Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://roblox.com

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-02-2024 00:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://roblox.com

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 49 IoCs
  • Suspicious use of SendNotifyMessage 46 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://roblox.com
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8ddb46f8,0x7ffd8ddb4708,0x7ffd8ddb4718
      2⤵
        PID:2132
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,15132696257588218732,293468471995045954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2748
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15132696257588218732,293468471995045954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
        2⤵
          PID:3416
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,15132696257588218732,293468471995045954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
          2⤵
            PID:3488
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15132696257588218732,293468471995045954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
            2⤵
              PID:1708
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15132696257588218732,293468471995045954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
              2⤵
                PID:1424
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15132696257588218732,293468471995045954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
                2⤵
                  PID:1940
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15132696257588218732,293468471995045954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
                  2⤵
                    PID:3552
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15132696257588218732,293468471995045954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4308
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15132696257588218732,293468471995045954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
                    2⤵
                      PID:1440
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15132696257588218732,293468471995045954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
                      2⤵
                        PID:348
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15132696257588218732,293468471995045954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
                        2⤵
                          PID:3604
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15132696257588218732,293468471995045954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
                          2⤵
                            PID:1456
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15132696257588218732,293468471995045954,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5452 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1248
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:744
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4596
                            • C:\Program Files\VideoLAN\VLC\vlc.exe
                              "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SplitLimit.au"
                              1⤵
                              • Suspicious behavior: AddClipboardFormatListener
                              • Suspicious behavior: GetForegroundWindowSpam
                              • Suspicious use of FindShellTrayWindow
                              • Suspicious use of SendNotifyMessage
                              • Suspicious use of SetWindowsHookEx
                              PID:2796

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              1af9fbc1d4655baf2df9e8948103d616

                              SHA1

                              c58d5c208d0d5aab5b6979b64102b0086799b0bf

                              SHA256

                              e83daa7b2af963dbb884d82919710164e2337f0f9f5e5c56ee4b7129d160c135

                              SHA512

                              714d0ff527a8a24ec5d32a0a2b74e402ee933ea86e42d3e2fb5615c8345e6c09aa1c2ddf2dea53d71c5a666483a3b494b894326fea0cc1d8a06d3b32ec9397d3

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              aa6f46176fbc19ccf3e361dc1135ece0

                              SHA1

                              cb1f8c693b88331e9513b77efe47be9e43c43b12

                              SHA256

                              2f5ba493c7c4192e9310cea3a96cfec4fd14c6285af6e3659627ab177e560819

                              SHA512

                              5d26fdffebeb1eb5adde9f7da19fe7069e364d3f68670013cb0cc3e2b40bf1fbcb9bdebbfe999747caf141c88ccd53bd4acf2074283e4bde46b8c28fbae296f5

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              2KB

                              MD5

                              53e22d1cf8d41513cff2f6589c6906c3

                              SHA1

                              c6e7b37d169a515504e4a9e6dd152a97904d781b

                              SHA256

                              d41b1d57b5b31a38779c0faf3038d51b9e7a289965fe95682db83821ecf41a0c

                              SHA512

                              457f7895ba2c1d8493fa1ce25ec348ed6d0c83329e6081abf2584a2f50c88b391d02cadf9acc59f44442f6fd6531db5fda83a6bb61dbedb24fea6a4419dffe44

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              1KB

                              MD5

                              0bb94e2d03847d4afc0ac993647a4ec0

                              SHA1

                              50200f678e3402855fcbd5c9258c75047f5b0198

                              SHA256

                              f8cfe3e6376961744d86bcfd0fa2935f796a4c8539a6893d3562075bb7df86fc

                              SHA512

                              af27051172d616ca2ffbd4c7f5e6f75172334b4103577fb41739c69dc412b708e20bcfd3d1f2d8ec0ff7300f8645924358aa50cb2f85ca6da206c9818d17e235

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              e97a4be93d56b989415d3627aabfc8e7

