Analysis Overview
SHA256
aa4e772b706e39b6675bda9d19f7fdf6218c96c3a52552eb7db79987552b756b
Threat Level: Known bad
The file 2025-04-19_74745a68d5842de1a425f2d4b4c633df_black-basta_elex was found to be: Known bad.
Malicious Activity Summary
Mercurial Grabber Stealer
Mercurialgrabber family
Checks computer location settings
Reads user/profile data of web browsers
Executes dropped EXE
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Unsigned PE
Enumerates physical storage devices
Detects Pyinstaller
System Location Discovery: System Language Discovery
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-19 02:48
Signatures
Mercurialgrabber family
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-19 02:48
Reported
2025-04-19 02:51
Platform
win10v2004-20250314-en
Max time kernel
104s
Max time network
138s
Command Line
Signatures
Mercurial Grabber Stealer
Mercurialgrabber family
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2025-04-19_74745a68d5842de1a425f2d4b4c633df_black-basta_elex.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FB_5F27.tmp.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FB_60ED.tmp.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FB_60ED.tmp.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-04-19_74745a68d5842de1a425f2d4b4c633df_black-basta_elex.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\FB_5F27.tmp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\FB_5F27.tmp.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\FB_5F27.tmp.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2025-04-19_74745a68d5842de1a425f2d4b4c633df_black-basta_elex.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-19_74745a68d5842de1a425f2d4b4c633df_black-basta_elex.exe"
C:\Users\Admin\AppData\Local\Temp\FB_5F27.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\FB_5F27.tmp.exe"
C:\Users\Admin\AppData\Local\Temp\FB_60ED.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\FB_60ED.tmp.exe"
C:\Users\Admin\AppData\Local\Temp\FB_60ED.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\FB_60ED.tmp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| NL | 173.194.69.94:80 | c.pki.goog | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\FB_5F27.tmp.exe
| MD5 | 7a30cb97048660dce94b1556d82b2df1 |
| SHA1 | 5eeb39457c93c7332b7fd238e301d26b601fc3bd |
| SHA256 | c492cc3907eb62582e30b0b45dee68b6efdc52f0dc0df4b9fc55da18901fa7f9 |
| SHA512 | 6ea1d4b6fe819dcb1ba5d676a67cddb5b7498772ba7027355f5ec837a301fb1737535a6e4e08ce4f70cdf6ff3ef9a80fbd07ea5705bc5211054f79ca1df2b7c4 |
C:\Users\Admin\AppData\Local\Temp\FB_60ED.tmp.exe
| MD5 | cea77c76938d443b37b3372d36af6cd1 |
| SHA1 | 20d7fd6c87087f1459471d564b8bf398ce210359 |
| SHA256 | 3cd434f1d12a2d5da1efb1b15a5ff896aced3e1ca9d94605933696585d25b1af |
| SHA512 | 4a6d9f2a20588da2e1bd2d446e624f3c82dd73e33cbbe54820fcdc457a77b35d3753b95bc1d1909024bfb69b9623e6ffe61ab76b2c45922b73c805ec3cda78cb |
memory/6008-16-0x0000000000510000-0x0000000000520000-memory.dmp
memory/6008-17-0x00007FFB30EA3000-0x00007FFB30EA5000-memory.dmp
memory/6008-19-0x00007FFB30EA0000-0x00007FFB31961000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI33602\python311.dll
| MD5 | d06da79bfd21bb355dc3e20e17d3776c |
| SHA1 | 610712e77f80d2507ffe85129bfeb1ff72fa38bf |
| SHA256 | 2835e0f24fb13ef019608b13817f3acf8735fbc5f786d00501c4a151226bdff1 |
