hxxps://github[.]com/pizzaboxer/bloxstrap/releases/tag/v2[.]7[.]0

Resubmissions

26/07/2024, 19:49

240726-yjs1ra1bpk 8

26/07/2024, 19:47

240726-yhjexstfmb 3

26/07/2024, 19:44

240726-yf17ystemd 5

26/07/2024, 19:40

240726-yd146stdkg 7

Analysis

max time kernel
150s
max time network
155s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
26/07/2024, 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/pizzaboxer/bloxstrap/releases/tag/v2.7.0

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3340	Bloxstrap-v2.7.0.exe
8180	RobloxPlayerBeta.exe

Loads dropped DLL 1 IoCs

pid	Process
8180	RobloxPlayerBeta.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

pid	Process
8180	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 18 IoCs

pid	Process
8180	RobloxPlayerBeta.exe
8180	RobloxPlayerBeta.exe
8180	RobloxPlayerBeta.exe
8180	RobloxPlayerBeta.exe
8180	RobloxPlayerBeta.exe
8180	RobloxPlayerBeta.exe
8180	RobloxPlayerBeta.exe
8180	RobloxPlayerBeta.exe
8180	RobloxPlayerBeta.exe
8180	RobloxPlayerBeta.exe
8180	RobloxPlayerBeta.exe
8180	RobloxPlayerBeta.exe
8180	RobloxPlayerBeta.exe
8180	RobloxPlayerBeta.exe
8180	RobloxPlayerBeta.exe
8180	RobloxPlayerBeta.exe
8180	RobloxPlayerBeta.exe
8180	RobloxPlayerBeta.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133664964929520560"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Bloxstrap-v2.7.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Bloxstrap-v2.7.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	Bloxstrap-v2.7.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\roblox\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe\" %1"	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\roblox-player\shell	Bloxstrap-v2.7.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Bloxstrap-v2.7.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	Bloxstrap-v2.7.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Bloxstrap-v2.7.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Bloxstrap-v2.7.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\roblox\shell\open\command	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	Bloxstrap-v2.7.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Bloxstrap-v2.7.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	Bloxstrap-v2.7.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 6c00310000000000e958398910004f4e454e4f547e310000540009000400efbee9583989e95840892e000000639f02000000010000000000000000000000000000000dd07b004f006e0065004e006f007400650020004e006f007400650062006f006f006b007300000018000000	Bloxstrap-v2.7.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	Bloxstrap-v2.7.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\roblox\URL Protocol	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	Bloxstrap-v2.7.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	Bloxstrap-v2.7.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	Bloxstrap-v2.7.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	Bloxstrap-v2.7.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	Bloxstrap-v2.7.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	Bloxstrap-v2.7.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\roblox\shell	Bloxstrap-v2.7.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	Bloxstrap-v2.7.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\roblox-player	Bloxstrap-v2.7.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe\" %1"	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Bloxstrap-v2.7.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	Bloxstrap-v2.7.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\roblox\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe"	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\roblox-player\shell\open\command	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	Bloxstrap-v2.7.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "2"	Bloxstrap-v2.7.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents"	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	Bloxstrap-v2.7.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	Bloxstrap-v2.7.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Bloxstrap-v2.7.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Bloxstrap-v2.7.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\roblox\ = "URL: Roblox Protocol"	Bloxstrap-v2.7.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\roblox	Bloxstrap-v2.7.0.exe
Key created	\Registry\User\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\NotificationData	Bloxstrap-v2.7.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	Bloxstrap-v2.7.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	Bloxstrap-v2.7.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	Bloxstrap-v2.7.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\roblox\DefaultIcon	Bloxstrap-v2.7.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	Bloxstrap-v2.7.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	Bloxstrap-v2.7.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Bloxstrap-v2.7.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	Bloxstrap-v2.7.0.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe\:Zone.Identifier:$DATA	Bloxstrap-v2.7.0.exe
File opened for modification	C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4440	chrome.exe
4440	chrome.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
8180	RobloxPlayerBeta.exe
8180	RobloxPlayerBeta.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
5404	chrome.exe
5404	chrome.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
5404	chrome.exe
5404	chrome.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe
3340	Bloxstrap-v2.7.0.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3340	Bloxstrap-v2.7.0.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4440	chrome.exe
4440	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
3340	Bloxstrap-v2.7.0.exe

