Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-04-2024 23:35

General

  • Target

    2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe

  • Size

    4.7MB

  • MD5

    aab33557c85ba58681ae5a868881e1b8

  • SHA1

    a01778d12f92e47081de63ce6913b2cdb10266ed

  • SHA256

    fbed99453a6a3bb1916f2530dfcdc8a1cbb98180545914e5c5b9d92188e704d4

  • SHA512

    e0c120c60218e299f976b379074bb0036d096979d150227d5e692c6b3ebb220ead7766851ed9b6cbe975d6de33bd9615816914d67f1d488dd39e1fd55280172c

  • SSDEEP

    98304:yqJkdmBucaT57K3C4qJ31B0G0c5S2uf+bGhwmv5:z2dV7VK8tj0QufMQ

Malware Config

Signatures

  • Renames multiple (5962) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 32 IoCs
  • Loads dropped DLL 43 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 38 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 11 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 16 IoCs
  • Suspicious use of SendNotifyMessage 15 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Checks processor information in registry
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\Users\Admin\AppData\Local\Temp\2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe
      C:\Users\Admin\AppData\Local\Temp\2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe
      2⤵
      • Loads dropped DLL
      • Checks processor information in registry
      • Suspicious use of WriteProcessMemory
      PID:10448
      • C:\Users\Admin\AppData\Local\Temp\2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe
        C:\Users\Admin\AppData\Local\Temp\2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe
        3⤵
        • Loads dropped DLL
        • Checks processor information in registry
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:13680
        • C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
          C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=13680" "-buildid=1709846872" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe" "-launcher=0" --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--disable-features=DcheckIsFatal"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks processor information in registry
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:13588
          • C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
            C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1709846872 --initial-client-data=0x368,0x36c,0x370,0x344,0x374,0x7ffebf23ee28,0x7ffebf23ee38,0x7ffebf23ee48
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:13552
          • C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
            "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1660 --field-trial-handle=1732,i,4099752451629212425,12076556204286913681,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:2
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:13288
          • C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
            "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2136 --field-trial-handle=1732,i,4099752451629212425,12076556204286913681,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:13192
          • C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
            "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2496 --field-trial-handle=1732,i,4099752451629212425,12076556204286913681,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:12888
          • C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
            "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --first-renderer-process --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1732,i,4099752451629212425,12076556204286913681,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            PID:12836
        • C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe
          .\bin\gldriverquery64.exe
          4⤵
          • Executes dropped EXE
          PID:12952
        • C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe
          .\bin\gldriverquery.exe
          4⤵
          • Executes dropped EXE
          PID:17484
        • C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe
          .\bin\vulkandriverquery64.exe
          4⤵
          • Executes dropped EXE
          PID:7064
        • C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe
          .\bin\vulkandriverquery.exe
          4⤵
          • Executes dropped EXE
          PID:7204
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:868
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    PID:1772
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:544
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:5028
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:1716
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4460
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      PID:3376
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:4960
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:4472
    • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      1⤵
      • Executes dropped EXE
      PID:1152
    • C:\Windows\SysWow64\perfhost.exe
      C:\Windows\SysWow64\perfhost.exe
      1⤵
      • Executes dropped EXE
      PID:1220
    • C:\Windows\system32\locator.exe
      C:\Windows\system32\locator.exe
      1⤵
      • Executes dropped EXE
      PID:1540
    • C:\Windows\System32\SensorDataService.exe
      C:\Windows\System32\SensorDataService.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:3996
    • C:\Windows\System32\snmptrap.exe
      C:\Windows\System32\snmptrap.exe
      1⤵
      • Executes dropped EXE
      PID:4788
    • C:\Windows\system32\spectrum.exe
      C:\Windows\system32\spectrum.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:232
    • C:\Windows\System32\OpenSSH\ssh-agent.exe
      C:\Windows\System32\OpenSSH\ssh-agent.exe
      1⤵
      • Executes dropped EXE
      PID:4304
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
      1⤵
        PID:4420
      • C:\Windows\system32\TieringEngineService.exe
        C:\Windows\system32\TieringEngineService.exe
        1⤵
        • Executes dropped EXE
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        PID:1688
      • C:\Windows\system32\AgentService.exe
        C:\Windows\system32\AgentService.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:556
      • C:\Windows\System32\vds.exe
        C:\Windows\System32\vds.exe
        1⤵
        • Executes dropped EXE
        PID:1480
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:5116
      • C:\Windows\system32\wbengine.exe
        "C:\Windows\system32\wbengine.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:404
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
        • Executes dropped EXE
        PID:2612
      • C:\Windows\system32\SearchIndexer.exe
        C:\Windows\system32\SearchIndexer.exe /Embedding
        1⤵
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2504
        • C:\Windows\system32\SearchProtocolHost.exe
          "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
          2⤵
          • Modifies data under HKEY_USERS
          PID:792
        • C:\Windows\system32\SearchFilterHost.exe
          "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
          2⤵
          • Modifies data under HKEY_USERS
          PID:1420
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x2f4 0x51c
        1⤵
          PID:13012

