Overview

overview

10

Static

static

7

S0FTWARE.zip

windows10-2004-x64

10

Analysis

  • max time kernel
    43s
  • max time network
    46s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/11/2024, 02:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    S0FTWARE.zip

  • Size

    150.4MB

  • MD5

    55917cb8e6da1b0c6a12f2ad056928da

  • SHA1

    2e32942b38afeaab268ae958b4cb5c6732688081

  • SHA256

    15f274ebebfa08bed4cfd70447696f8f2eb3c0444aa33b572b0c370085f324ad

  • SHA512

    48a7d80dbcdf4bfcb78e45f3ae56146ef620990d63e048713ca75aad7aa0954b7b4e4ea83d77071ca74a34dcd2003f7d5e879421a74773e365008cd738f788a2

  • SSDEEP

    3145728:0YQyuFWIZb52RZZCLmup5274CjdLpLqGW5XKsV1FhGG+S3rgmRhqOM:BuFWK81C6up5274gdLpLqGW5XKK1/rgD

Score
10/10
vidarcredential_accessdiscoveryevasionspywarestealerthemidatrojan

Malware Config

Extracted

Family

vidar

C2

https://t.me/asg7rd

https://steamcommunity.com/profiles/76561199794498376
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Signatures

  • Detect Vidar Stealer 15 IoCs
    stealer
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar family
    vidar
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
    evasion
  • Downloads MZ/PE file
  • Uses browser remote debugging 2 TTPs 9 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Themida packer 17 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 8 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 23 IoCs
  • Suspicious use of FindShellTrayWindow 57 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\S0FTWARE.zip"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4776
    • C:\Users\Admin\AppData\Local\Temp\7zO8A2435D7\S0FTWARE.exe
      "C:\Users\Admin\AppData\Local\Temp\7zO8A2435D7\S0FTWARE.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2084
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
        3⤵
        • Uses browser remote debugging
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:4700
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc7b13cc40,0x7ffc7b13cc4c,0x7ffc7b13cc58
          4⤵
            PID:628
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,15245734115779237940,15666860367278883029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1872 /prefetch:2
            4⤵
              PID:3104
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2076,i,15245734115779237940,15666860367278883029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2308 /prefetch:3
              4⤵
                PID:3200
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2128,i,15245734115779237940,15666860367278883029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2580 /prefetch:8
                4⤵
                  PID:1756
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3200,i,15245734115779237940,15666860367278883029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3216 /prefetch:1
                  4⤵
                  • Uses browser remote debugging
                  PID:2284
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3304,i,15245734115779237940,15666860367278883029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:1
                  4⤵
                  • Uses browser remote debugging
                  PID:3880
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4532,i,15245734115779237940,15666860367278883029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4468 /prefetch:1
                  4⤵
                  • Uses browser remote debugging
                  PID:1160
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,15245734115779237940,15666860367278883029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:8
                  4⤵
                    PID:3600
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,15245734115779237940,15666860367278883029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8
                    4⤵
                      PID:2752
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4988,i,15245734115779237940,15666860367278883029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4688 /prefetch:8
                      4⤵
                        PID:1716
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4748,i,15245734115779237940,15666860367278883029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4720 /prefetch:8
                        4⤵
                          PID:2344
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                        3⤵
                        • Uses browser remote debugging
                        • Enumerates system info in registry
                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                        • Suspicious use of FindShellTrayWindow
                        PID:4768
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc7b1446f8,0x7ffc7b144708,0x7ffc7b144718
                          4⤵
                          • Checks processor information in registry
                          • Enumerates system info in registry
                          PID:1460
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5978491214140415796,2683383807086710285,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
                          4⤵
                            PID:5008
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,5978491214140415796,2683383807086710285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
                            4⤵
                              PID:3888
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,5978491214140415796,2683383807086710285,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
                              4⤵
                                PID:4360
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2140,5978491214140415796,2683383807086710285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
                                4⤵
                                • Uses browser remote debugging
                                PID:1400
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2140,5978491214140415796,2683383807086710285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
                                4⤵
                                • Uses browser remote debugging
                                PID:5088
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2140,5978491214140415796,2683383807086710285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
                                4⤵
                                • Uses browser remote debugging
                                PID:2752
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2140,5978491214140415796,2683383807086710285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
                                4⤵
                                • Uses browser remote debugging
                                PID:1192
                          • C:\Users\Admin\AppData\Local\Temp\7zO8A2B2428\S0FTWARE.exe
                            "C:\Users\Admin\AppData\Local\Temp\7zO8A2B2428\S0FTWARE.exe"
                            2⤵
                            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                            • Checks BIOS information in registry
                            • Executes dropped EXE
                            • Checks whether UAC is enabled
                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                            • System Location Discovery: System Language Discovery
                            PID:1716
                        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                          1⤵
                            PID:1872
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                            1⤵
                              PID:3608

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\ProgramData\chrome.dll
                              Filesize

                              676KB

                              MD5

                              eda18948a989176f4eebb175ce806255

                              SHA1

                              ff22a3d5f5fb705137f233c36622c79eab995897

                              SHA256

                              81a4f37c5495800b7cc46aea6535d9180dadb5c151db6f1fd1968d1cd8c1eeb4

                              SHA512

                              160ed9990c37a4753fc0f5111c94414568654afbedc05308308197df2a99594f2d5d8fe511fd2279543a869ed20248e603d88a0b9b8fb119e8e6131b0c52ff85

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                              Filesize

