Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

LenovoLegi...up.exe

windows10-1703-x64

8

LenovoLegi...up.exe

windows10-2004-x64

8

Resubmissions

06/10/2022, 12:44

221006-pyhc5ahdc6 8

06/10/2022, 12:40

221006-pwakhahdc4 8

Analysis

  • max time kernel
    88s
  • max time network
    90s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    06/10/2022, 12:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LenovoLegionToolkitSetup.exe

  • Size

    4.8MB

  • MD5

    4bb04adada4e23c0bbb20ea5cbb744eb

  • SHA1

    f4f270a57c89cfe44ea20cda0d6d83cd1b471ac9

  • SHA256

    879e45078db5e25ff7d7f06162da04982b63fdb60a91b578626124c50186d26b

  • SHA512

    c01a41d165a8ce4c912f60b6b4fc08791239b8a487e2537e49ce2d37251948fb98b24d4af6320aaa6cdee22cff6b5a0b96cfa2a190e1621f9923c037145eb558

  • SSDEEP

    98304:7kLjeoEDK0ONsA41YOuEDb28kpgmCyKr3xZ2XilWDnE55ljf:w6oEDfQiYvE32Gy43xZ2Xt2nr

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Downloads MZ/PE file
  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 64 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 31 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies data under HKEY_USERS 9 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LenovoLegionToolkitSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\LenovoLegionToolkitSetup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4796
    • C:\Users\Admin\AppData\Local\Temp\is-8DN6O.tmp\LenovoLegionToolkitSetup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-8DN6O.tmp\LenovoLegionToolkitSetup.tmp" /SL5="$8006C,4195697,832512,C:\Users\Admin\AppData\Local\Temp\LenovoLegionToolkitSetup.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4836
      • C:\Users\Admin\AppData\Local\Temp\is-F2DU2.tmp\netcorecheck_x64.exe
        "C:\Users\Admin\AppData\Local\Temp\is-F2DU2.tmp\netcorecheck_x64.exe" Microsoft.WindowsDesktop.App 6.0.8
        3⤵
        • Executes dropped EXE
        PID:4340
      • C:\Users\Admin\AppData\Local\Temp\is-F2DU2.tmp\dotnet60desktop_x64.exe
        "C:\Users\Admin\AppData\Local\Temp\is-F2DU2.tmp\dotnet60desktop_x64.exe" /lcid 1033 /passive /norestart
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:2572
        • C:\Windows\Temp\{2C634F2F-2EA7-4EE7-9DD8-B5459FD3B88E}\.cr\dotnet60desktop_x64.exe
          "C:\Windows\Temp\{2C634F2F-2EA7-4EE7-9DD8-B5459FD3B88E}\.cr\dotnet60desktop_x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\is-F2DU2.tmp\dotnet60desktop_x64.exe" -burn.filehandle.attached=528 -burn.filehandle.self=536 /lcid 1033 /passive /norestart
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:5040
          • C:\Windows\Temp\{0FE9B8E8-909F-46F2-A5A0-CE571F126E99}\.be\windowsdesktop-runtime-6.0.8-win-x64.exe
            "C:\Windows\Temp\{0FE9B8E8-909F-46F2-A5A0-CE571F126E99}\.be\windowsdesktop-runtime-6.0.8-win-x64.exe" -q -burn.elevated BurnPipe.{61422F4A-8D6B-4875-BFFB-FC36E25DCD8F} {ADDFEF13-1525-4D8F-8EC1-16E6AD5466DF} 5040
            5⤵
            • Executes dropped EXE
            • Adds Run key to start application
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            PID:3808
      • C:\Users\Admin\AppData\Local\Programs\LenovoLegionToolkit\Lenovo Legion Toolkit.exe
        "C:\Users\Admin\AppData\Local\Programs\LenovoLegionToolkit\Lenovo Legion Toolkit.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:668
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:900
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 7DFC60788D73F44E1CD5B1063B15FED8
      2⤵
      • Loads dropped DLL
      PID:1812
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 29BABBB5483B4675D9B2F44B903CC3D2
      2⤵
      • Loads dropped DLL
      PID:2856
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 086EF73DAAA2F37DA06D634953C879F5
      2⤵
      • Loads dropped DLL
      PID:2716
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding E1D0434D7499E7A1DEE7DEA8FC80F9C7
      2⤵
      • Loads dropped DLL
      PID:4240

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\dotnet\host\fxr\6.0.8\hostfxr.dll
    Filesize

