Overview

overview

10

Static

static

3

SecuriteIn...31.exe

windows10-2004-x64

10

SecuriteIn...31.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    132s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250410-en
  • resource tags

    arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20/04/2025, 08:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Win64.MalwareX-gen.11143.6531.exe

  • Size

    556KB

  • MD5

    d510396277a666720627f5df62bd53eb

  • SHA1

    7acf176af54493aac227097b01a38242c069c28b

  • SHA256

    d28bc1b8975df8985c266826dc2111d6c50989fce391f72327171df965231166

  • SHA512

    e459a1212969aecd935bcf1182ad887b7cc5319ebf1b489ae9bc3a18e2855994de46ab7ff8a7d6f968ff844b8beac243bd3b4b2fd6a572bfc1ad0a689c960154

  • SSDEEP

    12288:sgSCNzaLuvMRXdxQBXZqEvRXJQNf+9LKLdEEo4Edka+9LKLdEEo4Edk:sgvFaKQdEOaKLdjRaaKLdjR

Score
10/10
vidarc466785b3a34d7b3c4d6db04a068b664credential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

13.5

Botnet

c466785b3a34d7b3c4d6db04a068b664

C2

https://t.me/v00rd

https://steamcommunity.com/profiles/76561199846773220
Attributes
  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0

Signatures

  • Detect Vidar Stealer 38 IoCs
    stealer
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar family
    vidar
  • Uses browser remote debugging 2 TTPs 8 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    defense_evasion
  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 14 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.MalwareX-gen.11143.6531.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.MalwareX-gen.11143.6531.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:5836
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4128
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
        3⤵
        • Uses browser remote debugging
        • Drops file in Windows directory
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:3440
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fcfedcf8,0x7ff8fcfedd04,0x7ff8fcfedd10
          4⤵
            PID:6040
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1908,i,12444683372814666728,4061381494271004297,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2164 /prefetch:11
            4⤵
              PID:4664
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2136,i,12444683372814666728,4061381494271004297,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2132 /prefetch:2
              4⤵
                PID:2368
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2372,i,12444683372814666728,4061381494271004297,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2588 /prefetch:13
                4⤵
                  PID:2520
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3268,i,12444683372814666728,4061381494271004297,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3356 /prefetch:1
                  4⤵
                  • Uses browser remote debugging
                  PID:1000
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3276,i,12444683372814666728,4061381494271004297,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3384 /prefetch:1
                  4⤵
                  • Uses browser remote debugging
                  PID:3432
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4328,i,12444683372814666728,4061381494271004297,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4360 /prefetch:9
                  4⤵
                  • Uses browser remote debugging
                  PID:1488
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4724,i,12444683372814666728,4061381494271004297,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4752 /prefetch:1
                  4⤵
                  • Uses browser remote debugging
                  PID:2152
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5360,i,12444683372814666728,4061381494271004297,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5380 /prefetch:14
                  4⤵
                    PID:4772
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5376,i,12444683372814666728,4061381494271004297,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5388 /prefetch:14
                    4⤵
                      PID:5756
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                    3⤵
                    • Uses browser remote debugging
                    • Drops file in Windows directory
                    • Enumerates system info in registry
                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                    • Suspicious use of FindShellTrayWindow
                    PID:2188
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x264,0x7ff8fcfcf208,0x7ff8fcfcf214,0x7ff8fcfcf220
                      4⤵
                        PID:3004
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2124,i,3900209288645652233,10273813022906343622,262144 --variations-seed-version --mojo-platform-channel-handle=2120 /prefetch:2
                        4⤵
                          PID:3368
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1824,i,3900209288645652233,10273813022906343622,262144 --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:11
                          4⤵
                            PID:2380
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2488,i,3900209288645652233,10273813022906343622,262144 --variations-seed-version --mojo-platform-channel-handle=2712 /prefetch:13
                            4⤵
                              PID:4940
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3456,i,3900209288645652233,10273813022906343622,262144 --variations-seed-version --mojo-platform-channel-handle=3472 /prefetch:1
                              4⤵
                              • Uses browser remote debugging
                              PID:2088
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3460,i,3900209288645652233,10273813022906343622,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
                              4⤵
                              • Uses browser remote debugging
                              PID:2900
                          • C:\Windows\SysWOW64\cmd.exe
                            "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\v3o8y" & exit
                            3⤵
                            • System Location Discovery: System Language Discovery
                            PID:3804
                            • C:\Windows\SysWOW64\timeout.exe
                              timeout /t 11
                              4⤵
                              • System Location Discovery: System Language Discovery
                              • Delays execution with timeout.exe
                              PID:5588
                      • C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
                        1⤵
                          PID:3420
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                          1⤵
                            PID:5996
                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                            1⤵
                              PID:1324

