebc311921bba7f93406da92f808cf1e5af3e

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Shared Dictionary\db
Filesize
44KB

MD5
71ccdda9f3186c8e729bb559f93bb992

SHA1
3712c11bb21b8e2a74bb879d47b2819ed1ac14a8

SHA256
79b107307408e5ad9a145c87533316174fd13f4ad943497d079522fbe325b3b1

SHA512
19f8134fcd1211964111b07884b52878b1649644b6ec623bb586df1a9b7dabc7f8c8a755d2a52c908b563bdd968135f4f703cc35103696e40d0ab0020c8dc4bd

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Site Characteristics Database\000003.log
Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Site Characteristics Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Site Characteristics Database\LOG
Filesize
317B

MD5
188b11fb45d8038c3a0ba813a439580d

SHA1
48cdb428ac1ed3cdc010ea7db62a3c7799d02709

SHA256
6a3e854f3d8c93e34e537c3aeff0e210bdf0ff6731441fb58df18fa74812ae70

SHA512
d8cc62bf660f09508599da3f0ce706c79dbb16315a01be50f0d212a76bac4af1119b6bee6f0ff4c496b0ba50f24cbc51a012bda7de509ea9fa8e015ce0742396

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Sync Data\LevelDB\000003.log
Filesize
46B

MD5
90881c9c26f29fca29815a08ba858544

SHA1
06fee974987b91d82c2839a4bb12991fa99e1bdd

SHA256
a2ca52e34b6138624ac2dd20349cde28482143b837db40a7f0fbda023077c26a

SHA512
15f7f8197b4fc46c4c5c2570fb1f6dd73cb125f9ee53dfa67f5a0d944543c5347bdab5cce95e91dd6c948c9023e23c7f9d76cff990e623178c92f8d49150a625

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Sync Data\LevelDB\LOG
Filesize
293B

MD5
66cdc31e86763c0b7f08c400a82d85a4

SHA1
6ea373f71d7c42e4b574963adfd2f41ffbc84f9b

SHA256
267bfb81457dc965e7ddd3bbbca19585baff6b9f0020213c012594afbb9ae3c3

SHA512
6f74288201013d8c008aa5088020a38c8f919dee8c52886cc3af3895fc7cc8a7c213781a9f7754d5395dd9fcfda2c8b85b9a1b5551c24f215a71385f3a73e12c

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Visited Links
Filesize
128KB

MD5
d66a83dd7b50b2dd700f2ebc5c6ebfbf

SHA1
f0dc6edb6d678d83c1fb9deb66f155bd223fa7b0

SHA256
5467f28b71ff776997e1bef310b20e5856311ac513ab64261da72800d4074b02

SHA512
302c852bc8c57fc5be6fb17f08adc685b7c66b3e207885f906eac45fca8da6e0ac6e6621e9269242d8ec7c24f32fbd29d9ca157c84b674bd62a8f9d46dbcd473

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Web Data
Filesize
210KB

MD5
de64b3487ba692a60d246d8fecc05bbb

SHA1
e2c1d6c0c2ef943be79fee667d2895d5579f279f

SHA256
db93cc6874e6ae80c9a151c1dd6a326ffee07b127e5899438873c19399c79b85

SHA512
13e75703aa5562b559896e564a264385fddfcde4ca29de673c1ba7582425776f51c6aeda5a324d89207b0d69b0c915284a1290577774220302a45d3b0fae8f1a

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\shared_proto_db\metadata\000003.log
Filesize
392B

MD5
0575d7ee7294bf5fbc188f27628a1ae8

SHA1
82e3a50c162c8fad24bc9a7bd0dc15de0555e131

SHA256
3656f18b138ca398934672f6a1712f1982a0f43c7b63a0e07b54e613c7cbbf84

SHA512
441eb5ad4d0d64a96ef3b910d90ba68646278dbad8ff3a5229ef016a57182b41b4f5c29ae160d980747bb4908f9975ac4def27a253df0f6985fda3f773c58b57

