Overview

overview

10

Static

static

3

file.exe

windows10-2004-x64

10

file.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250410-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2025, 06:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    820KB

  • MD5

    3cd0db86d5e81b8825b77e67df41bf1a

  • SHA1

    cd22219cff15afd6666866a39025cdbabcf39672

  • SHA256

    f0e69027e42692d86e5568255610cf9b07223b9cf07327a3d78086c60102e47d

  • SHA512

    30c04177a69bf1796ec2f059031f280a385dfeeeadb84e66172f6258efbb96184905604a402b65889430948aef0f5e8d1e86370f5959157618c52374f00821df

  • SSDEEP

    12288:4/DKcz2a8Ep3A5WWwLUWdt6/FcMMSdLHmc+9LKLdEEo4Edka+9LKLdEEo4Edkl:QKcz2aN34WWXN/FAcaKLdjRaaKLdjRl

Score
10/10
vidarc466785b3a34d7b3c4d6db04a068b664credential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

13.5

Botnet

c466785b3a34d7b3c4d6db04a068b664

C2

https://t.me/v00rd

https://steamcommunity.com/profiles/76561199846773220
Attributes
  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0

Signatures

  • Detect Vidar Stealer 36 IoCs
    stealer
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar family
    vidar
  • Uses browser remote debugging 2 TTPs 8 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious use of SetThreadContext 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    defense_evasion
  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 14 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:5900
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:6128
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
        3⤵
        • Uses browser remote debugging
        • Checks processor information in registry
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:4676
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff922e8dcf8,0x7ff922e8dd04,0x7ff922e8dd10
          4⤵
            PID:4688
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2020,i,10046693409761494627,12829564773327628616,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2016 /prefetch:2
            4⤵
              PID:2436
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2156,i,10046693409761494627,12829564773327628616,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1936 /prefetch:3
              4⤵
                PID:1720
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2404,i,10046693409761494627,12829564773327628616,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2560 /prefetch:8
                4⤵
                  PID:4832
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3236,i,10046693409761494627,12829564773327628616,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3292 /prefetch:1
                  4⤵
                  • Uses browser remote debugging
                  PID:5036
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3244,i,10046693409761494627,12829564773327628616,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3320 /prefetch:1
                  4⤵
                  • Uses browser remote debugging
                  PID:5060
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4056,i,10046693409761494627,12829564773327628616,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4064 /prefetch:2
                  4⤵
                  • Uses browser remote debugging
                  PID:2072
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3248,i,10046693409761494627,12829564773327628616,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4616 /prefetch:1
                  4⤵
                  • Uses browser remote debugging
                  PID:4828
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5304,i,10046693409761494627,12829564773327628616,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5320 /prefetch:8
                  4⤵
                    PID:5860
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5360,i,10046693409761494627,12829564773327628616,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5416 /prefetch:8
                    4⤵
                      PID:6072
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                    3⤵
                    • Uses browser remote debugging
                    • Enumerates system info in registry
                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                    • Suspicious use of FindShellTrayWindow
                    PID:3436
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ff922e6f208,0x7ff922e6f214,0x7ff922e6f220
                      4⤵
                        PID:5308
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1916,i,17307133353767309024,6746440523171755785,262144 --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:3
                        4⤵
                          PID:8
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2188,i,17307133353767309024,6746440523171755785,262144 --variations-seed-version --mojo-platform-channel-handle=2184 /prefetch:2
                          4⤵
                            PID:5960
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2568,i,17307133353767309024,6746440523171755785,262144 --variations-seed-version --mojo-platform-channel-handle=2720 /prefetch:8
                            4⤵
                              PID:3604
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3436,i,17307133353767309024,6746440523171755785,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
                              4⤵
                              • Uses browser remote debugging
                              PID:2444
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3444,i,17307133353767309024,6746440523171755785,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
                              4⤵
                              • Uses browser remote debugging
                              PID:1472
                          • C:\Windows\SysWOW64\cmd.exe
                            "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\u37g4" & exit
                            3⤵
                            • System Location Discovery: System Language Discovery
                            PID:1876
                            • C:\Windows\SysWOW64\timeout.exe
                              timeout /t 11
                              4⤵
                              • System Location Discovery: System Language Discovery
                              • Delays execution with timeout.exe
                              PID:4008
                      • C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
                        1⤵
                          PID:4988
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                          1⤵
                            PID:6132
                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                            1⤵
                              PID:6136

