Overview

overview

10

Static

static

10

RobloxPlayer.exe

windows7-x64

10

RobloxPlayer.exe

windows10-2004-x64

Analysis

  • max time kernel
    139s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-05-2024 02:13

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    RobloxPlayer.exe

  • Size

    78KB

  • MD5

    8f3d0d4044ff8cc1d847687568c91e14

  • SHA1

    fd9049e0e5c074603b78a2aea228b75e4ce6c099

  • SHA256

    1c7ffa12df8fc6b0617ddd3e7bf89582154156c803ca2b2df7a6073d43e13dc0

  • SHA512

    afd8aa0948e588de2bb7d44687afccd5da52e613a06a26bbec862945a3cd1a80423b2e1929256bce23e92bac5b09f27e436c1223583d4507c6782da3d46760e4

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+cPIC:5Zv5PDwbjNrmAE+QIC

Score
10/10
discordratevasionpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY

  • server_id

    1201970766531530822

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Disables Task Manager via registry modification
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 34 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\RobloxPlayer.exe
    "C:\Users\Admin\AppData\Local\Temp\RobloxPlayer.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    PID:2992
    • C:\Windows\System32\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 0
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:5024
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1184
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3924
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.0.686421052\2055562847" -parentBuildID 20230214051806 -prefsHandle 1796 -prefMapHandle 1788 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b152baf-0dda-4779-8c77-62b8afb806e3} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 1884 1526fbed258 gpu
        3⤵
          PID:876
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.1.14621088\291853894" -parentBuildID 20230214051806 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a77865de-3e06-46a6-97a3-6bb196c3aa71} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 2452 15263f8ae58 socket
          3⤵
            PID:2820
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.2.2074674222\1274637452" -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 2996 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c7161f6-0207-449c-a6a8-e93c0a97a583} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 3012 15273b05b58 tab
            3⤵
              PID:2776
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.3.1837018927\727906526" -childID 2 -isForBrowser -prefsHandle 3564 -prefMapHandle 3544 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1b884cd-ac96-475b-af2c-fc707fb23685} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 3592 1527578fa58 tab
              3⤵
                PID:1824
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.4.1847851766\490736196" -childID 3 -isForBrowser -prefsHandle 5108 -prefMapHandle 4176 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef80ad07-769d-46f7-9f98-d25792912c2e} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 5128 15277d5e558 tab
                3⤵
                  PID:2344
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.5.779961973\1337663007" -childID 4 -isForBrowser -prefsHandle 5268 -prefMapHandle 5272 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9511c6b3-6ff5-4357-abc1-c66cf0b839f7} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 5260 15277d5fa58 tab
                  3⤵
                    PID:4404
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.6.801042414\2093062630" -childID 5 -isForBrowser -prefsHandle 5460 -prefMapHandle 5464 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da3c409e-1993-4b2e-bbce-ebd20eeee6b5} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 5452 15277d5fd58 tab
                    3⤵
                      PID:4556
                • C:\Windows\system32\taskmgr.exe
                  "C:\Windows\system32\taskmgr.exe" /7
                  1⤵
                  • Checks SCSI registry key(s)
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious behavior: GetForegroundWindowSpam
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  PID:5236
                • C:\Windows\system32\AUDIODG.EXE
                  C:\Windows\system32\AUDIODG.EXE 0x514 0x2ec
                  1⤵
                  • Suspicious use of AdjustPrivilegeToken
                  PID:5692
                • C:\Windows\system32\LogonUI.exe
                  "LogonUI.exe" /flags:0x4 /state0:0xa3890055 /state1:0x41c64e6d
                  1⤵
                  • Modifies data under HKEY_USERS
                  • Suspicious use of SetWindowsHookEx
                  PID:4880

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  26KB

                  MD5

                  e87392faa387042d936a957a43bd0bce

                  SHA1

                  d495b3a9aabbe93538780372db38909dff6ec768

                  SHA256

                  b80536bb30b44c6df8c6c38bd3b3b87fbee05e4a51f8c54ee82a88f39f3826d1

                  SHA512

                  58ab15260b255855f7559ed6cdf35399dada1b29fca2c581fbc00cea5ef6d9311493f353e0f018f13d21e0032774688ff97471c6fdb292ddef7e8354e01b5463

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649
                  Filesize