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\shared_proto_db\metadata\LOG
Filesize
307B

MD5
5450d666431d7461de8c9147a43b0334

SHA1
83d75c2f780abff1933935eb70e49b97322e62ae

SHA256
b2ca4c1c842dd03497e3ba7f10f4044e9075372fa0598c1045b5c0e76258a282

SHA512
37156f042a644213f160b624c39560aecccb031ddbb43ed01cdacbc6d84c1c5ae00320454a84d52b0897918ddc04f2c2bc30fb23fe189bee7ba7f29ccf6b86b7

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Last Version
Filesize
13B

MD5
9f0786e66f4c80870bd874b7aba0a394

SHA1
74d461c9049086ea0301b956203e7cb59438160d

SHA256
da3e73d31020d249d320f01fc40220043e34ebc99fccaec56c5a97f671a8f227

SHA512
f766b4ee7c28886c1901cf76c1c917e296ddfd3cf843f4f27d7a73db37247ae0dfb8c3f343c4ba124d20f4475e0fb4cf60860215480341715bb907d73630cc6e

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Local State
Filesize
16KB

MD5
ae47255e8f4c12b4f56468332694b515

SHA1
1a6312c6e3db421a44a3fb772beb49b5f398c0e3

SHA256
4787626b9844cebb72d8d436b9a275d7246f321979860cf049833a1859f861df

SHA512
5ae06a700067ea366c86cf8532ea242618c806875b42244a811a6034455f45cc6440c42a8929bde9f78663fcdf9c56162200a1f2aed22c9540f2192297e8f387

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Local State
Filesize
3KB

MD5
4c60c17d211949b53fe4e7ef8b38a48e

SHA1
66854fab4aa7e9382792da6daa78009ae874d696

SHA256
fee71be4a10eb78fe532ac1ddd40cf087a1b2d8cd191add83917357065841978

SHA512
3c1d44c83f7f5177b71260ae366c41d7a2265414d1de2feb78332b888a07729accead8659f06b03e5e6eee6dfb4321aa5d74c190eff98ffb70dff67cd9317d1c

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Local State
Filesize
16KB

MD5
f149b24ed0c06da7fb17f96b9596cc08

SHA1
8ed9d20e22ef2e3af4611a65dc24ae387ba3889f

SHA256
4708b04aeb74b2b6597f1ec3223873c294b60df7504cd8259ee1c6ba5e2d9766

SHA512
dd3aacf83c1ce47e0cfe89737ada7439d0f9ec1afb434f44e5efeffc38247a44e684fe896959b0b668015a166f8ca4c31e5712a5b3f3a9deaca9b9f30dfd8c43

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Local State
Filesize
3KB

MD5
79bffcd90ec65d7586ce63c9e02cd94e

SHA1
f46225677105c08585fdd772d89c2383adbdee86

SHA256
105517c6ccb4279c7d91b30e562474e22e05438809463f4f3bb37230d99d3a81

SHA512
07782730743f4f41ace4cd1dec13619c9c6b097da9ef6470ed89a7fe75f63dff232395f0bb77342f6cae1ba038ba3e0b216e73d03eb1290a9a281421d5daa341

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Local State
Filesize
3KB

MD5
09f1c1d87f405d400252c4cfe02baad3

SHA1
779e3be5bba30c3e9f98d61e5a81a5abcca24c90

SHA256
ffa19140c69588989b1224e052c3d42b88082ba519cbd272f1f3b9f907c34e5f

SHA512
f4987fece60f3d7838e7932d7bdf874aaf69793ea854e6bedf5327c247e7f2a8061e026613c00b7d28fe1a1c6d224b005e3dbb3c77bf3059d67103d1346a2a24

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Local State
Filesize
2KB

MD5
5c5d33e500f16229acc8c8ff11572778

SHA1
b914d40db16c008d56c5c476b173eeb4502d015f

SHA256
3010b2f691e2da3a2c9ebe08a6291f97eb8e0c114fd52f7a266cf9f454acd2fc

SHA512
8870982453a4e41beaaf19827b39b2d07df73d3c2d80027a0fe964e987fadaab63b29837bed58847e67c8044d41089ee30c53769d9b28fb477b432734296c2ec

