b2ac1e407ed3ecd7c7faa6de929a68fb51145662cf793c40b69eb59295bba6bc

Analysis

max time kernel
210s
max time network
220s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
07-06-2024 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bloxstrap-v2.5.4.exe
Size

7.6MB
MD5

dbb820772caf0003967ef0f269fbdeb1
SHA1

31992bd4977a7dfeba67537a2da6c9ca64bc304c
SHA256

b2ac1e407ed3ecd7c7faa6de929a68fb51145662cf793c40b69eb59295bba6bc
SHA512

e8ac879c7198dffb78bc6ee4ad49b5de40a5a7dbbda53d427d0a034941487d13c8bb2b8d590a1fcdd81cd6abb8f21fdfcd52924eb00c45a42ee06c1e4b3d590f
SSDEEP

98304:XNd5DSd5DxTsed5D2ZT00UuOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrTl1:X+sdtObAbN0u

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3888	RobloxPlayerBeta.exe

Loads dropped DLL 1 IoCs

pid	Process
3888	RobloxPlayerBeta.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

pid	Process
3888	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 18 IoCs

pid	Process
3888	RobloxPlayerBeta.exe
3888	RobloxPlayerBeta.exe
3888	RobloxPlayerBeta.exe
3888	RobloxPlayerBeta.exe
3888	RobloxPlayerBeta.exe
3888	RobloxPlayerBeta.exe
3888	RobloxPlayerBeta.exe
3888	RobloxPlayerBeta.exe
3888	RobloxPlayerBeta.exe
3888	RobloxPlayerBeta.exe
3888	RobloxPlayerBeta.exe
3888	RobloxPlayerBeta.exe
3888	RobloxPlayerBeta.exe
3888	RobloxPlayerBeta.exe
3888	RobloxPlayerBeta.exe
3888	RobloxPlayerBeta.exe
3888	RobloxPlayerBeta.exe
3888	RobloxPlayerBeta.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 19 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\roblox\shell\open\command	Bloxstrap-v2.5.4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\roblox\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe"	Bloxstrap-v2.5.4.exe
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\roblox-player\shell\open\command	Bloxstrap-v2.5.4.exe
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\roblox-player\shell	Bloxstrap-v2.5.4.exe
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\roblox-player\shell\open	Bloxstrap-v2.5.4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe\" %1"	Bloxstrap-v2.5.4.exe
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\roblox\shell\open	Bloxstrap-v2.5.4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\roblox\URL Protocol	Bloxstrap-v2.5.4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	Bloxstrap-v2.5.4.exe
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\roblox-player	Bloxstrap-v2.5.4.exe
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\roblox-player\DefaultIcon	Bloxstrap-v2.5.4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\roblox-player\URL Protocol	Bloxstrap-v2.5.4.exe
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\roblox	Bloxstrap-v2.5.4.exe
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\roblox\DefaultIcon	Bloxstrap-v2.5.4.exe
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\roblox\shell	Bloxstrap-v2.5.4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\roblox\ = "URL: Roblox Protocol"	Bloxstrap-v2.5.4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\roblox\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe\" %1"	Bloxstrap-v2.5.4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe"	Bloxstrap-v2.5.4.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
3888	RobloxPlayerBeta.exe
3888	RobloxPlayerBeta.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe
4092	Bloxstrap-v2.5.4.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4092	Bloxstrap-v2.5.4.exe
Token: SeDebugPrivilege	8536	firefox.exe
Token: SeDebugPrivilege	8536	firefox.exe
Token: SeDebugPrivilege	8536	firefox.exe
Token: SeDebugPrivilege	8536	firefox.exe
Token: SeDebugPrivilege	8536	firefox.exe

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
4092	Bloxstrap-v2.5.4.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe

Suspicious use of SendNotifyMessage 6 IoCs

pid	Process
4092	Bloxstrap-v2.5.4.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe

Suspicious use of SetWindowsHookEx 25 IoCs

pid	Process
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe
8536	firefox.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
3888	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 10640 wrote to memory of 8536	10640	firefox.exe	84
PID 10640 wrote to memory of 8536	10640	firefox.exe	84
PID 10640 wrote to memory of 8536	10640	firefox.exe	84
PID 10640 wrote to memory of 8536	10640	firefox.exe	84
PID 10640 wrote to memory of 8536	10640	firefox.exe	84
PID 10640 wrote to memory of 8536	10640	firefox.exe	84
PID 10640 wrote to memory of 8536	10640	firefox.exe	84
PID 10640 wrote to memory of 8536	10640	firefox.exe	84
PID 10640 wrote to memory of 8536	10640	firefox.exe	84
PID 10640 wrote to memory of 8536	10640	firefox.exe	84
PID 10640 wrote to memory of 8536	10640	firefox.exe	84
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7780	8536	firefox.exe	85
PID 8536 wrote to memory of 7676	8536	firefox.exe	86
PID 8536 wrote to memory of 7676	8536	firefox.exe	86
PID 8536 wrote to memory of 7676	8536	firefox.exe	86
PID 8536 wrote to memory of 7676	8536	firefox.exe	86
PID 8536 wrote to memory of 7676	8536	firefox.exe	86
PID 8536 wrote to memory of 7676	8536	firefox.exe	86
PID 8536 wrote to memory of 7676	8536	firefox.exe	86
PID 8536 wrote to memory of 7676	8536	firefox.exe	86
PID 8536 wrote to memory of 7676	8536	firefox.exe	86
PID 8536 wrote to memory of 7676	8536	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4092
- C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe
  "C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe" --app -channel production
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:3888