                              SHA1

                              e43325f563e1a983a54c59499b4786bd20b7a45a

                              SHA256

                              2ae2c3aec87e4c78ca56b0e8117034e485181d9ac2a74c876669511713c17348

                              SHA512

                              fc7d29b44bd8ef21dbca32c27cb9e28fab9eac34599df646289258af381e4d610bef88088a3976ae7764b3203b54946578a5b30ef940003370adbfe05b689503

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              32084b6978066f8d8c3d5d9434068b14

                              SHA1

                              ed6ba3b745eb948478e295566b1ce596496cc0d6

                              SHA256

                              07b6dc136b9a7229b20a1438bd09a7ff2d0390f9da4ceb18c8cd613c0bff770b

                              SHA512

                              70cf3e777cba6d972a1b40b6d07ad734bdfbd925ee3a6c82d90fca141b8884b69dc80b454dd792f453ec3ffdd9ba40ea1b4496dca424bc741584db89b09b02b3

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              f775185ecaa8e36358353a41636388ab

                              SHA1

                              f47e7efc2834dbb0e8f4fc1e5b88d5a7f1a34f50

                              SHA256

                              2c826cd2ede3bf6f8c37217e5e43ae6f9075fb6eef5ca7784a9dcb9c199519ca

                              SHA512

                              10e66ffd2a78f2fb8fd7804eff8d30131ba2a4e7d6cc547f409667b1cdc7e9ee26de05ff4f8afc70caaba98fa9dd6425ad56d3ba7c8341f1e098a8e651244cd0

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              cdbf0483c065786b46949ba8b8a78938

                              SHA1

                              fc53386d70f77064d337a22f0d2bcdade6c2dd67

                              SHA256

                              2b220663532590c74bb674807237f976a3604ed11e4f695cd7e8af517f760c6b

                              SHA512

                              ffd4ec889cc212d9ea5dcdd568a5687ec52f92f54abe619c5069a30ea8431b0af7820f3ea541f787214961866a5e202119f616efa7fa337be2d9b71ea280f275

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                              Filesize

                              1KB

                              MD5

                              611bafc7b166ec72781f1bebb54f2b4c

                              SHA1

                              5f3de0abe68e922c7153481bbd35cec6004b9c33

                              SHA256

                              14cbec52cf4f04c61966aba58ca7e7c5e2a4ae182080f6d6dc8dcde370ad2f92

                              SHA512

                              f7c637dba48283783f303b621a9906d15848bc0dfd9ddd36b8881b8d446b58dd4a74417de8ac380cf6ed29909ee7a8109aaceea2c281b5355529808dde929fc0

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                              Filesize

                              1KB

                              MD5

                              4cd33df01434b6cee6ebd42d3c1b99e0

                              SHA1

                              f711460494f0ad94c1f71c009477221ec36418a1

                              SHA256

                              ca14b7fd97514a0bda85c03294df54ea9935ecdf63450d141f9ada03886d0a67

                              SHA512

                              3199b689086c403e5e97e0c7d770931a80dd06e8410a20826833cf6df7b80e4f4883f40df6c3a6fdf0fea926c455b3206cbc32bcba7c12eabe7054888b23253f

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                              Filesize

                              1KB

                              MD5

                              76447206d4d86e520ddec27aafc3fe73

                              SHA1

                              b6936b42e55ac15ed5dea722401cc7fe93d55f6a

                              SHA256

                              e75a36dc8a43a7f7f42f0e83a35ee827a006c708718a15d034d9688bd5b3c299

                              SHA512

                              626d21533983d4b3b2b3ab225f48224a5d4f6bedf4f997c53c882d7324d8bb1febf664cb3aa41279379ba4a0395516c85fae863823323849ee61d99098d7433c

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                              Filesize

                              1KB

                              MD5

                              5137dcc9416a0ef33384a1ef805fb587

                              SHA1

                              3fe7eddd74f0102f9a9e1a2702d51a9e5e44b806

                              SHA256

                              fe92df4367b8428bc4725be9bda86bdda8a0eddb4af2e2a1b9a82c73a189e39d

                              SHA512

                              f6b40ea17bb0c7f897bf72925ec8bb29b68229b4da9ca0fa729284677a2c851a81331dba46f220810a4f6dedccf7709f5e70b6c54111a95acbca5924bee60766

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                              Filesize

