Analysis

  • max time kernel
    593s
  • max time network
    598s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-03-2024 03:02

General

  • Target

    https://www.mediafire.com/file/u87dj71h247d5a6/Cheat_Engine_7.5.zip/file

Score
8/10

Malware Config

Signatures

  • Manipulates Digital Signatures 1 IoCs

    Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 59 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 4 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
  • Modifies registry class 31 IoCs
  • Suspicious behavior: EnumeratesProcesses 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of UnmapMainImage 4 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/u87dj71h247d5a6/Cheat_Engine_7.5.zip/file
    1⤵
      PID:1488
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=560 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
      1⤵
        PID:2480
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5364 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
        1⤵
          PID:4372
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5420 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
          1⤵
            PID:4928
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5476 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
            1⤵
              PID:1500
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3708 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
              1⤵
                PID:3460
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5884 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                1⤵
                  PID:1652
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6072 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                  1⤵
                    PID:4604
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=6508 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
                    1⤵
                      PID:1160
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=6560 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                      1⤵
                        PID:4104
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=6832 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                        1⤵
                          PID:4136
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=6952 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                          1⤵
                            PID:2124
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=7092 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                            1⤵
                              PID:1980
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=4596 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                              1⤵
                                PID:5296
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3612 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
                                1⤵
                                  PID:5368
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=3704 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                                  1⤵
                                    PID:5504
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=7220 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
                                    1⤵
                                      PID:5760
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=3652 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                                      1⤵
                                        PID:5940
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --mojo-platform-channel-handle=6100 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                                        1⤵
                                          PID:5980
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=6036 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                                          1⤵
                                            PID:6048
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=6332 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                                            1⤵
                                              PID:6124
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --mojo-platform-channel-handle=8188 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                                              1⤵
                                                PID:2532
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --mojo-platform-channel-handle=8348 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                                                1⤵
                                                  PID:5580
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --mojo-platform-channel-handle=7900 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                                                  1⤵
                                                    PID:5536
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --mojo-platform-channel-handle=8636 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                                                    1⤵
                                                      PID:5604
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --mojo-platform-channel-handle=8240 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                                                      1⤵
                                                        PID:4132
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --mojo-platform-channel-handle=6596 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                                                        1⤵
                                                          PID:3188
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --mojo-platform-channel-handle=8340 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                                                          1⤵
                                                            PID:1084
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --mojo-platform-channel-handle=8700 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                                                            1⤵
                                                              PID:4252
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6692 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
                                                              1⤵
                                                                PID:3356
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --mojo-platform-channel-handle=5788 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                                                                1⤵
                                                                  PID:772
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=5836 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
                                                                  1⤵
                                                                    PID:2788
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=8776 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
                                                                    1⤵
                                                                    • Modifies registry class
                                                                    PID:2916
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --mojo-platform-channel-handle=6148 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                                                                    1⤵
                                                                      PID:2456
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --mojo-platform-channel-handle=5704 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                                                                      1⤵
                                                                        PID:848
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --mojo-platform-channel-handle=5488 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                                                                        1⤵
                                                                          PID:1308
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --mojo-platform-channel-handle=9036 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                                                                          1⤵
                                                                            PID:4928
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --mojo-platform-channel-handle=9180 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                                                                            1⤵
