vidar | 4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5

Analysis

max time kernel
147s
max time network
160s
platform
windows7_x64
resource
win7-20220718-en
resource tags

arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
submitted
20-07-2022 15:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5.exe
Size

1.9MB
MD5

d74e3e939a60460a2e38221e8c5ef2e8
SHA1

209f6907cc17b1485605243fd521ee6a6fe4ffcb
SHA256

4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5
SHA512

bd3dd0595ce57f2430f370d4d642aa74c4bef482db8180dc31e74a3b2501ef3686ca638831e5bb8ad5f56e2dc620a7029aba7f607f2021286e41654ac60eac61

Score

10^/10

vidar 1148 stealer

Malware Config

Extracted

Family

vidar

Version

50.1

Botnet

1148

https://mastodon.online/@k1llerniax

https://koyu.space/@k1llerni2x

Attributes

profile_id
1148

Signatures

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar

Vidar Stealer 4 IoCs

stealer

Processes:

resource	yara_rule
behavioral1/memory/384-55-0x0000000000D50000-0x0000000000F1D000-memory.dmp	family_vidar
behavioral1/memory/384-56-0x0000000000D50000-0x0000000000F1D000-memory.dmp	family_vidar
behavioral1/memory/384-65-0x0000000000D50000-0x0000000000F1D000-memory.dmp	family_vidar
behavioral1/memory/384-79-0x0000000000D50000-0x0000000000F1D000-memory.dmp	family_vidar

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5.exe

pid process

384 4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5.exe

pid	process
384	4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5.exe

pid process

384 4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5.exe

pid	process
384	4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5.exe

C:\Users\Admin\AppData\Local\Temp\4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5.exe
"C:\Users\Admin\AppData\Local\Temp\4f385cf218fe05b153e2dad071522c780f8959fcd2b61606d27e59d202fcb4f5.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:384

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/384-54-0x0000000000D50000-0x0000000000F1D000-memory.dmp