                              1KB

                              MD5

                              754f5890a870b6d81633e486deac4ba0

                              SHA1

                              53d8068a7906b52d693cc5e198536baa6c3da99e

                              SHA256

                              97800e507b8392293082212022d3c87df073a5dcb27adcb53f7def5991f1c58d

                              SHA512

                              23909552080ede490176b93d7bf70d18099384766c2472cf826ee33fa10159becb35bd8c7072eb58d831bd15215eff92879c9c2b6fc97f2e8a103445fc308927

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a45e.TMP
                              Filesize

                              1KB

                              MD5

                              c907e73963affea1587eee856651a470

                              SHA1

                              9df29217b403c4a6d74eb2da271fb186d53da3e6

                              SHA256

                              565db2261421cae29e19b8f8d546d14cd2731333327e87d2e6cca8feae4f2772

                              SHA512

                              ac390f21306e2e78ad5447bfff8aa5689286218657c8edaed1abd8b02184d9b6f263d6a44be734606e0d6c00459902bfe6e523c2bfe8f4beddeb0c452310f3f3

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              11KB

                              MD5

                              75db85979c5a8faecf17dae40d4ea2cd

                              SHA1

                              92daef4c2ece3d75caacc4bd9d455a1837edd33a

                              SHA256

                              856762077aec7206a86636b145ff54bd30b56ac876bd3f65a031e5ff35fd6271

                              SHA512

                              d3a43c0f534571ca181b7b5559fc9cbc41242dad75dbc1b887b28c5c32b510a3d0b4cf69134d0b71833d4677984272a5794d15ba41c904b0518a6ed409d68f38

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              11KB

                              MD5

                              35b07eb9784baab0024d3f2c1c6a6a15

                              SHA1

                              c3453364520dbac4d54417fb88cf0797370ab490

                              SHA256

                              0cb6b64ccb144fc31bac6dab68662df5f5397b17f624ada64ad7ea1f90e1ac0d

                              SHA512

                              0080f959ea5ccb70851bc8e454e2ea0f679c77391821c50b85aea2742c6337e0b4c572366b3ba9e81651791d09d8fdf1429a6769ba58b996313b2e2680c99fb3

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                              Filesize

                              2B

                              MD5

                              f3b25701fe362ec84616a93a45ce9998

                              SHA1

                              d62636d8caec13f04e28442a0a6fa1afeb024bbb

                              SHA256

                              b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                              SHA512

                              98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                              Download Submit

