Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

URLScan

urlscan

1

http://roblox.com

windows10-1703-x64

10

Analysis

  • max time kernel
    1799s
  • max time network
    1802s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    07/01/2023, 21:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://roblox.com

Score
10/10
discoveryevasionspywarestealertrojan

Malware Config

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Downloads MZ/PE file
  • Executes dropped EXE 7 IoCs
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Drops desktop.ini file(s) 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 4 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 20 IoCs
    adwarespyware
  • Modifies registry class 51 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3052
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" http://roblox.com
        2⤵
        • Enumerates system info in registry
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2660
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcac304f50,0x7ffcac304f60,0x7ffcac304f70
          3⤵
            PID:2676
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1692 /prefetch:8
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:4504
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1628 /prefetch:2
            3⤵
              PID:4420
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2276 /prefetch:8
              3⤵
                PID:4736
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2500 /prefetch:1
                3⤵
                  PID:4764
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2520 /prefetch:1
                  3⤵
                    PID:4756
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4004 /prefetch:8
                    3⤵
                      PID:4884
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1
                      3⤵
                        PID:3652
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 /prefetch:8
                        3⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4188
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4980 /prefetch:8
                        3⤵
                          PID:4780
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4184 /prefetch:8
                          3⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3904
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5072 /prefetch:8
                          3⤵
                            PID:3928
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4652 /prefetch:8
                            3⤵
                              PID:3016
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5192 /prefetch:8
                              3⤵
                                PID:4596
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
                                3⤵
                                  PID:3868
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4144 /prefetch:8
                                  3⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4612
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
                                  3⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4928
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 /prefetch:8
                                  3⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:3156
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 /prefetch:8
                                  3⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4644
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3004 /prefetch:8
                                  3⤵
                                    PID:4464
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
                                    3⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:4480
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
                                    3⤵
                                      PID:636
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5376 /prefetch:8
                                      3⤵
                                        PID:488
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2444 /prefetch:2
                                        3⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:1160
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
                                        3⤵
                                          PID:904
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
                                          3⤵
                                            PID:2328
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
                                            3⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:3916
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6064 /prefetch:8
                                            3⤵
                                              PID:2180
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6048 /prefetch:8
                                              3⤵
                                                PID:2232
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
                                                3⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:2868
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5616 /prefetch:8
                                                3⤵
                                                  PID:2228
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4508 /prefetch:8
                                                  3⤵
                                                    PID:368
                                                  • C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
                                                    "C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe"
                                                    3⤵
                                                    • Executes dropped EXE
                                                    • Checks computer location settings
                                                    • Checks whether UAC is enabled
                                                    • Drops file in Program Files directory
                                                    • Modifies Internet Explorer settings
                                                    • Modifies registry class
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:2672
                                                    • C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
                                                      C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=511b9d269d3e7186c5a8821e34f2723c965c0ca8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x6c0,0x6b8,0x6cc,0x6b4,0x6f4,0x11d3c04,0x11d3c14,0x11d3c24
                                                      4⤵
                                                      • Executes dropped EXE
                                                      PID:2384
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5588 /prefetch:8
                                                    3⤵
                                                      PID:4184
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4752 /prefetch:8
                                                      3⤵
                                                        PID:4508
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1
                                                        3⤵