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Local State
Filesize
3KB

MD5
e6cdd41531a98ab3c672edebc29a29c2

SHA1
569715b47e96287458cb63e2292ecd110d5aeeec

SHA256
c7eb3c521a04b7181d57e277449a467059f7564df18deccc052f266520ae6ab7

SHA512
0adb494047cf99625a356fdf7381f6b37980e547a04473c649829fba1b3df5d89cad52b947c50b29f229aa173ea6402cb7ddc04cc77827fa8d2fad4615966398

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Local State
Filesize
18KB

MD5
ba38dfc529ae2788550038289c487574

SHA1
2a15da61a5b3cf6af5c01f0803bc6b8aa223922d

SHA256
81df82ca1245370865712a054c793306ffcc1f468b641668b6b358a950090089

SHA512
8abf58c022cf6f2974872f4f79af00dc3cb7b48331d3f7f5eca6ffd054ffe033eb63011d1d5e69ce289692f88a9605d793e16d2f5cea543e77fc1697097a2fd5

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Local State
Filesize
18KB

MD5
e2b5478483e0b50855ff8754b00078ff

SHA1
e6a9ec78627d384f260eeb06743120ac92ba7e9e

SHA256
098112f26540b1010c43c034a2d46768e3a51532bbbba85eb2ca4ee237aae158

SHA512
51bb6e0af87828bf93071ba56b137e13ca696e42428d250dffbfe5374fd8f92b3a2e7c2b3a370d55be3ce77e044b4a3de1e6d541c69ec39b2f25bd6f54c26682

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Local State~RFe58a227.TMP
Filesize
1KB

MD5
c3b1bfd2d7e1d08f39ee2d096ae1439f

SHA1
2fc9acd93f67b5905eaaa9b0a1d40a2175e14749

SHA256
9919977ecf1294444a40b7b9a9f1a1c9ab2d9f387ae49b97fc146f335401bf68

SHA512
eaa5134435a82dc35985a8a8ea13ebb3ac5ab8b3d0279b12743e3984834f0fb2c24760196bfb2d659b4822f9f95b77426d0e8b02dcd328952c4526be5b92cbbf

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\PKIMetadata\13.0.0.0\crs.pb
Filesize
278KB

MD5
981a9155cad975103b6a26acef33a866

SHA1
1965290a94d172c4def1ac7199736c26dccca33e

SHA256
971393390616fbe53c63865274a40a0b4a8e731c529664275bdc764f09a28e2d

SHA512
2d75ce25cb3a78f69f90fbd23f6e5c9f1a6ed92025f83ce0ab3e0320b64130d586fc2cd960f763e1ab2c82d35ef9650ebd7ff2a42a928a293e0e7428cc669119

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\PKIMetadata\13.0.0.0\ct_config.pb
Filesize
7KB

MD5
df3d937079b894c891f9b0b741874928

SHA1
ed93fc386807b3a28fcc7988a88ae4741bfe1b15

SHA256
c7cbb0db6e924cbfccf4a6e8223e3fed4d93f5d78a3122c30213b6e38ee195f4

SHA512
5728bdd930283a4906e7e07acd3eadecb813a3154ffb41729738444bf13aab27dceb01e05a27c77bb13cc498c1d5c2d492ac653ddbfe4b14004b1c7a5bc54f1b

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\ShaderCache\data_1
Filesize
264KB

MD5
5111024a557315878d192b231d30f034

SHA1
5296bf0adb760285c6dde9d8c58070855d2b3074

SHA256
d9f65d5cc5e1edaf0a9daa3208d01adc2989d94b117ce8cb5786b625d4aa11fa

SHA512
f475a7e23e18a6355a232464d71a7b1bfd52204db413cd526b14c8ac550c2e151772ad0b4ba84678613f5d51dec2a6f2245f8be0f9e12965cfc13f07d27f4733

