Analysis
-
max time kernel
152s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
24-05-2024 19:10
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-24_ab743095a632c9474f7311c0491df47e_ryuk.exe
Resource
win7-20240221-en
General
-
Target
2024-05-24_ab743095a632c9474f7311c0491df47e_ryuk.exe
-
Size
2.2MB
-
MD5
ab743095a632c9474f7311c0491df47e
-
SHA1
9db1db204c0504ea16072616712497071fccee0b
-
SHA256
bb5a610691b6842eb01e544bd2cdd80184a616c9d618e90a213b0361125f0d19
-
SHA512
6141b8b2492d7eb8910e4c9352ec5a7c8ef66aee78ddb75cfead53c525b6d9b68fb97ff7a0dc3c65d2cfa8321f625c8112321b9c7c611172a20360083a91b026
-
SSDEEP
24576:GOObVw4TaN1wdFukCba4oXtgLhU3wEdmh584sqjnhMgeiCl7G0nehbGZpbD:GOOh3aN4FuLbegmtGfDmg27RnWGj
Malware Config
Signatures
-
Executes dropped EXE 9 IoCs
Processes:
alg.exeelevation_service.exeDiagnosticsHub.StandardCollector.Service.exeelevation_service.exemaintenanceservice.exeOSE.EXEfxssvc.exemsdtc.exePerceptionSimulationService.exepid process 3876 alg.exe 4520 elevation_service.exe 3172 DiagnosticsHub.StandardCollector.Service.exe 2144 elevation_service.exe 4284 maintenanceservice.exe 3056 OSE.EXE 4328 fxssvc.exe 2668 msdtc.exe 880 PerceptionSimulationService.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 13 IoCs
Processes:
elevation_service.exealg.exe2024-05-24_ab743095a632c9474f7311c0491df47e_ryuk.exedescription ioc process File opened for modification C:\Windows\system32\AppVClient.exe elevation_service.exe File opened for modification C:\Windows\system32\msiexec.exe elevation_service.exe File opened for modification C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe elevation_service.exe File opened for modification C:\Windows\system32\dllhost.exe alg.exe File opened for modification C:\Windows\System32\msdtc.exe elevation_service.exe File opened for modification C:\Windows\System32\alg.exe 2024-05-24_ab743095a632c9474f7311c0491df47e_ryuk.exe File opened for modification C:\Windows\system32\AppVClient.exe 2024-05-24_ab743095a632c9474f7311c0491df47e_ryuk.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\cc8fe31db3e2edcd.bin alg.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe 2024-05-24_ab743095a632c9474f7311c0491df47e_ryuk.exe File opened for modification C:\Windows\system32\dllhost.exe 2024-05-24_ab743095a632c9474f7311c0491df47e_ryuk.exe File opened for modification C:\Windows\system32\AppVClient.exe alg.exe File opened for modification C:\Windows\system32\dllhost.exe elevation_service.exe File opened for modification C:\Windows\system32\fxssvc.exe elevation_service.exe -
Drops file in Program Files directory 64 IoCs
Processes:
alg.exemaintenanceservice.exedescription ioc process File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_156609\java.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_156609\javaw.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe alg.exe File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdeps.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsgen.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jjs.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe alg.exe File opened for modification C:\Program Files\7-Zip\7zFM.exe alg.exe File opened for modification C:\Program Files\Internet Explorer\ieinstal.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javah.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\policytool.exe alg.exe File opened for modification C:\Program Files (x86)\Internet Explorer\ieinstal.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe alg.exe File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javapackager.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe alg.exe File created C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log maintenanceservice.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jar.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_156609\javaws.exe alg.exe File opened for modification C:\Program Files (x86)\Internet Explorer\ExtExport.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jhat.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\updater.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe alg.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\kinit.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\servertool.exe alg.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdb.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\ktab.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\orbd.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\ktab.exe alg.exe -