| SHA512 | e4dd839c18c95b847b813ffd0ca81823048d9b427e5dcf05f4fbe0d77b8f7c8a4bd1c67c106402cd1975bc20a8ec1406a38ad4764ab466ef03cb7eb1f431c38a |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\base_library.zip
| MD5 | 842d8d9e0cabf825bf7ba04a0d6f4d0c |
| SHA1 | 7df7e7dbc17f5ac8057ff3af81e6ad7762c13bd8 |
| SHA256 | 01b8cef75f9df12e1b0efc967704f1f48d524fc52ef393a73f4d62b0d6b59cf1 |
| SHA512 | a9181483ff26ba518bdaa27be2561dcfa4672b64b6a9b1677102844b9cc0790845d673d8a9f128586258c4d3bfdcb1c1e91ad877848b08c787d848373d9e85a7 |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\python3.DLL
| MD5 | 35da4143951c5354262a28dee569b7b2 |
| SHA1 | b07cb6b28c08c012eecb9fd7d74040163cdf4e0e |
| SHA256 | 920350a7c24c46339754e38d0db34ab558e891da0b3a389d5230a0d379bee802 |
| SHA512 | 2976667732f9ee797b7049d86fd9beeb05409adb7b89e3f5b1c875c72a4076cf65c762632b7230d7f581c052fce65bb91c1614c9e3a52a738051c3bc3d167a23 |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\_ctypes.pyd
| MD5 | a25cdcf630c024047a47a53728dc87cd |
| SHA1 | 8555ae488e0226a272fd7db9f9bdbb7853e61a21 |
| SHA256 | 3d43869a4507ed8ece285ae85782d83bb16328cf636170acb895c227ebb142ac |
| SHA512 | f6a4272deddc5c5c033a06e80941a16f688e28179eab3dbc4f7a9085ea4ad6998b89fc9ac501c5bf6fea87e0ba1d9f2eda819ad183b6fa7b6ddf1e91366c12af |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\_lzma.pyd
| MD5 | 3273720ddf2c5b75b072a1fb13476751 |
| SHA1 | 5fe0a4f98e471eb801a57b8c987f0feb1781ca8b |
| SHA256 | 663f1087c2ed664c5995a3ffa64546d2e33a0fce8a9121b48cc7c056b74a2948 |
| SHA512 | 919dbbfcc2f5913655d77f6c4ae9baa3a300153a5821dc9f23e0aceb89f69cb9fb86d6ce8f367b9301e0f7b6027e6b2f0911a2e73255ab5150a74b862f8af18e |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\_asyncio.pyd
| MD5 | 41806866d74e5edce05edc0ad47752b9 |
| SHA1 | c3d603c029fdac45bac37bb2f449fab86b8845dd |
| SHA256 | 76db93bd64cb4a36edb37694456f89bb588db98cf2733eb436f000b309eec3b2 |
| SHA512 | 2a019efaf3315b8b98be93ac4bea15cec8b9ecc6eab298fa93d3947bad2422b5a126d52cb4998363bdc82641fba9b8f42d589afe52d02914e55a5a6116989fde |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\_uuid.pyd
| MD5 | b21b864e357ccd72f35f2814bd1e6012 |
| SHA1 | 2ff0740c26137c6a81b96099c1f5209db33ac56a |
| SHA256 | ce9e2a30c20e6b83446d9ba83bb83c5570e1b1da0e87ff467d1b4fc090da6c53 |
| SHA512 | 29667eb0e070063ef28b7f8cc39225136065340ae358ad0136802770b2f48ac4bda5e60f2e2083f588859b7429b9ea3bad1596a380601e3b2b4bb74791df92a3 |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\_ssl.pyd
| MD5 | e5b1a076e9828985ea8ea07d22c6abd0 |
| SHA1 | 2a2827938a490cd847ea4e67e945deb4eef8cbb1 |
| SHA256 | 591589dadc659d1ad4856d16cd25dc8e57eaa085bf68eb2929f8f93aba69db1b |
| SHA512 | 0afd20f581efb08a7943a1984e469f1587c96252e44b3a05ca3dfb6c7b8b9d1b9fd609e03a292de6ec63b6373aeacc822e30d550b2f2d35bf7bf8dd6fc11f54f |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\_socket.pyd
| MD5 | 485d998a2de412206f04fa028fe6ba90 |
| SHA1 | 286e29d4f91a46171ba1e3c8229e6de94b499f1d |
| SHA256 | 8f9ede5044643413c3b072cd31a565956498ca07cdd17fb6a04483d388fdad76 |
| SHA512 | 68591522e9188f06ff81cd2b3506b40b9ad508d6e34f0111819bf5eff47ed9adf95ebfae5d05b685c4f53b186d15cc45e0d831d96be926f7a5762ee2f1341f1f |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\select.pyd