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

          Filesize

          2.1MB

          MD5

          8a0d5d368a4e228f457c6417c7959242

          SHA1

          c58d0cece6cb39896e1178cc18133765bc9f48ed

          SHA256

          a0a737274311a4a38f34af912096ebb3fe0e15f76cb5b1e982662c2af93313d0

          SHA512

          752236b752e2836584e2c76b682a49bb6fb9aafb89cce39026103f34a72b7fed5cdc06e3f1e90f4961c7f91d260b55537be18ad416f5e5cd8502b7cfd3b7f888

        • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

          Filesize

          1.4MB

          MD5

          118c7fde5774b2088cdb1f744d8473dc

          SHA1

          ce7a157580f16778682fd1cf847c3d691a478dcc

          SHA256

          452f5c4e55e086a3295de22b6ce82922408c3b1fdf75b3097fc23a588ddef345

          SHA512

          75fbd87d17d10c4eea0441a6f24ac90f9d0d45f9a69cba80f23fc40c9d410bec71943dd240797ac23c700a35abdf2c17591ac8820eb3864ac8d00e9f3478d947

        • C:\Program Files\7-Zip\7z.exe

          Filesize

          1.7MB

          MD5

          0df33ad9451a69de4702584efd86158a

          SHA1

          c74682e126b132be9b4fb4d1b2a0e88a4e289e1b

          SHA256

          1bd59774fc47877dd22d65c5a8674ac6673331cfcc0cbe8467bb18aa67658264

          SHA512

          e944e78432961627dc6542477c7e4f680fa04c49a4753c1499b88ee9590d953ccfcc75cec190a495c9fe7364beb6d9256ef11ee956d49ddee64d2a2f70d14334

        • C:\Program Files\7-Zip\7zFM.exe

          Filesize

          1.5MB

          MD5

          cef4b9856da9e9b688def0db67e8a01e

          SHA1

          8ba00c2da6341731f051a84d2f2a6f4304e9b430

          SHA256

          5e7bba4c14bf0bbe05355c48bdf98b6cae00be8f9d861dca52a573a8a8e2ef8a

          SHA512

          c94328f41d6c09220d307a98a0785db2cee4b65e4614d076e9978d7011fa48a98ec1e371373d7c042c8d14697767de0984ca772aa7df120655a26f7772d39b87

        • C:\Program Files\7-Zip\7zG.exe

          Filesize

          1.2MB

          MD5

          b603977cd604ae650dfab50a80dded33

          SHA1

          ab80d4fb611ba6ff6753cb1ca5edb8a6f1595ea5

          SHA256

          33a160661fcf339e96be9e7d0888acaa328bddc8a729bee93efa81ed74000c12

          SHA512

          af770ce3d55e70b01495472acfb8623e058df4ede4700ec9d4b50275d5c0dacdcffc3859e705d4f909c5cd5bd47f7bbb971ad40f299dd52f6125a33adb539149