                                                          PID:3956
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
                                                          3⤵
                                                            PID:4036
                                                          • C:\Program Files (x86)\Roblox\Versions\version-f51be0bac4f14d35\RobloxPlayerLauncher.exe
                                                            "C:\Program Files (x86)\Roblox\Versions\version-f51be0bac4f14d35\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:TQ3Rreey962fc28AkeEXnPDXeNiaGwuJFsjm2plTXVt9uOuYIS8CWvMxYtzKcxH0vf2X0NHamXOQYnytS1MJjk-QTlKOacp_TbDF3l2lF-Bj3O5flY8jFa3R1en1XQZfWe_vqLRChsH3T0QlR7pLRql5HInKG0pp5wHoaIHV8gLfb8greJ5ZDVQepYnoXaSi9vhN-OKJq4Ji01EA9ucdeG9KYhFglByHaaEK1U70Fvo+launchtime:1673130210653+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D158577371010%26placeId%3D998374377%26isPlayTogetherGame%3Dfalse+browsertrackerid:158577371010+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
                                                            3⤵
                                                            • Executes dropped EXE
                                                            • Checks computer location settings
                                                            • Checks whether UAC is enabled
                                                            • Modifies Internet Explorer settings
                                                            • Modifies registry class
                                                            PID:3480
                                                            • C:\Program Files (x86)\Roblox\Versions\version-f51be0bac4f14d35\RobloxPlayerLauncher.exe
                                                              "C:\Program Files (x86)\Roblox\Versions\version-f51be0bac4f14d35\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=511b9d269d3e7186c5a8821e34f2723c965c0ca8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x70c,0x710,0x714,0x5dc,0x71c,0x1033c04,0x1033c14,0x1033c24
                                                              4⤵
                                                              • Executes dropped EXE
                                                              PID:4816
                                                            • C:\Program Files (x86)\Roblox\Versions\version-f51be0bac4f14d35\RobloxPlayerBeta.exe
                                                              "C:\Program Files (x86)\Roblox\Versions\version-f51be0bac4f14d35\RobloxPlayerBeta.exe" --app -t TQ3Rreey962fc28AkeEXnPDXeNiaGwuJFsjm2plTXVt9uOuYIS8CWvMxYtzKcxH0vf2X0NHamXOQYnytS1MJjk-QTlKOacp_TbDF3l2lF-Bj3O5flY8jFa3R1en1XQZfWe_vqLRChsH3T0QlR7pLRql5HInKG0pp5wHoaIHV8gLfb8greJ5ZDVQepYnoXaSi9vhN-OKJq4Ji01EA9ucdeG9KYhFglByHaaEK1U70Fvo -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=158577371010&placeId=998374377&isPlayTogetherGame=false -b 158577371010 --launchtime=1673130210653 --rloc en_us --gloc en_us
                                                              4⤵
                                                              • Suspicious use of NtCreateUserProcessOtherParentProcess
                                                              • Executes dropped EXE
                                                              • Checks computer location settings
                                                              • Suspicious use of SetThreadContext
                                                              • Modifies Internet Explorer settings
                                                              • Suspicious behavior: GetForegroundWindowSpam
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:1964
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5772 /prefetch:8
                                                            3⤵
                                                              PID:3356
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,429475407294864926,368950286493098405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1280 /prefetch:8
                                                              3⤵
                                                                PID:2804
                                                            • C:\Windows\System32\GamePanel.exe
                                                              "C:\Windows\System32\GamePanel.exe" 000000000007007C /startuptips
                                                              2⤵
                                                              • Drops desktop.ini file(s)
                                                              • Checks SCSI registry key(s)
                                                              PID:3904
                                                            • C:\Program Files (x86)\Roblox\Versions\version-f51be0bac4f14d35\RobloxPlayerBeta.exe
                                                              \??\C:\Program Files (x86)\Roblox\Versions\version-f51be0bac4f14d35\RobloxPlayerBeta.exe
                                                              2⤵
                                                              • Executes dropped EXE
                                                              PID:4484
                                                          • C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
                                                            "C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
                                                            1⤵
                                                              PID:3928
                                                              • C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3928_2104389991\ChromeRecovery.exe
                                                                "C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3928_2104389991\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={c0ef7472-a9de-4a1e-9bc7-af99e267272e} --system
                                                                2⤵
                                                                • Executes dropped EXE
                                                                PID:4876
                                                            • C:\Windows\system32\AUDIODG.EXE
                                                              C:\Windows\system32\AUDIODG.EXE 0x200
                                                              1⤵
                                                              • Suspicious use of AdjustPrivilegeToken
                                                              PID:4444
                                                            • C:\Windows\System32\GameBarPresenceWriter.exe
                                                              "C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
                                                              1⤵
                                                                PID:996
                                                              • C:\Windows\System32\bcastdvr.exe
                                                                "C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer
                                                                1⤵
                                                                • Checks processor information in registry
                                                                PID:3516

