Overview
overview
7Static
static
3iLemon/lpk.dll
windows7-x64
7iLemon/lpk.dll
windows10-2004-x64
7iLemon/set...1].exe
windows7-x64
7iLemon/set...1].exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
31.3.1.1002...ar.exe
windows7-x64
61.3.1.1002...ar.exe
windows10-2004-x64
71.3.1.1002...ce.exe
windows7-x64
11.3.1.1002...ce.exe
windows10-2004-x64
11.3.1.1002...er.exe
windows7-x64
11.3.1.1002...er.exe
windows10-2004-x64
11.3.1.1002...64.exe
windows7-x64
11.3.1.1002...64.exe
windows10-2004-x64
11.3.1.1002...op.exe
windows7-x64
61.3.1.1002...op.exe
windows10-2004-x64
71.3.1.1002...te.exe
windows7-x64
11.3.1.1002...te.exe
windows10-2004-x64
1ShellExtHelper.dll
windows7-x64
7ShellExtHelper.dll
windows10-2004-x64
7ShellExtHelper64.dll
windows7-x64
7ShellExtHelper64.dll
windows10-2004-x64
7iLemon.exe
windows7-x64
6iLemon.exe
windows10-2004-x64
6Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
15-06-2024 06:58
Static task
static1
Behavioral task
behavioral1
Sample
iLemon/lpk.dll
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
iLemon/lpk.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
iLemon/setup_1.3.1.1002_qd[1].exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
iLemon/setup_1.3.1.1002_qd[1].exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsisdl.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsisdl.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
1.3.1.1002/LemonCalendar.exe
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
1.3.1.1002/LemonCalendar.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
1.3.1.1002/LemonService.exe
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
1.3.1.1002/LemonService.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
1.3.1.1002/RunningHelper.exe
Resource
win7-20240611-en
Behavioral task
behavioral20
Sample
1.3.1.1002/RunningHelper.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral21
Sample
1.3.1.1002/RunningHelper64.exe
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
1.3.1.1002/RunningHelper64.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
1.3.1.1002/SmartDesktop.exe
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
1.3.1.1002/SmartDesktop.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
1.3.1.1002/SmartNote.exe
Resource
win7-20240611-en
Behavioral task
behavioral26
Sample
1.3.1.1002/SmartNote.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
ShellExtHelper.dll
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
ShellExtHelper.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
ShellExtHelper64.dll
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
ShellExtHelper64.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
iLemon.exe
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
iLemon.exe
Resource
win10v2004-20240611-en
General
-
Target
iLemon.exe
-
Size
305KB
-
MD5
cb4fc7cd332339c73421ce5a1163352a
-
SHA1
70b9f301e373f470ab2d58c977772f66f5351359
-
SHA256
aa6eb4ba58ab9b26cd862342de710f2467a189601e3110fc9a74ff1b0c9c9d88
-
SHA512
9ee07af325211368cd87686d46f88b824d2ba3ea7ca8d6298a10ba2a975815007d9d4c4920ac9a50ed720af30bb4f3d3c8c221d99562144ffd0aca27883ff659
-
SSDEEP
3072:Jymvab01AuZJV+3FirTRYd7N0du0tOi45A7Jxbdzx8uj2cYkKHQvC0zI1ZN7nkxh:JyXES4TRdu0tLr2tk/vC0oX7UoFHSV
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
SmartDesktop.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\柠檬桌面 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\iLemon.exe\" /from=autorun" SmartDesktop.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
SmartDesktop.exeRunningHelper.exedescription ioc process File opened for modification \??\PhysicalDrive0 SmartDesktop.exe File opened for modification \??\PhysicalDrive0 RunningHelper.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
iLemon.exeSmartDesktop.exepid process 3008 iLemon.exe 3008 iLemon.exe 1588 SmartDesktop.exe 1588 SmartDesktop.exe -
Suspicious use of FindShellTrayWindow 5 IoCs
Processes:
SmartDesktop.exeRunningHelper64.exepid process 1588 SmartDesktop.exe 1588 SmartDesktop.exe 1588 SmartDesktop.exe 1588 SmartDesktop.exe 4536 RunningHelper64.exe -
Suspicious use of SendNotifyMessage 4 IoCs
Processes:
SmartDesktop.exepid process 1588 SmartDesktop.exe 1588 SmartDesktop.exe 1588 SmartDesktop.exe 1588 SmartDesktop.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
RunningHelper64.exeRunningHelper.exepid process 4536 RunningHelper64.exe 2236 RunningHelper.exe 2236 RunningHelper.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
