Analysis

  • max time kernel
    31s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/07/2023, 01:32

General

  • Target

    https://cdn-149.anonfiles.com/1cGdF404z5/29fac58e-1688694036/CheatoSpoofer+%281%29.exe

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Obfuscated with Agile.Net obfuscator 9 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://cdn-149.anonfiles.com/1cGdF404z5/29fac58e-1688694036/CheatoSpoofer+%281%29.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:532
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://cdn-149.anonfiles.com/1cGdF404z5/29fac58e-1688694036/CheatoSpoofer+%281%29.exe
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2148
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2148.0.1153886493\262154526" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {217cdb80-25f9-4c37-96fc-355ba446a8e4} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" 1900 2aa7e1f4558 gpu
        3⤵
          PID:3444
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2148.1.2023154776\617311605" -parentBuildID 20221007134813 -prefsHandle 2312 -prefMapHandle 2308 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a41f6a0a-e23e-467b-9bbf-63e2cc97e0a1} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" 2324 2aa7dfef858 socket
          3⤵
            PID:1228
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2148.2.651907342\1235248079" -childID 1 -isForBrowser -prefsHandle 3196 -prefMapHandle 3192 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8890e3a8-39fd-4d41-9136-9e99d70d4ffe} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" 3208 2aa0515b258 tab
            3⤵
              PID:1652
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2148.3.1305506267\1852570394" -childID 2 -isForBrowser -prefsHandle 3736 -prefMapHandle 3732 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a85d04ab-d598-41ab-8927-0b1ef7319a9c} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" 3744 2aa74062b58 tab
              3⤵
                PID:3732
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2148.5.645304820\1776970994" -childID 4 -isForBrowser -prefsHandle 4832 -prefMapHandle 5084 -prefsLen 26792 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fbe81d9-5dfc-4a6e-9977-854082062f38} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" 5112 2aa07cfa458 tab
                3⤵
                  PID:1852
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2148.6.1714641526\1000667650" -childID 5 -isForBrowser -prefsHandle 5384 -prefMapHandle 5380 -prefsLen 26792 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90e350b9-87af-4a1e-950b-8c948a8015f1} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" 5392 2aa07cfc858 tab
                  3⤵
                    PID:2956
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2148.4.139759688\1050545560" -childID 3 -isForBrowser -prefsHandle 4988 -prefMapHandle 4944 -prefsLen 26792 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {220cfade-72b4-4320-804f-53ccc1781a30} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" 4984 2aa06fce658 tab
                    3⤵
                      PID:1712
                    • C:\Users\Admin\Downloads\CheatoSpoofer (1).exe
                      "C:\Users\Admin\Downloads\CheatoSpoofer (1).exe"
                      3⤵
                        PID:1936
                  • C:\Windows\System32\rundll32.exe
                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                    1⤵
                      PID:640
                    • C:\Users\Admin\Downloads\CheatoSpoofer (1).exe
                      "C:\Users\Admin\Downloads\CheatoSpoofer (1).exe"
                      1⤵
                        PID:4784
                      • C:\Users\Admin\Downloads\CheatoSpoofer (1).exe
                        "C:\Users\Admin\Downloads\CheatoSpoofer (1).exe"
                        1⤵
                          PID:4076
                        • C:\Users\Admin\Downloads\CheatoSpoofer (1).exe
                          "C:\Users\Admin\Downloads\CheatoSpoofer (1).exe"
                          1⤵
                            PID:3192
                          • C:\Users\Admin\Downloads\CheatoSpoofer (1).exe
                            "C:\Users\Admin\Downloads\CheatoSpoofer (1).exe"
                            1⤵
                              PID:4040

                            Network

                                  MITRE ATT&CK Enterprise v6

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\activity-stream.discovery_stream.json.tmp

                                    Filesize

                                    144KB

                                    MD5

                                    31b7c3fb6361d88e435e376adda1817a

                                    SHA1

                                    556ce5c0743c217b419b07991fb548b4e954fda6

                                    SHA256

                                    08643c35769145def3d9103fb2353006a219eaa38b5645e486afd75ba276add2

                                    SHA512

                                    41b707819a4c70bdab8ccd44923307db6c009dc050f45334171af119ed69d757cb0df0290dec78bb116e9e7827ae111b25d3a43429a19f7975ce163377b51fe5

