fantom | f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b

Analysis

max time kernel
150s
max time network
62s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
09-06-2023 06:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03769899.exe
Size

261KB
MD5

7d80230df68ccba871815d68f016c282
SHA1

e10874c6108a26ceedfc84f50881824462b5b6b6
SHA256

f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b
SHA512

64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540
SSDEEP

3072:vDKW1LgppLRHMY0TBfJvjcTp5XxG8pt+oSOpE22obq+NYgvPuCEbMBWJxLRiUgV:vDKW1Lgbdl0TBBvjc/M8n35nYgvKjdzi

Score

10^/10

fantom evasion ransomware

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>bp//yJKwl7U0exUqwqC9Qgx5TMLoM4HPENfMywf9o8h5jHpLB7HRSCCWQ/gv+kxESctYQLT66WuM3UIQD5d3Yi2aoT3Jrg+viwDusXce1ReVPNvha15at9BatKPLAZPRAiLOHZh8dPDRy/GhVH7xS7R8dZb24xONYtjRGr6tXNLB0wlzbQbWKl/UCxv8xgwqCGXmqsoTBthDxJnL5GZsj9wfLtd539bwyKcvE5A2k+MUQ0dcmxuPa2V43XwJ4bkjfneS0BuryeariJUKDdaktao6ihkbsdu+cI8AMCTqT3pwe2h/koWB3C60tZD7lYlLv5ODVS5IQl7RVXI/9AibRQ==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Signatures

Fantom
Ransomware which hides encryption process behind fake Windows Update screen.
ransomware fantom
Renames multiple (1479) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Disables Task Manager via registry modification
evasion

Executes dropped EXE 1 IoCs

pid	Process
1984	WindowsUpdate.exe

Loads dropped DLL 1 IoCs

pid	Process
2008	03769899.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png	03769899.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar	03769899.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png	03769899.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\DECRYPT_YOUR_FILES.HTML	03769899.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png	03769899.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar	03769899.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml	03769899.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png	03769899.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi	03769899.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\currency.html	03769899.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_hail.png	03769899.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml	03769899.exe
File created	C:\Program Files\VideoLAN\VLC\locale\he\DECRYPT_YOUR_FILES.HTML	03769899.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\DECRYPT_YOUR_FILES.HTML	03769899.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf	03769899.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png	03769899.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	03769899.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\DECRYPT_YOUR_FILES.HTML	03769899.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar	03769899.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml	03769899.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_over.png	03769899.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png	03769899.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar	03769899.exe
File opened for modification	C:\Program Files\SelectMerge.bmp	03769899.exe
File created	C:\Program Files\Windows Defender\DECRYPT_YOUR_FILES.HTML	03769899.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\DECRYPT_YOUR_FILES.HTML	03769899.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar	03769899.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt	03769899.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\library.js	03769899.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\9.png	03769899.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png	03769899.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Triedit\DECRYPT_YOUR_FILES.HTML	03769899.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\DECRYPT_YOUR_FILES.HTML	03769899.exe
File created	C:\Program Files\Internet Explorer\images\DECRYPT_YOUR_FILES.HTML	03769899.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\DECRYPT_YOUR_FILES.HTML	03769899.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\DECRYPT_YOUR_FILES.HTML	03769899.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\slideShow.css	03769899.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\DECRYPT_YOUR_FILES.HTML	03769899.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\DECRYPT_YOUR_FILES.HTML	03769899.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml	03769899.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png	03769899.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar	03769899.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\form_responses.gif	03769899.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml	03769899.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png	03769899.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\DECRYPT_YOUR_FILES.HTML	03769899.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar	03769899.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\DECRYPT_YOUR_FILES.HTML	03769899.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\DECRYPT_YOUR_FILES.HTML	03769899.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\DECRYPT_YOUR_FILES.HTML	03769899.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml	03769899.exe
File created	C:\Program Files\Microsoft Games\More Games\DECRYPT_YOUR_FILES.HTML	03769899.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar	03769899.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\DECRYPT_YOUR_FILES.HTML	03769899.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png	03769899.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\DECRYPT_YOUR_FILES.HTML	03769899.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png	03769899.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar	03769899.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml	03769899.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\DECRYPT_YOUR_FILES.HTML	03769899.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png	03769899.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak	03769899.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\de-DE\DECRYPT_YOUR_FILES.HTML	03769899.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\fr-FR\DECRYPT_YOUR_FILES.HTML	03769899.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2008	03769899.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2008	03769899.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 1984	2008	03769899.exe	28
PID 2008 wrote to memory of 1984	2008	03769899.exe	28
PID 2008 wrote to memory of 1984	2008	03769899.exe	28
PID 2008 wrote to memory of 1984	2008	03769899.exe	28

C:\Users\Admin\AppData\Local\Temp\03769899.exe
"C:\Users\Admin\AppData\Local\Temp\03769899.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  PID:1984

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
391cf4d6194a479c1ece0729d75c68c0