SmartDesktop.exedescription pid process target process PID 1588 wrote to memory of 4536 1588 SmartDesktop.exe RunningHelper64.exe PID 1588 wrote to memory of 4536 1588 SmartDesktop.exe RunningHelper64.exe PID 1588 wrote to memory of 2236 1588 SmartDesktop.exe RunningHelper.exe PID 1588 wrote to memory of 2236 1588 SmartDesktop.exe RunningHelper.exe PID 1588 wrote to memory of 2236 1588 SmartDesktop.exe RunningHelper.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\iLemon.exe"C:\Users\Admin\AppData\Local\Temp\iLemon.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\1.3.1.1002\SmartDesktop.exe"C:\Users\Admin\AppData\Local\Temp\1.3.1.1002\SmartDesktop.exe" /parent=explorer.exe1⤵
- Adds Run key to start application
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1.3.1.1002\RunningHelper64.exe"C:\Users\Admin\AppData\Local\Temp\1.3.1.1002\RunningHelper64.exe" /dll_launch=Install2⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\1.3.1.1002\RunningHelper.exe"C:\Users\Admin\AppData\Local\Temp\1.3.1.1002\RunningHelper.exe" /active_dr2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\VirtualDesktop\Internet Explorer.lnkFilesize
1KB
MD5b5db223b5e2278d99349cda4fd2716a9
SHA191dbf0576bdb5ae80ffed55b99c5e3d03172e4c8
SHA25666f304b8648bc66ccec9d398f152c64dfa8d58b066528293706940424ed8a892
SHA512f3c15262231cd95e704364aeb9daf72ef931ca49bf0b04875845e20e78eb8522e6bdcc904969b4a10ccf822179a1bfc03e43be35a82e919a339e74b43b5e05ff
-
C:\Users\Admin\AppData\Roaming\SmartDesktopData\UserData\SDConfig.iniFilesize
256B
MD561a928f23370956cc76488ec5b9e5c62
SHA11a6800d9050fb0667b44f4ce674fd600dee7d332
SHA256c21ae97af2b5bedd6f524366c85566aa731c74a193a7bd4e00eaf63d0af73acb
SHA512c3bda95577efb54657ab5281a959bfcd65f4865763462db85582289bdc38bc50c8cbb7e26d875e7435c80b05b8e970ab3a43eb3c92c4d78f75b805a60031da97
-
C:\Users\Admin\AppData\Roaming\SmartDesktopData\UserData\SDConfig.iniFilesize
276B
MD5d5b500eb314a9c8d20c8f760e45a2dab
SHA16d31afa36d1947652f3340c7f1424c19215ca553
SHA256f678ca2043f8d77c617a3329c8b368545495c9f2a9c3146e8822d551f3a3af7d
SHA5123ef78a2d2f951c916936631ef3332e099396d6be1bef77eab5168d0de82ae1ce9edb3a7cc5ddf929b8c07af02c4ed804ea6511edc6249195a51523261c6c9c88
-
C:\Users\Admin\AppData\Roaming\SmartDesktopData\UserData\SDConfig.iniFilesize
309B
MD5f60f63c75d94827cf56e1e58d0e672ce
SHA191c1216a85beb2f3cf7dd282c5b8ef9abec6bd90
SHA256202adbe61dffc87919269eaf1dfc9f3bfcd24f8dbea87b38e084dd4c7223cc0a
SHA51288cfb2169b7221e20f7c2d990217abf932dfcc4d95d5ab101b6fd37e1a99da41e7c93365b10caa8bff0bbecae01e9a149526b62aa35ce0fa6e6233ba5319bcae
-
C:\Users\Admin\AppData\Roaming\SmartDesktopData\UserData\SDConfig.iniFilesize
70B
MD532131487bbe45d43f1ac008ef87e3a75
SHA12d381b18cebdaa55b59444c7a2df5afad048a2b2
SHA256f24aad5fa94f861cdc02296d20134111578a218b8c5d1c5a8a2e20c1e9ae77f8
SHA512a069076db8ab179d7e1b3a5ce5552971dc3949a77f3c238f5b05bfb69ac4f85f950b0a67fa08ae8f68e83202484bfb058e0856c17dfdce512ca8ac790c041095
-
C:\Users\Admin\AppData\Roaming\SmartDesktopData\UserData\SDConfig.iniFilesize
70B
MD5d4cb6152a39e52256a676dfe5fb9a2b4
SHA12202dbdf0c6d4beba22ad2bc5b39ecb1630e5f0d
SHA25636e189ab0a5fb4cedef2f0bbff3e93b52d39d5bfcec6dc2c3324f2fabc1b0236
SHA512b60b9d291d9a705c19be87c5d1d715689ba95a95a938a932272e7342639c7bede1193d07a9fd9f559d42020f7a80b48f05a6659d482524c14cd33d360c3a397b
-
C:\Users\Admin\AppData\Roaming\SmartDesktopData\UserData\SDConfig.iniFilesize
96B
MD5f17ad7bed7dc75bb1bf2554d93eb3805
SHA19a9716df7efc4b3fbaf361e53b75126deaa7a613
SHA256a16922501281c17e02671aaef2c156e5b3da6df2eff110fec974a3973d2156da
SHA512e0e8ad4ae5db0031dd1751ed19cf29f66637bc04e452daf5c7609727c684371cc1c2916d86cf833c50552924c6e475858b87a74ea14c727801a40a38b7ab43ca
-
C:\Users\Admin\AppData\Roaming\SmartDesktopData\UserData\SDConfig.iniFilesize
158B
MD56c8180b9686de5e0a9164a1abdf03119
SHA192514cfe0285b0746156bd4745e8ab1f50057440
SHA25619926a716b098112cbb881f19995bcf2a563752fc6e2ad0c2c29b2dc63b5a381
SHA5123cdc4d03d46f87cb029c08adee2450fb6b32393877c640001517252334ccde6712e5febcc03c118529f22eab53ef03896de3d4da19a1a721629a9b76ddcd0c07
-
C:\Users\Admin\AppData\Roaming\SmartDesktopData\UserData\SDData.sddFilesize
15KB
MD5c34e7a6742f3a197486c654925a3046d
SHA15d8e96b3d5928445b58d4b9391ee55e904482c37
SHA256b7c20fb77f02ab366f244b50682c8086d2b1e79655ac8a3748f3ed57822ba503
SHA512f5558de163df772c0c0abb1623fabd9ab9709b1f04d80fb9ba758367a51d8ed41cc7e9ddd42f3d4887fef0185eab1c81408fce7a525e35b7167fbceecc4612e5
-