| MD5 | e07ae2f7f28305b81adfd256716ae8c6 |
| SHA1 | 9222cd34c14a116e7b9b70a82f72fc523ef2b2f6 |
| SHA256 | fb06ac13f8b444c3f7ae5d2af15710a4e60a126c3c61a1f1e1683f05f685626c |
| SHA512 | acb143194ca465936a48366265ae3e11a2256aeae333c576c8c74f8ed9b60987daff81647aef74e236b30687a28bc7e3aa21c6aedbfa47b1501658a2bfd117b4 |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\pyexpat.pyd
| MD5 | d7ecc2746314fec5ca46b64c964ea93e |
| SHA1 | 39fc49d4058a65f0aa4fbdc3d3bcc8c7beecaa01 |
| SHA256 | 58b95f03a2d7ec49f5260e3e874d2b9fb76e95ecc80537e27abef0c74d03cb00 |
| SHA512 | d5a595aaf3c7603804deae4d4cc34130876a4c38ccd9f9f29d8b8b11906fa1a03dd9a1f8f5dbde9dc2c62b89fe52dfe5b4ee409a8d336edf7b5b8141d12e82d2 |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\_queue.pyd
| MD5 | 284fbc1b32f0282fc968045b922a4ee2 |
| SHA1 | 7ccea7a48084f2c8463ba30ddae8af771538ae82 |
| SHA256 | ac3b144d7d7c8ee39f29d8749c5a35c4314b5365198821605c883fd11807e766 |
| SHA512 | baa75f7553cf595ad78c84cbb0f2a50917c93596ece1ff6221e64272adc6facdd8376e00918c6c3246451211d9dfc66442d31759bd52c26985c7f133cf011065 |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\_overlapped.pyd
| MD5 | e2a301b3fd3bdfec3bf6ca006189b2ac |
| SHA1 | 86b29ee1a42de70135a6786cdce69987f1f61193 |
| SHA256 | 4990f62e11c0a5ab15a9ffce9d054f06d0bc9213aea0c2a414a54fa01a5eb6dc |
| SHA512 | 4e5493cc4061be923b253164fd785685d5eccf16fd3acb246b9d840f6f7d9ed53555f53725af7956157d89eaa248a3505c30bd88c26e04aabdae62e4774ffa4e |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\_multiprocessing.pyd
| MD5 | 758128e09779a4baa28e68a8b9ee2476 |
| SHA1 | 4e81c682cf18e2a4b46e50f037799c43c6075f11 |
| SHA256 | 3c5b0823e30810aee47fdfad567491bc33dd640c37e35c8600e75c5a8d05ce2a |
| SHA512 | 5096f0daacf72012a7ad08b177c366b4fe1ded3a18aebfe438820b79c7cb735350ef831a7fb7d10482eefd4c0b8a41511042bb41f4507bbc0332c52df9288088 |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\_hashlib.pyd
| MD5 | ba682dfcdd600a4bb43a51a0d696a64c |
| SHA1 | df85ad909e9641f8fcaa0f8f5622c88d904e9e20 |
| SHA256 | 2ad55e11bddb5b65cdf6e9e126d82a3b64551f7ad9d4cbf74a1058fd7e5993bd |
| SHA512 | 79c607e58881d3c3dfb83886fe7aa4cddb5221c50499d33fe21e1efb0ffa1fd0d3f52cbe97b16b04fbe2b067d6eb5997ac66dec9d2a160d3cb6d44ffca0f5636 |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\_decimal.pyd
| MD5 | e4e032221aca4033f9d730f19dc3b21a |
| SHA1 | 584a3b4bc26a323ce268a64aad90c746731f9a48 |
| SHA256 | 23bdd07b84d2dbcb077624d6dcbfc66ab13a9ef5f9eebe31dc0ffece21b9e50c |
| SHA512 | 4a350ba9e8481b66e7047c9e6c68e6729f8074a29ef803ed8452c04d6d61f8f70300d5788c4c3164b0c8fb63e7c9715236c0952c3166b606e1c7d7fff36b7c4c |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\_cffi_backend.cp311-win_amd64.pyd
| MD5 | 739d352bd982ed3957d376a9237c9248 |
| SHA1 | 961cf42f0c1bb9d29d2f1985f68250de9d83894d |
| SHA256 | 9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980 |
| SHA512 | 585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\VCRUNTIME140_1.dll
| MD5 | f8dfa78045620cf8a732e67d1b1eb53d |
| SHA1 | ff9a604d8c99405bfdbbf4295825d3fcbc792704 |
| SHA256 | a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5 |
| SHA512 | ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371 |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\unicodedata.pyd
| MD5 | 5cc36a5de45a2c16035ade016b4348eb |