Drops file in Windows directory 1 IoCs
Processes:
elevation_service.exedescription ioc process File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe elevation_service.exe -
Modifies data under HKEY_USERS 5 IoCs
Processes:
fxssvc.exedescription ioc process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print" fxssvc.exe -
Suspicious behavior: LoadsDriver 2 IoCs
Processes:
pid process 664 664 -
Suspicious use of AdjustPrivilegeToken 6 IoCs
Processes:
2024-05-24_ab743095a632c9474f7311c0491df47e_ryuk.exealg.exeelevation_service.exefxssvc.exedescription pid process Token: SeTakeOwnershipPrivilege 3152 2024-05-24_ab743095a632c9474f7311c0491df47e_ryuk.exe Token: SeDebugPrivilege 3876 alg.exe Token: SeDebugPrivilege 3876 alg.exe Token: SeDebugPrivilege 3876 alg.exe Token: SeTakeOwnershipPrivilege 4520 elevation_service.exe Token: SeAuditPrivilege 4328 fxssvc.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-24_ab743095a632c9474f7311c0491df47e_ryuk.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-24_ab743095a632c9474f7311c0491df47e_ryuk.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:3152
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:3876
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
PID:3172
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4520
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"1⤵
- Executes dropped EXE
PID:2144
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4284
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:3056
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:81⤵PID:3692
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵PID:436
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4328
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
PID:2668
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
PID:880
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exeFilesize
2.2MB
MD57442a0ba5dbd8a45105a78c693a85f0a
SHA1c5c1ff1d70cc254ff65801cd60bb71da0b9e66a6
SHA25608bafe20575041c8f8fba4d32ae7e0a9719cda355f9da242ab1b7656ae5917e2
SHA5126132dbc5905010033f658ee297bf4d0b04a4b4c8db364e859162fbdb2e0057803a0e1f8ec6e0a12796918faacbee1df2a8297bcc7e671b3a18a7c9cd90a6e39b
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeFilesize
1.4MB
MD580de405c0665a8064809493756064db1
SHA1c85619db4c0a190bde4938e81ee8b18c541e91d8
SHA2564f2110e3b9c3fa7b2fe94e70dec9ef0ef4b589f6ac3fa05057f15fe22fcb4fbc
SHA512e8e60c9ecbc994815f8f493725444347c4b8545cbdc3c367c84d7009c324e6075a8071e16ada543a8d41650d3613faa4141b79497b0dbb8007419d955295247f
-
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXEFilesize
1.4MB
MD5b85f1ad6edae8c28a9f75c459b81c959
SHA121d44c175584b07dc5ea2c007ac1d90f543f9590
SHA25686a6728b1ec563967c26329434aae5060943611fdac0d3b7c0a3bc9c005caedb
SHA5129fe2a5883462c077189c19600c20ca5c2360055b0106813fd2dfaa78ded74b12b3269628500ea2f23dc4536e2619caa4ac18556e908c8a5edb9a378d641374d3
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exeFilesize
2.1MB
MD577636f04a8a2aff92c34b3656fee26ef
SHA187c058a9716ee50a4f66e7541a6d114cf0440eb6
SHA256c24083050eba95ef21e179231f5b4b235f467ef60867fbd69ca4e61fceae0e5d
SHA5128147f1947dfbbb90eedb84efb6f7d6323973dcc3de059f2a1cbeb73cf599ebb8b1d69fa36e682147d6886c9d8269fac4d10f4f44c1ca3c47592612c2b1baa894
-
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeFilesize
1.3MB
MD5ed356da8f7847dc562b2c2a9722295ef
SHA116f3a9570c9441946a3f0c1abcb9536e6c054f79
SHA256e890d0bbc976ba08a88c129a41b19530700364966b6125e56e79c8e0abf828dd
SHA5122cd3c95fc9a92b0c0b94de2018e3098a01e5a1978ab48cc8b6df4735042f4e0c91286907b2b3d02fde896fc30135b20ab9fc91ba380dc798bcc61c7a9a329b45
-
C:\Windows\System32\FXSSVC.exeFilesize
1.2MB
MD570968803a76e5c8d23ef2542cf79cab7
SHA15343020a16f3a0d6509ffbf29bc911c1965399b0
SHA25614b5802ed4bb1b0d14f7357a50bc4a9b63867376c1662382b350f1adba3f3313