                                                              Network

                                                              MITRE ATT&CK Enterprise v6

                                                              Replay Monitor

                                                              Loading Replay Monitor...

                                                              Downloads

                                                              • C:\Program Files (x86)\Roblox\Versions\version-f51be0bac4f14d35\RobloxPlayerLauncher.exe
                                                                Filesize

                                                                2.0MB

                                                                MD5

                                                                776f4082c2536d4310eb37bf7c78df70

                                                                SHA1

                                                                a3761e94cee217cb3f8ccc902736bea704ff97a3

                                                                SHA256

                                                                a42fd36d3983f27f3327edeb4b0dfb7744e4cf951ccda876d4048825864c1fae

                                                                SHA512

                                                                bf3c9d9c12e7c675695d2e296e566058cb7b16b5772f2c0ffbaf14e4e2398a48a4ca2ef64e5e7251b4336ff4616835908d81679cd48e4b189f0af8e94fc5df05

                                                                Download Submit

                                                              • C:\Program Files (x86)\Roblox\Versions\version-f51be0bac4f14d35\RobloxPlayerLauncher.exe
                                                                Filesize

                                                                2.0MB

                                                                MD5

                                                                776f4082c2536d4310eb37bf7c78df70

                                                                SHA1

                                                                a3761e94cee217cb3f8ccc902736bea704ff97a3

                                                                SHA256

                                                                a42fd36d3983f27f3327edeb4b0dfb7744e4cf951ccda876d4048825864c1fae

                                                                SHA512

                                                                bf3c9d9c12e7c675695d2e296e566058cb7b16b5772f2c0ffbaf14e4e2398a48a4ca2ef64e5e7251b4336ff4616835908d81679cd48e4b189f0af8e94fc5df05

                                                                Download Submit

                                                              • C:\Program Files (x86)\Roblox\Versions\version-f51be0bac4f14d35\RobloxPlayerLauncher.exe
                                                                Filesize

                                                                2.0MB

                                                                MD5

                                                                776f4082c2536d4310eb37bf7c78df70

                                                                SHA1

                                                                a3761e94cee217cb3f8ccc902736bea704ff97a3

                                                                SHA256

                                                                a42fd36d3983f27f3327edeb4b0dfb7744e4cf951ccda876d4048825864c1fae

                                                                SHA512

                                                                bf3c9d9c12e7c675695d2e296e566058cb7b16b5772f2c0ffbaf14e4e2398a48a4ca2ef64e5e7251b4336ff4616835908d81679cd48e4b189f0af8e94fc5df05

                                                                Download Submit

                                                              • C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3928_2104389991\ChromeRecovery.exe
                                                                Filesize

                                                                253KB

                                                                MD5

                                                                49ac3c96d270702a27b4895e4ce1f42a

                                                                SHA1

                                                                55b90405f1e1b72143c64113e8bc65608dd3fd76

                                                                SHA256

                                                                82aa3fd6a25cda9e16689cfadea175091be010cecae537e517f392e0bef5ba0f

                                                                SHA512

                                                                b62f6501cb4c992d42d9097e356805c88ac4ac5a46ead4a8eee9f8cbae197b2305da8aab5b4a61891fe73951588025f2d642c32524b360687993f98c913138a0

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
                                                                Filesize

                                                                1KB

                                                                MD5

                                                                0feddf7ad4399fe0fb73f1776eaf02aa

                                                                SHA1

                                                                bebf64df114e8418a9fbd926f207b57deda05605

                                                                SHA256

                                                                ca56b0942aa00af4e8aff089f36d68c98937de7ea4d5d3c9d4ec368441faae8f

                                                                SHA512

                                                                39e7b8a63e94be1a563b4e593117afafe2cd7a588e94357f557687831c831fb8a06fb2169c7741daed2d6448bda067ea3dc2f9219928b4fccd11e152b8d09f46

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
                                                                Filesize

                                                                471B

                                                                MD5

                                                                832400f22ed44b13a5329abfd13652c5

                                                                SHA1

                                                                87fcf9643bd4cda31975c5ff0891bef4c032995a

                                                                SHA256

                                                                20dbe93e556bfdd6ed6750d23c54ba62de794e649280b59e019c02544035d9c8

                                                                SHA512

                                                                f49c289b16e39922f5a526c2bf62afef6fdf03c3b20269c3d6df0882f59dae8cb9245215de011c5f0499ee4cf298aa4a0de4b4a3e8bd3b66ae20016b1e15c027

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E573CDF4C6D731D56A665145182FD759_B77291E64A03293D7961A8AE2B2EF79F
                                                                Filesize

