Analysis Overview
Threat Level: Known bad
The file https://viviendas8.com/bb/abc.exe was found to be: Known bad.
Malicious Activity Summary
Lockbit
Renames multiple (152) files with added filename extension
Downloads MZ/PE file
Executes dropped EXE
Drops desktop.ini file(s)
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Opens file in notepad (likely ransom note)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-19 17:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-19 17:42
Reported
2024-02-19 17:46
Platform
win10v2004-20231215-es
Max time kernel
130s
Max time network
196s
Command Line
Signatures
Lockbit
Renames multiple (152) files with added filename extension
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\abc.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\$Recycle.Bin\S-1-5-21-3073191680-435865314-2862784915-1000\desktop.ini | C:\Users\Admin\Downloads\abc.exe | N/A |
| File opened for modification | F:\$RECYCLE.BIN\S-1-5-21-3073191680-435865314-2862784915-1000\desktop.ini | C:\Users\Admin\Downloads\abc.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\abc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\abc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\abc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\abc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\abc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\abc.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528381769404188" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\1YwR2c1YK | C:\Users\Admin\Downloads\abc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\1YwR2c1YK\DefaultIcon\ = "C:\\ProgramData\\1YwR2c1YK.ico" | C:\Users\Admin\Downloads\abc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.1YwR2c1YK | C:\Users\Admin\Downloads\abc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.1YwR2c1YK\ = "1YwR2c1YK" | C:\Users\Admin\Downloads\abc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\1YwR2c1YK\DefaultIcon | C:\Users\Admin\Downloads\abc.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://viviendas8.com/bb/abc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffeebde9758,0x7ffeebde9768,0x7ffeebde9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1892,i,10708585726833663893,14068448107573647993,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1892,i,10708585726833663893,14068448107573647993,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1892,i,10708585726833663893,14068448107573647993,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1892,i,10708585726833663893,14068448107573647993,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1892,i,10708585726833663893,14068448107573647993,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5212 --field-trial-handle=1892,i,10708585726833663893,14068448107573647993,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5408 --field-trial-handle=1892,i,10708585726833663893,14068448107573647993,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 --field-trial-handle=1892,i,10708585726833663893,14068448107573647993,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5848 --field-trial-handle=1892,i,10708585726833663893,14068448107573647993,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5796 --field-trial-handle=1892,i,10708585726833663893,14068448107573647993,131072 /prefetch:8
C:\Users\Admin\Downloads\abc.exe
"C:\Users\Admin\Downloads\abc.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 --field-trial-handle=1892,i,10708585726833663893,14068448107573647993,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=1892,i,10708585726833663893,14068448107573647993,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2856 --field-trial-handle=1892,i,10708585726833663893,14068448107573647993,131072 /prefetch:2
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\ProgramData\975F.tmp
"C:\ProgramData\975F.tmp"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\1YwR2c1YK.README.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | viviendas8.com | udp |
| US | 192.185.181.3:443 | viviendas8.com | tcp |
| US | 8.8.8.8:53 | 3.181.185.192.in-addr.arpa | udp |
| US | 192.185.181.3:443 | viviendas8.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.65.42.20.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4788_DTNXMPDTTAWXMHVS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f272e25c2a36bd56aa5af41191b9e8ee |
| SHA1 | 362d97c96a70e0b937e584b8c34a53e39cc012c2 |
| SHA256 | 6c6e4f6b4954afa820d61db6025c9a20a07f9e0de5090affc20e1ca2e3789d32 |
| SHA512 | 7ff6f60e8609fa66181c381ce6c1468bb098e91a0b66143eb24cabfd2f3d88edd07ad703d14ec98a01901181e5bcd531e8f26d7d699aa589489c4755c057c19c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7408c3479ae2bf0b5f0d98f6a3dec024 |
| SHA1 | 87d2230b3060829f2ef889c6bd01b1402c02af6a |
| SHA256 | c4805ec67eb7a6b10cbf7416786c8d6c0a19c60e376cc1ca6ea6eb46755d90ea |
| SHA512 | 112d6953c1eb2fc7f37fdbb9c8ef0a76f0616add4033c69c5077c15d4e3a60abc69a9ca1f3009a1615fdebc5a62a51b9f98dc79238583f613a1e234f84f1cf08 |
C:\Users\Admin\Downloads\abc.exe
| MD5 | bcf0e5d50839268ab93d1210cf08fa37 |