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\ShaderCache\index
Filesize
256KB

MD5
313daba4b611e015af97a006a667d0e6

SHA1
55263cf30055c954fb80fa0d103464e6f8481679

SHA256
dd89ccc38d5a656781d847266f7af125fcc1d0191235884184afbec418a48786

SHA512
ba26b99506769586ee43a259ac1a5a5b660ab2603de75dc3be46402e31866c4cbb4730e1dfa6506f172bfcffc91061624bc67b4b5f21dba7f9bc1027848f1010

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Subresource Filter\Indexed Rules\36\10.34.0.54\Ruleset Data
Filesize
2.8MB

MD5
16176aa639f8d0bf6c1a823f9d973d8c

SHA1
f1f365a4705a3fcab04bc4aa8f080ed7ae2f372c

SHA256
75da3c6add63a83efb735ae0f1f4e6578607ea33187753b0f65f750a1ab0ab34

SHA512
d8711e8a2d417f1f9b81a13d04951420460d1be2dd0459916a3226f364b65cd77fc0feb4be22412df3da0a2433cd924df7d0684fab04a2c6cf3a6e9715ea9f84

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.54\Filtering Rules
Filesize
1.8MB

MD5
a97ea939d1b6d363d1a41c4ab55b9ecb

SHA1
3669e6477eddf2521e874269769b69b042620332

SHA256
97115a369f33b66a7ffcfb3d67c935c1e7a24fc723bb8380ad01971c447cfa9f

SHA512
399cb37e5790effcd4d62b9b09f706c4fb19eb2ab220f1089698f1e1c6f1efdd2f55d9f4c6d58ddbcc64d7a7cf689ab0dbbfae52ce96d5baa53c43775e018279

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.54\LICENSE
Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\TpcdMetadata\2024.4.29.1\metadata.pb
Filesize
31KB

MD5
7b9001fd6a5786c7b7edfa104a1eca5b

SHA1
462bafeca182a3e600ba22eaa1cab15c1a70831c

SHA256
779726531d52eff63d46df72ddcd421921b2e6bb918147a18c2adc28f45e693c

SHA512
f16d79a093c55408b6c118a743c5d77057dc899f5303c55003298fd67256f58200e085d03471f421065db1d3b131393f2e3a96ca71e35c94f1ba7a0569029918

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\TrustTokenKeyCommitments\2024.6.20.1\keys.json
Filesize
6KB

MD5
595a80c921652ccf09afd0b196fe3a94

SHA1
e4ae3f8b880e57b64c6e899505a4ad1ec99d6d6b

SHA256
7d9965e3d4c47a32fa6d7b290704f22382b70b80e414ce091eb0b0964dc509a3

SHA512
0dec0a48f2d13100e07a114dd288370a4449cc347162d6febc8b9b1dc66dccacec6bee79b7d42123c12c7500881e31f30cab5ef3f77029493546cf262de583cb

Download Submit
C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Variations
Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
5930c914464ce32e6ae35dec8cc1711a

SHA1
9cf4b50148a3a4225d22c6c1719faa9095b07587

SHA256
db9d860cafdefd2d9c154fb79fd90085bfe0a925ea4f66a5bc15354c85beb5ee

SHA512
f189394c7e40bb1c2855dd521b46914b1d698ebdefb3534f0f030ac179b5535a310783e6a30c8be2e8f1282e9b342f0e7cdffda6a31bd426f32ba1fe6bfb926c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\3209289d-a1e9-4bd2-944b-5708fe9c5f8e
Filesize
11KB

MD5
c2ae5e1d3eff81b2718593971c7606c9

SHA1
187cb88b3fda64a80155f9c37691746c812e79e6

SHA256
7ff70ce030df54693cafd65b962208e52cc5c60c37fd51a9d61770f95f3a988a

SHA512
40534485f1403602d61bb991e0ff1b28f5991c5b40ee92731dd2e3111918c267cc2d676c008835878f8ffb045a310752fb2284b9c3ff9095fa8932317b9e7713