                                  • C:\Users\Admin\AppData\Local\Sentry\9588CF3ABD7EF58A0A76612B90AB4AC3D3B45E66\.installation

                                    Filesize

                                    36B

                                    MD5

                                    29845d59cd3662e6c326388537faa1b6

                                    SHA1

                                    8de70e64a6d92e675ac02fc2b1821bd8b0bee293

                                    SHA256

                                    f9fdd4b9d2cd039da33f86197714c8367fb7c3ed8c4703bd54d9249d45cf0cfb

                                    SHA512

                                    a9ba7076a906f8d4a9d90b6ba0c45e58f63f4834dbccc023a0b31a46a99c5551a857e8c1fd95dcf0c3c2c6147cd596083f782eb71b5abc49c645546e8bb98d33

                                  • C:\Users\Admin\AppData\Local\Temp\Costura\5B2255609A942D3203015BC01089042A\64\user64.dll

                                    Filesize

                                    285KB

                                    MD5

                                    c204468635ab30602dea443c445e1821

                                    SHA1

                                    c1fa917a4604f956ef15bb53655d368c6b19d042

                                    SHA256

                                    7bdc755921404ec6bca532790460523873c3169091020f117ad3ee79d395b6f7

                                    SHA512

                                    d1558e916f31f19ab5a86f3b07aab951cb0fa2df14d5ec4f8f704b146a6e2b117c108bc68afce17859a2c81048cabb1b0510b0c43b45839dc4d82d3aea61dc5b

                                  • C:\Users\Admin\AppData\Local\Temp\Costura\5B2255609A942D3203015BC01089042A\64\user64.dll

                                    Filesize

                                    285KB

                                    MD5

                                    c204468635ab30602dea443c445e1821

                                    SHA1

                                    c1fa917a4604f956ef15bb53655d368c6b19d042

                                    SHA256

                                    7bdc755921404ec6bca532790460523873c3169091020f117ad3ee79d395b6f7

                                    SHA512

                                    d1558e916f31f19ab5a86f3b07aab951cb0fa2df14d5ec4f8f704b146a6e2b117c108bc68afce17859a2c81048cabb1b0510b0c43b45839dc4d82d3aea61dc5b

                                  • C:\Users\Admin\AppData\Local\Temp\Costura\5B2255609A942D3203015BC01089042A\64\user64.dll

                                    Filesize

                                    285KB

                                    MD5

                                    c204468635ab30602dea443c445e1821

                                    SHA1

                                    c1fa917a4604f956ef15bb53655d368c6b19d042

                                    SHA256

                                    7bdc755921404ec6bca532790460523873c3169091020f117ad3ee79d395b6f7

                                    SHA512

                                    d1558e916f31f19ab5a86f3b07aab951cb0fa2df14d5ec4f8f704b146a6e2b117c108bc68afce17859a2c81048cabb1b0510b0c43b45839dc4d82d3aea61dc5b

                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qr3zx4hz.5eu.ps1

                                    Filesize

                                    60B

                                    MD5

                                    d17fe0a3f47be24a6453e9ef58c94641

                                    SHA1

                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                    SHA256

                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                    SHA512

                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\prefs-1.js

                                    Filesize

                                    7KB

                                    MD5

                                    55569f0b3622a2080c20c49aca1c4b50

                                    SHA1

                                    f7e5d8361a4903bde0cb98299a8e83eee1d6c2a1

                                    SHA256

                                    e62fbab5e0ff02b0e881bfd57edfa76ec58fab8593dcec81b78a66e633adeeab

                                    SHA512

                                    ba49428ffbc582092296bbff9ac426e1460bd5a1d1f3472c99c470faecf6c1acd6299383759c0df5b5d9bc49ab9afe057884370049f0b1efb5beb29cd277a7a6

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

                                    Filesize

                                    995B

                                    MD5

                                    5873cb1a1ce86b2417b6bc3fa82f9ee7

                                    SHA1

                                    7a65a2c8e866deba6434685b330e9c569d7eea62

                                    SHA256

                                    560cad195cffbb88fb19fdc7f40568eb6e7399400247c7822b6b939eec0332b5

                                    SHA512

                                    a287bbae6167daab2698a0d0791eca92e8b289ec6ef95f7c2d6dae7565a179db8b8ad4fd0f1ad29eebc79910e8658aeea1e1bc1ba0b8339a2c24c567a6c83ca9