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:10640
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:8536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8536.0.939728012\47177603" -parentBuildID 20230214051806 -prefsHandle 1752 -prefMapHandle 1744 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3581eb8-ae18-4230-b366-8b0cceddaba7} 8536 "\\.\pipe\gecko-crash-server-pipe.8536" 1844 21718d0e358 gpu
    3⤵
    PID:7780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8536.1.638479753\1220491002" -parentBuildID 20230214051806 -prefsHandle 2412 -prefMapHandle 2400 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {470c8aec-a4ef-4c62-ac74-5a11ed5ec886} 8536 "\\.\pipe\gecko-crash-server-pipe.8536" 2424 2170c085f58 socket
    3⤵
    PID:7676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8536.2.414734291\55908018" -childID 1 -isForBrowser -prefsHandle 3304 -prefMapHandle 3300 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3a33191-2798-477c-8f2c-286be471927e} 8536 "\\.\pipe\gecko-crash-server-pipe.8536" 3440 2171bd50b58 tab
    3⤵
    PID:5580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8536.3.1390056095\1269315235" -childID 2 -isForBrowser -prefsHandle 2772 -prefMapHandle 3100 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35991f80-1acf-4d6a-8539-7a5af3c30457} 8536 "\\.\pipe\gecko-crash-server-pipe.8536" 2756 2170c07be58 tab
    3⤵
    PID:4796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8536.4.647000822\1168480801" -childID 3 -isForBrowser -prefsHandle 5136 -prefMapHandle 5132 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16543fd4-09ef-4631-a443-06cbb5eb1f11} 8536 "\\.\pipe\gecko-crash-server-pipe.8536" 5148 2172105fc58 tab
    3⤵
    PID:8736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8536.5.148521202\980328655" -childID 4 -isForBrowser -prefsHandle 5300 -prefMapHandle 5156 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e1a68c8-2fa4-4526-995b-4e6f2c52fa0b} 8536 "\\.\pipe\gecko-crash-server-pipe.8536" 5288 21721060558 tab
    3⤵
    PID:8744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8536.6.1806497180\34452659" -childID 5 -isForBrowser -prefsHandle 5568 -prefMapHandle 5564 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d258d666-3a23-4660-adde-4929dae36647} 8536 "\\.\pipe\gecko-crash-server-pipe.8536" 5484 21721060258 tab
    3⤵
    PID:8764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8536.7.818682311\1334799420" -childID 6 -isForBrowser -prefsHandle 3100 -prefMapHandle 2852 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5be97e92-80b5-477e-8a67-2f73fb421ac6} 8536 "\\.\pipe\gecko-crash-server-pipe.8536" 5984 21722733e58 tab
    3⤵
    PID:8728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8536.8.1526660014\905877964" -parentBuildID 20230214051806 -prefsHandle 3312 -prefMapHandle 6172 -prefsLen 28039 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ef4121e-d4de-4ab5-887d-cace8fa109ab} 8536 "\\.\pipe\gecko-crash-server-pipe.8536" 6176 21722642858 rdd
    3⤵
    PID:996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8536.9.1966088505\194517833" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 6188 -prefMapHandle 6184 -prefsLen 28039 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81102cf6-014e-45a4-861b-8657cab4abc0} 8536 "\\.\pipe\gecko-crash-server-pipe.8536" 6316 21722644958 utility
    3⤵
    PID:11108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8536.10.1658445575\1610316251" -childID 7 -isForBrowser -prefsHandle 6708 -prefMapHandle 6716 -prefsLen 28039 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e387f2a-19f5-493c-a538-5cfaf6f3ec64} 8536 "\\.\pipe\gecko-crash-server-pipe.8536" 6704 21720699f58 tab
    3⤵
    PID:5236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Bloxstrap\Modifications\ClientSettings\ClientAppSettings.json

Filesize
120B

MD5
636492f4af87f25c20bd34a731007d86

SHA1
22a5c237a739ab0df4ff87c9e3d79dbe0c89b56a

SHA256
22a1e85723295eeb854345be57f7d6fb56f02b232a95d69405bf9d9e67a0fa0d

SHA512
cd2e3a738f535eb1a119bd4c319555899bcd4ce1049d7f8591a1a68c26844f33c1bd1e171706533b5c36263ade5e275b55d40f5710e0210e010925969182cd0c

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaApp\graphic\shimmer_lightTheme.png

Filesize
20KB

MD5
4f8f43c5d5c2895640ed4fdca39737d5

SHA1
fb46095bdfcab74d61e1171632c25f783ef495fa

SHA256
fc57f32c26087eef61b37850d60934eda1100ca8773f08e487191a74766053d1

SHA512
7aebc0f79b2b23a76fb41df8bab4411813ffb1abc5e2797810679c0eaa690e7af7561b8473405694bd967470be337417fa42e30f0318acbf171d8f31620a31aa