                                                                              PID:3700
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=5760 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
                                                                              1⤵
                                                                                PID:2980
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5844 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
                                                                                1⤵
                                                                                  PID:2020
                                                                                • C:\Windows\System32\rundll32.exe
                                                                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                  1⤵
                                                                                    PID:216
                                                                                  • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                                                                    "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
                                                                                    1⤵
                                                                                    • Drops file in Program Files directory
                                                                                    • Modifies Internet Explorer settings
                                                                                    • Modifies registry class
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    • Suspicious use of WriteProcessMemory
                                                                                    PID:1376
                                                                                    • C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\RobloxPlayerBeta.exe
                                                                                      "C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\RobloxPlayerBeta.exe" -app -isInstallerLaunch
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      • Loads dropped DLL
                                                                                      • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      • Suspicious use of UnmapMainImage
                                                                                      PID:3980
                                                                                  • C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\RobloxPlayerBeta.exe
                                                                                    "C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\RobloxPlayerBeta.exe"
                                                                                    1⤵
                                                                                    • Executes dropped EXE
                                                                                    • Loads dropped DLL
                                                                                    • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    • Suspicious use of UnmapMainImage
                                                                                    PID:5976
                                                                                  • C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\RobloxPlayerBeta.exe
                                                                                    "C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\RobloxPlayerBeta.exe"
                                                                                    1⤵
                                                                                    • Executes dropped EXE
                                                                                    • Loads dropped DLL
                                                                                    • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    • Suspicious use of UnmapMainImage
                                                                                    PID:5752
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --mojo-platform-channel-handle=9208 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                                                                                    1⤵
                                                                                      PID:572
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=9388 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
                                                                                      1⤵
                                                                                        PID:1500
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=8444 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
                                                                                        1⤵
                                                                                          PID:5440
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6076 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
                                                                                          1⤵
                                                                                            PID:1376
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=9140 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
                                                                                            1⤵
                                                                                              PID:5816
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --mojo-platform-channel-handle=6716 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
                                                                                              1⤵
                                                                                                PID:1512
                                                                                              • C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\RobloxPlayerBeta.exe
                                                                                                "C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:RBMnRc9ah9vvcnWKQNSgiAdN1-wPHoswiq_BjyrakX0kp7EXTs2X-afaIQWwc9uuq9hg92WQJWKLrVEZcQiKAuQfnZ0cJOKYDruwTEQ5abwcNxg266FhC_h6efHNtxGNXIut3ZprI2wjK3GKXhTrOxv7ltGVk85uw0Tm8qRi-XFfu5DUjRRaUTmtbkzOksv1e11X0-lNkck0zGS4j0OKstvzjUJ6dG99hyNTX9Sl_ws+launchtime:1711422694735+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D222029951706%26placeId%3D2753915549%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D35a31f0d-1b64-4fe8-98ff-39294fb6be7c%26joinAttemptOrigin%3DPlayButton+browsertrackerid:222029951706+robloxLocale:en_us+gameLocale:en_us+channel:zexpvariantpublic+LaunchExp:InApp
                                                                                                1⤵
                                                                                                • Executes dropped EXE
                                                                                                • Loads dropped DLL
                                                                                                • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                • Suspicious use of UnmapMainImage
                                                                                                PID:4440
                                                                                              • C:\Users\Admin\Downloads\Cheat Engine 7.5\Cheat Engine 7.5\cheatengine-x86_64.exe
                                                                                                "C:\Users\Admin\Downloads\Cheat Engine 7.5\Cheat Engine 7.5\cheatengine-x86_64.exe"
                                                                                                1⤵
                                                                                                • Manipulates Digital Signatures
                                                                                                • Drops file in System32 directory
                                                                                                • Drops file in Program Files directory
                                                                                                • Drops file in Windows directory
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                • Suspicious use of FindShellTrayWindow
                                                                                                PID:4268

