Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-04-2024 23:23

General

  • Target

    2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe

  • Size

    4.7MB

  • MD5

    1ec78ac0898f63c64eb19b0475e2322e

  • SHA1

    bbbbf53c06c387bf2dbc69d779c20826512d1c8d

  • SHA256

    a70135b3bf5c57e6d39dd6e9b16b25839b679fe0c44254459cfdafa8cabe4519

  • SHA512

    6bb82dfcb3e1a36de9aa362cb9ca7a26eb70a46c2d8aae010d5b73feba0fd18c833051701379c6d03c1897cb5085ada3c541fc548b8f02fc365c355873d4f159

  • SSDEEP

    98304:KqJkdmBucaT57K3C4qJ31B0G0c5S2uf+bGhGmv5:L2dV7VK8tj0QufMC

Malware Config

Signatures

  • Renames multiple (5962) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 32 IoCs
  • Loads dropped DLL 43 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 38 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 11 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 16 IoCs
  • Suspicious use of SendNotifyMessage 15 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Checks processor information in registry
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Users\Admin\AppData\Local\Temp\2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe
      C:\Users\Admin\AppData\Local\Temp\2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe
      2⤵
      • Loads dropped DLL
      • Checks processor information in registry
      • Suspicious use of WriteProcessMemory
      PID:5328
      • C:\Users\Admin\AppData\Local\Temp\2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe
        C:\Users\Admin\AppData\Local\Temp\2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe
        3⤵
        • Loads dropped DLL
        • Checks processor information in registry
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:5488
        • C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
          C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5488" "-buildid=1709846872" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe" "-launcher=0" --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--disable-features=DcheckIsFatal"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks processor information in registry
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:5552
          • C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
            C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1709846872 --initial-client-data=0x364,0x368,0x36c,0x340,0x370,0x7ffb7222ee28,0x7ffb7222ee38,0x7ffb7222ee48
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:5408
          • C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
            "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1596 --field-trial-handle=1744,i,13635918389281439149,15530338254803204291,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:2
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:10836
          • C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
            "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2180 --field-trial-handle=1744,i,13635918389281439149,15530338254803204291,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:7764
          • C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
            "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2496 --field-trial-handle=1744,i,13635918389281439149,15530338254803204291,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:7444
          • C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
            "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --first-renderer-process --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2816 --field-trial-handle=1744,i,13635918389281439149,15530338254803204291,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            PID:7364
        • C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe
          .\bin\gldriverquery64.exe
          4⤵
          • Executes dropped EXE
          PID:9340
        • C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe
          .\bin\gldriverquery.exe
          4⤵
          • Executes dropped EXE
          PID:10092
        • C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe
          .\bin\vulkandriverquery64.exe
          4⤵
          • Executes dropped EXE
          PID:10408
        • C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe
          .\bin\vulkandriverquery.exe
          4⤵
          • Executes dropped EXE
          PID:10004
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2176
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    PID:1584
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:2676
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:4852
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4776
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4232
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      PID:1948
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:3920
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:3576
    • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      1⤵
      • Executes dropped EXE
      PID:3068
    • C:\Windows\SysWow64\perfhost.exe
      C:\Windows\SysWow64\perfhost.exe
      1⤵
      • Executes dropped EXE
      PID:4700
    • C:\Windows\system32\locator.exe
      C:\Windows\system32\locator.exe
      1⤵
      • Executes dropped EXE
      PID:3088
    • C:\Windows\System32\SensorDataService.exe
      C:\Windows\System32\SensorDataService.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:3568
    • C:\Windows\System32\snmptrap.exe
      C:\Windows\System32\snmptrap.exe
      1⤵
      • Executes dropped EXE
      PID:2320
    • C:\Windows\system32\spectrum.exe
      C:\Windows\system32\spectrum.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:1760
    • C:\Windows\System32\OpenSSH\ssh-agent.exe
      C:\Windows\System32\OpenSSH\ssh-agent.exe
      1⤵
      • Executes dropped EXE
      PID:3620
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
      1⤵
        PID:4688
      • C:\Windows\system32\TieringEngineService.exe
        C:\Windows\system32\TieringEngineService.exe
        1⤵
        • Executes dropped EXE
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        PID:2468
      • C:\Windows\system32\AgentService.exe
        C:\Windows\system32\AgentService.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4940
      • C:\Windows\System32\vds.exe
        C:\Windows\System32\vds.exe
        1⤵
        • Executes dropped EXE
        PID:2136
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4516
      • C:\Windows\system32\wbengine.exe
        "C:\Windows\system32\wbengine.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4680
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
        • Executes dropped EXE
        PID:1844
      • C:\Windows\system32\SearchIndexer.exe
        C:\Windows\system32\SearchIndexer.exe /Embedding
        1⤵
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1196
        • C:\Windows\system32\SearchProtocolHost.exe
          "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
          2⤵
          • Modifies data under HKEY_USERS
          PID:2080
        • C:\Windows\system32\SearchFilterHost.exe
          "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
          2⤵
          • Modifies data under HKEY_USERS
          PID:3584
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x2f4 0x468
        1⤵
          PID:7332

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

          Filesize

          2.1MB

          MD5

          efac0ce32467f58f888902cb76684ce9

          SHA1

          15d64601ac3ab5d105e10eb828261b9b3745b33b

          SHA256

          9eda7e589512879b206d3dff7132be4e3e78ad790b7cbbe192e0eb26db5ce5c9

          SHA512

          110494503a3081e96fd1d48b19b6d923c2e5b9ba60f6438821590ec02a1aa7782800a5151c34b40cbf7b7a1ef184877fa6bf30adcf8a465ecccea14bedd93eee

        • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

          Filesize

          1.4MB

          MD5

          13e202472245638c5a7da3385b946f85

          SHA1

          492ee2d08b130fb7c3dfff88aac6882f44b7e475

          SHA256

          3a62aebfac0fb8c79505858d6833031ad93e8241addc2f787c7441b695a09fc4

          SHA512

          6f2393e15937376c5d3d1dbe1ed49821c5bc25bf011bce634b3c429d122e6c44f9267426b129b6ec5e70f592a7fa59e1f52d73962204bfbfd025c483f1cb7569

        • C:\Program Files\7-Zip\7z.exe

          Filesize

          1.7MB

          MD5

          90224d5d5d99d6e1e50dcb531280b78e

          SHA1

          3d23ff5c82264108589e9937af929d40eb3e2279

          SHA256

          4e53eb23fe539e5a33b8614cdef770218a3bc723014c7d3ead16f312a449b4d8

          SHA512

          891dd98c45c5523673a7879dc96bc917a80a7b1f119954f1999854636e251d5ff5ed253cbe9c3cf339182d24add6d4c35c82c803abc6d207337d2aa0e85f2e51

        • C:\Program Files\7-Zip\7zFM.exe

          Filesize

          1.5MB

          MD5

          e1ba5a2564779875be0ba6d6c25b9fd9

          SHA1

          01b69b498ee6eab84fa64c78ca3354c690544d9f

          SHA256

          8706deb6bb0c2c33a674b18c692b6b1865c6c632cd5340fbc46e9ca009d03d4b

          SHA512

          87f64cc35840f6bf08c4f56ac97799b6ee369883d2d33b6b57ab4abb4bd766881ab76b6f34db3be58e10242e409837ed664e3a97888db9640e44c634d01c5832

