Analysis
-
max time kernel
134s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
01-08-2024 13:13
Static task
static1
Behavioral task
behavioral1
Sample
809c47b646c7f09b3560feff503ff533_JaffaCakes118.exe
Resource
win7-20240705-en
General
-
Target
809c47b646c7f09b3560feff503ff533_JaffaCakes118.exe
-
Size
973KB
-
MD5
809c47b646c7f09b3560feff503ff533
-
SHA1
5071dd6e257fc7ea619fe7c1170ccd36fdadd6fe
-
SHA256
3ea1672072c73c71b4d43e7d2d7d269c678107ff7995e9cdcfc2ce6935bd6b91
-
SHA512
32581c486d94d5c69449eea047a7c002f9c2391e37096cd12df86a8a7c856d3c9648c47f0ad210d2f60c3e92c681ef16b7e8ce547d83c61f1031ed44af96cc9a
-
SSDEEP
12288:9FmcmPZ2FRHupoVy5mwUenTaQSQBfdV+FlLFb3cFb6qb3sc6kdHUTBfeoF9NZLek:LRH5ROG7bDe4opzyfffDfffF
Malware Config
Extracted
cybergate
v1.07.5
cyber
127.0.0.1:82
glider.no-ip.biz:82
21C55QTSN11T42
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
WinLogon
-
install_file
WinLogon.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
alomhack
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
809c47b646c7f09b3560feff503ff533_JaffaCakes118.exedescription pid process target process PID 1724 set thread context of 2352 1724 809c47b646c7f09b3560feff503ff533_JaffaCakes118.exe iexplore.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
809c47b646c7f09b3560feff503ff533_JaffaCakes118.exeIEXPLORE.EXEdescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 809c47b646c7f09b3560feff503ff533_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E7474701-5007-11EF-B6C3-72D3501DAA0F} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428679902" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2352 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2352 iexplore.exe 2352 iexplore.exe 1496 IEXPLORE.EXE 1496 IEXPLORE.EXE 1496 IEXPLORE.EXE 1496 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 19 IoCs
Processes:
809c47b646c7f09b3560feff503ff533_JaffaCakes118.exeiexplore.exedescription pid process target process PID 1724 wrote to memory of 2488 1724 809c47b646c7f09b3560feff503ff533_JaffaCakes118.exe iexplore.exe PID 1724 wrote to memory of 2488 1724 809c47b646c7f09b3560feff503ff533_JaffaCakes118.exe iexplore.exe PID 1724 wrote to memory of 2488 1724 809c47b646c7f09b3560feff503ff533_JaffaCakes118.exe iexplore.exe PID 1724 wrote to memory of 2488 1724 809c47b646c7f09b3560feff503ff533_JaffaCakes118.exe iexplore.exe PID 1724 wrote to memory of 2352 1724 809c47b646c7f09b3560feff503ff533_JaffaCakes118.exe iexplore.exe PID 1724 wrote to memory of 2352 1724 809c47b646c7f09b3560feff503ff533_JaffaCakes118.exe iexplore.exe PID 1724 wrote to memory of 2352 1724 809c47b646c7f09b3560feff503ff533_JaffaCakes118.exe iexplore.exe PID 1724 wrote to memory of 2352 1724 809c47b646c7f09b3560feff503ff533_JaffaCakes118.exe iexplore.exe PID 1724 wrote to memory of 2352 1724 809c47b646c7f09b3560feff503ff533_JaffaCakes118.exe iexplore.exe PID 1724 wrote to memory of 2352 1724 809c47b646c7f09b3560feff503ff533_JaffaCakes118.exe iexplore.exe PID 1724 wrote to memory of 2352 1724 809c47b646c7f09b3560feff503ff533_JaffaCakes118.exe iexplore.exe PID 1724 wrote to memory of 2352 1724 809c47b646c7f09b3560feff503ff533_JaffaCakes118.exe iexplore.exe PID 1724 wrote to memory of 2352 1724 809c47b646c7f09b3560feff503ff533_JaffaCakes118.exe iexplore.exe PID 1724 wrote to memory of 2352 1724 809c47b646c7f09b3560feff503ff533_JaffaCakes118.exe iexplore.exe PID 1724 wrote to memory