        • C:\Program Files\7-Zip\Uninstall.exe

          Filesize

          1.2MB

          MD5

          dfee2326ccf6815ff557cfb621a339f6

          SHA1

          a8d06823d59e1004732efc502a3a9ad9d5ea2ab3

          SHA256

          6c1f0c780b8d8b2bc6e0d9caadb86634240adbb1252e251f957337e4abc6d725

          SHA512

          c080b0b4f8424e5398c7a6356d4ffc1234f0779e2720f2ef90bc1ac68b69d8bc8fcb6a92389d693389b74ed030ce400e048e32cf37c0521bac5e3bbc49e4d9f8

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

          Filesize

          1.4MB

          MD5

          1139a0fd13aae15eb9b08e7efc020b76

          SHA1

          58d6ed320267b93b7b358310dd7495702d88b393

          SHA256

          499ec34fb38bbf8b3d240dd4366203bc86ab623c2c6a950e3ec4663d2af8dde3

          SHA512

          428bcf700641c0b4aa2114be0dbb8cd4872fc187b822f8c43e46a79647a065e085e821b253189a18860cfcad30ab4497ee99197de197ad75a5f1f321bdfa4658

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

          Filesize

          4.6MB

          MD5

          d196ae689a69a0790102045dc4d88f72

          SHA1

          200869424ee5fa0db2148364a454e2af476e8bf7

          SHA256

          49f3c9730c14968ed80ecf82ba21439d143246ba204f33ab6b9cd6b7d5872e7f

          SHA512

          4b0d9c47bf0935ae4b7654f1b6eea63915e5d33517c1724008346b9b608d511c9780aebe9d91aa442d7a58db4f5193d0977d716b83c380dc84c1c671bb5697c4

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

          Filesize

          1.5MB

          MD5

          d8c8c00058ebb6faaa494be5e13c1de9

          SHA1

          20e885e135443d2c38e086400cc546b6412b3e85

          SHA256

          34184fc421fa2bef4d11a3a315361b7389eb825eca4e289496a8de2a5d769dc5

          SHA512

          57d457ee0ea00006fd2ac41a4074122eef34d738061878f16dd2bd528941ef0df554ff4778a48f3d141688a16de4b886dc624fac66639d330d29a0d87550403d

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

          Filesize

          24.0MB

          MD5

          5bac21e4a6373cea3132671e933d364b

          SHA1

          505e3be819d03a3fc31b02a4d6c18fe554f6e943

          SHA256

          b721c0e6372708cfbc16f3e9d017f98ac5f1ac40689826d1a6a72d92775316b5

          SHA512

          6a60d76291b8ffd813a28a71e6656b438ba5a66a3f57759f1b4d4649431bb236f5a723bf582765bb361df7c4e662146568a6430b4200c40c5dc38b057b0db2dc

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

          Filesize

          2.7MB

          MD5

          8c9e01480616ecf2dd4515b1ec5e9f70

          SHA1

          b7f64d25eb7daa3a92c78c6e9389aa69906ece6f

          SHA256

          2cb2e5c923c142df4dff64d1b0a8cb14c401e31a027adeaa4db1ff308d95a105

          SHA512

          3f82639e08b33740a259737b1a9e90b7c1cfd61b654e12720dcbd016875e94db2c0d12df6c2228cbb236abbe9ee89c259e48a8f31c09206f12f1ae6da909b168

        • C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

          Filesize

          1.1MB

          MD5

          d13835a20229afc681a345653928af1c

          SHA1

          2d285e9662b0309668d902c81bd4907a9090336b

          SHA256

          5d4e9efad79e168d135aee4d9d85d81b10b144d4b278620140de397edd88ea35

          SHA512

          bbbf0d2ab9e213ab1858679db43453819c9941c0200fcbad35b297a10b5e44d2ec82e1288500f302873722a52205d75045989e9e23eac9480438309063f3019c

        • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

          Filesize

          1.4MB

          MD5

          607f646323d65bec8d08c9fa906807d8

          SHA1

          1ffa372ea1af511bcdb00cdb913e153a32f86110

          SHA256

          f98bbac20325e07675a7b73edd1393c2560783e12c4ddc47c297e9046607cca4

          SHA512

          4514addd0ce1436edb7fb8566ba5a91d390d97b941439b1040892df21fd4a195fd02279544d0badaa5dfee41fb404342e2cd158472b9af8634da39dc13705b14