        • C:\Program Files\7-Zip\7zG.exe

          Filesize

          1.2MB

          MD5

          b3082cb0313a1855b506610a209552af

          SHA1

          43f1f276c5f4cf061a1409796992ab4510e81e3f

          SHA256

          fdde705b0b508e9b4eeccfe4e41ce7fe36cbfd2b1d1855948933fb1ab6713f6d

          SHA512

          242fbca2bfbc9fe4268151ec3606b76157db8fd06a5b6dcbd4c1b65380c7d6cf8cf9fb1fab0e1c885e6f10f73df38c93cbd3f063e1db0de041bd21c47062598f

        • C:\Program Files\7-Zip\Uninstall.exe

          Filesize

          1.2MB

          MD5

          7471d981e5eff4d1442335e5fc078064

          SHA1

          08d762592b36916aecb5f254f6d8c3ea0821cacb

          SHA256

          e847ae4ffef40a3f61e19f1bad5278538673dbdfee8eeef9928053622a538248

          SHA512

          d83924c6f06122f8f59fa8946fa77e257322f5641e4ce9a7bc4fe0b5976a1ca0c1d842a866e8218150a543a8375677314c01b4b4da62b6a80af2c580bb8d25bf

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

          Filesize

          1.4MB

          MD5

          debf954ccf8727f9750ba54f8f97974b

          SHA1

          212e7b0cb9fd7b509ae9527234a23aabbac228e7

          SHA256

          554bb15ca0c94e1622715a266d71789e9ed0fb05a0d8d0163b46649966db4bae

          SHA512

          5361aac2253615ca0468d9fcdd15c514e6d4e4c8db7e0fb6f265f30ef656f3f2907ccbdef761a91c8643683bc4b0f99b539fe2fd395d66050cda2d50fdd4a968

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

          Filesize

          4.6MB

          MD5

          f2a86dd04397935c3827e1f658c7d3a7

          SHA1

          274ff3db1846994005d519ec2c4e42db24794476

          SHA256

          ce54141e7bab645ac03986c6bb9e3cb33d9cc6e3efa88990da0cc9ab39beb4f4

          SHA512

          227e9298bbafe1f062a8a8edd779684d720c793aeae2cec32ab0f30af9dd150870839a4765e82a0705d674bea72192ca889d7a8237f3af56d479a78f224e340c

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

          Filesize

          1.5MB

          MD5

          7008bcca68a1357e8e6a86063dc60f74

          SHA1

          e952dee27baa79e76a3d430ada5942ebca7ae812

          SHA256

          dde1627d9ebbf88409368dbe74bf41b853c1218709bd2bc508ed3e2a58158d59

          SHA512

          a1b64b3a09e565aa7271f84cbdc1d7b136063f965a282ac244235798cf08fdd05430c68088bb3b158d8b3b9c7604490424ff89581b2c5c5118f913e3ea6d290a

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

          Filesize

          24.0MB

          MD5

          1309f3d02e68351240dc5f39bea09d7d

          SHA1

          ce64d3d9ec351d01f3f7cc6c7b44a245385cc149

          SHA256

          ba57add183d3bf9b411633cb8b88089edc294b77ad879a297662991b83eae736

          SHA512

          8b33e97a25e6bfeec4d5686b5a1ba3ad26fd407dbea26ff386516d27398a3ae58ceecc41520e96c39bb905ced09b5a9c069d50fd3b365093d9ec16cb973f022e

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

          Filesize

          2.7MB

          MD5

          ff71db12c6946d5c105cb8e421abd962

          SHA1

          cbf0f6687dbadd8ec133bc8e20e8c3eb5e6ba178

          SHA256

          db94ed8c7721e4ec7342572e1be7bf896a20fa477285dcda2b38c627329223cf

          SHA512

          2baf9b776246c866e43f96ef131ed7ac3124d8dad3b86f78b537ce00f5a4746217d986e56a7493015aace2a7ba1d6f70cb71fdf27d31b7a21a81112cdf9bea13

        • C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

          Filesize

          1.1MB

          MD5

          81c11e5baf4e1c391a44ea38acfe93d9

          SHA1

          a9e49f8251a2bb4c71b34edbb2a0945f0ad9462f

          SHA256

          fd2c36350362fe67e4a653f55a0e1e053787e7bd960e24b31d750763357cb275

          SHA512

          279709f6558899e518df11a9c6e9fb7f976284f6d0f87da4412392e10f987b8c80c64a70ff8a4a677ab0a5b7ab2fdcf8c3068249b7ef083f193910cd5daa5fe4

        • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

          Filesize

          1.4MB

          MD5

          debeaabe57c473b30d745a4d948d061e

          SHA1

          db1fd830347ff843abacda1310b8dc5d4b28b181

          SHA256

          edb3d3af24faf7fbbcd06921c49d08371fef1cc3de8c06db1e6e082785ce0717

          SHA512

          8e3aa37f32bfbd495f40838b0df4398ceebe86acc211329a12a0dc9941c877d6173c8986d8e911492ba01f938f971921b4939c56d733e93b6ce3f183558243ac

        • C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

          Filesize

          1.3MB

          MD5

          ffff009710b02c68eebb927e9975d145

          SHA1

          fa6fc1d283503713c5b259633fe11b724bd962b1

          SHA256

          5f1ab6db231da8eb05fec9f49c2895133f11feb66c6303d67da1843004a9d52e

          SHA512

          c89f816277a1c9ed09d922448a028aff750a2fae7b757d3ca6cab809d813d9f3f8241e75cbfc53bef23e36c574d8ef8bb84d561713dfe2b3239c347950ccfe7e

        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

          Filesize

          4.8MB

          MD5

          fb47f4d034cd8e3b7ac836ea16e795d5

          SHA1

          2d30559daf7f3a6bb2f9e40f5c6ad66a262e5bc4

          SHA256

          1bb0be4913d8e2751f05cc39e016e540808a6a6def08a8eff563f6555ff3d483

          SHA512

          078d3bb3994a646f914aecdc35f5f91276852a31a0f7d31bf26568e2b0d0cad92684574ea25890e07d7bbadb87813239413b403e23263c929a820af91ff2aa92

        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

          Filesize

          4.8MB

          MD5

          12203d3c0123f8a0503900ac0b158779

          SHA1

          f08fb785f8ae6eb3aa7a99f2a6c97f74864b8e77

          SHA256

          fffb512772ef64d06c4eaeea6f70623e9c98d4edb4a2a0ad3eee233ad23e842b

          SHA512

          ffa60e7d15466c4e3ffc35590594020132352917d34ed67da65a6e99ecd635a970b360e0e756fc2f303ecfd07f864978d603bc0115a6c9fe35c6de2c0f617650

        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

          Filesize

          2.2MB

          MD5

          266d36d72c4a169943fe0e37bae4768f

          SHA1

          36884cfb469fef4fc4be1f06de9da2c14c637eb2

          SHA256

          c0d068bbac19149d128648310addcd44661bc41634e475bca02fec21de9df9ef

          SHA512

          aee6837a8b7f61dc701c457e66e69b077b8bc8dfaf9329684184ec4737c6b5f1dee644d4f617673e21f9fa728603b0013821b6e78a99be6d669caa5433f66627

