Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    84s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/01/2025, 12:41

General

  • Target

    6375e7e4c7cdc3f96afd991c4dfedd5cdfe4b31bf0662dccfa703c117e951f71.exe

  • Size

    1.7MB

  • MD5

    927426bafb84fe8daff84cff77258e0d

  • SHA1

    320a91f6b810e4f5dbb38f58fd2949c780d4c807

  • SHA256

    6375e7e4c7cdc3f96afd991c4dfedd5cdfe4b31bf0662dccfa703c117e951f71

  • SHA512

    1eb9eb0e65a6cb5ea43db76b476f8a0a78942664980eee67e46929685005f40d7f7d85be3e1dec98fce3ca7bfdce62ad2d6daafdc96a4844e84a72a721d55181

  • SSDEEP

    24576:/5dZufOrzvckB+Fr+waFHTcqunNW3QdWvPiVD2CWgrUE94FFs+n9rQOF8nux8igX:/5dVwPaFHTTgkAAn2IQ39y9rRF8uxG

Malware Config

Extracted

Path

C:\ZQXLByuZ3.README.txt

Family

lockbit

Ransom Note
~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~ >>>> Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom Links for Tor Browser: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion Links for the normal browser http://lockbitapt.uz http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. Life is too short to be sad. Be not sad, money, it is only paper. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment. You can obtain information about us on twitter https://twitter.com/hashtag/lockbit?f=live >>>> You need contact us and decrypt one file for free your personal DECRYPTION ID Tox ID LockBitSupp: 4FC18FE3304323D69CF8E0A4F88765B7B6E61BC30717B4908925DE4F3584A329993344E1306C Mail: [email protected] Write to a chat and wait for the answer, we will always answer you. >>>> Your personal DECRYPTION ID: 0742AF252D792D02C581877B1E24E28B >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! >>>> Warning! If you do not pay the ransom we will attack your company repeatedly again! >>>> Advertisement Would you like to earn millions of dollars $$$ ? Our company acquire access to networks of various companies, as well as insider information that can help you steal the most valuable data of any company. You can provide us accounting data for the access to any company, for example, login and password to RDP, VPN, corporate email, etc. Open our letter at your email. Launch the provided virus on any computer in your company. You can do it both using your work computer or the computer of any other employee in order to divert suspicion of being in collusion with us. Companies pay us the foreclosure for the decryption of files and prevention of data leak. You can contact us using Tox messenger without registration and SMS https://tox.chat/download.html. Using Tox messenger, we will never know your real name, it means your privacy is guaranteed. If you want to contact us, write in tox. Tox ID LockBitSupp: 4FC18FE3304323D69CF8E0A4F88765B7B6E61BC30717B4908925DE4F3584A329993344E1306C If this contact is expired, and we do not respond you, look for the relevant contact data on our website via Tor or Brave browser Links for Tor Browser: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion Links for the normal browser http://lockbitapt.uz http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
URLs

http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion

http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion

http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion

http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion

http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion

http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion

http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion

http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion

http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion

http://lockbitapt.uz

http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly

http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly

http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly

http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly

http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly

http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly

http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly

http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly

http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly

https://twitter.com/hashtag/lockbit?f=live

Signatures

  • Lockbit

    Ransomware family with multiple variants released since late 2019.

  • Lockbit family
  • Renames multiple (614) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops desktop.ini file(s) 2 IoCs
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