        • C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

          Filesize

          1.3MB

          MD5

          dec30b06b9ebc0b3bcd5ccae3ebe73ec

          SHA1

          69cbf663653d4cd192c92120499085099c5bb6bd

          SHA256

          2a228c78ece00cf8928d9ce2c5706e892cdb9e3d931accd64d93a9c0304d4c7f

          SHA512

          6412c70ce25019e31d3a7b07f2db787bfd4b394edb30c86909d308ca1ab2faa0791081fe685b7458b924a5c313fc26f14a4b64f66582d4710da962a76ff92c5e

        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

          Filesize

          4.8MB

          MD5

          517eb03507e43f4a8776bbd0b38514c9

          SHA1

          45081cdd83cf571b1860222fe3b79ea085e86ef7

          SHA256

          8398cf2d5397f8e97b291aa568c60535dd3b9c9924676408984863ce512e2cc0

          SHA512

          dbfab8c564b9ee9fcf3580770decf8e8685de391c2b3750103740d77062557b10f9de13787648eaf33e0ec129bc66ed94b16dc24c0aa9b51874bb3eec6796f96

        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

          Filesize

          4.8MB

          MD5

          b4e14d29fb62c6770f48730b90264a2b

          SHA1

          6d5181a1b4900cb4f5e96eccf25e3597a73aede0

          SHA256

          ad3ee9d0234134c50a446d73d7d63c1cff1ae04c6ed8f1412b838a37b191bee4

          SHA512

          79e4bc83366a36d6a572bf8cdf28cc40cef850bb21ff7ae461abbf93fdb49173ee7c55d1f3d7e9f6c437d4526f698d8431be500ec2dc4d3d4cf266b513538489

        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

          Filesize

          2.2MB

          MD5

          e3a70673388e19cb298c293181c1fb78

          SHA1

          2bf1fb68799e7fbb2bd3d37eebfbc9620f1a84ba

          SHA256

          ca8fe9058b5fca47cff3c2fcd33e30476d196d305a011403b56e96fe1704a6d9

          SHA512

          c2a8d9024aed5c7d9616dca7c9e0e3484b89fb24f5a37076e351879339147b5f40147a1c577ec1f014d05714da9c44f0faf40d9d86f6c0e3d6d90c8ed8a60632

        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

          Filesize

          2.1MB

          MD5

          d118e7667428fb887f3f39e7b6cafa84

          SHA1

          a30322c2cc4294eed9abcb213dbec4e536558f4c

          SHA256

          ebfd7ef79131fcad88c3bf0199e342f947f13e5e0db5cb3f539fe70490279859

          SHA512

          ed7ead5e8752358fd2f68ddefc8c7323b70c96437babc5dc06b66b11d8d1caabb88c260a540b75e3351c17fbe381d77e940dfcc335f398c6eaaad2d7d697ae99

        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

          Filesize

          1.8MB

          MD5

          fff0403d663b07b1cf9bc2ea161d2f2b

          SHA1

          923fc4edb72b7a846f9f04ce3f13bc5f5660f94c

          SHA256

          b35750801d2662823b00dd61b4a9b68366542f7d2ea2194d56b99748af02bbe9

          SHA512

          b27d8701aad75a48c9fbc2774aea4a4e79bf0bd0a1bed41f18f5ad9b1fed5e3d4014fc439735061b3f50dc4b27182d0c03a75b42bd8564c2c919a3acfd8aab83

        • C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

          Filesize

          1.5MB

          MD5

          c369a0aa84ab4261721e4a81129e838d

          SHA1

          9194e8f89145aa098adb191ed4bbe8d2457a23bc

          SHA256

          ee567988bdbaf780196bbe46d07b3b9cfdab513b1b45106149010f4843bc432c

          SHA512

          e091d0966734448b87e09305b941be3a48eeea0082d6edeb2ffe2b9fc444d9597510c58beae257d3fc81647c37aeda2d117fc85da3bf2b96ff5e0e8af20a92fc

