f4055022c94103087ce5fe4ee8493bc11e6fb9c788134fc732aa9ff5d05cb765

Analysis

max time kernel
149s
max time network
162s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/04/2024, 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PG3DInjector.exe
Size

76.1MB
MD5

666d27360a5154c9797e3644f22a4a67
SHA1

31b8aa2ef6eb33dbbb2fd1305114c806b854be35
SHA256

f4055022c94103087ce5fe4ee8493bc11e6fb9c788134fc732aa9ff5d05cb765
SHA512

042e32431b62d45a09b13f94f0699ec1d94b60c88705ca23ccbea9e939010bb99f98df437672694aa19e47a26aeb8f865a60053475b18d833ec6015b263dedbd
SSDEEP

393216:lQeufzJiVWHIFrrmsx5lv8QshCe9dlkEBO2/w0XzN2FX7RIMnBZ1IQ0P543WbtZV:l5utHUrrm2DEQshjlYPDA5UUVIa2Q

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{25739361-FE9D-11EE-8859-DE62917EBCA6} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2784	PG3DInjector.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2784	PG3DInjector.exe
Token: 33	3044	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3044	AUDIODG.EXE
Token: 33	3044	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3044	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1308	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1308	iexplore.exe
1308	iexplore.exe
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE
1308	iexplore.exe
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 2440	2784	PG3DInjector.exe	29
PID 2784 wrote to memory of 2440	2784	PG3DInjector.exe	29
PID 2784 wrote to memory of 2440	2784	PG3DInjector.exe	29
PID 1308 wrote to memory of 2984	1308	iexplore.exe	37
PID 1308 wrote to memory of 2984	1308	iexplore.exe	37
PID 1308 wrote to memory of 2984	1308	iexplore.exe	37
PID 1308 wrote to memory of 2984	1308	iexplore.exe	37

C:\Users\Admin\AppData\Local\Temp\PG3DInjector.exe
"C:\Users\Admin\AppData\Local\Temp\PG3DInjector.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2784 -s 596
  2⤵
  PID:2440

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1096

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x590
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3044

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1308 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

Filesize
579B

MD5
f55da450a5fb287e1e0f0dcc965756ca

SHA1
7e04de896a3e666d00e687d33ffad93be83d349e

SHA256
31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

SHA512
19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

Filesize
252B

MD5
16d9fdef27a98d48953994452a8504f7

SHA1
b6138933bff41eecc1d0793607e50cc7191bbcfb

SHA256
6b750314c19cd68be3b865a74e1d5b088af516ccbdb4dd1c62bbaa1bdd300f20

SHA512
9ac4b925d1d591c7361a89db74a85324e1da92f0b44141e93ec314c93185a0efd212261d91606d301107e160d7895fe4155578850b5c9bef937954cad591c436

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00f906695856906a87248d0252f29aed

SHA1
5e2e4832f8e6806a1b58d0adaee318341c3b6c11

SHA256
6b1916d7c66f6b90778d267ae70cc3b9de80a40d1d04cd92f11830d5e88a418c

SHA512
348465af7b14806a2b0446696b46570069e52c3ebeccadfb9578453644be392b5a2f17206fc3bef95e13ae3f3541c03b8eef62a3920024b28f1027cb3d743175

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa243c0f6c106119be3104cf0f844616

SHA1
9fec3acbdcc6d70ff2f5d0e1450f8df9562ed61d

SHA256
9488c2e397ac690d6d034709287cdd8bf151e97c921032c63bf5d1afc4ffe7f9

SHA512
3293ed23e90cb57fc92c78ed3d9116f5b850405fd8e01237d13b3c7b6b4e217486dd0ab74caa33a789731e28c69cac794bd2c84fd3229ddfb999477bcb24e1d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3b922b2c5ad283c59efd2d6740a0a46

SHA1
59bd78f7b5cb9be8e0eb1f1f222d80b105fe578f

SHA256
7737a584f424a7cce5ddbbe04858b29503aba66ae4dd8c81406fe3663fe456da

SHA512
e6e3d846ad3702ebb2383c24b7d9acb4d097bf3c701f400750fe6f502de367240d4f933cb281a7330357745e7c43fefc9faddf16ce73340ee208f5f1e6559546

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30f1b5b8ed0e82ff70964fe6902d0647

