vidar | 0e6dc61eef774aaaf2688f2d1052089d0740c9e9d80cc9d877b1b6cb6b94a68c

Analysis

max time kernel
89s
max time network
159s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
29-01-2025 15:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TradingView Premium Desktop.exe
Size

800.0MB
MD5

87c22d55039390e021ba244385351eeb
SHA1

66f39bcfafb2eccde13032d5635b736cdcb8ea4d
SHA256

54cb78a1ec13e7c16b8dd5873314845e5be004616e36082ced3b64fec5b99d1b
SHA512

093c51d332b51648005e47246c99b145b95ffbee5a4cb6811a474cdfd8a005b49febe01c35cadb6d38f40e079e96e12c9f45ea3964f956e0293cfdb1ccc63962
SSDEEP

24576:A3XMwyMuyLcboi2WCcz2xW/Yq7HOP6xlMnw/hqVInp:qpytsMoi23cIWJC6xlMVVInp

Score

10^/10

vidar discovery stealer

Malware Config

Extracted

Family

vidar

https://t.me/m08mbk

https://steamcommunity.com/profiles/76561199820567237

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Signatures

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Vidar family
vidar

Executes dropped EXE 1 IoCs

pid	Process
4240	Elizabeth.com

Enumerates processes with tasklist 1 TTPs 2 IoCs

discovery

Process Discovery

T1057

pid	Process
3596	tasklist.exe
3352	tasklist.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\InternetPunishment	TradingView Premium Desktop.exe
File opened for modification	C:\Windows\RipeArrangements	TradingView Premium Desktop.exe
File opened for modification	C:\Windows\RequestingCount	TradingView Premium Desktop.exe
File opened for modification	C:\Windows\PlymouthCharles	TradingView Premium Desktop.exe
File opened for modification	C:\Windows\AssociationsCamcorders	TradingView Premium Desktop.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Elizabeth.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	extrac32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TradingView Premium Desktop.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	choice.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4240	Elizabeth.com
4240	Elizabeth.com
4240	Elizabeth.com
4240	Elizabeth.com
4240	Elizabeth.com
4240	Elizabeth.com
4240	Elizabeth.com
4240	Elizabeth.com
4240	Elizabeth.com
4240	Elizabeth.com
4240	Elizabeth.com
4240	Elizabeth.com

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3596	tasklist.exe
Token: SeDebugPrivilege	3352	tasklist.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4240	Elizabeth.com
4240	Elizabeth.com
4240	Elizabeth.com

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4240	Elizabeth.com
4240	Elizabeth.com
4240	Elizabeth.com

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 1616	2332	TradingView Premium Desktop.exe	77
PID 2332 wrote to memory of 1616	2332	TradingView Premium Desktop.exe	77
PID 2332 wrote to memory of 1616	2332	TradingView Premium Desktop.exe	77
PID 1616 wrote to memory of 3596	1616	cmd.exe	79
PID 1616 wrote to memory of 3596	1616	cmd.exe	79
PID 1616 wrote to memory of 3596	1616	cmd.exe	79
PID 1616 wrote to memory of 2560	1616	cmd.exe	80
PID 1616 wrote to memory of 2560	1616	cmd.exe	80
PID 1616 wrote to memory of 2560	1616	cmd.exe	80
PID 1616 wrote to memory of 3352	1616	cmd.exe	82
PID 1616 wrote to memory of 3352	1616	cmd.exe	82
PID 1616 wrote to memory of 3352	1616	cmd.exe	82
PID 1616 wrote to memory of 4356	1616	cmd.exe	83
PID 1616 wrote to memory of 4356	1616	cmd.exe	83
PID 1616 wrote to memory of 4356	1616	cmd.exe	83
PID 1616 wrote to memory of 3056	1616	cmd.exe	84
PID 1616 wrote to memory of 3056	1616	cmd.exe	84
PID 1616 wrote to memory of 3056	1616	cmd.exe	84
PID 1616 wrote to memory of 2656	1616	cmd.exe	85
PID 1616 wrote to memory of 2656	1616	cmd.exe	85
PID 1616 wrote to memory of 2656	1616	cmd.exe	85
PID 1616 wrote to memory of 1604	1616	cmd.exe	86
PID 1616 wrote to memory of 1604	1616	cmd.exe	86
PID 1616 wrote to memory of 1604	1616	cmd.exe	86
PID 1616 wrote to memory of 4148	1616	cmd.exe	87
PID 1616 wrote to memory of 4148	1616	cmd.exe	87
PID 1616 wrote to memory of 4148	1616	cmd.exe	87
PID 1616 wrote to memory of 4260	1616	cmd.exe	88
PID 1616 wrote to memory of 4260	1616	cmd.exe	88
PID 1616 wrote to memory of 4260	1616	cmd.exe	88
PID 1616 wrote to memory of 4240	1616	cmd.exe	89
PID 1616 wrote to memory of 4240	1616	cmd.exe	89
PID 1616 wrote to memory of 4240	1616	cmd.exe	89
PID 1616 wrote to memory of 1512	1616	cmd.exe	90
PID 1616 wrote to memory of 1512	1616	cmd.exe	90
PID 1616 wrote to memory of 1512	1616	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\TradingView Premium Desktop.exe
"C:\Users\Admin\AppData\Local\Temp\TradingView Premium Desktop.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c copy Oracle Oracle.cmd & Oracle.cmd
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1616
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:3596
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "opssvc wrsa"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2560
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:3352
- - C:\Windows\SysWOW64\findstr.exe
    findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4356
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c md 746279
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3056
- - C:\Windows\SysWOW64\extrac32.exe
    extrac32 /Y /E Another
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2656
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V "TALENTED" Taxes
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1604
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b 746279\Elizabeth.com + Center + Activities + Loving + Hang + Futures + Beads + Engineers + Generation + Sense + Reproduce 746279\Elizabeth.com
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4148
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b ..\Expedia + ..\Dod + ..\Tax + ..\Editing + ..\Furniture + ..\Edward g
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4260
- - C:\Users\Admin\AppData\Local\Temp\746279\Elizabeth.com
    Elizabeth.com g
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4240
- - C:\Windows\SysWOW64\choice.exe
    choice /d y /t 5
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\746279\Elizabeth.com