  • Drops file in System32 directory 4 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Control Panel 2 IoCs
  • Modifies registry class 9 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: RenamesItself 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6375e7e4c7cdc3f96afd991c4dfedd5cdfe4b31bf0662dccfa703c117e951f71.exe
    "C:\Users\Admin\AppData\Local\Temp\6375e7e4c7cdc3f96afd991c4dfedd5cdfe4b31bf0662dccfa703c117e951f71.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4456
    • C:\Users\Admin\AppData\Local\Temp\6375e7e4c7cdc3f96afd991c4dfedd5cdfe4b31bf0662dccfa703c117e951f71.exe
      "C:\Users\Admin\AppData\Local\Temp\6375e7e4c7cdc3f96afd991c4dfedd5cdfe4b31bf0662dccfa703c117e951f71.exe"
      2⤵
      • Checks BIOS information in registry
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4120
      • C:\Users\Admin\AppData\Local\Temp\6375e7e4c7cdc3f96afd991c4dfedd5cdfe4b31bf0662dccfa703c117e951f71.exe
        C:\Users\Admin\AppData\Local\Temp\6375e7e4c7cdc3f96afd991c4dfedd5cdfe4b31bf0662dccfa703c117e951f71.exe
        3⤵
        • Drops desktop.ini file(s)
        • Sets desktop wallpaper using registry
        • System Location Discovery: System Language Discovery
        • Modifies Control Panel
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1232
        • C:\Windows\splwow64.exe
          C:\Windows\splwow64.exe 12288
          4⤵
          • Drops file in System32 directory
          PID:648
        • C:\ProgramData\F1B4.tmp
          "C:\ProgramData\F1B4.tmp"
          4⤵
          • Checks computer location settings
          • Deletes itself
          • Executes dropped EXE
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: RenamesItself
          • Suspicious use of WriteProcessMemory
          PID:4664
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\F1B4.tmp >> NUL
            5⤵
            • System Location Discovery: System Language Discovery
            PID:1848
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
    1⤵
      PID:2924
    • C:\Windows\system32\printfilterpipelinesvc.exe
      C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
      1⤵
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:3304
      • C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
        /insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{5C2BA39F-D202-407C-BEEF-F6E076BC853C}.xps" 133809865366810000
        2⤵
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious use of SetWindowsHookEx
        PID:3656

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\YYYYYYYYYYY

      Filesize

      129B

      MD5

      660a760ac007f3234f2967d5e45a50f3

      SHA1

      99c59f9264fa2d218e97879990f1cd3434ab56bf

      SHA256

      169809a62cb05c19cfb32de2d5808875c5547237022cafc6debf354e61aee878

      SHA512

      1c612620b0a4245378168cd1d014600ef17832da88d21afc47dab09382aa016ec8d6685e7a6e7a82995862000a3fe396063995cac51e45a26c240ca95baaf2ef

    • C:\ProgramData\F1B4.tmp

      Filesize

      14KB

      MD5

      294e9f64cb1642dd89229fff0592856b

      SHA1

      97b148c27f3da29ba7b18d6aee8a0db9102f47c9

      SHA256

      917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2

      SHA512

      b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

    • C:\Users\Admin\AppData\Local\Temp\DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD

      Filesize

      1.7MB

      MD5

      b1dbf96cbac92d09620f908add74123a

      SHA1

      721311bb9f042a8d0298f294f9a9c25386a5bb5d

      SHA256

      c74cb00fc0ab4dab4011220be8ebbc98928fbd7185ea1ce20644f2918c0756a6

      SHA512

      86c930d9321d2b7d0f9d283017d19c5548c9d75935e7611dfb711d883d01f03dbc9bfd2cdb91e3ab34f526886358e7bc62ca2e0e3c1b50cbb776ecc42612e96d

    • C:\Users\Admin\AppData\Local\Temp\{CF7D0F2C-6029-4FC9-A3DF-2F864240ADC8}

      Filesize

      4KB

      MD5

      92313fcabf805e0c0a68a0a1cdc55496

      SHA1

      9bce924befffc639553461690094652d35888f62

      SHA256

      5316481275c4115fa3727da7ce1326d479a3a7edf006803fb0153d1b24810ef8

      SHA512

      4cdb68b6d5397c0f1db692986a4ec8e410174db8283c879a80363efbb89b9d62582b2fd2c9a7626adab6a30bc4a419a6bc03a3bcbf40733f0c1240b35611881a

    • C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2

      Filesize

      4KB

      MD5

      5bc945a644003e24c49b83dbebd4ee70

      SHA1

      d174db67cc1092ecd56e85cc2f448c7b85b1f8e6

      SHA256

      e6d37f749ad25aba9687523acaa0dead6dde371df68a566210d3fec73172f930

      SHA512

      2e476eb4bafd59b94348d01aa46a8ba91979e3ed74a96e8cca5f9c2a4bfe4504f9cb2fd985076a59161515b55633e8e7d8f99aa14926c3f67205c9d809dc2465