SHA51275e00285f10f746c75e9fad245e30cbc7b9fc0770f3d1b5a97e017fd46c36a1ace393a727c6a27521b321edf677c178302b8864c998158b93c1f356426387455
-
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeFilesize
1.3MB
MD599ac2fe8dd2561fadf4b3be9d6be347e
SHA1c271fc2a0e89175c931aed7092fdcd595ff688ae
SHA256421a33f706eef83e84c3ea295514d2fa686de78a281cf75457a5c119ceb8055e
SHA5129f9406d508f883b6f62933367e2a6608c257794db3aecdd0b0df9b4c9f10258bec812b760ce90b1348332c4253bb0d292505595c3c8a6c5bc24a71ae15d3d534
-
C:\Windows\System32\alg.exeFilesize
1.3MB
MD5067e4cbdaf21a3591a4b62da8eb1588d
SHA1bf1cd6e90bd3cc3ac34db3f795887e8b3d80926b
SHA2568a2d2657a2bba0d80b9918746dd44b63506ab90b8a2c2f574f63b65646e884bf
SHA512f81a4664de952e80c8d577f4c0373c3a5d04e39db5f3b8c5aa4d6230b970df362e9491066376b900c1aefe796ce26d282d17ac84c7ce6baf07838a25063c179b
-
C:\Windows\System32\msdtc.exeFilesize
1.3MB
MD57a24821f3b55b364f759d932fb27d0b5
SHA1b72bbace313e37bcab5410c5e6ac67552d92a24b
SHA256b063d505d63c79468025b036692bb0f45ffd243640cfe153f0283f5ecaa0bf4b
SHA5129637f59c4c54115de90c30a378b5400c0735f2bc7aa45960286073b214c4b7542958f8a8c6668759cfcd28ab4472b79b7adc16da57c43d0b7adc009e4f47e601
-
C:\Windows\system32\AppVClient.exeFilesize
1.3MB
MD56a1f63b065035fb0864f6f27c66a9d35
SHA1e4d6d76736f41f57e1ab463be0d7c84fa5def119
SHA25631531efd66b07c16c801c6e99fedb1ba4a1839340fb955f44a4ef802be78ace2
SHA512d183403e8361e12e5da1303e119a94bcc9fe5eb176f23bd50d07d0d3e2b9875615f7c53d52528342e6276798008d0be02580b3ec6781892bdec508902590a829
-
memory/880-285-0x0000000140000000-0x00000001401EA000-memory.dmpFilesize
1.9MB
-
memory/2144-55-0x0000000000890000-0x00000000008F0000-memory.dmpFilesize
384KB
-
memory/2144-180-0x0000000140000000-0x0000000140245000-memory.dmpFilesize
2.3MB
-
memory/2144-63-0x0000000000890000-0x00000000008F0000-memory.dmpFilesize
384KB
-
memory/2144-54-0x0000000140000000-0x0000000140245000-memory.dmpFilesize
2.3MB
-
memory/2668-273-0x0000000140000000-0x00000001401F8000-memory.dmpFilesize
2.0MB
-
memory/3056-81-0x0000000140000000-0x000000014020E000-memory.dmpFilesize
2.1MB
-
memory/3056-211-0x0000000140000000-0x000000014020E000-memory.dmpFilesize
2.1MB
-
memory/3056-88-0x0000000000810000-0x0000000000870000-memory.dmpFilesize
384KB
-
memory/3152-7-0x00000000020C0000-0x0000000002120000-memory.dmpFilesize
384KB
-
memory/3152-29-0x0000000140000000-0x0000000140248000-memory.dmpFilesize
2.3MB
-
memory/3152-9-0x00000000020C0000-0x0000000002120000-memory.dmpFilesize
384KB
-
memory/3152-6-0x0000000140000000-0x0000000140248000-memory.dmpFilesize
2.3MB
-
memory/3152-0-0x00000000020C0000-0x0000000002120000-memory.dmpFilesize
384KB
-
memory/3172-41-0x00000000004C0000-0x0000000000520000-memory.dmpFilesize
384KB
-
memory/3172-50-0x0000000140000000-0x00000001401E8000-memory.dmpFilesize
1.9MB
-
memory/3172-47-0x00000000004C0000-0x0000000000520000-memory.dmpFilesize
384KB
-
memory/3876-22-0x00000000006F0000-0x0000000000750000-memory.dmpFilesize
384KB
-
memory/3876-100-0x0000000140000000-0x00000001401E9000-memory.dmpFilesize
1.9MB
-
memory/3876-13-0x0000000140000000-0x00000001401E9000-memory.dmpFilesize
1.9MB
-
memory/3876-14-0x00000000006F0000-0x0000000000750000-memory.dmpFilesize
384KB
-
memory/4284-72-0x0000000001A70000-0x0000000001AD0000-memory.dmpFilesize
384KB
-
memory/4284-66-0x0000000001A70000-0x0000000001AD0000-memory.dmpFilesize
384KB
-
memory/4284-76-0x0000000001A70000-0x0000000001AD0000-memory.dmpFilesize
384KB
-
memory/4284-78-0x0000000140000000-0x0000000140209000-memory.dmpFilesize
2.0MB
-
memory/4284-74-0x0000000140000000-0x0000000140209000-memory.dmpFilesize
2.0MB
-
memory/4328-258-0x0000000140000000-0x0000000140135000-memory.dmpFilesize
1.2MB
-
memory/4328-259-0x0000000000EB0000-0x0000000000F10000-memory.dmpFilesize
384KB
-
memory/4328-269-0x0000000140000000-0x0000000140135000-memory.dmpFilesize
1.2MB
-
memory/4520-116-0x0000000140000000-0x0000000140237000-memory.dmpFilesize
2.2MB
-
memory/4520-49-0x0000000140000000-0x0000000140237000-memory.dmpFilesize
2.2MB
-
memory/4520-51-0x0000000000810000-0x0000000000870000-memory.dmpFilesize
384KB
-
memory/4520-33-0x0000000000810000-0x0000000000870000-memory.dmpFilesize
384KB