of 2352 1724 809c47b646c7f09b3560feff503ff533_JaffaCakes118.exe iexplore.exe PID 2352 wrote to memory of 1496 2352 iexplore.exe IEXPLORE.EXE PID 2352 wrote to memory of 1496 2352 iexplore.exe IEXPLORE.EXE PID 2352 wrote to memory of 1496 2352 iexplore.exe IEXPLORE.EXE PID 2352 wrote to memory of 1496 2352 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\809c47b646c7f09b3560feff503ff533_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\809c47b646c7f09b3560feff503ff533_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD51213ed411eb613535bed1f8dc72b895a
SHA175dcb4821ede423e7b82c8dac8afe5a59a736b23
SHA2566382fb1fa1e54397354386ed5c6f9efe5a24f4d510d97ffc1aeb6e6fb78f2aba
SHA512c0ad6c8d5130835a41522cc9fc7cb5176dcd2592a8964bbf209c3fe70a1b703613f7b24f771e23667a3137574270f818f60d83df5c022791c0a26685177e2815
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5078b1bff9471e6db266bda2912a7ee07
SHA1897a806ad9b577dd3a073473036d0b3a59248c18
SHA25669f3610b8c3876cbe94c746632d0f9c812542c4d96196e9c08ae055d5ad5b0b8
SHA512b1bb5fde1c60f872e59472b21048eb3475b88487eb21a97e327cd82e2a12d9bdc0709b1b08a902288ec1494b0e5f4373abd7dd0978a5d4ac03758b8d23bb1d6f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD51422b80e64ff1b0cfd4e0af2e3515833
SHA1634af2f585604a6c2abd2adae70fc0db326e9f1f
SHA256635e90209b0c4472613536af2fde4cbcd42bbd9986be16f9608316919758a500
SHA512064c68b76241d821f9b3bb31ae5dbc84166cc02fff7731e78fa93b79a04a688048f1fb1c91b2b3481281f8b5d50a67e17f047923bfc69d49fcdb546bf811573a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD509393c9db65198474db0cca79aa1cca2
SHA120c8aafc4501bae302e5d6e16ee9f997fd85c63a
SHA25674037fff695d845db784edc4b0d70d423bcdafb7c8b632f4419837c063657005
SHA512a403bccc0f983c40dab9aff2eb9a33b14233ad5ca51f2f00c8ce8bdc77b88f5d67ce1808d3020174ea41a49d871b309e0349582a366814120e94f176f28b9ffe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5eaa5f3a2cd17a8a79c74b21d0644e058
SHA1198f35b8861f7ea0bc02e061bca8323df9e36154
SHA25654a8acbdfc65e5050ad3a786051ecb964518321dc3b965d5e523dc39148d51ff
SHA512f68eaa5468978f5923483dc215557107f4f3c6feeb110b2f8f74e3987300fbd2864dee3ba4f30dc1f83f05b2c5447287db2f5946fbb08d7a847efe810f1000d9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD527a18cc227c9548ba749ffd67603e76d
SHA1bd2662cad0f603fb68b560245f00f28c075e0649
SHA256020d38f20956b5bf82b713ca191d17587d98e393f10a5f87f1b7e2797a2db2a5
SHA5121918a976f29d7c5c4a411ce29fa7076503e77cf10687a13ffaf996d798c8d90fa8e469e5bf4cfff01dda4ab72991086e1294f703acd9d47ad574874a675a1e74
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD53fdd56a89d098f9f7b48d34cae7e03bc
SHA1fca1339d864486a428db3eb8af1b158140053e44
SHA256e5bc4d6471d48be2609104c030c075e878e1d675f41db33462c02ccee8b8b9bd
SHA5129ef718fa4cf79c11b8807f73f7c355010849c9a04dec966f6ddafb256256da6c0a95a6171f72503c5d845abae58b544042bbde9e64fa37c34a9cd927b6166b39
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD51b78c29500c07913e9d1b6d8eb49e8b6
SHA1003ad6e55de5f565028d041bbd8f4d526816fa73
SHA25672773c807a0588452752ea94031f6711b678baaf46cf0557856b0379052751dc
SHA5127cd9ad575e60948a8fcceb87fce0bb9ec071de17d4ceb28b55b2ff9534ce4177b4fa8611931ee9ab0af20a8487710596b96ca906e60c16e65a85ae56a5f94db2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD55f762fca1f8c9a22bb28cdb8423e8108
SHA1ac62cfef809ecd8ea86bc01e214834e21c3da020
SHA25691a13ffb56e8f2d21ba1c75d3e48d21f159afe7f301ae4cad3709fb96bd3c3c7