        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

          Filesize

          2.1MB

          MD5

          da0fed362a7019923a64707b1f63d64c

          SHA1

          f2b523dc1449f4a0c798442bf3e7035a62375897

          SHA256

          1c199b58863be5284286c14ceb1262d179c515c9002d37e7f03d5ba6eb6e5b0d

          SHA512

          68c3a48bedbfa2e1703a45b748c2f2b450f0f401b168de9ee571f338afa2b604e5f36fddfa7ea87165c0810f6de7378978fb9ac889ffc9765db55027069ac17b

        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

          Filesize

          1.8MB

          MD5

          82e8140449dfb563e95fd40346af45b7

          SHA1

          a5227c5bc8c17cca92f72f2a277e02df90cd88a1

          SHA256

          6814f165ab49d840490a7faf84ee326cdcbe734bd4f806801bc0fcb7ff688d6c

          SHA512

          87e129448e5ff059ad5ad7026100d2af50ed94c449adf4abd3194440b37816978d72214a56896220c526562bb2e48560dc5517de70096c314e06fa0ab3659979

        • C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

          Filesize

          1.5MB

          MD5

          306d74307863e6158c5238a808110e06

          SHA1

          dd0d4eebcc594c3dc5c0a9fe2b795a9105f414b9

          SHA256

          a5c880f780eb66c46e398560a67be1ce96f1778dc0c39893e4ffa303ccd96408

          SHA512

          e2bedc29a12b45d2829a07620ff4d283dcc210f4871a87ec3ae86f0fc070fd658b9ecf8dfe370322dc9609c7969d03b09d5dcc36b17890f194b6a885da67b4ce

        • C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

          Filesize

          1.2MB

          MD5

          f7771a4a4b3b5e4641b2aedd12de83f2

          SHA1

          ae3f0785104a95cb6bf529b6b68cac1aec1ab9f6

          SHA256

          2cf7dc2698991b5da945cd07d5781ddbdc447e53e5e13c02e03f693cf027cbf1

          SHA512

          c338d958d992fcb522afe20dc731d64a080a170f326f85d8a09eeccdb42db80437a345fc4639c13ad5ba6290b722aedaf51f4704d900c90e3134d4378cc7473b

        • C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

          Filesize

          1.2MB

          MD5

          11072bd4f1ea6be3ebc8e508d28c58c9

          SHA1

          7761684c0557b4f10d9f2aa23615db960335a099

          SHA256

          a6175907b982cc990fe1a201109c05fded777a3703097b7f2e697ee1710d8a20

          SHA512

          a27d2f8510c400594ee3626c9534328aa7a7ace3e09d43a9d1182e1fa26530d35338bc67ff67c111edec348a9bbde337e1e92d46ed7a7b9c3af773719885c887

        • C:\Program Files\Java\jdk-1.8\bin\idlj.exe

          Filesize

          1.2MB

          MD5

          816dc862e7a971f19fe7a7632b8cf3b7

          SHA1

          e0c341953c157eb056497b1cc6604bb15b855c3e

          SHA256

          dcffaa5b6fd761744c759ca00520ca678e869e1a4e5f46708adb94bf214f03b9

          SHA512

          16601fda98abb625a95e0b3c62a8673b0df9c41b519109a3d1576daa96df6bbf854f9ced368bb662af225252a6f67589d2943c3afde13119694428ba03a96d14

        • C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

          Filesize

          1.2MB

          MD5

          5f8aa6ba4b3b0b5d17dd64c6568253a9

          SHA1

          32fcabc99b958d3a067f94f52c0dcb7b2497a748

          SHA256

          df9e7e456d1f919ccc857e8ea5e9e0893f77293a249f7237d9d0a58195c16ee7

          SHA512

          509f6cd7f91224b870a780f14191f431800aeaa1a4d2fa059c93530ffeaadcb390ac5ccec608ec575b117fc2ede2c47e827322b3fda762ea38b77cd6f4fd364c

        • C:\Program Files\Java\jdk-1.8\bin\jar.exe

          Filesize

          1.2MB

          MD5

          8154cc173bd4be97d2f057cb260c5f67

          SHA1

          8e60055122df2dcdee224f467b65aa19c9dca289

          SHA256

          22722e043e62fb226b42dd7d2efd71d957380325e689dc49f9d9b44c26c806a4

          SHA512

          cd42e98ec53c7eca1ffa74a9cea0276873efce8a8db9dccc886401e5a0ea002efca3dc2a4235787edba273f5bad19fb442279df2cdf246e1d023558e9ff8d804

        • C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

          Filesize

          1.2MB

          MD5

          4849b28e96954691169aee2e1ae7ee8e

          SHA1

          c7c9a63d2cd64ff656811934ff1145b4ea2ee183

          SHA256

          4b121c494ba0cd14003d523023c419e0c9ca0474cfb5dfa343b0d10568fb8019

          SHA512

          3ff9f4e75f1a33d240b5c61301500c789dc05b0ec5aeb365bcf50f10f0ffba67ca47701cca5bafcb0df82e7b2752870948d4b78cf5add4590418c9442ad388de

        • C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

          Filesize

          1.2MB

          MD5

          b94e7a2526765958120b2c6adbf2ec96

          SHA1

          f8ae75892ae78deaed1fdbcc277e54a3385561a2

          SHA256

          42b8e350bff0126a28acc3bfdb8c7604db4555b707fac7524a6617f9e21b2cb4

          SHA512

          1bd727646ccabbd315e11931fd6e3fa0cc2fdc353f0843af5f39a43bcee06cd6aec522de02d76e9ac531423a50940c81ad75dde668bcafdb0a6918bf3fa81a41

        • C:\Program Files\Java\jdk-1.8\bin\java.exe

          Filesize

          1.4MB

          MD5

          c211f95d2107d01232efd3bf5345bcdd

          SHA1

          4dd0b2ab15a007fc19565deaa52259ed4d169876

          SHA256

          4d890f7f9d806b583a518f0dfba95b627f2f9eaaa3f86a2227d78b1ce76474e0

          SHA512

          96dadfa75540eba1683338673c8cda954dbd331f168684ccaf3ea6a37ad5b014706532ea11dce16e74cb92308ce79457fcc2d968306abca915d9112eab654e3d

        • C:\Program Files\Java\jdk-1.8\bin\javac.exe

          Filesize

          1.2MB

          MD5

          cffbf35e457b99e7e3ae4a204d7e7dab

          SHA1

          e9fae35357d417991b82af705c7e56591294f53d

          SHA256

          2806976592cf59b24695257c583e21476d16f2234e2b812b3428921c1099e230

          SHA512

          243e0a33705fa71f32c93a90e9998d44cfaadd80cebb6b79c3db8cbf33da3f45a3ed20d28956dc0d12f5a66d2038252ef9262d22502b81e67fe195fb7ba015c0

        • C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

          Filesize

          1.2MB

          MD5

          a7e5d7cd897f06d3fd88b5e6c787182d

          SHA1

          925231f94ca14b8ab290dc53622ac22a972e29ed

          SHA256

          9892358337f613bd2d977e1b460c535831a3af7b00aca3e59ce0d249cb0187e8

          SHA512

          ce87a6ce18609df958e4ff21784348a707bd0a340a251c2ed4519a6021645e2976f9f7c7b4fb2e96bc9f704ec359adb9ec2af0ead5aa09c1b05d0fabab4e9ea7