SHA1
9ed54f479cc730c4ae3afd9a60730ecb28499039

SHA256
0dc88f7164e2821dce0c17a78334ab37dcf5f06bd12024a41446f2dae84d7134

SHA512
bd3ecb94bc21885c2cfb0a08b1f2cdcfe23490198b434b43cdee97b7d84e7c78cc555b81ac566ab3aba488808cd2b2955a668e8f4530b84e24329a23894517c4

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
06613901d50c35544ede8a87d387e014

SHA1
7f9f7b7c2dc50f37b5258a7a25c4c81e484d4416

SHA256
bdc6b6f17f5fadad582ef57ea1c36b47385848b4daa98fb74369aa59ad9d4fa4

SHA512
cd9ecef54de4a3b6277c84986c9a23c7c476a1043b4dac3f73b41ad6e4ec15453b9ac85c145ba7a7b738da8878b17e47b5ddfa248afd07a513a71fd30fe129ff

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
4cecd4fdc5dd94b4720b504524cf4668

SHA1
4f7e49fefc5aac8008b62e3db85f15032ca3d52e

SHA256
9f46d1e9682e573859e3ab9dee9f1a0b335651263f0b75f92162e05948068e12

SHA512
819c521c5127a1f9d48faf8eeae18c94c57b1f61a0901103caa905306d4d4e7c79bcd59444b768223a3f7c262c5d04657c4ffe289f8e0d0b0386c28e93ea9330

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
963fb2c704bbd766982695e52e050e1c

SHA1
292349211bd08b6885eef1ff2ee26cb840cf9e1f

SHA256
2c7ec8f65e3ca219285b989eff68056083f811bf6a8d01f0b8862f1f537eaf1d

SHA512
1b0f675ca6235be17ebb59716ae2a1c804371ec07a00e6bb7b9325c6b777cd92786932ea189725e6ca83a66edeff013910588ef3bf579dd4f8ca11dfa086c7f8

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
0d514731e8755bfd125b8fe2bff28f1d

SHA1
6bfba3d452a0ce21ead6d7e56ac91bb0f622b2af

SHA256
b3c949e7533f62de63fb39672939083a7353730b928a22370fe5998b7082a013

SHA512
457048f744b9b3e9cc8eb938206157055951ce40cb5895e1d361ed29965d38a8094988046880fe1ba842514348cbbe44c82a1379b30f46dd7c98c381bbee8a28

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
27e5c29a8bed0c5aaefd2203269ed142

SHA1
439620130dc03f14c788a2a4bc5c2208dde381f1

SHA256
af3deb7dbbaaa1ee87e0d6888e5094763776ed2db380802a18ade223d4967d40

SHA512
9f1aa15558db1683c5a15d785d2a43631d86f55f69761d48e190fccecabcfa96b2ef059933356eefadcbc8546aac665d6ff4158c9596622787369ba47444c8f7

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
e8b1face96a956a01055cc56d39d30dc

SHA1
e1a0aec3c282e4480fda8da6c25e4d68e66922aa

SHA256
792e14e7f38d410235938c263fd350237a14a9dffdba4685cf9579275cc9a721

SHA512
071c80b056ac676d9ad2d24605d865fc9b435564038b5b5832cde7cb245c9b0c7f108ef32e5b9d39c441c08728c78b17c22877f5e6042242f929eea5fa937f10

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
memory/1984-673-0x000000001B150000-0x000000001B1D0000-memory.dmp

Filesize
512KB

Download
memory/1984-194-0x000000001B150000-0x000000001B1D0000-memory.dmp

Filesize
512KB

Download
memory/1984-193-0x000000001B150000-0x000000001B1D0000-memory.dmp

Filesize
512KB

Download
memory/1984-191-0x0000000000E20000-0x0000000000E2C000-memory.dmp

Filesize
48KB

Download
memory/2008-81-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-181-0x0000000004740000-0x0000000004780000-memory.dmp

Filesize
256KB

Download
memory/2008-87-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-91-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-95-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-97-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-101-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-107-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-109-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-111-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-105-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-103-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-115-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-119-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-117-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-113-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-99-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-93-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-89-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-83-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-77-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-85-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-180-0x0000000004740000-0x0000000004780000-memory.dmp

Filesize
256KB

Download
memory/2008-182-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/2008-183-0x0000000004740000-0x0000000004780000-memory.dmp

Filesize
256KB

Download
memory/2008-184-0x0000000004D00000-0x0000000004D0E000-memory.dmp

Filesize
56KB

Download
memory/2008-54-0x0000000002340000-0x0000000002372000-memory.dmp

Filesize
200KB

Download
memory/2008-79-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-75-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-73-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-192-0x0000000004740000-0x0000000004780000-memory.dmp

Filesize
256KB

Download
memory/2008-71-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-69-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-67-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-672-0x0000000004740000-0x0000000004780000-memory.dmp

Filesize
256KB

Download
memory/2008-65-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-63-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-61-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-59-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-57-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-56-0x0000000002370000-0x000000000239B000-memory.dmp

Filesize
172KB

Download
memory/2008-55-0x0000000002370000-0x00000000023A2000-memory.dmp

Filesize
200KB

Download