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaApp\graphic\[email protected]

Filesize
71KB

MD5
3fec0191b36b9d9448a73ff1a937a1f7

SHA1
bee7d28204245e3088689ac08da18b43eae531ba

SHA256
1a03e6f6a0de045aa588544c392d671c040b82a5598b4246af04f5a74910dc89

SHA512
a8ab2bc2d937963af36d3255c6ea09cae6ab1599996450004bb18e8b8bdfbdde728821ac1662d8a0466680679011d8f366577b143766838fe91edf08a40353ce

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaDiscussions\buttonFill.png

Filesize
247B

MD5
81ce54dfd6605840a1bd2f9b0b3f807d

SHA1
4a3a4c05b9c14c305a8bb06c768abc4958ba2f1c

SHA256
0a6a5cafb4dee0d8c1d182ddec9f68ca0471d7fc820cf8dc2d68f27a35cd3386

SHA512
57069c8ac03dd0fdfd97e2844c19138800ff6f7d508c26e5bc400b30fe78baa0991cc39f0f86fa10cd5d12b6b11b0b09c1a770e5cb2fdca157c2c8986a09e5ff

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2f99b302154c4478\RobloxPlayerBeta.dll

Filesize
17.9MB

MD5
bd22c42dd4641434cca4dd7c5c06aa90

SHA1
5b05fbe688bafe4ebbe8cc25bf0cc8d8d4226a46

SHA256
e9e0a55fd4045da2d5775210bc5a603c088b9dde281f5b209356063d2b948e29

SHA512
defaf7db4a3c9351bf069308d1d569796b270b346987e6865c8036cc65c0971f27b5ab28a21b7c5dc153e8df0a51464a7b9a0bdeeb21fb8b8700fd3f870ead26

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2f99b302154c4478\content\configs\DateTimeLocaleConfigs\zh-hans.json

Filesize
2KB

MD5
fb6605abd624d1923aef5f2122b5ae58

SHA1
6e98c0a31fa39c781df33628b55568e095be7d71

SHA256
7b993133d329c46c0c437d985eead54432944d7b46db6ad6ea755505b8629d00

SHA512
97a14eda2010033265b379aa5553359293baf4988a4cdde8a40b0315e318a7b30feee7f5e14c68131e85610c00585d0c67e636999e3af9b5b2209e1a27a82223

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2f99b302154c4478\content\configs\DateTimeLocaleConfigs\zh-tw.json

Filesize
2KB

MD5
702c9879f2289959ceaa91d3045f28aa

SHA1
775072f139acc8eafb219af355f60b2f57094276

SHA256
a92a6988175f9c1d073e4b54bf6a31f9b5d3652eebdf6a351fb5e12bda76cbd5

SHA512
815a6bef134c0db7a5926f0cf4b3f7702d71b0b2f13eca9539cd2fc5a61eea81b1884e4c4bc0b3398880589bff809ac8d5df833e7e4aeda4a1244e9a875d1e97

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2f99b302154c4478\content\sounds\ouch.ogg

Filesize
6KB

MD5
9404c52d6f311da02d65d4320bfebb59

SHA1
0b5b5c2e7c631894953d5828fec06bdf6adba55f

SHA256
c9775e361392877d1d521d0450a5368ee92d37dc542bc5e514373c9d5003f317

SHA512
22aa1acbcdcf56f571170d9c32fd0d025c50936387203a7827dbb925f352d2bc082a8a79db61c2d1f1795ad979e93367c80205d9141b73d806ae08fa089837c4

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2f99b302154c4478\content\textures\Cursors\KeyboardMouse\IBeamCursor.png

Filesize
292B

MD5
464c4983fa06ad6cf235ec6793de5f83

SHA1
8afeb666c8aee7290ab587a2bfb29fc3551669e8

SHA256
99fd7f104948c6ab002d1ec69ffd6c896c91f9accc499588df0980b4346ecbed

SHA512
f805f5f38535fe487b899486c8de6cf630114964e2c3ebc2af7152a82c6f6faef681b4d936a1867b5dff6566b688b5c01105074443cc2086b3fe71f7e6e404b1

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2f99b302154c4478\content\textures\StudioToolbox\Clear.png

Filesize
538B

MD5
fa8eaf9266c707e151bb20281b3c0988

SHA1
3ca097ad4cd097745d33d386cc2d626ece8cb969

SHA256
8cf08bf7e50fea7b38f59f162ed956346c55a714ed8a9a8b0a1ada7e18480bc2

SHA512
e29274300eab297c6de895bb39170f73f0a4ffa2a8c3732caeeeac16e2c25fb58bb401fdd5823cc62d9c413ec6c43d7c46861d7e14d52f8d9d8ff632e29f167c

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2f99b302154c4478\content\textures\StudioUIEditor\valueBoxRoundedRectangle.png

