fantom | f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03-02-2024 14:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

240203-cpdx5aeeg8.exe
Size

261KB
MD5

7d80230df68ccba871815d68f016c282
SHA1

e10874c6108a26ceedfc84f50881824462b5b6b6
SHA256

f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b
SHA512

64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540
SSDEEP

3072:vDKW1LgppLRHMY0TBfJvjcTp5XxG8pt+oSOpE22obq+NYgvPuCEbMBWJxLRiUgV:vDKW1Lgbdl0TBBvjc/M8n35nYgvKjdzi

Score

10^/10

fantom evasion ransomware

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>dSfiZnhPMKdctDA9uE3+8otYF0MV5OeKr8/pgK2KX6/BvewtnGSTBQBAQulfKcIaEPECUQYoMxRaN5S3t1uEenDVzMg5PB+2HdjURsH4Pi+S7xIyOxO3eKV9WnlkRWuLzW8t3FjuiOe23NJTGQfph3P1dusZUjO9YW/BhpV5Rbm3a2OPMdvSYBx2CwPd5KeVEmudIXAVV6tqKWKB6zX/OV81cKvmfnHskpkIUanRhW3vEde3uqMmKf5+SywGDk/gSw0o5uZ1L3AvBUB07ws50WXAaq+wci9/rC9Qy+rVN/+f5esSsjglHHJlDJbX5N3rS6stlVMh0bulBW2BedOzSA==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Signatures

Fantom
Ransomware which hides encryption process behind fake Windows Update screen.
ransomware fantom
Renames multiple (1457) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Disables Task Manager via registry modification
evasion

Executes dropped EXE 1 IoCs

pid	Process
1568	WindowsUpdate.exe

Loads dropped DLL 1 IoCs

pid	Process
2336	240203-cpdx5aeeg8.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\DECRYPT_YOUR_FILES.HTML	240203-cpdx5aeeg8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\DECRYPT_YOUR_FILES.HTML	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\DECRYPT_YOUR_FILES.HTML	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\DECRYPT_YOUR_FILES.HTML	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\UnlockSync.jpeg	240203-cpdx5aeeg8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Mozilla Firefox\install.log	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\DECRYPT_YOUR_FILES.HTML	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jre7\lib\security\US_export_policy.jar	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\logo.png	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\DECRYPT_YOUR_FILES.HTML	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml	240203-cpdx5aeeg8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp	240203-cpdx5aeeg8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\css\currency.css	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\VideoLAN Website.url	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\DECRYPT_YOUR_FILES.HTML	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\DECRYPT_YOUR_FILES.HTML	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar	240203-cpdx5aeeg8.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	240203-cpdx5aeeg8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Microsoft Games\Solitaire\DECRYPT_YOUR_FILES.HTML	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Microsoft Games\Hearts\de-DE\DECRYPT_YOUR_FILES.HTML	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\calendar.html	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\DECRYPT_YOUR_FILES.HTML	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Common Files\System\en-US\DECRYPT_YOUR_FILES.HTML	240203-cpdx5aeeg8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar	240203-cpdx5aeeg8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar	240203-cpdx5aeeg8.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html	240203-cpdx5aeeg8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml	240203-cpdx5aeeg8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv	240203-cpdx5aeeg8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png	240203-cpdx5aeeg8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png	240203-cpdx5aeeg8.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2336	240203-cpdx5aeeg8.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2336	240203-cpdx5aeeg8.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 1568	2336	240203-cpdx5aeeg8.exe	30
PID 2336 wrote to memory of 1568	2336	240203-cpdx5aeeg8.exe	30
PID 2336 wrote to memory of 1568	2336	240203-cpdx5aeeg8.exe	30
PID 2336 wrote to memory of 1568	2336	240203-cpdx5aeeg8.exe	30

C:\Users\Admin\AppData\Local\Temp\240203-cpdx5aeeg8.exe
"C:\Users\Admin\AppData\Local\Temp\240203-cpdx5aeeg8.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  PID:1568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
94c818b3f418b935de0b7e90cbd51ee8

SHA1
093895ad5e60120d12814cd04336cfa9e186e7c8

SHA256
09d087db5b4df8cc8710602db4da10b45ded5e6dca6dc73b5b53082a5b883974

SHA512
0f9a43b978c60bdfb64a92fa82cd62f7df3cfc274b237d2cc86431567791012b7c99ea81b059952d7e3bc627a9d3eb6160d0a50ac0932543664608f8a1e4aced

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
e9947c641afbb41fd8d0eb9e95b73d26

SHA1
26c6d033ded05cf6150299d5a4f74525525f742e

SHA256
a45be38f874e2b19be7774d122598091fcd5495c95f36fc17d01bc050136f94a

SHA512
8b51b11decac343456b2079759963e68ade43e8283e50dffc545ad28bc0d0e1d1ae7eddcfa3e8b31a88a423ad2ab66c1044b82f0ab489904a78c7ff8fc084661

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
34ba70aa9310c1788d7b63cd15b4572d

