Analysis
-
max time kernel
371s -
max time network
434s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system -
submitted
12-09-2022 17:43
Behavioral task
behavioral1
Sample
new-bank-details-support-june2022.pdf
Resource
win10-20220812-en
General
-
Target
new-bank-details-support-june2022.pdf
-
Size
118KB
-
MD5
c5e25a91311131054024435923933280
-
SHA1
ad974e5cdcff1474d9c8c83cf881ade3c02edbe8
-
SHA256
c9414c335f2b291723c35fc4009d2a637ff80b2829d241ac2d966abce1857ee8
-
SHA512
ddc4aa415c0c3c1dd09735c4a904066d1f14bd928dc8470b70902a77532a34c3a29ebf9ad446362f4d57ebc8b465185e03ee097d2366b66e68c630eabf70d6bd
-
SSDEEP
1536:3/CnYcL8CfM6lBVz18YQVzOmmQAhbryf58CEnUPntI3/Kl88C+I9NTdFsuFrJ:JcLvnjVidzOmCnyhUUft+Sl8ff9NTlNJ
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 18 IoCs
Processes:
AcroRd32.exepid process 2660 AcroRd32.exe 2660 AcroRd32.exe 2660 AcroRd32.exe 2660 AcroRd32.exe 2660 AcroRd32.exe 2660 AcroRd32.exe 2660 AcroRd32.exe 2660 AcroRd32.exe 2660 AcroRd32.exe 2660 AcroRd32.exe 2660 AcroRd32.exe 2660 AcroRd32.exe 2660 AcroRd32.exe 2660 AcroRd32.exe 2660 AcroRd32.exe 2660 AcroRd32.exe 2660 AcroRd32.exe 2660 AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 2660 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
AcroRd32.exepid process 2660 AcroRd32.exe 2660 AcroRd32.exe 2660 AcroRd32.exe 2660 AcroRd32.exe 2660 AcroRd32.exe 2660 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 2660 wrote to memory of 4052 2660 AcroRd32.exe RdrCEF.exe PID 2660 wrote to memory of 4052 2660 AcroRd32.exe RdrCEF.exe PID 2660 wrote to memory of 4052 2660 AcroRd32.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 5016 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 3168 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 3168 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 3168 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 3168 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 3168 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 3168 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 3168 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 3168 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 3168 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 3168 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 3168 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 3168 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 3168 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 3168 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 3168 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 3168 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 3168 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 3168 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 3168 4052 RdrCEF.exe RdrCEF.exe PID 4052 wrote to memory of 3168 4052 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\new-bank-details-support-june2022.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=44CB2707CD2D9203C5EDA6FC6DA8C67D --mojo-platform-channel-handle=1624 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CF17CC4A5303EDB067E0318E9DCA8D9F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CF17CC4A5303EDB067E0318E9DCA8D9F --renderer-client-id=2 --mojo-platform-channel-handle=1636 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=12B6CE9BF1EAE4FAEECB50EA1B1DA5B4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=12B6CE9BF1EAE4FAEECB50EA1B1DA5B4 --renderer-client-id=4 --mojo-platform-channel-handle=2072 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=26515AF176A9D87016402A70514C2AF4 --mojo-platform-channel-handle=2492 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A6504D32262B6F2E5E94F4549524564F --mojo-platform-channel-handle=2448 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=008E1BE52BEE90F57188B59C2EE8FFF8 --mojo-platform-channel-handle=2576 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1212-574-0x0000000000000000-mapping.dmp
-
memory/2660-115-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-116-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-117-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-118-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-119-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-120-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-121-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-123-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-122-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-124-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-125-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-126-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-127-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-128-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-129-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-130-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-131-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-132-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-133-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-134-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-135-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-137-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-138-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-136-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-139-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-140-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-141-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-142-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-143-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-144-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-145-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-146-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-147-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-148-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-149-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-150-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-151-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-152-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-153-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-154-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-155-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-156-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-157-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-158-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-159-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-160-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-161-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-162-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-163-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-164-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-165-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-166-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-167-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-168-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-169-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-170-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-171-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-172-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-173-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-174-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-175-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-176-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-177-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2660-178-0x0000000077A00000-0x0000000077B8E000-memory.dmpFilesize
1.6MB
-
memory/2676-805-0x0000000000000000-mapping.dmp
-
memory/3168-340-0x0000000000000000-mapping.dmp
-
memory/4052-202-0x0000000000000000-mapping.dmp
-
memory/4432-678-0x0000000000000000-mapping.dmp
-
memory/4464-365-0x0000000000000000-mapping.dmp
-
memory/5016-316-0x0000000000000000-mapping.dmp