SHA512125a5523dbebb4aae40d85794475d92296838765f06ee80db597e4019049fcc148fe538e1ab4c54105dd8a93628a3acd30bf954afd0cf1e4aebcb72957ffe411
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD56662600bc857326ea1f7ecd0e7e1c594
SHA134a2b51a32aa2b19404c3996118ed08d5ebf3ec6
SHA256ad66c03ff2bf9c58f4a98182e7894923fdb337c7de36bcd0d2c38d61145a29c1
SHA512d25d9be359c2c82ab63d8239e6f4cdd2e13713d3c3f9e2e54f303d5e43232e44555c9d79fed5a831ca32ae87097784337000d39467a3cc6fac1dfae911da4373
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5e8a10359c29821c8f0ce128178a3677e
SHA1b7b7eec25472cd4ec3fd0eeac33402a5090bd287
SHA2565a2204e99394abca455f8b5c2fa4ab5d6ce9385e1c01c65078cb4b1b845b7151
SHA5128087582425f1b4688e272ea87b4e537d71a8d267d40cf3307834625c2a9c773cf73009dc5a3da6d48148429f4f8175e849315e5fb570891b72e0b10dd5cac0a3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD52b14d0d19fcff071f60afebeb0563cd6
SHA174380e39ae08618a03e24c4a21624b43ebb4c2de
SHA256937b93ba6db1ed7d23c5bce909a28ab9bcd94a2ede2f9b84fabb2302e8368f18
SHA51254ea5527194fbbef6a0c53d0f067d46542f1868e2a1032cb4eef34f4858d31ec5afc396a3d79953c25a9bb697a054e34f8d17aab060d3bf5fe2d0d0820d29503
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5db49dc6ccaaa6e866120f9067d653a39
SHA17a6cff3343179fc8f602c2a5d1c0d5b11a1a223c
SHA25618872cc55f3d0268ca500eb2e746170c840d99ae1da47e13217bd5f9358fdd22
SHA512222dfc61b92ab81fc5d273a66e8d2d499a7a0384604d552fe143292314abb0d8688d259ad6528c3c790734054e318d5256e43aeb9995e4ce167a42e9b6cfade8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD545d3206a388fb8694b338a0a299fa9e4
SHA11e03de8dabb08d66d155bb0532ac03b37c15075e
SHA256022027da2b53f98ab56ac8f0e0f60bcb565e6746fdcad73a2c86cd2f3a5844ca
SHA512989f3b934231eee7fe9f1851e060c5c98ce1484251972dff9542a8ff5f9dfe33f7ba2bec4bdeae382a340da266f29f06ec4f4c9fb6965c5b4481fc418f3d59d8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD51ad3001c5c7849c9563f14caa00d5de3
SHA1933b7d05e5461d705af64e05ae2a8a268adb7a62
SHA2567b2c8ebd64b5a17a1961835819bc4b93488f5944a17f97976e74da4f069505a8
SHA5128aff00435ad29c59d5a8922abc6ec53e266d6109392ca33c442e35c5710dae5abf8f1beaa14c79442ea1b45420ce11aad70588fa8692e339fe9a45d6cddc0884
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5fad357a0cefe595338b6c8082dc6f7a1
SHA10833a1b36f3cfc107599d1721d80dc2ef2355ec9
SHA256a83acee4fcadac99f3f5901c93dc3d238f5245820c27735d13a6586fec5305ee
SHA512c02bcab203fec000c903be3436de435d338e82bdc3d4fd2ca70ee072f040150195c9c550642adf7aa8c82a9a6ff535858555dd65b35364fc1f17e88bb8d917b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5397b51b2c05d0b1b869ba680f06e0fcb
SHA13af6ed6a16a9ceaae009f27aae5a044e93e73103
SHA25656ca7bce662bfa759ab112cb5a33d198463d38f3fc4ccec0158cf9ab3a1cbd10
SHA512e3d22f86c32d83bd42df0cff6489c11c6dcbb54e3a3f9ff346167d5190ad1d85217edd3047d563c8397c0b5620e85f9809dd381290a72feb51581fca58d4d412
-
C:\Users\Admin\AppData\Local\Temp\CabF3E2.tmpFilesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\Local\Temp\TarF454.tmpFilesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
memory/1724-4-0x0000000074BB0000-0x000000007515B000-memory.dmpFilesize
5.7MB
-
memory/1724-0-0x0000000074BB1000-0x0000000074BB2000-memory.dmpFilesize
4KB
-
memory/1724-1-0x0000000074BB0000-0x000000007515B000-memory.dmpFilesize
5.7MB
-
memory/1724-2-0x0000000074BB0000-0x000000007515B000-memory.dmpFilesize
5.7MB
-
memory/2352-3-0x0000000000400000-0x0000000000451000-memory.dmpFilesize
324KB