fantom | f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b

Analysis

max time kernel
163s
max time network
136s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14-10-2023 03:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fantom.exe
Size

261KB
MD5

7d80230df68ccba871815d68f016c282
SHA1

e10874c6108a26ceedfc84f50881824462b5b6b6
SHA256

f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b
SHA512

64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540
SSDEEP

3072:vDKW1LgppLRHMY0TBfJvjcTp5XxG8pt+oSOpE22obq+NYgvPuCEbMBWJxLRiUgV:vDKW1Lgbdl0TBBvjc/M8n35nYgvKjdzi

Score

10^/10

fantom evasion ransomware

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>lqQCtGrcGIp305xvl6thCS3714S85OXHqchKnKSJz06ZjKDVENk7U0Xe7sX0dRDyaGiDHUAzMLpFbf5+yRiCmoS+cmRxM3/H1cE7Hoxqa3O/r8PcpxP7VGWEueSNfXUFKdvbnVJ2mqvP75cv6hau/b/sjrUFLVH/BbtQIRoeDYXE76fWzmp4r1P6f1pJhWAkyI/bOn2MHnRo0klsnUbkPwygqrABcbzXndU//+jEBPqOdGcswyV2wp+rs02z5fqkct+ncygicyA+vBHkQZ4dbd0RdCAr44TA7vPVk6m7qc+GVszxc26kKAvsMZ2+vyhQJ7WYYSBktuGOoxNoylE0eA==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Signatures

Fantom
Ransomware which hides encryption process behind fake Windows Update screen.
ransomware fantom
Renames multiple (1171) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Disables Task Manager via registry modification
evasion

Executes dropped EXE 1 IoCs

pid	Process
2072	WindowsUpdate.exe

Loads dropped DLL 1 IoCs

pid	Process
1748	Fantom.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak	Fantom.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png	Fantom.exe
File created	C:\Program Files\Google\Chrome\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar	Fantom.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi	Fantom.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml	Fantom.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png	Fantom.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-util.xml	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml	Fantom.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar	Fantom.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml	Fantom.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-cli.xml	Fantom.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png	Fantom.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar	Fantom.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	Fantom.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png	Fantom.exe
File created	C:\Program Files\Internet Explorer\Timeline.cpu.xml	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar	Fantom.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1748	Fantom.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1748	Fantom.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 2072	1748	Fantom.exe	30
PID 1748 wrote to memory of 2072	1748	Fantom.exe	30
PID 1748 wrote to memory of 2072	1748	Fantom.exe	30
PID 1748 wrote to memory of 2072	1748	Fantom.exe	30

C:\Users\Admin\AppData\Local\Temp\Fantom.exe
"C:\Users\Admin\AppData\Local\Temp\Fantom.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  PID:2072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
e5c27af0c03904d069b1da158bb6aa46

SHA1
9aa2c83dfc5aff9d184a34154498ccb025ebf0e5

SHA256
beaa1645b172954a77ff3c9f81363e6a5091fcb0044f13cb4483f950a153db00

SHA512
1c2e00d20132c9083a55257f0ed2ca32646f6bf3a1c92da0d954be482d0a1142a19ded50ebd8395013051fa544622f02498b08a6b4cffc33918c44b7daf9b59f

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
e993e64a764a04c3efbf95e1e7e3d02c

SHA1
80af59971eaa78c373a9ee9c85266ddf0429d4ed

SHA256
1cd942b90b33c0492a1192dc792cab1230819fe1a3cb127323b70ab5ef88cd58

SHA512
ee1d7878a8080c89f809f4b0606c756d5b30d2002aeb577235d37276f9502c423e52f77f6f39a969911e527d15f2bb5a5c9ce04d12226ad92f9ca13b92ba3e31

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
3620e146eeeaae3d5f4e5ad0a0b691cf

SHA1
5eebfe87224f0bbd64985ecf6e171b524d871992

SHA256
16b26a13cc1f4015cebdd15adf5e7a32ab7f952b831d145026de2590c1452e11

SHA512
8679b1418ae0e036a4b794fe6c65b50387723dc10854422e50dfa6c231aabc856485481ee44cef1adb9f1cf093ac9d4b6b7cb6e6bca90b731e85aae7f9a832b2

