Analysis
-
max time kernel
44s -
max time network
37s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
29-06-2024 22:44
General
-
Target
Wave Goodbye.exe
-
Size
6.0MB
-
MD5
b67c09157b260b02037a716d28d7c34f
-
SHA1
a6da5549351e78fda395b5381dcf9e14240390fd
-
SHA256
ceb6a0b8e1c27c75155ab28b9283fe488ae5daca15b0cc58ebfc009200c8e824
-
SHA512
61cc65311af74f83ea950ef54661a5421df67026f7760e257ae3701b3b339f554ac1b42a63f2adafe142ad71a81c545b6749aac0a4f5c78eccd90d072fb7bbad
-
SSDEEP
98304:dHx3rQ9UT/cnDEuzHEAtpW1pAT0WaDMyaATQKC2witrFr9vQVN9x3gHWdFISYft4:73rpbcnDEuzkAtpWzATIaAEHVYJJmN/P
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Drops file in Drivers directory 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer 11 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 56 IoCs
-
Modifies system certificate store 2 TTPs 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Wave Goodbye.exe"C:\Users\Admin\AppData\Local\Temp\Wave Goodbye.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Drops file in Drivers directory
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/6NNYUEXAR22⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCCFilesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCCFilesize
252B
MD54cbb8c06089fbe849b01c684b8c11ccc
SHA19be5393715beb127427d63779f7298f05d147c38
SHA256d034aafede4d3abd127a00042fff47005a2e67f5d854382e36c9c7bec7a159a8
SHA512ce5a0397ca71c4bf4fbf11d14d000421519d47837a905417ab6c08dc0e3daa9c584c47380a602ab6b7739225217cbd0b9fd867b592ebf7518fd404e58d409b4b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5d3db0b3779b5de6e420c39a8df4ebebc
SHA1bdfa36c1710b498d68ccc2bbbbfdee9e01651914
SHA25633aa406386d76a887c102ad74dde530ab2d7361e07a8de974002d9ed764b423c
SHA51263d568737b21afba6bd3860af784e9acbb7a96f8fdc31c580d371d254a73fd8a807325f4f2026786c086aded3bda173e7c9a7db175de40351b643a46b3a6e52e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD52d3dadcf0444229949b7974d2b7d7367
SHA1d3b201972ab6cef8ffac46ca1e88c9b47dae84a9
SHA256b130076274fab7707fa75efeb3033152f062401f3d2567f25db5f63787ba2901
SHA512cb62adc63536d768f9080b3dc952361e62ba65b4ac3ca0cea76805b8d71c07eea227c6ef1829c16300036c14cd631ce51c5e0abe321cfc3da56f29857b78e42d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD56586283049f230fed641312b513c32c2
SHA12bac38e3f8d8e1a3aeba77b1f4087718f6dce9c9
SHA256ca996165f33b198da3aabf1ea47681cb70a69b8ae4309e3b55731beff3449526
SHA51213b0812142561672524e2b9aba7e1a5db125fe3534b65e385843ffdd6ad8e49b5db43662e4bdea18c214a5eadaa0fe65ba49e030e77e6c5d02d759ae22be90cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5e1213688fd1571c7ac326abbbecc39be
SHA1441efab9a5d4b13bd56b0464ca5bbe51d7a20854
SHA256a2f62de96a39a67a19c47d32e3b6f5ab8934e214c720bfd23a115156b81d0650
SHA51221fe7897e6a2d05e490c4270bc75c15901ea74bc9fb06b68cb054f4a1871bc41b0bfdb7bfd16b46a6ba8ec26f972195b84799c4013f0c6b58daf57a43defe978
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5d2aa9468856227d253250faa91d21814
SHA11663f896f62f94a0afdd15e61179a65f13e61a45