                            • memory/2796-342-0x00007FFD7AC80000-0x00007FFD7ACA4000-memory.dmp

                              Filesize

                              144KB

                              Download

                            • memory/2796-352-0x00007FFD7A850000-0x00007FFD7AA02000-memory.dmp

                              Filesize

                              1.7MB

                              Download

                            • memory/2796-305-0x00007FFD7D8F0000-0x00007FFD7D90D000-memory.dmp

                              Filesize

                              116KB

                              Download

                            • memory/2796-306-0x00007FFD7D8D0000-0x00007FFD7D8E1000-memory.dmp

                              Filesize

                              68KB

                              Download

                            • memory/2796-307-0x00007FFD7C040000-0x00007FFD7C240000-memory.dmp

                              Filesize

                              2.0MB

                              Download

                            • memory/2796-326-0x00007FFD7C000000-0x00007FFD7C03F000-memory.dmp

                              Filesize

                              252KB

                              Download

                            • memory/2796-327-0x00007FFD7D370000-0x00007FFD7D391000-memory.dmp

                              Filesize

                              132KB

                              Download

                            • memory/2796-328-0x00007FFD7AF50000-0x00007FFD7BFFB000-memory.dmp

                              Filesize

                              16.7MB

                              Download

                            • memory/2796-329-0x00007FFD7AF30000-0x00007FFD7AF48000-memory.dmp

                              Filesize

                              96KB

                              Download

                            • memory/2796-330-0x00007FFD7AF10000-0x00007FFD7AF21000-memory.dmp

                              Filesize

                              68KB

                              Download

                            • memory/2796-331-0x00007FFD7AEF0000-0x00007FFD7AF01000-memory.dmp

                              Filesize

                              68KB

                              Download

                            • memory/2796-332-0x00007FFD7AED0000-0x00007FFD7AEE1000-memory.dmp

                              Filesize

                              68KB

                              Download

                            • memory/2796-333-0x00007FFD7AEB0000-0x00007FFD7AECB000-memory.dmp

                              Filesize

                              108KB

                              Download

                            • memory/2796-334-0x00007FFD7AE90000-0x00007FFD7AEA1000-memory.dmp

                              Filesize

                              68KB

                              Download

                            • memory/2796-335-0x00007FFD7AE70000-0x00007FFD7AE88000-memory.dmp

                              Filesize

                              96KB

                              Download

                            • memory/2796-336-0x00007FFD7AE40000-0x00007FFD7AE70000-memory.dmp

                              Filesize

                              192KB

                              Download

                            • memory/2796-338-0x00007FFD7AD60000-0x00007FFD7ADCF000-memory.dmp

                              Filesize

                              444KB

                              Download

                            • memory/2796-337-0x00007FFD7ADD0000-0x00007FFD7AE37000-memory.dmp

                              Filesize

                              412KB

                              Download

                            • memory/2796-339-0x00007FFD7AD40000-0x00007FFD7AD51000-memory.dmp

                              Filesize

                              68KB

                              Download

                            • memory/2796-340-0x00007FFD7ACE0000-0x00007FFD7AD36000-memory.dmp

                              Filesize

                              344KB

                              Download

                            • memory/2796-341-0x00007FFD7ACB0000-0x00007FFD7ACD8000-memory.dmp

                              Filesize

                              160KB

                              Download

                            • memory/2796-303-0x00007FFD8D7D0000-0x00007FFD8D7E7000-memory.dmp

                              Filesize

                              92KB

                              Download

                            • memory/2796-344-0x00007FFD7AC30000-0x00007FFD7AC53000-memory.dmp

                              Filesize

                              140KB

                              Download

                            • memory/2796-345-0x00007FFD7AC10000-0x00007FFD7AC21000-memory.dmp

                              Filesize

                              68KB

                              Download

                            • memory/2796-343-0x00007FFD7AC60000-0x00007FFD7AC77000-memory.dmp

                              Filesize

                              92KB

                              Download

                            • memory/2796-346-0x00007FFD7ABF0000-0x00007FFD7AC02000-memory.dmp

                              Filesize

                              72KB

                              Download

                            • memory/2796-348-0x00007FFD7ABA0000-0x00007FFD7ABB3000-memory.dmp

                              Filesize

                              76KB

                              Download

                            • memory/2796-347-0x00007FFD7ABC0000-0x00007FFD7ABE1000-memory.dmp

                              Filesize

                              132KB

                              Download

                            • memory/2796-349-0x00007FFD7AB80000-0x00007FFD7AB92000-memory.dmp

                              Filesize

                              72KB

                              Download

                            • memory/2796-350-0x00007FFD7AA40000-0x00007FFD7AB7B000-memory.dmp

                              Filesize

                              1.2MB

                              Download

                            • memory/2796-351-0x00007FFD7AA10000-0x00007FFD7AA3C000-memory.dmp

                              Filesize

                              176KB

                              Download

                            • memory/2796-304-0x00007FFD8D710000-0x00007FFD8D721000-memory.dmp

                              Filesize