    366KB

    MD5

    4fc4fb4d77a7ef49ee5133b5b6a194ed

    SHA1

    8c63016cd28a0c3896ccb5f98d5aaa08a9e281d8

    SHA256

    cc39ab9baa38b4cf39dbc34dcc920202c69570baf67f4f947c02b8fdf0e61fc5

    SHA512

    5c647ce6a15a61d9bb10660aa29eafe5f2509cc63408efb3659b5036a21d268b9ffe825a4bf67d9c8e78005e7a414cc782a20538a135b9a8b0ed6329702c9fc7

    Download Submit

  • C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.8\Microsoft.NETCore.App.deps.json
    Filesize

    32KB

    MD5

    1644ca5abb1da6551fe26c8b2712354c

    SHA1

    8194ce6de282c544d8425410a597f977bc84121e

    SHA256

    34ba41b6f99a70ab79fb22c9f352a8f0417c5b5e816d552d94af9c67335a08f2

    SHA512

    1bc53d61b3f40a6bb2063c122421ec4b43f6f710d596115370092321b548165a8185c945ddc98add56fe49a15ffb946fcf3b5113601e3a5631d84ef6f9527d48

    Download Submit

  • C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.8\Microsoft.NETCore.App.runtimeconfig.json
    Filesize

    159B

    MD5

    3fbd84a952d4bab02e11fec7b2bbc90e

    SHA1

    e92de794f3c8d5a5a1a0b75318be9d5fb528d07d

    SHA256

    1b7aa545d9d3216979a9efe8d72967f6e559a9c6a22288d14444d6c5c4c15738

    SHA512

    c97c1da7ae94847d4edf11625dc5b5085838c3842a550310cca5c70ba54be907ff454ca1e0080ba451eacfc5954c3f778f8b4e26c0933e55c121c86c9a24400b

    Download Submit

  • C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.8\System.Private.CoreLib.dll
    Filesize

    10.1MB

    MD5

    1af8685bb8e67c6841b1f2150b0aec4c

    SHA1

    3b15c45109cbb61b1600bafede5275f1947934c5

    SHA256

    30a3a396ea1edd01ddbef642decf688def749c685880f4037c037d94aa7f0269

    SHA512

    404cdc52176cd34336c876fff884db6035b888da5d7ea102609317b4feca18a0d9ee882cf45cf317cbc3e8f1de339762bf03bd8a946fd04e23c21964e7a43686

    Download Submit

  • C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.8\System.Runtime.dll
    Filesize

    41KB

    MD5

    83e4f7a918fa3ee8e573423fbd18acf2

    SHA1

    fa1cc21b687c239b2d4ba276c538d6c33bde6045

    SHA256

    301cd1655c519d9b528eaf52b950f321b2462f6cc35a9ef8a0f91ce19eb5834d

    SHA512

    40b88c17eeaace6e5eb1bd86fb8d84b6d4e0d284bb749e7f9655d4949de8c0fb7a9aaedbeba6da5becdc92f687cec2c2a39da7cb162ec36322de70889b662dde

    Download Submit

  • C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.8\clrjit.dll
    Filesize

    1.4MB

    MD5

    1972eb629b743754e28318ecf7e04628

    SHA1

    783f6b6f1de5168cb21b3fb7d929ad6899524d06

    SHA256

    e0d30abf7dde33dfe2165f8e9e63220ff9f2738ea81570275e7f1fdceabdebaf

    SHA512

    db2fcc3b5b0426b22fe776b0edf78c23c0ab4706217c5dbf6d0823427ecb7e3225d8bf112f25b2e81edc8fec39805335c2e4331b0ce9217de8e5ca87069a0c7d

    Download Submit

  • C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.8\coreclr.dll
    Filesize

    4.9MB

    MD5

    136ae18a33f456a70463a396474f3600

    SHA1

    276a61e8222a3d77c238a22795268fcf27d9f1ac

    SHA256

    35ec15d344f99d4c076c2ca47751cb7aa9d0cf75227cc5e354ae7d7c00c0bf37

    SHA512

    a31f7d8196cbf9980c3bdfbe0443d455767392c9ff83c7e527f410e35ec14e563e19bceef74faf71b55ea987be66bafd4073dade56fe5afeede8a500bc61cf53

    Download Submit

  • C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.8\hostpolicy.dll
    Filesize

