3759744039346620e9613f40f90e8f318e5f54ad49c070e2bd23b667f7e65bf6

Analysis

max time kernel
88s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13-04-2023 18:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mercurial.exe
Size

3.2MB
MD5

a9477b3e21018b96fc5d2264d4016e65
SHA1

493fa8da8bf89ea773aeb282215f78219a5401b7
SHA256

890fd59af3370e2ce12e0d11916d1ad4ee9b9c267c434347dbed11e9572e8645
SHA512

66529a656865400fe37d40ae125a1d057f8be5aa17da80d367ebbe1a9dcea38f5174870d0dc5b56771f6ca5a13e2fad22d803f5357f3ef59a46e3bdf0cc5ee9c
SSDEEP

98304:5kjozJ9/im8XVBKl6t1buVfRhq+5tXzgCa/T:lzJpjS346t1bIfuq07

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

5116 2684 WerFault.exe

pid	pid_target	process	target process
5116	2684	WerFault.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

Mercurial.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\TypedURLs	Mercurial.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings firefox.exe
Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

Mercurial.exe

pid process

3212 Mercurial.exe
3212 Mercurial.exe
3212 Mercurial.exe
3212 Mercurial.exe
3212 Mercurial.exe
3212 Mercurial.exe
3212 Mercurial.exe
3212 Mercurial.exe
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

Mercurial.exefirefox.exe

description pid process

Token: SeDebugPrivilege 3212 Mercurial.exe
Token: SeDebugPrivilege 5028 firefox.exe
Token: SeDebugPrivilege 5028 firefox.exe
Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

Mercurial.exefirefox.exe

pid process

3212 Mercurial.exe
5028 firefox.exe
5028 firefox.exe
5028 firefox.exe
5028 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

5028 firefox.exe
5028 firefox.exe
5028 firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	firefox.exe

pid	process
3212	Mercurial.exe
3212	Mercurial.exe
3212	Mercurial.exe
3212	Mercurial.exe
3212	Mercurial.exe
3212	Mercurial.exe
3212	Mercurial.exe
3212	Mercurial.exe

description	pid	process
Token: SeDebugPrivilege	3212	Mercurial.exe
Token: SeDebugPrivilege	5028	firefox.exe
Token: SeDebugPrivilege	5028	firefox.exe

pid	process
3212	Mercurial.exe
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

firefox.exe

pid	process
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 4136 wrote to memory of 5028	4136	firefox.exe	firefox.exe
PID 4136 wrote to memory of 5028	4136	firefox.exe	firefox.exe
PID 4136 wrote to memory of 5028	4136	firefox.exe	firefox.exe
PID 4136 wrote to memory of 5028	4136	firefox.exe	firefox.exe
PID 4136 wrote to memory of 5028	4136	firefox.exe	firefox.exe
PID 4136 wrote to memory of 5028	4136	firefox.exe	firefox.exe
PID 4136 wrote to memory of 5028	4136	firefox.exe	firefox.exe
PID 4136 wrote to memory of 5028	4136	firefox.exe	firefox.exe
PID 4136 wrote to memory of 5028	4136	firefox.exe	firefox.exe
PID 4136 wrote to memory of 5028	4136	firefox.exe	firefox.exe
PID 4136 wrote to memory of 5028	4136	firefox.exe	firefox.exe
PID 5028 wrote to memory of 2988	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 2988	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 4868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 1868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 1868	5028	firefox.exe	firefox.exe
PID 5028 wrote to memory of 1868	5028	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Mercurial.exe
"C:\Users\Admin\AppData\Local\Temp\Mercurial.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3212

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4136

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5028

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.0.672882942\549766923" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d16e945a-1dac-431b-a0d4-d8321b30bac8} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 1900 25864fa7058 gpu
3⤵
PID:2988

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.1.225527899\72324864" -parentBuildID 20221007134813 -prefsHandle 2288 -prefMapHandle 2284 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1620bc35-4580-4b0a-b8c5-5a6bc002e588} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 2300 25857072258 socket
3⤵
- Checks processor information in registry
PID:4868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.2.188915880\1025932773" -childID 1 -isForBrowser -prefsHandle 3212 -prefMapHandle 3164 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f48a8b8-433b-4d31-a473-32ae6e3e08d2} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 3204 25867c2bb58 tab
3⤵
PID:1868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.3.1365648903\1385011691" -childID 2 -isForBrowser -prefsHandle 2444 -prefMapHandle 1460 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {847808b5-ba70-453b-95a7-285f41a8d22c} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 1180 25857070158 tab
3⤵
PID:4912

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.4.175774374\1900555895" -childID 3 -isForBrowser -prefsHandle 4028 -prefMapHandle 4024 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86b996f5-4d16-45bc-96b3-dffce7e6534f} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 4040 25857062b58 tab
3⤵
PID:3396

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.6.2070782623\245701822" -childID 5 -isForBrowser -prefsHandle 4844 -prefMapHandle 4840 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c15fc72-0799-4b91-a7a9-625c6533e45c} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 4168 25869fa0d58 tab
3⤵
PID:1712

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.5.512329155\2122806798" -childID 4 -isForBrowser -prefsHandle 4720 -prefMapHandle 4676 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74e8aa09-028a-42f3-95b8-dee1eb893388} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 4732 25869efa658 tab
3⤵
PID:1472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.7.1900214323\745376227" -childID 6 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e90e9a27-4095-4814-a906-cb8b418aaf8a} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 5084 2586a523158 tab
3⤵
PID:4168