                                                                471B

                                                                MD5

                                                                35a88269b1e355b75fc3aaa5049f600a

                                                                SHA1

                                                                28c7d2d1dcadd9394afce7f54755e13c893e5262

                                                                SHA256

                                                                ad9cd64a215c859e31235ffee67856a7b2a44d800077d467b4d05780b6944dd9

                                                                SHA512

                                                                1a112d19399006b9e57f0c9fed129f4f1ff3d411f701cf7933adb5ea31d8f44a2658b038e694655b591ea20fb46682ec2b617aeb3d83ef40eefae84e3584b3af

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
                                                                Filesize

                                                                1KB

                                                                MD5

                                                                b9bb1703647881624933ccf903d163a3

                                                                SHA1

                                                                2f283d29f94f1468fb620169b7c1ab2a717e3a5f

                                                                SHA256

                                                                3a3a140ebfd7e7feee08fba16337fd9ed49b7ee17ff1f430f96751a8b456e4f3

                                                                SHA512

                                                                5ed255cc2fe30e29832239b3bce12937861904231e98b246623ff421e02be25b48d3573bdab7bd01f5af1ef47833473a02dfdff0c3e085380d7b893461b67092

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
                                                                Filesize

                                                                450B

                                                                MD5

                                                                511edb9d38332fb56ffa603df17a4799

                                                                SHA1

                                                                15979518076bacede220376472b53f20ca2e60cc

                                                                SHA256

                                                                559fc60ee66535771a13c73afc58f8be1e1519963c3808ce601a68318cbbab03

                                                                SHA512

                                                                5325433d8e38f5aab39fb9b092d3df3865324e3cbd19369ebed7e9898b9139504a1f0992d2fa343cc2cd1f36baabfba862f1e647b6e28df63bf9b51528e31983

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
                                                                Filesize

                                                                430B

                                                                MD5

                                                                410463110cacb6a7ac088007402c655f

                                                                SHA1

                                                                0f3bd18103e7af2f40e367a5a7d8ef3befddbe73

                                                                SHA256

                                                                fc013c6baad0061209369e64548e421485f517f89b0406992b0abcce7af52ac4

                                                                SHA512

                                                                91c67694e7a6127e462ff8a79ef2a8443512638a1607fe595e2b4b129ee64e3b7eca2ea2093452bf97498b54d216ae3b8dc78cb840f50099f1bdc073391d2f9e

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_B77291E64A03293D7961A8AE2B2EF79F
                                                                Filesize

                                                                426B

                                                                MD5

                                                                88a7508caf116a385ddc0b5a5aaa0613

                                                                SHA1

                                                                c13bb8a0125b9eadbd156a7264fc2d9b2f246e5d

                                                                SHA256

                                                                9d5a15d566073ab148d41cd06e4d239878d13525171ef8fa40219f5714f750fb

                                                                SHA512

                                                                1602dedfb7a11326fa35b7f050904fd8bdb062675abb8002c6f3a5baa2cba348ee6c0f6c02bf5c5f5dd50824f4f3788477cc1e8c70463421fee3d9acb9ddbfe9

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
                                                                Filesize

                                                                458B

                                                                MD5

                                                                5bf79291e1302224d5785ba00c9e4e49

                                                                SHA1

                                                                f54fb39ab31cc1dd891853e921cad9b9f9b3b8fb

                                                                SHA256

                                                                8811fc266e5afa2ec1b3d381cc5719fd9895c4118b65cf51ccedcbb6297cd526

                                                                SHA512

                                                                e464d32ec11b2967bc5ac638157e504930b4eafe458d1414f21aea424bf951621df698e72581b0f19f9b27d8a8caef12ce946e260c10aa2b5712ea764b21da20

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                Filesize

                                                                5KB

                                                                MD5

                                                                dc1dce3f75a923916b2e8a522ed2081f

                                                                SHA1

                                                                fa52db1aa36f88c07b2599fa6271b7a41446de33

                                                                SHA256

                                                                1651f103c8b7ce904f9b5f58ba34c3cdcbca8ccf8b9dde705ab492033f25c7f7

                                                                SHA512

                                                                8e1a63d1350aa3b60ec00dde3868b6d5c87c294b6c48b56c5c850b0c62873f884b12acc64c621e4f8e3c2cccbdc53c8298be02bd69763376a66b150b631841a2