    383KB

    MD5

    8920df1b3ab0660090b204d2881fbb4e

    SHA1

    ec8ec146c4226aece015d3b00439d0b505083dd1

    SHA256

    5b72566804a8cb4ac2d5d28438a6d197456e29299758dae57140b1c5ab84bbb4

    SHA512

    3ef742965369ca788e2ac229bf3f19648cc145f0a12f36c64f3e617039f32bccc0f24bc9736519ef7c12cd4e18831678d021d0268801bed4b593cdea1ee35ed2

    Download Submit

  • C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.8\mscorrc.dll
    Filesize

    143KB

    MD5

    3f623a087ed2fd714c2763a8f7954583

    SHA1

    d7fe83ad5997619594daf1c88ef63281ecd19ecf

    SHA256

    5aa6b0f0a2b220053b2663b97ec91200c850bc207bb56a7bfb18fcb2ad9bdb6b

    SHA512

    0c08d799ebb7dff1979644be48fa66100977c50e86c092f42a8743c8e4530765b8f6bc6b9d89daaa34296d1ef9f281fab52fdd45bec51bf524c811154282d069

    Download Submit

  • C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.8\Microsoft.WindowsDesktop.App.deps.json
    Filesize

    30KB

    MD5

    25b6ef2cb17e447487b8b5628a040cce

    SHA1

    5f9b3c0a02327609e0209ae77e3b598947fc2621

    SHA256

    1cab24f12316381ee5c7ed1c1b87cc63142720505dad63d0233e32d1ac58d274

    SHA512

    fc18fa9c376f646da75d2cccb47880af2f3ea810cf78291e6ac4969cb79c25914a58ce7de5743ad61058eac0815ab80fcf6f4c9ae0adfbe605da5ba7c530d2c5

    Download Submit

  • C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.8\Microsoft.WindowsDesktop.App.runtimeconfig.json
    Filesize

    288B

    MD5

    98196982086322d19e15af69621801c9

    SHA1

    d482b22d9acaccf443393933c608d8445f2f49ee

    SHA256

    c5285402c7d738fdec246210332f3b0c7bab03875da7fb656d7872fb3fe8b504

    SHA512

    359698d0de4b05f80b26bd5ffbd8534d321e4a402dfde289fa5bf7b48825f3873cf1db881018c8b9f16fa02f7ff55e96d14b287517ea892072bde17a716cfd79

    Download Submit

  • C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.8\PresentationFramework.dll
    Filesize

    15.5MB

    MD5

    dd719cfff212f6b7bb52eda8bb4d40c6

    SHA1

    dff1a728aa2759cbe0abb03de1f079c429dd6eff

    SHA256

    25246ad282c8960ec980bee3651e80b0bd9b9c9c15fa2c43731d4d1ef309f6c9

    SHA512

    2d00767b2aab274e7c5fb68cfc89cd4b125557370ef96fd88289a1d7802544020dfa57da0c60f6c9df7f161c9c84a4adae535cd0fffd2db726885024293e8e1f

    Download Submit

  • C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.8\System.IO.Packaging.dll
    Filesize

    273KB

    MD5

    bb6215b05280c71ee49d8f8c26d76d8b

    SHA1

    92fd1f0abbb6665c629541147e8835e719c1b1ed

    SHA256

    d52dbf7fa06e9881c820955b95283668f3aae73125f1bb0d2a105af8a9524b05

    SHA512

    7a66cc01b15c45c71e3ed1d6224e3bad1163bc1b455c61035ce642b82d8a51d587fb6ec47d32012b76168fa6da77f3ab6f14be76216ef6c9865084d4b07e02ab

    Download Submit

  • C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.8\System.Xaml.dll
    Filesize

    1.4MB

    MD5

    93bec1198a4b46e566f6e44a164a837b

    SHA1

    3458ab682811d21a3e761b75ce453a5498ccafb2

    SHA256

    0676dbb9a0173ae925e18c6c6df53d8c8a054595dc128baa11036ccfa394d77d

    SHA512

    8ffa49c305bf15a046a95ac72e5fcaa868d0da721871382f654fac91335ebc366562b882f2976e9aba00248298a156734c9503d15c30bc0afaebd9c408dbdce1

    Download Submit

  • C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.8\WindowsBase.dll
    Filesize

    2.2MB

    MD5

    f4454ebe54237727555b9d072363e397

    SHA1

    fc50be8a8b3e31ec7c8305471dd4c8da82b69dc0

    SHA256

    ee2d649d35da26a0cea0f68c003c0a416f85e39619428f1eb045d2f2b4fcd1b4

    SHA512

    936475cc808eb8ca4a318c95c7222e7b0a26c6bfbc786e19349b9323319c750dcb4105f9331b18db5d01bea17a101c2117d8a953ec3d795665ccf30b9753aa4e