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.8.752808240\1228733604" -childID 7 -isForBrowser -prefsHandle 3556 -prefMapHandle 1500 -prefsLen 26913 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91a9ba67-d9b3-468c-b127-6a3599d4a3dd} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 3652 2585705be58 tab
3⤵
PID:636

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 444 -p 2684 -ip 2684
1⤵
PID:4472

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2684 -s 784
1⤵
- Program crash
PID:5116

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp
Filesize
135KB

MD5
c81d0a2c74f7cf6ee945409dd3ad16e5

SHA1
8a7120d1faa01e0f18906b7d5f7ff086d9e63ecc

SHA256
7934304d5c03459d396435b161b51c0288d686bdd07cdaf7f0c7b6b42e5b2b1c

SHA512
73f5d9690d1444c2f8653feac154827a0eed21c25f0ed3ccc2a4a86c799cec9a1b9abbd24e9bc39d01046ea679a9862448755fa36fda44cfce9e23db49c5c8c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
Filesize
6KB

MD5
c54a3bb7033c44827afff74f5e9eb8c2

SHA1
19b878c0b7b72505fe0fa414162be62d913b953e

SHA256
08ab8a5155d5c160b2b736224538f9c4325ef8f14a2ea792b88c794026532d0b

SHA512
a00e95ecfdbd6f5286d50f7bbf93faa366dd9acf68fc8fab4966f126c073307d582bf9c6828955b940be060d7bc9588dd4d82cd24571312fd6b2164ce7848ce6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
Filesize
7KB

MD5
9c99f34cd0346da44d80c3a32eb023f8

SHA1
b3562e3db876a4a9a1bc5bff0b6daa65c97938a0

SHA256
577622b0819cf7935a3c4ced5f1612f5ef79e9b668b91b266f3a962102b7a335

SHA512
f5230225f328be9dfd8c3142ebbad489e8ba3b8fd21042fe19b2610727a95db307d89ee8db7aad2214de0800fedc689839ce44d72949046d735ffd9d66b9528e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
Filesize
6KB

MD5
4fb78ef0d0e2ee5355392c36cf074920

SHA1
a96815a8dafa6b09734a00269df38c5584d2d379

SHA256
c7416541c41e6c55b79b6152ff6e12547285a6d679423dfd22d24d24ae3fdcd9

SHA512
aea4c78075d147f1cf58922fd5f1ce3970f972b5510efc2107caf1f6545cd7cb82bc647af164c1864e5c35e421f7599328763c49380e8c6734b33f11bedbf4e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js
Filesize
6KB

MD5
feb8a52858c8167a58f36caa1b37f116

SHA1
7ae7f9d2721ae3c579f9e18e4fea679e8c848158

SHA256
adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

SHA512
109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionCheckpoints.json.tmp
Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
ee6a2c16a74e56daddfbb62f314be27f

SHA1
07f37b0f235f8a4093da10242fd0601c6460de84

SHA256
4404547ba021cf53c0ca85a4f68d7a4673e8be00c776088a85ac7b9d1b448a6a

SHA512
97ab12f3d29289ccefe1b2f135fa5e2c5fd332ceb7b4fbb64e9f70b27b2e444ca3ff6215d65cac6083b02f701c6e76d92b1df3cd97c03105cb9e8cb24e700d03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
5238fba809b8f6d80837a944a050c4ba

SHA1
5a533e13751944511b0221b8cc8730c445a05164

SHA256
b71095865964de3cb132871bd03121fbf6a1d59a5d7fc9e8b4cc504facb087b0

SHA512
2eac80b815fbe2c0a1fcabee98bbab201255958bbc77bfae99854d033bd1e1a59fdc7de68b62495388a515895d2f8c9622a902631d42f9977641a30d536a1f56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore.jsonlz4
Filesize
5KB

MD5
3c7f7da096dc93ecf8346004fac93296

SHA1
5fa046fe3cebf1b6feb7c733520dd73204eaa691

SHA256
2023f199ddd82129c372025ba57def058005386cdbe7905db2a45bd3fafcaa08

SHA512
db7388c3320253b8da2faf7e05ca7b90b37c346ee61fdbe40652158b7078d0465aadfc1a0019904c7c6ee1ff10ecd7f27a56fda5d3cc3102d2d33a5821ddc820

Download Submit
memory/3212-140-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/3212-151-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/3212-144-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/3212-145-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/3212-146-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/3212-147-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/3212-148-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/3212-149-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/3212-150-0x000000000C400000-0x000000000C500000-memory.dmp

Filesize
1024KB

Download
memory/3212-143-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/3212-152-0x000000000C400000-0x000000000C500000-memory.dmp

Filesize
1024KB

Download
memory/3212-142-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/3212-141-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/3212-133-0x00000000002E0000-0x000000000061A000-memory.dmp

Filesize
3.2MB

Download
memory/3212-138-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/3212-139-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/3212-137-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/3212-136-0x0000000004FF0000-0x0000000004FFA000-memory.dmp

Filesize
40KB

Download
memory/3212-135-0x0000000005070000-0x0000000005102000-memory.dmp

Filesize
584KB

Download
memory/3212-134-0x0000000005580000-0x0000000005B24000-memory.dmp

Filesize
5.6MB

Download