SHA1
fb55ccde9ca42ee609af6c1d14cb8d2273824637

SHA256
30baf5dd9e1ffcc385d77b1820dc0fc5aa77d83402153709f3acd2cf673ea10a

SHA512
9b7a0e633504f332ec687a377a7d360a0706aec90ce9b46160b810cbd121b3d423e5a3cfcf7eb2640b2d27b59cea6f5bf3f30a21b28665ec212cc846d52c7bc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39c0a7f7c096b65d35040a0bd775d974

SHA1
5219f3166a44fbd8e2a932ca309eb27b15630d7a

SHA256
4d4ad169b6012068fa042b10cb0c693f2a460849efbc8f4cc14339b47d2877a7

SHA512
4a366218d13c31aaacc2c9a68b5c87f0b8330d7c111b76cb9fbabdc00a5f00a5da473ee591ae432c973c2042d09c2f6c289f492569f6dc663dd6703205411bde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2e78f0176388aa715b49e64bb1967dd

SHA1
744a414f1b4c9735d068fc4178b1d24f388c1d3e

SHA256
6d2247106b9e527e1dc2241989e10507ad111e2844f7fd2b6ffff27d6b02bb6c

SHA512
15ae2e6d0f2a8b29dbb7196866d1c14ad444f2d3d6a9e9ea0fe124cee002674b4b7cc202e919a0118b1c728396f9b853d6d009caca6410bbaf49df8dec401d87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3590fb7a411f58c835c28457090f4299

SHA1
ff19044cba2491aee5e436ad392aeed3a0a963cd

SHA256
d0abee7ea0da0cec680d60b340d71d838f2fcbf5e37e06288b386db8c4495e16

SHA512
d19e19789d46d59bdd6549f082b7bc8a595bbb505a83a306e11477ac337ccc5b9d97c4643d4778ea2570f03f7aa156f869ad542d83037588b4efa0f03a514bf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1bd98f2923acd9c70ae0458465a45ff1

SHA1
347fcc1aa8200f27ae60696185509e01b5a5b1f6

SHA256
0478beddf7a4f2a8858457f4caab01ed8b36cb95431a7b3fa498649ca39d9cf1

SHA512
570efc1fca35622e2d0eef9edbc3a87009d9be568f2e1e30625cadcb77a71888b843cd37b0826e6a3ac4fbe3bf9bee0a5405bc14cc2eed322d136782c118c34b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c01e41b31d504e09ff5b5f8296fda45f

SHA1
8b7cc0dcab9e5818c1c3e2bd255e2ec73a679abb

SHA256
fe235481eb3f2f3e756a5a002b3308e3bf2d6c87449e1cf05974f9ce88a8639b

SHA512
252b1c0eb75c75622379246d931b8e364347f14d4622e013a17f2a5623a2bfcf5cf0c6a0b0e16a1e2213c1ad46436f02932af415198d57f088dea6ea291b2fc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef23f828b8aa24bc6abff2d6cdddfa3d

SHA1
c7bfa33aced861f3263a2f2a8547b675ba86ab0e

SHA256
2b3ec28e5e167362963d24da5d4f130a82dbe623c76bc8a41f7a6bf2164766f4

SHA512
cf4cf14067e77c4b94634630d400d855e5241392326171f1cc2624e590310d33e5323b0875f7fbde2ecb137d9c91122647f4682fe894d4b2f80b57abb3b3f21a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q905y6j\imagestore.dat

Filesize
4KB

MD5
e1514e80da0ce8d642709558260967a1

SHA1
1c36711d3c4f7d7294da8cfb72c35c0e49774738

SHA256
89f75c66b513bdf10886ac2d77b9894704fa59fad8eb77bb3703a444e42865a4

SHA512
72f89f08f02f7a6f1bd8fae5e9fe9e2822234b469805e43cc6ce3ff7712005f8052c762f42e03e93b8c093f738f06bafad670bb91d6502f063653109586e133c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q905y6j\imagestore.dat

Filesize
8KB

MD5
c182144e88a8c8128fb0bb747d8cd1c3

SHA1
7d75716626ff293f3a0ca00985c3696224d0e8d6

SHA256
092b9a8130cacb712ad61ce1c6f02a17ab24a0745a48621b37dd74ace59de698

SHA512
64c5e53bd274dbd3fa7aee68c315dc2c2f2ada4a6a6ec64f4f27bfa0218ca1c56fea696d6ef0901231b37f6e7e49f92846730ccce0662bc4f4580d573b4d59e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\favicon-trans-bg-blue-mg[1].ico

