formbook | d2a40596de9ecbb325f4d6a7dced2a1bccec1cc8f83f786940835e83e1bc05dc

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
22-09-2022 15:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jestseewer.exe
Size

1.1MB
MD5

c2744465d0bedc9aa98714338225a6f3
SHA1

3c50e3d5b630aa6a8015b349b4e18169b6c297da
SHA256

d2a40596de9ecbb325f4d6a7dced2a1bccec1cc8f83f786940835e83e1bc05dc
SHA512

2eacf21b0b560ef3e7652c4e543fea5aad247f35562f746c9cfb178822dba752c14f6dfacd8c699f69af2f2d0d18ccd1b5be1901a1f79fe5951db896c277be03
SSDEEP

24576:iAOcZXp07zxTM+FFyvJjjcepfSjE+vRPGQFV0aBTjWFqwA4:oXzJZFYvhjdqvtGQFV9jWx

Score

10^/10

formbook je14 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

je14

Decoy

innervisionbuildings.com

theenergysocialite.com

565548.com

panghr.com

onlyonesolutions.com

stjohnzone6.com

cnotes.rest

helfeb.online

xixi-s-inc.club

easilyentered.com

theshopx.store

mrclean-ac.com

miamibeachwateradventures.com

jpearce.co.uk

seseragi-bunkou.com

minimaddie.com

commbank-help-849c3.com

segohandelsonderneming.com

namthanhreal.com

fototerapi.online

Signatures

Formbook
Formbook is a data stealing malware which is capable of stealing data.
trojan spyware stealer formbook

Formbook payload 5 IoCs

rat

Processes:

resource	yara_rule
behavioral2/memory/400-138-0x0000000000000000-mapping.dmp	formbook
behavioral2/memory/400-139-0x0000000000400000-0x000000000042F000-memory.dmp	formbook
behavioral2/memory/400-145-0x0000000000400000-0x000000000042F000-memory.dmp	formbook
behavioral2/memory/4616-147-0x0000000000E50000-0x0000000000E7F000-memory.dmp	formbook
behavioral2/memory/4616-151-0x0000000000E50000-0x0000000000E7F000-memory.dmp	formbook

Executes dropped EXE 1 IoCs

Processes:

eqhxkjjkof.pif

pid process

3596 eqhxkjjkof.pif

pid	process
3596	eqhxkjjkof.pif

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

jestseewer.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	jestseewer.exe

Suspicious use of SetThreadContext 3 IoCs

Processes:

eqhxkjjkof.pifRegSvcs.execolorcpl.exe

description	pid	process	target process
PID 3596 set thread context of 400	3596	eqhxkjjkof.pif	RegSvcs.exe
PID 400 set thread context of 3004	400	RegSvcs.exe	Explorer.EXE
PID 4616 set thread context of 3004	4616	colorcpl.exe	Explorer.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 58 IoCs

Processes:

RegSvcs.execolorcpl.exe

pid	process
400	RegSvcs.exe
400	RegSvcs.exe
400	RegSvcs.exe
400	RegSvcs.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe
4616	colorcpl.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Explorer.EXE

pid process

3004 Explorer.EXE
Suspicious behavior: MapViewOfSection 5 IoCs

Processes:

RegSvcs.execolorcpl.exe

pid process

400 RegSvcs.exe
400 RegSvcs.exe
400 RegSvcs.exe
4616 colorcpl.exe
4616 colorcpl.exe

pid	process
3004	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 22 IoCs

Processes:

RegSvcs.exeExplorer.EXEcolorcpl.exe

description	pid	process
Token: SeDebugPrivilege	400	RegSvcs.exe
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeDebugPrivilege	4616	colorcpl.exe
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE
Token: SeShutdownPrivilege	3004	Explorer.EXE
Token: SeCreatePagefilePrivilege	3004	Explorer.EXE

Suspicious use of WriteProcessMemory 18 IoCs

Processes:

jestseewer.exeeqhxkjjkof.pifExplorer.EXEcolorcpl.exe

description	pid	process	target process
PID 1456 wrote to memory of 3596	1456	jestseewer.exe	eqhxkjjkof.pif
PID 1456 wrote to memory of 3596	1456	jestseewer.exe	eqhxkjjkof.pif
PID 1456 wrote to memory of 3596	1456	jestseewer.exe	eqhxkjjkof.pif
PID 3596 wrote to memory of 4988	3596	eqhxkjjkof.pif	RegSvcs.exe
PID 3596 wrote to memory of 4988	3596	eqhxkjjkof.pif	RegSvcs.exe
PID 3596 wrote to memory of 4988	3596	eqhxkjjkof.pif	RegSvcs.exe
PID 3596 wrote to memory of 400	3596	eqhxkjjkof.pif	RegSvcs.exe
PID 3596 wrote to memory of 400	3596	eqhxkjjkof.pif	RegSvcs.exe
PID 3596 wrote to memory of 400	3596	eqhxkjjkof.pif	RegSvcs.exe
PID 3596 wrote to memory of 400	3596	eqhxkjjkof.pif	RegSvcs.exe
PID 3596 wrote to memory of 400	3596	eqhxkjjkof.pif	RegSvcs.exe
PID 3596 wrote to memory of 400	3596	eqhxkjjkof.pif	RegSvcs.exe
PID 3004 wrote to memory of 4616	3004	Explorer.EXE	colorcpl.exe
PID 3004 wrote to memory of 4616	3004	Explorer.EXE	colorcpl.exe
PID 3004 wrote to memory of 4616	3004	Explorer.EXE	colorcpl.exe
PID 4616 wrote to memory of 4396	4616	colorcpl.exe	cmd.exe
PID 4616 wrote to memory of 4396	4616	colorcpl.exe	cmd.exe
PID 4616 wrote to memory of 4396	4616	colorcpl.exe	cmd.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3004

C:\Users\Admin\AppData\Local\Temp\jestseewer.exe
"C:\Users\Admin\AppData\Local\Temp\jestseewer.exe"
2⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1456

C:\Users\Admin\AppData\Roaming\9_69\eqhxkjjkof.pif
"C:\Users\Admin\AppData\Roaming\9_69\eqhxkjjkof.pif" pjubdliuxm.vxl
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3596

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
4⤵
PID:4988

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
4⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:400

C:\Windows\SysWOW64\autofmt.exe
"C:\Windows\SysWOW64\autofmt.exe"
2⤵
PID:4708

C:\Windows\SysWOW64\colorcpl.exe
"C:\Windows\SysWOW64\colorcpl.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4616

C:\Windows\SysWOW64\cmd.exe
/c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
3⤵
PID:4396

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\9_69\eqhxkjjkof.pif
Filesize
906KB

MD5
f28aa08788132e64db4b8918ee2430b1

SHA1
ef32b1023a89dc36d7c5e98e22845fe87c5efef2

SHA256
f99b9fc041c177f0bee2c82d09f451ef0833696111b1b37cbfff8c975232ece2

SHA512
689cf6118061aa9e7d4b78118db99338aa767433df511610d471a989825a84a53119310248ed3870b10e48e77b47c429ef5a276dbc9c4ec53a7588e16093b50f

Download Submit
C:\Users\Admin\AppData\Roaming\9_69\eqhxkjjkof.pif
Filesize
906KB

MD5
f28aa08788132e64db4b8918ee2430b1

SHA1
ef32b1023a89dc36d7c5e98e22845fe87c5efef2

SHA256
f99b9fc041c177f0bee2c82d09f451ef0833696111b1b37cbfff8c975232ece2

SHA512
689cf6118061aa9e7d4b78118db99338aa767433df511610d471a989825a84a53119310248ed3870b10e48e77b47c429ef5a276dbc9c4ec53a7588e16093b50f

Download Submit
C:\Users\Admin\AppData\Roaming\9_69\hdhvijr.aqo
Filesize
370KB

MD5
7cd5048c8d058a9b417310b6a0a6677e

SHA1
11963e0819174eca2f320b028c484ece23abc834

SHA256
9fd373d752d24341de34a5fc995ba1b32041312a416ca69ccbedd96c0e50ed17

SHA512
b20455dc4a8bc09b009fb7ea6e649ed5d163e88baaaedfb5851da6aedb90523953f580e1eb9244f147782ad036384170ba2f68943be7694cbbb4e794d3ea012c

Download Submit
C:\Users\Admin\AppData\Roaming\9_69\keapunbfxl.xls
Filesize
44KB

MD5
2de51c2b93f68802b282f586c0be4489

SHA1
37733634e559bacd1273f078f8e39b0ba545a09f

SHA256
594dc478a8511e6ead7105bf87a93a746729f64b8eea0f4ce8d489981af4791f

SHA512
7fc91159c5b3c2f1c9e4af18a4e8705b3909035198e05a32f9930592b47dcfac71857c1bc2af62fe0312dda9deb2d87de9639f1727f53daa25f1f675720090de

Download Submit
C:\Users\Admin\AppData\Roaming\9_69\pjubdliuxm.vxl
Filesize
140.7MB