        • C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

          Filesize

          1.2MB

          MD5

          59c2a485794a40d499909e7f256638db

          SHA1

          dd7a70c8c0ca8163cce0a520a0523d05d2d35a64

          SHA256

          2baa7245b4a6074118143ec30ee68d21349affaa3ab2427084d1f6af55c12f58

          SHA512

          011c39f7e6535d0f1ab53db94d5e69681250c1368c3ed9873ca55c95372eb094f9486cfe52035eba0334109782f54213b0c2e74a2f49577bc2f0a22c68b23a9c

        • C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

          Filesize

          1.2MB

          MD5

          389f055361d4360ab73b07d5da1f03c8

          SHA1

          76ef686968b86d6f95ae5486d0dea96a0db5c3d6

          SHA256

          3bf4e1653b0ccc748e449ed9450bc990b0bd1a071e14910a1e843d1fd8e2edc5

          SHA512

          0bc234a8261dce257b33032f3c1e31b71d735132cfee0279673085a7820117a844866d7a9a12a649527b7b97db25a8f4ae93cbcd34cabafe1d7306ec275165c1

        • C:\Program Files\Java\jdk-1.8\bin\idlj.exe

          Filesize

          1.2MB

          MD5

          59f80645c688717e6ed58b64670497f0

          SHA1

          a386b2c7606f8fe3fdb8fbad5a95313fd7d0d876

          SHA256

          30843f8ddbe8ffa1df1c8260fd475660502d2bab71c2455802ea0c913bfdd4a1

          SHA512

          dbaca31744dd80a0ed6576b2d84592d4dc5e492a0dcee676a9778233023fb15e51fbdd30d9f486241a40fe8088e0c3e74c019d99ec1d0ae213bbdc08e050faab

        • C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

          Filesize

          1.2MB

          MD5

          61fb0a3eb25fecd9db48a94fe0660bb4

          SHA1

          899b94adb25270d001dc3b3614244db1ef48f7ee

          SHA256

          099e5a10ee6cb5ce3fba82195610459ccfd973f59b0c708887b215d8b0929992

          SHA512

          c9cbaa1db1081327371474d1f25db125ddcff7999f3653af09cbca8fb12547bee9d830c4bf62b298937e2bdfe45c13bfd122c714ada5c41e752e729f087926bf

        • C:\Program Files\Java\jdk-1.8\bin\jar.exe

          Filesize

          1.2MB

          MD5

          f6bc13ed3958de51259d48f82509cf93

          SHA1

          293bb8d8a61bcdb05d55be2c12f27039681d72fc

          SHA256

          b2215d9e5408b90f1657319334b00ce0eb32c7603a2b4f7f71f329076a4b2304

          SHA512

          778336ff017b9deed844a88e20528e2a16f56cad17f24f5d44f0375ba4e86af6113d65c4d879fe7b1ffc33b0d5cf08a976a045e323df85d14c21fb781ffed2e6

        • C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

          Filesize

          1.2MB

          MD5

          38e86fde2f30a1b7f78a149c9a4ad331

          SHA1

          960040ffa77d177e28fa8b14a5841acc9c47fe48

          SHA256

          df9d6efeb51632a5004ddcc821c09507e73df6cd40681bd628a2d5d635ffb9d5

          SHA512

          b649cd271d59469be0f3538832532b0bc452af63635709584cefa30bbbd8bb59e8743c88a77a341e8d927488298e0496a5d440acfdeca1859905a2fead144f99

        • C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

          Filesize

          1.2MB

          MD5

          f8c2f93dc7c80452f2478ecfc29130b3

          SHA1

          a0689a7fc71601ace0949d8f961ba5aade98144a

          SHA256

          ad114aa1f674a49ad6b28f28189ee71bfc8965ab34dbdc8d340ceb7aadbe7c8f

          SHA512

          f9ffee8c536f7c32d2cafd3f6ed89625e51d7c7295c86fa1ad3f3dd27da7312615ecf18bb1bf08f666b54642b13448c790708e722ec6c63c8caed48693ebf903

