8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Analysis

max time kernel
149s
max time network
278s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2025, 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

roblox.exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	roblox.exe

Executes dropped EXE 1 IoCs

pid	Process
4536	BootstrapperV2.12.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
35	discord.com
36	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
364	ipconfig.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
4536	BootstrapperV2.12.exe
2916	msedge.exe
2916	msedge.exe
2356	msedge.exe
2356	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe

Suspicious use of AdjustPrivilegeToken 44 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	5076	WMIC.exe
Token: SeSecurityPrivilege	5076	WMIC.exe
Token: SeTakeOwnershipPrivilege	5076	WMIC.exe
Token: SeLoadDriverPrivilege	5076	WMIC.exe
Token: SeSystemProfilePrivilege	5076	WMIC.exe
Token: SeSystemtimePrivilege	5076	WMIC.exe
Token: SeProfSingleProcessPrivilege	5076	WMIC.exe
Token: SeIncBasePriorityPrivilege	5076	WMIC.exe
Token: SeCreatePagefilePrivilege	5076	WMIC.exe
Token: SeBackupPrivilege	5076	WMIC.exe
Token: SeRestorePrivilege	5076	WMIC.exe
Token: SeShutdownPrivilege	5076	WMIC.exe
Token: SeDebugPrivilege	5076	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5076	WMIC.exe
Token: SeRemoteShutdownPrivilege	5076	WMIC.exe
Token: SeUndockPrivilege	5076	WMIC.exe
Token: SeManageVolumePrivilege	5076	WMIC.exe
Token: 33	5076	WMIC.exe
Token: 34	5076	WMIC.exe
Token: 35	5076	WMIC.exe
Token: 36	5076	WMIC.exe
Token: SeIncreaseQuotaPrivilege	5076	WMIC.exe
Token: SeSecurityPrivilege	5076	WMIC.exe
Token: SeTakeOwnershipPrivilege	5076	WMIC.exe
Token: SeLoadDriverPrivilege	5076	WMIC.exe
Token: SeSystemProfilePrivilege	5076	WMIC.exe
Token: SeSystemtimePrivilege	5076	WMIC.exe
Token: SeProfSingleProcessPrivilege	5076	WMIC.exe
Token: SeIncBasePriorityPrivilege	5076	WMIC.exe
Token: SeCreatePagefilePrivilege	5076	WMIC.exe
Token: SeBackupPrivilege	5076	WMIC.exe
Token: SeRestorePrivilege	5076	WMIC.exe
Token: SeShutdownPrivilege	5076	WMIC.exe
Token: SeDebugPrivilege	5076	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5076	WMIC.exe
Token: SeRemoteShutdownPrivilege	5076	WMIC.exe
Token: SeUndockPrivilege	5076	WMIC.exe
Token: SeManageVolumePrivilege	5076	WMIC.exe
Token: 33	5076	WMIC.exe
Token: 34	5076	WMIC.exe
Token: 35	5076	WMIC.exe
Token: 36	5076	WMIC.exe
Token: SeDebugPrivilege	2220	roblox.exe
Token: SeDebugPrivilege	4536	BootstrapperV2.12.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 4620	2220	roblox.exe	86
PID 2220 wrote to memory of 4620	2220	roblox.exe	86
PID 4620 wrote to memory of 364	4620	cmd.exe	88
PID 4620 wrote to memory of 364	4620	cmd.exe	88
PID 2220 wrote to memory of 2728	2220	roblox.exe	91
PID 2220 wrote to memory of 2728	2220	roblox.exe	91
PID 2728 wrote to memory of 5076	2728	cmd.exe	93
PID 2728 wrote to memory of 5076	2728	cmd.exe	93
PID 2220 wrote to memory of 4536	2220	roblox.exe	96
PID 2220 wrote to memory of 4536	2220	roblox.exe	96
PID 4536 wrote to memory of 2356	4536	BootstrapperV2.12.exe	97
PID 4536 wrote to memory of 2356	4536	BootstrapperV2.12.exe	97
PID 2356 wrote to memory of 5040	2356	msedge.exe	98
PID 2356 wrote to memory of 5040	2356	msedge.exe	98
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2168	2356	msedge.exe	101
PID 2356 wrote to memory of 2916	2356	msedge.exe	102
PID 2356 wrote to memory of 2916	2356	msedge.exe	102
PID 2356 wrote to memory of 4460	2356	msedge.exe	103
PID 2356 wrote to memory of 4460	2356	msedge.exe	103
PID 2356 wrote to memory of 4460	2356	msedge.exe	103
PID 2356 wrote to memory of 4460	2356	msedge.exe	103
PID 2356 wrote to memory of 4460	2356	msedge.exe	103
PID 2356 wrote to memory of 4460	2356	msedge.exe	103
PID 2356 wrote to memory of 4460	2356	msedge.exe	103
PID 2356 wrote to memory of 4460	2356	msedge.exe	103

C:\Users\Admin\AppData\Local\Temp\roblox.exe
"C:\Users\Admin\AppData\Local\Temp\roblox.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4620
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:364
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2728
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5076
- C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.12.exe
  "C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.12.exe" --oldBootstrapper "C:\Users\Admin\AppData\Local\Temp\roblox.exe" --isUpdate true
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/w9yACJan55
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb27846f8,0x7ffcb2784708,0x7ffcb2784718
      4⤵
      PID:5040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17512021143251070103,4133346815540970069,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
      4⤵
      PID:2168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17512021143251070103,4133346815540970069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,17512021143251070103,4133346815540970069,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
      4⤵
      PID:4460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17512021143251070103,4133346815540970069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
      4⤵
      PID:4936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17512021143251070103,4133346815540970069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:1
      4⤵
      PID:2664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17512021143251070103,4133346815540970069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
      4⤵
      PID:2724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
197B