                            Network

                            MITRE ATT&CK Enterprise v16

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                              Filesize

                              414B

                              MD5

                              d28553a77e3581095e84bd5c93703cd1

                              SHA1

                              3ea714ad697151aa473ebada8aa4f1912824b1f5

                              SHA256

                              2c7faee23373da916f002e8eb8150c2a53d35b33ef1816687387108e26970a81

                              SHA512

                              3a798ef41d4213e88347360ef085ad175d6dc5d266117676d8f3b8dba8557b4b036655299dd7131c0b8dbad7ed9fde26ed1b143b3762e0bf657b8899dab10b41

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                              Filesize

                              2B

                              MD5

                              d751713988987e9331980363e24189ce

                              SHA1

                              97d170e1550eee4afc0af065b78cda302a97674c

                              SHA256

                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                              SHA512

                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                              Filesize

                              78KB

                              MD5

                              6c7f60cc682d5a7ca0926e332ed34242

                              SHA1

                              b59ba83d91f257296ab043e50cb9e0fdfaee7de0

                              SHA256

                              0aec1bf3bf54de7c19e6000c98605c26683ca3da246bb1a02222d26e76bb2099

                              SHA512

                              21b25cbe30fdb9106fba9c796f3d341518878274f8888b40900f6d6dac411d58197adaf333e1df151f02db5be68778e33dc9ff5839a7b773399bdd61123edfeb

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              280B

                              MD5

                              6ec80650bb87997281d6b2c490e5939e

                              SHA1

                              40faef4ca4833df8dd17c4a05cae8e4fdea72b89

                              SHA256

                              025280e5fdfd02d49c42c93e14cbc699b80eb10e21d31bd0aaa8a9b1067a80b5

                              SHA512

                              be947097b9fd14a716388b25cf4c253ee4d074a8b13370873b575ce5beb3843f1961df08e94eb07958657c64ae27bfb9f75ba9b2e19ac29985a5fc6813d500fe

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\d1c645a9-429b-4b00-b227-de56e76019d9\index-dir\the-real-index
                              Filesize

                              1KB

                              MD5

                              2d6ba3e27308f413680b663ddd3a2f7d

                              SHA1

                              43c806b261877fb9939afb2724157dec99838b67

                              SHA256

                              5090070876ad19b11bfeb40b862e13846d1be73a8988c88eee41a1dbbe2a22aa

                              SHA512

                              d83fe9c805100fe970eb30500fcf0225d41a9807d5fc0374930964ebf77635c31ac5b2d385545824e3b43c7231ea5555c1698669fd5457f1a2aa05e49dbf4252

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\d1c645a9-429b-4b00-b227-de56e76019d9\index-dir\the-real-index~RFe57e6d6.TMP
                              Filesize

                              1KB

                              MD5

                              45cd0a39af51dc4209cfd83e9227a41c

                              SHA1

                              c6ddbacc890d8979a4647c3a6689f660fa0373e9

                              SHA256

                              42b001c51c47b9def6025a353bff43a5983b294d029c0ec3367ef4abf32e09ed

                              SHA512

                              1d97a610db60bc55e89d8590901d2e5170fd62bfa8d9f29820f26ff9ea260dd2694bf0cde52fa58dd88a8aa6b91cf5d582608c358843ce5736de8117f40fd898

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              40KB

                              MD5

                              e50027ac4e388be7da1454de4d73beaf

                              SHA1

                              4949fb89941fbe40642cc839f96d6f6a30973974

                              SHA256

                              36d1bdba46f51a2a86f0856816fd73954a01e3e8bdc147b8d0221b17bee2716c

                              SHA512

                              03681fabaa16f5fab675817096eda2fbb7a61c76de5859161db6edffaa12f29595a52e7077c186809b65af84f9e5e342a1d600d6e9a994e5f32297728b6de7c7

                              Download Submit

                            • memory/6128-87-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-93-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-27-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-31-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-35-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-25-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-21-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-18-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-17-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-77-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-78-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-79-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-80-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-83-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-0-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-88-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-89-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-26-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-96-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-12-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-11-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-2-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-1-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-430-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-486-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-487-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-490-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-491-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-495-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-496-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-500-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-501-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-502-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-503-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-504-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/6128-508-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download