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\LenovoLegionToolkit\Lenovo Legion Toolkit.deps.json
    Filesize

    17KB

    MD5

    8f5dd3ddf051a27113d08bb9bc468fcf

    SHA1

    417d43a67616d76fccf03656d83934011d005b27

    SHA256

    56ca6688b95f8c8e006074f32068317ee20a9e483eb508b20a1bfeefad20629d

    SHA512

    d68b19731fae26a68b14bf888721be5c583a70433f249b190ebc6b650a0a860364c2ecb18eec29e325f7c9f56553024947bd0d360281e3e3dfbfd3e785af83f5

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\LenovoLegionToolkit\Lenovo Legion Toolkit.dll
    Filesize

    443KB

    MD5

    03b1f6f2592eda4d4601454cdd9be661

    SHA1

    80bd38537be3d5e26c78f5816bad501bd89d2d2c

    SHA256

    edaa00c4eada28ec444991fb1ba264c844cbbb319cd6c821dd6e5051beb485f0

    SHA512

    87faa6f6ef9772e4593e1797aad378f844365a036ce9ea675c4cc9c5219b72f195f2cc2bd7a1e6281ce9e05453b4f8d86bbb77b09b8c895f903797463eacced2

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\LenovoLegionToolkit\Lenovo Legion Toolkit.exe
    Filesize

    188KB

    MD5

    e72b02d991218ec06cafbb31b1272304

    SHA1

    858648334a5e8e3d95301ad300bf5fea7774a8d9

    SHA256

    bfba46d296d77ef1c487ec8cd939ab5911a311c16596ac95bb33d89815beb9ee

    SHA512

    af4b501ceb2fc6951b343d65569d6183b1fd02af46f37688b8255aecb6d841a34a867fadc53b6d66737730f6c325cfb4fa8a6b1b81dcacae6143c89db8716ff8

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\LenovoLegionToolkit\Lenovo Legion Toolkit.runtimeconfig.json
    Filesize

    372B

    MD5

    d94cf983fba9ab1bb8a6cb3ad4a48f50

    SHA1

    04855d8b7a76b7ec74633043ef9986d4500ca63c

    SHA256

    1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

    SHA512

    09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.8_(x64)_20221006124509_000_dotnet_runtime_6.0.8_win_x64.msi.log
    Filesize

    2KB

    MD5

    f4ef313e9d94d52c8b777f3fc479340e

    SHA1

    df86d0cc8a6c41dababe44ca89a435ddb76a6600

    SHA256

    9c08dcb50192eec3473141d7c6a0f6e7ef0ba522b971fc1543ad7966b73dcfe7

    SHA512

    f578fcb907b90a6ffc66a4869d1239101222ae24faeb3fe817b81049147628d5f72cd8cc27af741ac7b0e276c4f9d5f9b45c1ab22eb0ddf0f0f55e7730c0a2eb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.8_(x64)_20221006124509_001_dotnet_hostfxr_6.0.8_win_x64.msi.log
    Filesize

    2KB

    MD5

    ef26f33fe1fc0b1e3fa54ba371eefd17

    SHA1

    caea86590dbbbc17332d55b08bed1a536aa352ae

    SHA256

    4c8fc3663dd5644d4955d8d077bf883792779951dfcdba442cc2124208c058eb

    SHA512

    1c9acbae8b920283f342bc8c8eaada26f57da4c47dab718ecdb16a6134252c130dd9dcb517565a6978351fb23cc4af869ddc45ab86965a93d8a3aab6651d1e3c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.8_(x64)_20221006124509_002_dotnet_host_6.0.8_win_x64.msi.log
    Filesize

    2KB

    MD5

    23612fe66d58aab8e0def83c0b1ec89a

    SHA1

    6a8e57f8bd6890f2b32b16036c0f6faf624421c8

    SHA256

    7d5f8d9c822fc4a3a7635139067389313b0ff3886c97be7d016644ec26abfdd1

    SHA512

    2d8cee8a3c611155b214b956cfb62d4fe2b6738aa0ad827ae004a70d49758c9f4c0e7cdb18949d88d4612d658062b0f0bea5d2ca0b43fc3df8932bfd539e7b75

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.8_(x64)_20221006124509_003_windowsdesktop_runtime_6.0.8_win_x64.msi.log
    Filesize

