Overview

overview

10

Static

static

3

f4234a501e...0b.exe

windows7-x64

10

f4234a501e...0b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26-02-2024 14:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b.exe

  • Size

    261KB

  • MD5

    7d80230df68ccba871815d68f016c282

  • SHA1

    e10874c6108a26ceedfc84f50881824462b5b6b6

  • SHA256

    f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b

  • SHA512

    64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540

  • SSDEEP

    3072:vDKW1LgppLRHMY0TBfJvjcTp5XxG8pt+oSOpE22obq+NYgvPuCEbMBWJxLRiUgV:vDKW1Lgbdl0TBBvjc/M8n35nYgvKjdzi

Score
10/10
fantomevasionransomware

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DECRYPT_YOUR_FILES.HTML

Ransom Note
<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>NSbc309QEDv2w3KPY8il7lwN49R7st2xazOKCcTzR2aNg3arHfYnuAwyV/9ZlFvK+3f4jnBIEi/JYP3pZfr5tKm/5dpO/zy9+7r0g5akv+3rZQ9+QdzR5KDSp0edqSQITMQ51NlCOoT065STv1rpeMdu6ry54/0VFWNepncsRs39qiMywGoG1o9BsJcCtnLqah/vXjmO9LbVG13byGFeEG/w7AElfCrbHUWj7PB9TCsKohxAQx/Itri5Qa4pl1Wt7OdO7UetgdgMo3MdwYqtWlYvDEQs25HBz64z2U4tKf/77TATTyWBIFIirXIwrVj2CGQW6+Xgv9aJf/nDnxA89w==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Signatures

  • Fantom

    Ransomware which hides encryption process behind fake Windows Update screen.

    ransomwarefantom
  • Renames multiple (1934) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Disables Task Manager via registry modification
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b.exe
    "C:\Users\Admin\AppData\Local\Temp\f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
      "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
      2⤵
      • Executes dropped EXE
      PID:1428

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DECRYPT_YOUR_FILES.HTML
    Filesize

    1KB

    MD5

    7e0c3667c6ca872ce748883de6fb3ca9

    SHA1

    e491412e142733814ca66ad0b0f481a99c1136d6

    SHA256

    1e257111e6189790f1940e19969777b00310e725395c971abdbaa734b71f278c

    SHA512

    7f41cbc1f6b7d3ad3182ab26bb1a772c90bc7677925925c66c07ffde7e9a34f53ad25ab12508c4174d73559cb0ab90ee43745d65b5d63add53fcc26470931681

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
    Filesize

    5KB

    MD5

    6483efd9796a82cfdc2fccc1f1dd64b8

    SHA1

    e1c5ea98210387d115f3d0e3c0124b8128e54ad4

    SHA256

    ec61ef48c811f5a2dbadf67e917e05c5b7571fb16dd14531bfc9dfa234f1630c

    SHA512

    51230ea162aebfa1571acc06b1f06ed1642cb9854d1e8f901bfce170f3c6913d8e61a7c9ae2a4ec358c7a9f6ccedc014f536ba6aee699359a10c75415c1f553d

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
    Filesize

    31KB

    MD5

    c6d309f0aab765fb5d6d3a931fd59cf4

    SHA1

    91580791b88a10b085e0d3de96f28140c6235a43

    SHA256

    a92149949bf08b712a73c741bfb835f4e6e1aeb887f35922f27dec588e46f680

    SHA512

    e7a3cddd9fd31e23a8c0cc24348b132e94a2fae67b1ebd8db40748c0f743fef73c1ead86428a17c97ddde0f09101013c851b4a565ba84f97a31f8c2125f1a542

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
    Filesize

    4KB

    MD5

    6b6a2832645e697dd700bc76133a907c

    SHA1

    7cde69dc5e2c23c65b51f6b0400bbba06c8d1e5f

    SHA256

    6a0f1175e67e9d7a5b3b3661543d635b431bf57f72fa0fefd840abca5b1a090d

    SHA512

    dc825ba952cbd225edeaa60d185880775ad63be25286d31e0be68351cc5f1aedd69df5dfe0c7d85a7905f2f11be412fd6046c24fd18e19870fba710ed3ff81a1

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
    Filesize

    21KB

    MD5

    ab6bac3f08a051a55147930101997810

    SHA1

    f41413a26cd41ae1e72de89396a68c8874d25546

    SHA256

    d32a4e13dcbc0667402b16712589f35eb80244dfcaca55909bedddece7852dc1

    SHA512

    49acfc577716519719d9a85ece3b5ecab3622488a09615bb97257594d804b76b7e68e5097bd2e6e8b863404c6628b6d36f6c28065e1b4f4da0eb45f722e95cc6