Suspicious use of SendNotifyMessage 13 IoCs

pid	Process
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
3340	Bloxstrap-v2.7.0.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1184	MiniSearchHost.exe
3340	Bloxstrap-v2.7.0.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
8180	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 3976	4440	chrome.exe	81
PID 4440 wrote to memory of 3976	4440	chrome.exe	81
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1868	4440	chrome.exe	82
PID 4440 wrote to memory of 1224	4440	chrome.exe	83
PID 4440 wrote to memory of 1224	4440	chrome.exe	83
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84
PID 4440 wrote to memory of 3348	4440	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pizzaboxer/bloxstrap/releases/tag/v2.7.0
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fffe926cc40,0x7fffe926cc4c,0x7fffe926cc58
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,9897462965579054647,2988527020475654916,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1712,i,9897462965579054647,2988527020475654916,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1972 /prefetch:3
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,9897462965579054647,2988527020475654916,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2356 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,9897462965579054647,2988527020475654916,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,9897462965579054647,2988527020475654916,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,9897462965579054647,2988527020475654916,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4428 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5072,i,9897462965579054647,2988527020475654916,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5064,i,9897462965579054647,2988527020475654916,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5372,i,9897462965579054647,2988527020475654916,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4432,i,9897462965579054647,2988527020475654916,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:3784
- C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe
  "C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe"
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3340
- - C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2e10d35f26294ab6\RobloxPlayerBeta.exe
    "C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2e10d35f26294ab6\RobloxPlayerBeta.exe" --app -channel production
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of UnmapMainImage
    PID:8180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3720,i,9897462965579054647,2988527020475654916,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5404

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1184

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:900

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Bloxstrap\Modifications\ClientSettings\ClientAppSettings.json

Filesize
79B

MD5
eab6dcc312473d43c2fa8cc41280d79c

SHA1
b4e9ec7e579d06dfcaa5ac616de2751308a153c3

SHA256
0a27d3c9100ab7ab6f03c45daeb0f0cd586f3aeb59daf7986e853f9614e954fe

SHA512
1ce0fdc237110d644bcc8238f184554f25813ccf7142fd312ce96fbb6659081db677b04485bf66d52100136da6bb9688e48b1287455725c7b4950153aa2a4595

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Modifications\content\sounds\action_falling.mp3

Filesize
36KB

MD5
c48c0f1f12b88868bdfa5dbe93625773

SHA1
7e0ce4bff82981d945087fd9411281f740e2a398

SHA256
7a5e846a8fefe27ea1cd500f46bb63583b45fb86596a3a7561a186a14d1ab147

SHA512
b15f9a96a7a0687219ba0aef84e35001e8afbb32e41a4e3e7b93b8e4080fc31cbf09de32e219498723438d26adcbe4b0f0685a095af078882ce94dcff0bac2fc

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2e10d35f26294ab6\ExtraContent\places\Mobile.rbxl

Filesize
157KB

MD5
34cf579311f6f9a358bea63c563bf5f0

SHA1
c8681c2e32f8c102c736495533e9f3a3fc533fe2

SHA256
70604d44c691309d79035b2695a0ce2efcdc41adcc764e78542eefb52319e20f

SHA512
6bedf5e296cb7dcf4a2930e4ca9522bece02a76673a7d052cc6a6c3eb982a054c8a842aa74bfad9d60af505e930757d8ef257ab56e0d261a348ba74b25bd8f3e

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2e10d35f26294ab6\RobloxPlayerBeta.dll

Filesize
16.8MB

MD5
a72617866cec84bef5f9fde55ff3ffb1

SHA1
2232aeb925c18b89727a6478c3d1f49274ecc788

SHA256
bd051782e089d442791f2cdf3c9742ff978968f518253dd81084f29e29ddd00c

SHA512
e266db6eefc1e5cf9365cc375e95ae35830835e8ec9fa1cd18dbab2df2eb1d977a9f5e0d794c581f96888b02bf384ddab18f8851a500dc4ef0191b70d72b58d2