Filesize
130B

MD5
521fb651c83453bf42d7432896040e5e

SHA1
8fdbf2cc2617b5b58aaa91b94b0bf755d951cad9

SHA256
630303ec4701779eaf86cc9fbf744b625becda53badc7271cbb6ddc56e638d70

SHA512
8fa0a50e52a3c7c53735c7dd7af275ebc9c1843f55bb30ebe0587a85955a8da94ff993822d233f7ed118b1070a7d67718b55ba4a597dc49ed2bf2a3836c696f6

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2f99b302154c4478\content\textures\TerrainTools\checkbox_square.png

Filesize
985B

MD5
2cb16991a26dc803f43963bdc7571e3f

SHA1
12ad66a51b60eeaed199bc521800f7c763a3bc7b

SHA256
c7bae6d856f3bd9f00c122522eb3534d0d198a9473b6a379a5c3458181870646

SHA512
4c9467e5e2d83b778d0fb8b6fd97964f8d8126f07bfd50c5d68c256703f291ceaed56be057e8e2c591b2d2c49f6b7e099a2b7088d0bf5bdd901433459663b1f8

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2f99b302154c4478\content\textures\ui\Controls\XboxController\Thumbstick1.png

Filesize
641B

MD5
2cbe38df9a03133ddf11a940c09b49cd

SHA1
6fb5c191ed8ce9495c66b90aaf53662bfe199846

SHA256
0835a661199a7d8df7249e8ae925987184efcc4fb85d9efac3cc2c1495020517

SHA512
dcef5baccef9fff632456fe7bc3c4f4a403363d9103a8047a55f4bd4c413d0c5f751a2e37385fe9eba7a420dbdb77ca2ff883d47fcdd35af222191cc5bd5c7a9

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2f99b302154c4478\content\textures\ui\Controls\XboxController\[email protected]

Filesize
1KB

MD5
e8c88cf5c5ef7ae5ddee2d0e8376b32f

SHA1
77f2a5b11436d247d1acc3bac8edffc99c496839

SHA256
9607af14604a8e8eb1dec45d3eeca01fed33140c0ccc3e6ef8ca4a1f6219b5dd

SHA512
32f5a1e907705346a56fbddfe0d8841d05415ff7abe28ae9281ba46fedf8270b982be0090b72e2e32de0ce36e21934f80eaf508fd010f7ab132d39f5305fb68f

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2f99b302154c4478\content\textures\ui\Controls\XboxController\[email protected]

Filesize
1KB

MD5
499333dae156bb4c9e9309a4842be4c8

SHA1
d18c4c36bdb297208589dc93715560acaf761c3a

SHA256
d35a74469f1436f114c27c730a5ec0793073bcf098db37f10158d562a3174591

SHA512
91c64173d2cdabc045c70e0538d45e1022cc74ec04989565b85f0f26fe3e788b700a0956a07a8c91d34c06fc1b7fad43bbdbb41b0c6f15b9881c3e46def8103e

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2f99b302154c4478\content\textures\ui\Controls\XboxController\Thumbstick2.png

Filesize
738B

MD5
a402aacac8be906bcc07d50669d32061

SHA1
9d75c1afbe9fc482983978cae4c553aa32625640

SHA256
62a313b6cc9ffe7dd86bc9c4fcd7b8e8d1f14a15cdf41a53fb69af4ae3416102

SHA512
d11567bcaad8bbd9e2b9f497c3215102c7e7546caf425e93791502d3d2b3f78dec13609796fcd6e1e7f5c7d794bac074d00a74001e7fe943d63463b483877546

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2f99b302154c4478\content\textures\ui\Controls\XboxController\[email protected]

Filesize
1KB

MD5
83e9b7823c0a5c4c67a603a734233dec

SHA1
2eaf04ad636bf71afdf73b004d17d366ac6d333e

SHA256
3b5e06eb1a89975def847101f700f0caa60fe0198f53e51974ef1608c6e1e067

SHA512
e8abb39a1ec340ac5c7d63137f607cd09eae0e885e4f73b84d8adad1b8f574155b92fbf2c9d3013f64ebbb6d55ead5419e7546b0f70dcde976d49e7440743b0f

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2f99b302154c4478\content\textures\ui\Controls\XboxController\[email protected]

Filesize
1KB

MD5
55b64987636b9740ab1de7debd1f0b2f

SHA1
96f67222ce7d7748ec968e95a2f6495860f9d9c9

SHA256
f4a6bb3347ee3e603ea0b2f009bfa802103bc434ae3ff1db1f2043fa8cace8fc

SHA512
73a88a278747de3fefbaabb3ff90c1c0750c8d6c17746787f17061f4eff933620407336bf9b755f4222b0943b07d8c4d01de1815d42ea65e78e0daa7072591e9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qt190sk.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
f94d723ebf85631c17ab9cf09c561df5

SHA1
ad40e495934c6a550d12b6353e22908c383d208e

SHA256
57da5ec42619a576dea35981417f7e119522fa286a87633f9133cd97867ef5bf

SHA512
e4c6ac7d8f3cec1ca6fb322af193050d2bbb87cf132c25d8e162d2cef600e55c98a1e232fe7ad8bc409077b4c81d9347be9cd646c47a880393ed40299eeb2ab5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qt190sk.default-release\cache2\doomed\12973