memory/1588-116-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-148-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-82-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-83-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-84-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-85-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-86-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-87-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-88-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-89-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-90-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-92-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-91-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-94-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-95-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-93-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-96-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-97-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-98-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-99-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-100-0x0000000002FD0000-0x0000000002FE0000-memory.dmpFilesize
64KB
-
memory/1588-101-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-102-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-103-0x0000000002FE0000-0x0000000002FF0000-memory.dmpFilesize
64KB
-
memory/1588-104-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-105-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-109-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-108-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-107-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-106-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-111-0x0000000002FE0000-0x0000000002FF0000-memory.dmpFilesize
64KB
-
memory/1588-110-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-112-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-113-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-114-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-80-0x0000000000B40000-0x0000000000B50000-memory.dmpFilesize
64KB
-
memory/1588-117-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-123-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-119-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-81-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-122-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-124-0x0000000000B40000-0x0000000000B50000-memory.dmpFilesize
64KB
-
memory/1588-120-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-118-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-125-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-115-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-126-0x0000000000B40000-0x0000000000B50000-memory.dmpFilesize
64KB
-
memory/1588-127-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-128-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-129-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-131-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-138-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-141-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-140-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-139-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-137-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-136-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-135-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-134-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-133-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-132-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-130-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-142-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-143-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-146-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-147-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-145-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-144-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-121-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-150-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-149-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-151-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-152-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-79-0x0000000000B40000-0x0000000000B50000-memory.dmpFilesize
64KB
-
memory/1588-153-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-154-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB
-
memory/1588-163-0x0000000000010000-0x0000000000011000-memory.dmpFilesize
4KB
-
memory/1588-244-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-245-0x0000000000C70000-0x0000000000C80000-memory.dmpFilesize
64KB
-
memory/1588-247-0x0000000002F80000-0x0000000002F90000-memory.dmpFilesize
64KB