| SHA1 | e999d54783714cf4d4a78c49bb7c0704b7987fbf |
| SHA256 | 0dd36a058705717a7d84622f9745b85277c37a07ad830a6648a01ef6e679324a |
| SHA512 | 7dd0bd7deaf4f4020f753c390bebaabeb259d4b3069cdfbfeb4ef6edb4d0add44f643ed43692da3b7f574a4a6eae9fa7248f3cbd9898be3d28b5ee48c79adc39 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 38e8b84cafe24b982144fce3ffbfc585 |
| SHA1 | 836e6b04f3243b56d98f63c9ba405e6a94ddfaa9 |
| SHA256 | 04809cd49251cfe94ecff5d4078d164cfe97b95b477312f82bfa1249441a16d2 |
| SHA512 | 9d216d1fb3bb9b522f4dfa3352af593ceac7ccc8bc4f943810c0d45a087dba8c2752a0b3cf1eb932333e223b7e324217ddab45acb1641c0dcb5d2da8aba0fede |
memory/2996-70-0x0000000000740000-0x0000000000840000-memory.dmp
memory/2996-71-0x0000000000700000-0x0000000000729000-memory.dmp
memory/2996-72-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d59a030d1e95d1c6858ebe0d5fcc5d9d |
| SHA1 | 18059773b6d81b21c8e9fa0b810124564a551710 |
| SHA256 | b9db3e534e6c698ab2d62c402e0af6038e75a00bef66191cb0e5544ff3f09ac6 |
| SHA512 | b9286f27727b8e0a3000a31775affed39cce5db68f9f9ed54161f428709f48f7b1946a95602b37e5f9aa03aaf1ecdb72b58b598ae431630df4c4153fc7635298 |
memory/2996-82-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2996-83-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2996-87-0x0000000000740000-0x0000000000840000-memory.dmp
memory/2996-88-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2996-89-0x0000000000700000-0x0000000000729000-memory.dmp
memory/2996-90-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | af3cc2ece1a3fc8c3a8b6ca0e6d12836 |
| SHA1 | 5fcab47d6af6b49f3ea1a8d64d1a309d05005b9f |
| SHA256 | 9ee0a21cd5c6789499fd74b9a6b123a833977256b5c0ecb0b1ac4a75bc3ec6d8 |
| SHA512 | 1b9f6770aa951791b8e75e26d6d716e1c26b2c6a0055d47cdc9c050166e5363b01b696c6589b5ab225ad25d031061c1ec9f12f78f0d217a1601313907ccfa59e |
memory/2996-100-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2996-101-0x0000000002590000-0x00000000025A0000-memory.dmp
memory/2996-102-0x0000000002590000-0x00000000025A0000-memory.dmp
memory/2996-103-0x0000000002590000-0x00000000025A0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a210bf41a04fd6ecdc12e750d0120a4f |
| SHA1 | 3b7d0797dbd766d55605d7fa0950cc2aea6c36e2 |
| SHA256 | 2ce953d552e87824d361a937e8ab86b587cbb72ceb1d0a9e98171fa887bcafde |
| SHA512 | 7b7a6c3c66e5736cb929974ec1d5d881ee1ca13e7eee176fca99e2c7f04a89a1dd19f2db82db9003fdf07d872e830241350a307ca2de7c9b15f6ba7a7ce38e8d |
memory/2996-109-0x0000000000400000-0x0000000000460000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-3073191680-435865314-2862784915-1000\desktop.ini
| MD5 | 22cd465e501d9bc31269d19d04690b50 |
| SHA1 | d94fba43518f91057f3e26ff08a0ce9bf6b8f5ab |
| SHA256 | e0d60caa2791597d8c213473b6939d4d0db00e5935f2c917c8b12a67aaeb5c8b |
| SHA512 | a4ecdc7cd3711266fd4b6cefad3d037f1d8dd2d92113f20e25c6c5597e482358b8ece17573d980224e4af701d86a5b637874eecc780fbe95ae62f77b400f347d |
F:\$RECYCLE.BIN\S-1-5-21-3073191680-435865314-2862784915-1000\DDDDDDDDDDD
| MD5 | 4491cbc5809fc159397444ce9f05a386 |
| SHA1 | e75d99023f6a61fa804992897c504df1b88149e9 |
| SHA256 | 6451350fba81e4bfd23dedce6a5c4e35edae305fc30f6fb774a864f10865ca04 |
| SHA512 | bc4e5e1ec7ffbda0352eb942c220c5172b170ccf102c9fd4d36a0922d59ac868a03564645a183f93c4fc15c3de87f95e4b236b38e4c690d5090e9af16e5f3d6e |
C:\Users\1YwR2c1YK.README.txt
| MD5 | ef9fb5cd27cc162b8197a3548becbdd2 |
| SHA1 | e2232583c58da7ce3945208a6898028aab7e4e61 |
| SHA256 | b2b355fa22ae7c8573e4bb1939922c1b133eec231e8dfe51e37043a19847dd3f |
| SHA512 | 5dcd443d02b9d151705a7176f20bb174ba75b130fc40cd97017bcbf392f9ea47474d793b2c7414c79a890bb2e643275096ed7f6642c5ee510eade43184579a7a |
memory/2996-411-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2996-413-0x0000000002590000-0x00000000025A0000-memory.dmp
memory/2996-414-0x0000000002590000-0x00000000025A0000-memory.dmp
memory/2996-415-0x0000000002590000-0x00000000025A0000-memory.dmp
memory/2996-416-0x0000000000400000-0x0000000000460000-memory.dmp
C:\ProgramData\975F.tmp
| MD5 | 294e9f64cb1642dd89229fff0592856b |
| SHA1 | 97b148c27f3da29ba7b18d6aee8a0db9102f47c9 |
| SHA256 | 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2 |
| SHA512 | b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf |
memory/3516-435-0x0000000000400000-0x0000000000407000-memory.dmp
memory/3516-440-0x000000007FDC0000-0x000000007FDC1000-memory.dmp
memory/3516-439-0x000000007FE20000-0x000000007FE21000-memory.dmp
memory/3516-438-0x00000000023F0000-0x0000000002400000-memory.dmp
memory/3516-437-0x00000000023F0000-0x0000000002400000-memory.dmp
memory/3516-436-0x000000007FE40000-0x000000007FE41000-memory.dmp
memory/2996-441-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\Downloads\DDDDDDD
| MD5 | b53c1150ebc31c5203c2e8f3a89967b6 |
| SHA1 | ab78e3d53c3a2a70dd6533a2ca97f490cee8a077 |
| SHA256 | b46b2d4237a13ae38b81f7b4aad7fc7965007906132b5a9b65668456ce4ab5fd |
| SHA512 | a1f30b12fc53a31895b3296daaa0cfaa2146be55cf281de3211bd29afea20cf81847dc145e5d2686c5996c0da75bec266ce0c3437a4d8e705363b86d6b2732a0 |
memory/3516-471-0x0000000000400000-0x0000000000407000-memory.dmp
memory/3516-472-0x00000000023F0000-0x0000000002400000-memory.dmp