                                                                                              Network

                                                                                              MITRE ATT&CK Enterprise v15

                                                                                              Replay Monitor

                                                                                              Loading Replay Monitor...

                                                                                              Downloads

                                                                                              • C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

                                                                                                Filesize

                                                                                                4.0MB

                                                                                                MD5

                                                                                                7a6739dd0625c7de5a06bc5f708bfedb

                                                                                                SHA1

                                                                                                1af1307cd6f2b3ca0145926411d3d82899db8dbc

                                                                                                SHA256

                                                                                                a18674d704f9077e69bd99d5dc0cbfbcbb513e5e29478d795bdbc391d3df7900

                                                                                                SHA512

                                                                                                d9afbc529d48a0fe02ccb7f2ad2d30351cca1bb1d86475ab9c6b3dd78ebaa669f06178e39a968848dc1b64e5c42ee47405acd916e6ff3fe49f5ec8cae5359e1c

                                                                                              • C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\RobloxPlayerBeta.dll

                                                                                                Filesize

                                                                                                468KB

                                                                                                MD5

                                                                                                5e5b7dd6d00b2ddf38d2481ffe5ae0a1

                                                                                                SHA1

                                                                                                15d4db32b17a233ac04130db4be51c7630192392

                                                                                                SHA256

                                                                                                ff413a1a990e45546f9f06c9407c37871e26db6374c187c364046bf4248fc957

                                                                                                SHA512

                                                                                                e7e2a37ac98c18c2868bc648c9227f0217ceaa059528f4885750b68e475a3a349dacd2b9ac27166ccf9dac626d1a4940c34224f709f86036248f328d5fd0d5eb

                                                                                              • C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\RobloxPlayerBeta.dll

                                                                                                Filesize

                                                                                                540KB

                                                                                                MD5

                                                                                                c64fd44dc0f2d49ac4abce6ddad96bea

                                                                                                SHA1

                                                                                                17cad53a8acfed54be7a34368b6033fa9eecd1ca

                                                                                                SHA256

                                                                                                93aac1dd7723e748f8507e8a9b6a3a211a82e2de20de9ee9898ad6caa4cc2a59

                                                                                                SHA512

                                                                                                c0590d5e89a5fef86815da9100dffcd41ead8fa26534212545b7790fbbdbe6fe028a636b22cf49d36f3b48f6929eb2da1feb724fe852fc3ea0e60a0379fb2d37

                                                                                              • C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\RobloxPlayerBeta.dll

                                                                                                Filesize

                                                                                                792KB

                                                                                                MD5

                                                                                                9b019a1259de5e3c033350b05610ce6e

                                                                                                SHA1

                                                                                                7d0092fa89b3f1481cc3662803a8e286773656f8

                                                                                                SHA256

                                                                                                0ddbc5856a975a539314373c1663a3db4a0c59a013362956423354251c62e8ae

                                                                                                SHA512

                                                                                                5384479f61371ea5a8ca3f72da6c78e9b6c9d66501176dabf22415a80d2647e54a06090d08ec00e3ce456a24dc6c5d2ad4d0251fbaa81fef2561db77e5ba48c0

                                                                                              • C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\RobloxPlayerBeta.dll

                                                                                                Filesize

                                                                                                7.1MB

                                                                                                MD5

                                                                                                b39b2bd619faebd879516cc708439885

                                                                                                SHA1

                                                                                                c998ec7ca5963787380a517d27105bd9746f7074

                                                                                                SHA256

                                                                                                3180558fb517b5cf3e8984e1ef8a65b149bef3e07f393e88b921431fa8455b60

                                                                                                SHA512

                                                                                                355e57a0a9cd7df1472dc4df85ea25574dfbf5b9fd0fd8e1b45876fb0fe1c36c428041937f77656fd8cddab98f770ea57694e2760d5edcbaa826080212e34525

                                                                                              • C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\RobloxPlayerBeta.exe

                                                                                                Filesize

                                                                                                832KB

                                                                                                MD5

                                                                                                9300b7dd4be1481cf2b0cd390d1fb2c0

                                                                                                SHA1

                                                                                                0b3fbb6a60304d6872a468eb90cc34b13f4ef942

                                                                                                SHA256

                                                                                                0054ef037247f654ccad8dcf93a1bb993e37f18bbcd92b26c0c4d97f26a92f9b

                                                                                                SHA512

                                                                                                dd54db0b58169ef05871566c7f3a3ba20e6b1d833dd61f9c7626378deafacf75642850fb1d34fe8ac09fc58f85cf406d604a7219411fd828464521b2830bdab6

                                                                                              • C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\RobloxPlayerBeta.exe

                                                                                                Filesize

                                                                                                734KB

                                                                                                MD5

                                                                                                79078717590ec0d32cf00399cf0bff20

                                                                                                SHA1

                                                                                                60bfee29efd8667c14bfba86bd1d1a139332345b

                                                                                                SHA256

                                                                                                4107af45cb3191f50d8ed4d1f566bf68dd4ba69e9a180329cc0d9a0df7ebe3bc

                                                                                                SHA512

                                                                                                71bd1e807c2703e2ed3e88a48d05bdc8f29e0ada251e1f7e1ddfb86f1b7377bf6c2cc1185272297a378df1bc26ca533653b8cde460093a4c5e8047fc29d69a0a