        • C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

          Filesize

          1.3MB

          MD5

          eaccadcb7a6cbd9db4e8c5ec41998f50

          SHA1

          038e890eacf649dcc4d7185e9e7dd20c1942621e

          SHA256

          457ccde0e01dc70a2214ffe65e7e7ac45607a42e8b21e9ff3eada40db332c07a

          SHA512

          3822afad1884057ff28202a41bf38b32f9a651b4576ec6a88a48e862a56f97be75da3ccc18ab84290d670aa7dfa302cf2496ac4f52ce269138be52e5388c3ba1

        • C:\Program Files\Java\jdk-1.8\bin\javah.exe

          Filesize

          1.2MB

          MD5

          7ce7daa01e57050013a03bdc3d9bbde6

          SHA1

          a66a403a3a6857d63c0e13dca6862ac1bc037f88

          SHA256

          34c1cf21ecfda6020d742e317039f58c228eba61e0c7a4aa3318d817e0f91c8c

          SHA512

          2751c38317f9f70b9e91bdbe6b7f7a2dbbff774c76a92dd2e7687b5908585f743fbd66d10a713071a562c70c16c0b19e536e00b4fbbf8925a2ccd3fdbf378033

        • C:\Program Files\Java\jdk-1.8\bin\javap.exe

          Filesize

          1.2MB

          MD5

          1a9882fda4ad3acc1e6c95463a9dd685

          SHA1

          c0f3decc5aa609ecba51ee7c8372898c1d5a8b36

          SHA256

          6039eeaaa79a56a2146efbf736ab3dbdd63b8948cddaa7d20ab7a36af84c0833

          SHA512

          6fad8533af301cc8a7d9d0a56ae56f47690afb1374c361787e6afbf8ea47ae54f477d1426aba0cc2d7761c33e0b7ea02a0ae8e88705897dde89a24011f090db4

        • C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

          Filesize

          1.3MB

          MD5

          6c9c28b8e573ba862ce961dd20b23bcb

          SHA1

          ff57f05cdd24a6cb7fd20f5aa7d04c8c94d2f05c

          SHA256

          6bc22f9f1e8e8c725277082af8566e2acb1a2fe35ad9cac0814b037f93e087aa

          SHA512

          647b4a671b8d37a5a2f934144e5db4c025a5f230cd84a63dd32de3154dde322daf83ace62f4fb2eda114335cd7ed2abed132dce860195d9199b1a35f25bd705a

        • C:\Program Files\Java\jdk-1.8\bin\javaw.exe

          Filesize

          1.4MB

          MD5

          8f2f216795fee2a7ec57bfe959ecf7e0

          SHA1

          ae1272ee6994deee424f1726f6c087e0f9841a52

          SHA256

          7b8f91542b2a8159141d9bdb90f715b59ab9de90db5f876b90c6b14223ed477c

          SHA512

          fc33d372bf689b9eb47881a9f0028ae2b7cc681e64274eb69be518004d451254cb41608d628bddb8a4545258300b9c4dd53559c3970e164bf017b4af7e0cd002

        • C:\Program Files\Windows Media Player\wmpnetwk.exe

          Filesize

          1.5MB

          MD5

          8b93074ea45fe76fc2ce77ecfb670697

          SHA1

          8b1aaea79171cd77ed190e23d232215bcc8101fe

          SHA256

          5ec88305a5b36c4b2144b017a93205981c1e495ba4d691ac5b28cf8aa2f9193b

          SHA512

          31a80726898c8a1f4ea75e18a567548b987378c557629d42680cb61f17402af20dfee1322e431b3440913bd2e69a1eb0da599dfbc5a0fe560954fac2aeb5d3fc

        • C:\Program Files\dotnet\dotnet.exe

          Filesize

          1.3MB

          MD5

          abbfb729a06d3714b50ed8dde622eabd

          SHA1

          81bb4ee1eac61a6e3f56a8f915c743e7f0845069

          SHA256

          7bb0a2be273ab0a514779c2b8f6245500154c89895e91fc9041aed6ccef5632a

          SHA512

          a73d2d61327562fb8935006451e7d4ae83e71795305e36cb10934d13744a41261f4cac7f21da222372c7cbba24b74e02e8c098315809e9856ca97e8cf4c59dfa

        • C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

          Filesize

          216B

          MD5

          3c41b09e10e0e54b0431f56ff3429270

          SHA1

          237370fc3712d338b618d9d051afe4203958ff12

          SHA256

          0682184a9b5f6dd9c90b400b618030a8ceb33d019fa3da0f4aa17973b74fbd57

          SHA512

          ec95e56a2cea2f77b27e584505a5a778cefc585789fb8727edf5675233fb4fb928b606b22fd552236ff1a7a7004d097ed87b5a31a1c46bf72936d7a36e09a162

        • C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe58a11d.TMP

          Filesize

          48B

          MD5

          402c3ead80f39a55d453be2125b6b1d8

          SHA1

          3eb63f8f02faddeaa480d171f7b1e0b0f140a32b

          SHA256

          ecdeb5a7d9209dbec7e50247dd0f4e90309e37bafff1fda70b48fac06fc53be1

          SHA512

          d21b4ca26ff18766409c7a0eff882c72a79518d659ec016053b859f33437f09cec6f20257f9073aad4e65210d7b562c4a211ee3458f72371c2b55299bcc96268

        • C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\CURRENT

          Filesize

          16B

          MD5

          46295cac801e5d4857d09837238a6394

          SHA1

          44e0fa1b517dbf802b18faf0785eeea6ac51594b

          SHA256

          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

          SHA512

          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

        • C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001

          Filesize

          41B

          MD5

          5af87dfd673ba2115e2fcf5cfdb727ab

          SHA1

          d5b5bbf396dc291274584ef71f444f420b6056f1

          SHA256

          f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

          SHA512

          de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

        • C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

          Filesize

          693B

          MD5

          dea4caed5dffa473e7443ba0c84c39cc

          SHA1

          a6965b25a962752da47a7f20ed9c124c11cc9a5a

          SHA256

          d91877c64b9f5e3ebc32ef9b8a038607def927587be649da5358b72903c87cf5

          SHA512

          e77c1664163158c89f7c07c8cafb871cb1e61b2805855ecfb838cca1139dae775bf4a0582d0b2d1e0c79e557902f8d12b3cacb60b3a149069c355b46406643db

        • C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe595c4f.TMP

          Filesize

          484B

          MD5

          86608b2422c5b9228223a2a6fdeaafff

          SHA1

          6a7a9494d9cffde4da092fd35e54edeca09c933e

          SHA256

          8643c37dc037f301505c7891fda41a869f19fc9338cabd34042cba5d42082a8e

          SHA512

          2900af1ac084a56f23dbc1b6076bf30c385f776962753dd3de4357c008137e33e24e2640af76cb2966a3c535542e4d9d1fbd48f301d9cda7dd70295c2bb664b2

        • C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

          Filesize

          300B

          MD5

          31f5d7ca5792f1081f45e08868ca909e

          SHA1

          ebd8bdf1ad381773dd1d7cfb8876923751fb2cca

          SHA256

          33665274bffbb2b7003b36eb6fbab01d3cd3e77aaf54fb180260875d2ae93fd0

          SHA512

          47285f30f036545abbe74ee77e7fb8c0d369195c031c3694b2711142571bcda813f973cc420ac3c956ee7815acf41b37f86f69595de26d17dc4b4e02c2980759

