Overview
overview
7Static
static
3iLemon/lpk.dll
windows7-x64
7iLemon/lpk.dll
windows10-2004-x64
7iLemon/set...1].exe
windows7-x64
7iLemon/set...1].exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
31.3.1.1002...ar.exe
windows7-x64
61.3.1.1002...ar.exe
windows10-2004-x64
71.3.1.1002...ce.exe
windows7-x64
11.3.1.1002...ce.exe
windows10-2004-x64
11.3.1.1002...er.exe
windows7-x64
11.3.1.1002...er.exe
windows10-2004-x64
11.3.1.1002...64.exe
windows7-x64
11.3.1.1002...64.exe
windows10-2004-x64
11.3.1.1002...op.exe
windows7-x64
61.3.1.1002...op.exe
windows10-2004-x64
71.3.1.1002...te.exe
windows7-x64
11.3.1.1002...te.exe
windows10-2004-x64
1ShellExtHelper.dll
windows7-x64
7ShellExtHelper.dll
windows10-2004-x64
7ShellExtHelper64.dll
windows7-x64
7ShellExtHelper64.dll
windows10-2004-x64
7iLemon.exe
windows7-x64
6iLemon.exe
windows10-2004-x64
6Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
15-06-2024 06:58
Static task
static1
Behavioral task
behavioral1
Sample
iLemon/lpk.dll
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
iLemon/lpk.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
iLemon/setup_1.3.1.1002_qd[1].exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
iLemon/setup_1.3.1.1002_qd[1].exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsisdl.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsisdl.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
1.3.1.1002/LemonCalendar.exe
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
1.3.1.1002/LemonCalendar.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
1.3.1.1002/LemonService.exe
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
1.3.1.1002/LemonService.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
1.3.1.1002/RunningHelper.exe
Resource
win7-20240611-en
Behavioral task
behavioral20
Sample
1.3.1.1002/RunningHelper.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral21
Sample
1.3.1.1002/RunningHelper64.exe
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
1.3.1.1002/RunningHelper64.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
1.3.1.1002/SmartDesktop.exe
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
1.3.1.1002/SmartDesktop.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
1.3.1.1002/SmartNote.exe
Resource
win7-20240611-en
Behavioral task
behavioral26
Sample
1.3.1.1002/SmartNote.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
ShellExtHelper.dll
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
ShellExtHelper.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
ShellExtHelper64.dll
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
ShellExtHelper64.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
iLemon.exe
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
iLemon.exe
Resource
win10v2004-20240611-en
General
-
Target
1.3.1.1002/SmartDesktop.exe
-
Size
2.4MB
-
MD5
7cada09f584b144683e6608ce2a6b6ed
-
SHA1
1f5de69c90d1344482dd4fd2f8e32da480eed783
-
SHA256
fe01e629e25da5b03294dc0dfa6c3ba1a11321268715d7fa4d108eb31db06aa9
-
SHA512
7e7e91bca2b08831c9dcecc4048282cd823ab2211345ed037f36c4d4400986d583cb8d61a85e14a423548ca000a5df1b666be1ac40b83a87120474362e70a2f4
-
SSDEEP
49152:vSWBLrXko7z2Qc7fcWOg+FYty/8trbI+qqQHTrFYvSHjHHl3:vS6LzkWz2QYV+FYAkXz8cujH5
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
SmartDesktop.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation SmartDesktop.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
SmartDesktop.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\柠檬桌面 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\iLemon.exe\" /from=autorun" SmartDesktop.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
SmartDesktop.exeRunningHelper.exedescription ioc process File opened for modification \??\PhysicalDrive0 SmartDesktop.exe File opened for modification \??\PhysicalDrive0 RunningHelper.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
SmartDesktop.exepid process 1440 SmartDesktop.exe 1440 SmartDesktop.exe 1440 SmartDesktop.exe 1440 SmartDesktop.exe -
Suspicious use of FindShellTrayWindow 5 IoCs
Processes:
SmartDesktop.exeRunningHelper64.exepid process 1440 SmartDesktop.exe 1440 SmartDesktop.exe 1440 SmartDesktop.exe 1440 SmartDesktop.exe 2724 RunningHelper64.exe -
Suspicious use of SendNotifyMessage 4 IoCs
Processes:
SmartDesktop.exepid process 1440 SmartDesktop.exe 1440 SmartDesktop.exe 1440 SmartDesktop.exe 1440 SmartDesktop.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