                                  • C:\Users\Admin\Downloads\CheatoSpoofer (1).exe

                                    Filesize

                                    32.3MB

                                    MD5

                                    7a8f3ff6b456e153499088a103d51145

                                    SHA1

                                    30f1fc37c25cd368594c0b8c9e416b3c5ed31d6f

                                    SHA256

                                    93d8134fa11201cecedac89d6c6af96afa83783aebf347ea3f6aefc925df8ceb

                                    SHA512

                                    e295568d314d88355ca1d681602ea00ac3419d3f583e6773eae74d6fd1eaa16789b01af8e35d4af9941ff57055d688d153bf9b2c14ffb8961c5359f2a11e31f0

                                  • C:\Users\Admin\Downloads\CheatoSpoofer (1).exe

                                    Filesize

                                    32.3MB

                                    MD5

                                    7a8f3ff6b456e153499088a103d51145

                                    SHA1

                                    30f1fc37c25cd368594c0b8c9e416b3c5ed31d6f

                                    SHA256

                                    93d8134fa11201cecedac89d6c6af96afa83783aebf347ea3f6aefc925df8ceb

                                    SHA512

                                    e295568d314d88355ca1d681602ea00ac3419d3f583e6773eae74d6fd1eaa16789b01af8e35d4af9941ff57055d688d153bf9b2c14ffb8961c5359f2a11e31f0

                                  • C:\Users\Admin\Downloads\CheatoSpoofer (1).exe

                                    Filesize

                                    32.3MB

                                    MD5

                                    7a8f3ff6b456e153499088a103d51145

                                    SHA1

                                    30f1fc37c25cd368594c0b8c9e416b3c5ed31d6f

                                    SHA256

                                    93d8134fa11201cecedac89d6c6af96afa83783aebf347ea3f6aefc925df8ceb

                                    SHA512

                                    e295568d314d88355ca1d681602ea00ac3419d3f583e6773eae74d6fd1eaa16789b01af8e35d4af9941ff57055d688d153bf9b2c14ffb8961c5359f2a11e31f0

                                  • C:\Users\Admin\Downloads\CheatoSpoofer (1).exe

                                    Filesize

                                    32.3MB

                                    MD5

                                    7a8f3ff6b456e153499088a103d51145

                                    SHA1

                                    30f1fc37c25cd368594c0b8c9e416b3c5ed31d6f

                                    SHA256

                                    93d8134fa11201cecedac89d6c6af96afa83783aebf347ea3f6aefc925df8ceb

                                    SHA512

                                    e295568d314d88355ca1d681602ea00ac3419d3f583e6773eae74d6fd1eaa16789b01af8e35d4af9941ff57055d688d153bf9b2c14ffb8961c5359f2a11e31f0

                                  • C:\Users\Admin\Downloads\CheatoSpoofer (1).exe

                                    Filesize

                                    32.3MB

                                    MD5

                                    7a8f3ff6b456e153499088a103d51145

                                    SHA1

                                    30f1fc37c25cd368594c0b8c9e416b3c5ed31d6f

                                    SHA256

                                    93d8134fa11201cecedac89d6c6af96afa83783aebf347ea3f6aefc925df8ceb

                                    SHA512

                                    e295568d314d88355ca1d681602ea00ac3419d3f583e6773eae74d6fd1eaa16789b01af8e35d4af9941ff57055d688d153bf9b2c14ffb8961c5359f2a11e31f0

                                  • C:\Users\Admin\Downloads\CheatoSpoofer (1).exe

                                    Filesize

                                    13.1MB

                                    MD5

                                    0692448466594d10f84490009e73a706

                                    SHA1

                                    6bfe4505000415101d0b18493e838a5d49c71c12

                                    SHA256

                                    a798a83c8ae0be8ab97bf0d8b2506e601e097e0000da7d0c5ef2a37fbeeb3f59

                                    SHA512

                                    71b30e432db9a3ce23c9dc271612f3a4c7ea979da2ea33590eb14e5ce4c3aa33d12950b53ea0f3a4bbe4e88b7001ca2c89fb4834f7b77899e37c2dddec2a92e6