        • C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe596fd7.TMP

          Filesize

          59B

          MD5

          2800881c775077e1c4b6e06bf4676de4

          SHA1

          2873631068c8b3b9495638c865915be822442c8b

          SHA256

          226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

          SHA512

          e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

        • C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32

          Filesize

          9KB

          MD5

          efb6e815a83a9222a7263e78209285f1

          SHA1

          e178c8468d4e2ac9e66e7cd597813e6d85b30044

          SHA256

          9d0a3df457493d2ac1dba90a89ad6b35d309951142c793bef247ce462a631a2a

          SHA512

          36b1ec5f4b045b026f80983f769fa20d9e301c6ed92a036629f768c13515393522123d6436f438fe4f24f9116c0c7908c4d8093fcca36972e12ec763a06e3c72

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\btnOvrOffBottom.tga_

          Filesize

          444B

          MD5

          89cb2bc5ccdab01b0653d4dbb3d6a062

          SHA1

          afb947fffd5f5f3723e0c8c3b52cb8cbff406ee9

          SHA256

          ecd13153d9d438809a38de30f3abbb0f6f92837a7e3cacb442a9a9309bcd78d9

          SHA512

          e5bef83bfad930e2b68720e00d450aa879619dcabcf8d96f9f8c47636a95a9662bc91b04cfa9160081d8af79a1257b75647d89677123f28b8c609808d5b86653

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

          Filesize

          6KB

          MD5

          5a5715177822e69c98aab578421ae78f

          SHA1

          175ea27d6ef6df27fae93a724c94b2c770f78205

          SHA256

          5afc5816946e0d7b6d57a99a60be71d9e88670d9a63c18e249c9266d8e95cd2f

          SHA512

          b11d05dff7f9ce55c2b30de82709f5aa9b410734e1b88a6879e3489394a5b36a27389022de0a741a16f70d0639439d4f75942c3fd604567d63b9ec229d86b331

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\cloud_localfiles.tga_

          Filesize

          14KB

          MD5

          c4e538289a4c12da96cec77e7a3e36d8

          SHA1

          12d57144c0e79edbabc8033a9bf22b1720299f2f

          SHA256

          c7a1b0021d1f943e497c592d83050ac85a3b93aff732f9b94cd26d9c41b37ca3

          SHA512

          db3eac8c05b7277a6ab9974c682b20350705fcf616040204bab053d98cf193c2d6fc416eb571ca67f7e53bda59ccaddc0351bf60310a64dba2d83fd9aa539ab1

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

          Filesize

          15KB

          MD5

          577b7286c7b05cecde9bea0a0d39740e

          SHA1

          144d97afe83738177a2dbe43994f14ec11e44b53

          SHA256

          983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

          SHA512

          8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

          Filesize

          92KB

          MD5

          323181f4e9013b8b341897abd322e56c

          SHA1

          85e2e4a5d38c515185415bd4aa8d24f32d428fa2

          SHA256

          e0ce36b93ae67846424364085ad79ee24fe5c036e5f6a78a4acbe1583f22daab

          SHA512

          24fc5c82e25f2ee689b0888c6905f13ae74037e8db06a39b247d525071c858e8a284600dc5e33f006a2657d04c0b045c146c2af0951c7ecdceec34082a95d004

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_

          Filesize

          20KB

          MD5

          00bf35778a90f9dfa68ce0d1a032d9b5

          SHA1

          de6a3d102de9a186e1585be14b49390dcb9605d6

          SHA256

          cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

          SHA512

          342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\tabStdBottom.tga_

          Filesize

          48B

          MD5

          bd64c051ae2410eef96839a3cb7297f7

          SHA1

          95a5b0455d69127fe50e396153c795d9914ce0d4

          SHA256

          5caa5fa3e79dcd8ec5ec20256ed7c77efaae77e0ae8d89e4a974c484cb177d84

          SHA512

          ea2f76c8cf5dc2fd15017ad9b942d020c3ad5ce1cedc2a1604137ea02f8411cfff4166ffe93c101756b404344488b304cf2b4a71c25b2929654dda9a88a88793

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\public\steam_cloudsync.ico_

          Filesize

          47KB

          MD5

          da277b7a17374bde018ffab02015238b

          SHA1

          ceaafa1a1ed7d2101ad3c2884159364aacbf9dcd

          SHA256

          5aaca90948de8f7d11264ed608a2f96acba061e6463d337d658b00ed1c552449

          SHA512

          5a6e542ae9938f560d40348ceac663feaf889a6c990efdcfbea919531dbc34771fe2f0f366ab7adc15e998e5ed392d80dad78a8392f11b9c8fdf2c67f0431a53

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\public\steam_cloudsync_posix.tga_

          Filesize

          64KB

          MD5

          be3a210738638c4f33aa7e01cb475e26

          SHA1

          02276a10cd77cfd57e4c796c45d69d526f8420bd

          SHA256

          fd2abb8945c06a6b9c5444baf6ea523b52bf7a03a58b34ebe0a6a110630ed5f8

          SHA512

          6a11640800df51a8d88ef4224acd39cbb051dcdd6239bee82575ca11772a6a52e40c6614af3ea61320d29b4f75fc9611f6182ad2a55d7284863fd38d89631feb

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\public\steam_tray.tga_

          Filesize

          1KB

          MD5

          7ecf5b072a3c49209af4710481dff5c9

          SHA1

          6b49560eb27b2d7cd169c066208d4fd3a4863f3b

          SHA256

          f747d5fd27e74412be05bb376c0ff12fcebb7f39c158eaa89ab6a0a9d92ef3b6

          SHA512

          ec9ed9d824471655a48b48324a023a7231560810f6403f0ded04af35b51dde4dcd244bd4147570ac9c5cf0c841af33caaf8de7d60cf20f6fcbedbd1717d6d262

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_

          Filesize

          23B

          MD5

          836dd6b25a8902af48cd52738b675e4b

          SHA1

          449347c06a872bedf311046bca8d316bfba3830b

          SHA256

          6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

          SHA512

          6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_schinese.txt.gz_

          Filesize

          33B

          MD5

          dd542d7ca2128ef0e7c3411b5ab9e8d3

          SHA1

          0a98ce0efdb5fd75d3c697f06f3c084d5882dc49

          SHA256

          77f0055faba992867817c485930c5f60cf64e65c65b410128426dc35fd8d862b

          SHA512

          0d0c1801d0bdf69d2010b0e26ce0a156fa50baaa0370330bdcdb879cbd09a6146d7bc89de2d5ea6f3615123a60e1be87def44c07f92de24615974e3cae2cab85

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\steam\cached\game_details_header_green.tga_

          Filesize

          2.1MB

          MD5

          1ed17a7d11da47608f99d98a8d249e6f

          SHA1

          ea3d9e0de541be2a346e93e63286f0265ac302fc

          SHA256

          a24832de8b80e206143170a899ab91e76e85685aed74963fe2f490344bbf6427

          SHA512

          e423be766c3d615dee6f3ed8b0b7bb5735ec13617a93f6f5403a3e7c4c379b9ab87e9fd5f0c9fa9338f656e321488d0aba895ac9f77da413e27473b2218b9ac7

