Analysis

  • max time kernel
    99s
  • max time network
    105s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250410-en
  • resource tags

    arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19/04/2025, 02:48

General

  • Target

    2025-04-19_74745a68d5842de1a425f2d4b4c633df_black-basta_elex.exe

  • Size

    20.4MB

  • MD5

    74745a68d5842de1a425f2d4b4c633df

  • SHA1

    18d75f80637cd7e1e68d4195b58e0f9232454cb4

  • SHA256

    aa4e772b706e39b6675bda9d19f7fdf6218c96c3a52552eb7db79987552b756b

  • SHA512

    cb20221b72366b389f2acd363447560b99637c02eb3ed2368a57a68518519389df621a9418a690d4049143fc8010fa3508c753b9e49394acf31b879411165279

  • SSDEEP

    393216:gfZaKBsRvKt+2JtWNhqKVp1+TtIiF5/QwCPs2Qp7MePjGY6A4YP:IaKc2JtEhqKVp1QtIO/QwWQxPjnP

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1361784872892498110/gIFvYe7mgYi8DSdyPsEA70WvUC10wl2gkxeTQaDNo1SttNSIjE58-QGfTyW-ftP530HP

Signatures

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

  • Mercurialgrabber family
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 26 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Detects Pyinstaller 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-04-19_74745a68d5842de1a425f2d4b4c633df_black-basta_elex.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-04-19_74745a68d5842de1a425f2d4b4c633df_black-basta_elex.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4028
    • C:\Users\Admin\AppData\Local\Temp\FB_9CAD.tmp.exe
      "C:\Users\Admin\AppData\Local\Temp\FB_9CAD.tmp.exe"
      2⤵
      • Executes dropped EXE
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:5840
    • C:\Users\Admin\AppData\Local\Temp\FB_9E25.tmp.exe
      "C:\Users\Admin\AppData\Local\Temp\FB_9E25.tmp.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Users\Admin\AppData\Local\Temp\FB_9E25.tmp.exe
        "C:\Users\Admin\AppData\Local\Temp\FB_9E25.tmp.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2000
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c "ver"
          4⤵
            PID:5072
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c cls
            4⤵
              PID:4816

      Network

      MITRE ATT&CK Enterprise v16

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\FB_9CAD.tmp.exe

        Filesize

        42KB

        MD5

        7a30cb97048660dce94b1556d82b2df1

        SHA1

        5eeb39457c93c7332b7fd238e301d26b601fc3bd

        SHA256

        c492cc3907eb62582e30b0b45dee68b6efdc52f0dc0df4b9fc55da18901fa7f9

        SHA512

        6ea1d4b6fe819dcb1ba5d676a67cddb5b7498772ba7027355f5ec837a301fb1737535a6e4e08ce4f70cdf6ff3ef9a80fbd07ea5705bc5211054f79ca1df2b7c4

      • C:\Users\Admin\AppData\Local\Temp\FB_9E25.tmp.exe

        Filesize

        20.3MB

        MD5

        cea77c76938d443b37b3372d36af6cd1

        SHA1

        20d7fd6c87087f1459471d564b8bf398ce210359

        SHA256

        3cd434f1d12a2d5da1efb1b15a5ff896aced3e1ca9d94605933696585d25b1af

        SHA512

        4a6d9f2a20588da2e1bd2d446e624f3c82dd73e33cbbe54820fcdc457a77b35d3753b95bc1d1909024bfb69b9623e6ffe61ab76b2c45922b73c805ec3cda78cb