| SHA1 | 35b159110e284b83b7065d2cff0b5ef4ccfa7bf1 |
| SHA256 | f28ac3e3ad02f9e1d8b22df15fa30b2190b080261a9adc6855248548cd870d20 |
| SHA512 | 9cccbf81e80c32976b7b2e0e3978e8f7350cce542356131b24ebab34b256efd44643d41ee4b2994b9152c2e5af302aa182a1889c99605140f47494a501ef46c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\libssl-3.dll
| MD5 | 19a2aba25456181d5fb572d88ac0e73e |
| SHA1 | 656ca8cdfc9c3a6379536e2027e93408851483db |
| SHA256 | 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006 |
| SHA512 | df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337 |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\libcrypto-3.dll
| MD5 | e547cf6d296a88f5b1c352c116df7c0c |
| SHA1 | cafa14e0367f7c13ad140fd556f10f320a039783 |
| SHA256 | 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de |
| SHA512 | 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\_bz2.pyd
| MD5 | 37eace4b806b32f829de08db3803b707 |
| SHA1 | 8a4e2bb2d04685856d1de95b00f3ffc6ea1e76b9 |
| SHA256 | 1be51ef2b5acbe490217aa1ff12618d24b95df6136c6844714b9ca997b4c7f9b |
| SHA512 | 1591a263de16373ee84594943a0993721b1e1a2f56140d348a646347a8e9760930df4f632adcee9c9870f9c20d7818a3a8c61b956723bf94777e0b7fb7689b2d |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\pywin32_system32\pywintypes311.dll
| MD5 | 3d9895aa25e1f493f38f08f4717a0d67 |
| SHA1 | 459ed374dd8568c4f364d021c2283fb86c16e0e6 |
| SHA256 | 074a73db77cbd9a8a1eed34dbfeddcea2d5772d34f8761b94957ae463c9a16ae |
| SHA512 | e0a95f11e1076e25b24421d5b8cbdc8d8fa10d4cb366e1e9416222a739d893e7d60026e0fb55983c954e73881f37b5f27fdbfc58dfaee83f42272266bdcab3af |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\pywin32_system32\pythoncom311.dll
| MD5 | 6c19942383f17f4e771d18cf8fe54104 |
| SHA1 | cdb183411114716b4e73dbf6e5abeff916d974cf |
| SHA256 | 1b1663859d7ee7ca0fcd5328a9d9a57b0d7f03e2a82a026e4749aeed97bac119 |
| SHA512 | 5bd1d44990860110f3c819f605e061a8b45578b1c3213404e72ea995e91e05cec5c94f8d1856962c175feee74426013cdcd9e1df7d564e3113869c7fa715e8af |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\win32\win32api.pyd
| MD5 | a8ee4d01df3cde6a0fed85c278b5ebb8 |
| SHA1 | dc2ae0fbcc0e92e073e5224466690b95012ac761 |
| SHA256 | 6ba86018ac060effa78e1597310c83408eb5c9f9cacdf86511c442a6f7bc5464 |
| SHA512 | b12dad7d5dafb80b075e8af5058ada076d5f12664cc3635d3cd7f39a763f5b58cfaceba60b3dfe282311b867526930cf686c0704fab9ace220c0695cff38c389 |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\charset_normalizer\md__mypyc.cp311-win_amd64.pyd
| MD5 | bd18f35f8a56415ec604d97bd3dd44c4 |
| SHA1 | 63f51eb5dafeb24327e3bcb63828336c920b4fcd |
| SHA256 | f3501ebce24205f3dc54192cd917eab9a899fe936570650253d4c1466383eff1 |
| SHA512 | 3c1c268005f494413cd2f9409b64ed3a2c9af558c0f317447af2c27776406c61dcb28ae6720af156145078ec565a14a3e12d409e57389bb3d4d10f8d7a92a7d1 |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\charset_normalizer\md.cp311-win_amd64.pyd
| MD5 | e3d495cf14d857349554a3606a8e7210 |
| SHA1 | db0843b89a84fb37efd3c76168bcb303174aac29 |
| SHA256 | e21f4c40c29be0b115463e7bb8a365946a4afc152b9fff602abd41c6e0ce68a2 |
| SHA512 | 8f69a16042e88bc51d30ad4c78d8240e2619104324e79e5f382975486bfb39b4e0a3c35976d08399300d7823d6a358104658374daf36a513ce0774f3611d4d6e |
C:\Users\Admin\AppData\Local\Temp\_MEI33602\certifi\cacert.pem
| MD5 | 234d271ecb91165aaec148ad6326dd39 |
