Overview

overview

10

Static

static

10

celex.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    01-06-2024 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    celex.exe

  • Size

    57KB

  • MD5

    69a50f0c4f89045e1eb9e40f9572eed3

  • SHA1

    6f85531565de2110fffd32c41e2a4dfb302fb2cb

  • SHA256

    627ad8116d070bd8a7f9ccd5b392404d330eb07dcc44a137a550b5addb43f3b1

  • SHA512

    877a3f8a885c743de34b840d9c7e72a083db5d3a9f013898a1e889944d3fa2489ab98814d5582c6202d1a631ef3e6152fdf3ff15c94046366ffc3a9c928e70e3

  • SSDEEP

    768:a/pdgOpRTs+ZeWuZwLpsTjSKZKfgm3EhG8Z2FzQa9T:GpRTNZxLpsTeF7Ew8sz/

Score
10/10
mercurialgrabberevasionspywarestealer

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discordapp.com/api/webhooks/1227755328331055104/yv0O4qpiLKYiPVsNq52ssWn10u8_DYKLpIwqabGIAH6LWtMNT1NnTVGkUAqT7knivE64

Signatures

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber
  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Looks for VMWare Tools registry key 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Checks SCSI registry key(s) 3 TTPs 1 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 7 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 34 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\celex.exe
    "C:\Users\Admin\AppData\Local\Temp\celex.exe"
    1⤵
    • Looks for VirtualBox Guest Additions in registry
    • Looks for VMWare Tools registry key
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:3280
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1780
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4924
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff837f53cb8,0x7ff837f53cc8,0x7ff837f53cd8
      2⤵
        PID:4040
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,17323471886646254143,15987906397933138833,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
        2⤵
          PID:888
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,17323471886646254143,15987906397933138833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:980
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,17323471886646254143,15987906397933138833,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
          2⤵
            PID:1428
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17323471886646254143,15987906397933138833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
            2⤵
              PID:4636
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17323471886646254143,15987906397933138833,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
              2⤵
                PID:1104
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17323471886646254143,15987906397933138833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
                2⤵
                  PID:2088
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17323471886646254143,15987906397933138833,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
                  2⤵
                    PID:5056
                  • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,17323471886646254143,15987906397933138833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1176
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,17323471886646254143,15987906397933138833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1952
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17323471886646254143,15987906397933138833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
                    2⤵
                      PID:4812
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17323471886646254143,15987906397933138833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
                      2⤵
                        PID:4992
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,17323471886646254143,15987906397933138833,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4680 /prefetch:8
                        2⤵
                          PID:4732
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,17323471886646254143,15987906397933138833,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3416 /prefetch:8
                          2⤵
                          • Modifies registry class
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4432
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17323471886646254143,15987906397933138833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
                          2⤵
                            PID:2984
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17323471886646254143,15987906397933138833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
                            2⤵
                              PID:4180
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17323471886646254143,15987906397933138833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
                              2⤵
                                PID:3088
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17323471886646254143,15987906397933138833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
                                2⤵
                                  PID:4012
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17323471886646254143,15987906397933138833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
                                  2⤵
                                    PID:132
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2968
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:3672

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      8294f1821fd3419c0a42b389d19ecfc6

                                      SHA1

                                      cd4982751377c2904a1d3c58e801fa013ea27533

                                      SHA256

                                      92a96c9309023c8b9e1396ff41f7d9d3ff8a3687972e76b9ebd70b04e3bf223a

                                      SHA512

                                      372d369f7ad1b0e07200d3aa6b2cfce5beafa7a97f63932d4c9b3b01a0e8b7eb39881867f87ded55a9973abea973b2d2c9b6fc4892f81cec644702b9edb1566d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      390187670cb1e0eb022f4f7735263e82

                                      SHA1

                                      ea1401ccf6bf54e688a0dc9e6946eae7353b26f1

                                      SHA256

                                      3e6c56356d6509a3fd4b2403555be55e251f4a962379b29735c1203e57230947

                                      SHA512

                                      602f64d74096d4fb7a23b23374603246d42b17cc854835e3b2f4d464997b73f289a3b40eb690e3ee707829d4ff886865e982f72155d96be6bc00166f44878062

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      2KB

                                      MD5

                                      2e5392fceb2dccb52eef99aca9efcd3c

                                      SHA1

                                      69a041b156d1e53f8c1da96ec8f03aa460acfd58

                                      SHA256

                                      82e7ef45b138c226dec81efa4e2d4bd9a67469106a6fe1fb832299cabb50f32c

                                      SHA512

                                      76eb676b8c24171cd8c99cd2cce0807573b332d7eb21313456957db38dd61d8dc101e030f7fc328dc0fdf9832db674e9e119abac1412390b892e0842f43c7387