                  13KB

                  MD5

                  24a2969eea4c5d3bc66e9628a047252d

                  SHA1

                  2491250e897ce3280895c83071622cfbeb61bebc

                  SHA256

                  db685423d6523ba12facbac6ef6149648c875990508cc371f67303315a487333

                  SHA512

                  02b0765c9373618889588daf655875d0e85997aea728b9c3c0fbdf646b918d14a4e4e0aae711c658a095db14fe423eac2d7d9365301e85057a0ae932c474a858

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  442KB

                  MD5

                  85430baed3398695717b0263807cf97c

                  SHA1

                  fffbee923cea216f50fce5d54219a188a5100f41

                  SHA256

                  a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                  SHA512

                  06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  8.0MB

                  MD5

                  a01c5ecd6108350ae23d2cddf0e77c17

                  SHA1

                  c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                  SHA256

                  345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                  SHA512

                  b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  182B

                  MD5

                  1c3c58f7838dde7f753614d170f110fc

                  SHA1

                  c17e5a486cecaddd6ced7217d298306850a87f48

                  SHA256

                  81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

                  SHA512

                  9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                  Filesize

                  997KB

                  MD5

                  fe3355639648c417e8307c6d051e3e37

                  SHA1

                  f54602d4b4778da21bc97c7238fc66aa68c8ee34

                  SHA256

                  1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                  SHA512

                  8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  3d33cdc0b3d281e67dd52e14435dd04f

                  SHA1

                  4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                  SHA256

                  f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                  SHA512

                  a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                  Filesize

                  479B

                  MD5

                  49ddb419d96dceb9069018535fb2e2fc

                  SHA1

                  62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                  SHA256

                  2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                  SHA512

                  48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                  Filesize

                  372B

                  MD5

                  8be33af717bb1b67fbd61c3f4b807e9e

                  SHA1

                  7cf17656d174d951957ff36810e874a134dd49e0

                  SHA256

                  e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                  SHA512

                  6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                  Filesize

                  11.8MB

                  MD5

                  33bf7b0439480effb9fb212efce87b13

                  SHA1

                  cee50f2745edc6dc291887b6075ca64d716f495a

                  SHA256

                  8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                  SHA512

                  d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                  Filesize

                  1KB

                  MD5

                  688bed3676d2104e7f17ae1cd2c59404

                  SHA1

                  952b2cdf783ac72fcb98338723e9afd38d47ad8e

                  SHA256

                  33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                  SHA512

                  7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                  Filesize

                  1KB

                  MD5

                  937326fead5fd401f6cca9118bd9ade9

                  SHA1

                  4526a57d4ae14ed29b37632c72aef3c408189d91

                  SHA256

                  68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                  SHA512

                  b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  35b8099a0b8ea25d355ede4b315b727b

                  SHA1

                  42d4a089c5411e46f23bc621a25e673c9bbc3946

                  SHA256

                  f9255a0a083da962e58ca86660d20fb548b5a67e6a92ec164056b7ebbab51294

                  SHA512

                  f78c776841a2ef4d550312ebb95d30153b6f549cd2d34339bfc2aac2a34921cc5d6ced0ad720463e72676e9746f78c522f34b6024df7a33bca741c3e0e0822b2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js
                  Filesize

                  8KB

                  MD5

                  0381bc854eb90cc7ab9b12c8f7a413e5

                  SHA1

                  32c3fb4ffdad5d7545a4b08bb0dae991fab16e75

                  SHA256

                  7b30a6d480ef7797c55ebe97da3bf6a3155ebbaa96bf1897865211eff02bddcc

                  SHA512

                  3ef5de81079566a08fd7d4479bc34e571da22abc8709dc381f7abed4936a46ec5917fb542420ae4020b5b16d8836dc1ba19fb6813c7590f0ef6e47f5af561ab2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js
                  Filesize

                  10KB

                  MD5

                  a6771f2be22c4099511b843d0ca15cc3

                  SHA1

                  5edea0fcc25eccb5bf35c3293021ea46e1c22897

                  SHA256

                  d8d50aacf99e3bcdb0bfa6635c8026ab2584420272a5ef40cb43d5c78fbdf72f

                  SHA512

                  a1b55b5736f65c065d074dd7188abaf268284488666f4b1ea2dad1fd925ec61a77402c8ecf355dd16270e7ed85fefdee70b2469b61c1607bb58274502979fc93

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  cff2c2eb9f62446e60840119d7f9bea1