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2e10d35f26294ab6\content\sounds\action_footsteps_plastic.mp3

Filesize
29KB

MD5
08bcdedf21b7843a0554c57e33357fdd

SHA1
36498057f481df17f2a208a8d86ac0004e6d5469

SHA256
11da1dda2276b4a29315b0f91ed6deb29d309e5ffe4fde256a80b86534043e28

SHA512
15bc4d55d5e8915cc427f4d19011598d224e7053d94ee04acb53b30e8f4e9880665e2108d87f09b59716252d35230340e99422f488f952d287328f18b9929280

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2e10d35f26294ab6\content\sounds\action_get_up.mp3

Filesize
6KB

MD5
fffb71b8be5f1d71eb040b22068d61f5

SHA1
d675c8d5568e67e85cd7dc03d191832349155a12

SHA256
6134552f737b81230d42e17f3b32a8e30d0943cb2fab5f4fac756c2f0e3213bb

SHA512
adeb26967e37ccffa400952c4112ab850d8475f95c87827c84dbb34b19a56acd0b88a56eda3afcc244136b05d826ea964406e67177adbe6d6ebd3cff89a87735

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2e10d35f26294ab6\content\sounds\action_jump.mp3

Filesize
5KB

MD5
5e8ac4372fe9cb87a43722142d2d4e3b

SHA1
d7e9a6f1616fb86cc27dd567c42b19500cdeb7a5

SHA256
7a6538ea47940710cec9e1695284e8eb751198324d089b26ed52992f69cc2607

SHA512
72e21431a782ea1a882e3525a83cb22439c1c72f2d14154fa2e080fb682aa1a54fa32dc90d423b74def21cd7a76d7f1baf6d77c5d0823f04e7cb8fa81c73db47

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2e10d35f26294ab6\content\sounds\ouch.ogg

Filesize
6KB

MD5
9404c52d6f311da02d65d4320bfebb59

SHA1
0b5b5c2e7c631894953d5828fec06bdf6adba55f

SHA256
c9775e361392877d1d521d0450a5368ee92d37dc542bc5e514373c9d5003f317

SHA512
22aa1acbcdcf56f571170d9c32fd0d025c50936387203a7827dbb925f352d2bc082a8a79db61c2d1f1795ad979e93367c80205d9141b73d806ae08fa089837c4

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0c9d80578334907e484e6d4c33c7dd0b

SHA1
5c3d88da1f9cce2794b78f84607603e9dc85ad20

SHA256
d4d8fa9a752841b627cbb4871d157c9a5eb3714cb42388852ef15321bcc0c6a1

SHA512
a9b16a3694b02cf7db4044b8a9f5ef120a7c0537b07572658cf246c68b687328124f17c0ff849998a5331302c8c4698d08e418be2102fea75807ea26a9c426df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
10.1MB

MD5
2c752edef5b0aa0962a3e01c4c82a2fa

SHA1
9c3afd1c63f2b0dbdc2dc487709471222d2cb81e

SHA256
891846bf656253ca1cdd28584a28681e9604e2a03d74cd6b99313e3bff11daf8

SHA512
04d25fe7d40c8c320ffc545a038ad6ea458df6a8a552b0e0393b369a03b9bf273c72f30169bd54e8eb10757c04bdddf3859c601c1eb9e1a12fe4d15658906dfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c3a1cac9c92296707e96c3d8b27699f7

SHA1
e47491c9138bf72b707352c6e6c82b7ff8a1ac69

SHA256
248fa1b0ac8e79c975a4478c6d1334899ade59c0ae3380afa44d1ae204421b06

SHA512
6db407a6d78cd66bcc80226c7b0bdebe7f0c90eeea23915a715db933775f52525c18b8fd22f834602d6fdc24684f6c730bc8fb03ab93e8127650222d31dfbf78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bd5e7c0ff57cdae3f1eed8b258eeb3e8