                                                                                              • C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\RobloxPlayerBeta.exe

                                                                                                Filesize

                                                                                                941KB

                                                                                                MD5

                                                                                                1885607aaf51171b796cc639e6bb90a1

                                                                                                SHA1

                                                                                                620aec0d470ca9822865db8ddc7bdd18fbe58bea

                                                                                                SHA256

                                                                                                d84b71bad5da669a1114ebcab171b4c2e4e26f328ce8f583128196f97db83861

                                                                                                SHA512

                                                                                                639cbafa3ba97693b87821ef7126f4eb7884b53496e8853a22bb6319e0020a21c0e1ca934e904289dad3bbd996a8688fee87b4a20d244312753cff8a0193b807

                                                                                              • C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\RobloxPlayerBeta.exe

                                                                                                Filesize

                                                                                                357KB

                                                                                                MD5

                                                                                                da7c79924b41a5bd0da4c6fa1148be3c

                                                                                                SHA1

                                                                                                13a537d5ad4dd3e2eda985caa1a92c7aa0e59c6d

                                                                                                SHA256

                                                                                                640363b8827d66627c2f713042d16a76b09c34fa8e749352f47053b01aabd6b4

                                                                                                SHA512

                                                                                                3feb20d64fa8545bcaf949c237947a90d711b1e4258bd5fc7adb21337c19cb6dc5421c2a3f693b5a3a07c416b7e29b1c6fefa03e67c93b4014bbc43be31fd759

                                                                                              • C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\902abff44b3b5339ec2dd6c0ac11adf4

                                                                                                Filesize

                                                                                                1.3MB

                                                                                                MD5

                                                                                                72bb75e0724497e4d144ee7c0e2c8911

                                                                                                SHA1

                                                                                                af8632593c74d63371c8a005699942d09f67303d

                                                                                                SHA256

                                                                                                ba19d9a3778b4103f72ea20181bd8f2f7cfd61892ee060d61f3cd6b1cbc5fd54

                                                                                                SHA512

                                                                                                50a89bb2009d5df1aad158c9b35873e8cbe42340b040f93f2f6ffbcbc7dd676ffc3fd59dbddee86618fc75bcb4c2afbd938744541df6784890249a30aa62f8a6

                                                                                              • C:\Users\Admin\AppData\Local\Temp\Wheat Engine\{196B2ECB-40AA-4118-A8BB-154DA91E7B80}\ADDRESSES.FIRST

                                                                                                Filesize

                                                                                                7B

                                                                                                MD5

                                                                                                ecdf0684a14d5b747c245d659b5f33b1

                                                                                                SHA1

                                                                                                fee7035409106461ca06d14236db42543aa042ee

                                                                                                SHA256

                                                                                                631bdc5422d1339287bf86b7a204f35956f676d473b27879f304d608238c318d

                                                                                                SHA512

                                                                                                e4cdd4b29e1a8cb4d1161a019a304122df5299d62001c3a03426d89b9b7f1fe69e3c3adff0bd036f333490d8673081da50b3165d44c4978e00980b4df7aa920d