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\VCRUNTIME140.dll

        Filesize

        116KB

        MD5

        be8dbe2dc77ebe7f88f910c61aec691a

        SHA1

        a19f08bb2b1c1de5bb61daf9f2304531321e0e40

        SHA256

        4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

        SHA512

        0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\VCRUNTIME140_1.dll

        Filesize

        48KB

        MD5

        f8dfa78045620cf8a732e67d1b1eb53d

        SHA1

        ff9a604d8c99405bfdbbf4295825d3fcbc792704

        SHA256

        a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

        SHA512

        ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\_asyncio.pyd

        Filesize

        63KB

        MD5

        41806866d74e5edce05edc0ad47752b9

        SHA1

        c3d603c029fdac45bac37bb2f449fab86b8845dd

        SHA256

        76db93bd64cb4a36edb37694456f89bb588db98cf2733eb436f000b309eec3b2

        SHA512

        2a019efaf3315b8b98be93ac4bea15cec8b9ecc6eab298fa93d3947bad2422b5a126d52cb4998363bdc82641fba9b8f42d589afe52d02914e55a5a6116989fde

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\_bz2.pyd

        Filesize

        82KB

        MD5

        37eace4b806b32f829de08db3803b707

        SHA1

        8a4e2bb2d04685856d1de95b00f3ffc6ea1e76b9

        SHA256

        1be51ef2b5acbe490217aa1ff12618d24b95df6136c6844714b9ca997b4c7f9b

        SHA512

        1591a263de16373ee84594943a0993721b1e1a2f56140d348a646347a8e9760930df4f632adcee9c9870f9c20d7818a3a8c61b956723bf94777e0b7fb7689b2d

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\_cffi_backend.cp311-win_amd64.pyd

        Filesize

        174KB

        MD5

        739d352bd982ed3957d376a9237c9248

        SHA1

        961cf42f0c1bb9d29d2f1985f68250de9d83894d

        SHA256

        9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980

        SHA512

        585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\_ctypes.pyd

        Filesize

        121KB

        MD5

        a25cdcf630c024047a47a53728dc87cd

        SHA1

        8555ae488e0226a272fd7db9f9bdbb7853e61a21

        SHA256

        3d43869a4507ed8ece285ae85782d83bb16328cf636170acb895c227ebb142ac

        SHA512

        f6a4272deddc5c5c033a06e80941a16f688e28179eab3dbc4f7a9085ea4ad6998b89fc9ac501c5bf6fea87e0ba1d9f2eda819ad183b6fa7b6ddf1e91366c12af

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\_decimal.pyd

        Filesize

        247KB

        MD5

        e4e032221aca4033f9d730f19dc3b21a

        SHA1

        584a3b4bc26a323ce268a64aad90c746731f9a48

        SHA256

        23bdd07b84d2dbcb077624d6dcbfc66ab13a9ef5f9eebe31dc0ffece21b9e50c

        SHA512

        4a350ba9e8481b66e7047c9e6c68e6729f8074a29ef803ed8452c04d6d61f8f70300d5788c4c3164b0c8fb63e7c9715236c0952c3166b606e1c7d7fff36b7c4c

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\_hashlib.pyd

        Filesize

        63KB

        MD5

        ba682dfcdd600a4bb43a51a0d696a64c

        SHA1

        df85ad909e9641f8fcaa0f8f5622c88d904e9e20

        SHA256

        2ad55e11bddb5b65cdf6e9e126d82a3b64551f7ad9d4cbf74a1058fd7e5993bd

        SHA512

        79c607e58881d3c3dfb83886fe7aa4cddb5221c50499d33fe21e1efb0ffa1fd0d3f52cbe97b16b04fbe2b067d6eb5997ac66dec9d2a160d3cb6d44ffca0f5636

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\_lzma.pyd

        Filesize

        155KB

        MD5

        3273720ddf2c5b75b072a1fb13476751

        SHA1

        5fe0a4f98e471eb801a57b8c987f0feb1781ca8b

        SHA256

        663f1087c2ed664c5995a3ffa64546d2e33a0fce8a9121b48cc7c056b74a2948

        SHA512

        919dbbfcc2f5913655d77f6c4ae9baa3a300153a5821dc9f23e0aceb89f69cb9fb86d6ce8f367b9301e0f7b6027e6b2f0911a2e73255ab5150a74b862f8af18e