Filesize
10KB

MD5
280fdfd7199cbcf92d811ca81c0b6535

SHA1
a01d9d62b4190e379f5906742c61403a609865bc

SHA256
bf1fd378e8cf8b223ffa98a767fbda02b3b57503df42640cd3f38e4076070e21

SHA512
b2157897f0b71e65715e42d993013550d013813b01b233e727d15d1cb8cda35321c17a28bf6eb43727e8ffe5652b6fe434a928d7099e2c25d6395a098de60201

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qt190sk.default-release\cache2\doomed\14645

Filesize
9KB

MD5
ff3b73edd65f57571d23fa5379ad8da4

SHA1
47a49929878d0f7d7bfac2677193077e2586ce19

SHA256
87c070360e8900d64af83ca121c8d19e300f1014e1ba2b0b2668eb0d6c211355

SHA512
dfe2f24ac2fd16f2bd07a3f1bd9aa0817ea250a3c4a71434c03022463bf7c67a4da558e322e1a2857d68b7d945584a5e182741f42ba3a5a242cb480e4f40009f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qt190sk.default-release\cache2\doomed\14978

Filesize
11KB

MD5
43f4b5f0e8c0ab75cf5edd885774e614

SHA1
e701df0b3ade6912af92ce4824992a1463ae5e8d

SHA256
f53af91da8ebcd80b63a64bfed013c15a11495adc92ce64ef3e377047ed2536f

SHA512
61d73791e2411b4c6241f1e86c65e44b122c0791f54f18f374708df3dac7c45456b0a79939cd531b2d1d692d176f6445b9578a7292e0a4b95d1e1683f48a61ab

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qt190sk.default-release\cache2\doomed\17222

Filesize
10KB

MD5
4ba24cd65f3746c28cd6674976f08b64

SHA1
18219347215fe1f4a671dd145490f08cd0be3c3c

SHA256
e7f40a9a467543982101a72aa4541f95c1bc5007771b589acbd7d06b84815690

SHA512
c40805a077e1951b0227c7936587b7cef026156ef85266a3acfd5341910c121f8d761f6ec03d32425317fa7987c6b161134c2dea991f8915835d85be709c0a4b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qt190sk.default-release\cache2\doomed\18344

Filesize
9KB

MD5
a983762134adf17e3936bd74d6196236

SHA1
4ef9cdfec16b9a6d7bd1715b7fed301ce42ccbc5

SHA256
1fa53c1752078c1b38f5b41d99024a95ffcca34b18333c5e21e8658cd1806bd5

SHA512
88d43a5093ae37af4cffed0efa0b8aa44a685d66db17adf3eff40c2d313f8214ed5143be47e6c0cfa638699f2aa8695e8202f984107ef32ed91e91fff0ffdfae

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qt190sk.default-release\cache2\doomed\24539

Filesize
11KB

MD5
199ab37a19289b68b970d74bf963b174

SHA1
3b3776d219f5e78e773f4bb0e2c27df52ce30d25

SHA256
957f4920725d2ab965ead7b00202ba4330c2a41f2505b75145e7bb3133923720

SHA512
555ec5ff25790b23bcd8e4e646830acc8184279e8dac869f7012f84fc9bed489123424bf7cd58eb8b53edbe711855136729b9216d4c3ee7f7521daf111883592

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qt190sk.default-release\cache2\doomed\25526

Filesize
8KB

MD5
afb264a0ffeabd215f78ace1fbda7a81

SHA1
4d517c43aaf6509338d33ac14d45f44ade075f0c

SHA256
89e54e6846eb5757d3058bea1f78a48bd69d1b1d7cc799e2085c36b29101ff35

SHA512
1a739ed04a9441a418edd90d7e62fb6b1cc427feb418dc1b0ae82c2228c9961e8beba51f36fb23b41100374e1ef07e688ab09fe9549961f2dd6e9636cd261cd2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qt190sk.default-release\cache2\doomed\26783

Filesize
10KB

MD5
0df3d0554a3d55f456f0c8d7dc79dc56

SHA1
f9e7eaa02ea57062baf257233c15b4c638c445c9

SHA256
882e18998fed5a9db2cf266aaf462d527820aa32ca5259b044b90bbe0748a151

SHA512
4aec93529950bb91a83a19bbfcf8a777e20ea05a444029d1b4ee1613439bb6b3b4470463fd8d952b8551dc3ad525ace4e77314f3fb9c2a41a21235da8cf63477

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qt190sk.default-release\cache2\doomed\30060

Filesize
11KB

MD5
7e56de44282d9a0008e15f007959fd03

SHA1
cd08021d427cda39b52300d349360c6d2a60e175

SHA256
2784e35245e423e2e84fb5c211dfd02557bc9810d4d81989888ea50f27046f23

SHA512
34487f14e17b1fb98d303f2e35ec6ad08691dedd0a47580a29bf960f5bc66f17c97a984a4cf1c79b8d70b4fd561b243495db7cb0688e03a8f772a4b48347a256

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qt190sk.default-release\cache2\doomed\4085