| SHA1 | d7fccec47f7a5fbc549222a064f3053601400b6f |
| SHA256 | c55b21f907f7f86d48add093552fb5651749ff5f860508ccbb423d6c1fbd80c7 |
| SHA512 | 69289a9b1b923d89ba6e914ab601c9aee4d03ff98f4ed8400780d4b88df5f4d92a8ca1a458abcfde00c8455d3676aca9ec03f7d0593c64b7a05ed0895701d7ed |
memory/6008-142-0x00007FFB30EA0000-0x00007FFB31961000-memory.dmp
memory/6008-146-0x00007FFB30EA0000-0x00007FFB31961000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2025-04-19 02:48
Reported
2025-04-19 02:51
Platform
win11-20250410-en
Max time kernel
99s
Max time network
105s
Command Line
Signatures
Mercurial Grabber Stealer
Mercurialgrabber family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FB_9CAD.tmp.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FB_9E25.tmp.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FB_9E25.tmp.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-04-19_74745a68d5842de1a425f2d4b4c633df_black-basta_elex.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\FB_9CAD.tmp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\FB_9CAD.tmp.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\FB_9CAD.tmp.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2025-04-19_74745a68d5842de1a425f2d4b4c633df_black-basta_elex.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-19_74745a68d5842de1a425f2d4b4c633df_black-basta_elex.exe"
C:\Users\Admin\AppData\Local\Temp\FB_9CAD.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\FB_9CAD.tmp.exe"
C:\Users\Admin\AppData\Local\Temp\FB_9E25.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\FB_9E25.tmp.exe"
C:\Users\Admin\AppData\Local\Temp\FB_9E25.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\FB_9E25.tmp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\FB_9CAD.tmp.exe
| MD5 | 7a30cb97048660dce94b1556d82b2df1 |
| SHA1 | 5eeb39457c93c7332b7fd238e301d26b601fc3bd |
| SHA256 | c492cc3907eb62582e30b0b45dee68b6efdc52f0dc0df4b9fc55da18901fa7f9 |
| SHA512 | 6ea1d4b6fe819dcb1ba5d676a67cddb5b7498772ba7027355f5ec837a301fb1737535a6e4e08ce4f70cdf6ff3ef9a80fbd07ea5705bc5211054f79ca1df2b7c4 |
memory/5840-14-0x00007FF9B92F3000-0x00007FF9B92F5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FB_9E25.tmp.exe
| MD5 | cea77c76938d443b37b3372d36af6cd1 |
| SHA1 | 20d7fd6c87087f1459471d564b8bf398ce210359 |
| SHA256 | 3cd434f1d12a2d5da1efb1b15a5ff896aced3e1ca9d94605933696585d25b1af |
| SHA512 | 4a6d9f2a20588da2e1bd2d446e624f3c82dd73e33cbbe54820fcdc457a77b35d3753b95bc1d1909024bfb69b9623e6ffe61ab76b2c45922b73c805ec3cda78cb |
memory/5840-17-0x0000000000810000-0x0000000000820000-memory.dmp
memory/5840-18-0x00007FF9B92F0000-0x00007FF9B9DB2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI25362\python311.dll
| MD5 | d06da79bfd21bb355dc3e20e17d3776c |
| SHA1 | 610712e77f80d2507ffe85129bfeb1ff72fa38bf |
| SHA256 | 2835e0f24fb13ef019608b13817f3acf8735fbc5f786d00501c4a151226bdff1 |
| SHA512 | e4dd839c18c95b847b813ffd0ca81823048d9b427e5dcf05f4fbe0d77b8f7c8a4bd1c67c106402cd1975bc20a8ec1406a38ad4764ab466ef03cb7eb1f431c38a |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\base_library.zip
| MD5 | 842d8d9e0cabf825bf7ba04a0d6f4d0c |
| SHA1 | 7df7e7dbc17f5ac8057ff3af81e6ad7762c13bd8 |
| SHA256 | 01b8cef75f9df12e1b0efc967704f1f48d524fc52ef393a73f4d62b0d6b59cf1 |
