Analysis
-
max time kernel
67s -
max time network
75s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
04-09-2023 12:43
Static task
static1
Behavioral task
behavioral1
Sample
Antidetect Patreon Premium Edition 2022.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Antidetect Patreon Premium Edition 2022.exe
Resource
win10v2004-20230831-en
General
-
Target
Antidetect Patreon Premium Edition 2022.exe
-
Size
84.3MB
-
MD5
b4bceed650b2162007040ce71b3a94a6
-
SHA1
810bd44e0f3d3efdf1ec7923c54d5a86ecb5799a
-
SHA256
316e21b3e68b522fc33f29723770f031ca472f39c6b192f3e4534b5198652372
-
SHA512
3355173305b03120b4db20c92765c4c84db0ff75d0305e7a1192cea6a4c0ab64fbe9838c2c3185458eb5aed967347276b2d78cba0c55753694a21b9b04aa480c
-
SSDEEP
1572864:O96ytL1hdHOZJGF2qDdNy00uNhM/IiafGhoZyV4CSS17IAs7lZJbKpg4:ODBpOSFZRNy+NhM/2ZkP7RalZJ+pg
Malware Config
Extracted
revengerat
NYAN-CAT
blog.capeturk.com:1111
RV_MUTEX-FZMONFueOciq
Signatures
-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
RevengeRat Executable 1 IoCs
Processes:
resource yara_rule behavioral1/memory/3028-65-0x0000000002130000-0x000000000213C000-memory.dmp revengerat -
Executes dropped EXE 5 IoCs
Processes:
Setup.exeSetup.exesvchost.exeexplorer.exeAntidetect Patreon Premium Edition 2022 .exepid process 2364 Setup.exe 2604 Setup.exe 2528 svchost.exe 3028 explorer.exe 1152 Antidetect Patreon Premium Edition 2022 .exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
Setup.exeexplorer.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Intel Security Corporation = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\svchost.exe" Setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Explorer = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\explorer.exe" explorer.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
Antidetect Patreon Premium Edition 2022 .exedescription ioc process File opened (read-only) \??\J: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\P: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\T: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\U: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\V: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\W: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\Y: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\B: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\G: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\K: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\L: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\Z: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\O: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\R: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\S: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\A: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\E: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\M: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\N: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\H: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\I: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\Q: Antidetect Patreon Premium Edition 2022 .exe File opened (read-only) \??\X: Antidetect Patreon Premium Edition 2022 .exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
Processes:
explorer.exeAntidetect Patreon Premium Edition 2022 .exemsiexec.exedescription pid process Token: SeDebugPrivilege 3028 explorer.exe Token: SeShutdownPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeIncreaseQuotaPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeRestorePrivilege 2368 msiexec.exe Token: SeTakeOwnershipPrivilege 2368 msiexec.exe Token: SeSecurityPrivilege 2368 msiexec.exe Token: SeCreateTokenPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeAssignPrimaryTokenPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeLockMemoryPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeIncreaseQuotaPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeMachineAccountPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeTcbPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeSecurityPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeTakeOwnershipPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeLoadDriverPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeSystemProfilePrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeSystemtimePrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeProfSingleProcessPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeIncBasePriorityPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeCreatePagefilePrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeCreatePermanentPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeBackupPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeRestorePrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeShutdownPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeDebugPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeAuditPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeSystemEnvironmentPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeChangeNotifyPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeRemoteShutdownPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeUndockPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeSyncAgentPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeEnableDelegationPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeManageVolumePrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeImpersonatePrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe Token: SeCreateGlobalPrivilege 1152 Antidetect Patreon Premium Edition 2022 .exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
Antidetect Patreon Premium Edition 2022 .exepid process 1152 Antidetect Patreon Premium Edition 2022 .exe -
Suspicious use of WriteProcessMemory 16 IoCs
Processes:
Antidetect Patreon Premium Edition 2022.exeSetup.exesvchost.exedescription pid process target process PID 2224 wrote to memory of 2364 2224 Antidetect Patreon Premium Edition 2022.exe Setup.exe PID 2224 wrote to memory of 2364 2224 Antidetect Patreon Premium Edition 2022.exe Setup.exe PID 2224 wrote to memory of 2364 2224 Antidetect Patreon Premium Edition 2022.exe Setup.exe PID 2224 wrote to memory of 2604 2224 Antidetect Patreon Premium Edition 2022.exe Setup.exe PID 2224 wrote to memory of 2604 2224 Antidetect Patreon Premium Edition 2022.exe Setup.exe PID 2224 wrote to memory of 2604 2224 Antidetect Patreon Premium Edition 2022.exe Setup.exe PID 2604 wrote to memory of 2528 2604 Setup.exe svchost.exe PID 2604 wrote to memory of 2528 2604 Setup.exe svchost.exe PID 2604 wrote to memory of 2528 2604 Setup.exe svchost.exe PID 2528 wrote to memory of 3028 2528 svchost.exe explorer.exe PID 2528 wrote to memory of 3028 2528 svchost.exe explorer.exe PID 2528 wrote to memory of 3028 2528 svchost.exe explorer.exe PID 2224 wrote to memory of 1152 2224 Antidetect Patreon Premium Edition 2022.exe Antidetect Patreon Premium Edition 2022 .exe PID 2224 wrote to memory of 1152 2224 Antidetect Patreon Premium Edition 2022.exe Antidetect Patreon Premium Edition 2022 .exe PID 2224 wrote to memory of 1152 2224 Antidetect Patreon Premium Edition 2022.exe Antidetect Patreon Premium Edition 2022 .exe PID 2224 wrote to memory of 1152 2224 Antidetect Patreon Premium Edition 2022.exe Antidetect Patreon Premium Edition 2022 .exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022.exe"C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2224 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"2⤵
- Executes dropped EXE
PID:2364 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2604 -
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2528 -
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe"4⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:3028 -