        • C:\Windows\SysWOW64\perfhost.exe

          Filesize

          1.2MB

          MD5

          08fba26287cec928ad1bf92bd11accd5

          SHA1

          fefbe2aa58c06e819c2d250e33e1673eeac30b1d

          SHA256

          f4e5745710a203e97e002942fc58961fea99791955d170ce926bdbd000e83896

          SHA512

          8a2449d70f1d2e3f4e9b54bfa6ca58ac7e8ef57e735a0411f6510e3ea1e99f50fa533a858df2cc45ad4594c45880ed063ad8526ce57577202d8b9eec79feac31

        • C:\Windows\System32\AgentService.exe

          Filesize

          1.7MB

          MD5

          c75f4f7a78168cce7fdf384284ef1c70

          SHA1

          ff1c4340b3da6134854a38831740ee97ce474a76

          SHA256

          850452adcaeaf70f47e7ed140bdbeb6cff0bc647b34b496f5e6de7bd0033cdb7

          SHA512

          8d1bfa5d4f6dfaf939f727d1181fd2e6b41a51557df25ddd5764ac7960d4c9e4bd39636e8cc8782ebd7c3a75a065772019f8640935ffa49a971cb2b84371952e

        • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

          Filesize

          1.3MB

          MD5

          b6f186f4fa40ffdd288d93b13a74d47d

          SHA1

          d3ef148bc6799cc1a3cda96ecc6ae27d471402e3

          SHA256

          ac3398a2f743f1abca1cc69ceb79eb6a50f43bee97d710c52c89bb06db68aa12

          SHA512

          40d86e29b704f1af8e6c19d9cc452215427f39431e86a6705c6dcf7f1a75f42cdf8d816c8b7b7c06266cd46a447df90d3164baa45932215d66fb5ace70ed8883

        • C:\Windows\System32\FXSSVC.exe

          Filesize

          1.2MB

          MD5

          80db78d910f2d11ac046ea4e9ee65afd

          SHA1

          090e75aecbaaab01ae2d71859492bf56e1c9173f

          SHA256

          b27538a5d0942d8f8581538d6e79c21a3fccc0e0df957486839c5cb00e23b080

          SHA512

          c096d388a625447c4952003ca7f7aa63282ecf802df13b55042bca8505ab1c5631462c5be49dcce69f15eac2a284ead1caef749dcbdf5182a91786b3bc730f63

        • C:\Windows\System32\Locator.exe

          Filesize

          1.2MB

          MD5

          b46dde5a0adf83b046be4890a9f071e3

          SHA1

          b9b0a52991b1a84727ea0324951c8850b852aa99

          SHA256

          57788ec1886abba73d95af33704cdc3c417413b72fcc1d78c9d7c3fe795a0d6c

          SHA512

          e6e9f31c17a7f80ff09f1bb0a82487d69671e3e7edcfb032d43a7450abeaf13817421a674d43aa784f76ebdfb8abe2925859715d67f23f4380cd0409218995a3

        • C:\Windows\System32\OpenSSH\ssh-agent.exe

          Filesize

          1.5MB

          MD5

          dc5b0872d9e03a5bf5efae53b2964038

          SHA1

          74f114841ce32bac25429c68f276394be8a0c1a3

          SHA256

          655d9f17e28d7c0b64b77d6fbc9f2b517424f5e0a54170e2e52ef8d2d44a4d7a

          SHA512

          b64a58b6ef8ab26d90de5c3956c18d29d7608c7d087802c7368e3202c2f2c0a8d6aa03b7bba72342680a8e2d2d83bf6d350159179f09884f5c8c6be4aa04c1cf

        • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

          Filesize

          1.3MB

          MD5

          eb3224878658ab97c68fb9680cc1cb52

          SHA1

          1550f733b75a9180b9e69686d1919ec9aba5474f

          SHA256

          805bc2ec89f69a44aee8bd7d424bbfb2f85eb94a440a38e423b83d903538e2ef

          SHA512

          a58c2ef7a57c88a12454e40b7d6170cbbf424956983ccc35f7c763137c99d3e1cc34d5c663c9ad53360401b36818eb5eda8c71cf8c5bf570ee30febaf7418cae

        • C:\Windows\System32\SearchIndexer.exe

          Filesize

          1.4MB

          MD5

          f4dd337a2f65715011b10572bc1c1c92

          SHA1

          b4f04530c1e03253acb679819a0a8843fbd3f184

          SHA256

          16d5db6c565e644d0fc7801b4aa2941558e559bde99f90b3d0a6ed99b4577f55

          SHA512

          ea04ce8def89f63cc44f2b72bea7cf50fd6384d7123db49835d967d26e8f4fa7cc9186ce0c98e651611463455a0e2bba9c54f8b2190de6edb376f4101cfac613

        • C:\Windows\System32\SensorDataService.exe

          Filesize

          1.8MB

          MD5

          3add7fbea0d6caec9025945dd2fbc346

          SHA1

          f14487c5ecc2776df1ad61adad8493ef935bcb9c

          SHA256

          5762c5c074122d3025470c159f339429eb0df0880b87ebc58a502691ef964251

          SHA512

          d05495a63a0a62f6e98d5b162ebf5a0709e4d1c8ef1fc42582bc1f1953e2b36f2ee9829a32e3b82075adabb101452ca5b7306f0a0ea962c241ada1c2eb5b5b73

        • C:\Windows\System32\Spectrum.exe

          Filesize

          1.4MB

          MD5

          7f55b20ee5efc331fc755ba28d0ded53

          SHA1

          d3c260d80f189fe874a4ddc81a55ef7931eff5c5

          SHA256

          b7e20b7e4b16c35d16cb1084f797d5cb380d40924a567f492ef478868546d6f2

          SHA512

          937d98a7639bd2935202cc5a726419550839763da1547af147c916ccc32d7691844f591ca2541f14b2c8982de5480554c33f9961d7e3c6875abb29f92b29af62

        • C:\Windows\System32\TieringEngineService.exe

          Filesize

          1.5MB

          MD5

          61618100317189baaa72da316908d3f6

          SHA1

          4bba1f2253c46ab901f8f9b96aea719e9930b4ac

          SHA256

          7df4d8e1d1cc23cb9a61908d833ffffece6231b6e2bf38e62f7818b73034a369

          SHA512

          b593b4e20d40b4763cc31aa6a7ae1c5c6c15a6716a22194fd80f9dd957226bd71a0b589b8ca2420556082c693187e19cd530f925eecab9d27153b2ef9749aeb9

        • C:\Windows\System32\VSSVC.exe

          Filesize

          2.0MB

          MD5

          0e1731266824f930462e1a1dd6ce96b8

          SHA1

          33ca7d2d61c89a39977b040cfe39ebf032b095cc

          SHA256

          43c72b3ac88a6b52d82f2279188a645fb9a5591f6dddc39c9e2d2a045e2d40ce

          SHA512

          5a3bb94a085e983bfb241feecf8b753347ac599432aacdaf94fb32481dbbc2b6bc8ef7c4ca2c1b761c2ee8037daef4a4fb36c7024a56690989be240ca9878dc2

