Analysis

  • max time kernel
    92s
  • max time network
    91s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-07-2023 14:16

General

  • Target

    https://mega.nz/folder/c6UkjJAB#-L4-dyssm7RwtjDDdKQSJg

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1130140376913678346/ja6erGbpE5ym8iaSV4jCUkb0UliCmOMOJ7FyBaQwxBVGN7xfKE_c0hqJiOoTumdedceA

Signatures

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
  • Looks for VMWare Tools registry key 2 TTPs 1 IoCs
  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Checks SCSI registry key(s) 3 TTPs 1 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 7 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/folder/c6UkjJAB#-L4-dyssm7RwtjDDdKQSJg
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca5779758,0x7ffca5779768,0x7ffca5779778
      2⤵
        PID:2552
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1900,i,18028004056446314646,2433848555588763257,131072 /prefetch:2
        2⤵
          PID:1780
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1900,i,18028004056446314646,2433848555588763257,131072 /prefetch:8
          2⤵
            PID:4168
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1900,i,18028004056446314646,2433848555588763257,131072 /prefetch:8
            2⤵
              PID:4740
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1900,i,18028004056446314646,2433848555588763257,131072 /prefetch:1
              2⤵
                PID:2968
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1900,i,18028004056446314646,2433848555588763257,131072 /prefetch:1
                2⤵
                  PID:884
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1900,i,18028004056446314646,2433848555588763257,131072 /prefetch:8
                  2⤵
                    PID:4000
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1900,i,18028004056446314646,2433848555588763257,131072 /prefetch:8
                    2⤵
                      PID:3704
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4900 --field-trial-handle=1900,i,18028004056446314646,2433848555588763257,131072 /prefetch:8
                      2⤵
                        PID:4660
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 --field-trial-handle=1900,i,18028004056446314646,2433848555588763257,131072 /prefetch:8
                        2⤵
                          PID:2712
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1900,i,18028004056446314646,2433848555588763257,131072 /prefetch:8
                          2⤵
                            PID:2100
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 --field-trial-handle=1900,i,18028004056446314646,2433848555588763257,131072 /prefetch:8
                            2⤵
                              PID:4568
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 --field-trial-handle=1900,i,18028004056446314646,2433848555588763257,131072 /prefetch:8
                              2⤵
                                PID:3292
                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                              1⤵
                                PID:4140
                              • C:\Windows\system32\AUDIODG.EXE
                                C:\Windows\system32\AUDIODG.EXE 0x300 0x4e4
                                1⤵
                                  PID:4136
                                • C:\Windows\System32\rundll32.exe
                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                  1⤵
                                    PID:4376
                                  • C:\Users\Admin\Downloads\FPS BOOSTER\FPS BOOSTER\Fps Booster v1.exe
                                    "C:\Users\Admin\Downloads\FPS BOOSTER\FPS BOOSTER\Fps Booster v1.exe"
                                    1⤵
                                    • Looks for VirtualBox Guest Additions in registry
                                    • Looks for VMWare Tools registry key
                                    • Checks BIOS information in registry
                                    • Adds Run key to start application
                                    • Maps connected drives based on registry
                                    • Checks SCSI registry key(s)
                                    • Checks processor information in registry
                                    • Enumerates system info in registry
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of FindShellTrayWindow
                                    PID:4204

                                  Network

                                  MITRE ATT&CK Enterprise v6

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

                                    Filesize

                                    21KB

                                    MD5

                                    b1dfa46eee24480e9211c9ef246bbb93

                                    SHA1

                                    80437c519fac962873a5768f958c1c350766da15

                                    SHA256

                                    fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398

                                    SHA512

                                    44aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

                                    Filesize

                                    36KB

                                    MD5

                                    f90ac636cd679507433ab8e543c25de5

                                    SHA1

                                    3a8fe361c68f13c01b09453b8b359722df659b84

                                    SHA256

                                    5b4c63b2790a8f63c12368f11215a4ffec30c142371a819a81180a32baeb2bce

                                    SHA512

                                    7641a3610ad6516c9ecd0d5f4e5fa1893c7c60ca3ba8ae2e1b3b0cc3a72f7f9bef4c776a1f2fc52f366bd28a419ae3594a6576e886e79a20ebd98b55b2acc967

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    72B

                                    MD5

                                    4522cf9ec7b6c8dfca0655e2d5daecd5

                                    SHA1

                                    af393d8f39b002471d289ff75b3c281303c227c9

                                    SHA256

                                    853ed7e2c51f7271c4b358f1982e0f48b7e8d74dea1024010e5bf60699993578

                                    SHA512

                                    03d0f5c0fda44c04af132d932d2e988db4f11761a7e2092a346ba30ab74e38406bbdd0e124378cb46edd191e620edcfd2418a27c66c584850289d313b81901d8