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\_multiprocessing.pyd

        Filesize

        33KB

        MD5

        758128e09779a4baa28e68a8b9ee2476

        SHA1

        4e81c682cf18e2a4b46e50f037799c43c6075f11

        SHA256

        3c5b0823e30810aee47fdfad567491bc33dd640c37e35c8600e75c5a8d05ce2a

        SHA512

        5096f0daacf72012a7ad08b177c366b4fe1ded3a18aebfe438820b79c7cb735350ef831a7fb7d10482eefd4c0b8a41511042bb41f4507bbc0332c52df9288088

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\_overlapped.pyd

        Filesize

        50KB

        MD5

        e2a301b3fd3bdfec3bf6ca006189b2ac

        SHA1

        86b29ee1a42de70135a6786cdce69987f1f61193

        SHA256

        4990f62e11c0a5ab15a9ffce9d054f06d0bc9213aea0c2a414a54fa01a5eb6dc

        SHA512

        4e5493cc4061be923b253164fd785685d5eccf16fd3acb246b9d840f6f7d9ed53555f53725af7956157d89eaa248a3505c30bd88c26e04aabdae62e4774ffa4e

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\_queue.pyd

        Filesize

        31KB

        MD5

        284fbc1b32f0282fc968045b922a4ee2

        SHA1

        7ccea7a48084f2c8463ba30ddae8af771538ae82

        SHA256

        ac3b144d7d7c8ee39f29d8749c5a35c4314b5365198821605c883fd11807e766

        SHA512

        baa75f7553cf595ad78c84cbb0f2a50917c93596ece1ff6221e64272adc6facdd8376e00918c6c3246451211d9dfc66442d31759bd52c26985c7f133cf011065

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\_socket.pyd

        Filesize

        77KB

        MD5

        485d998a2de412206f04fa028fe6ba90

        SHA1

        286e29d4f91a46171ba1e3c8229e6de94b499f1d

        SHA256

        8f9ede5044643413c3b072cd31a565956498ca07cdd17fb6a04483d388fdad76

        SHA512

        68591522e9188f06ff81cd2b3506b40b9ad508d6e34f0111819bf5eff47ed9adf95ebfae5d05b685c4f53b186d15cc45e0d831d96be926f7a5762ee2f1341f1f

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\_ssl.pyd

        Filesize

        172KB

        MD5

        e5b1a076e9828985ea8ea07d22c6abd0

        SHA1

        2a2827938a490cd847ea4e67e945deb4eef8cbb1

        SHA256

        591589dadc659d1ad4856d16cd25dc8e57eaa085bf68eb2929f8f93aba69db1b

        SHA512

        0afd20f581efb08a7943a1984e469f1587c96252e44b3a05ca3dfb6c7b8b9d1b9fd609e03a292de6ec63b6373aeacc822e30d550b2f2d35bf7bf8dd6fc11f54f

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\_uuid.pyd

        Filesize

        24KB

        MD5

        b21b864e357ccd72f35f2814bd1e6012

        SHA1

        2ff0740c26137c6a81b96099c1f5209db33ac56a

        SHA256

        ce9e2a30c20e6b83446d9ba83bb83c5570e1b1da0e87ff467d1b4fc090da6c53

        SHA512

        29667eb0e070063ef28b7f8cc39225136065340ae358ad0136802770b2f48ac4bda5e60f2e2083f588859b7429b9ea3bad1596a380601e3b2b4bb74791df92a3

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\base_library.zip

        Filesize

        1.4MB

        MD5

        842d8d9e0cabf825bf7ba04a0d6f4d0c

        SHA1

        7df7e7dbc17f5ac8057ff3af81e6ad7762c13bd8

        SHA256

        01b8cef75f9df12e1b0efc967704f1f48d524fc52ef393a73f4d62b0d6b59cf1

        SHA512

        a9181483ff26ba518bdaa27be2561dcfa4672b64b6a9b1677102844b9cc0790845d673d8a9f128586258c4d3bfdcb1c1e91ad877848b08c787d848373d9e85a7