Filesize
1.8MB

Download
memory/384-55-0x0000000000D50000-0x0000000000F1D000-memory.dmp

Filesize
1.8MB

Download
memory/384-56-0x0000000000D50000-0x0000000000F1D000-memory.dmp

Filesize
1.8MB

Download
memory/384-57-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

Filesize
8KB

Download
memory/384-58-0x0000000075A70000-0x0000000075B1C000-memory.dmp

Filesize
688KB

Download
memory/384-60-0x0000000075610000-0x000000007576C000-memory.dmp

Filesize
1.4MB

Download
memory/384-61-0x0000000074670000-0x0000000074800000-memory.dmp

Filesize
1.6MB

Download
memory/384-62-0x0000000076B50000-0x0000000076B97000-memory.dmp

Filesize
284KB

Download
memory/384-63-0x0000000074D40000-0x0000000074D4C000-memory.dmp

Filesize
48KB

Download
memory/384-64-0x0000000075770000-0x000000007588D000-memory.dmp

Filesize
1.1MB

Download
memory/384-65-0x0000000000D50000-0x0000000000F1D000-memory.dmp

Filesize
1.8MB

Download
memory/384-66-0x0000000000110000-0x000000000015C000-memory.dmp

Filesize
304KB

Download
memory/384-67-0x0000000076B50000-0x0000000076B97000-memory.dmp

Filesize
284KB

Download
memory/384-68-0x0000000074650000-0x0000000074667000-memory.dmp

Filesize
92KB

Download
memory/384-70-0x0000000076BA0000-0x0000000076BF7000-memory.dmp

Filesize
348KB

Download
memory/384-71-0x0000000075290000-0x00000000752C5000-memory.dmp

Filesize
212KB

Download
memory/384-72-0x0000000074500000-0x000000007454F000-memory.dmp

Filesize
316KB

Download
memory/384-73-0x0000000074550000-0x00000000745A8000-memory.dmp

Filesize
352KB

Download
memory/384-75-0x0000000074541000-0x0000000074559000-memory.dmp

Filesize
96KB

Download
memory/384-74-0x00000000748F0000-0x00000000748FB000-memory.dmp

Filesize
44KB

Download
memory/384-77-0x00000000744B0000-0x00000000744F4000-memory.dmp

Filesize
272KB

Download
memory/384-78-0x0000000075580000-0x000000007560F000-memory.dmp

Filesize
572KB

Download
memory/384-79-0x0000000000D50000-0x0000000000F1D000-memory.dmp

Filesize
1.8MB

Download
memory/384-81-0x0000000076B50000-0x0000000076B97000-memory.dmp

Filesize
284KB

Download
memory/384-80-0x0000000000110000-0x000000000015C000-memory.dmp

Filesize
304KB

Download
memory/384-82-0x00000000742D0000-0x000000007430D000-memory.dmp

Filesize
244KB

Download
memory/384-83-0x0000000075940000-0x000000007596D000-memory.dmp

Filesize
180KB

Download
memory/384-84-0x0000000074600000-0x0000000074616000-memory.dmp

Filesize
88KB

Download
memory/384-85-0x00000000758F0000-0x0000000075909000-memory.dmp

Filesize
100KB

Download
memory/384-86-0x0000000074310000-0x0000000074348000-memory.dmp

Filesize
224KB

Download
memory/384-87-0x0000000075B20000-0x0000000075B65000-memory.dmp

Filesize
276KB

Download
memory/384-88-0x0000000074290000-0x00000000742AC000-memory.dmp

Filesize
112KB

Download
memory/384-89-0x00000000741D0000-0x000000007421F000-memory.dmp

Filesize
316KB

Download
memory/384-90-0x0000000074220000-0x0000000074278000-memory.dmp

Filesize
352KB

Download
memory/384-91-0x0000000074C00000-0x0000000074C0C000-memory.dmp

Filesize
48KB

Download
memory/384-93-0x0000000074C70000-0x0000000074C97000-memory.dmp

Filesize
156KB

Download
memory/384-94-0x0000000075910000-0x0000000075922000-memory.dmp

Filesize
72KB

Download
memory/384-95-0x00000000750F0000-0x000000007528D000-memory.dmp

Filesize
1.6MB

Download
memory/384-96-0x00000000741B0000-0x00000000741C5000-memory.dmp

Filesize
84KB

Download
memory/384-97-0x00000000741A0000-0x00000000741AE000-memory.dmp

Filesize
56KB

Download
memory/384-98-0x0000000075910000-0x0000000075922000-memory.dmp

Filesize
72KB

Download
memory/384-99-0x00000000750F0000-0x000000007528D000-memory.dmp

Filesize
1.6MB

Download
memory/384-101-0x00000000750F0000-0x000000007528D000-memory.dmp

Filesize
1.6MB

Download
memory/384-100-0x0000000075910000-0x0000000075922000-memory.dmp

Filesize
72KB

Download
memory/384-103-0x00000000750F0000-0x000000007528D000-memory.dmp

Filesize
1.6MB

Download
memory/384-102-0x0000000075910000-0x0000000075922000-memory.dmp

Filesize
72KB

Download
memory/384-105-0x00000000750F0000-0x000000007528D000-memory.dmp

Filesize
1.6MB

Download
memory/384-104-0x0000000075910000-0x0000000075922000-memory.dmp

Filesize
72KB

Download
memory/384-107-0x00000000750F0000-0x000000007528D000-memory.dmp

Filesize
1.6MB

Download
memory/384-106-0x0000000075910000-0x0000000075922000-memory.dmp

Filesize
72KB

Download
memory/384-109-0x00000000750F0000-0x000000007528D000-memory.dmp

Filesize
1.6MB

Download
memory/384-108-0x0000000075910000-0x0000000075922000-memory.dmp

Filesize
72KB

Download
memory/384-111-0x00000000750F0000-0x000000007528D000-memory.dmp

Filesize
1.6MB

Download
memory/384-110-0x0000000075910000-0x0000000075922000-memory.dmp

Filesize
72KB

Download
memory/384-112-0x0000000075910000-0x0000000075922000-memory.dmp

Filesize
72KB

Download
memory/384-113-0x00000000750F0000-0x000000007528D000-memory.dmp

Filesize
1.6MB

Download
memory/384-115-0x00000000750F0000-0x000000007528D000-memory.dmp

Filesize
1.6MB

Download
memory/384-114-0x0000000075910000-0x0000000075922000-memory.dmp

Filesize
72KB

Download
memory/384-116-0x0000000075910000-0x0000000075922000-memory.dmp

Filesize
72KB

Download
memory/384-117-0x00000000750F0000-0x000000007528D000-memory.dmp

Filesize
1.6MB

Download
memory/384-119-0x00000000750F0000-0x000000007528D000-memory.dmp

Filesize
1.6MB

Download
memory/384-118-0x0000000075910000-0x0000000075922000-memory.dmp

Filesize
72KB

Download
memory/384-120-0x0000000075910000-0x0000000075922000-memory.dmp

Filesize
72KB

Download
memory/384-121-0x00000000750F0000-0x000000007528D000-memory.dmp

Filesize
1.6MB

Download
memory/384-123-0x00000000750F0000-0x000000007528D000-memory.dmp

Filesize
1.6MB

Download
memory/384-122-0x0000000075910000-0x0000000075922000-memory.dmp

Filesize
72KB

Download
memory/384-124-0x0000000075910000-0x0000000075922000-memory.dmp

Filesize
72KB

Download
memory/384-125-0x00000000750F0000-0x000000007528D000-memory.dmp

Filesize
1.6MB

Download
memory/384-127-0x00000000750F0000-0x000000007528D000-memory.dmp

Filesize
1.6MB

Download
memory/384-126-0x0000000075910000-0x0000000075922000-memory.dmp

Filesize
72KB

Download