RunningHelper64.exeRunningHelper.exepid process 2724 RunningHelper64.exe 1160 RunningHelper.exe 1160 RunningHelper.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
SmartDesktop.exedescription pid process target process PID 1440 wrote to memory of 2724 1440 SmartDesktop.exe RunningHelper64.exe PID 1440 wrote to memory of 2724 1440 SmartDesktop.exe RunningHelper64.exe PID 1440 wrote to memory of 1160 1440 SmartDesktop.exe RunningHelper.exe PID 1440 wrote to memory of 1160 1440 SmartDesktop.exe RunningHelper.exe PID 1440 wrote to memory of 1160 1440 SmartDesktop.exe RunningHelper.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1.3.1.1002\SmartDesktop.exe"C:\Users\Admin\AppData\Local\Temp\1.3.1.1002\SmartDesktop.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1.3.1.1002\RunningHelper64.exe"C:\Users\Admin\AppData\Local\Temp\1.3.1.1002\RunningHelper64.exe" /dll_launch=Install2⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\1.3.1.1002\RunningHelper.exe"C:\Users\Admin\AppData\Local\Temp\1.3.1.1002\RunningHelper.exe" /active_dr2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\VirtualDesktop\Internet Explorer.lnkFilesize
1KB
MD55454d6793d2f975f9dc1574f1b0864c2
SHA1a907ec1dc48985e5b3f684ab6361d9647cea694c
SHA256c79f00cc36e1bae146ce9b2c6c5ff7ec5cc42b861797b2ab0d5d9331f14dd1ed
SHA512928d6f163a2563c4a403164371ceca40994bd81b363921f4b8adfd5a8ba1b5456f83c2a448d4f2e9cc21de74fe48b1bcde1cf49fef8f550bf9b0e76680fafeb4
-
C:\Users\Admin\AppData\Roaming\SmartDesktopData\UserData\SDConfig.iniFilesize
256B
MD5d69c5f20196477008ba293e2979dcabd
SHA1ac8617d57d8b8c4972608da1b6539ab2bddcc02e
SHA256a8279f4d967b5ba590637a02ff15b36b2ff370268162715ca4cf121e8eb683cb
SHA512246090ba5808ffd9795c840f76f72647f0974ece30ecdf6629e8c6625871641e593c07358d35fa9cbdbd7e417eac4e01f0f2c57dde0e3e1d5876bced15a2f1f5
-
C:\Users\Admin\AppData\Roaming\SmartDesktopData\UserData\SDConfig.iniFilesize
276B
MD5137ee0849608a2c07b373b10695b3721
SHA19fe26b308066cce6380023e9d0f0eb898d97af62
SHA256dee9691327dc0f287cb77aa83f96280e4a31d7ef90f565897467abc3023b163a
SHA512da69a7f69f35431a305ebcda2ca7a1d95e459435d96b76bb4b25f0b2403da78f4ac8a3f948be503eb79a89808761f89b2015a16de1fa57eb5eb42fc53e9b53d1
-
C:\Users\Admin\AppData\Roaming\SmartDesktopData\UserData\SDConfig.iniFilesize
70B
MD5174265a58374b8543d443cbba004e513
SHA110052cb2c83a2548b69cb84f6a5439b473fed81e
SHA2562bf1e2bb677ac9ae1236c3f633f7b959601fa9edcadc184202339fd3910fafab
SHA5126113ae509de975ba69d27db772acaff836df2702fe8eeb4e9755c847b2dab6752fef5c2fd6ec0e93bef69c041ae167cf91a19b20f8be5d9a81e4427719e665d6
-
C:\Users\Admin\AppData\Roaming\SmartDesktopData\UserData\SDConfig.iniFilesize
309B
MD56f4dac83de8dcd929d687888aa099b68
SHA11264e430b3f4832a8ce082cac7ec4650648e57b4
SHA2567e783161abfe5fcb30a430c0cecf64d3c00874954ba0e0979b4c7e46c880dc12
SHA5120a3c407c589b582a61c47b81743c58fc1f89966e1ec95aacae61c7464374916e3b3c7f925c7914fa4844a90b6897084e57652aecc0e1b5460afa1ef466475617
-
C:\Users\Admin\AppData\Roaming\SmartDesktopData\UserData\SDConfig.iniFilesize
70B
MD5e0356f1d3a3da4f00baa4c6e68c9c8b6
SHA179397120a80116b6ab156e0669f001bb16d67b43
SHA2566f0aa5985413c8de6f0284aa8b5bca30a8a5dc12a98caba5d11e20075f000fb5
SHA512238ea77e36e6a1e5ba0510b3f7837148d768cda33fd8af1431725ab2e1dab3a973fd943a2b87b97ef28e2e3c9e18d2085ebbf7fa1f788424c79cb21554541f94
-
C:\Users\Admin\AppData\Roaming\SmartDesktopData\UserData\SDConfig.iniFilesize
158B
MD57891eb8bdd9283bd91ec14164bfda694
SHA12a0bed9fe4c14f686403cb3c926e62be42d9b528
SHA2562aa641ce12287d49431fca31e06cd64cc3c596db1104f999a1186952e6ae29a3
SHA512a9aaba8d0de04597472bc286f5df90528e87e462fe066da8208eb7e335bdf5cbcbb04d1b60f538e0a62cd7d0689f46e4ea85b21b98ce2d6a396ed3c64bbb91a3
-
C:\Users\Admin\AppData\Roaming\SmartDesktopData\UserData\SDConfig.iniFilesize
70B
MD5d4cb6152a39e52256a676dfe5fb9a2b4
SHA12202dbdf0c6d4beba22ad2bc5b39ecb1630e5f0d
SHA25636e189ab0a5fb4cedef2f0bbff3e93b52d39d5bfcec6dc2c3324f2fabc1b0236
SHA512b60b9d291d9a705c19be87c5d1d715689ba95a95a938a932272e7342639c7bede1193d07a9fd9f559d42020f7a80b48f05a6659d482524c14cd33d360c3a397b
-
C:\Users\Admin\AppData\Roaming\SmartDesktopData\UserData\SDData.sdd.bkFilesize
15KB
MD547a40f4fdf8ab4daa2fb450aab3ff92a
SHA1804de7e3eefaa02c8deeb67e526995e557767ecb
SHA256afe50e2a6e3f625fd62c5489320c430d501335864468a0623511fd0f5934a1a2
SHA512bd5a44eb9407411624c2ba2c1cb24c6ce245f8e3a8864d2db80fc70d8cbe312f3d1753b448d52b2d7ac93bc87793a692914ac6f2df8f44f328db0051e7c8d815
-