                                  • C:\Users\Admin\Downloads\CheatoSpoofer (1).exe

                                    Filesize

                                    11.0MB

                                    MD5

                                    5bc93051f48078c9907df4b93acaf02b

                                    SHA1

                                    e27737a3f96c400d7f36eeb6fa4a6a4db5d7d1ca

                                    SHA256

                                    300d54dd518702822828f3b026c24cf02d5c40ba7901288737f38a4b1f434701

                                    SHA512

                                    7950900af78ba782ad7319e8c9e1129c9d7009b051386bdbdd52e7d506cf15a8d886102383321376ea2d9100ccad7f52040e163e292a1577a4bb7915ca48feea

                                  • memory/1936-245-0x000002CFBA060000-0x000002CFBA07A000-memory.dmp

                                    Filesize

                                    104KB

                                  • memory/1936-279-0x000002CFBA060000-0x000002CFBA07A000-memory.dmp

                                    Filesize

                                    104KB

                                  • memory/1936-244-0x000002CFBA060000-0x000002CFBA07A000-memory.dmp

                                    Filesize

                                    104KB

                                  • memory/1936-242-0x00007FF430310000-0x00007FF4306E1000-memory.dmp

                                    Filesize

                                    3.8MB

                                  • memory/1936-246-0x000002CFBA060000-0x000002CFBA07A000-memory.dmp

                                    Filesize

                                    104KB

                                  • memory/1936-241-0x0000000000020000-0x0000000004AB8000-memory.dmp

                                    Filesize

                                    74.6MB

                                  • memory/1936-252-0x000002CFBB090000-0x000002CFBB098000-memory.dmp

                                    Filesize

                                    32KB

                                  • memory/1936-253-0x000002CFD3C60000-0x000002CFD3C70000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/1936-255-0x000002CFD3DB0000-0x000002CFD3DB8000-memory.dmp

                                    Filesize

                                    32KB

                                  • memory/1936-256-0x000002CFD3F00000-0x000002CFD3F1A000-memory.dmp

                                    Filesize

                                    104KB

                                  • memory/1936-257-0x000002CFD3F50000-0x000002CFD3F72000-memory.dmp

                                    Filesize

                                    136KB

                                  • memory/1936-240-0x0000000000020000-0x0000000004AB8000-memory.dmp

                                    Filesize

                                    74.6MB

                                  • memory/1936-258-0x0000000000020000-0x0000000004AB8000-memory.dmp

                                    Filesize

                                    74.6MB

                                  • memory/1936-224-0x00007FF430310000-0x00007FF4306E1000-memory.dmp

                                    Filesize

                                    3.8MB

                                  • memory/1936-261-0x000002CFD3C60000-0x000002CFD3C70000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/1936-234-0x0000000000020000-0x0000000004AB8000-memory.dmp

                                    Filesize

                                    74.6MB

                                  • memory/1936-235-0x0000000000020000-0x0000000004AB8000-memory.dmp

                                    Filesize

                                    74.6MB

                                  • memory/1936-239-0x0000000000020000-0x0000000004AB8000-memory.dmp

                                    Filesize

                                    74.6MB

                                  • memory/1936-238-0x0000000000020000-0x0000000004AB8000-memory.dmp

                                    Filesize

                                    74.6MB

                                  • memory/1936-311-0x0000000000020000-0x0000000004AB8000-memory.dmp

                                    Filesize

                                    74.6MB

                                  • memory/1936-278-0x000002CFD3C60000-0x000002CFD3C70000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/1936-280-0x000002CFBA060000-0x000002CFBA07A000-memory.dmp

                                    Filesize

                                    104KB

                                  • memory/1936-281-0x000002CFBA060000-0x000002CFBA07A000-memory.dmp

                                    Filesize

                                    104KB

                                  • memory/1936-282-0x000002CFD3C60000-0x000002CFD3C70000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/1936-243-0x000002CFD3C60000-0x000002CFD3C70000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/1936-236-0x00007FFC48A20000-0x00007FFC48A30000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/1936-237-0x0000000000020000-0x0000000004AB8000-memory.dmp

                                    Filesize

                                    74.6MB

                                  • memory/1936-295-0x0000000000020000-0x0000000004AB8000-memory.dmp

                                    Filesize

                                    74.6MB

                                  • memory/1936-300-0x000002CFD3C60000-0x000002CFD3C70000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/1936-299-0x000002CFD4B10000-0x000002CFD4C25000-memory.dmp