C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exe"C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exe"2⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1152
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2368
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exeFilesize
83.8MB
MD5fc409978e611a143502044848f8d470f
SHA1dae419b77c277fe1fba610c2da94586dcef16701
SHA256bb7c477ce05a95f3079fd90327c734fd120e1895437792c388d943dc26a20f70
SHA512e49f7e9f7ba9de786ce52bba768c4ed38c8ef4c3ded3babadbdbe85635d349c46b61fcca3fe46a29b25c21efdda295279bcf6df42ffd9d019197bc669e263442
-
C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exeFilesize
83.8MB
MD5fc409978e611a143502044848f8d470f
SHA1dae419b77c277fe1fba610c2da94586dcef16701
SHA256bb7c477ce05a95f3079fd90327c734fd120e1895437792c388d943dc26a20f70
SHA512e49f7e9f7ba9de786ce52bba768c4ed38c8ef4c3ded3babadbdbe85635d349c46b61fcca3fe46a29b25c21efdda295279bcf6df42ffd9d019197bc669e263442
-
C:\Users\Admin\AppData\Local\Temp\CabC90.tmpFilesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
C:\Users\Admin\AppData\Local\Temp\Setup.exeFilesize
420KB
MD5ada0cbc54989b2cd2959601c7a5b8499
SHA19c8739d476016fe0a87b176bb95f3a5bcbeff0de
SHA256a19b89ddc700357e618934775fd1a412401b308a9ef6ae686d3f363622065c96
SHA512f9de42724ff8bc65841db07a0901b706cf5f44d6c1e09e34ea753f88ed9746a22898993e0afe2947f8b4aa28515b428bd320bedca471b04db171776e81c4558e
-
C:\Users\Admin\AppData\Local\Temp\Setup.exeFilesize
420KB
MD5ada0cbc54989b2cd2959601c7a5b8499
SHA19c8739d476016fe0a87b176bb95f3a5bcbeff0de
SHA256a19b89ddc700357e618934775fd1a412401b308a9ef6ae686d3f363622065c96
SHA512f9de42724ff8bc65841db07a0901b706cf5f44d6c1e09e34ea753f88ed9746a22898993e0afe2947f8b4aa28515b428bd320bedca471b04db171776e81c4558e
-
C:\Users\Admin\AppData\Local\Temp\Setup.exeFilesize
420KB
MD5ada0cbc54989b2cd2959601c7a5b8499
SHA19c8739d476016fe0a87b176bb95f3a5bcbeff0de
SHA256a19b89ddc700357e618934775fd1a412401b308a9ef6ae686d3f363622065c96
SHA512f9de42724ff8bc65841db07a0901b706cf5f44d6c1e09e34ea753f88ed9746a22898993e0afe2947f8b4aa28515b428bd320bedca471b04db171776e81c4558e
-
C:\Users\Admin\AppData\Local\Temp\Setup.exeFilesize
420KB
MD5ada0cbc54989b2cd2959601c7a5b8499
SHA19c8739d476016fe0a87b176bb95f3a5bcbeff0de
SHA256a19b89ddc700357e618934775fd1a412401b308a9ef6ae686d3f363622065c96
SHA512f9de42724ff8bc65841db07a0901b706cf5f44d6c1e09e34ea753f88ed9746a22898993e0afe2947f8b4aa28515b428bd320bedca471b04db171776e81c4558e
-
C:\Users\Admin\AppData\Local\Temp\TarE77.tmpFilesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf
-
C:\Users\Admin\AppData\Local\Temp\VirtualBox\VirtualBox-6.1.28-r147628.msiFilesize
82.6MB
MD5577825097157487c7afd2c591ee413bb
SHA16b4c3f8b88edb5925b05338fd1e9b1f3e5c665db
SHA2563ccd35abf2dcfff22ad6d3ffda5cf79f3fdc4fac4244caf6ac4bde72f05b402d
SHA5125d2f72b490e06bc0f69cdf0528fe43332b7420f92f21f573c9fe890b00b6ae002ef21566e1ba1be27ee61aa2e85535102c8b12661e4f101143e62a7c4a5748e8
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exeFilesize
73KB
MD58e3d99e6a1064f89744ccb24dc6802bb
SHA11b6c31ab4236538c8423c19575c1e19a031b3876
SHA256d21a23ffbdfe1bf8232a132b559c99b37f5825d816f83370684e67988b3162a8
SHA512f5f49c20c5d9a5a80e1d3a4540695fca4732755bc33c0ea61b8be582a2ab7d22305666caf4a3f09fc7c165b3ceadcc89aa4240edcf1f0daba8b0bb09ef720134
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exeFilesize
73KB
MD58e3d99e6a1064f89744ccb24dc6802bb
SHA11b6c31ab4236538c8423c19575c1e19a031b3876
SHA256d21a23ffbdfe1bf8232a132b559c99b37f5825d816f83370684e67988b3162a8
SHA512f5f49c20c5d9a5a80e1d3a4540695fca4732755bc33c0ea61b8be582a2ab7d22305666caf4a3f09fc7c165b3ceadcc89aa4240edcf1f0daba8b0bb09ef720134
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exeFilesize
73KB
MD58e3d99e6a1064f89744ccb24dc6802bb
SHA11b6c31ab4236538c8423c19575c1e19a031b3876
SHA256d21a23ffbdfe1bf8232a132b559c99b37f5825d816f83370684e67988b3162a8
