Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2023, 10:32

General

  • Target

    LB3.exe

  • Size

    146KB

  • MD5

    33228a20a7e985f02e2ddd73cccde729

  • SHA1

    58ab960e629a609d135e1988c72f2991e5f76e30

  • SHA256

    0845a8c3be602a72e23a155b23ad554495bd558fa79e1bb849aa75f79d069194

  • SHA512

    075002dd1b0f8e536c1ff99d30368f5adfc90a2f3e7a74c9770119e7b54a5851236657b7edcb735d457e78a7e67b7c285b6ceaa6ca2907542ac208dfc8c9aabe

  • SSDEEP

    3072:36glyuxE4GsUPnliByocWepqFPUBwrqveV84:36gDBGpvEByocWe8MB4G

Malware Config

Signatures

  • Renames multiple (597) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Modifies extensions of user files 15 IoCs

    Ransomware generally changes the extension on encrypted files.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops desktop.ini file(s) 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 58 IoCs
  • Suspicious behavior: RenamesItself 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\LB3.exe
    "C:\Users\Admin\AppData\Local\Temp\LB3.exe"
    1⤵
    • Modifies extensions of user files
    • Drops desktop.ini file(s)
    • Sets desktop wallpaper using registry
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Modifies Control Panel
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4624
    • C:\ProgramData\D556.tmp
      "C:\ProgramData\D556.tmp"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: RenamesItself
      • Suspicious use of WriteProcessMemory
      PID:4876
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\D556.tmp >> NUL
        3⤵
          PID:5084
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1108

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\AAAAAAAAAAA

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\BBBBBBBBBBB

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\CCCCCCCCCCC

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\DDDDDDDDDDD

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\DDDDDDDDDDD

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\EEEEEEEEEEE

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\FFFFFFFFFFF

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\GGGGGGGGGGG

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\HHHHHHHHHHH

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\IIIIIIIIIII

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\JJJJJJJJJJJ

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\KKKKKKKKKKK

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\LLLLLLLLLLL

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\MMMMMMMMMMM

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\NNNNNNNNNNN

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\OOOOOOOOOOO

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\PPPPPPPPPPP

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\QQQQQQQQQQQ

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\RRRRRRRRRRR

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\SSSSSSSSSSS

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\TTTTTTTTTTT

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\UUUUUUUUUUU

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\VVVVVVVVVVV

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\WWWWWWWWWWW

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\XXXXXXXXXXX

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\YYYYYYYYYYY

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\$Recycle.Bin\S-1-5-21-1529757233-3489015626-3409890339-1000\desktop.ini

      Filesize

      129B

      MD5

      75977abb347d4d8bc84f5f182803c183

      SHA1

      7f0aa1b1dc0364e4086df57ab9fd196314cb0e74

      SHA256

      1106e4604ad5aad2148f5b44f3d3bec99a9d99f450614b26961112dd6ee69bb3

      SHA512

      a6f12c6d7fa32f7a670d12f2bf86246ebc6cf51cd202d924b6484e493b9a996d82e980c08315d681daff231a95e3ee9d5e0968f5576cd8504d49c3e1aa02e0dd

    • C:\AFfGduKAp.README.txt

      Filesize

      388B

      MD5

      4835f6e6f0b9de442718c52bd77e803b

      SHA1

      13f92a6bf255d915f7b0ffa170f376b2e36ca9ad

      SHA256

      6f9a490e33c04b6af9d466e4f049df2313edc8191b365c022bf2e5a5d1dc38ec

      SHA512

      5f491e1d4994c5af79980900cf363d04cb230934434d435aa32d7db11bf74768897c338157ce317f101bedf5d16928e642ca17143574bdbf2c353c3f8c2e2486

    • C:\ProgramData\D556.tmp

      Filesize

      14KB

      MD5

      294e9f64cb1642dd89229fff0592856b

      SHA1

      97b148c27f3da29ba7b18d6aee8a0db9102f47c9

      SHA256

      917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2

      SHA512

      b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

    • C:\ProgramData\D556.tmp

      Filesize

      14KB

      MD5

      294e9f64cb1642dd89229fff0592856b

      SHA1

      97b148c27f3da29ba7b18d6aee8a0db9102f47c9

      SHA256

      917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2

      SHA512

      b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

    • C:\Users\Admin\AppData\Local\Temp\DDDDDDD

      Filesize

      146KB

      MD5

      719de7e2b9cd7219bc1aea26fce42b56

      SHA1

      048057ba8cef003bc0c3fb4aa86a5776b2adc848

      SHA256

      1a4cff728911fe29de7356943ed2c45843c5e9c9b13c470e5cf5a85f488467f4

      SHA512

      1d3307927d7256a988087a2116cd11a52805ccff9bbccd155c9cdb8206603ebb889de8a5169ce5a9c603e6c9df64a4badc0034d050685d6bd0ca4c897058bc9a

    • memory/4624-2845-0x0000000002AA0000-0x0000000002AB0000-memory.dmp

      Filesize

      64KB

    • memory/4624-2846-0x0000000002AA0000-0x0000000002AB0000-memory.dmp

      Filesize

      64KB

    • memory/4624-189-0x0000000002AA0000-0x0000000002AB0000-memory.dmp

      Filesize

      64KB

    • memory/4624-188-0x0000000002AA0000-0x0000000002AB0000-memory.dmp

      Filesize

      64KB

    • memory/4876-2880-0x000000007FDE0000-0x000000007FDE1000-memory.dmp

      Filesize

      4KB

    • memory/4876-2881-0x000000007FE00000-0x000000007FE01000-memory.dmp

      Filesize

      4KB

    • memory/4876-2882-0x000000007FE40000-0x000000007FE41000-memory.dmp

      Filesize

      4KB

    • memory/4876-2883-0x0000000002750000-0x0000000002760000-memory.dmp

      Filesize

      64KB

    • memory/4876-2884-0x0000000002750000-0x0000000002760000-memory.dmp

      Filesize

      64KB

    • memory/4876-2885-0x000000007FE20000-0x000000007FE21000-memory.dmp

      Filesize

      4KB

    • memory/4876-2886-0x000000007FDC0000-0x000000007FDC1000-memory.dmp

      Filesize

      4KB