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\9c25f0f8-1210-4e66-9967-9916745f4658
Filesize
746B

MD5
ce449f740d5e6c9c8b92d0e78539f8d5

SHA1
f64e7d1956b87ff12a6e1fc99daef2c54ec76e80

SHA256
20915c3afe9e63db153df3605c9e9945e77ad5077e84b8b010856c0cf39efe48

SHA512
addb78b1be24a5b49c8a954946b3d7ed9b3e98b6f2e444004e71975c928c4f23fe8437b66d84220eefd2aa7e308066a1eaa5fbbbf893691b14745213589e227c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
Filesize
6KB

MD5
9bbe2819539982c769d86e04d92e88c5

SHA1
af50c3e8476426f57d38d93a4435748f145bd2a0

SHA256
b9235fa8fdaa9033f4b0066d438b1c16b76d1fc64dc6d777b970b4f0ad4d833d

SHA512
e0181e78df69085afdc9d32b1882f5245e508ca58ae560010e78e26948ad8fe0ae9917146a162f7e7c60aa9624549b9824d24ca96cf8c02a4eabdb433d208888

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
Filesize
6KB

MD5
2dd5d80af1ea3c0fe789df8534f2eb2d

SHA1
77eab4c1a4fb47ba80afaba6a3580cab8cb64cf0

SHA256
e8e54f05023c3c2d396b30e450a6564f13843eab69d2abec7f9eb331d6a67017

SHA512
f0a779488456d3b87d71b719779ad5c10db8362bdc7619a7d9bb1292607f7d31d7ba06918b24a942818612b01fb8d690892573cad6e35e63b70a5e67fdf45ad9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
Filesize
6KB

MD5
cd70c4e6850b79d6061b1e37783799b6

SHA1
55df32e3b61bf17625ec60dada0f72b184ac6871

SHA256
6505de2b685cc121fb990b54b3a7b4e9a24b2e353b617e148f18065f8e517464

SHA512
875662da7f4445551adeaa039b1d8fb25a96a1193c2d87062f228bb25abc63b6728baa5f1ed9823aafb69215487f294ec7c556aa94069af60a13b03b0419bfba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
50KB

MD5
b80cf7c6dff981eb05a00760790ebacf

SHA1
91ff78cba1f9e7df50a012f7c8ea9f9135b18d9a

SHA256
bb4d3f502ccf88ac53da3da994f4d7388265dcae842f6e190e9b270ffa75c2d8

SHA512
cf75bd6844460a89bc9b2bc9975672b774aab36d88ef8f2dfa4f56f313455891150c10bc6eb9ae8a3d0ccb7e23aaa9ce3f17341996f8172239f2c847a3d32805

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
39f961098b5b1b0d83fc0607c9080b19

SHA1
09bb7663229478bf1b06a678c738d4bda5ab923b

SHA256
5c8183230c7ed505b7cd81b8f4072d1bced31e4982bb6600aad4ae6b49cd761c

SHA512
0dbb316b7406a4c7b813fe68697d1dee1a7be5ef2a75f69efd533b6e5bcf4e9d6635f1953279c17e00bc6a0478fdeab872792254c30f1419b53ab171877021ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
b490d8f392990293012694a6b5683562

SHA1
522a1c990d88f613fd9da6bb97fab0db88b16ff5

SHA256
f0bc50e3596f537991455bd02df546db69fcb78c0255247fd6299a9762df4633

SHA512
c7034dd8e2c0d06184879a496bd29275b16324254438477ef04b02494597d92b3180d31597c3b637fcd38c6f021a279427ae46b6f5f4742483209f38a30847dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore.jsonlz4
Filesize
50KB