MD5
0c50329ee2f173b61c02cb28f06c4c1e

SHA1
b6b791816bc7c576303671f11dcb32bfda2f08ba

SHA256
fa8b1c2dfabaca4514e355951dd62c45dbe0e21104dad77cd6646bd219a979d6

SHA512
bb115d00c3722f29a0184e954444a92cdad77c04a1600711646757132ab420733b910b97d5cfdaf678dc534e0bcdddb869d530c0cf34594ae69b3c51913618a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
882858e0108b9177df48cca4d3b97834

SHA1
6145e583405ff98023dd49aaa0717fb8e423bd5a

SHA256
3b07af03eecb1e9fca5a8df0cc4d690a12b457b5839e5851cac3645d977e7436

SHA512
6f26d672c26e32d831f4f76173b85f934fb269698f7d4212a0d934e5b516d3249b3b3ac528bb8efb52322065896a70927100a2864d920b1adc5a1b3d62ae1c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
88b7d2353318a0c4dc082fb6a49c69a1

SHA1
15a9b2a48b5c2f307e7c0e19a7b4d24831c0513d

SHA256
72c1b4acecd76aa8c14b971144d27b7fd9423cd5184eae51adca2c332ac48c67

SHA512
a9a7ab6fa599c5577c666d782813973a96d1375b6c6404b199c4921c22c0d988d49c9cc4400de1b0458336531c84f7093b39571226ac8b964099b4fadade2ad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9a68c73b54b2b5b3c2482cc7f85fb89e

SHA1
5b8d66615f3721707a55a7a3c5f293625159e9b8

SHA256
b8cc33f9deec349c464a9c03e88593a73cd2f55cb90abc02502b62038bb4567a

SHA512
fba6dcb018cfa4ecd0891a23a9b034da9b4ad6c436e2ad8f6f9b7cf8df1432f777f68e27431696950306d517656cce5e8bcea5ee230708ded070366a36276648

Download Submit
C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.12.exe

Filesize
2.9MB

MD5
a36750fe814c6cd0a94312ebaf85e07e

SHA1
9382378c4831247b2efc387581dc909c6352571f

SHA256
933acdb61d5d05bb55cd56957312b677719ac237a2daae0f1daf9d70dc68f2de

SHA512
d028e93cfe594c557e74376854916c33ad0614db1fa1efdf4a4477ff246ccb791510192c35296d5a32b81b376e9ee94ec5f5c0109f04f0320ed788ceda092f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\DISCORD

Filesize
29B

MD5
b86aef3d31fdcc68c0138b25a632f939

SHA1
5f2a826056fadf32b85a9f2f0d960c2bf4ee99eb

SHA256
9bed077bb37dd2f770ed6f960f9e1a22054174fb14ba1aa49cb13cf3008a8486

SHA512
dd6262a375d7195289bbe3f78163d8a1ec2b8db8d4eaee8e3434c3c686a2a38e9bec4fc0fc406aa1915e04475e0ca041b0bfcdd033f08829f1893d6fd0d06e19

Download Submit
memory/2220-4-0x000001709B7C0000-0x000001709B7E2000-memory.dmp

Filesize
136KB

Download
memory/2220-0-0x0000017080E40000-0x0000017080F0E000-memory.dmp

Filesize
824KB

Download
memory/2220-17-0x00007FFCB6060000-0x00007FFCB6B21000-memory.dmp

Filesize
10.8MB

Download
memory/2220-2-0x00007FFCB6060000-0x00007FFCB6B21000-memory.dmp

Filesize
10.8MB

Download
memory/2220-1-0x00007FFCB6063000-0x00007FFCB6065000-memory.dmp

Filesize
8KB

Download
memory/4536-18-0x000001FD6D090000-0x000001FD6D370000-memory.dmp

Filesize
2.9MB

Download
memory/4536-29-0x000001FD75970000-0x000001FD75986000-memory.dmp

Filesize
88KB

Download
memory/4536-30-0x000001FD75950000-0x000001FD7595A000-memory.dmp

Filesize
40KB

Download
memory/4536-28-0x000001FD75960000-0x000001FD75968000-memory.dmp

Filesize
32KB

Download
memory/4536-33-0x000001FD759A0000-0x000001FD759A8000-memory.dmp

Filesize
32KB

Download
memory/4536-32-0x000001FD75910000-0x000001FD7591A000-memory.dmp

Filesize
40KB

Download
memory/4536-27-0x000001FD75920000-0x000001FD75946000-memory.dmp

Filesize
152KB

Download
memory/4536-24-0x000001FD748C0000-0x000001FD748CA000-memory.dmp

Filesize
40KB

Download
memory/4536-22-0x000001FD748A0000-0x000001FD748AE000-memory.dmp

Filesize
56KB

Download
memory/4536-23-0x000001FD757A0000-0x000001FD758A0000-memory.dmp

Filesize
1024KB

Download
memory/4536-21-0x000001FD748D0000-0x000001FD74908000-memory.dmp

Filesize
224KB

Download
memory/4536-20-0x000001FD74850000-0x000001FD74858000-memory.dmp

Filesize
32KB

Download
memory/4536-19-0x000001FD6F890000-0x000001FD6F8A0000-memory.dmp

Filesize
64KB

Download