                            Network

                            MITRE ATT&CK Enterprise v16

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                              Filesize

                              649B

                              MD5

                              3614633ba84201936c9b3b160e458fe7

                              SHA1

                              985032afb55e7a5597d4a87b516972ba9576685c

                              SHA256

                              a5589191c7f57d57bd87a156c2b1b89ad1682ac8a0064300b8dbda19513dc47e

                              SHA512

                              eea199dc1baea2733023e00ce8785d9f2d43dab9fb07709994f57d1198ec0ddc55b18e2cd4bf3578e4f6a9433f05167b406ebd7e916cea5ed360fcbf99ac2772

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                              Filesize

                              2B

                              MD5

                              d751713988987e9331980363e24189ce

                              SHA1

                              97d170e1550eee4afc0af065b78cda302a97674c

                              SHA256

                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                              SHA512

                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                              Filesize

                              78KB

                              MD5

                              387704a20fdba4f1288248f3be9c99fe

                              SHA1

                              6f50400594443ba2df9227f68b1e1825c137f28a

                              SHA256

                              358b32d3a1ad8b41a54d05aeedddf0970c9e4025bd52406e8c865f0c41adc24f

                              SHA512

                              774a4bfbe145fbde3a637d4ed9b8e6ee3f43754380aa16e9dfc7a4924cb34c669be9494d907e79a67e8880b7bae319f2aaf14db009e13d7039dab5fa44f31e53

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              280B

                              MD5

                              cc75c748a8b9b79e398552f29c9570da

                              SHA1

                              251f0064673a46e2f1233da3cb320c996d1d708f

                              SHA256

                              18492d42cccaf3f568856e7077ff981ca1280e41cacde87c7868da17dd055099

                              SHA512

                              d511687ae1ac3dd4144ed0e6c9a6d0182413bb33f37a1b921c0a087423de27f1c501ee78493683c3db1eab7bddcf5e0d0fed329156b116d386c95f9021b14b5a

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f056efb4-df3e-46b0-bdc5-38d13a48e99e\index-dir\the-real-index
                              Filesize

                              1KB

                              MD5

                              c81fbcf5423fe5fbac72dd4b27ab720c

                              SHA1

                              418a822df8783577624c03886c989429bd670c51

                              SHA256

                              5f8b1c51a4880e8b228909f6e5d9b324ae1f702bc950426c609a0a4e9b5f6115

                              SHA512

                              7e159bf341aef3ceb3f0a90ca4a2100132eb66d77225c5e03aeeadfbd0d9029a76c02b6cac8fc48adbb418ef9977725185a8b055e5bb88ae1d4968c900f2ffe0

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f056efb4-df3e-46b0-bdc5-38d13a48e99e\index-dir\the-real-index~RFe57e2de.TMP
                              Filesize

                              1KB

                              MD5

                              c465ec763ba0491cc3da4f3b31ecc928

                              SHA1

                              edc88bf0ddd2b831b5fe66c7000cf81dc36ecd9b

                              SHA256

                              ea1964f3fa712cb4b5cd50d776351b26bb74c8ed25a3e112cd9d1a2ba2ea581a

                              SHA512

                              598cf91988cd2b83a09044117f3a8401d135da46b8b3dc59a6f4d1511bd73b87dcd8b70618d7b2d8ead5708fe7b3cbb796bbdb9258662d720da96f1f5a0b5bad

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              40KB

                              MD5

                              4ef9441f455372aabeed441fac806297

                              SHA1

                              845c26590564adea6b9f028e414b1e15e03f7e8e

                              SHA256

                              1f60b38fe8886bd91cc8e4c1a223a75a77d51d613688c3e14c1e821de662ed51

                              SHA512

                              3055ea71ec1eee3fc3817e74567d7fb7be55765a4c89efb1c4e3d18696b6c6e0e8905e0790efa39fc844afad6ea951508725f55c32d7b87c6a07cb775492e16e

                              Download Submit

                            • memory/4128-88-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-12-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-27-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-31-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-35-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-25-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-21-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-18-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-56-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-17-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-79-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-80-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-81-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-84-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-1-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-89-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-90-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-94-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-118-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-26-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-11-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-2-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-0-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-444-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-493-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-496-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-498-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-499-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-502-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-503-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-504-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-505-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-527-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-528-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-529-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-530-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-531-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4128-535-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download