Filesize
337B

MD5
13556a1ce16ecbc3f3b57448e6471a98

SHA1
89f64906a545ae37ab6bbc4af6a8a78e2b3a9e63

SHA256
d825cb01c344e7be8775e8eca0ba000b95582271fe7cfb311476fc8df50ccaec

SHA512
7c62823c3215514349c07a56e8fce0b1d9524dee972d08d5aafcd5abf43e719b8d51ef4267b12d7f4bd0faeb912972578ea440cc65a16a6cf0b989cefdbfd25e

Download Submit
C:\Users\Admin\AppData\Local\Temp\746279\Elizabeth.com

Filesize
925KB

MD5
62d09f076e6e0240548c2f837536a46a

SHA1
26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

SHA256
1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

SHA512
32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

Download Submit
C:\Users\Admin\AppData\Local\Temp\746279\g

Filesize
423KB

MD5
a9bb3675a9ed760bf3c476669a01ca46

SHA1
8259623c725820bc8e32e1839843fc41e78b4061

SHA256
2ec55854bb740cf6e06c04ab4a158fd2bf1a3babf25554c194289b40ea2ce7dc

SHA512
2fe90ce2a6e7a71fa7fc6c5364cf938613bf208425f7de97f246200ff2956dffb86e0a818e6b5c777565c70d3371c326d91d1e63098f467375963bccc0c3ffd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Activities

Filesize
91KB

MD5
a235db1fbea9dd3329fbc1a3cd313985

SHA1
45dd0895f0a44709577761cc0924fbc89ea0c831

SHA256
bfded808c91e2ee69fd090d55e2f3dbec64e8f62a5517c62216247a8c315073e

SHA512
2d95a345d27e1d72e97351ab029ecb950362250db585a14b20523715708fcd6a145eca002786ef00934bae410bc9a4f746d3bfbb0500ae21f022a05bfc6fd1a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Another

Filesize
476KB

MD5
2436835e2178e39ffa35af2de95ddbc0

SHA1
2086c3d40dd43e43df8a6ec505b3e7af3c2453b1

SHA256
098434d7d3366a11f1b424fe7d1902af1db4f80e414ed235d4aa0bd04f262246

SHA512
3d15c3b5499445f0340a9d333c53e2d67635af776814a29d519e8899bfda318040abd5a7d3ae6ad09ee0efe4a9e3bd1da7cabed4741d345b7e99bdae06b50f04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Beads

Filesize
126KB

MD5
d989aee28d588fab6568646ec48dae2f

SHA1
78cf7664430aecfa67acf7ec56386d0914de76f8

SHA256
c99943f61eaffe7ca4f800c74b2242eac5cb156f8639b003c0a5a6383cd4602a

SHA512
17f1b1a8838cf2d0eb50f7a74ade49b9f28a3dc96d668cee54d972495bf81383bf270133ebccca892104f5323c77417cb9f4c400f62982abd3fd5e9847d84197