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\certifi\cacert.pem

        Filesize

        290KB

        MD5

        234d271ecb91165aaec148ad6326dd39

        SHA1

        d7fccec47f7a5fbc549222a064f3053601400b6f

        SHA256

        c55b21f907f7f86d48add093552fb5651749ff5f860508ccbb423d6c1fbd80c7

        SHA512

        69289a9b1b923d89ba6e914ab601c9aee4d03ff98f4ed8400780d4b88df5f4d92a8ca1a458abcfde00c8455d3676aca9ec03f7d0593c64b7a05ed0895701d7ed

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\charset_normalizer\md.cp311-win_amd64.pyd

        Filesize

        10KB

        MD5

        e3d495cf14d857349554a3606a8e7210

        SHA1

        db0843b89a84fb37efd3c76168bcb303174aac29

        SHA256

        e21f4c40c29be0b115463e7bb8a365946a4afc152b9fff602abd41c6e0ce68a2

        SHA512

        8f69a16042e88bc51d30ad4c78d8240e2619104324e79e5f382975486bfb39b4e0a3c35976d08399300d7823d6a358104658374daf36a513ce0774f3611d4d6e

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

        Filesize

        118KB

        MD5

        bd18f35f8a56415ec604d97bd3dd44c4

        SHA1

        63f51eb5dafeb24327e3bcb63828336c920b4fcd

        SHA256

        f3501ebce24205f3dc54192cd917eab9a899fe936570650253d4c1466383eff1

        SHA512

        3c1c268005f494413cd2f9409b64ed3a2c9af558c0f317447af2c27776406c61dcb28ae6720af156145078ec565a14a3e12d409e57389bb3d4d10f8d7a92a7d1

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\libcrypto-3.dll

        Filesize

        5.0MB

        MD5

        e547cf6d296a88f5b1c352c116df7c0c

        SHA1

        cafa14e0367f7c13ad140fd556f10f320a039783

        SHA256

        05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

        SHA512

        9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\libffi-8.dll

        Filesize

        38KB

        MD5

        0f8e4992ca92baaf54cc0b43aaccce21

        SHA1

        c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

        SHA256

        eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

        SHA512

        6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\libssl-3.dll

        Filesize

        768KB

        MD5

        19a2aba25456181d5fb572d88ac0e73e

        SHA1

        656ca8cdfc9c3a6379536e2027e93408851483db

        SHA256

        2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

        SHA512

        df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\pyexpat.pyd

        Filesize

        193KB

        MD5

        d7ecc2746314fec5ca46b64c964ea93e

        SHA1

        39fc49d4058a65f0aa4fbdc3d3bcc8c7beecaa01

        SHA256

        58b95f03a2d7ec49f5260e3e874d2b9fb76e95ecc80537e27abef0c74d03cb00

        SHA512

        d5a595aaf3c7603804deae4d4cc34130876a4c38ccd9f9f29d8b8b11906fa1a03dd9a1f8f5dbde9dc2c62b89fe52dfe5b4ee409a8d336edf7b5b8141d12e82d2

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\python3.DLL

        Filesize

        65KB

        MD5

        35da4143951c5354262a28dee569b7b2

        SHA1

        b07cb6b28c08c012eecb9fd7d74040163cdf4e0e

        SHA256

        920350a7c24c46339754e38d0db34ab558e891da0b3a389d5230a0d379bee802

        SHA512

        2976667732f9ee797b7049d86fd9beeb05409adb7b89e3f5b1c875c72a4076cf65c762632b7230d7f581c052fce65bb91c1614c9e3a52a738051c3bc3d167a23

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\python311.dll

        Filesize

        5.5MB

        MD5

        d06da79bfd21bb355dc3e20e17d3776c

        SHA1

        610712e77f80d2507ffe85129bfeb1ff72fa38bf

        SHA256

        2835e0f24fb13ef019608b13817f3acf8735fbc5f786d00501c4a151226bdff1

        SHA512

        e4dd839c18c95b847b813ffd0ca81823048d9b427e5dcf05f4fbe0d77b8f7c8a4bd1c67c106402cd1975bc20a8ec1406a38ad4764ab466ef03cb7eb1f431c38a