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

                                    Filesize

                                    16B

                                    MD5

                                    46295cac801e5d4857d09837238a6394

                                    SHA1

                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                    SHA256

                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                    SHA512

                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    2KB

                                    MD5

                                    2bbde52c4d4f7fff10fc4f48de9fd02a

                                    SHA1

                                    443d2b772d4f75dd18b833918f340c4566621e01

                                    SHA256

                                    0e1c22a220e93cf9242cb310f708f5db2ddd0549af02c8b5071f6c8f0a6b88d5

                                    SHA512

                                    8e6614dd3cb9492c36230b17cde4eda9f51f620bdcb1e5718a2042bffec885434bae6260f1b13d021a54c8d57b14ae118ed77dee91cea3224dd47d980b44cfad

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    371B

                                    MD5

                                    08e203660e9ebdb3f9ac13a0563e9c56

                                    SHA1

                                    1c9d8ace5a09c6d916e10a249ed992e5a294c102

                                    SHA256

                                    8f132d78d40631c4b8bffe254dceb826a9dfdbd7dc50482b0c4f3cf2cd55163b

                                    SHA512

                                    2d18f74ab02c188dde31147eab6ec529dbc709d52a6efd472786f421ace6276be72c37678402cdddc918c866b3ccc2e0ee67c3564ecec53c432afe5581b0ec29

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    3c9aeced4b49cfd2ad3215452192fb07

                                    SHA1

                                    a85edbdfbb43a11d42e3336a8b5cc8f0ed37f9a1

                                    SHA256

                                    7552b9a5366e1b4c151a7c79a3db301712b208716e3ae06505dee389376425fe

                                    SHA512

                                    7aff5bc53b81ee7df32381a20d19596ab74169ba784937677c5a199e36c577f50767ac01bf275ccc42bda34e33484a0b5bcda4966e2fba035379ed23b77754fd

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    e1ddf5bbc9015461b0de2bbf56866ea0

                                    SHA1

                                    d3ca2cdb086c5e5b2148e596bb0e40ed36bc4013

                                    SHA256

                                    5caf6bf30a5f703b9b7624950f53ced5149a2dd33851f7575ecb01b1475ef6aa

                                    SHA512

                                    2eb59b2cde67ba941c962a703847a110a409ec8da620f7b2f1f96d9768083d1c899dea1683b99d394818e88f22ce45a4143b416db1bb5348db43c0fff68ba7c6

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

                                    Filesize

                                    41B

                                    MD5

                                    5af87dfd673ba2115e2fcf5cfdb727ab

                                    SHA1

                                    d5b5bbf396dc291274584ef71f444f420b6056f1

                                    SHA256

                                    f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                    SHA512

                                    de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                    Filesize

                                    72B

                                    MD5

                                    d55b2df7c196f13544734add4a735b6b

                                    SHA1

                                    d453acf1ff9e5f2bbba864079f3d1bdd64227017

                                    SHA256

                                    a24be5dd19ab98929561b89eea706a7c6103d1877aa185d5228b131b523aea58

                                    SHA512

                                    e4569148b4946c85fbe519f58184716671073d336b155c8db7e9d57bb1fd71bfbf04ac2070e8a6958ebd3de850810f500829b2992e051c0f6767f0522778f901

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587664.TMP

                                    Filesize

                                    48B

                                    MD5

                                    947838fc7e46e0e524194db557497596

                                    SHA1

                                    dedeca665e17acc6023a1b0ff7d8eeef59e46480

                                    SHA256

                                    237ee6daaa291a21cf5eb6f6dc837e7482a4023593b2469cc202f3d7ef2f4289

                                    SHA512

                                    6b19dc55b287c87168eeacd7085ac914d18822d31d672cc79a37dd3fae804ca31eecb774cdcca1d4a70277097d62d578e0feb6b478b32ff9495e66c9298be161

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    89KB

                                    MD5

                                    251cc6cac3a19f2d31b0408fd4b8be6b

                                    SHA1

                                    a2b0da4a2c4dcef72e6f1cd1a1c5b8b2d11a6c42

                                    SHA256

                                    f9c3020a00f91150e1ac61931742afbaa665f3fe12496f973bae2da01473520d

                                    SHA512

                                    318693e01e122f83d506bfbd87e47d2c018c70188f8a8dfa46069e8d3458ade4b09a99416d4523ad23c38d0542a8479f87dcdd75029fa27948c6ac3d13fa2992