Filesize
12KB

MD5
4c04202d7444cf2b0d647ed791e3e1c6

SHA1
5fa904e54da5575365de752b639549ffdd7b4e4a

SHA256
78889aaacde0b23dba5e1e896304ccbd55f8332935555140f12f34a95d44fa1f

SHA512
ed9b272e05dac8780b325bc09725015c8494127d84fd97af708bce4d0c769c722f8b98f669c2598752f8d08346921d73bce8bc14183f2c9efc7f6e9a34dbce46

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qt190sk.default-release\cache2\doomed\4160

Filesize
11KB

MD5
0f5c47795643f7d2c9c8240a95409dd4

SHA1
50c34710d1892a4e82fd7b37f2f79358d0cac565

SHA256
4048ec9c30b5d217514dcc263ffa9774ca902e99e7c950c6296a5fcfdcef0ce7

SHA512
29a0b77d944ed2c28c4269a8714fdd7ed40a1d17384d15a6af959036747be5ad0fcc1e71afc5ebbbbffbcb7ff3ba01893c7fe21329018dfb6027021f016a9050

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qt190sk.default-release\cache2\doomed\4833

Filesize
11KB

MD5
bb219a9780697dd1b79a54dd37f99e06

SHA1
a726c0f2f07ea4825d1c6d2b280faf502de6fbc0

SHA256
2377117cfbab99d9992fa1bce00eb7b46bc7623c1f3138158f565fb81b1b9f17

SHA512
b2a08f5e473ebb95ab62803b7baea054ab2b23689dc5f97f88500163d6aff64e68ffb38db710829e3b1c19a50050947fcb768c9cc9fdfdeda4799f6dfd3e63c0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qt190sk.default-release\cache2\doomed\5970

Filesize
8KB

MD5
50fe964fbd1c1a89f22dde480b64a368

SHA1
5eba34417118ec5a5fc90a70d63a32ffe8a959b5

SHA256
a998f7cf33a72c46102fe24b30e4d4e2fef72364cc137fb67b1ac092dfa34abb

SHA512
de3e50e45d5f88eb390c8c8b92de7f840674c6c2518418387ab8ea7790057b0de3885eb14bf4519bdf3bc85d383aa4f7c8b746c5c37eb2ea17bc31de9d02da97

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\prefs-1.js

Filesize
7KB

MD5
b7b1fb581a7ffca3fada69e0b9520691

SHA1
4525bf898d7744d90f12add5b59f4af69efcaeaa

SHA256
9dc2d5fe3efe5928a8d8dbaf4f3f22f1024b90478dde79edb5e4e9361efb0c27

SHA512
2eb25e61633e590bc38b39043346ba4af90486f40861c726b27a69ba63baa331b9ee723b88957cc2faada9d890782a2953644c7dce4849d7187fcfdb143fe899

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\prefs.js

Filesize
6KB

MD5
969d7afe9ff2746383a86bac21cfc391

SHA1
f8d2bb3ac77b29ee944738654bab2e2246d7d9bc

SHA256
a2591a312e842dd93d96eb6a081736d8de413d03240e1f175fff0332f644e0ee

SHA512
025ad3a8f02386c60a86767b7d8edfff7c702e81b3d5cfc8564ca3f1dba0531e99ccbed3aa624a7dcdf1996303332e93668280f1a44bc48ef31fddfce9459037

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\prefs.js

Filesize
6KB

MD5
7cd05762fb17299d408ac6108be8cf78

SHA1
850efb7e7ad9bc6722895bbdb01350d74406a213

SHA256
ddb5c0aa42e97756ffa2f6f15dce3cb07f213e6588c8d25bd1180e3d842c5215

SHA512
8af41a4dc5880688de735bec6ddafcd597e57bb335cc52977a773c4e5d8e2af8fda49904d36d73697e98e0451f197a2c6ef55af78258ce0f3a6a8ea7dbe1f765

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
ef0963842bb61b1762e9b5e7bdeba641

SHA1
6115f52a9a3c110ac28c2672cd34365516428709

SHA256
0b334dcc87ca7aa9ba754c2fd987fef65eb081e0dfc1f07b2007a955d2d82728

SHA512
88fae59229b5b88450106aa3689c687a913b8bb0dfc09d65c723b09efb7918748165f85136a5a496319ecb7cb6adc2e1e9ea8058df0ea93fddc27da2152541da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
e06a677cd5699b27fb6ff4a2b002df32

SHA1
394275750f2dceb8615485ceedabddf862f90ef0

SHA256
2faaf9574a8b451bdaf48daa8d1f83ba03ca48fdd4162d408e2c7507024dba90

SHA512
02b2cfaf2b23c2095b02866e1c412625d55af76c6343715a579bce280418da5f078434f48fd735571c912060f25eaf70992c3d68987ee621e4ff579d20fc4f33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
c5881d4c1af80f0f880ae3a9ee972c5e

