Overview

overview

10

Static

static

3

2025-02-26...ch.exe

windows7-x64

10

2025-02-26...ch.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/02/2025, 12:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-02-26_1684e9b9f85aaf93d1a90063d386b67f_frostygoop_poet-rat_snatch.exe

  • Size

    8.7MB

  • MD5

    1684e9b9f85aaf93d1a90063d386b67f

  • SHA1

    4ee1fb056218b85f39cd3a35c702aebf00d78f25

  • SHA256

    3d4a254a1e3f1774d188d81c22f4db19d0cd3d6b47eb034ecfcd15a5667a45a0

  • SHA512

    1c3dd0f07a1daa62e7af3b4ef2120ff722b3e7cd8cdf61713812e2945314f108fa1e66468fa28d1f23a996bf9016bd1f3aab2dd98f40492793f9dc5924939559

  • SSDEEP

    49152:zHc0LD04voQr6iZAhhG4YDLduYWnqjoN4KWj4gCCOWuyO0CSgA5QkWhVoUcNvE01:bc0LlXZAC/D3KnabOte3KVIYEnjuq

Score
10/10
vidarcredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/g02f04

https://steamcommunity.com/profiles/76561199828130190
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0

Signatures

  • Detect Vidar Stealer 34 IoCs
    stealer
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar family
    vidar
  • Uses browser remote debugging 2 TTPs 9 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious use of SetThreadContext 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    defense_evasion
  • Enumerates system info in registry 2 TTPs 8 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 14 IoCs
  • Suspicious use of FindShellTrayWindow 51 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-02-26_1684e9b9f85aaf93d1a90063d386b67f_frostygoop_poet-rat_snatch.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-02-26_1684e9b9f85aaf93d1a90063d386b67f_frostygoop_poet-rat_snatch.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3368
    • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
      "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2732
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
        3⤵
        • Uses browser remote debugging
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:1828
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe8055cc40,0x7ffe8055cc4c,0x7ffe8055cc58
          4⤵
            PID:4252
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,12862610765239714696,12063790841122503466,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1940 /prefetch:2
            4⤵
              PID:3064
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1868,i,12862610765239714696,12063790841122503466,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1976 /prefetch:3
              4⤵
                PID:4864
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,12862610765239714696,12063790841122503466,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2244 /prefetch:8
                4⤵
                  PID:4780
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,12862610765239714696,12063790841122503466,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3160 /prefetch:1
                  4⤵
                  • Uses browser remote debugging
                  PID:1632
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,12862610765239714696,12063790841122503466,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3220 /prefetch:1
                  4⤵
                  • Uses browser remote debugging
                  PID:3240
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4148,i,12862610765239714696,12063790841122503466,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4584 /prefetch:1
                  4⤵
                  • Uses browser remote debugging
                  PID:2348
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3652,i,12862610765239714696,12063790841122503466,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4708 /prefetch:8
                  4⤵
                    PID:3516
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,12862610765239714696,12063790841122503466,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4508 /prefetch:8
                    4⤵
                      PID:3924
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4944,i,12862610765239714696,12063790841122503466,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4928 /prefetch:8
                      4⤵
                        PID:2668
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4496,i,12862610765239714696,12063790841122503466,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4420 /prefetch:8
                        4⤵
                          PID:3984
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                        3⤵
                        • Uses browser remote debugging
                        • Enumerates system info in registry
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                        • Suspicious use of FindShellTrayWindow
                        PID:3268
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7f0646f8,0x7ffe7f064708,0x7ffe7f064718
                          4⤵
                          • Checks processor information in registry
                          • Enumerates system info in registry
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3696
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6612858713163365816,255688359756569280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
                          4⤵
                            PID:4744
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6612858713163365816,255688359756569280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
                            4⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4992
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,6612858713163365816,255688359756569280,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
                            4⤵
                              PID:1920
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2104,6612858713163365816,255688359756569280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
                              4⤵
                              • Uses browser remote debugging
                              PID:2144
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2104,6612858713163365816,255688359756569280,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
                              4⤵
                              • Uses browser remote debugging
                              PID:4532
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2104,6612858713163365816,255688359756569280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
                              4⤵
                              • Uses browser remote debugging
                              PID:4700
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2104,6612858713163365816,255688359756569280,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
                              4⤵
                              • Uses browser remote debugging
                              PID:2280
                          • C:\Windows\SysWOW64\cmd.exe
                            "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\hdjw4" & exit
                            3⤵
                            • System Location Discovery: System Language Discovery
                            PID:1156
                            • C:\Windows\SysWOW64\timeout.exe
                              timeout /t 10
                              4⤵
                              • System Location Discovery: System Language Discovery
                              • Delays execution with timeout.exe
                              PID:1656
                      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                        1⤵
                          PID:5088
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                          1⤵
                            PID:212

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                            Filesize

                            649B

                            MD5

                            2d0269b10cb667057f98207c706a6f8f

                            SHA1

                            a8390e687431f5e4cb7383bbde2b49d7b3f11baa

                            SHA256

                            ad25cce05911050649f4545685a54ebb50cc86efa7517db2dc85f407aafc7fc7

                            SHA512

                            6281b3edd6d4e53ab96f5d4d5d908b3e383d70929929bbdc6f3d2db8ce0fdcd460be0a6e554b1d4948a9e9f599bbf3ff0fa9e00c37ac4b5634218382b3b63a6e

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                            Filesize

                            2B

                            MD5

                            d751713988987e9331980363e24189ce

                            SHA1

                            97d170e1550eee4afc0af065b78cda302a97674c

                            SHA256

                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                            SHA512

                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            1bed6483de34dd709e03fd3af839a76b

                            SHA1

                            3724a38c9e51fcce7955a59955d16bf68c083b92

                            SHA256

                            37a42554c291f46995b2487d08d80d94cefe6c7fb3cb4ae9c7c5e515d6b5e596

                            SHA512

                            264f6687ea8a8726b0000de1511b7b764b3d5a6f64946bb83a58effda42839e593de43865dafeeb89f5b78cc00d16f3979b417357fa2799ca0533bdf72f07fda

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            fe6fb7ffeb0894d21284b11538e93bb4

                            SHA1

                            80c71bf18f3798129931b1781115bbef677f58f0

                            SHA256

                            e36c911b7dbea599da8ed437b46e86270ce5e0ac34af28ac343e22ecff991189

                            SHA512

                            3a8bd7b31352edd02202a7a8225973c10e3d10f924712bb3fffab3d8eea2d3d132f137518b5b5ad7ea1c03af20a7ab3ff96bd99ec460a16839330a5d2797753b

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            5bd56db3531cceba0d15a9a3ca197d43

                            SHA1

                            416150e72c0647b19b8bb294c018f56a0b90658d

                            SHA256

                            9bd67e638a1874f8f033411c5154bf2fd173e528621d0218f4bcb76023879e73

                            SHA512

                            661fac569864740c6742f1fe9ccf1027f7cad9a6328197a0cb1fe4a46ccec586743bea431bfc824d9c96ab4d45bf5dc7e64918825e2fc17d9151fb05c916b15d

                            Download Submit

                          • memory/2732-74-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-1-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-12-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-11-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-10-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-56-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-57-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-60-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-64-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-65-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-66-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-70-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-72-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-73-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-0-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-9-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-2-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-15-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-105-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-106-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-109-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-113-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-114-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-115-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-119-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-123-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-124-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-127-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-128-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-132-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-133-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-138-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-139-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-140-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2732-143-0x0000000000400000-0x0000000000422000-memory.dmp

                            Filesize

                            136KB

                            Download