        • C:\Windows\System32\alg.exe

          Filesize

          1.3MB

          MD5

          b9abd6b32efb6697618308cad50adefe

          SHA1

          654d4c86be1ce07c6fa53881fa0ab3153f720065

          SHA256

          2f55646350ec2c6e70c82ab4fc625d82accddce95149974d46c208055e248430

          SHA512

          d85509d912d2904b140394925d135017d8756340a14d4816302efb5b065d4dbb062f28048307941c725289d60787b53b9dfc4cb7a20c40d35980bb412b8c8f74

        • C:\Windows\System32\msdtc.exe

          Filesize

          1.3MB

          MD5

          a2ad8ea6c1d0ad0bad369df40284a503

          SHA1

          af6b237dbec9bdfe40c8e9ab7386ce8b80760f52

          SHA256

          ca0a060f0ec0c5384c5cbc86360b495953d0577a26285235305eaa9c0d4a1236

          SHA512

          7a75676d2edeef4727e4c6f957b253ac12a9adb4de49118e8636a419529351662b6f5cb98f6322ac7d938af327a0a3b3b40ceddddd0f757892ea01f13f0529e1

        • C:\Windows\System32\snmptrap.exe

          Filesize

          1.2MB

          MD5

          9a2a6f00fab7f262929178c4bc9d3222

          SHA1

          053c97c4152072da0e358a295d308fcd600d3a89

          SHA256

          112a2cce3f25b993536640fdb019fa686f2e35fae78eb82b536b2ec162b9b0c2

          SHA512

          af136b6364f2fde45599b6580c58292ba29171da7f3d8226b33bc48dbd1087b0cd4c75e8758930b1763d598441e540d8c6b2356c7374a1c682bfbc41ecff92a1

        • C:\Windows\System32\vds.exe

          Filesize

          1.3MB

          MD5

          320f9bdbaf9a162bbadbddb15d2a3e1e

          SHA1

          edfa57bdb1797f58eef16673663e23f9ca370627

          SHA256

          a848aa8b194dace17ba7952035772105120ff42ecfc3d1a24ed7eb893b47e751

          SHA512

          c3d38caa8111871f9372166ed8e597b57a294f619d3eacf65b175fbf3484b59d0b58616e820a3ad6c277140af6c0f6bcfedff566b950409d4a76b17e8fd18929

        • C:\Windows\System32\wbem\WmiApSrv.exe

          Filesize

          1.4MB

          MD5

          0673699b9f93f2517dcc49c9ba0c9311

          SHA1

          6a1e78d159eaf71a6010d6a739fb4191f1ac4c02

          SHA256

          ef29fae4b1f136df49724d476e0b763553b8110e8558542fde67835d12a17af4

          SHA512

          3efc55bcb9ead80fab74ec6f55d07a78195638e2353ffc74b65875171e3981736908247b18d151663451392c6a3dd070464e4acb983f9048d4f0a1b2700c17d4

        • C:\Windows\System32\wbengine.exe

          Filesize

          2.1MB

          MD5

          fe03d8b0a2c75ee3b43fe251948bb030

          SHA1

          deca12861ffcb37f8e1147df573e4c85f7135e72

          SHA256

          ae6faea54529bbdc878d307b5b91477b81496ebbd44588db04e6eb3b15f4a436

          SHA512

          9cf85314170d3651e517a441fe3b0db385beef00048575c55ce6fe9daa0607b1c3be7de0b90b88b3c1a0a17d884a93e03f59c93453266bd2f61ed43aa77bcf5d

        • C:\Windows\system32\AppVClient.exe

          Filesize

          1.3MB

          MD5

          7b3c3f569b25a026da6716df91cc7e23

          SHA1

          37972b11e2693edf74e1b2ce54f41ec192483171

          SHA256

          f1c5b8512ebc3bfa57ed11e250f22f942f480f438d95549b911df761a431eafa

          SHA512

          2bcdd2b522688d4c5ee750314b73d88505b7608b5b66f840321d42b94e473685bb1abc8c83251dcdfe759eb0663e8a453a283f99ca78ec7493836c0ada0ffbd3

        • C:\Windows\system32\SgrmBroker.exe

          Filesize

          1.5MB

          MD5

          2107e01795e096b4b183b5925697ef57

          SHA1

          28e18a894b6b071758fee613c6400b54163d32c5

          SHA256

          68429d594dbd9a7f8be8fa3d114eb843fc07e2c9f558a32fc5be17f146182cab

          SHA512

          08f31eec60dcb138260e95d98b391421acfdd4e486d53c356048e80f982cdd32ca240c6cae357c85bd1ef5cb463b137b365e581ef5d243cac6ea9317f3a9e84b

        • C:\Windows\system32\msiexec.exe

          Filesize

          1.2MB

          MD5

          ab45f8b967fb1f1f6122c07e73d6b9cf

          SHA1

          4a815c7c223e77351c40f5fa03f768634604b975

          SHA256

          03fef8b031f48fe0f1b9a713b02c72c6d4ab8069b282c6720924876206ce301a

          SHA512

          41981bc152dc6004d9d55bc0d809380ee605b7c27efa61f8e9438a5b907446d50c8686f1108347b0913cb3afe049e3c0cb3b17627b79c7cf349c0f49a97f5e73

        • C:\odt\office2016setup.exe

          Filesize

          5.6MB

          MD5

          da767e14de33a7d54c9051f150237e75

          SHA1

          c01ee4ea3136c1ccb2f400837c6f54bd16979622

          SHA256

          1c80da0beeb503d0bd692dffb5fb95cb7cef8cc842d8be82d44750b065432f64

          SHA512

          8d59de3ad5cc2696dc1659721ddac78b7538b7f627117c98d5dce81aec084c6d3f571107272d0a5443aaf597913a7a2380fc35f563f4fdaac5d1a1b9037fc510