                                    Filesize

                                    1.1MB

                                  • memory/1936-302-0x000002CFD3C60000-0x000002CFD3C70000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/1936-303-0x000002CFD3C60000-0x000002CFD3C70000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/1936-304-0x000002CFD3C60000-0x000002CFD3C70000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/1936-305-0x000002CFD3C60000-0x000002CFD3C70000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/1936-306-0x000002CFD7CD0000-0x000002CFD7DD0000-memory.dmp

                                    Filesize

                                    1024KB

                                  • memory/1936-307-0x0000000000020000-0x0000000004AB8000-memory.dmp

                                    Filesize

                                    74.6MB

                                  • memory/1936-308-0x000002CFD4B10000-0x000002CFD4C25000-memory.dmp

                                    Filesize

                                    1.1MB

                                  • memory/1936-309-0x000002CFD82F0000-0x000002CFD82F1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/1936-310-0x000002CFD7CD0000-0x000002CFD7DD0000-memory.dmp

                                    Filesize

                                    1024KB

                                  • memory/1936-312-0x000002CFD4B10000-0x000002CFD4C25000-memory.dmp

                                    Filesize

                                    1.1MB

                                  • memory/3192-319-0x0000000000020000-0x0000000004AB8000-memory.dmp

                                    Filesize

                                    74.6MB

                                  • memory/3192-331-0x00000234EDE30000-0x00000234EDE4A000-memory.dmp

                                    Filesize

                                    104KB

                                  • memory/3192-315-0x00007FF4E7DB0000-0x00007FF4E8181000-memory.dmp

                                    Filesize

                                    3.8MB

                                  • memory/3192-336-0x00000234EFAB0000-0x00000234EFAC0000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/3192-329-0x00000234EFAB0000-0x00000234EFAC0000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/3192-318-0x0000000000020000-0x0000000004AB8000-memory.dmp

                                    Filesize

                                    74.6MB

                                  • memory/3192-332-0x00000234EDE30000-0x00000234EDE4A000-memory.dmp

                                    Filesize

                                    104KB

                                  • memory/3192-330-0x00000234EDE30000-0x00000234EDE4A000-memory.dmp

                                    Filesize

                                    104KB

                                  • memory/3192-328-0x0000000000020000-0x0000000004AB8000-memory.dmp

                                    Filesize

                                    74.6MB

                                  • memory/3192-322-0x0000000000020000-0x0000000004AB8000-memory.dmp

                                    Filesize

                                    74.6MB

                                  • memory/3192-323-0x0000000000020000-0x0000000004AB8000-memory.dmp

                                    Filesize

                                    74.6MB

                                  • memory/3192-324-0x0000000000020000-0x0000000004AB8000-memory.dmp

                                    Filesize

                                    74.6MB

                                  • memory/3192-325-0x00007FF4E7DB0000-0x00007FF4E8181000-memory.dmp

                                    Filesize

                                    3.8MB

                                  • memory/3192-326-0x0000000000020000-0x0000000004AB8000-memory.dmp

                                    Filesize

                                    74.6MB

                                  • memory/4040-320-0x0000000000020000-0x0000000004AB8000-memory.dmp

                                    Filesize

                                    74.6MB

                                  • memory/4040-321-0x00007FF46BD90000-0x00007FF46C161000-memory.dmp

                                    Filesize

                                    3.8MB

                                  • memory/4040-317-0x00007FF46BD90000-0x00007FF46C161000-memory.dmp

                                    Filesize

                                    3.8MB

                                  • memory/4076-298-0x00007FF4BB290000-0x00007FF4BB661000-memory.dmp

                                    Filesize

                                    3.8MB

                                  • memory/4076-283-0x00007FF4BB290000-0x00007FF4BB661000-memory.dmp

                                    Filesize

                                    3.8MB

                                  • memory/4076-288-0x0000000000020000-0x0000000004AB8000-memory.dmp

                                    Filesize

                                    74.6MB

                                  • memory/4784-263-0x00007FF4E63D0000-0x00007FF4E67A1000-memory.dmp

                                    Filesize

                                    3.8MB

                                  • memory/4784-262-0x0000000000020000-0x0000000004AB8000-memory.dmp

                                    Filesize

                                    74.6MB

                                  • memory/4784-260-0x00007FF4E63D0000-0x00007FF4E67A1000-memory.dmp

                                    Filesize

                                    3.8MB