                              649B

                              MD5

                              fdc72b1852ca22107aa32377f4c8ea9a

                              SHA1

                              93b3f31133ff55dd1b125bd74c0d234bd56f6805

                              SHA256

                              7c6b477457070efaddc6a0280aa13e30cf60c84dabc5edc44e7abeeea7fdd55e

                              SHA512

                              8b1d730582a9cfcf9a24cda4c7b4607ff00a28f32d4ab79d8c4ed85a264deec93c24acd4fbbb5e7c80937da63a5223304e82e4d026c6f89abde4ab4034fad26b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                              Filesize

                              2B

                              MD5

                              d751713988987e9331980363e24189ce

                              SHA1

                              97d170e1550eee4afc0af065b78cda302a97674c

                              SHA256

                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                              SHA512

                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              d22073dea53e79d9b824f27ac5e9813e

                              SHA1

                              6d8a7281241248431a1571e6ddc55798b01fa961

                              SHA256

                              86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

                              SHA512

                              97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              bffcefacce25cd03f3d5c9446ddb903d

                              SHA1

                              8923f84aa86db316d2f5c122fe3874bbe26f3bab

                              SHA256

                              23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

                              SHA512

                              761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              646c00f0e33b676e80dc96558cc23f85

                              SHA1

                              1d725cc55a53e55ba03c7e482e28657f590f42c0

                              SHA256

                              8358745633d79006981af69061d6d311e6152da91680221e2945f42896c6b90e

                              SHA512

                              e117edd513293706a996e5ad322e2b86dc05f8088b4cd83ba0710a96b6d8c6bae0dc7861c509c254993a746debd945bf067cd3db1c386bc6888bd086279f6e6c

                              Download Submit

                            • memory/1716-160-0x0000000000920000-0x00000000014B9000-memory.dmp

                              Filesize

                              11.6MB

                              Download

                            • memory/1716-154-0x0000000000920000-0x00000000014B9000-memory.dmp

                              Filesize

                              11.6MB

                              Download

                            • memory/1716-156-0x0000000000920000-0x00000000014B9000-memory.dmp

                              Filesize

                              11.6MB

                              Download

                            • memory/1716-155-0x0000000000920000-0x00000000014B9000-memory.dmp

                              Filesize

                              11.6MB

                              Download

                            • memory/1716-157-0x0000000000920000-0x00000000014B9000-memory.dmp

                              Filesize

                              11.6MB

                              Download

                            • memory/1716-158-0x0000000000920000-0x00000000014B9000-memory.dmp

                              Filesize

                              11.6MB

                              Download

                            • memory/1716-159-0x0000000000920000-0x00000000014B9000-memory.dmp

                              Filesize

                              11.6MB

                              Download

                            • memory/2084-45-0x0000000076230000-0x0000000076231000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2084-24-0x0000000000590000-0x0000000001129000-memory.dmp

                              Filesize

                              11.6MB

                              Download

                            • memory/2084-12-0x0000000000590000-0x0000000001129000-memory.dmp

                              Filesize

                              11.6MB

                              Download

                            • memory/2084-44-0x0000000000590000-0x0000000001129000-memory.dmp

                              Filesize

                              11.6MB

                              Download

                            • memory/2084-48-0x000000001D220000-0x000000001D47F000-memory.dmp

                              Filesize

                              2.4MB

                              Download

                            • memory/2084-37-0x0000000000590000-0x0000000001129000-memory.dmp

                              Filesize

                              11.6MB

                              Download

                            • memory/2084-21-0x0000000000590000-0x0000000001129000-memory.dmp

                              Filesize

                              11.6MB

                              Download

                            • memory/2084-22-0x0000000000590000-0x0000000001129000-memory.dmp

                              Filesize

                              11.6MB

                              Download

                            • memory/2084-90-0x0000000076210000-0x0000000076300000-memory.dmp

                              Filesize

                              960KB

                              Download

                            • memory/2084-27-0x0000000076210000-0x0000000076300000-memory.dmp

                              Filesize

                              960KB

                              Download

                            • memory/2084-100-0x0000000000590000-0x0000000001129000-memory.dmp

                              Filesize

                              11.6MB

                              Download

                            • memory/2084-46-0x0000000076210000-0x0000000076300000-memory.dmp

                              Filesize

                              960KB

                              Download

                            • memory/2084-23-0x0000000000590000-0x0000000001129000-memory.dmp

                              Filesize

                              11.6MB

                              Download

                            • memory/2084-20-0x0000000000590000-0x0000000001129000-memory.dmp

                              Filesize

                              11.6MB

                              Download

                            • memory/2084-19-0x0000000000590000-0x0000000001129000-memory.dmp

                              Filesize

                              11.6MB

                              Download

                            • memory/2084-17-0x0000000076210000-0x0000000076300000-memory.dmp

                              Filesize

                              960KB

                              Download

                            • memory/2084-18-0x0000000076210000-0x0000000076300000-memory.dmp

                              Filesize

                              960KB

                              Download

                            • memory/2084-16-0x0000000076210000-0x0000000076300000-memory.dmp

                              Filesize

                              960KB

                              Download

                            • memory/2084-15-0x0000000076210000-0x0000000076300000-memory.dmp

                              Filesize

                              960KB

                              Download

                            • memory/2084-14-0x0000000076210000-0x0000000076300000-memory.dmp

                              Filesize

                              960KB

                              Download

                            • memory/2084-13-0x0000000076230000-0x0000000076231000-memory.dmp

                              Filesize

                              4KB

                              Download