MD5
85de3305ce7b6461a266166d318c6296

SHA1
40d6336acbd0ab4152779d0dd78988ec245f78b0

SHA256
7336e8c7f812f6d657785f5ad22c04f712fbbcb27dc1c4c216b5d1035aa6f86c

SHA512
26c7689c5b3bf5cb9bb19776d2b70ae3d2151bc471e42d6c48e255a4880005bba4d288697e8357480108fa7b289b1973f41ac0151c8073191ae7b4fc07c0d456

Download Submit
memory/400-138-0x0000000000000000-mapping.dmp

Download
memory/400-139-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/400-141-0x00000000016F0000-0x0000000001A3A000-memory.dmp

Filesize
3.3MB

Download
memory/400-142-0x0000000001250000-0x0000000001264000-memory.dmp

Filesize
80KB

Download
memory/400-145-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3004-188-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-154-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-247-0x00000000028E0000-0x00000000028F0000-memory.dmp

Filesize
64KB

Download
memory/3004-246-0x00000000028E0000-0x00000000028F0000-memory.dmp

Filesize
64KB

Download
memory/3004-245-0x00000000028E0000-0x00000000028F0000-memory.dmp

Filesize
64KB

Download
memory/3004-195-0x00000000028E0000-0x00000000028F0000-memory.dmp

Filesize
64KB

Download
memory/3004-243-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-240-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-239-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-152-0x0000000008210000-0x000000000837E000-memory.dmp

Filesize
1.4MB

Download
memory/3004-153-0x0000000008210000-0x000000000837E000-memory.dmp

Filesize
1.4MB

Download
memory/3004-196-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-155-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-156-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-157-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-158-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-159-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-160-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-161-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-162-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-163-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-164-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-166-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-168-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-169-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-167-0x0000000002940000-0x0000000002950000-memory.dmp

Filesize
64KB

Download
memory/3004-170-0x0000000007B90000-0x0000000007BA0000-memory.dmp

Filesize
64KB

Download
memory/3004-171-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-172-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-173-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-174-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-175-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-176-0x0000000007B90000-0x0000000007BA0000-memory.dmp

Filesize
64KB

Download
memory/3004-177-0x0000000007B90000-0x0000000007BA0000-memory.dmp

Filesize
64KB

Download
memory/3004-178-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-197-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-180-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-181-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-182-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-183-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-184-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-185-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-186-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-187-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-143-0x0000000007970000-0x0000000007B0B000-memory.dmp

Filesize
1.6MB

Download
memory/3004-190-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-191-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-192-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-193-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-194-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-179-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-238-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-244-0x00000000028D0000-0x00000000028E0000-memory.dmp

Filesize
64KB

Download
memory/3004-198-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-199-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-200-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-201-0x00000000028E0000-0x00000000028F0000-memory.dmp

Filesize
64KB

Download
memory/3004-202-0x00000000028E0000-0x00000000028F0000-memory.dmp

Filesize
64KB

Download
memory/3004-203-0x00000000028D0000-0x00000000028E0000-memory.dmp

Filesize
64KB

Download
memory/3004-204-0x00000000028E0000-0x00000000028F0000-memory.dmp

Filesize
64KB

Download
memory/3004-205-0x00000000028E0000-0x00000000028F0000-memory.dmp

Filesize
64KB

Download
memory/3004-206-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-207-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-208-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-209-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-210-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-211-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-212-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-213-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-214-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-215-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-216-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-217-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-218-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-219-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-220-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-221-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-222-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-223-0x0000000002230000-0x0000000002240000-memory.dmp

Filesize
64KB

Download
memory/3004-224-0x0000000002230000-0x0000000002240000-memory.dmp

Filesize
64KB

Download
memory/3004-225-0x0000000002230000-0x0000000002240000-memory.dmp

Filesize
64KB

Download
memory/3004-226-0x0000000002230000-0x0000000002240000-memory.dmp

Filesize
64KB

Download
memory/3004-227-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-228-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-229-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-230-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-231-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-232-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-233-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-234-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-235-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-236-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3004-237-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/3596-132-0x0000000000000000-mapping.dmp

Download
memory/4396-148-0x0000000000000000-mapping.dmp

Download
memory/4616-151-0x0000000000E50000-0x0000000000E7F000-memory.dmp

Filesize
188KB

Download
memory/4616-150-0x0000000002BA0000-0x0000000002C33000-memory.dmp

Filesize
588KB

Download
memory/4616-149-0x0000000002E10000-0x000000000315A000-memory.dmp

Filesize
3.3MB

Download
memory/4616-147-0x0000000000E50000-0x0000000000E7F000-memory.dmp

Filesize
188KB

Download
memory/4616-146-0x0000000000580000-0x0000000000599000-memory.dmp

Filesize
100KB

Download
memory/4616-144-0x0000000000000000-mapping.dmp

Download