    2KB

    MD5

    1cb5daeaf7347895c37d62f9bfe85aea

    SHA1

    1f959abd74cdc357cc7ec22427544b263967845e

    SHA256

    3cc557ec40693eadc6274e17cd9a829f76511e328b81fe19c3df94c9572df023

    SHA512

    96cf8bb7cd9c71fa109b671e5e292deed8416775636ea63194446aa5943a829c47d717045278d3a3406652b602c0d055abb2ca92980b6741f623fd3277e19194

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-8DN6O.tmp\LenovoLegionToolkitSetup.tmp
    Filesize

    3.0MB

    MD5

    6aec012f693d8b302b035e4e154a453a

    SHA1

    ba29940254a32818a688bc868f8cea4cecf61e2e

    SHA256

    5379c211841778c16cc8255152b92178f8054161e9443354a60c48ea03f8bfbe

    SHA512

    96d47426295967b788cfa3d0f5a0a387bd3c2830cfb7461b7860c0f2f23bc45b2c4781d743cb63a9cb0b30b86047cb1572ed1343b2e36820ad66c67267d956f9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-8DN6O.tmp\LenovoLegionToolkitSetup.tmp
    Filesize

    3.0MB

    MD5

    6aec012f693d8b302b035e4e154a453a

    SHA1

    ba29940254a32818a688bc868f8cea4cecf61e2e

    SHA256

    5379c211841778c16cc8255152b92178f8054161e9443354a60c48ea03f8bfbe

    SHA512

    96d47426295967b788cfa3d0f5a0a387bd3c2830cfb7461b7860c0f2f23bc45b2c4781d743cb63a9cb0b30b86047cb1572ed1343b2e36820ad66c67267d956f9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-F2DU2.tmp\dotnet60desktop_x64.exe
    Filesize

    55.2MB

    MD5

    3093812bb6e69c4b88007435595d16ff

    SHA1

    aba98aaa3db700d41eb067280f86f35b7ddea550

    SHA256

    7d30787fd4b338186a145aa5d2f4703a0ab02bbd29c46415cabca369b5195373

    SHA512

    53d5f38ebec2675d43c618c32533f3b8684384839b4bfa83902d06be535a56410255e26ee0a4844c170f7536be9039a126eebec8577a781b8a0c30c00a7ad20e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-F2DU2.tmp\dotnet60desktop_x64.exe
    Filesize

    55.2MB

    MD5

    3093812bb6e69c4b88007435595d16ff

    SHA1

    aba98aaa3db700d41eb067280f86f35b7ddea550

    SHA256

    7d30787fd4b338186a145aa5d2f4703a0ab02bbd29c46415cabca369b5195373

    SHA512

    53d5f38ebec2675d43c618c32533f3b8684384839b4bfa83902d06be535a56410255e26ee0a4844c170f7536be9039a126eebec8577a781b8a0c30c00a7ad20e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-F2DU2.tmp\netcorecheck_x64.exe
    Filesize

    140KB

    MD5

    de54c196cfe1bd90152460b6242f5ad3

    SHA1

    e1bc2721b1ba41b8157ce72bb6d56bf55b7b4785

    SHA256

    3b26fe9d187ce9e8275e970bd3884acaae4e0bbf7089759b3378ba44201a3b8b

    SHA512

    88a29b3788ad4da5f0581bc1e58dcd860060aaf1d3e3def3741d256652b8f257203e1e2b378dd7d38ae648f2efbd11268717a4107b4edb873babd8441b7f68d0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-F2DU2.tmp\netcorecheck_x64.exe
    Filesize

    140KB

    MD5

    de54c196cfe1bd90152460b6242f5ad3

    SHA1

    e1bc2721b1ba41b8157ce72bb6d56bf55b7b4785

    SHA256

    3b26fe9d187ce9e8275e970bd3884acaae4e0bbf7089759b3378ba44201a3b8b

    SHA512

    88a29b3788ad4da5f0581bc1e58dcd860060aaf1d3e3def3741d256652b8f257203e1e2b378dd7d38ae648f2efbd11268717a4107b4edb873babd8441b7f68d0

    Download Submit

  • C:\Windows\Installer\MSI7927.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSI8BAA.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSI8DBE.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSI9340.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSI9535.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSI9C6D.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSI9F9B.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSIB6B1.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Temp\{0FE9B8E8-909F-46F2-A5A0-CE571F126E99}\.be\windowsdesktop-runtime-6.0.8-win-x64.exe
    Filesize