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    89KB

                                    MD5

                                    8a1fc157cbe747db64e0bb6cb13a9c30

                                    SHA1

                                    0b9afdcaa8690351a459fe27391eb64479d20440

                                    SHA256

                                    a920ff804f5cc914465e497f355e1dae9d1a07216a5e22080e336d6f54b8d5b1

                                    SHA512

                                    9d86be108950d4eb862a4a4f8c461209a300fbfa88cb7850083e22af2ae050ea9212179d89a335c08b6c1be0fbb57ffe25bfe25875293fb16f38053e50d5463e

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    89KB

                                    MD5

                                    e2e26696f35909d4b8f55cb9343ac8d8

                                    SHA1

                                    711cdcbd4ec2e0f764d8922c98040b6f8d00adc5

                                    SHA256

                                    36e27b4ca90fb452458f49e4510c536600ded2ccf4885f689a459a7cd57488b4

                                    SHA512

                                    35a507ee397c4276da7edd81715ee6be3ee4f76d4a680052ca706203093513c9eed2136063a9f9b4fe1b35341112907159c1e1f82c81f638fc35a3acf22752f0

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    108KB

                                    MD5

                                    773c4a49e23e098e4710fb6f261b62ee

                                    SHA1

                                    af09f8086ed559918daf1fbfeafa5af0318474ff

                                    SHA256

                                    94a940885350637774f91bc879dc1f29a71a882dd148281eba0dfb4032b063e1

                                    SHA512

                                    4ddef702f2a3a9b66a28c867c2b74c21b562c2c8479d3f32ae031852d3646ba396dd243d3f5176243cef909870058a39c354e3addee7e9d99b05ceab79b067c6

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                    Filesize

                                    110KB

                                    MD5

                                    3038ef6ef4d504e1f8bff609c730f4be

                                    SHA1

                                    c2ca7dba820b6112ce1a1052a6328b7124a385b1

                                    SHA256

                                    692a3bb74ee2dd75a6154a36ec4ad28b6eec02d160eea3be7ad804a0e149b1ac

                                    SHA512

                                    716c4ce4ca93148e0d3d532255d125d56dd352cdee889c646e509909673f8db85dd2588a836614e1ea5daa85edf6b87c04b0a4ab8be79f932ff56de7d5882a41

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58a5a1.TMP

                                    Filesize

                                    100KB

                                    MD5

                                    6ea8c8e1c302e59da12a97692acd8a76

                                    SHA1

                                    c7493719343fb2ec77b362e534c653a1d72ada41

                                    SHA256

                                    94f00916329a42d766585a392c4d81b8bee05a46fdae93d46b37098cb7cde2a5

                                    SHA512

                                    12103b12c4b59ec9240713728c21da572bfb506cce8b2aba8a92423436bfd5aa2aa22dea7e05aa83eb56c6154a7cd40d8365c754070414673c39e12d1986557c

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                    Filesize

                                    2B

                                    MD5

                                    99914b932bd37a50b983c5e7c90ae93b

                                    SHA1

                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                    SHA256

                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                    SHA512

                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                  • C:\Users\Admin\Downloads\FPS BOOSTER.zip

                                    Filesize

                                    46KB

                                    MD5

                                    5bc3a80b641e15b7bd8f726074ba05e3

                                    SHA1

                                    8f9b5f4b8e4cbcb4984b5c87bb0ba75069ba3840

                                    SHA256

                                    c03456165a984c7ae592439aaaa76af06f7e8bc428f2ff79d75eb377d37fb9f0

                                    SHA512

                                    5a0a90ae5a83b331783d7a4c0773bdb06d1f08e712377b1362b2e081bb6a76b43f673fe77c7cb4d820a6b928161c37cb975151ac2408c73d779f6c49c20a5c49

                                  • \??\pipe\crashpad_2544_AXOZMGQLZDWVYSUY

                                    MD5

                                    d41d8cd98f00b204e9800998ecf8427e

                                    SHA1

                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                    SHA256

                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                    SHA512

                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                  • memory/4204-417-0x0000000000B00000-0x0000000000B10000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/4204-418-0x00007FFC91CB0000-0x00007FFC92771000-memory.dmp

                                    Filesize

                                    10.8MB

                                  • memory/4204-423-0x00007FFC91CB0000-0x00007FFC92771000-memory.dmp

                                    Filesize

                                    10.8MB

                                  • memory/4204-434-0x00007FFC91CB0000-0x00007FFC92771000-memory.dmp

                                    Filesize

                                    10.8MB