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved\1.3.36.141\Recovery.crx3
                                                                Filesize

                                                                141KB

                                                                MD5

                                                                ea1c1ffd3ea54d1fb117bfdbb3569c60

                                                                SHA1

                                                                10958b0f690ae8f5240e1528b1ccffff28a33272

                                                                SHA256

                                                                7c3a6a7d16ac44c3200f572a764bce7d8fa84b9572dd028b15c59bdccbc0a77d

                                                                SHA512

                                                                6c30728cac9eac53f0b27b7dbe2222da83225c3b63617d6b271a6cfedf18e8f0a8dffa1053e1cbc4c5e16625f4bbc0d03aa306a946c9d72faa4ceb779f8ffcaf

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7C1KFYRT\PCClientBootstrapper[1].json
                                                                Filesize

                                                                2KB

                                                                MD5

                                                                7f144b263ad24bcbe812b0fd29e21057

                                                                SHA1

                                                                7bfd3bfb8e4f10f83bbe6c3d8f777e7b57b6df2e

                                                                SHA256

                                                                cdf6052aa52799d7ec5603813ae2eb7b63ee3ec92c0308ced16edc0a1b5e55bb

                                                                SHA512

                                                                233d5d1075644a690b9c447382ef414b26acecfc2002db1efeedda3c3b6bafe894ba31a018ecb8917e7ee219220a003040883e658de2ed2ef84ea5b20c35fd66

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7C1KFYRT\PCClientBootstrapper[1].json
                                                                Filesize

                                                                2KB

                                                                MD5

                                                                7f144b263ad24bcbe812b0fd29e21057

                                                                SHA1

                                                                7bfd3bfb8e4f10f83bbe6c3d8f777e7b57b6df2e

                                                                SHA256

                                                                cdf6052aa52799d7ec5603813ae2eb7b63ee3ec92c0308ced16edc0a1b5e55bb

                                                                SHA512

                                                                233d5d1075644a690b9c447382ef414b26acecfc2002db1efeedda3c3b6bafe894ba31a018ecb8917e7ee219220a003040883e658de2ed2ef84ea5b20c35fd66

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8895F70B\PCClientBootstrapper[1].json
                                                                Filesize

                                                                2KB

                                                                MD5

                                                                7f144b263ad24bcbe812b0fd29e21057

                                                                SHA1

                                                                7bfd3bfb8e4f10f83bbe6c3d8f777e7b57b6df2e

                                                                SHA256

                                                                cdf6052aa52799d7ec5603813ae2eb7b63ee3ec92c0308ced16edc0a1b5e55bb

                                                                SHA512

                                                                233d5d1075644a690b9c447382ef414b26acecfc2002db1efeedda3c3b6bafe894ba31a018ecb8917e7ee219220a003040883e658de2ed2ef84ea5b20c35fd66

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X4NN93UB\WindowsPlayer[1].json
                                                                Filesize

                                                                119B

                                                                MD5

                                                                e767c1735320b3744a6b3345a1e0d1d3

                                                                SHA1

                                                                9d107fae8af4054576be9bec3d118f5caca18bb4

                                                                SHA256

                                                                e103e4b095fb312d25bd045711385634c56e21ebbb3b968973d5868a7d834516

                                                                SHA512

                                                                f1d8f3935a1c4dcb2aee29515c84756d845662f1aac06a53192d602064a6db76ff2813ab62d3964bbaa7bc2cf4c820b62a43b41c61f2294ae1214c551141b899

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\P0RETD82.cookie
                                                                Filesize

                                                                69B

                                                                MD5

                                                                dc93c46ce1b959aa42e959dd04d0b1a1

                                                                SHA1

                                                                85570b388e3ea90065d174df75573f53c94e2a38

                                                                SHA256

                                                                3e72584cb4e6f0ee40d702e8c704a1c861e719fec9426caf87556a6a1149927c

                                                                SHA512

                                                                b32635b07d20628d17f2a12425b9b00276c1dc3542138ebe3f2d4abdd6f01a7c4c2cf5099f38f57cbd6cb288c45f2252f44eb01f6ed02d08380aa46226953cac

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat
                                                                Filesize