| SHA512 | a9181483ff26ba518bdaa27be2561dcfa4672b64b6a9b1677102844b9cc0790845d673d8a9f128586258c4d3bfdcb1c1e91ad877848b08c787d848373d9e85a7 |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\python3.DLL
| MD5 | 35da4143951c5354262a28dee569b7b2 |
| SHA1 | b07cb6b28c08c012eecb9fd7d74040163cdf4e0e |
| SHA256 | 920350a7c24c46339754e38d0db34ab558e891da0b3a389d5230a0d379bee802 |
| SHA512 | 2976667732f9ee797b7049d86fd9beeb05409adb7b89e3f5b1c875c72a4076cf65c762632b7230d7f581c052fce65bb91c1614c9e3a52a738051c3bc3d167a23 |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\_ctypes.pyd
| MD5 | a25cdcf630c024047a47a53728dc87cd |
| SHA1 | 8555ae488e0226a272fd7db9f9bdbb7853e61a21 |
| SHA256 | 3d43869a4507ed8ece285ae85782d83bb16328cf636170acb895c227ebb142ac |
| SHA512 | f6a4272deddc5c5c033a06e80941a16f688e28179eab3dbc4f7a9085ea4ad6998b89fc9ac501c5bf6fea87e0ba1d9f2eda819ad183b6fa7b6ddf1e91366c12af |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\_bz2.pyd
| MD5 | 37eace4b806b32f829de08db3803b707 |
| SHA1 | 8a4e2bb2d04685856d1de95b00f3ffc6ea1e76b9 |
| SHA256 | 1be51ef2b5acbe490217aa1ff12618d24b95df6136c6844714b9ca997b4c7f9b |
| SHA512 | 1591a263de16373ee84594943a0993721b1e1a2f56140d348a646347a8e9760930df4f632adcee9c9870f9c20d7818a3a8c61b956723bf94777e0b7fb7689b2d |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\_lzma.pyd
| MD5 | 3273720ddf2c5b75b072a1fb13476751 |
| SHA1 | 5fe0a4f98e471eb801a57b8c987f0feb1781ca8b |
| SHA256 | 663f1087c2ed664c5995a3ffa64546d2e33a0fce8a9121b48cc7c056b74a2948 |
| SHA512 | 919dbbfcc2f5913655d77f6c4ae9baa3a300153a5821dc9f23e0aceb89f69cb9fb86d6ce8f367b9301e0f7b6027e6b2f0911a2e73255ab5150a74b862f8af18e |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\_uuid.pyd
| MD5 | b21b864e357ccd72f35f2814bd1e6012 |
| SHA1 | 2ff0740c26137c6a81b96099c1f5209db33ac56a |
| SHA256 | ce9e2a30c20e6b83446d9ba83bb83c5570e1b1da0e87ff467d1b4fc090da6c53 |
| SHA512 | 29667eb0e070063ef28b7f8cc39225136065340ae358ad0136802770b2f48ac4bda5e60f2e2083f588859b7429b9ea3bad1596a380601e3b2b4bb74791df92a3 |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\_ssl.pyd
| MD5 | e5b1a076e9828985ea8ea07d22c6abd0 |
| SHA1 | 2a2827938a490cd847ea4e67e945deb4eef8cbb1 |
| SHA256 | 591589dadc659d1ad4856d16cd25dc8e57eaa085bf68eb2929f8f93aba69db1b |
| SHA512 | 0afd20f581efb08a7943a1984e469f1587c96252e44b3a05ca3dfb6c7b8b9d1b9fd609e03a292de6ec63b6373aeacc822e30d550b2f2d35bf7bf8dd6fc11f54f |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\_socket.pyd
| MD5 | 485d998a2de412206f04fa028fe6ba90 |
| SHA1 | 286e29d4f91a46171ba1e3c8229e6de94b499f1d |
| SHA256 | 8f9ede5044643413c3b072cd31a565956498ca07cdd17fb6a04483d388fdad76 |
| SHA512 | 68591522e9188f06ff81cd2b3506b40b9ad508d6e34f0111819bf5eff47ed9adf95ebfae5d05b685c4f53b186d15cc45e0d831d96be926f7a5762ee2f1341f1f |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\_queue.pyd
| MD5 | 284fbc1b32f0282fc968045b922a4ee2 |
| SHA1 | 7ccea7a48084f2c8463ba30ddae8af771538ae82 |
| SHA256 | ac3b144d7d7c8ee39f29d8749c5a35c4314b5365198821605c883fd11807e766 |
| SHA512 | baa75f7553cf595ad78c84cbb0f2a50917c93596ece1ff6221e64272adc6facdd8376e00918c6c3246451211d9dfc66442d31759bd52c26985c7f133cf011065 |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\_overlapped.pyd
| MD5 | e2a301b3fd3bdfec3bf6ca006189b2ac |
| SHA1 | 86b29ee1a42de70135a6786cdce69987f1f61193 |