    610KB

    MD5

    66b3596d1de143044c6b73e59dd11ff3

    SHA1

    d5adc16f67d7528255b1f239370696c109e7cca6

    SHA256

    cdcaac701828a2027b50f4a256d86b7f53498b7fcb3b53f8d9f0e8ac74866cd7

    SHA512

    2e50df4c06bef357c1c2ad25b2b350f9f01d55b5e0ad5b461a0b014acb73881645110c5f0c3e0307917cad99a12f0626ca38519c4928ebbd8d7dd290b355c3c7

    Download Submit

  • C:\Windows\Temp\{0FE9B8E8-909F-46F2-A5A0-CE571F126E99}\.be\windowsdesktop-runtime-6.0.8-win-x64.exe
    Filesize

    610KB

    MD5

    66b3596d1de143044c6b73e59dd11ff3

    SHA1

    d5adc16f67d7528255b1f239370696c109e7cca6

    SHA256

    cdcaac701828a2027b50f4a256d86b7f53498b7fcb3b53f8d9f0e8ac74866cd7

    SHA512

    2e50df4c06bef357c1c2ad25b2b350f9f01d55b5e0ad5b461a0b014acb73881645110c5f0c3e0307917cad99a12f0626ca38519c4928ebbd8d7dd290b355c3c7

    Download Submit

  • C:\Windows\Temp\{0FE9B8E8-909F-46F2-A5A0-CE571F126E99}\dotnet_host_6.0.8_win_x64.msi
    Filesize

    736KB

    MD5

    e601c40760a5abaaa6f3426fce6b796b

    SHA1

    1fce0cebd73a756efb4d60d65a09219eb2f00e5a

    SHA256

    7643ae53ae1af3a4e62d30931b5e0a61d7a62a05fdf8c413b61d05ae0525a39e

    SHA512

    9515029d9aa1bf374518a011087f9ac6771c709020b6246aa6fb67b351c5cbe3b16bfc7e4c6a8b2654d0cd5b0c63c86aade86da4da661df7b60273d9ee6d16f6

    Download Submit

  • C:\Windows\Temp\{0FE9B8E8-909F-46F2-A5A0-CE571F126E99}\dotnet_hostfxr_6.0.8_win_x64.msi
    Filesize

    804KB

    MD5

    a8451034a2623cb2058bc47b9d461196

    SHA1

    db396777dbbb8c15731454ed7c68dcc63b46edf9

    SHA256

    143596186bfe0cb5dacab7b5b0a50e5d8e2a236faa6b8911702f24cb13e3e825

    SHA512

    b974bbc26397a27d7101b5c3a3321f6dad50cf1cd61aa844ce80208b9911566503b9e95bb6066dcc2dd2e02b4b4f866019d0afd86d2d1e894cc210cb72f1d455

    Download Submit

  • C:\Windows\Temp\{0FE9B8E8-909F-46F2-A5A0-CE571F126E99}\dotnet_runtime_6.0.8_win_x64.msi
    Filesize

    26.2MB

    MD5

    b8d0c9a8a471d78d7b6c4976ce22e3c0

    SHA1

    eff2d2f89b2873b582b13b19de23abf32384a167

    SHA256

    d6efb6ee0c9720e3256d7ef62b1db81d0a4bebb8615a14a06230e0bfe39cb92a

    SHA512

    cafa373b359fe0a68fcfe300424bbc3847c58cf3b407e420281a32e7c9be2c9ea89c08dda274feaacda07211cb30a16d13f7c4f3f6e08d2e83f883d5accfd956

    Download Submit

  • C:\Windows\Temp\{0FE9B8E8-909F-46F2-A5A0-CE571F126E99}\windowsdesktop_runtime_6.0.8_win_x64.msi
    Filesize

    28.6MB

    MD5

    de278f8bd9266240e83e6db16bba7044

    SHA1

    28ecc5f0abe0707f68def731495b068f9d4291e7

    SHA256

    0fdd572fb5599e13aa2b3748ec027e0df7d34aad5b761dfef3a120b03071221c

    SHA512

    974704de2877bed14dba480126d1744e7307c9186c3fe424bab1b05ce83b20d0fee753ca6b413e389805445a2f707979190710fe804c47bdbf1dec024d71ab63

    Download Submit

  • C:\Windows\Temp\{2C634F2F-2EA7-4EE7-9DD8-B5459FD3B88E}\.cr\dotnet60desktop_x64.exe
    Filesize