SHA1
8fdb827181470c248d4aaa50ef1359b0b453d614

SHA256
ae0c2093c9ecb8da342902fb4c162af3970fc4fb5d57ba70b362362bc9280924

SHA512
792a2815381d47579597ed58d78a3054752a0896f407d92a0a917a3c6cc065aed897aa60b87c0a3c78ce1db6bc0d6c2d54e9b3a3285a17ba036186ea8a2fa0db

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
470900bf3a42d7235e9318e3795f5c1e

SHA1
ae5572897600386259d7dd55c82ad7b2b10eaf23

SHA256
51ef3e7cf65b1e8cb0d62e0453d84285839a7006fe2c5ca14d1bf116703f113a

SHA512
529360982a9e5b684f70c082b8b445a052c56adecf6c68feed4f421786a1471a7ac5a8f508a42c85aaa1ea9061e9ae31e80a86a5abc618f884037b2f4b638402

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
af75fa02ed8b4c82eebda54ebb7c5939

SHA1
7413731914d3ca717bf8808187b32d19cbc844f5

SHA256
0295cacdd149bf07eb3242e6762601f07a2b165928643159d57df467e12532ac

SHA512
2ba84b9812977c50bcf62049ddd560a8c0a51d60271f8694807cd8f72c3a591d9fc4a0bb61d2e1521eac2c754cc00db2f6064b8beb9d0094f98ba7b3bda63035

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
8a4efa892b67da86af48a1e72377c7d2

SHA1
09ec3cff18511b51441ed00b15070e56f2dffcbb

SHA256
1a9daeb86b462f9735d55a55251047bcf36b6ce3948e0e73b3f431f76195bbc9

SHA512
7b5adf3ab241e671aa6f3909edb9dbb22ee257c29880f26006a78bbffb3b8c669f2bc1dd26899ab168e3f083a063bed3d1f2c3f8501e3559d872164cf4ff6f52

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.fantom

Filesize
172KB

MD5
a16c42124bcef971f369ac12bc410efa

SHA1
313ae1e721e4262deda6bdb9fbfb304a3b470f0f

SHA256
428bb1431dca25dad08e7939d9eb38fb4350e5f62fa19e8f7743403c57adf127

SHA512
c7a74bc3b023d350b2e13e2306ba6f4f5ee256a7c8e2eb0b92da0c6d8e76d6c177feaacd9c75430f43369a3e578ba89149c4296ff41104f27b615ecc70a35459

Download Submit
\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
memory/1568-655-0x000000001B0D0000-0x000000001B150000-memory.dmp

Filesize
512KB

Download
memory/1568-654-0x000000001B0D0000-0x000000001B150000-memory.dmp

Filesize
512KB

Download
memory/1568-627-0x000007FEF5A90000-0x000007FEF647C000-memory.dmp

Filesize
9.9MB

Download
memory/1568-146-0x000000001B0D0000-0x000000001B150000-memory.dmp

Filesize
512KB

Download
memory/1568-145-0x000000001B0D0000-0x000000001B150000-memory.dmp

Filesize
512KB

Download
memory/1568-144-0x000007FEF5A90000-0x000007FEF647C000-memory.dmp

Filesize
9.9MB

Download
memory/1568-143-0x0000000000F10000-0x0000000000F1C000-memory.dmp

Filesize
48KB

Download
memory/2336-42-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-129-0x0000000004990000-0x00000000049D0000-memory.dmp

Filesize
256KB

Download
memory/2336-48-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-50-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-54-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-56-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-58-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-62-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-66-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-68-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-64-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-60-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-52-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-46-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-44-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-0-0x0000000001FC0000-0x0000000001FF2000-memory.dmp

Filesize
200KB

Download
memory/2336-38-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-32-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-28-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-24-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-18-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-12-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-10-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-40-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-130-0x0000000001E20000-0x0000000001E21000-memory.dmp

Filesize
4KB

Download
memory/2336-131-0x0000000074550000-0x0000000074C3E000-memory.dmp

Filesize
6.9MB

Download
memory/2336-132-0x0000000004990000-0x00000000049D0000-memory.dmp

Filesize
256KB

Download
memory/2336-133-0x0000000004990000-0x00000000049D0000-memory.dmp

Filesize
256KB

Download
memory/2336-134-0x0000000004990000-0x00000000049D0000-memory.dmp

Filesize
256KB

Download
memory/2336-135-0x0000000004990000-0x00000000049D0000-memory.dmp

Filesize
256KB

Download
memory/2336-136-0x0000000002280000-0x000000000228E000-memory.dmp

Filesize
56KB

Download
memory/2336-36-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-34-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-30-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-26-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-22-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-20-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-16-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-14-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-8-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-6-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-5-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/2336-4-0x0000000001FF0000-0x0000000002022000-memory.dmp

Filesize
200KB

Download
memory/2336-3-0x0000000004990000-0x00000000049D0000-memory.dmp

Filesize
256KB

Download
memory/2336-2-0x0000000004990000-0x00000000049D0000-memory.dmp

Filesize
256KB

Download
memory/2336-1-0x0000000074550000-0x0000000074C3E000-memory.dmp

Filesize
6.9MB

Download