                                                                                              • memory/3980-110-0x00007FFEA8A80000-0x00007FFEA8A8B000-memory.dmp

                                                                                                Filesize

                                                                                                44KB

                                                                                              • memory/3980-101-0x00007FFEA8F00000-0x00007FFEA8F0E000-memory.dmp

                                                                                                Filesize

                                                                                                56KB

                                                                                              • memory/3980-74-0x00007FFEAA770000-0x00007FFEAA7A0000-memory.dmp

                                                                                                Filesize

                                                                                                192KB

                                                                                              • memory/3980-77-0x00007FFEAA800000-0x00007FFEAA805000-memory.dmp

                                                                                                Filesize

                                                                                                20KB

                                                                                              • memory/3980-76-0x00007FFEAA770000-0x00007FFEAA7A0000-memory.dmp

                                                                                                Filesize

                                                                                                192KB

                                                                                              • memory/3980-75-0x00007FFEAA770000-0x00007FFEAA7A0000-memory.dmp

                                                                                                Filesize

                                                                                                192KB

                                                                                              • memory/3980-68-0x00007FFEAA610000-0x00007FFEAA620000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-80-0x00007FFEAA300000-0x00007FFEAA310000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-79-0x00007FFEAA270000-0x00007FFEAA280000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-81-0x00007FFEAA300000-0x00007FFEAA310000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-85-0x00007FFEAA320000-0x00007FFEAA330000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-84-0x00007FFEAA320000-0x00007FFEAA330000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-86-0x00007FFEAA320000-0x00007FFEAA330000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-90-0x00007FFEA8250000-0x00007FFEA8260000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-89-0x00007FFEA8250000-0x00007FFEA8260000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-93-0x00007FFEA83C0000-0x00007FFEA83F0000-memory.dmp

                                                                                                Filesize

                                                                                                192KB

                                                                                              • memory/3980-92-0x00007FFEAA600000-0x00007FFEAA601000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                              • memory/3980-94-0x00007FFEA83C0000-0x00007FFEA83F0000-memory.dmp

                                                                                                Filesize

                                                                                                192KB

                                                                                              • memory/3980-95-0x00007FFEA83C0000-0x00007FFEA83F0000-memory.dmp

                                                                                                Filesize

                                                                                                192KB

                                                                                              • memory/3980-96-0x00007FFEA83C0000-0x00007FFEA83F0000-memory.dmp

                                                                                                Filesize

                                                                                                192KB

                                                                                              • memory/3980-91-0x00007FFEA83C0000-0x00007FFEA83F0000-memory.dmp

                                                                                                Filesize

                                                                                                192KB

                                                                                              • memory/3980-98-0x00007FFEA8E50000-0x00007FFEA8E60000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-99-0x00007FFEA8F00000-0x00007FFEA8F0E000-memory.dmp

                                                                                                Filesize

                                                                                                56KB

                                                                                              • memory/3980-100-0x00007FFEA8F00000-0x00007FFEA8F0E000-memory.dmp

                                                                                                Filesize

                                                                                                56KB

                                                                                              • memory/3980-104-0x00007FFEA8A60000-0x00007FFEA8A70000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-105-0x00007FFEA8A60000-0x00007FFEA8A70000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-106-0x00007FFEA8A80000-0x00007FFEA8A8B000-memory.dmp

                                                                                                Filesize

                                                                                                44KB

                                                                                              • memory/3980-73-0x00007FFEAA770000-0x00007FFEAA7A0000-memory.dmp

                                                                                                Filesize

                                                                                                192KB

                                                                                              • memory/3980-109-0x00007FFEA8A80000-0x00007FFEA8A8B000-memory.dmp

                                                                                                Filesize

                                                                                                44KB

                                                                                              • memory/3980-107-0x00007FFEA8A80000-0x00007FFEA8A8B000-memory.dmp

                                                                                                Filesize

                                                                                                44KB

                                                                                              • memory/3980-108-0x00007FFEA8A80000-0x00007FFEA8A8B000-memory.dmp

                                                                                                Filesize

                                                                                                44KB

                                                                                              • memory/3980-103-0x00007FFEA8F00000-0x00007FFEA8F0E000-memory.dmp

                                                                                                Filesize

                                                                                                56KB

                                                                                              • memory/3980-102-0x00007FFEA8F00000-0x00007FFEA8F0E000-memory.dmp

                                                                                                Filesize

                                                                                                56KB

                                                                                              • memory/3980-72-0x00007FFEAA770000-0x00007FFEAA7A0000-memory.dmp

                                                                                                Filesize

                                                                                                192KB

                                                                                              • memory/3980-97-0x00007FFEA8E50000-0x00007FFEA8E60000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-88-0x00007FFEA8140000-0x00007FFEA8150000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-87-0x00007FFEA8140000-0x00007FFEA8150000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-83-0x00007FFEAA320000-0x00007FFEAA330000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-82-0x00007FFEAA320000-0x00007FFEAA330000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-114-0x00007FFEA8510000-0x00007FFEA8520000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-115-0x00007FFEA8540000-0x00007FFEA8566000-memory.dmp