SHA512f5f49c20c5d9a5a80e1d3a4540695fca4732755bc33c0ea61b8be582a2ab7d22305666caf4a3f09fc7c165b3ceadcc89aa4240edcf1f0daba8b0bb09ef720134
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exeFilesize
293KB
MD51303779b354738a8c93cc522ffb21f11
SHA1ce29a26e1363ddfdc830e2934fed935f15032187
SHA2560a8e2fcc8c6393d2e97e6129e862a877a420a54f2530b4af5eb7f8e2a7a30af5
SHA512b5a612907d09200753d4b4770c90cde98d18eda7eacd15c8297582401b58f1a4a91c8553dea7640d03bcc6068bb2afa0b1ee46997653c839f2066f5ed050a66d
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exeFilesize
293KB
MD51303779b354738a8c93cc522ffb21f11
SHA1ce29a26e1363ddfdc830e2934fed935f15032187
SHA2560a8e2fcc8c6393d2e97e6129e862a877a420a54f2530b4af5eb7f8e2a7a30af5
SHA512b5a612907d09200753d4b4770c90cde98d18eda7eacd15c8297582401b58f1a4a91c8553dea7640d03bcc6068bb2afa0b1ee46997653c839f2066f5ed050a66d
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exeFilesize
293KB
MD51303779b354738a8c93cc522ffb21f11
SHA1ce29a26e1363ddfdc830e2934fed935f15032187
SHA2560a8e2fcc8c6393d2e97e6129e862a877a420a54f2530b4af5eb7f8e2a7a30af5
SHA512b5a612907d09200753d4b4770c90cde98d18eda7eacd15c8297582401b58f1a4a91c8553dea7640d03bcc6068bb2afa0b1ee46997653c839f2066f5ed050a66d
-
memory/2224-1-0x0000000000970000-0x00000000009F0000-memory.dmpFilesize
512KB
-
memory/2224-38-0x0000000000970000-0x00000000009F0000-memory.dmpFilesize
512KB
-
memory/2224-37-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmpFilesize
9.6MB
-
memory/2224-0-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmpFilesize
9.6MB
-
memory/2224-64-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmpFilesize
9.6MB
-
memory/2224-2-0x0000000000D20000-0x0000000006168000-memory.dmpFilesize
84.3MB
-
memory/2364-16-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmpFilesize
9.6MB
-
memory/2364-10-0x0000000000F90000-0x0000000000FFE000-memory.dmpFilesize
440KB
-
memory/2364-14-0x0000000000A90000-0x0000000000AB8000-memory.dmpFilesize
160KB
-
memory/2364-13-0x0000000000AE0000-0x0000000000B60000-memory.dmpFilesize
512KB
-
memory/2364-12-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmpFilesize
9.6MB
-
memory/2364-20-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmpFilesize
9.6MB
-
memory/2528-34-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmpFilesize
9.6MB
-
memory/2528-31-0x0000000000F90000-0x0000000000FDE000-memory.dmpFilesize
312KB
-
memory/2528-35-0x0000000000AD0000-0x0000000000B50000-memory.dmpFilesize
512KB
-
memory/2528-140-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmpFilesize
9.6MB
-
memory/2528-36-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmpFilesize
9.6MB
-
memory/2528-57-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmpFilesize
9.6MB
-
memory/2528-58-0x0000000000AD0000-0x0000000000B50000-memory.dmpFilesize
512KB
-
memory/2528-33-0x0000000000400000-0x0000000000408000-memory.dmpFilesize
32KB
-
memory/2604-17-0x0000000000B50000-0x0000000000BD0000-memory.dmpFilesize
512KB
-
memory/2604-18-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmpFilesize
9.6MB
-
memory/2604-19-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmpFilesize
9.6MB
-
memory/2604-32-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmpFilesize
9.6MB
-
memory/3028-51-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmpFilesize
9.6MB
-
memory/3028-65-0x0000000002130000-0x000000000213C000-memory.dmpFilesize
48KB
-
memory/3028-53-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmpFilesize
9.6MB
-
memory/3028-52-0x00000000003B0000-0x0000000000430000-memory.dmpFilesize
512KB
-
memory/3028-50-0x00000000007A0000-0x00000000007A8000-memory.dmpFilesize
32KB
-
memory/3028-49-0x0000000000840000-0x0000000000858000-memory.dmpFilesize
96KB
-
memory/3028-141-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmpFilesize
9.6MB
-
memory/3028-142-0x00000000003B0000-0x0000000000430000-memory.dmpFilesize
512KB