Filesize
4KB

MD5
30967b1b52cb6df18a8af8fcc04f83c9

SHA1
aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

SHA256
439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

SHA512
7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\qsml[1].xml

Filesize
564B

MD5
b1a81d84957814831a1dc89787e358a2

SHA1
f075cfc79c18c3cf40de357b3548d3d4d266cffe

SHA256
97c2a78c5ea9fe85656668f57927215ef1626135bb03d3db7712b29c329d6364

SHA512
8ed9627bc7bc01355ce507155ccec009c7663db820d51f0238a9ba283c3123f81da221d5643bbe719ead5caef9181749b627ece786af20ff8d456732e47d5203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\qsml[2].xml

Filesize
474B

MD5
21b9facfcf428bb1ba1816afe8116bfd

SHA1
950e09d850805221c2679777fafd349e3214a4cc

SHA256
e5519407871a8eff6618f2dd457859f00ae4bbe7d95dfa5f2c00289f326ac830

SHA512
436f5b2a21c1e66dab41036f832c6cf15d50ea929052007050f1dbca49c360a3192ab687a7614aa93270a3576adb653103e0c8c6b99a46c90be7d605323aa26b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\qsml[3].xml

Filesize
477B

MD5
b47b6aece67e6d770940333daa6dd91a

SHA1
7bd614d1fbe4e9773384a4620d9f635e504b4c21

SHA256
5028f12211cffb268601e8e414d99170f17c01a6c0a845034f9f49679795bb99

SHA512
252edcc2ae693d682f8b9447d3ebb3fd74e8daa3f023b860c1a7d5fc7c9f2f5386ae65520d454db837cff01e8722d4befa67a7b18bd2be5e4f18dbd8e2c37efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\qsml[4].xml

Filesize
501B

MD5
540c81a0a7282d93f66630a0fcbdd529

SHA1
d29c612296563be41eafd7ac8ed77e582f9740a0

SHA256
54fa3ed9076058462d760ff423164ce69a44f028b8601918195df0607cec6629

SHA512
f61a23ea2dc79ded150c689138267b091b9f63938f792913a159be1d738fed8b50e93f4b5471d944f0ddb5ba18fbce8927410861b01ff50449e76302190c2d89

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE40B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE4F7.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE53B.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
memory/2784-42-0x00000000038E0000-0x00000000039A0000-memory.dmp

Filesize
768KB

Download
memory/2784-34-0x0000000001FB0000-0x0000000001FE0000-memory.dmp

Filesize
192KB

Download
memory/2784-82-0x000000013FC80000-0x00000001405F0000-memory.dmp

Filesize
9.4MB

Download
memory/2784-54-0x0000000003660000-0x0000000003690000-memory.dmp

Filesize
192KB

Download
memory/2784-58-0x0000000001D50000-0x0000000001D60000-memory.dmp

Filesize
64KB

Download
memory/2784-62-0x0000000002240000-0x0000000002250000-memory.dmp

Filesize
64KB

Download
memory/2784-50-0x0000000003600000-0x0000000003630000-memory.dmp

Filesize
192KB

Download
memory/2784-46-0x0000000002220000-0x0000000002240000-memory.dmp

Filesize
128KB

Download
memory/2784-0-0x0000000002C70000-0x0000000003100000-memory.dmp

Filesize
4.6MB

Download
memory/2784-83-0x000000013FC80000-0x00000001405F0000-memory.dmp

Filesize
9.4MB

Download
memory/2784-38-0x00000000035B0000-0x0000000003600000-memory.dmp

Filesize
320KB

Download
memory/2784-30-0x0000000001D40000-0x0000000001D50000-memory.dmp

Filesize
64KB

Download
memory/2784-26-0x0000000000740000-0x0000000000760000-memory.dmp

Filesize
128KB

Download
memory/2784-22-0x0000000003500000-0x00000000035B0000-memory.dmp

Filesize
704KB

Download
memory/2784-18-0x0000000000720000-0x0000000000740000-memory.dmp

Filesize
128KB

Download
memory/2784-14-0x0000000000460000-0x0000000000470000-memory.dmp

Filesize
64KB

Download
memory/2784-10-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2784-5-0x0000000005CB0000-0x0000000008850000-memory.dmp

Filesize
43.6MB

Download
memory/2784-4-0x000000013FC80000-0x00000001405F0000-memory.dmp

Filesize
9.4MB

Download