                                                                40B

                                                                MD5

                                                                f42d1be12f6a41ab4460130a85983bc9

                                                                SHA1

                                                                98169d2793e823901af4f5fc349242b0c5cd690f

                                                                SHA256

                                                                8d6ae6de3b0d36eee5eaf9a34937bbd7eafdf11f435356baa2840ca31b71e226

                                                                SHA512

                                                                e38c4db423118cf64b38d148467a6d590b52768b46c056ea7ff26331c2fe70c33ce4589076576a390112ff1f75df55e31b917b7d1eb95fe107961dd4ebdaa469

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat
                                                                Filesize

                                                                40B

                                                                MD5

                                                                f42d1be12f6a41ab4460130a85983bc9

                                                                SHA1

                                                                98169d2793e823901af4f5fc349242b0c5cd690f

                                                                SHA256

                                                                8d6ae6de3b0d36eee5eaf9a34937bbd7eafdf11f435356baa2840ca31b71e226

                                                                SHA512

                                                                e38c4db423118cf64b38d148467a6d590b52768b46c056ea7ff26331c2fe70c33ce4589076576a390112ff1f75df55e31b917b7d1eb95fe107961dd4ebdaa469

                                                                Download Submit

                                                              • C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
                                                                Filesize

                                                                2.0MB

                                                                MD5

                                                                776f4082c2536d4310eb37bf7c78df70

                                                                SHA1

                                                                a3761e94cee217cb3f8ccc902736bea704ff97a3

                                                                SHA256

                                                                a42fd36d3983f27f3327edeb4b0dfb7744e4cf951ccda876d4048825864c1fae

                                                                SHA512

                                                                bf3c9d9c12e7c675695d2e296e566058cb7b16b5772f2c0ffbaf14e4e2398a48a4ca2ef64e5e7251b4336ff4616835908d81679cd48e4b189f0af8e94fc5df05

                                                                Download Submit

                                                              • C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
                                                                Filesize

                                                                2.0MB

                                                                MD5

                                                                776f4082c2536d4310eb37bf7c78df70

                                                                SHA1

                                                                a3761e94cee217cb3f8ccc902736bea704ff97a3

                                                                SHA256

                                                                a42fd36d3983f27f3327edeb4b0dfb7744e4cf951ccda876d4048825864c1fae

                                                                SHA512

                                                                bf3c9d9c12e7c675695d2e296e566058cb7b16b5772f2c0ffbaf14e4e2398a48a4ca2ef64e5e7251b4336ff4616835908d81679cd48e4b189f0af8e94fc5df05

                                                                Download Submit

                                                              • C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
                                                                Filesize

                                                                2.0MB

                                                                MD5

                                                                776f4082c2536d4310eb37bf7c78df70

                                                                SHA1

                                                                a3761e94cee217cb3f8ccc902736bea704ff97a3

                                                                SHA256

                                                                a42fd36d3983f27f3327edeb4b0dfb7744e4cf951ccda876d4048825864c1fae

                                                                SHA512

                                                                bf3c9d9c12e7c675695d2e296e566058cb7b16b5772f2c0ffbaf14e4e2398a48a4ca2ef64e5e7251b4336ff4616835908d81679cd48e4b189f0af8e94fc5df05

                                                                Download Submit

                                                              • memory/1964-649-0x0000000000E20000-0x00000000063E9000-memory.dmp

                                                                Filesize

                                                                85.8MB

                                                                Download

                                                              • memory/1964-757-0x0000000000E20000-0x00000000063E9000-memory.dmp

                                                                Filesize

                                                                85.8MB

                                                                Download

                                                              • memory/2672-140-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-131-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-148-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-149-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-150-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-152-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-153-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-154-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-156-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-157-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-161-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-163-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-165-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-169-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-171-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-118-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-119-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-120-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-121-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-122-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-123-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-124-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-126-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-127-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-128-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-177-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-145-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-174-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-144-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-172-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-170-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-168-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-167-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-166-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-164-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-162-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-160-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-155-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-151-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-147-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-139-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-143-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-142-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-141-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-138-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-137-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-136-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-135-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-134-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-133-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-132-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-146-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-130-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/2672-129-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/4876-184-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/4876-181-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/4876-183-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/4876-180-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/4876-186-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/4876-187-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/4876-185-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/4876-182-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/4876-179-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download

                                                              • memory/4876-178-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                Filesize

                                                                1.6MB

                                                                Download