SHA2564496ca29cb3be68984246a74c3d22628533fee5dc5935e13129ab8455be150de
SHA51243652953f51b8d2303a4e5a05f98afa08b9fc7f7b6f8bbd5a920650d5018038940487ee0a01f4bb2bfcabab27b1018bd267c3d13773cb7892a834db5d08add4a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5bcbec8c624adf0f934cc1c55866c9ebb
SHA1f6e64f83e75c2f07aee08e6d304ffc744068ae31
SHA256bf491f3795bdfdd8b0b18f00fa745a65cbd35ac4190706e8c81523119cffe470
SHA5124b4d416c2aeb8ca7b5639e095fc944db1130f30270c71d84008ec113b80ff6df1de97acb090c7aa9584c1e86670892413959e4eb9787b8251a5c386e2bd2610d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5d08077e9fc773cd8269f6d26e309ef6d
SHA1bbc7830040092b9109435963a087f84b3af06d29
SHA256270303909867b1ead6a72516031592c135a43e16430430d1009726f5c6cadc11
SHA512b1c15cd34a47b783d92ee238f2b9156e50327d5466bacc023a850b32883146dcfb5139f20c70c3e29716666c02c2c34f56dca78f0ff946899bd3e305b94fceb7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD58591ceb775fedd3e56b7d376baad091e
SHA10e50ca73883aaa127b80f405b7b126dae55c469b
SHA2568494fb4b3d38b6a34e98bc1b2de3244b855af0aedf02e9638b294cc3b6f0edc7
SHA512d04ee7c0af442e566778ad664c8f4236682b920c8068cecf16a0b910178b43aa60f64b8957dd3981ce356e7fa73c89be851f0b26a56b127f93d5ded0b9450b30
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD57d7d4c83d77e5fcefe85de8f0f4a7af3
SHA18ff35224b8eb84efcdf34bd9ba0f437f3a25b841
SHA256d6515bed7a5989ef3e7a45ed949b53ca5f941f5f6491c7433408e219bf68a1a0
SHA512afd1641234c1b1706af715874603bcac88fc7d52f189befa2e6e01b8f4407ba7d53d3152f3362c2b3b7f205d8e8f2011d0a4f60fee3a033767a12274b6d0a569
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD59fe29e3e442070715a270b753b846c38
SHA14abb91e7267ea76d5939e9562784642d6a60a55c
SHA256bf49817659ba6b8a72f8fb2a065f7ac2ce172ff331eb8747f6629000a278ee00
SHA512cf411e2abcbc6b71e234b174e67a7ea12e4624030b07eea3db1e2166db7a3fc110a9f17dc4c7616df09ff328d8ce4d54165b0605aa02bcb961575c3572224ea5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5e4a1c1cc3ab6b482b8452877080e1283
SHA1d9f1d7b215250bf02d5a76d406426257d566a879
SHA256df7aa47fdd5eaee0dcd066c21b5d5a3e89c93d940782be41e3e10a49176166d9
SHA5125d9a39ebbb5bdd90fa8c3edd2dbc26f3d04530bb0284b652df0df92c4e29790bab1f4219d3b92f7fca385b07be5aa949500de53c349b3bba6d2be057965ca18f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD599ebb38a1b2df6123eae3529a579331e
SHA106d20707fc0d9a399f41e1ad0266bb9d42a6b2b2
SHA25617faa3f6e48f362b100e271e5a5320a820f0706ae030c666b9de2fd574057a26
SHA512f963c867e0f0b48e08702ad542c5018e4850f104428dc8a90ed8208dc9dfa68fe53496525b44ec96ea50d89fcf079cbbb32d06901b4c7912a1925c796d0ea09a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357Filesize
242B
MD5c058745fdc78f3b2a7697db9c303f9a2
SHA184d15a053e3eae0d8e92fa9888066c75182568e4
SHA25639124c4b303cd8f4a89085a4df2fd689fb9088c21adea009dd6540ae5d354e0d
SHA5125798cbc869fab01d1403aaf175b1dba7444145202875209dce3c28ff4f44395f53d398c22e4b9f5e6943aed9910f664469bbedc863436d2f7137be4fbef97e95
-
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoFilesize
4KB