SHA1
9e952aa2a78314861ca567c8a28554b4f4076fb9

SHA256
7831e77f53aef5dd71262cd9fd55de793ee10136e5d701d8f3571055de5d6ce2

SHA512
ef8fa24354921387b14f1bb6f4cea9c79dde2391d3fdae925e94bbd14ca304686d4cc17b7e8a626e4aceed7b2094ae137e8268fbe31ad7741135ccc9c8fecea7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
07606ad79c2d5fe4d5dbe459d710ad69

SHA1
49717d4ffb2b1f8579c78201b4d50c6993a44f78

SHA256
e03c18b7eef7d7bf7124645ab05ff2a4814c02259f46e239f49fb8828937941a

SHA512
e1cde9b0a0d0dd55c23a34ced5d98d2670ea5acd5b48bfb902de9df9582a0d564bff2a740ea7a85cd9c7d11cef37b314fa505db2ac5fdd4b629548337b088a0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
22ea242c62b4e6a4a5731c82bb533ac8

SHA1
c59b92704bfde0abdab15542cca0d1449a72be4f

SHA256
a95e2a3d8ea6e435b68869266d5f38f225f8fe568ad49651a7927538ac41e0fe

SHA512
c970786150006d07feacd73e36faada5973be7bd8f1e73d7582ba478d730cac5fee82335a5ce34c5e7af387db31205233f26c86fda0d7801c43ad8de222aa3d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
129fe3886f5038032a63f33e3e22e5b1

SHA1
e561b48373e7fb173a1e37a89a9f92e6fa97f582

SHA256
3f05de1f4c3396d8efed9dcf211927c013d9835e26e521e176f50dc039d1eaad

SHA512
977d8251e3c2998c00bc405282788aa886a184956403560bda4f9269ea18777b4e725626434ccbf30050dfdf8733974e99d30413c5acdb27763fd38f67088d8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0719f276411d37f014a4c532335cd1e4

SHA1
1717540015996e2059e0daf0f77fcd926340bf05

SHA256
50411be251c358b82620b04d2094cc60c36ae88a17d0308e921319cebf022ffb

SHA512
e07cc07c08a4e0718f6dea9a3c7761ebe319fe71a6f13c5715f29a84c7ed3169f494ff6dea5ebed4c3360717240ab7102f03a0afc52b75fe9aed3bf742a42c34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
42a57e349c9d87be69f2829ed29ea1a5

SHA1
9ad401caecca93c664fb38b5ee4c31be51dfa2d8

SHA256
6e499ac46aeac39ada6bbdd9ec4c1bfb301218fa420ee053bd3004e13d77c312

SHA512
6e06f4cfb70e05422e346e500920025c1e8b1ef11e564b3d25e7356b4936ee2c5f40e5ab2490d669acd7ddd408f96ac00ff0207d23a83c4ea127a9de2476b0f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7877d90f677993ed8238716767ff96ab

SHA1
c32a351a962ce80d19bb9ac79beb202f95bddf02

SHA256
d027ed0b1f22831b55c6acaa9020f3b6f14b2f4d36960b4e68bc0d9792f5d732

SHA512
78e96b1a869c87b90f68370006329b290b73e82c10f3d13c93261b8f80e6ebf150d267aa323619de4f9a4cf00e512ab0223f5341d84e2c506e2d5216dc0f6185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0c7b1d505da10d9b659d1b662692c33b

SHA1
25aa13de884a0d0e89e3626edf0b854f22092579

SHA256
d63ff9549394934e872f7ce9d3c0c9eb2c51bbe26c1f5ddfae35b5f36709eb6d

SHA512
395db16a59c08d1d47dd41061331c6aab3879110eb08e8a4218c958d2d33e4fa9c76c0577ed0be50ff98f536aa5e7371fa7c58d17fc57083db83cf1958feea57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5a57fe5d8d45eca1cf57f8bc266b0a69

SHA1
d01bf38d06d620899501964520fd91ad02d46330

SHA256
2066b77928175947da3a407abf47fa17dc05e3047d555225a48a20153de8750a

SHA512
20986316cab343cc596fae0eb2ba7073ab2290103f82220aff052c5467425af9214bab9c5a18416b57ecdc34131797e342218e86c2b30068060bf82cc11a799f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e377d2c8a6f2a4ffbfececfff638b441

