Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

ce50de3fb5...1b.exe

windows7-x64

10

ce50de3fb5...1b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/01/2025, 01:06 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ce50de3fb504c11827ad22791e6c165cb803cfd1c3039fedac3ab79641ae661b.exe

  • Size

    3.0MB

  • MD5

    951b9c287b1459f3ad0e22779a6d999e

  • SHA1

    a17cfe2ad70c6dc7fca315d5f88cf19f2683d006

  • SHA256

    ce50de3fb504c11827ad22791e6c165cb803cfd1c3039fedac3ab79641ae661b

  • SHA512

    10820bed94cc0dd8d8bd10f07f41982059afeff22d4a6d938a9dc1dd1921e4534d4ed5a7e8d3dd0effa49edfbc17bd23c4153127ef9d39af5787f37878096252

  • SSDEEP

    49152:ZGX87p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpKu/nRFfjI7L0qb:ZLHTPJg8z1mKnypSbRxo9JCm

Score
10/10
orcusновый тегdiscoveryratspywarestealer

Malware Config

Extracted

Family

orcus

Botnet

Новый тег

C2

31.44.184.52:22514

Mutex

sudo_pyfhdzqzq1v1nlw2314nsrmdcg85nhyh

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %appdata%\flowerjs\gamegame.exe

  • reconnect_delay

    10000

  • registry_keyname

    Sudik

  • taskscheduler_taskname

    sudik

  • watchdog_path

    AppData\aga.exe

Signatures

  • Orcus

    Orcus is a Remote Access Trojan that is being sold on underground forums.

    ratspywarestealerorcus
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Orcurs Rat Executable 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ce50de3fb504c11827ad22791e6c165cb803cfd1c3039fedac3ab79641ae661b.exe
    "C:\Users\Admin\AppData\Local\Temp\ce50de3fb504c11827ad22791e6c165cb803cfd1c3039fedac3ab79641ae661b.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3952
    • C:\Users\Admin\AppData\Roaming\flowerjs\gamegame.exe
      "C:\Users\Admin\AppData\Roaming\flowerjs\gamegame.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:432
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:616
  • C:\Users\Admin\AppData\Roaming\flowerjs\gamegame.exe
    C:\Users\Admin\AppData\Roaming\flowerjs\gamegame.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5100
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe"
      2⤵
        PID:1916
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3020
    • C:\Users\Admin\AppData\Roaming\flowerjs\gamegame.exe
      C:\Users\Admin\AppData\Roaming\flowerjs\gamegame.exe
      1⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4332
    • C:\Users\Admin\AppData\Roaming\flowerjs\gamegame.exe
      C:\Users\Admin\AppData\Roaming\flowerjs\gamegame.exe
      1⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2748
    • C:\Users\Admin\AppData\Roaming\flowerjs\gamegame.exe
      C:\Users\Admin\AppData\Roaming\flowerjs\gamegame.exe
      1⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2072