Download Submit
C:\Users\Admin\AppData\Local\Temp\Center

Filesize
88KB

MD5
32730909448a86be661b0de62df052bb

SHA1
0532e5793ddd54c19508c56f8c4ddd8adfb593cc

SHA256
4dec548e01bc4ae2fbe0812cb2f0613e23c9d54ee535046424d2ea6a26e3af59

SHA512
864ccd88c0fdbe030eb017fb652de542060b9ddcda00395e26373871de518fee6c4d606fa851c5f0466d0e19a6f907450eea6219fabe30beafbcb2fec6a1d837

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dod

Filesize
63KB

MD5
89fbf2b64bf9d6cc281ead7ac49cc813

SHA1
f9d75fd052dc157d8bdabcb94e3efe5fc545cc34

SHA256
6466e4d6f5a56aaa79bb6b6a6c64aeb3c5ca3e2240b53434b1cd4402c842afaf

SHA512
abf6a07efaffafb5eb62239ce2366008c56aa8236d4c8a6a891530cf87b8c1a99d3a5e543d0f1342afd4bcd300c56e1c77b7e0c3d5602f78386db1cfdc91badc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Editing

Filesize
61KB

MD5
cf0897c58cc959cb27d766738424f603

SHA1
addb817362c021088abd90d7e1a4e841c6570f07

SHA256
a585e372d247aa4632e7a982d8fe35aad7ffd56f0de30fe0504b3805182509a2

SHA512
3285b6b5e7db5e9d7a3624026f68cd0ec9ee587d8027bb13ea3831ec490bc8d61ff83d3f176edbd72623a2236b970c4eb8a1cfc5265d803434dd414742e53988

Download Submit
C:\Users\Admin\AppData\Local\Temp\Edward

Filesize
34KB

MD5
931386aa6c3bdf745621c3794f136576

SHA1
aa98493b53a9045753e554c812748e801f8c0b6c

SHA256
ff9073a17de7e9875e7398455f521e9bac8b63646ba08f90e48b07f20d325f24

SHA512
094677a51153932ac63b227b6ea497a5bd71df1eead928c97e86c52cef5b6a7312ecee1a68c9e1e2099edc0dadfdb653e500f3e83c7e569be18515a1b17c6052

Download Submit
C:\Users\Admin\AppData\Local\Temp\Engineers

Filesize
73KB

MD5
71b7b1b0f3f5976babed7c2b59ef1ac3

SHA1
57bd2a80fb9f348999e80ca9ab077a397ad5dff6

SHA256
1a4a94cfed596ed380984047364a1c222c81a06b13c06150fd69d264b54ea4f0

SHA512
b50dfe8eebac4b0f5a9bd05bde0f49d9ec0ee6778dfc4c289bd2ab3dc7782c3ba6427ea2ce57ab206f4cf590fdba00b4bc9e6f907fad152f7b86756d28c016b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Expedia

Filesize
78KB

MD5
53b7acc9e9599f6d05603acb2c03689b

SHA1
0622cb07be3efc7abc5bb0b98fff5be1d193be64

SHA256
380b679fa83b0502cb6df91a54bc69636319b50712203b4d03d2f315d8209b97

SHA512
eeb3abaee0853782e7f44065df3947e5708ae7c3dcf902095d93094186b5a70e60c2d56da358a74a3026d41b7431772bfd60bef46ad26198b58a7cc21f7d977f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Furniture

Filesize
91KB

MD5
f557e7cceb9e56a53c0c4fa30713d8c2

SHA1
6dbf3e8bd85551909945064029bf0215ffa32a55

SHA256
175b22ed069219c77100e3a3a3004d03316dcf078e51190ebe5e23ee897e24f2

SHA512
95f5f9ff855235651d3a1cdc84d4b03977199f36f63126017430fbba441865991f84a5e6969ab55360af97f20d45aafd7afa0e25d8bebc425a5e4fddb141c8c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Futures

Filesize
73KB

MD5
b59360f214a9479c09656e6feca14eb5

SHA1
0b6fde6c5d3b083cfd8103c23e33b095bf644c60

SHA256
d0220e0df2e5a4d40d6f2fa27746e5f4d7ba8767d30bc5d45bf3f25127ddcb21

SHA512
41f95d1def2116d66fbcf7b153a8ce68d7a6215b4ef6f8b912896d5dd7119b854ee44288b136066a500ca238f742c20fc7b9761ed35814fe6bffeb4644a1c158

Download Submit
C:\Users\Admin\AppData\Local\Temp\Generation

Filesize
72KB

MD5
0acded41607c73b5f10a3e1df87a0c01

SHA1
4d1583aba1697f65e271e326406801a327ae58dc

SHA256
f5afd3b49e6e83b7854d2c3f587423387a985e600f3dbb4b616865fb018242cf

SHA512
36883016f5c6f11ebd2dd3e28d71b86344302dcec998a50a3172a451992e7d50963a9f6953f3d97c9e21eaa35479a91e1b2562ce8f9ff5115040d9b44c37c81f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hang