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
    Filesize

    112B

    MD5

    6b5be6e004ea8e4ea8610b8e7811f13b

    SHA1

    367dbf202210542923b8af8021c06a5ad812340c

    SHA256

    70e157ad6d3ffe288a02241a23ceeaafcb7497d6851abb7e5c588727cd9ee87f

    SHA512

    675b8107ab9a76261d57e33a48f3a4e8dd5f3e28df46c84a14d62f8c58e5d97a1866d1c8a32af2fe264c90419c7262ac071314d76f469926ea3674686495d55b

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
    Filesize

    8KB

    MD5

    fad039decb4eee8052d9fe9c0bc5a159

    SHA1

    9b3a739e4308ca55b9c01a53dfedce40408620bf

    SHA256

    ea2b9eef90e25c6b5f0a796b77e4dd56ee6275a9ca4529960b1971f092ae69ab

    SHA512

    3c67a628b5b08dbc6b39f8d22ecd2e10a2b18e366f6c5ea0bb4bfe5558c3faaa957cc643acc8bef28012312969661f7f4fcdae73c50eab3d52dbed7a948a6e91

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
    Filesize

    15KB

    MD5

    ab9f254540e256bcfcbb798765a6bfec

    SHA1

    b9aaf9dbbb91f88fd3dea26fc9332a325184f845

    SHA256

    292b5d2fd67de0017117ffcc751757e5421b573908d6f79dd875bc1cdc056407

    SHA512

    2f6e9846083d352a2a1c4a8e53a67a842a185ccff9959df0b743cb09571ddf6da51a53021bb838279d79eb4b12f881bcfc73dd32065d73c80158c47afa947266

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
    Filesize

    6KB

    MD5

    ff56fcefa9cdab9cd5c8095dccadffa4

    SHA1

    99469a30b684ec396c5fe8b8fc4bbb2a708cfb99

    SHA256

    afb4b2b8e534574510f8c1ba1c43d8820d827e46be7c3fd5063196ca74a61ba8

    SHA512

    fca06d40e2e988c7170acc3df3a38aae91e800b24fcaa14987c5d6beffbfd0ea5b1e87f11c4fa5d023ed189cc33b42cdb1fbd344db2e85ebd644a3dcd594cec0

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
    Filesize

    20KB

    MD5

    4b91052d293f0dca54a3a3c2e7bd7da5

    SHA1

    2557973b623e601d8d3031d12dade876de10e264

    SHA256

    7e70df1152424f27202f94c97a2b69b40a62dd2e9d6b45a5d0f3ada7e7e30d28

    SHA512

    59a727551f281930549628e5cdf7f0858236d6d872fd3670cd31ff895b49bf8f7c6f620d0fbec26ff3025f89ce967489ce1cd74cfecb4e1701b81d57b144d102

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
    Filesize

    6KB

    MD5

    8e223443300b3f32e0fe916dcc14490c

    SHA1

    d9ef9d7f080f91ecc866417983eecdb10627ec9e

    SHA256

    39160f8cd44172aadc530fe9f936a46222769449b666a8584ba0fea7f4b42600

    SHA512

    b3e2094d6af0cbfba65c65c1f53f9d67d9d364ae00520de162130b7b0f1bc016755379f403d3766ba5b13b63e189039a7873516cb2bd8c769a4e51e3a81f6984

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
    Filesize

    15KB

    MD5

    e18bd0476a3670062c17924fbf7ffbde

    SHA1

    6babd59e95512e782c43ac5207ed8be5a6701502

    SHA256

    4fbbcc95644dbf73d185b63ff1c987136cd76e7d56864603d04ca67dc62174fe

    SHA512

    4fe6948666a8cc597f525d95a4e1245774ea7cf2fc8d7f843aea50ea2d6f55015abeb7303521a2f9b04fc3ad4102984cf0254a4374e7ee52e674ff34aa5c05ce

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif
    Filesize

    160B

    MD5

    a40b9a631c68dd3634a0062e126de30b

    SHA1

    ce059f3b81c0b73419ae4bb16cc143f2ff475c1b

    SHA256

    b47728e8d9612d7818eb7c2d6226b850123dcd0d147ca8bb8c74e802c16634e7

    SHA512

    6b2cbf7832de21ff6162f16126be3a75c1e135f90b932dd67874e0eefa88e31b3702344bc62d4aa3c8715af29ab04e56d1ca27c8149cc76b9f9f3118bacb89da

