Analysis
-
max time kernel
300s -
max time network
299s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
26-07-2024 20:47
General
-
Target
https://drive.google.com/uc?export=download&id=1QVI63ArfihxtfwdVMVpsmqrCQsWenhpm
Score
10/10
Malware Config
Signatures
-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
PureLog Stealer
PureLog Stealer is an infostealer written in C#.
-
PureLog Stealer payload 2 IoCs
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 9 IoCs
-
Suspicious use of FindShellTrayWindow 35 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/uc?export=download&id=1QVI63ArfihxtfwdVMVpsmqrCQsWenhpm1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4da246f8,0x7ffe4da24708,0x7ffe4da247182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,8456576975907239998,8373625530480134805,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,8456576975907239998,8373625530480134805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,8456576975907239998,8373625530480134805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8456576975907239998,8373625530480134805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8456576975907239998,8373625530480134805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2216,8456576975907239998,8373625530480134805,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4960 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8456576975907239998,8373625530480134805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8456576975907239998,8373625530480134805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8456576975907239998,8373625530480134805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2216,8456576975907239998,8373625530480134805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,8456576975907239998,8373625530480134805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,8456576975907239998,8373625530480134805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8456576975907239998,8373625530480134805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8456576975907239998,8373625530480134805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,8456576975907239998,8373625530480134805,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5000 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\INGENILITGIDOCPF20240708\" -spe -an -ai#7zMap30820:110:7zEvent921⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" h -scrcSHA256 -i#7zMap27225:160:7zEvent261361⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\INGENILITGIDOCPF20240708\INGENILITGIDOCPF20240708.exe"C:\Users\Admin\Downloads\INGENILITGIDOCPF20240708\INGENILITGIDOCPF20240708.exe"1⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"2⤵
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD575c9f57baeefeecd6c184627de951c1e
SHA152e0468e13cbfc9f15fc62cc27ce14367a996cff
SHA256648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f
SHA512c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD510fa19df148444a77ceec60cabd2ce21
SHA1685b599c497668166ede4945d8885d204fd8d70f
SHA256c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b
SHA5123518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
512B
MD57fdad087342d16515ba2695f9f158012
SHA15c902e75ef9b8b3afac0ad943c655c5723b53379
SHA2564c96a961880fc58b2e37802beb59f4cb5b648fc2c61c5eff5f53bc6b210cf587
SHA512629dbdb6ad0dbda252bfc10a6133ddba82bdaf6a48d34359d8812cf399778ff906fa254bc5e8e2e0827c562488345f8db6f6d50901707175829d046a9c0828d4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5e0550f05fe193fbc38d40e744ff14e6e
SHA16cbc5d3ecdd62b76e27cd7418cbd81038a543731
SHA2567125e1dcc1b61e6181c547f3a65c44f1f6ba539adcf2f5b941d10c340a6cde5e
SHA512759c254fa47bf6183a1c66107bc1f33e2fdd6461a86a822d391a5c2dec68c2e1e5cb0726eb1b10443cea5f3e5a16c5d466c52db323fc922727395605dc6206b4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5cff0f2b5c7243e85600f31dab39612ad
SHA1277398ac6d6107938c1a372a2a6b93ba1d874f6e
SHA256ec17af7e4eb2a5a4d1a744ff839286ada7aa5a56128404303afd6641751459e1
SHA512575f1d958110899979bd7011d2d4aaace00e0ec3e906c63f2a7b765217b8ab5409e54ed72819c4d99af0d0bd4c2389c9a5fb9764e78a0f2924d4d5d12871cd0e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5d14f92c9a7265849262c500edbd6e873
SHA1502be0fbd76480af9ee9593df51a15528b9c3397
SHA2561dda3b3f2860663b03a171dba429e96f24cf1d847ff57450c3e6bc1173246651
SHA51264be8ab98403129adbe2cfed441c6b18d69b37fb3b3d2b4f946785802bc631c79fc0bc80d7e86959396b6acd1592e9cdc48fad1fbb53848880dc1655a4221f4f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5eda59495b4c87e1dcecd3e9cd84b4b7b
SHA16e8a0b9b78f1f064f4cbba7b3cdfcb2c33d93510
SHA2568c20a30ad4f0497d2188e4d369a40f5aace943ddae9af242b2937fc9c74ee66d
SHA5123239895f51ceee3044f6a42f18eab96a5abfa14438af9f189e3f5671690732d91c15df0d0af344588e6678317088475772ea8ddbe29e39fd4683b5b9c04e476d
-
C:\Users\Admin\Downloads\INGENILITGIDOCPF20240708\INGENILITGIDOCPF20240708.exeFilesize
1.6MB
MD5dabc58308bf504ec316bb4ef140727d1
SHA18c7a865cf3a05eed058b603f39c30bd2cd40d87a
SHA2566752d162661ef014090b86dd74ebc7ab8af03abbeace36e30f987c961614577c
SHA512ce478db8dc6011bf57135a497a004a5bbf5e4e2e39f084113de450d1a29d105d6d06c00c0026971b7714db7a2045e38620263fd25ee673581d612335de99345c
-
C:\Users\Admin\Downloads\Unconfirmed 987824.crdownloadFilesize
1.6MB
MD58d602b93a4f33ba5a4f93a1f5aae4339
SHA175b9b53367721c5aafd6cafc02024df1c72e4706
SHA256cae198d4d1cb00937deb60eba183408ba36150f73ff24e96af78a2a03d19d8e9
SHA5122f0de6e811e30a94789b3a610632a633576147c8f565cd16b38f7a0130347871dadff531502d449b4ba5766bce4e4a46dffd4ceb30357c4d14702d86f864bdde
-
\??\pipe\LOCAL\crashpad_1508_WSARBHHSSXAKYCMVMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2280-5017-0x0000000000400000-0x000000000041A000-memory.dmpFilesize
104KB
-
memory/5816-155-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-139-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-103-0x00000000052A0000-0x00000000054C2000-memory.dmpFilesize
2.1MB
-
memory/5816-104-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-107-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-121-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-135-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-143-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-141-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-153-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-163-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-161-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-159-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-157-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-101-0x0000000000570000-0x000000000070E000-memory.dmpFilesize
1.6MB
-
memory/5816-151-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-149-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-147-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-145-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-102-0x0000000005010000-0x000000000519E000-memory.dmpFilesize
1.6MB
-
memory/5816-137-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-133-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-132-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-127-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-125-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-123-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-129-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-119-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-117-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-113-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-111-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-115-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-109-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-105-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-165-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-167-0x00000000052A0000-0x00000000054BC000-memory.dmpFilesize
2.1MB
-
memory/5816-4997-0x0000000005210000-0x0000000005270000-memory.dmpFilesize
384KB
-
memory/5816-4998-0x0000000005710000-0x000000000575C000-memory.dmpFilesize
304KB
-
memory/5816-5012-0x0000000006120000-0x00000000066C4000-memory.dmpFilesize
5.6MB
-
memory/5816-5013-0x0000000000DB0000-0x0000000000E04000-memory.dmpFilesize
336KB