                                                                                                Filesize

                                                                                                152KB

                                                                                              • memory/3980-118-0x00007FFEA8540000-0x00007FFEA8566000-memory.dmp

                                                                                                Filesize

                                                                                                152KB

                                                                                              • memory/3980-119-0x00007FFEA8540000-0x00007FFEA8566000-memory.dmp

                                                                                                Filesize

                                                                                                152KB

                                                                                              • memory/3980-116-0x00007FFEA8540000-0x00007FFEA8566000-memory.dmp

                                                                                                Filesize

                                                                                                152KB

                                                                                              • memory/3980-117-0x00007FFEA8540000-0x00007FFEA8566000-memory.dmp

                                                                                                Filesize

                                                                                                152KB

                                                                                              • memory/3980-113-0x00007FFEA8510000-0x00007FFEA8520000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-112-0x00007FFEA8410000-0x00007FFEA8420000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-111-0x00007FFEA8410000-0x00007FFEA8420000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-78-0x00007FFEAA270000-0x00007FFEAA280000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-120-0x00007FFEA80E0000-0x00007FFEA8107000-memory.dmp

                                                                                                Filesize

                                                                                                156KB

                                                                                              • memory/3980-122-0x00007FFEA80E0000-0x00007FFEA8107000-memory.dmp

                                                                                                Filesize

                                                                                                156KB

                                                                                              • memory/3980-121-0x00007FFEA80E0000-0x00007FFEA8107000-memory.dmp

                                                                                                Filesize

                                                                                                156KB

                                                                                              • memory/3980-123-0x00007FFEA80E0000-0x00007FFEA8107000-memory.dmp

                                                                                                Filesize

                                                                                                156KB

                                                                                              • memory/3980-124-0x00007FFEA80E0000-0x00007FFEA8107000-memory.dmp

                                                                                                Filesize

                                                                                                156KB

                                                                                              • memory/3980-125-0x00007FFEA80E0000-0x00007FFEA8107000-memory.dmp

                                                                                                Filesize

                                                                                                156KB

                                                                                              • memory/3980-127-0x00007FFEA8110000-0x00007FFEA8132000-memory.dmp

                                                                                                Filesize

                                                                                                136KB

                                                                                              • memory/3980-128-0x00007FFEA8110000-0x00007FFEA8132000-memory.dmp

                                                                                                Filesize

                                                                                                136KB

                                                                                              • memory/3980-129-0x00007FFEA8110000-0x00007FFEA8132000-memory.dmp

                                                                                                Filesize

                                                                                                136KB

                                                                                              • memory/3980-126-0x00007FFEA80E0000-0x00007FFEA8107000-memory.dmp

                                                                                                Filesize

                                                                                                156KB

                                                                                              • memory/3980-130-0x00007FFEA8110000-0x00007FFEA8132000-memory.dmp

                                                                                                Filesize

                                                                                                136KB

                                                                                              • memory/3980-131-0x00007FFEA8110000-0x00007FFEA8132000-memory.dmp

                                                                                                Filesize

                                                                                                136KB

                                                                                              • memory/3980-150-0x00000223CA800000-0x00000223CA801000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                              • memory/3980-71-0x00007FFEAA720000-0x00007FFEAA730000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-70-0x00007FFEAA720000-0x00007FFEAA730000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-69-0x00007FFEAA610000-0x00007FFEAA620000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                              • memory/3980-67-0x00000223CA800000-0x00000223CA801000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                              • memory/4440-322-0x0000028734DA0000-0x0000028734DA1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                              • memory/5976-176-0x00007FFEAA600000-0x00007FFEAA601000-memory.dmp

                                                                                                Filesize

                                                                                                4KB