fantom | f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b

Analysis

max time kernel
151s
max time network
70s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
24-02-2023 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d80230df68ccba871815d68f016c282.exe
Size

261KB
MD5

7d80230df68ccba871815d68f016c282
SHA1

e10874c6108a26ceedfc84f50881824462b5b6b6
SHA256

f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b
SHA512

64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540
SSDEEP

3072:vDKW1LgppLRHMY0TBfJvjcTp5XxG8pt+oSOpE22obq+NYgvPuCEbMBWJxLRiUgV:vDKW1Lgbdl0TBBvjc/M8n35nYgvKjdzi

Score

10^/10

fantom evasion ransomware

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>DGypWIQlthy5LgE7KVreE89IIw4RBteqGVt9klcEF6yW+nvWX+QE+RfCcxbmO9IAQPNffsU4Jd8UT13YQoY49Dps9dY3rWcQCgouNfmsWBf467hP6dEdyjajCoZj9XReEpFSNXrBjLEOTwiUcIE7P02DC28xt2Y1O/dwpzDwnpPm1PVPYba6oKDZ8qDpZDbonIJxX6G6PnV2HAPpzeHgHumntsGqOUByRz94RsPRKdkowJ2+lLMTUtQjRQN6s/WTFf+ObXqpS3G5G1c4U+mW/ZTdVCROdj/FsMlBimxNHdfR07JioXsCosBbn2feDp99H0xY0kc5DYWTuTvP0x+EhA==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Signatures

Fantom
Ransomware which hides encryption process behind fake Windows Update screen.
ransomware fantom
Disables Task Manager via registry modification
evasion

Executes dropped EXE 1 IoCs

pid	Process
952	WindowsUpdate.exe

Loads dropped DLL 1 IoCs

pid	Process
1188	7d80230df68ccba871815d68f016c282.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jre7\README.txt	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\DECRYPT_YOUR_FILES.HTML	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\VideoLAN\VLC\locale\co\DECRYPT_YOUR_FILES.HTML	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tet\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\Documentation.url	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\tools.jar	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\DECRYPT_YOUR_FILES.HTML	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\DECRYPT_YOUR_FILES.HTML	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\RemoveDisable.rtf	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\DECRYPT_YOUR_FILES.HTML	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\DECRYPT_YOUR_FILES.HTML	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\Internet Explorer\en-US\DECRYPT_YOUR_FILES.HTML	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\DECRYPT_YOUR_FILES.HTML	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml	7d80230df68ccba871815d68f016c282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar	7d80230df68ccba871815d68f016c282.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\DECRYPT_YOUR_FILES.HTML	7d80230df68ccba871815d68f016c282.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1188	7d80230df68ccba871815d68f016c282.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1188	7d80230df68ccba871815d68f016c282.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 952	1188	7d80230df68ccba871815d68f016c282.exe	26
PID 1188 wrote to memory of 952	1188	7d80230df68ccba871815d68f016c282.exe	26
PID 1188 wrote to memory of 952	1188	7d80230df68ccba871815d68f016c282.exe	26
PID 1188 wrote to memory of 952	1188	7d80230df68ccba871815d68f016c282.exe	26

C:\Users\Admin\AppData\Local\Temp\7d80230df68ccba871815d68f016c282.exe
"C:\Users\Admin\AppData\Local\Temp\7d80230df68ccba871815d68f016c282.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  PID:952

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
cc7937abc1a42598c808877e4fd5a716

SHA1
66ed937685dc9e975550374ac74afc7d633ff8a1

SHA256
e97f2984d1f955344e2c87624a40fde48eeba537553359e342ed107549611b27

SHA512
2c792b44e726a5335d9b35f469f5618b9166e6b82ac343ba69ccf0bc8372b66f9383333b3f1cdce4b0708249b95173cb43ec457ad0b82f5ef6a6959af76c72bb

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
e7a9e2d8d7da604d5daa35746af327b2

SHA1
4b3827c2c6c9c6bf1316b522b13e25ece88a0cde

SHA256
b4f512f17702e35c77b7664893aaf8fb38e09e43914b8789fbde5cefafa9f14f

SHA512
10e45de8e51e93cca26dba51b341ddcb4cd08527b439e24477a7104beef622cc859a7fe3701826d3a3c534331c00e71061058f02fe74c9028a30e5783ef0fbae

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
ed9c531ca7980003ae7c3cde626e9509