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      3.160.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      3.160.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      81.144.22.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      81.144.22.2.in-addr.arpa
      IN PTR
      Response
      81.144.22.2.in-addr.arpa
      IN PTR
      a2-22-144-81deploystaticakamaitechnologiescom
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.ax-0001.ax-msedge.net
      g-bing-com.ax-0001.ax-msedge.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8fb876b9e897471dac9850a19acefb33&localId=w:D0A40F9B-E320-78A2-894B-EDD71C20EBC5&deviceId=6966578605923370&anid=
      Remote address:
      150.171.28.10:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8fb876b9e897471dac9850a19acefb33&localId=w:D0A40F9B-E320-78A2-894B-EDD71C20EBC5&deviceId=6966578605923370&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=37696A7663C765282EC67FF362056475; domain=.bing.com; expires=Wed, 25-Feb-2026 01:06:32 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: FC473D77CA9248D2B4765BA6BB648625 Ref B: LON601060106060 Ref C: 2025-01-31T01:06:32Z
      date: Fri, 31 Jan 2025 01:06:31 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8fb876b9e897471dac9850a19acefb33&localId=w:D0A40F9B-E320-78A2-894B-EDD71C20EBC5&deviceId=6966578605923370&anid=
      Remote address:
      150.171.28.10:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8fb876b9e897471dac9850a19acefb33&localId=w:D0A40F9B-E320-78A2-894B-EDD71C20EBC5&deviceId=6966578605923370&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=37696A7663C765282EC67FF362056475
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=OQAuLu3LuHBB3gG3h1mH9e1YrvyXmrrZCY_4nFhJ72Q; domain=.bing.com; expires=Wed, 25-Feb-2026 01:06:32 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: F7C8FF5C792543AE8BFD8B85192A2BC7 Ref B: LON601060106060 Ref C: 2025-01-31T01:06:32Z
      date: Fri, 31 Jan 2025 01:06:32 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8fb876b9e897471dac9850a19acefb33&localId=w:D0A40F9B-E320-78A2-894B-EDD71C20EBC5&deviceId=6966578605923370&anid=
      Remote address:
      150.171.28.10:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8fb876b9e897471dac9850a19acefb33&localId=w:D0A40F9B-E320-78A2-894B-EDD71C20EBC5&deviceId=6966578605923370&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=37696A7663C765282EC67FF362056475; MSPTC=OQAuLu3LuHBB3gG3h1mH9e1YrvyXmrrZCY_4nFhJ72Q
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: D8CAF0AD9B5941B393D5C2F6F8A94DF0 Ref B: LON601060106060 Ref C: 2025-01-31T01:06:32Z
      date: Fri, 31 Jan 2025 01:06:32 GMT
    • flag-us
      DNS
      57.169.31.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.169.31.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      5.114.82.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      5.114.82.104.in-addr.arpa
      IN PTR
      Response
      5.114.82.104.in-addr.arpa
      IN PTR
      a104-82-114-5deploystaticakamaitechnologiescom
    • flag-us
      DNS
      22514.client.sudorat.top
      caspol.exe
      Remote address:
      8.8.8.8:53
      Request
      22514.client.sudorat.top
      IN A
      Response
      22514.client.sudorat.top
      IN A
      185.37.62.158
    • flag-us
      DNS
      158.62.37.185.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      158.62.37.185.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      177.190.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      177.190.18.2.in-addr.arpa
      IN PTR
      Response
      177.190.18.2.in-addr.arpa
      IN PTR
      a2-18-190-177deploystaticakamaitechnologiescom
    • flag-us
      DNS
      73.144.22.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.144.22.2.in-addr.arpa
      IN PTR
      Response
      73.144.22.2.in-addr.arpa
      IN PTR
      a2-22-144-73deploystaticakamaitechnologiescom
    • flag-us
      DNS
      180.129.81.91.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      180.129.81.91.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      30.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      30.243.111.52.in-addr.arpa
      IN PTR
      Response
    • 150.171.28.10:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8fb876b9e897471dac9850a19acefb33&localId=w:D0A40F9B-E320-78A2-894B-EDD71C20EBC5&deviceId=6966578605923370&anid=
      tls, http2
      2.0kB
       9.4kB
       21
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8fb876b9e897471dac9850a19acefb33&localId=w:D0A40F9B-E320-78A2-894B-EDD71C20EBC5&deviceId=6966578605923370&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8fb876b9e897471dac9850a19acefb33&localId=w:D0A40F9B-E320-78A2-894B-EDD71C20EBC5&deviceId=6966578605923370&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8fb876b9e897471dac9850a19acefb33&localId=w:D0A40F9B-E320-78A2-894B-EDD71C20EBC5&deviceId=6966578605923370&anid=

      HTTP Response

      204
    • 185.37.62.158:22514
      IEYJLSCD
      tls
      caspol.exe
      34.6kB
       3.8kB
       67
      49
    • 127.0.0.1:1111
      caspol.exe
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      3.160.190.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      3.160.190.20.in-addr.arpa

    • 8.8.8.8:53
      81.144.22.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      81.144.22.2.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       148 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      150.171.28.10
      150.171.27.10

    • 8.8.8.8:53
      57.169.31.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      57.169.31.20.in-addr.arpa

    • 8.8.8.8:53
      5.114.82.104.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      5.114.82.104.in-addr.arpa

    • 8.8.8.8:53
      22514.client.sudorat.top
      dns
      caspol.exe
      70 B
       86 B
       1
      1

      DNS Request

      22514.client.sudorat.top

      DNS Response

      185.37.62.158

    • 8.8.8.8:53
      158.62.37.185.in-addr.arpa
      dns
      72 B
       72 B
       1
      1

      DNS Request

      158.62.37.185.in-addr.arpa

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      177.190.18.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      177.190.18.2.in-addr.arpa