memory/1440-111-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-142-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-79-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-80-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-81-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-82-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-83-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-84-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-85-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-86-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-87-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-89-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-88-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-91-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-92-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-90-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-93-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-94-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-95-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-96-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-97-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-98-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-100-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-103-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-101-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-109-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-102-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-105-0x0000000006460000-0x0000000006470000-memory.dmpFilesize
64KB
-
memory/1440-104-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-106-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-107-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-108-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-110-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-77-0x0000000004840000-0x0000000004850000-memory.dmpFilesize
64KB
-
memory/1440-117-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-116-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-115-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-114-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-239-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-78-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-99-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-118-0x0000000004840000-0x0000000004850000-memory.dmpFilesize
64KB
-
memory/1440-119-0x0000000004840000-0x0000000004850000-memory.dmpFilesize
64KB
-
memory/1440-120-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-123-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-121-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-122-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-124-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-126-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-125-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-128-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-127-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-130-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-129-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-134-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-133-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-132-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-131-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-135-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-136-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-140-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-139-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-138-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-137-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-141-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-112-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-143-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-144-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-147-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-76-0x0000000004840000-0x0000000004850000-memory.dmpFilesize
64KB
-
memory/1440-146-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-145-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-156-0x0000000000010000-0x0000000000011000-memory.dmpFilesize
4KB
-
memory/1440-113-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB
-
memory/1440-240-0x0000000004CF0000-0x0000000004D00000-memory.dmpFilesize
64KB
-
memory/1440-241-0x0000000006460000-0x0000000006470000-memory.dmpFilesize
64KB
-
memory/1440-242-0x0000000006300000-0x0000000006310000-memory.dmpFilesize
64KB