Analysis
-
max time kernel
121s -
max time network
149s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
01-11-2021 19:15
Behavioral task
behavioral1
Sample
Qk1Y2u AzrU O5W4aFK PEjRa99 L3qV ggXZA PXQCT pYq7kbU bQVY jcNJ.pdf
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Qk1Y2u AzrU O5W4aFK PEjRa99 L3qV ggXZA PXQCT pYq7kbU bQVY jcNJ.pdf
Resource
win10-en-20211014
General
-
Target
Qk1Y2u AzrU O5W4aFK PEjRa99 L3qV ggXZA PXQCT pYq7kbU bQVY jcNJ.pdf
-
Size
150KB
-
MD5
748aaf0916c2a07a3cb4e55ff3afef03
-
SHA1
d21bcfff7f7f8cc5bdac4ad28ab0b206d6cf1909
-
SHA256
fee6979db6507678d62736938690997296ab444c2eb365a61b7883b6ef567246
-
SHA512
1aecc035997c6a44ffe00c0cd67149d8586967de3fa453abab51d1b86da01e2aa255fbd9ec3b6070c358466794dace31107a7de4a1d402ed257af063c5eb57b6
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 22 IoCs
Processes:
AcroRd32.exepid process 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 2704 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
AcroRd32.exepid process 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe 2704 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 2704 wrote to memory of 1528 2704 AcroRd32.exe RdrCEF.exe PID 2704 wrote to memory of 1528 2704 AcroRd32.exe RdrCEF.exe PID 2704 wrote to memory of 1528 2704 AcroRd32.exe RdrCEF.exe PID 2704 wrote to memory of 3940 2704 AcroRd32.exe RdrCEF.exe PID 2704 wrote to memory of 3940 2704 AcroRd32.exe RdrCEF.exe PID 2704 wrote to memory of 3940 2704 AcroRd32.exe RdrCEF.exe PID 2704 wrote to memory of 1244 2704 AcroRd32.exe RdrCEF.exe PID 2704 wrote to memory of 1244 2704 AcroRd32.exe RdrCEF.exe PID 2704 wrote to memory of 1244 2704 AcroRd32.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 3132 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 964 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 964 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 964 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 964 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 964 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 964 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 964 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 964 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 964 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 964 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 964 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 964 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 964 1244 RdrCEF.exe RdrCEF.exe PID 1244 wrote to memory of 964 1244 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Qk1Y2u AzrU O5W4aFK PEjRa99 L3qV ggXZA PXQCT pYq7kbU bQVY jcNJ.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2704 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵PID:1528
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵PID:3940
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:1244 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BCBB738D424ED3CF0BBE86437661AF3A --mojo-platform-channel-handle=1644 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3132
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=87BCA8CA9C0F62E5A3CE562D4CD2841B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=87BCA8CA9C0F62E5A3CE562D4CD2841B --renderer-client-id=2 --mojo-platform-channel-handle=1660 --allow-no-sandbox-job /prefetch:13⤵PID:964
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=34F311ED03F6DB1DC357E66B94D83247 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=34F311ED03F6DB1DC357E66B94D83247 --renderer-client-id=4 --mojo-platform-channel-handle=2060 --allow-no-sandbox-job /prefetch:13⤵PID:1132
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1C0DBE41B249A2871A2ED2609A79E835 --mojo-platform-channel-handle=2472 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2120
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=71C914EC2A0B7675A9BA920EA388D8C1 --mojo-platform-channel-handle=1804 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3044
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=65EEA03209259C78E7389B32841028BF --mojo-platform-channel-handle=1716 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1996
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/964-123-0x0000000000F79000-0x0000000000F7A000-memory.dmpFilesize
4KB
-
memory/964-126-0x0000000000BC0000-0x0000000000BC1000-memory.dmpFilesize
4KB
-
memory/964-127-0x0000000000F90000-0x0000000000F91000-memory.dmpFilesize
4KB
-
memory/964-124-0x0000000000000000-mapping.dmp
-
memory/964-122-0x0000000077352000-0x0000000077353000-memory.dmpFilesize
4KB
-
memory/1132-129-0x0000000000DE5000-0x0000000000DE6000-memory.dmpFilesize
4KB
-
memory/1132-128-0x0000000077352000-0x0000000077353000-memory.dmpFilesize
4KB
-
memory/1132-130-0x0000000000000000-mapping.dmp
-
memory/1244-117-0x0000000000000000-mapping.dmp
-
memory/1528-115-0x0000000000000000-mapping.dmp
-
memory/1996-142-0x0000000077352000-0x0000000077353000-memory.dmpFilesize
4KB
-
memory/1996-143-0x0000000000F7D000-0x0000000000F7E000-memory.dmpFilesize
4KB
-
memory/1996-144-0x0000000000000000-mapping.dmp
-
memory/2120-136-0x0000000000000000-mapping.dmp
-
memory/2120-135-0x000000000101B000-0x000000000101C000-memory.dmpFilesize
4KB
-
memory/2120-134-0x0000000077352000-0x0000000077353000-memory.dmpFilesize
4KB
-
memory/3044-138-0x0000000077352000-0x0000000077353000-memory.dmpFilesize
4KB
-
memory/3044-139-0x0000000000F7D000-0x0000000000F7E000-memory.dmpFilesize
4KB
-
memory/3044-140-0x0000000000000000-mapping.dmp
-
memory/3132-118-0x0000000077352000-0x0000000077353000-memory.dmpFilesize
4KB
-
memory/3132-119-0x0000000000BB6000-0x0000000000BB7000-memory.dmpFilesize
4KB
-
memory/3132-120-0x0000000000000000-mapping.dmp
-
memory/3132-121-0x00000000000D0000-0x00000000000D1000-memory.dmpFilesize
4KB
-
memory/3940-116-0x0000000000000000-mapping.dmp