SHA1
d2479afe80f15e233ee49be7d980629bf813b7e9

SHA256
039f4074ed5837c31f2b89025be47a1de8b040851d5db4f9a36abbaaa1a9c54e

SHA512
18d84fb0764733161548630148b89767038670f293cf6fdaf0f07f99a4715b45ef63c328c8c6682783e6ab33d4cd0cedfa2ad5689b4e8c03600ffaac94a178c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f95c5d2d3aca25a445858388625d078b

SHA1
c3475d7f760592cb2578ba661a1babe838cc241f

SHA256
e5e2000c6a0a1f06d938ac58d745276794407ca1a240b0fd7cca7f064474a253

SHA512
2173d332e76833b9d4c3a780ebc5aacccf499a34858bfeb1c182d5d177534f9953955b4a0780c0f4da52a091ab5c9f81a58bfd53ff3d5cbf6db0f7e1c10efb72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
41d03b0409b54b52e38e6a33d0bd4cce

SHA1
251ae72051d4dbfd91fa6ef4bb832d7eac01021e

SHA256
0695217ea843139e0802470dc64712a42d8d43290900c4bd3b5f08e994ef2db9

SHA512
e7f4918655e3df21d9bb71fd134a20bd8a53f34de573dc1637e4d63e05a73df5a43711bb0b1d33781b7cf0ee17e1140f6d09817fba2f19ed8cae1399bc7ec71c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
936a7a04e902af42bd8d7c20f04b5afd

SHA1
57fb157f0e33e0af0c5540805dfea0daa1d451e7

SHA256
7104d1435f204cc76a3cd90683f1964a68ec22b03e53895c186f7b235d0b2ba9

SHA512
44f1acd9f58428f5df3d782afd058fc644c476eff59d4850159afc139f77fcc9aa8ae30b57b0adc8b7ddad2b1254c87d6004062ed41b4496000d454771a4544f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
abebc49fbfc2dfe4a91e66a691fa6b44

SHA1
0913547ca69719689558b1c841334d59586d0833

SHA256
ece1d96590dfd66ffed8b5170b80c6602e9a16f6855b81daeba8a39498ce018a

SHA512
50459ea47339387bf47d22e3aa29b3d4d076d38cfedacb0b1af18f7afcb06ce03d9317fbf83ccde4bb50faddc45adafcb5c7b622e915580dee1cec980ac8e6ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
d3eca18f33fca2f71406ac55c090fb4a

SHA1
c2b66679ed6f187779210c3eb99e54d4a3775396

SHA256
b0ea42cc3f0c0f3f6a263034219c8325a6feaaeaa789912c8e682482f773b135

SHA512
fc41769363d66b8fe99b47294496375bf8ffff756764d4320a2ee7770749f7bbfaa4e165b22692e26de44089c6f22fc9c199d2dc698acf7b76aea7f1abbb8706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
d7d22ef4d501b8a7bd3e1af3a1bc43aa

SHA1
b58594dccfdc00bd71eb0a5b4797555938944e6d

SHA256
6c2aba721c4b0ddd0c1d33a391337dd79e9443741b1113c798865ddcf57c1d4a

SHA512
d836e78199efc765c975dfe8ba162f0e6d77d13b96b411f99ddc5b61fa10a13af21e39f862c22e111a877cbed30ac3e9d765032f91aec4ccaa1d2b4f04b27174

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
fa818effcde20598c3b9ec9eebc345dc

SHA1
a26401fd9c0b51b32e036e18f3b6ae3a14240227

SHA256
065e354a76c8f6f6db86558fe1376dd6bd479104bd75f95b4022b2be16fc69ec

SHA512
df9686a22117e1f1c8fdcc29526fe7301323a37afcd67dd83d3183546bf02849cade68f5af8eef59f415f00076d890b1f5055b94ea96ce395d416499644d0943

Download Submit
C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/8180-3905-0x00007FFFF5B60000-0x00007FFFF5B70000-memory.dmp