    610KB

    MD5

    66b3596d1de143044c6b73e59dd11ff3

    SHA1

    d5adc16f67d7528255b1f239370696c109e7cca6

    SHA256

    cdcaac701828a2027b50f4a256d86b7f53498b7fcb3b53f8d9f0e8ac74866cd7

    SHA512

    2e50df4c06bef357c1c2ad25b2b350f9f01d55b5e0ad5b461a0b014acb73881645110c5f0c3e0307917cad99a12f0626ca38519c4928ebbd8d7dd290b355c3c7

    Download Submit

  • C:\Windows\Temp\{2C634F2F-2EA7-4EE7-9DD8-B5459FD3B88E}\.cr\dotnet60desktop_x64.exe
    Filesize

    610KB

    MD5

    66b3596d1de143044c6b73e59dd11ff3

    SHA1

    d5adc16f67d7528255b1f239370696c109e7cca6

    SHA256

    cdcaac701828a2027b50f4a256d86b7f53498b7fcb3b53f8d9f0e8ac74866cd7

    SHA512

    2e50df4c06bef357c1c2ad25b2b350f9f01d55b5e0ad5b461a0b014acb73881645110c5f0c3e0307917cad99a12f0626ca38519c4928ebbd8d7dd290b355c3c7

    Download Submit

  • \Program Files\dotnet\host\fxr\6.0.8\hostfxr.dll
    Filesize

    366KB

    MD5

    4fc4fb4d77a7ef49ee5133b5b6a194ed

    SHA1

    8c63016cd28a0c3896ccb5f98d5aaa08a9e281d8

    SHA256

    cc39ab9baa38b4cf39dbc34dcc920202c69570baf67f4f947c02b8fdf0e61fc5

    SHA512

    5c647ce6a15a61d9bb10660aa29eafe5f2509cc63408efb3659b5036a21d268b9ffe825a4bf67d9c8e78005e7a414cc782a20538a135b9a8b0ed6329702c9fc7

    Download Submit

  • \Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.8\System.Private.CoreLib.dll
    Filesize

    10.1MB

    MD5

    1af8685bb8e67c6841b1f2150b0aec4c

    SHA1

    3b15c45109cbb61b1600bafede5275f1947934c5

    SHA256

    30a3a396ea1edd01ddbef642decf688def749c685880f4037c037d94aa7f0269

    SHA512

    404cdc52176cd34336c876fff884db6035b888da5d7ea102609317b4feca18a0d9ee882cf45cf317cbc3e8f1de339762bf03bd8a946fd04e23c21964e7a43686

    Download Submit

  • \Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.8\clrjit.dll
    Filesize

    1.4MB

    MD5

    1972eb629b743754e28318ecf7e04628

    SHA1

    783f6b6f1de5168cb21b3fb7d929ad6899524d06

    SHA256

    e0d30abf7dde33dfe2165f8e9e63220ff9f2738ea81570275e7f1fdceabdebaf

    SHA512

    db2fcc3b5b0426b22fe776b0edf78c23c0ab4706217c5dbf6d0823427ecb7e3225d8bf112f25b2e81edc8fec39805335c2e4331b0ce9217de8e5ca87069a0c7d

    Download Submit

  • \Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.8\coreclr.dll
    Filesize

    4.9MB

    MD5

    136ae18a33f456a70463a396474f3600

    SHA1

    276a61e8222a3d77c238a22795268fcf27d9f1ac

    SHA256

    35ec15d344f99d4c076c2ca47751cb7aa9d0cf75227cc5e354ae7d7c00c0bf37

    SHA512

    a31f7d8196cbf9980c3bdfbe0443d455767392c9ff83c7e527f410e35ec14e563e19bceef74faf71b55ea987be66bafd4073dade56fe5afeede8a500bc61cf53

    Download Submit

  • \Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.8\hostpolicy.dll
    Filesize

    383KB

    MD5

    8920df1b3ab0660090b204d2881fbb4e

    SHA1

    ec8ec146c4226aece015d3b00439d0b505083dd1

    SHA256

    5b72566804a8cb4ac2d5d28438a6d197456e29299758dae57140b1c5ab84bbb4

    SHA512

    3ef742965369ca788e2ac229bf3f19648cc145f0a12f36c64f3e617039f32bccc0f24bc9736519ef7c12cd4e18831678d021d0268801bed4b593cdea1ee35ed2

    Download Submit

  • \Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.8\PresentationFramework.dll
    Filesize