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\pywin32_system32\pythoncom311.dll

        Filesize

        656KB

        MD5

        6c19942383f17f4e771d18cf8fe54104

        SHA1

        cdb183411114716b4e73dbf6e5abeff916d974cf

        SHA256

        1b1663859d7ee7ca0fcd5328a9d9a57b0d7f03e2a82a026e4749aeed97bac119

        SHA512

        5bd1d44990860110f3c819f605e061a8b45578b1c3213404e72ea995e91e05cec5c94f8d1856962c175feee74426013cdcd9e1df7d564e3113869c7fa715e8af

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\pywin32_system32\pywintypes311.dll

        Filesize

        132KB

        MD5

        3d9895aa25e1f493f38f08f4717a0d67

        SHA1

        459ed374dd8568c4f364d021c2283fb86c16e0e6

        SHA256

        074a73db77cbd9a8a1eed34dbfeddcea2d5772d34f8761b94957ae463c9a16ae

        SHA512

        e0a95f11e1076e25b24421d5b8cbdc8d8fa10d4cb366e1e9416222a739d893e7d60026e0fb55983c954e73881f37b5f27fdbfc58dfaee83f42272266bdcab3af

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\select.pyd

        Filesize

        29KB

        MD5

        e07ae2f7f28305b81adfd256716ae8c6

        SHA1

        9222cd34c14a116e7b9b70a82f72fc523ef2b2f6

        SHA256

        fb06ac13f8b444c3f7ae5d2af15710a4e60a126c3c61a1f1e1683f05f685626c

        SHA512

        acb143194ca465936a48366265ae3e11a2256aeae333c576c8c74f8ed9b60987daff81647aef74e236b30687a28bc7e3aa21c6aedbfa47b1501658a2bfd117b4

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\unicodedata.pyd

        Filesize

        1.1MB

        MD5

        5cc36a5de45a2c16035ade016b4348eb

        SHA1

        35b159110e284b83b7065d2cff0b5ef4ccfa7bf1

        SHA256

        f28ac3e3ad02f9e1d8b22df15fa30b2190b080261a9adc6855248548cd870d20

        SHA512

        9cccbf81e80c32976b7b2e0e3978e8f7350cce542356131b24ebab34b256efd44643d41ee4b2994b9152c2e5af302aa182a1889c99605140f47494a501ef46c1

      • C:\Users\Admin\AppData\Local\Temp\_MEI25362\win32\win32api.pyd

        Filesize

        129KB

        MD5

        a8ee4d01df3cde6a0fed85c278b5ebb8

        SHA1

        dc2ae0fbcc0e92e073e5224466690b95012ac761

        SHA256

        6ba86018ac060effa78e1597310c83408eb5c9f9cacdf86511c442a6f7bc5464

        SHA512

        b12dad7d5dafb80b075e8af5058ada076d5f12664cc3635d3cd7f39a763f5b58cfaceba60b3dfe282311b867526930cf686c0704fab9ace220c0695cff38c389

      • memory/5840-18-0x00007FF9B92F0000-0x00007FF9B9DB2000-memory.dmp

        Filesize

        10.8MB

      • memory/5840-17-0x0000000000810000-0x0000000000820000-memory.dmp

        Filesize

        64KB

      • memory/5840-14-0x00007FF9B92F3000-0x00007FF9B92F5000-memory.dmp

        Filesize

        8KB

      • memory/5840-142-0x00007FF9B92F3000-0x00007FF9B92F5000-memory.dmp

        Filesize

        8KB

      • memory/5840-143-0x00007FF9B92F0000-0x00007FF9B9DB2000-memory.dmp

        Filesize

        10.8MB

      • memory/5840-147-0x00007FF9B92F0000-0x00007FF9B9DB2000-memory.dmp

        Filesize

        10.8MB