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
    Filesize

    12KB

    MD5

    8da8e5eb3319770b5a0c7edd8583ded2

    SHA1

    4b307d9221d684c624b97500e789036044d28cd9

    SHA256

    d3a5729e950b09adb841cd690fb8b04339be1722ed8be460550ce1f7b8fefed0

    SHA512

    a683de500123f849b9b8606c3595b6069fcfbc6435e6d18dc45d818a4e74f5f4bc656d9e34aecb62b1f05da44e5fcefff6db831f38df5332d50074492789a39c

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
    Filesize

    8KB

    MD5

    07067808885a21d190ab2ce340fba168

    SHA1

    bbda24b0a6675d7e91f7969973a91fdaba915625

    SHA256

    e9b4124889c1e253f8b01a25ff02fb16d56dac350d99a0c3b69dc932d6538882

    SHA512

    be2fd6e6fc1c4a1025cf5600288ed4603334ea0282fb91e6dac6e1a2a3c95e3b915c80e4262b18bade815632fc9584e9893a4d44e02e5e8191e004a15763cb26

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
    Filesize

    11KB

    MD5

    4b9bd10cc0fc295b75ac3abeab354f3a

    SHA1

    d9a32608ab37434840f71b05dab35e12e0e2b226

    SHA256

    5a8f7654c7389987fb7b8bc2c939058baad8a465a9c64e02885c0feedc3e2b86

    SHA512

    0e6e63adf34c21688736128b1ff9827f992ce098080a3437c753a181a8a62d98d79b1e3fcad848413e4911807b01af0f9403c143bf97caae7c7fb210c233a2a1

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
    Filesize

    109KB

    MD5

    b618d34333baac9f50b8381f39331f02

    SHA1

    532b57f2a60a0d0aba17b130db7764463744db66

    SHA256

    b8d31ce24b4fce223520869b4e5d033c03c01b17e0a56b4dd5f3d3fbb6fd390d

    SHA512

    f410a1938767fa7780b98d867da26bdf6d26e5e22c5ddec32fee470a71247a1ca0463f95c8a237abf4792fc158818a1f90423dd707243ab7faeb20cba7134a70

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
    Filesize

    172KB

    MD5

    3f057ef0f8ac05c8823c02121983985b

    SHA1

    8067fca91320532a5065d613adba9b6fcb7f63ae

    SHA256

    88a1df7a77717ac0e27d34b1873104f58d6d4370eab1270c155175da5a358e7f

    SHA512

    f7882512873b0b5fe5c7900a84c830cd624807bfeef3a17d4f8136acad6460c23a866d6072e2fba1194c0523925032b8d982dee14332767f2676affaaa9c4dd4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
    Filesize

    21KB

    MD5

    fec89e9d2784b4c015fed6f5ae558e08

    SHA1

    581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

    SHA256

    489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

    SHA512

    e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

    Download Submit

  • memory/1428-660-0x000000001B0D0000-0x000000001B150000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1428-659-0x000000001B0D0000-0x000000001B150000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1428-658-0x000007FEF5180000-0x000007FEF5B6C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1428-195-0x000000001B0D0000-0x000000001B150000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1428-178-0x000000001B0D0000-0x000000001B150000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1428-147-0x000007FEF5180000-0x000007FEF5B6C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1428-144-0x0000000001170000-0x000000000117C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2376-51-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-63-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-49-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-47-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-43-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-39-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-37-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-33-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-31-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-29-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-25-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-21-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-15-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-130-0x0000000002280000-0x00000000022C0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2376-131-0x0000000000540000-0x0000000000541000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2376-132-0x0000000073F40000-0x000000007462E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2376-133-0x0000000002280000-0x00000000022C0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2376-134-0x0000000002280000-0x00000000022C0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2376-135-0x0000000002280000-0x00000000022C0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2376-136-0x0000000002280000-0x00000000022C0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2376-137-0x0000000002120000-0x000000000212E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2376-57-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-59-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-53-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-69-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-67-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-65-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-61-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-55-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-0-0x0000000073F40000-0x000000007462E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2376-45-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-41-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-35-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-27-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-23-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-19-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-17-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-13-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-11-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-9-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-7-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-6-0x0000000001E50000-0x0000000001E7B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-5-0x0000000001E50000-0x0000000001E82000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2376-4-0x0000000002280000-0x00000000022C0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2376-3-0x0000000002280000-0x00000000022C0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2376-2-0x00000000003D0000-0x0000000000402000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2376-1-0x0000000002280000-0x00000000022C0000-memory.dmp

    Filesize

    256KB

    Download