| SHA256 | 4990f62e11c0a5ab15a9ffce9d054f06d0bc9213aea0c2a414a54fa01a5eb6dc |
| SHA512 | 4e5493cc4061be923b253164fd785685d5eccf16fd3acb246b9d840f6f7d9ed53555f53725af7956157d89eaa248a3505c30bd88c26e04aabdae62e4774ffa4e |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\_multiprocessing.pyd
| MD5 | 758128e09779a4baa28e68a8b9ee2476 |
| SHA1 | 4e81c682cf18e2a4b46e50f037799c43c6075f11 |
| SHA256 | 3c5b0823e30810aee47fdfad567491bc33dd640c37e35c8600e75c5a8d05ce2a |
| SHA512 | 5096f0daacf72012a7ad08b177c366b4fe1ded3a18aebfe438820b79c7cb735350ef831a7fb7d10482eefd4c0b8a41511042bb41f4507bbc0332c52df9288088 |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\_hashlib.pyd
| MD5 | ba682dfcdd600a4bb43a51a0d696a64c |
| SHA1 | df85ad909e9641f8fcaa0f8f5622c88d904e9e20 |
| SHA256 | 2ad55e11bddb5b65cdf6e9e126d82a3b64551f7ad9d4cbf74a1058fd7e5993bd |
| SHA512 | 79c607e58881d3c3dfb83886fe7aa4cddb5221c50499d33fe21e1efb0ffa1fd0d3f52cbe97b16b04fbe2b067d6eb5997ac66dec9d2a160d3cb6d44ffca0f5636 |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\_decimal.pyd
| MD5 | e4e032221aca4033f9d730f19dc3b21a |
| SHA1 | 584a3b4bc26a323ce268a64aad90c746731f9a48 |
| SHA256 | 23bdd07b84d2dbcb077624d6dcbfc66ab13a9ef5f9eebe31dc0ffece21b9e50c |
| SHA512 | 4a350ba9e8481b66e7047c9e6c68e6729f8074a29ef803ed8452c04d6d61f8f70300d5788c4c3164b0c8fb63e7c9715236c0952c3166b606e1c7d7fff36b7c4c |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\_cffi_backend.cp311-win_amd64.pyd
| MD5 | 739d352bd982ed3957d376a9237c9248 |
| SHA1 | 961cf42f0c1bb9d29d2f1985f68250de9d83894d |
| SHA256 | 9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980 |
| SHA512 | 585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\_asyncio.pyd
| MD5 | 41806866d74e5edce05edc0ad47752b9 |
| SHA1 | c3d603c029fdac45bac37bb2f449fab86b8845dd |
| SHA256 | 76db93bd64cb4a36edb37694456f89bb588db98cf2733eb436f000b309eec3b2 |
| SHA512 | 2a019efaf3315b8b98be93ac4bea15cec8b9ecc6eab298fa93d3947bad2422b5a126d52cb4998363bdc82641fba9b8f42d589afe52d02914e55a5a6116989fde |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\select.pyd
| MD5 | e07ae2f7f28305b81adfd256716ae8c6 |
| SHA1 | 9222cd34c14a116e7b9b70a82f72fc523ef2b2f6 |
| SHA256 | fb06ac13f8b444c3f7ae5d2af15710a4e60a126c3c61a1f1e1683f05f685626c |
| SHA512 | acb143194ca465936a48366265ae3e11a2256aeae333c576c8c74f8ed9b60987daff81647aef74e236b30687a28bc7e3aa21c6aedbfa47b1501658a2bfd117b4 |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\VCRUNTIME140_1.dll
| MD5 | f8dfa78045620cf8a732e67d1b1eb53d |
| SHA1 | ff9a604d8c99405bfdbbf4295825d3fcbc792704 |
| SHA256 | a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5 |
| SHA512 | ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371 |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\unicodedata.pyd
| MD5 | 5cc36a5de45a2c16035ade016b4348eb |
| SHA1 | 35b159110e284b83b7065d2cff0b5ef4ccfa7bf1 |
| SHA256 | f28ac3e3ad02f9e1d8b22df15fa30b2190b080261a9adc6855248548cd870d20 |
| SHA512 | 9cccbf81e80c32976b7b2e0e3978e8f7350cce542356131b24ebab34b256efd44643d41ee4b2994b9152c2e5af302aa182a1889c99605140f47494a501ef46c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\pyexpat.pyd
| MD5 | d7ecc2746314fec5ca46b64c964ea93e |
| SHA1 | 39fc49d4058a65f0aa4fbdc3d3bcc8c7beecaa01 |
| SHA256 | 58b95f03a2d7ec49f5260e3e874d2b9fb76e95ecc80537e27abef0c74d03cb00 |