SHA1
cc92df08a28c87325d89dbfe949f080159826abc

SHA256
0c9b06108243bc2e9addc1923b34ce5c4ab1d38f78856c67b9d77aaca93be3f8

SHA512
7cd957bfcf3ce62e7b2d255bfdb590d03fff17db010bb66c5a5f7d62345f1d06aa1460844446818eace81bd923587ae3afbbef4da0ac6bd9fb82cd6e8a8f3ac1

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
e7c3f0971535e4444d38d317beadb18e

SHA1
49f55ea842a82cbd4f89d6762855b8b128a2bb0f

SHA256
6ecfd3c641815b9369acad7b120ff3c1d552234b4e8e9693232798ed33dd75a8

SHA512
97d0cbee62a2a7b5c7d9e29d46b6610959eb11fb0a1eae6bec2c72bbe6f4cb2b8132d0b6b8afe03cfc379fb7e479aac90b584a7234363c74080785acfa26ac5b

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
9b6bbb478e50eba68a731f1d45988411

SHA1
d5c51007de0b6409b20c08f59f9f865a5d5c2c0b

SHA256
35d65257ba6e72da057c845043a51520b65395c017566a3690c32dc9510e49f2

SHA512
9d727a5a600cc2beba72c2fee6d52d5ee225f4dadb4b891066fdf9733459888d715769c18dc67db4bb72ca3b721ea2cc30ed565cfbb0891238ec872441e79e6b

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
de909cf119eba105f51969b87fcabc3b

SHA1
55c013853d3c28aaf1dfb3cdbe4b536c492de2df

SHA256
e4f50447c79e3760168026f1673c86bc2987b5d03c1662d0a819c119da008a05

SHA512
c99693f6db139dd7ae4fb0564d489f04deb1342166c7c4bb0f6b6d8f7f48f8f73fd80184c428ca728f9aca89939577ad45c1abe99082dbfc301dc48770acb3c1

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
4d91cfc19ebece594e5352a7ade94825

SHA1
039c8fe68e06c0f3ab31bcff8e031e70a1c5b63e

SHA256
8b20d3fe2395bc63ebd92416a1a0b8247cdb7f5aecd22c1c04b6268b5f5cad4b

SHA512
2aed2ff297badd697d9060db0d93a22a6785ce59552d39631b6f23ea9ab0956379a7fb200d4bac3c9f01cd9e0121399c255d69ed46d1ca4b5b5bdc86048485a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
memory/952-664-0x000000001B120000-0x000000001B1A0000-memory.dmp

Filesize
512KB

Download
memory/952-195-0x000000001B120000-0x000000001B1A0000-memory.dmp

Filesize
512KB

Download
memory/952-193-0x00000000008C0000-0x00000000008CC000-memory.dmp

Filesize
48KB

Download
memory/952-196-0x000000001B120000-0x000000001B1A0000-memory.dmp

Filesize
512KB

Download
memory/952-667-0x000000001B120000-0x000000001B1A0000-memory.dmp

Filesize
512KB

Download
memory/1188-77-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-121-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-85-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-83-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-87-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-91-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-89-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-93-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-97-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-95-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-99-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-103-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-101-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-105-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-109-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-107-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-111-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-115-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-113-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-117-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-119-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-79-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-183-0x0000000002030000-0x0000000002031000-memory.dmp

Filesize
4KB

Download
memory/1188-182-0x00000000021A0000-0x00000000021E0000-memory.dmp

Filesize
256KB

Download
memory/1188-184-0x00000000021A0000-0x00000000021E0000-memory.dmp

Filesize
256KB

Download
memory/1188-185-0x00000000021A0000-0x00000000021E0000-memory.dmp

Filesize
256KB

Download
memory/1188-186-0x0000000002230000-0x000000000223E000-memory.dmp

Filesize
56KB

Download
memory/1188-81-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-54-0x0000000001F10000-0x0000000001F42000-memory.dmp

Filesize
200KB

Download
memory/1188-75-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-71-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-194-0x00000000021A0000-0x00000000021E0000-memory.dmp

Filesize
256KB

Download
memory/1188-73-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-69-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-65-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-663-0x00000000021A0000-0x00000000021E0000-memory.dmp

Filesize
256KB

Download
memory/1188-67-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-63-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-61-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-59-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-58-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1188-57-0x00000000021A0000-0x00000000021E0000-memory.dmp

Filesize
256KB

Download
memory/1188-56-0x00000000021A0000-0x00000000021E0000-memory.dmp

Filesize
256KB

Download
memory/1188-55-0x0000000002000000-0x0000000002032000-memory.dmp

Filesize
200KB

Download