Filesize
127KB

MD5
d904c3b9e2a653a0e259c1f0c92adafe

SHA1
58b5b8a33a45b4f7d0766b0b11d5083bd70af35b

SHA256
0b12408a1a69d0cb83ad67b530df07e4b1e1802843f5b3167aa2f392a7d951b7

SHA512
297efe5d9cfde1d04baaf5ecb619620f69d0704765ac6f2a743580d1be54357c6e36b01f0e5457777644ea6276a9eaf73b858a6a7d849a733c3b9324f9e63ea2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Loving

Filesize
140KB

MD5
0dd4824b73faace1896de1d1054d468f

SHA1
75339c3903ac927ea903beaf3ba1db1ae417835d

SHA256
4ab4d0c6a7723a0036720906c4be97041e20093791cd2e4b49ecab66ce358bcf

SHA512
6e30a1d5bd117ed89054fdad32c0bf63f1b7a1572f3f9132f89eecdee30b61712dacbcea82db2be3c2c81eca55d9c02267a26e59fbe5f84b68e5202225eab80c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Oracle

Filesize
30KB

MD5
19c2b8c2723dd4c009e918e81f931488

SHA1
71214aaeefa800bb4774fe91d895a46d9437029c

SHA256
4992ed7a48ccdc096580d3324f889ddf5f3ab829a9199c37c2294e5fe6a9a7f1

SHA512
c599e65295cd4d81deec472d7b30bd35743f705dbc5f686ae2455302283ea8140de4916d53df76f1620fc3f755c3be1d09224f6e5fe78667bc031c40fa50ba56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Reproduce

Filesize
57KB

MD5
1f90a05b185de488d0c2e2a344a04805

SHA1
ea93cc89f1225a394aa755d11e18256fb43797cb

SHA256
633d5194ad4cc0031720bf17dd563310df4fbe92f80424edcd89225544134754

SHA512
32c1353429cb0ac247fbbe3b39789edf76eddf452d39fadd816dfd493fa8531c36da81947bf59ce0f355393fa2522686e6f14e5df6f7d5e6a96e6755a3f61f71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sense

Filesize
77KB

MD5
06cfe76dbb65c2649ba5b0592fa98e86

SHA1
8cf32ffe1826f1ab2d5caed6d0673e9c97954883

SHA256
291b52f19429d8f8624afee6f3d94583c9091165894a22cc7f6348437e3f8aeb

SHA512
548bbcfe898b22ff8ee66981d3b225e32ea8426c29c835d82ce7b1a316d7a90c421a906b9f28b47409c0fce960d52d7974705189bace6264347c9a0c4a566c52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tax

Filesize
96KB

MD5
fd11c461e85a3d2d6519d628bb83d985

SHA1
2b76bb3f4502e942441595e3bf256c470ccbe86e

SHA256
63748a10997d66f2b065fe1c5a3ea184d917ce23a7f76bfd1c675dbc321355ac

SHA512
009e32e8a5f646dc4b091c555898ccfdd9d070c0c8d5cb10500eaf698fa70386aedece72663d4b3ae66feeb32010ac9a5ab3cd4ec1733b260e27d74439059410

Download Submit
C:\Users\Admin\AppData\Local\Temp\Taxes

Filesize
345B

MD5
caf1c1b5248c872332d18b95fd73c17b

SHA1
660cc7f650f7ae0ad9e97c72c7f340b289dfae8f

SHA256
3f5e18ab59b55244e571217d8b06ed76028bbce800a907bb927398f4f6ebaef9

SHA512
b149af8fe994c907634f247c9c13dac27dbbfdc4159e05fbc1c20fecfe2245e41add3b9707ef4667a1f62c0c47d85336aefcf79621b4aef00d295dcba7ff19ec

Download Submit
memory/4240-739-0x0000000000120000-0x000000000016B000-memory.dmp

Filesize
300KB

Download
memory/4240-741-0x0000000000120000-0x000000000016B000-memory.dmp

Filesize
300KB

Download
memory/4240-740-0x0000000000120000-0x000000000016B000-memory.dmp

Filesize
300KB

Download
memory/4240-742-0x0000000000120000-0x000000000016B000-memory.dmp

Filesize
300KB

Download
memory/4240-745-0x0000000000120000-0x000000000016B000-memory.dmp

Filesize
300KB

Download
memory/4240-743-0x0000000000120000-0x000000000016B000-memory.dmp

Filesize
300KB

Download
memory/4240-744-0x0000000000120000-0x000000000016B000-memory.dmp

Filesize
300KB

Download