MD5da597791be3b6e732f0bc8b20e38ee62
SHA11125c45d285c360542027d7554a5c442288974de
SHA2565b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.datFilesize
106KB
MD57578dc9119f55d76c01110b0a436cc32
SHA1b3cc3cda9efaebf98041e67c7e9d041d60b667b1
SHA256fba4e0de4ce6cea921cd2b8669dd5a077f3f2a054da7f58085563acf9fdce451
SHA512629500e030d7386859236413de4bd1bcc1f51a284648c9fa38f48643dbcb603ce6c2546d10144af623d3205a69689aa30cdf2e4cef50458c52aba67bb3d971d5
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.datFilesize
24KB
MD5075b46033d2fa8ae8c65287005ce2bdf
SHA19994938a241dbc2a223c5d15857d13249b01dbad
SHA2562cd5c84cf00a001e3a2273b5c62343424c15cdd70ae02e29bf31217fb90019d3
SHA512ff66073f831df7a21d0b018ad9830d499574c74879071a646ec8e0c4053b20c6dafb81332bb57a409eb0ab6523939fa0090bde064ebc48371205d396b9beb339
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80ADRKAC\favicon[1].icoFilesize
23KB
MD5ec2c34cadd4b5f4594415127380a85e6
SHA1e7e129270da0153510ef04a148d08702b980b679
SHA256128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7
SHA512c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWE78U15\qsml[10].xmlFilesize
327B
MD5c79bafd88eba468ec15b477f1f6df4a3
SHA18de1ec4e7f794c8c1b605d3f583f4f6f6d0eab3d
SHA256d9265b1f0347b357cf87283bf8456945d9a711510664be64d04ff8d613b715b4
SHA5120c49d864012b12515b62fb12f3d86f839c37db0270ffaaaca5fee569d26cf3d0577c2eb30139ce3cb9a01b97f841b67dc81cc692d3d8a0b452f079a63cc023c3
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWE78U15\qsml[1].xmlFilesize
489B
MD5c80b39a5a2a4ea06d6d0d7933979240f
SHA109629fd39692f6eada7c5147d74402260e243580
SHA2566076bf2d8624a1d3002736f8363d1e3955e7693b9f488f12d5858c3f78df5e3b
SHA5128bc422c1f4043dd47b47c1b6f0762b7b4b929d95f6523d6882fdaec61fe5350b24d4d3cf2422d3cedad862103ea92d0e0386b47f937ede7bae4a864b662f1d4f
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWE78U15\qsml[2].xmlFilesize
486B
MD51a0c55cb3fd32f73074e0cd56fc09221
SHA103dfafe58844a4e7de928296cd0c3e79ba69f4a5
SHA2566dfa61ece57fecba5fbb8ed251acb5d0ae43208b91df7630ac752c9c6315d487
SHA51224a0ec2f2a29d7417581c167437faaff86f9fdc7542ba978b68c3f69e4474b5414774d6fb633cc63408b634e74a4970c6428be404f6615765a067025ed02ef67
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWE78U15\qsml[3].xmlFilesize
513B
MD539560d12ac97c75123f807e584afa4fd
SHA1642252056f1f7edeb3067dcadd2365b95a8044f4
SHA256ce1262a39bc3cddd6191bb50d1be9792ab9fa674e3c14f3c3f453d63279bb9c0
SHA5124e6e1a3e291d6a71981749cf8c3db154af55f145cd125c9eccd48e6c6c9423bd06033db6a7e6a9a2d6e267b684e0550be4c6818b741956eb7345ad07c888d761
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWE78U15\qsml[4].xmlFilesize
476B
MD529b4a61cd9afd4ffb8755ec8f171a4cb
SHA1e66334444a9b3496252285d46ceecbdc17514faa
SHA2566357dca0d85d98d35bda7112a8014ee31889487db5072b0e6b4645e4b5bbfcdf
SHA512fb622469405592ac580cfe6174763d8d7f529320cbe220d88eb0a82733a7f49e8ad51379a15f65c750b22924d9c65f1bcd69f7e12da057be6752f84df041bf65
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWE78U15\qsml[5].xmlFilesize
506B
MD54e086bdc6e666627e31b90b838e40b93
