Overview

overview

10

Static

static

3

libcares-2.dll

windows10-2004-x64

10

libcares-2.dll

windows11-21h2-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250410-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/04/2025, 18:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    libcares-2.dll

  • Size

    4.3MB

  • MD5

    93fb1d866472e1280e4a93343db3ed13

  • SHA1

    fcc4cbab5f13bfbcac6b7610309ca6c3bdbd58ac

  • SHA256

    089da3c21bdd12618e7d5f757d1742a48dc961b367a8515703c94d9febc965c9

  • SHA512

    79d49f319ab38945714b59c071ee61888135326718ffb91c333806c31f8b36b108ca121884366092aee4fbc2991af16fc4eb811c25a66590911d0493d028448e

  • SSDEEP

    49152:TO4Yher6KfKDd0faVjaNpYzooELJJC4L0357+LnT3ODeJaYxdVIwG4HK0VglLa3N:TVrDQhzooyrnRvOqx9

Score
10/10
vidareb17a39311b2fbc653bb6a88c15634e4credential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

13.5

Botnet

eb17a39311b2fbc653bb6a88c15634e4

C2

https://t.me/v00rd

https://steamcommunity.com/profiles/76561199846773220
Attributes
  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0

Signatures

  • Detect Vidar Stealer 34 IoCs
    stealer
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar family
    vidar
  • Uses browser remote debugging 2 TTPs 8 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious use of SetThreadContext 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    defense_evasion
  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 14 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\libcares-2.dll,#1
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1948
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4352
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
        3⤵
        • Uses browser remote debugging
        • Checks processor information in registry
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:6116
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd1f19dcf8,0x7ffd1f19dd04,0x7ffd1f19dd10
          4⤵
            PID:2424
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1988,i,14968273672572961360,12263952551445724403,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=1984 /prefetch:2
            4⤵
              PID:1204
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1612,i,14968273672572961360,12263952551445724403,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2232 /prefetch:3
              4⤵
                PID:3792
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2376,i,14968273672572961360,12263952551445724403,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2544 /prefetch:8
                4⤵
                  PID:1576
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,14968273672572961360,12263952551445724403,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3200 /prefetch:1
                  4⤵
                  • Uses browser remote debugging
                  PID:2348
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,14968273672572961360,12263952551445724403,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3244 /prefetch:1
                  4⤵
                  • Uses browser remote debugging
                  PID:6020
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4300,i,14968273672572961360,12263952551445724403,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4328 /prefetch:2
                  4⤵
                  • Uses browser remote debugging
                  PID:2948
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4636,i,14968273672572961360,12263952551445724403,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4640 /prefetch:1
                  4⤵
                  • Uses browser remote debugging
                  PID:916
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5312,i,14968273672572961360,12263952551445724403,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5320 /prefetch:8
                  4⤵
                    PID:1580
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5316,i,14968273672572961360,12263952551445724403,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5424 /prefetch:8
                    4⤵
                      PID:1564
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                    3⤵
                    • Uses browser remote debugging
                    • Enumerates system info in registry
                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                    • Suspicious use of FindShellTrayWindow
                    PID:5888
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x24c,0x7ffd1dcef208,0x7ffd1dcef214,0x7ffd1dcef220
                      4⤵
                        PID:1516
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1924,i,3316126796559986700,6069226601144198739,262144 --variations-seed-version --mojo-platform-channel-handle=2240 /prefetch:3
                        4⤵
                          PID:2480
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2108,i,3316126796559986700,6069226601144198739,262144 --variations-seed-version --mojo-platform-channel-handle=2104 /prefetch:2
                          4⤵
                            PID:1916
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2436,i,3316126796559986700,6069226601144198739,262144 --variations-seed-version --mojo-platform-channel-handle=2932 /prefetch:8
                            4⤵
                              PID:4280
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3576,i,3316126796559986700,6069226601144198739,262144 --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:1
                              4⤵
                              • Uses browser remote debugging
                              PID:3612
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3604,i,3316126796559986700,6069226601144198739,262144 --variations-seed-version --mojo-platform-channel-handle=3616 /prefetch:1
                              4⤵
                              • Uses browser remote debugging
                              PID:2512
                          • C:\Windows\SysWOW64\cmd.exe
                            "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\ppp8y" & exit
                            3⤵
                            • System Location Discovery: System Language Discovery
                            PID:2276
                            • C:\Windows\SysWOW64\timeout.exe
                              timeout /t 11
                              4⤵
                              • System Location Discovery: System Language Discovery
                              • Delays execution with timeout.exe
                              PID:4812
                      • C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
                        1⤵
                          PID:3380
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                          1⤵
                            PID:5388
                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                            1⤵
                              PID:5416