    • 8.8.8.8:53
      73.144.22.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      73.144.22.2.in-addr.arpa

    • 8.8.8.8:53
      180.129.81.91.in-addr.arpa
      dns
      72 B
       147 B
       1
      1

      DNS Request

      180.129.81.91.in-addr.arpa

    • 8.8.8.8:53
      30.243.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      30.243.111.52.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\gamegame.exe.log
      Filesize

      1KB

      MD5

      663b8d5469caa4489d463aa9bc18124f

      SHA1

      e57123a7d969115853ea631a3b33826335025d28

      SHA256

      7b4fa505452f0b8ac74bb31f5a03b13342836318018fb18d224ae2ff11b1a7e8

      SHA512

      45e373295125a629fcc0b19609608d969c9106514918bfac5d6b8e340e407434577b825741b8fa6a043c8f3f5c1a030ba8857da5f4e8ef15a551ce3c5fe03b55

      Download Submit

    • C:\Users\Admin\AppData\Roaming\flowerjs\gamegame.exe
      Filesize

      3.0MB

      MD5

      951b9c287b1459f3ad0e22779a6d999e

      SHA1

      a17cfe2ad70c6dc7fca315d5f88cf19f2683d006

      SHA256

      ce50de3fb504c11827ad22791e6c165cb803cfd1c3039fedac3ab79641ae661b

      SHA512

      10820bed94cc0dd8d8bd10f07f41982059afeff22d4a6d938a9dc1dd1921e4534d4ed5a7e8d3dd0effa49edfbc17bd23c4153127ef9d39af5787f37878096252

      Download Submit

    • C:\Users\Admin\AppData\Roaming\flowerjs\gamegame.exe.config
      Filesize

      357B

      MD5

      a2b76cea3a59fa9af5ea21ff68139c98

      SHA1

      35d76475e6a54c168f536e30206578babff58274

      SHA256

      f99ef5bf79a7c43701877f0bb0b890591885bb0a3d605762647cc8ffbf10c839

      SHA512

      b52608b45153c489419228864ecbcb92be24c644d470818dfe15f8c7e661a7bcd034ea13ef401f2b84ad5c29a41c9b4c7d161cc33ae3ef71659bc2bca1a8c4ad

      Download Submit

    • memory/432-23-0x00000000752B0000-0x0000000075A60000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/432-30-0x00000000752B0000-0x0000000075A60000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/432-27-0x0000000006560000-0x00000000065FC000-memory.dmp

      Filesize

      624KB

      Download

    • memory/432-26-0x0000000005BE0000-0x0000000005C2E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/432-25-0x00000000752B0000-0x0000000075A60000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/616-49-0x00000000752B0000-0x0000000075A60000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/616-31-0x00000000752B0000-0x0000000075A60000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3020-39-0x0000000007180000-0x00000000071E6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/3020-40-0x0000000007940000-0x0000000007F58000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/3020-47-0x0000000008380000-0x00000000083D0000-memory.dmp

      Filesize

      320KB

      Download

    • memory/3020-46-0x0000000007560000-0x000000000756E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/3020-45-0x0000000007F60000-0x0000000008122000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/3020-44-0x0000000007590000-0x000000000769A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/3020-43-0x0000000007400000-0x000000000744C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/3020-42-0x00000000073C0000-0x00000000073FC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/3020-36-0x0000000005890000-0x00000000058A8000-memory.dmp

      Filesize

      96KB

      Download

    • memory/3020-37-0x00000000066B0000-0x00000000066C0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3020-38-0x00000000069F0000-0x00000000069FA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3020-41-0x0000000007360000-0x0000000007372000-memory.dmp

      Filesize

      72KB

      Download

    • memory/3952-3-0x00000000752B0000-0x0000000075A60000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3952-0-0x00000000752BE000-0x00000000752BF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3952-2-0x0000000005030000-0x000000000503E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/3952-24-0x00000000752B0000-0x0000000075A60000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3952-4-0x0000000005320000-0x000000000537C000-memory.dmp

      Filesize

      368KB

      Download

    • memory/3952-5-0x0000000005A10000-0x0000000005FB4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/3952-6-0x0000000005500000-0x0000000005592000-memory.dmp

      Filesize

      584KB

      Download

    • memory/3952-7-0x00000000054E0000-0x00000000054F2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/3952-1-0x0000000000450000-0x000000000074E000-memory.dmp

      Filesize

      3.0MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.