SHA1cccbe42a945e29b9100c4927da4e9f7894bad131
SHA25682ab63159a227913b6cd8ac06e93ad836b31bd508e77abc2ed6b0ec6baaeffbc
SHA512cc21a6e4eba2d0a05b6d85df953c4bc88e82ed09390568247e23aec12ec10ee6ee7b1ebb422f0a608015f341b8e6eb24c94cab6ad2317099437748622470b66d
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWE78U15\qsml[6].xmlFilesize
524B
MD51ef727c5344cd4eb84855f4d2aa27948
SHA1c3218f16cfb4748ca7eea78a59f3a7047e2af865
SHA2563d9020cbf595ac78a365e52d9f61ef893791622f862e3d7043f0ae82c03a6859
SHA5123ebe9a3e1d388e18c57d4295f1a595f7cdf5e361430c32f8254d4ebd62a68140535901a7f622d982c7f8e3d9c065c7c352a711fe4d7daf4590f9724452c1d1da
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWE78U15\qsml[7].xmlFilesize
524B
MD561d99971a3b9be185d700fab8c974792
SHA10a59329dab7cc81114f018402204da16221d47c0
SHA256180247855462a5c0365c95c9cc1d7ae2c558e5162cc2eb497ea6c179e7ebef08
SHA512aeceff9988d779031ae05b7c83eaa899cade605d6d6e4b42e97eb63b7f307051b823ce6a7ecd8bb2f959aa8c40db84ccedce465823ca6ae694c39c01586cc29a
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWE78U15\qsml[8].xmlFilesize
400B
MD5986cc0aedc9af58ae6cf51b73908fef4
SHA136b0babe75c59b8265370fd66245bbd2e89ccda8
SHA2563b254e3b2cab189699cd12da738fcd523cdb9a47cf512473d9a18b179f4f827d
SHA51284b9ed2e4dad3c33bba84d1414bfadc839fc05b5706d423fe3b95b29a86394f89fe36bcacb766d99c4091b238ef043c72bd5e553d2027b035517b6b9ca7d6c69
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWE78U15\qsml[9].xmlFilesize
326B
MD530b6e872bd08d20c03555e909f12b94d
SHA1f2fca56d4c87f7d782bf42995cc211e901cd9288
SHA256a17e4b913938d18718d75a5aa7486eef98f98d0ae6ccaa144742e7c66f459f64
SHA512095703b4fbd4559c6e76d5e8aafa393771ff48d7032f45e55bcd30f5e2e1f50e1a05229838d3f886cd1e6d4e18673c438378c0d683d013319569ebdb78b7b285
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RX6Y2SAU\favicon[1].pngFilesize
82KB
MD554f9d7219742c1a4c911ec6881d73267
SHA1dee2c0154df1eff47f0c75bf11abff8eb8542512
SHA2568b3e03308579eadd2c39554a9ee177a2857b50498f129de1be17c8ad3f56c2bd
SHA51284884ea4655deadc24e46645c942cebb8aa8bc847dda0963dc69a31df757312a5fcb9bf5f4a6a964b35dc4fd58cbc9c5e63857b50ba1840eb08179d6c8db905d
-
C:\Users\Admin\AppData\Local\Temp\Tar3162.tmpFilesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
memory/2332-6-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/2332-572-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/2332-3-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/2332-31-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/2332-4-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/2332-200-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/2332-0-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/2332-2-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/2332-671-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/2332-5-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/2332-1-0x0000000077590000-0x0000000077592000-memory.dmpFilesize
8KB
-
memory/2332-710-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