SHA1
0aa7d43250a423179c9e4d72f70b470bfe1b5cb5

SHA256
3c03ecafb64ca5f92270ffd381f06daf7c0f79e1ade7237c655aff948bf5ac40

SHA512
b2472f53a41fe2ae8f770971c99e107bab8913752cce4984c29d07201187890470b4a90f989ea8d9fc563898e86cffaee557a7215a4b0ab5ec27dddd48ce83ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
dd31bde789950786210f02bd9e0185f8

SHA1
d7588932571686963e4011ab0eaa0a6f0bae0291

SHA256
416438d6da27cc8a6905c69e801b103a6baf08abcb93265ff85bfbfe91a74188

SHA512
816e8649d5a9092ffe34cb026b8c4121f8b6542288549851c7bcb66bde390118c6e2da242b2150f2b0ce530fba6125f0c583ae30bddfebee5b4cc3a4dc3e7480

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\storage\default\https+++www.roblox.com\idb\3140325527hBbDa.sqlite

Filesize
48KB

MD5
e05b7471485859704bece469eba7eca2

SHA1
d17ac948047c883ca306e81f160bd2c89b18aed7

SHA256
14c0e89c4f3ba00dfd50bbd4981e883164001ce5ac6a9a7729bc1e82ad671c3d

SHA512
f8980831441750404f5f317e81e58473e15fa8909647c214a6057e3ac646294ae51895dfcac6549e3a2f6e7144aa879462a70d89e0f16980923fa68faf8e278b

Download Submit
memory/3888-7033-0x00007FFFB6740000-0x00007FFFB674D000-memory.dmp