    15.5MB

    MD5

    dd719cfff212f6b7bb52eda8bb4d40c6

    SHA1

    dff1a728aa2759cbe0abb03de1f079c429dd6eff

    SHA256

    25246ad282c8960ec980bee3651e80b0bd9b9c9c15fa2c43731d4d1ef309f6c9

    SHA512

    2d00767b2aab274e7c5fb68cfc89cd4b125557370ef96fd88289a1d7802544020dfa57da0c60f6c9df7f161c9c84a4adae535cd0fffd2db726885024293e8e1f

    Download Submit

  • \Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.8\System.Xaml.dll
    Filesize

    1.4MB

    MD5

    93bec1198a4b46e566f6e44a164a837b

    SHA1

    3458ab682811d21a3e761b75ce453a5498ccafb2

    SHA256

    0676dbb9a0173ae925e18c6c6df53d8c8a054595dc128baa11036ccfa394d77d

    SHA512

    8ffa49c305bf15a046a95ac72e5fcaa868d0da721871382f654fac91335ebc366562b882f2976e9aba00248298a156734c9503d15c30bc0afaebd9c408dbdce1

    Download Submit

  • \Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.8\WindowsBase.dll
    Filesize

    2.2MB

    MD5

    f4454ebe54237727555b9d072363e397

    SHA1

    fc50be8a8b3e31ec7c8305471dd4c8da82b69dc0

    SHA256

    ee2d649d35da26a0cea0f68c003c0a416f85e39619428f1eb045d2f2b4fcd1b4

    SHA512

    936475cc808eb8ca4a318c95c7222e7b0a26c6bfbc786e19349b9323319c750dcb4105f9331b18db5d01bea17a101c2117d8a953ec3d795665ccf30b9753aa4e

    Download Submit

  • \Users\Admin\AppData\Local\Programs\LenovoLegionToolkit\Lenovo Legion Toolkit.dll
    Filesize

    443KB

    MD5

    03b1f6f2592eda4d4601454cdd9be661

    SHA1

    80bd38537be3d5e26c78f5816bad501bd89d2d2c

    SHA256

    edaa00c4eada28ec444991fb1ba264c844cbbb319cd6c821dd6e5051beb485f0

    SHA512

    87faa6f6ef9772e4593e1797aad378f844365a036ce9ea675c4cc9c5219b72f195f2cc2bd7a1e6281ce9e05453b4f8d86bbb77b09b8c895f903797463eacced2

    Download Submit

  • \Users\Admin\AppData\Local\Programs\LenovoLegionToolkit\Lenovo Legion Toolkit.dll
    Filesize

    443KB

    MD5

    03b1f6f2592eda4d4601454cdd9be661

    SHA1

    80bd38537be3d5e26c78f5816bad501bd89d2d2c

    SHA256

    edaa00c4eada28ec444991fb1ba264c844cbbb319cd6c821dd6e5051beb485f0

    SHA512

    87faa6f6ef9772e4593e1797aad378f844365a036ce9ea675c4cc9c5219b72f195f2cc2bd7a1e6281ce9e05453b4f8d86bbb77b09b8c895f903797463eacced2

    Download Submit

  • \Windows\Installer\MSI7927.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • \Windows\Installer\MSI8BAA.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • \Windows\Installer\MSI8DBE.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • \Windows\Installer\MSI9340.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • \Windows\Installer\MSI9535.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • \Windows\Installer\MSI9C6D.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • \Windows\Installer\MSI9F9B.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • \Windows\Installer\MSIB6B1.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • \Windows\Temp\{0FE9B8E8-909F-46F2-A5A0-CE571F126E99}\.ba\wixstdba.dll
    Filesize

    197KB

    MD5

    4356ee50f0b1a878e270614780ddf095

    SHA1

    b5c0915f023b2e4ed3e122322abc40c4437909af

    SHA256

    41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

    SHA512

    b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

    Download Submit

  • memory/4796-138-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-137-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-737-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/4796-122-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-156-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-121-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-123-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-124-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-125-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-127-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-126-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-129-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-130-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-153-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/4796-131-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-132-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-133-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-134-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-135-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-136-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-139-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-142-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-141-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-140-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-143-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-120-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-144-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-145-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-159-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-158-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-157-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-232-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/4796-146-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-152-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-128-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-155-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/4796-151-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-150-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-149-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-148-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4796-147-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-179-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-184-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-162-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-170-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-164-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-165-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-167-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-166-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-186-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-183-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-185-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-171-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-168-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-181-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-173-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-174-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-175-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-176-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-172-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-177-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-178-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-169-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-180-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-163-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4836-182-0x0000000077D90000-0x0000000077F1E000-memory.dmp

    Filesize

    1.6MB

    Download