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
80ad06d7f673b9c6e6bddfed987e321f

SHA1
ee81e07e9f0f3102faf1f1173cd336b82c6f6ced

SHA256
afede72c122d55da9182ff5216dbf3d4e04e98f4b10ca13a1192d7cef338afb2

SHA512
ea9c065decb4745a6a740d1ab97f25499bec7258f5c05d95aa0a79d3b7d9de95b8c5845f01cf08edb3bcdb64084187bd56521b62347fb3cb99e27ba462d3aab5

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
dc546c931cbce4e748dbec9503d2ff4f

SHA1
fcf375ec8ff92158b75c20ebe41dbf5e9abf6de5

SHA256
c8a5837173e52008f171e5cddcc671160d0a56c8b77da1ec38bc2b033c0d3a44

SHA512
2867c2184de5e4fa3b3adbceecaf31e5b331459e106f49d74ad00e8aa021b7fd1c33e3d60af77ed368bb99d337b350628b45ee93a9dc470abd020f7d8b82a565

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
memory/1748-36-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-20-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-14-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-24-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-28-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-34-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-40-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-44-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-50-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-56-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-64-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-68-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-66-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-62-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-60-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-58-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-54-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-52-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-48-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-46-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-42-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-38-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-0-0x0000000074440000-0x0000000074B2E000-memory.dmp

Filesize
6.9MB

Download
memory/1748-32-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-30-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-26-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-22-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-12-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-18-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-16-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-129-0x0000000004850000-0x0000000004890000-memory.dmp

Filesize
256KB

Download
memory/1748-130-0x0000000001FC0000-0x0000000001FC1000-memory.dmp

Filesize
4KB

Download
memory/1748-131-0x0000000074440000-0x0000000074B2E000-memory.dmp

Filesize
6.9MB

Download
memory/1748-132-0x0000000004850000-0x0000000004890000-memory.dmp

Filesize
256KB

Download
memory/1748-133-0x0000000004850000-0x0000000004890000-memory.dmp

Filesize
256KB

Download
memory/1748-134-0x0000000004850000-0x0000000004890000-memory.dmp

Filesize
256KB

Download
memory/1748-135-0x0000000004850000-0x0000000004890000-memory.dmp

Filesize
256KB

Download
memory/1748-136-0x0000000002340000-0x000000000234E000-memory.dmp

Filesize
56KB

Download
memory/1748-10-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-8-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-6-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-1-0x0000000004850000-0x0000000004890000-memory.dmp

Filesize
256KB

Download
memory/1748-2-0x0000000000590000-0x00000000005C2000-memory.dmp

Filesize
200KB

Download
memory/1748-145-0x0000000004850000-0x0000000004890000-memory.dmp

Filesize
256KB

Download
memory/1748-3-0x0000000004850000-0x0000000004890000-memory.dmp

Filesize
256KB

Download
memory/1748-4-0x0000000001EE0000-0x0000000001F12000-memory.dmp

Filesize
200KB

Download
memory/1748-5-0x0000000001EE0000-0x0000000001F0B000-memory.dmp

Filesize
172KB

Download
memory/1748-337-0x0000000004850000-0x0000000004890000-memory.dmp

Filesize
256KB

Download
memory/2072-334-0x000007FEF5BA0000-0x000007FEF658C000-memory.dmp

Filesize
9.9MB

Download
memory/2072-338-0x000000001B430000-0x000000001B4B0000-memory.dmp

Filesize
512KB

Download
memory/2072-343-0x000000001B430000-0x000000001B4B0000-memory.dmp

Filesize
512KB

Download
memory/2072-147-0x000000001B430000-0x000000001B4B0000-memory.dmp

Filesize
512KB

Download
memory/2072-146-0x000000001B430000-0x000000001B4B0000-memory.dmp

Filesize
512KB

Download
memory/2072-144-0x000007FEF5BA0000-0x000007FEF658C000-memory.dmp

Filesize
9.9MB

Download
memory/2072-143-0x0000000000930000-0x000000000093C000-memory.dmp

Filesize
48KB

Download