        • C:\Program Files\Java\jdk-1.8\bin\java.exe

          Filesize

          1.4MB

          MD5

          9037da0ffd9bc17521c1baddd5f1f3b3

          SHA1

          a07a25d237e7c51a3d622a6ab5b6f1fef6b78470

          SHA256

          62055607892dd2e2501a1d1e9f661eed10b00df41122e29f39dbfb9403ae46e8

          SHA512

          5af58eb26df2ddfaa6e0371eb70ea239f9244ad4153caee79a17aa246375310efae2bf14777779f85cf873f03e2b0e3163b3245c17d2dc901da8403b63f210e9

        • C:\Program Files\Java\jdk-1.8\bin\javac.exe

          Filesize

          1.2MB

          MD5

          856e84c5be21b5502ff71033413c16f2

          SHA1

          fcca9cddbf52d76c582aa2aabc36d35651208db4

          SHA256

          883e7c6802b72165d2f400d43d9b63ecc8e6102ab031f4f1768d77eeb6cefba0

          SHA512

          66ea86df029d20d84f91f6db5f6adff2532e14dca0edf601e0962b0119a93a58dc90bc43ccab6588e3c1e4afafd9dfd94b78b0fcd73b4b1404784ec092bad116

        • C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

          Filesize

          1.2MB

          MD5

          dd482da844ccb7a2c3dab391cc06b772

          SHA1

          06f25024304dcefdc476eaf83a74af7db10ed803

          SHA256

          bf4c5e9d3cdff141ed39ec13a2af2411e6cef18dfc90399f7bd9f0da22a965c7

          SHA512

          1e7f82b3ada41ff1b31b9168ea8bb6a4feef6ddd773ec497acc5d6e8615664e29a3f3133af4823d757ca5afaf5df4ba732861e81f8195930a39871d08431d9b8

        • C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

          Filesize

          1.3MB

          MD5

          201ab8b04d8df27392c5981fc75e28de

          SHA1

          8c8e9b6d75f8da55424f230e2ca3bbec67a18e17

          SHA256

          ca2a53017cffb943641326740ed5b2dd6eface389c4ba30bcee80ab07543ccca

          SHA512

          34d9394b919180878ce5b59483a46be98573b951eb104016b4f77a4345822220e5669b234eaeccc4612e3f238438b1ea7d4f7d45df912e1519627f178d139ac6

        • C:\Program Files\Java\jdk-1.8\bin\javah.exe

          Filesize

          1.2MB

          MD5

          b5e84362c62ba44eacfc7bbc2c937edc

          SHA1

          7cd965f8d2325995164fa1567b96d3ec028ae5db

          SHA256

          6681a1c19c2db61b2b30613954f5e8ea688c3473d7706e5f0dbe9023113cc539

          SHA512

          bcbe5a6e5663674ed6b1a0a8cc7da88a885645a8669777c1845a172e52857755f1caa0e84a5b519217aad349f6b1f9a332ec440fc3fcf6d390369bfa041d010f

        • C:\Program Files\Java\jdk-1.8\bin\javap.exe

          Filesize

          1.2MB

          MD5

          a1061f65e6abd7fa861539ceb5a848df

          SHA1

          a8300053d9f01e07e8078cdc9e2c02e74ab59e44

          SHA256

          3946763e0f6cee483528763f17bafd42ace81254cb9a424dae5cebf26e292446

          SHA512

          21f1dce1df71cd404750abd7a033ee20af04f9d23cbb4f7fafbd65098c947df5494673c795873110ffcf956fcf6a508e49b5e579a97cd7adbd9fc8616913c051

        • C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

          Filesize

          1.3MB

          MD5

          d32df1e7c79ec46dd0e8772c0c57c5e6

          SHA1

          4e0009b69ff5349242846c39971e27fbd456213c

          SHA256

          1befd8f23f27903204bbe7824b2bb66fcfad8932ae7d8a39d7eebd6ab3a8fa46

          SHA512

          1994d8bd0bd3a4fb3a9d6f55e76dd5922e1fdf51210f49c9afc0ab01bc141ab9ec716d70d4e5d77b185a6b0f950d01fa3cf61720c4fe0c36882c9d6c18b4dd0b