MD5
0bf93d65c43e1c861cda6562fa036c74

SHA1
1db36c52d29a50c26cd9ef6d363360c032d9fc6c

SHA256
64a734ab5c3ba2a607f968ddf977d9408b8fd0e58c5cd7bf5643a9db32578452

SHA512
d9682f19afb415d0b93a25f2f724144b06482d80b0d74698d47182ac8357f4a0f66d84e76dc4943587b128c824a6899101bae5cd209c7bbb1f27e867a7f38f8a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
b01efd0877d8bb4a5d754d6d5a5922cf

SHA1
6dfaecd4219afbb206185171c64c777e9c73ae21

SHA256
ef1ebedd446ce18b79317f09953ff8a6069f92749188b45945567c315388aa90

SHA512
6f5fce89b6dc7e6979fdb01493c0811bcd55cb945d7665cd9a23e93419a5aa28207b3f614461103f04b0406741e8020c35252fda5529e41e3e918e42fd89c086

Download Submit
C:\Users\Admin\Downloads\Bloxshade.pXs1IAoa.zip.part
Filesize
3.9MB

MD5
068931213e7386d31e4477e7432f37c9

SHA1
1f5cf480d9a9578418f590523228a7ec6272a12f

SHA256
03539a59a60c0124a8bf28736ff945f96a5494d907b4bafa4edeca118410750e

SHA512
93c63b658445348133adf2d8e7bdf280e8f881664ed73175ee7fb49e40dc28ac62990bcc7baad89e644f5fde95eb601bf0fb32f267c39b96e48dded654aecea7

Download Submit
\??\pipe\crashpad_3292_IWHSJRFLRHTKSYTG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2288-207-0x00007FFC41380000-0x00007FFC41381000-memory.dmp