                  SHA1

                  bca71d88c08453fae6a81876020811c308485f89

                  SHA256

                  5f2aa3cab52c902c34dbb7020b8a4b63d83dc145f88f102e876862292211943a

                  SHA512

                  96fcd973ef8cb01d0d7cd48fbd04efd92c222d0d7dd7f6707799cbfc2957a849493be355f8cd778b46526e7c2e84687ac48ff456cffe1229d8279cf7f813ec3a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs.js
                  Filesize

                  10KB

                  MD5

                  4a8bffae4c79ccb852ccee9577c4ca44

                  SHA1

                  4ff8c173f4b8e329f9967aa7980393f13592d988

                  SHA256

                  8c1d97600ca7e5eac2b24a9e1b2d0e26e92766b6ca72aef52e90da69b2f5a4a6

                  SHA512

                  a0c708c4ec7e4bce3a546c2872aaa08e22004696d507f958ef8f0d1fe93fc73341b6eebef4d28a6ab39fd8355a8f34d4738e1e046a1c8b31bebbb3fc0b9b7f23

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionCheckpoints.json.tmp
                  Filesize

                  259B

                  MD5

                  c8dc58eff0c029d381a67f5dca34a913

                  SHA1

                  3576807e793473bcbd3cf7d664b83948e3ec8f2d

                  SHA256

                  4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

                  SHA512

                  b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  05c987725249a38de56e9b840dcdd089

                  SHA1

                  8763533bb471d96577d17253af512fcfcd52bf09

                  SHA256

                  9a84c3b5fb45ec9123ebe2ee725fa8a84c91d0b299f581f9ea318caafd5eed46

                  SHA512

                  6e565fff10bce53355835e65206769e7a320cd6864bcfef7455b992df8666082b27218ba44efbdc4d4a75a8145ef1df2bde05797ba98f0902be4ad51bce7ebfc

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore.jsonlz4
                  Filesize

                  877B

                  MD5

                  03baf7bb11885c9cc38f7b35bbbd61e6

                  SHA1

                  cfb6ee613cf6b36b982d97b9cf224e6c159da263

                  SHA256

                  22547e3c8f673185fc1ff887b61761598349ba5291aba0d346ce461176e8f756

                  SHA512

                  18e869f434b0c1df4345a5eb8052fbdeb5b5b1d2230eac3c6e20d23bb7b76e0e99957653834e776731208a1f90f66478b49e10f213c6d1fa9b5c2cf8d511afbd

                  Download Submit

                • memory/2992-83-0x00007FF8B9523000-0x00007FF8B9525000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/2992-84-0x00007FF8B9520000-0x00007FF8B9FE1000-memory.dmp

                  Filesize

                  10.8MB

                  Download

                • memory/2992-0-0x00007FF8B9523000-0x00007FF8B9525000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/2992-1-0x000001F8BE6E0000-0x000001F8BE6F8000-memory.dmp

                  Filesize

                  96KB

                  Download

                • memory/2992-2-0x000001F8D8CD0000-0x000001F8D8E92000-memory.dmp

                  Filesize

                  1.8MB

                  Download

                • memory/2992-2119-0x00007FF8B9520000-0x00007FF8B9FE1000-memory.dmp

                  Filesize

                  10.8MB

                  Download

                • memory/2992-3-0x00007FF8B9520000-0x00007FF8B9FE1000-memory.dmp

                  Filesize

                  10.8MB

                  Download

                • memory/2992-4-0x000001F8D95B0000-0x000001F8D9AD8000-memory.dmp

                  Filesize

                  5.2MB

                  Download

                • memory/2992-348-0x000001F8D9180000-0x000001F8D922A000-memory.dmp

                  Filesize

                  680KB

                  Download

                • memory/5236-76-0x000001F9245A0000-0x000001F9245A1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/5236-65-0x000001F9245A0000-0x000001F9245A1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/5236-66-0x000001F9245A0000-0x000001F9245A1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/5236-75-0x000001F9245A0000-0x000001F9245A1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/5236-64-0x000001F9245A0000-0x000001F9245A1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/5236-73-0x000001F9245A0000-0x000001F9245A1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/5236-74-0x000001F9245A0000-0x000001F9245A1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/5236-72-0x000001F9245A0000-0x000001F9245A1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/5236-71-0x000001F9245A0000-0x000001F9245A1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/5236-70-0x000001F9245A0000-0x000001F9245A1000-memory.dmp

                  Filesize

                  4KB

                  Download