Filesize
64KB

Download
memory/8180-3917-0x00007FFFF6660000-0x00007FFFF6670000-memory.dmp

Filesize
64KB

Download
memory/8180-3890-0x00007FFFF62E0000-0x00007FFFF6300000-memory.dmp

Filesize
128KB

Download
memory/8180-3887-0x00007FFFF6230000-0x00007FFFF6240000-memory.dmp

Filesize
64KB

Download
memory/8180-3889-0x00007FFFF62C0000-0x00007FFFF62D0000-memory.dmp

Filesize
64KB

Download
memory/8180-3888-0x00007FFFF62C0000-0x00007FFFF62D0000-memory.dmp

Filesize
64KB

Download
memory/8180-3886-0x00007FFFF6230000-0x00007FFFF6240000-memory.dmp

Filesize
64KB

Download
memory/8180-3877-0x00007FFFF80C0000-0x00007FFFF80D0000-memory.dmp

Filesize
64KB

Download
memory/8180-3895-0x00007FFFF63D0000-0x00007FFFF63DC000-memory.dmp

Filesize
48KB

Download
memory/8180-3894-0x00007FFFF62E0000-0x00007FFFF6300000-memory.dmp

Filesize
128KB

Download
memory/8180-3893-0x00007FFFF62E0000-0x00007FFFF6300000-memory.dmp

Filesize
128KB

Download
memory/8180-3892-0x00007FFFF62E0000-0x00007FFFF6300000-memory.dmp

Filesize
128KB

Download
memory/8180-3891-0x00007FFFF62E0000-0x00007FFFF6300000-memory.dmp

Filesize
128KB

Download
memory/8180-3904-0x00007FFFF5B60000-0x00007FFFF5B70000-memory.dmp

Filesize
64KB

Download
memory/8180-3876-0x00007FFFF80C0000-0x00007FFFF80D0000-memory.dmp

Filesize
64KB

Download
memory/8180-3903-0x00007FFFF5B60000-0x00007FFFF5B70000-memory.dmp

Filesize
64KB

Download
memory/8180-3902-0x00007FFFF5B40000-0x00007FFFF5B50000-memory.dmp

Filesize
64KB

Download
memory/8180-3901-0x00007FFFF5B40000-0x00007FFFF5B50000-memory.dmp

Filesize
64KB

Download
memory/8180-3900-0x00007FFFF5B40000-0x00007FFFF5B50000-memory.dmp

Filesize
64KB

Download
memory/8180-3899-0x00007FFFF5990000-0x00007FFFF59A0000-memory.dmp

Filesize
64KB

Download
memory/8180-3898-0x00007FFFF5990000-0x00007FFFF59A0000-memory.dmp

Filesize
64KB

Download
memory/8180-3897-0x00007FFFF5820000-0x00007FFFF5830000-memory.dmp

Filesize
64KB

Download
memory/8180-3896-0x00007FFFF5820000-0x00007FFFF5830000-memory.dmp

Filesize
64KB

Download
memory/8180-3906-0x00007FFFF6170000-0x00007FFFF6180000-memory.dmp

Filesize
64KB

Download
memory/8180-3914-0x00007FFFF6220000-0x00007FFFF622D000-memory.dmp

Filesize
52KB

Download
memory/8180-3913-0x00007FFFF6220000-0x00007FFFF622D000-memory.dmp

Filesize
52KB

Download
memory/8180-3922-0x00007FFFF6680000-0x00007FFFF6689000-memory.dmp

Filesize
36KB

Download
memory/8180-3921-0x00007FFFF6680000-0x00007FFFF6689000-memory.dmp

Filesize
36KB

Download
memory/8180-3920-0x00007FFFF6680000-0x00007FFFF6689000-memory.dmp

Filesize
36KB

Download
memory/8180-3919-0x00007FFFF6680000-0x00007FFFF6689000-memory.dmp

Filesize
36KB

Download
memory/8180-3918-0x00007FFFF6680000-0x00007FFFF6689000-memory.dmp

Filesize
36KB

Download
memory/8180-3878-0x00007FFFF81E0000-0x00007FFFF81F0000-memory.dmp

Filesize
64KB

Download
memory/8180-3916-0x00007FFFF6660000-0x00007FFFF6670000-memory.dmp