Filesize
52KB

Download
memory/3888-7009-0x00007FFFB5CD0000-0x00007FFFB5CE0000-memory.dmp

Filesize
64KB

Download
memory/3888-7045-0x00007FFFB5700000-0x00007FFFB5710000-memory.dmp

Filesize
64KB

Download
memory/3888-7044-0x00007FFFB55F0000-0x00007FFFB5600000-memory.dmp

Filesize
64KB

Download
memory/3888-7043-0x00007FFFB55F0000-0x00007FFFB5600000-memory.dmp

Filesize
64KB

Download
memory/3888-7041-0x00007FFFB7AC0000-0x00007FFFB7AC9000-memory.dmp

Filesize
36KB

Download
memory/3888-7040-0x00007FFFB7AC0000-0x00007FFFB7AC9000-memory.dmp

Filesize
36KB

Download
memory/3888-7039-0x00007FFFB7AC0000-0x00007FFFB7AC9000-memory.dmp

Filesize
36KB

Download
memory/3888-7038-0x00007FFFB7AC0000-0x00007FFFB7AC9000-memory.dmp

Filesize
36KB

Download
memory/3888-7037-0x00007FFFB7AA0000-0x00007FFFB7AB0000-memory.dmp

Filesize
64KB

Download
memory/3888-7036-0x00007FFFB7AA0000-0x00007FFFB7AB0000-memory.dmp

Filesize
64KB

Download
memory/3888-7035-0x00007FFFB7AA0000-0x00007FFFB7AB0000-memory.dmp

Filesize
64KB

Download
memory/3888-7047-0x00007FFFB5730000-0x00007FFFB5750000-memory.dmp

Filesize
128KB

Download
memory/3888-7032-0x00007FFFB6740000-0x00007FFFB674D000-memory.dmp

Filesize
52KB

Download
memory/3888-7031-0x00007FFFB6740000-0x00007FFFB674D000-memory.dmp

Filesize
52KB

Download
memory/3888-7030-0x00007FFFB6740000-0x00007FFFB674D000-memory.dmp

Filesize
52KB

Download
memory/3888-7029-0x00007FFFB6700000-0x00007FFFB6710000-memory.dmp

Filesize
64KB

Download
memory/3888-7028-0x00007FFFB6700000-0x00007FFFB6710000-memory.dmp

Filesize
64KB

Download
memory/3888-7027-0x00007FFFB6690000-0x00007FFFB66A0000-memory.dmp

Filesize
64KB

Download
memory/3888-7026-0x00007FFFB6690000-0x00007FFFB66A0000-memory.dmp

Filesize
64KB

Download
memory/3888-7024-0x00007FFFB5B60000-0x00007FFFB5B70000-memory.dmp

Filesize
64KB

Download
memory/3888-7023-0x00007FFFB5B60000-0x00007FFFB5B70000-memory.dmp

Filesize
64KB

Download
memory/3888-7022-0x00007FFFB5B40000-0x00007FFFB5B50000-memory.dmp

Filesize
64KB

Download
memory/3888-7021-0x00007FFFB5B40000-0x00007FFFB5B50000-memory.dmp

Filesize
64KB

Download
memory/3888-7020-0x00007FFFB5B40000-0x00007FFFB5B50000-memory.dmp

Filesize
64KB

Download
memory/3888-7019-0x00007FFFB5990000-0x00007FFFB59A0000-memory.dmp

Filesize
64KB

Download
memory/3888-7018-0x00007FFFB5990000-0x00007FFFB59A0000-memory.dmp

Filesize
64KB

Download
memory/3888-7017-0x00007FFFB5820000-0x00007FFFB5830000-memory.dmp

Filesize
64KB

Download
memory/3888-7016-0x00007FFFB5820000-0x00007FFFB5830000-memory.dmp

Filesize
64KB

Download
memory/3888-7013-0x00007FFFB5CF0000-0x00007FFFB5D10000-memory.dmp

Filesize
128KB

Download
memory/3888-7012-0x00007FFFB5CF0000-0x00007FFFB5D10000-memory.dmp

Filesize
128KB

Download
memory/3888-7011-0x00007FFFB5CF0000-0x00007FFFB5D10000-memory.dmp

Filesize
128KB

Download
memory/3888-7010-0x00007FFFB5CF0000-0x00007FFFB5D10000-memory.dmp

Filesize
128KB

Download
memory/3888-7046-0x00007FFFB5700000-0x00007FFFB5710000-memory.dmp

Filesize
64KB

Download
memory/3888-7008-0x00007FFFB5CD0000-0x00007FFFB5CE0000-memory.dmp

Filesize
64KB

Download
memory/3888-7007-0x00007FFFB5C40000-0x00007FFFB5C50000-memory.dmp

Filesize
64KB

Download
memory/3888-7006-0x00007FFFB5C40000-0x00007FFFB5C50000-memory.dmp

Filesize
64KB

Download
memory/3888-7002-0x00007FFFB7F10000-0x00007FFFB7F40000-memory.dmp

Filesize
192KB

Download
memory/3888-7001-0x00007FFFB7F10000-0x00007FFFB7F40000-memory.dmp

Filesize
192KB

Download
memory/3888-7000-0x00007FFFB7F10000-0x00007FFFB7F40000-memory.dmp

Filesize
192KB

Download
memory/3888-6999-0x00007FFFB7EC0000-0x00007FFFB7ED0000-memory.dmp

Filesize
64KB

Download
memory/3888-6998-0x00007FFFB7EC0000-0x00007FFFB7ED0000-memory.dmp

Filesize
64KB

Download
memory/3888-6997-0x00007FFFB7DA0000-0x00007FFFB7DB0000-memory.dmp

Filesize
64KB

Download
memory/3888-6996-0x00007FFFB7DA0000-0x00007FFFB7DB0000-memory.dmp

Filesize
64KB

Download
memory/3888-7048-0x00007FFFB5730000-0x00007FFFB5750000-memory.dmp

Filesize
128KB

Download
memory/3888-7050-0x00007FFFB5730000-0x00007FFFB5750000-memory.dmp

Filesize
128KB

Download
memory/3888-7049-0x00007FFFB5730000-0x00007FFFB5750000-memory.dmp

Filesize
128KB

Download
memory/3888-7051-0x00007FFFB5730000-0x00007FFFB5750000-memory.dmp

Filesize
128KB

Download
memory/3888-7052-0x00007FFFB5BA0000-0x00007FFFB5BC6000-memory.dmp

Filesize
152KB

Download
memory/3888-7053-0x00007FFFB5BA0000-0x00007FFFB5BC6000-memory.dmp

Filesize
152KB

Download
memory/3888-7054-0x00007FFFB5BA0000-0x00007FFFB5BC6000-memory.dmp

Filesize
152KB

Download
memory/3888-7055-0x00007FFFB5BA0000-0x00007FFFB5BC6000-memory.dmp

Filesize
152KB

Download
memory/3888-7056-0x00007FFFB5BA0000-0x00007FFFB5BC6000-memory.dmp

Filesize
152KB

Download
memory/3888-7057-0x00007FFFB7D90000-0x00007FFFB7D91000-memory.dmp

Filesize
4KB

Download
memory/3888-7058-0x00007FFFB7F10000-0x00007FFFB7F40000-memory.dmp

Filesize
192KB

Download
memory/3888-7059-0x00007FFFB7F10000-0x00007FFFB7F40000-memory.dmp

Filesize
192KB

Download
memory/3888-7042-0x00007FFFB7AC0000-0x00007FFFB7AC9000-memory.dmp

Filesize
36KB

Download
memory/3888-7034-0x00007FFFB6740000-0x00007FFFB674D000-memory.dmp

Filesize
52KB

Download
memory/3888-7025-0x00007FFFB5B60000-0x00007FFFB5B70000-memory.dmp

Filesize
64KB

Download
memory/3888-7014-0x00007FFFB5CF0000-0x00007FFFB5D10000-memory.dmp

Filesize
128KB

Download
memory/3888-7015-0x00007FFFB5DE0000-0x00007FFFB5DEC000-memory.dmp

Filesize
48KB

Download
memory/3888-7003-0x00007FFFB7F10000-0x00007FFFB7F40000-memory.dmp

Filesize
192KB

Download
memory/3888-7005-0x00007FFFB7FA0000-0x00007FFFB7FA9000-memory.dmp

Filesize
36KB

Download
memory/3888-7004-0x00007FFFB7F10000-0x00007FFFB7F40000-memory.dmp

Filesize
192KB

Download
memory/4092-0-0x00007FFFA844B000-0x00007FFFA844C000-memory.dmp

Filesize
4KB

Download
memory/4092-3-0x00007FFFA844B000-0x00007FFFA844C000-memory.dmp

Filesize
4KB

Download