Filesize
4KB

Download
memory/2288-376-0x0000026BF1110000-0x0000026BF117B000-memory.dmp

Filesize
428KB

Download
memory/2816-29-0x00007FFC41380000-0x00007FFC41381000-memory.dmp

Filesize
4KB

Download
memory/5720-817-0x0000016FD2AA0000-0x0000016FD2B0B000-memory.dmp

Filesize
428KB

Download
memory/5952-1111-0x00007FFC42190000-0x00007FFC421A0000-memory.dmp

Filesize
64KB

Download
memory/5952-1102-0x00007FFC42450000-0x00007FFC42480000-memory.dmp

Filesize
192KB

Download
memory/5952-1103-0x00007FFC42450000-0x00007FFC42480000-memory.dmp

Filesize
192KB

Download
memory/5952-1101-0x00007FFC42400000-0x00007FFC42410000-memory.dmp

Filesize
64KB

Download
memory/5952-1100-0x00007FFC42400000-0x00007FFC42410000-memory.dmp

Filesize
64KB

Download
memory/5952-1098-0x00007FFC422F0000-0x00007FFC42300000-memory.dmp

Filesize
64KB

Download
memory/5952-1131-0x00007FFC41370000-0x00007FFC4137E000-memory.dmp

Filesize
56KB

Download
memory/5952-1132-0x00007FFC41370000-0x00007FFC4137E000-memory.dmp

Filesize
56KB

Download
memory/5952-1133-0x00007FFC41670000-0x00007FFC41680000-memory.dmp

Filesize
64KB

Download
memory/5952-1134-0x00007FFC41670000-0x00007FFC41680000-memory.dmp

Filesize
64KB

Download
memory/5952-1135-0x00007FFC41690000-0x00007FFC4169B000-memory.dmp

Filesize
44KB

Download
memory/5952-1136-0x00007FFC41690000-0x00007FFC4169B000-memory.dmp

Filesize
44KB

Download
memory/5952-1137-0x00007FFC41690000-0x00007FFC4169B000-memory.dmp

Filesize
44KB

Download
memory/5952-1138-0x00007FFC41690000-0x00007FFC4169B000-memory.dmp

Filesize
44KB

Download
memory/5952-1140-0x00007FFC40000000-0x00007FFC40010000-memory.dmp

Filesize
64KB

Download
memory/5952-1141-0x00007FFC40000000-0x00007FFC40010000-memory.dmp

Filesize
64KB

Download
memory/5952-1139-0x00007FFC41690000-0x00007FFC4169B000-memory.dmp

Filesize
44KB

Download
memory/5952-1124-0x00007FFC3FF50000-0x00007FFC3FF80000-memory.dmp

Filesize
192KB

Download
memory/5952-1125-0x00007FFC3FF50000-0x00007FFC3FF80000-memory.dmp

Filesize
192KB

Download
memory/5952-1123-0x00007FFC3FF50000-0x00007FFC3FF80000-memory.dmp

Filesize
192KB

Download
memory/5952-1105-0x00007FFC42450000-0x00007FFC42480000-memory.dmp

Filesize
192KB

Download
memory/5952-1106-0x00007FFC42450000-0x00007FFC42480000-memory.dmp

Filesize
192KB

Download
memory/5952-1107-0x00007FFC424E0000-0x00007FFC424E5000-memory.dmp

Filesize
20KB

Download
memory/5952-1104-0x00007FFC42450000-0x00007FFC42480000-memory.dmp

Filesize
192KB

Download
memory/5952-1099-0x00007FFC422F0000-0x00007FFC42300000-memory.dmp

Filesize
64KB

Download
memory/5952-1108-0x00007FFC42100000-0x00007FFC42110000-memory.dmp

Filesize
64KB

Download
memory/5952-1109-0x00007FFC42100000-0x00007FFC42110000-memory.dmp

Filesize
64KB

Download
memory/5952-1110-0x00007FFC42190000-0x00007FFC421A0000-memory.dmp

Filesize
64KB

Download
memory/5952-1130-0x00007FFC41370000-0x00007FFC4137E000-memory.dmp

Filesize
56KB

Download
memory/5952-1112-0x00007FFC421B0000-0x00007FFC421C0000-memory.dmp

Filesize
64KB

Download
memory/5952-1113-0x00007FFC421B0000-0x00007FFC421C0000-memory.dmp

Filesize
64KB

Download
memory/5952-1114-0x00007FFC421B0000-0x00007FFC421C0000-memory.dmp

Filesize
64KB

Download
memory/5952-1115-0x00007FFC421B0000-0x00007FFC421C0000-memory.dmp

Filesize
64KB

Download
memory/5952-1117-0x00007FFC3FCD0000-0x00007FFC3FCE0000-memory.dmp

Filesize
64KB

Download
memory/5952-1116-0x00007FFC421B0000-0x00007FFC421C0000-memory.dmp

Filesize
64KB

Download
memory/5952-1118-0x00007FFC3FCD0000-0x00007FFC3FCE0000-memory.dmp

Filesize
64KB

Download
memory/5952-1119-0x00007FFC3FDE0000-0x00007FFC3FDF0000-memory.dmp

Filesize
64KB

Download
memory/5952-1120-0x00007FFC3FDE0000-0x00007FFC3FDF0000-memory.dmp

Filesize
64KB

Download
memory/5952-1121-0x00007FFC3FF50000-0x00007FFC3FF80000-memory.dmp

Filesize
192KB

Download
memory/5952-1129-0x00007FFC41370000-0x00007FFC4137E000-memory.dmp

Filesize
56KB

Download
memory/5952-1128-0x00007FFC41370000-0x00007FFC4137E000-memory.dmp

Filesize
56KB

Download
memory/5952-1122-0x00007FFC3FF50000-0x00007FFC3FF80000-memory.dmp

Filesize
192KB

Download
memory/5952-1126-0x00007FFC412C0000-0x00007FFC412D0000-memory.dmp

Filesize
64KB

Download
memory/5952-1127-0x00007FFC412C0000-0x00007FFC412D0000-memory.dmp

Filesize
64KB

Download
memory/6052-129-0x00007FFC416A0000-0x00007FFC416A1000-memory.dmp

Filesize
4KB

Download
memory/6052-128-0x00007FFC422B0000-0x00007FFC422B1000-memory.dmp

Filesize
4KB

Download