Filesize
64KB

Download
memory/8180-3915-0x00007FFFF6660000-0x00007FFFF6670000-memory.dmp

Filesize
64KB

Download
memory/8180-3912-0x00007FFFF6220000-0x00007FFFF622D000-memory.dmp

Filesize
52KB

Download
memory/8180-3911-0x00007FFFF6220000-0x00007FFFF622D000-memory.dmp

Filesize
52KB

Download
memory/8180-3910-0x00007FFFF6220000-0x00007FFFF622D000-memory.dmp

Filesize
52KB

Download
memory/8180-3909-0x00007FFFF61E0000-0x00007FFFF61F0000-memory.dmp

Filesize
64KB

Download
memory/8180-3908-0x00007FFFF61E0000-0x00007FFFF61F0000-memory.dmp

Filesize
64KB

Download
memory/8180-3907-0x00007FFFF6170000-0x00007FFFF6180000-memory.dmp

Filesize
64KB

Download
memory/8180-3924-0x00007FFFF5DF0000-0x00007FFFF5E00000-memory.dmp

Filesize
64KB

Download
memory/8180-3931-0x00007FFFF5F30000-0x00007FFFF5F50000-memory.dmp

Filesize
128KB

Download
memory/8180-3936-0x00007FFFF56D0000-0x00007FFFF56F6000-memory.dmp

Filesize
152KB

Download
memory/8180-3939-0x00007FFFF8230000-0x00007FFFF8260000-memory.dmp

Filesize
192KB

Download
memory/8180-3938-0x00007FFFF8230000-0x00007FFFF8260000-memory.dmp

Filesize
192KB

Download
memory/8180-3937-0x00007FFFF80B0000-0x00007FFFF80B1000-memory.dmp

Filesize
4KB

Download
memory/8180-3934-0x00007FFFF56D0000-0x00007FFFF56F6000-memory.dmp

Filesize
152KB

Download
memory/8180-3933-0x00007FFFF56D0000-0x00007FFFF56F6000-memory.dmp

Filesize
152KB

Download
memory/8180-3932-0x00007FFFF56D0000-0x00007FFFF56F6000-memory.dmp

Filesize
152KB

Download
memory/8180-3930-0x00007FFFF5F30000-0x00007FFFF5F50000-memory.dmp

Filesize
128KB

Download
memory/8180-3929-0x00007FFFF5F30000-0x00007FFFF5F50000-memory.dmp

Filesize
128KB

Download
memory/8180-3928-0x00007FFFF5F30000-0x00007FFFF5F50000-memory.dmp

Filesize
128KB

Download
memory/8180-3927-0x00007FFFF5F30000-0x00007FFFF5F50000-memory.dmp

Filesize
128KB

Download
memory/8180-3926-0x00007FFFF5F00000-0x00007FFFF5F10000-memory.dmp

Filesize
64KB

Download
memory/8180-3935-0x00007FFFF56D0000-0x00007FFFF56F6000-memory.dmp

Filesize
152KB

Download
memory/8180-3925-0x00007FFFF5F00000-0x00007FFFF5F10000-memory.dmp

Filesize
64KB

Download
memory/8180-3923-0x00007FFFF5DF0000-0x00007FFFF5E00000-memory.dmp

Filesize
64KB

Download
memory/8180-3880-0x00007FFFF8230000-0x00007FFFF8260000-memory.dmp

Filesize
192KB

Download
memory/8180-3881-0x00007FFFF8230000-0x00007FFFF8260000-memory.dmp

Filesize
192KB

Download
memory/8180-3882-0x00007FFFF8230000-0x00007FFFF8260000-memory.dmp

Filesize
192KB

Download
memory/8180-3883-0x00007FFFF8230000-0x00007FFFF8260000-memory.dmp

Filesize
192KB

Download
memory/8180-3884-0x00007FFFF8230000-0x00007FFFF8260000-memory.dmp

Filesize
192KB

Download
memory/8180-3885-0x00007FFFF82C0000-0x00007FFFF82C9000-memory.dmp

Filesize
36KB

Download
memory/8180-3879-0x00007FFFF81E0000-0x00007FFFF81F0000-memory.dmp

Filesize
64KB

Download