| SHA512 | d5a595aaf3c7603804deae4d4cc34130876a4c38ccd9f9f29d8b8b11906fa1a03dd9a1f8f5dbde9dc2c62b89fe52dfe5b4ee409a8d336edf7b5b8141d12e82d2 |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\pywin32_system32\pywintypes311.dll
| MD5 | 3d9895aa25e1f493f38f08f4717a0d67 |
| SHA1 | 459ed374dd8568c4f364d021c2283fb86c16e0e6 |
| SHA256 | 074a73db77cbd9a8a1eed34dbfeddcea2d5772d34f8761b94957ae463c9a16ae |
| SHA512 | e0a95f11e1076e25b24421d5b8cbdc8d8fa10d4cb366e1e9416222a739d893e7d60026e0fb55983c954e73881f37b5f27fdbfc58dfaee83f42272266bdcab3af |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\libssl-3.dll
| MD5 | 19a2aba25456181d5fb572d88ac0e73e |
| SHA1 | 656ca8cdfc9c3a6379536e2027e93408851483db |
| SHA256 | 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006 |
| SHA512 | df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337 |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\libcrypto-3.dll
| MD5 | e547cf6d296a88f5b1c352c116df7c0c |
| SHA1 | cafa14e0367f7c13ad140fd556f10f320a039783 |
| SHA256 | 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de |
| SHA512 | 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\pywin32_system32\pythoncom311.dll
| MD5 | 6c19942383f17f4e771d18cf8fe54104 |
| SHA1 | cdb183411114716b4e73dbf6e5abeff916d974cf |
| SHA256 | 1b1663859d7ee7ca0fcd5328a9d9a57b0d7f03e2a82a026e4749aeed97bac119 |
| SHA512 | 5bd1d44990860110f3c819f605e061a8b45578b1c3213404e72ea995e91e05cec5c94f8d1856962c175feee74426013cdcd9e1df7d564e3113869c7fa715e8af |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\win32\win32api.pyd
| MD5 | a8ee4d01df3cde6a0fed85c278b5ebb8 |
| SHA1 | dc2ae0fbcc0e92e073e5224466690b95012ac761 |
| SHA256 | 6ba86018ac060effa78e1597310c83408eb5c9f9cacdf86511c442a6f7bc5464 |
| SHA512 | b12dad7d5dafb80b075e8af5058ada076d5f12664cc3635d3cd7f39a763f5b58cfaceba60b3dfe282311b867526930cf686c0704fab9ace220c0695cff38c389 |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\charset_normalizer\md.cp311-win_amd64.pyd
| MD5 | e3d495cf14d857349554a3606a8e7210 |
| SHA1 | db0843b89a84fb37efd3c76168bcb303174aac29 |
| SHA256 | e21f4c40c29be0b115463e7bb8a365946a4afc152b9fff602abd41c6e0ce68a2 |
| SHA512 | 8f69a16042e88bc51d30ad4c78d8240e2619104324e79e5f382975486bfb39b4e0a3c35976d08399300d7823d6a358104658374daf36a513ce0774f3611d4d6e |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\charset_normalizer\md__mypyc.cp311-win_amd64.pyd
| MD5 | bd18f35f8a56415ec604d97bd3dd44c4 |
| SHA1 | 63f51eb5dafeb24327e3bcb63828336c920b4fcd |
| SHA256 | f3501ebce24205f3dc54192cd917eab9a899fe936570650253d4c1466383eff1 |
| SHA512 | 3c1c268005f494413cd2f9409b64ed3a2c9af558c0f317447af2c27776406c61dcb28ae6720af156145078ec565a14a3e12d409e57389bb3d4d10f8d7a92a7d1 |
C:\Users\Admin\AppData\Local\Temp\_MEI25362\certifi\cacert.pem
| MD5 | 234d271ecb91165aaec148ad6326dd39 |
| SHA1 | d7fccec47f7a5fbc549222a064f3053601400b6f |
| SHA256 | c55b21f907f7f86d48add093552fb5651749ff5f860508ccbb423d6c1fbd80c7 |
| SHA512 | 69289a9b1b923d89ba6e914ab601c9aee4d03ff98f4ed8400780d4b88df5f4d92a8ca1a458abcfde00c8455d3676aca9ec03f7d0593c64b7a05ed0895701d7ed |
memory/5840-142-0x00007FF9B92F3000-0x00007FF9B92F5000-memory.dmp
memory/5840-143-0x00007FF9B92F0000-0x00007FF9B9DB2000-memory.dmp
memory/5840-147-0x00007FF9B92F0000-0x00007FF9B9DB2000-memory.dmp