        • memory/1196-321-0x0000000140000000-0x0000000140179000-memory.dmp

          Filesize

          1.5MB

        • memory/1196-326-0x0000000000500000-0x0000000000560000-memory.dmp

          Filesize

          384KB

        • memory/1584-101-0x0000000140000000-0x00000001401E8000-memory.dmp

          Filesize

          1.9MB

        • memory/1584-33-0x0000000000720000-0x0000000000780000-memory.dmp

          Filesize

          384KB

        • memory/1584-26-0x0000000140000000-0x00000001401E8000-memory.dmp

          Filesize

          1.9MB

        • memory/1584-25-0x0000000000720000-0x0000000000780000-memory.dmp

          Filesize

          384KB

        • memory/1760-285-0x0000000140000000-0x0000000140169000-memory.dmp

          Filesize

          1.4MB

        • memory/1760-212-0x0000000000670000-0x00000000006D0000-memory.dmp

          Filesize

          384KB

        • memory/1760-205-0x0000000140000000-0x0000000140169000-memory.dmp

          Filesize

          1.4MB

        • memory/1844-314-0x00000000004C0000-0x0000000000520000-memory.dmp

          Filesize

          384KB

        • memory/1844-304-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

        • memory/1948-99-0x0000000140000000-0x0000000140209000-memory.dmp

          Filesize

          2.0MB

        • memory/1948-93-0x0000000000CD0000-0x0000000000D30000-memory.dmp

          Filesize

          384KB

        • memory/1948-89-0x0000000140000000-0x0000000140209000-memory.dmp

          Filesize

          2.0MB

        • memory/1948-84-0x0000000000CD0000-0x0000000000D30000-memory.dmp

          Filesize

          384KB

        • memory/1948-96-0x0000000000CD0000-0x0000000000D30000-memory.dmp

          Filesize

          384KB

        • memory/2136-273-0x0000000000BC0000-0x0000000000C20000-memory.dmp

          Filesize

          384KB

        • memory/2136-267-0x0000000140000000-0x0000000140147000-memory.dmp

          Filesize

          1.3MB

        • memory/2176-86-0x0000000140000000-0x00000001401E9000-memory.dmp

          Filesize

          1.9MB

        • memory/2176-12-0x0000000140000000-0x00000001401E9000-memory.dmp

          Filesize

          1.9MB

        • memory/2176-11-0x0000000000500000-0x0000000000560000-memory.dmp

          Filesize

          384KB

        • memory/2176-19-0x0000000000500000-0x0000000000560000-memory.dmp

          Filesize

          384KB

        • memory/2320-198-0x00000000006C0000-0x0000000000720000-memory.dmp

          Filesize

          384KB

        • memory/2320-266-0x0000000140000000-0x00000001401D5000-memory.dmp

          Filesize

          1.8MB

        • memory/2320-194-0x0000000140000000-0x00000001401D5000-memory.dmp

          Filesize

          1.8MB

        • memory/2468-312-0x0000000140000000-0x0000000140221000-memory.dmp

          Filesize

          2.1MB

        • memory/2468-236-0x0000000140000000-0x0000000140221000-memory.dmp

          Filesize

          2.1MB

        • memory/2468-244-0x0000000000810000-0x0000000000870000-memory.dmp

          Filesize

          384KB

        • memory/2852-0-0x0000000000400000-0x0000000000940000-memory.dmp

          Filesize

          5.2MB

        • memory/2852-71-0x0000000000400000-0x0000000000940000-memory.dmp

          Filesize

          5.2MB

        • memory/2852-1-0x00000000027E0000-0x0000000002847000-memory.dmp

          Filesize

          412KB

        • memory/2852-6-0x00000000027E0000-0x0000000002847000-memory.dmp

          Filesize

          412KB

        • memory/3068-136-0x0000000140000000-0x00000001401EA000-memory.dmp

          Filesize

          1.9MB

        • memory/3068-139-0x0000000000BD0000-0x0000000000C30000-memory.dmp

          Filesize

          384KB

        • memory/3068-202-0x0000000140000000-0x00000001401EA000-memory.dmp

          Filesize

          1.9MB

        • memory/3088-158-0x0000000140000000-0x00000001401D4000-memory.dmp

          Filesize

          1.8MB

        • memory/3088-167-0x0000000000710000-0x0000000000770000-memory.dmp

          Filesize

          384KB

        • memory/3088-230-0x0000000140000000-0x00000001401D4000-memory.dmp

          Filesize

          1.8MB

        • memory/3568-436-0x0000000140000000-0x00000001401D7000-memory.dmp

          Filesize

          1.8MB

        • memory/3568-175-0x0000000140000000-0x00000001401D7000-memory.dmp

          Filesize

          1.8MB

        • memory/3568-180-0x00000000006E0000-0x0000000000740000-memory.dmp

          Filesize

          384KB

        • memory/3568-258-0x0000000140000000-0x00000001401D7000-memory.dmp

          Filesize

          1.8MB

        • memory/3568-262-0x00000000006E0000-0x0000000000740000-memory.dmp

          Filesize

          384KB

        • memory/3576-196-0x0000000000420000-0x0000000000480000-memory.dmp

          Filesize

          384KB

        • memory/3576-118-0x0000000140000000-0x000000014020E000-memory.dmp

          Filesize

          2.1MB

        • memory/3576-192-0x0000000140000000-0x000000014020E000-memory.dmp

          Filesize

          2.1MB

        • memory/3576-125-0x0000000000420000-0x0000000000480000-memory.dmp

          Filesize

          384KB

        • memory/3620-225-0x0000000000D80000-0x0000000000DE0000-memory.dmp

          Filesize

          384KB

        • memory/3620-221-0x0000000140000000-0x0000000140241000-memory.dmp

          Filesize

          2.3MB

        • memory/3620-298-0x0000000140000000-0x0000000140241000-memory.dmp

          Filesize

          2.3MB

        • memory/3920-103-0x0000000140000000-0x00000001401F8000-memory.dmp

          Filesize

          2.0MB

        • memory/3920-111-0x0000000000D10000-0x0000000000D70000-memory.dmp

          Filesize

          384KB

        • memory/3920-102-0x0000000000D10000-0x0000000000D70000-memory.dmp

          Filesize

          384KB

        • memory/3920-174-0x0000000140000000-0x00000001401F8000-memory.dmp

          Filesize

          2.0MB

        • memory/4232-144-0x0000000140000000-0x000000014022B000-memory.dmp

          Filesize

          2.2MB

        • memory/4232-80-0x00000000001A0000-0x0000000000200000-memory.dmp

          Filesize

          384KB

        • memory/4232-68-0x00000000001A0000-0x0000000000200000-memory.dmp

          Filesize

          384KB

        • memory/4232-73-0x0000000140000000-0x000000014022B000-memory.dmp

          Filesize

          2.2MB

        • memory/4516-287-0x0000000000500000-0x0000000000560000-memory.dmp

          Filesize

          384KB

        • memory/4516-277-0x0000000140000000-0x00000001401FC000-memory.dmp

          Filesize

          2.0MB

        • memory/4680-291-0x0000000140000000-0x0000000140216000-memory.dmp

          Filesize

          2.1MB

        • memory/4680-300-0x0000000000510000-0x0000000000570000-memory.dmp

          Filesize

          384KB

        • memory/4700-146-0x0000000000400000-0x00000000005D6000-memory.dmp

          Filesize

          1.8MB

        • memory/4700-154-0x0000000000940000-0x00000000009A7000-memory.dmp

          Filesize

          412KB

        • memory/4700-217-0x0000000000400000-0x00000000005D6000-memory.dmp

          Filesize

          1.8MB

        • memory/4776-53-0x00000000007E0000-0x0000000000840000-memory.dmp

          Filesize

          384KB

        • memory/4776-54-0x0000000140000000-0x0000000140237000-memory.dmp

          Filesize

          2.2MB

        • memory/4776-133-0x0000000140000000-0x0000000140237000-memory.dmp

          Filesize

          2.2MB

        • memory/4776-64-0x00000000007E0000-0x0000000000840000-memory.dmp

          Filesize

          384KB

        • memory/4852-37-0x0000000000930000-0x0000000000990000-memory.dmp

          Filesize

          384KB

        • memory/4852-38-0x0000000140000000-0x0000000140135000-memory.dmp

          Filesize

          1.2MB

        • memory/4852-47-0x0000000000930000-0x0000000000990000-memory.dmp

          Filesize

          384KB

        • memory/4852-50-0x0000000000930000-0x0000000000990000-memory.dmp

          Filesize

          384KB

        • memory/4852-55-0x0000000140000000-0x0000000140135000-memory.dmp

          Filesize

          1.2MB

        • memory/4940-257-0x0000000140000000-0x00000001401C0000-memory.dmp

          Filesize

          1.8MB

        • memory/4940-259-0x0000000000B50000-0x0000000000BB0000-memory.dmp

          Filesize

          384KB