                              68KB

                              Download

                            • memory/2796-301-0x00007FFD8DF40000-0x00007FFD8DF57000-memory.dmp

                              Filesize

                              92KB

                              Download

                            • memory/2796-353-0x00007FFD7A7F0000-0x00007FFD7A84C000-memory.dmp

                              Filesize

                              368KB

                              Download

                            • memory/2796-359-0x00007FFD7A7D0000-0x00007FFD7A7E1000-memory.dmp

                              Filesize

                              68KB

                              Download

                            • memory/2796-360-0x00007FFD7A730000-0x00007FFD7A7C7000-memory.dmp

                              Filesize

                              604KB

                              Download

                            • memory/2796-361-0x00007FFD7A710000-0x00007FFD7A722000-memory.dmp

                              Filesize

                              72KB

                              Download

                            • memory/2796-362-0x00007FFD7A4D0000-0x00007FFD7A701000-memory.dmp

                              Filesize

                              2.2MB

                              Download

                            • memory/2796-364-0x00007FFD7A370000-0x00007FFD7A3A5000-memory.dmp

                              Filesize

                              212KB

                              Download

                            • memory/2796-363-0x00007FFD7A3B0000-0x00007FFD7A4C2000-memory.dmp

                              Filesize

                              1.1MB

                              Download

                            • memory/2796-373-0x00007FFD7A080000-0x00007FFD7A182000-memory.dmp

                              Filesize

                              1.0MB

                              Download

                            • memory/2796-372-0x00007FFD7A190000-0x00007FFD7A1A1000-memory.dmp

                              Filesize

                              68KB

                              Download

                            • memory/2796-374-0x00007FFD7A060000-0x00007FFD7A071000-memory.dmp

                              Filesize

                              68KB

                              Download

                            • memory/2796-371-0x00007FFD7A1B0000-0x00007FFD7A24F000-memory.dmp

                              Filesize

                              636KB

                              Download

                            • memory/2796-370-0x00007FFD7A250000-0x00007FFD7A263000-memory.dmp

                              Filesize

                              76KB

                              Download

                            • memory/2796-369-0x00007FFD7A270000-0x00007FFD7A282000-memory.dmp

                              Filesize

                              72KB

                              Download

                            • memory/2796-368-0x00007FFD7A290000-0x00007FFD7A2A1000-memory.dmp

                              Filesize

                              68KB

                              Download

                            • memory/2796-367-0x00007FFD7A2B0000-0x00007FFD7A311000-memory.dmp

                              Filesize

                              388KB

                              Download

                            • memory/2796-366-0x00007FFD7A320000-0x00007FFD7A331000-memory.dmp

                              Filesize

                              68KB

                              Download

                            • memory/2796-365-0x00007FFD7A340000-0x00007FFD7A365000-memory.dmp

                              Filesize

                              148KB

                              Download

                            • memory/2796-375-0x00007FFD7A040000-0x00007FFD7A051000-memory.dmp

                              Filesize

                              68KB

                              Download

                            • memory/2796-376-0x00007FFD7A020000-0x00007FFD7A031000-memory.dmp

                              Filesize

                              68KB

                              Download

                            • memory/2796-377-0x00007FFD7A000000-0x00007FFD7A012000-memory.dmp

                              Filesize

                              72KB

                              Download

                            • memory/2796-378-0x00007FFD79FE0000-0x00007FFD79FF8000-memory.dmp

                              Filesize

                              96KB

                              Download

                            • memory/2796-379-0x00007FFD79FC0000-0x00007FFD79FD6000-memory.dmp

                              Filesize

                              88KB

                              Download

                            • memory/2796-381-0x00007FFD79F70000-0x00007FFD79F82000-memory.dmp

                              Filesize

                              72KB

                              Download

                            • memory/2796-380-0x00007FFD79F90000-0x00007FFD79FB9000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/2796-382-0x00007FFD79F50000-0x00007FFD79F61000-memory.dmp

                              Filesize

                              68KB

                              Download

                            • memory/2796-383-0x00007FFD79F30000-0x00007FFD79F41000-memory.dmp

                              Filesize

                              68KB

                              Download

                            • memory/2796-302-0x00007FFD8DC60000-0x00007FFD8DC71000-memory.dmp

                              Filesize

                              68KB

                              Download

                            • memory/2796-300-0x00007FFD91F80000-0x00007FFD91F98000-memory.dmp

                              Filesize

                              96KB

                              Download

                            • memory/2796-299-0x00007FFD7D3A0000-0x00007FFD7D654000-memory.dmp

                              Filesize

                              2.7MB

                              Download

                            • memory/2796-298-0x00007FFD8D0F0000-0x00007FFD8D124000-memory.dmp

                              Filesize

                              208KB

                              Download

                            • memory/2796-297-0x00007FF7B7240000-0x00007FF7B7338000-memory.dmp

                              Filesize

                              992KB

                              Download