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      553B

                                      MD5

                                      785d717214c4273033615f29ca902f06

                                      SHA1

                                      bedca3197bd9c5c545239302f6a3fd02d5e21d19

                                      SHA256

                                      4902d5bec9f8a4459bbf4991688cd13d813de5f914e1f8e07a9fc6577f08d77c

                                      SHA512

                                      a28ddac2fac76fa5681162b870c8127bd78c2a5bfe80b5aab1ab54243c6eabad5e5791c88f16062fc6c3a4cc61f91e29baed493d1250278c56ad3a4480c68772

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      d5571dc8076fad3310d635c8473d5891

                                      SHA1

                                      22a7d56682c0cddd210dedf1d9f9d54e598a07fc

                                      SHA256

                                      99af4de8d2003d22690d2002833ab0ff19fd3bad70cad9fe96323f1cfea88c86

                                      SHA512

                                      c0876f006b321a3fa92b9a696dd3d748cdb195b78d80de22c8e44106aff9ac53f7ebedbfc22caa9a34170b1f29adc0499b28705c49c7cd249a093f56fdb77620

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      55897793dfd3be9d0962027d619fb9c7

                                      SHA1

                                      6e2342731a3b34ce842d54c640b03c4f84685671

                                      SHA256

                                      ee351559e4c17713ef35539235b60369c0fbcaf5ce455bc36c944fde4e7f0278

                                      SHA512

                                      864882def6e9db3303e1af91dc48728a6d67b8748170940b5483637345f43a484faeb1d8000f9f4a86c84edaaf185d85eafc1168f2357b7e4cca8d03f1983587

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      3654b2f59c6d9229b55be1073e8fc7da

                                      SHA1

                                      9357283a07548f90aeeb17f98f9156fb86b7d3ed

                                      SHA256

                                      53823a90fc3e2a05dcc37adca03311116796db5a175ab9e9b40a4a2c22abb200

                                      SHA512

                                      79123c6e7b9935932ea6bed530c86a49dadc51d7940e4cf7ed2e1c8c93c5dcae597d4ad9e3de6e81bcf2da21ae28ccbcac8bf9ae721d7a9ffbbd005e0d75ec2f

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      996ba033985e349a06e7b79354bf231d

                                      SHA1

                                      ac1d4e2b11c0f10d2ce65cccf3fef74dc6226b3f

                                      SHA256

                                      0f00bc31f1de3533660fdba7b6ed9152c4628be9f9b58c7cee979483d6fe875f

                                      SHA512

                                      a1a4de0efe544a4f27979386aa6b40aa46e002da6278e10e61c828b0488742b85462a7541174642341dd5cd1f0fac2d8f482847bf12745d04ccc68ecbdf86276

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      206702161f94c5cd39fadd03f4014d98

                                      SHA1

                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                      SHA256

                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                      SHA512

                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      e60ea90fa0b018556e71a0754c5799f0

                                      SHA1

                                      4f25b0fe009de1aa834b0374eb9de8aef7877753

                                      SHA256

                                      bbb435b06c9119a447215e7cca6df5b8fd99fc62d681d5ead4c5ddddb586b148

                                      SHA512

                                      b8fc0c695cb3ed1f62e54b70fce47c360870cce4f13b5fcc421030eb750a3e50a27d02bc2e83182b12e7cd3d35d03528b71ee4d131ac2117e434a724db0432ae

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      12KB

                                      MD5

                                      590d0a65bd5bfdb572cc9e961d531ae3

                                      SHA1

                                      944cc797668831dbc9a29c31d8faa7630f1fba3b

                                      SHA256

                                      88942b51fdf7f82cbd8987a1d0b6b8c1948d2f6926c1735432e2e2ee05bbb04d

                                      SHA512

                                      91672ef92b317d8fbf203db35b026f21552848f255517529cd34097888e95dc89374ece6ec5aed98163adee2bb1c50901817cee784ea0721dc1ff785a37e360d

                                      Download Submit

                                    • memory/3280-0-0x00007FF8262D3000-0x00007FF8262D5000-memory.dmp

                                      Filesize

                                      8KB

                                      Download

                                    • memory/3280-6-0x00007FF8262D0000-0x00007FF826D92000-memory.dmp

                                      Filesize

                                      10.8MB

                                      Download

                                    • memory/3280-2-0x00007FF8262D0000-0x00007FF826D92000-memory.dmp

                                      Filesize

                                      10.8MB

                                      Download

                                    • memory/3280-1-0x0000000000C70000-0x0000000000C84000-memory.dmp

                                      Filesize

                                      80KB

                                      Download