                            Network

                            MITRE ATT&CK Enterprise v16

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                              Filesize

                              649B

                              MD5

                              47068e2ebdf6941e8c5de8a0c58c47b0

                              SHA1

                              c540b035ae58d979751e524e81f4f2099668c480

                              SHA256

                              c56c31be31112ecb07b4551d38c49f07e057eac1aa2387c85d5b71288f4475e0

                              SHA512

                              54f7d7ecbaeaff47e57596cafbf2237a72fa396303ea5c2e8a6a4fb7007750a8bf88ba6f89dac5cb71bac2e02c8f1a77708c5147eb6a12fd429a72f97e9dbb4f

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                              Filesize

                              2B

                              MD5

                              d751713988987e9331980363e24189ce

                              SHA1

                              97d170e1550eee4afc0af065b78cda302a97674c

                              SHA256

                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                              SHA512

                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                              Filesize

                              78KB

                              MD5

                              68288c3f8babefb2bb2b9d89538906ab

                              SHA1

                              c548b0cab2c73cc5b8f30282085d462ef8505d25

                              SHA256

                              1789e10cc4a44055fdbcdab8ff17d84b6898689dc58332a30ccdd462c18c9927

                              SHA512

                              db3c07e9745b72f1fbeac0dd1f70fb0f0aa7c920915fd6cccd7e12ce9967b006cab0fc7fe497eba0792b55ddce1106ac881e7ae25a85d41794c63907f4f7557d

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              280B

                              MD5

                              0ab27b557c982a0966e0e873ec0af684

                              SHA1

                              91cad3834539c09bbdaaa04843abc5540e7b9215

                              SHA256

                              0520ac04b1bd66dcdebc58825ac17be618be85ddd4e16ede2f0fa4bcbe46fc40

                              SHA512

                              3a492cd3500644fbdee6a1595add1e1bfbe64ce606a461361be8d7d65f91ff74dd4b3c1e5fbf22dc9531c9da66452545d0bdb2b9b464f0802f0964e2cf6bf0e3

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\413782a3-7636-487b-a1b6-60c191315999\index-dir\the-real-index
                              Filesize

                              1KB

                              MD5

                              f90d8ffe4e7b4fb37e76da59df672cac

                              SHA1

                              828cb7b88faad2b42f495e9cf6e04cdd0587676f

                              SHA256

                              20ba3cfa5311d4ac37ee594e5aa55151eb14b00d53733e5af62c0ab83448aa5b

                              SHA512

                              b93e5a58bb893466aba662753816d3a9e8377109d256f9a666b8a87d781cded9376e77572c17b20913e5b47a4ccb681cc0e7efa201f4ce113b9a2572315e551b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\413782a3-7636-487b-a1b6-60c191315999\index-dir\the-real-index~RFe578c71.TMP
                              Filesize

                              1KB

                              MD5

                              b8b5a50ab74729685ee286afca22b885

                              SHA1

                              ba65274ba1c051c733e15d9e80418dd7a936aa4c

                              SHA256

                              cd25e53e1f8340be265b0b6db55751ec5fecbd8541c19011069bd8474c5856f9

                              SHA512

                              5277379409e00b41a49679c83a8bf12b763bb0a47da151f85d492fbd51cddaddafae74549c4de7cbb5033a8b825cb073f1ad00cda8735b0cb8688e888023e2f0

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              40KB

                              MD5

                              729ad9d269a3924efb610e5b41f66a1f

                              SHA1

                              91ccfb90e6b97d17e4a66e939c7c54a1f2c8cefe

                              SHA256

                              d7f3cd917673a3ea6d802e8c2c6f0ff7deb63f1dfa95c375bd74b24967f78b9c

                              SHA512

                              8b4979aa3b818775a4d5b37d7066fb303e167335ee4337ba8612ccfa16ab55e9beb6eeffdaad703c8c0badcacdd1f3afeff01c9c881e4f10733b61eecc88daad

                              Download Submit

                            • memory/4352-25-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-91-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-0-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-29-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-33-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-23-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-19-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-16-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-15-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-75-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-76-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-77-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-78-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-81-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-85-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-86-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-87-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-24-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-94-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-10-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-9-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-2-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-1-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-439-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-494-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-497-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-500-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-501-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-502-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-503-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-504-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-505-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-506-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download

                            • memory/4352-509-0x0000000000400000-0x0000000000429000-memory.dmp

                              Filesize

                              164KB

                              Download