    • C:\ZQXLByuZ3.README.txt

      Filesize

      5KB

      MD5

      5d059a43265f2b6dee086721bf8a251a

      SHA1

      12abeec0e1c9b55caa73ae01ca33e156a1eea434

      SHA256

      81a9270f3478012eaa0ac8ae38663d477a62d3606bb1508c1ece53a9b61a1d7d

      SHA512

      e8548d7a846a869edcd2e719ad2f097af23053f26a672a06ca639417db61cfb46dbaec98a76aa76d31d81486847a9a41bc9b75a7e46c26555a16551b4d572c5e

    • F:\$RECYCLE.BIN\S-1-5-21-4089630652-1596403869-279772308-1000\DDDDDDDDDDD

      Filesize

      129B

      MD5

      747a098b8318582aefec952f67120be3

      SHA1

      45e0a2e7712161e9c1006fd3996acdfb470f3c9a

      SHA256

      3981ea8b56bb90f02302f0467e14aa159c1bd7af67168f2c7a8dc1b5c7fc5c45

      SHA512

      d5d7dd38b5fd4afd0f90c9ed28049b0ea1c1c7dc766b53d65c0309ac6700f2f1be343e98ab7a7329d5579d2d691f59b263710fc280505fbbaf8d0c4357da83ef

    • memory/1232-2888-0x0000000002330000-0x0000000002340000-memory.dmp

      Filesize

      64KB

    • memory/1232-136-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/1232-23-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/1232-2886-0x0000000002330000-0x0000000002340000-memory.dmp

      Filesize

      64KB

    • memory/1232-2887-0x0000000002330000-0x0000000002340000-memory.dmp

      Filesize

      64KB

    • memory/1232-29-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/1232-2885-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/1232-27-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/1232-25-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/1232-22-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/1232-21-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/1232-18-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/1232-19-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/1232-35-0x0000000002330000-0x0000000002340000-memory.dmp

      Filesize

      64KB

    • memory/1232-33-0x0000000002330000-0x0000000002340000-memory.dmp

      Filesize

      64KB

    • memory/1232-34-0x0000000002330000-0x0000000002340000-memory.dmp

      Filesize

      64KB

    • memory/1232-37-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/1232-45-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/1232-43-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/1232-2883-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/1232-2880-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/1232-20-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/1232-2881-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/1232-315-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/1232-2871-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/3656-2907-0x00007FFDEAA30000-0x00007FFDEAA40000-memory.dmp

      Filesize

      64KB

    • memory/3656-2911-0x00007FFDEAA30000-0x00007FFDEAA40000-memory.dmp

      Filesize

      64KB

    • memory/3656-2941-0x00007FFDE83A0000-0x00007FFDE83B0000-memory.dmp

      Filesize

      64KB

    • memory/3656-2932-0x00007FFDE83A0000-0x00007FFDE83B0000-memory.dmp

      Filesize

      64KB

    • memory/3656-2908-0x00007FFDEAA30000-0x00007FFDEAA40000-memory.dmp

      Filesize

      64KB

    • memory/3656-2906-0x00007FFDEAA30000-0x00007FFDEAA40000-memory.dmp

      Filesize

      64KB

    • memory/3656-2910-0x00007FFDEAA30000-0x00007FFDEAA40000-memory.dmp

      Filesize

      64KB

    • memory/4120-32-0x0000000010000000-0x00000000101AC000-memory.dmp

      Filesize

      1.7MB

    • memory/4120-13-0x0000000010000000-0x00000000101AC000-memory.dmp

      Filesize

      1.7MB

    • memory/4120-11-0x0000000010000000-0x00000000101AC000-memory.dmp

      Filesize

      1.7MB

    • memory/4120-14-0x0000000002310000-0x000000000246A000-memory.dmp

      Filesize

      1.4MB

    • memory/4120-9-0x0000000002310000-0x000000000246A000-memory.dmp

      Filesize

      1.4MB

    • memory/4120-28-0x0000000002310000-0x000000000246A000-memory.dmp

      Filesize

      1.4MB

    • memory/4120-12-0x0000000010000000-0x00000000101AC000-memory.dmp

      Filesize

      1.7MB

    • memory/4120-2-0x0000000002310000-0x000000000246A000-memory.dmp

      Filesize

      1.4MB

    • memory/4120-1-0x0000000010000000-0x00000000101AC000-memory.dmp

      Filesize

      1.7MB

    • memory/4456-30-0x0000000010000000-0x00000000101AC000-memory.dmp

      Filesize

      1.7MB

    • memory/4456-0-0x0000000010000000-0x00000000101AC000-memory.dmp

      Filesize

      1.7MB