        • C:\Program Files\Java\jdk-1.8\bin\javaw.exe

          Filesize

          1.4MB

          MD5

          2f5d08beb16978f342b76012d0ce5f6e

          SHA1

          84389afe885a663ada6c106f69b4e8a11898ce96

          SHA256

          3b8bd4261cf47245a59f240b1940eeaa9034c8b5e2eb3ec1b4b01d4fc057815a

          SHA512

          30637b66808102ca8560a867862936d9b97721b82777a63841a2ffcda96087c9354d04d130789f28d2180c76cc21e1d5e2eac846f4d39d6b2e77c8fc43e5ff70

        • C:\Program Files\Windows Media Player\wmpnetwk.exe

          Filesize

          1.5MB

          MD5

          967a3f4688003f68103c5e074e900367

          SHA1

          4921ea8cee40a17e76b9055cf7be313928c6cac0

          SHA256

          4bc1890b91eb0e135b0409f34af3b3bfa5edd161237a6d5ae8ad103cc30dfe4f

          SHA512

          7ea702cc7a994ec252a9e4756939e8d644c98428d7c722adb33ec5ab3b95b9aff4761449cdabb284b54478dacb4b932f80a04713b5ec872f7b09cc02f157a4be

        • C:\Program Files\dotnet\dotnet.exe

          Filesize

          1.3MB

          MD5

          718766f979d322d61dd33aa486178d0d

          SHA1

          ba55038f69e820fcb4833b89c0f4d1f0c8bcfe04

          SHA256

          8f36e7a3e3692927fb2dc2916e756cb1157374813a1f09eae077694202e5e2e6

          SHA512

          e6fa46bba3cdc553fc61ed55824a275d0788109d6b1d3ecaee95ff73e4aaef48a20d70e628e8b23cc4b45094fd62cb54f7ce21b178ce901ba2cee1a789ed3078

        • C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

          Filesize

          216B

          MD5

          1d76aacf785a659652d0516daadd3a89

          SHA1

          8f1d8728fe05d7cfd0899af8575ee999e5cf0ce0

          SHA256

          2a1516143067ca0109b3aec30f08ebcaf6cdbd60a2155652e62e098f51a32e9f

          SHA512

          e76f4378ddcfd95bae7a768ff54fcbffbd38060276d0b0a852d7ee652f2f993cd498f3f8da0347be92f16088e6f713249205797336579d7de315e28122184ff0

        • C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe58a3dc.TMP

          Filesize

          48B

          MD5

          46fa9c67b956b9d7c5638b790b8b86e1

          SHA1

          0d8e7939162d9dcf811916710d488e9338fe7adc

          SHA256

          975e1b17c5ab55240443938e6e6badde873b5e8a26e0504527410e2fa150b97b

          SHA512

          5c068781e42694560fd18d715c936b49f2c55d2357acc24486490c98ddf4751519439fc031eb9daf73eade97a578d3e312d604648b18c34b69aec5ebc5d074e9

        • C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

          Filesize

          693B

          MD5

          43a444d4b3d7d2a985569262dce58d5e

          SHA1

          035ccd42305f7e2c105de72d99b15b93952ac7f6

          SHA256

          5a5f647b1ad61c9ba0b89e8bc05901d5cf15969932006d9ae43ef1a3374570d2

          SHA512

          df330d34b8bd6dc3529511659ba25f7f3e42e5d59aff2d1a035765cfd3401d7d48b280d5bcabb2a34d08ff682f04d7fe6da691f1cff3f02e65deb63a3d19ddc4

        • C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe596095.TMP

          Filesize

          484B

          MD5

          e8d2d9f7aa383b08c812d00fde1291b5

          SHA1

          6bf7915fca67f7890c8e1cb528f9d1a829860da1

          SHA256

          896813932711a860c5017d40f81df0937031fcdc5253eb5e7138bc3b957bdc7f

          SHA512

          dc19f029ab99f005643e1a2fc23c64d4f1639cd01c2bfc02314339c8fbb627b4ec12fe2f31a9c7f8c2d6149bbeab0589b6f98230eff29c4049aa7d36fa453774

        • C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

          Filesize

          300B

          MD5

          5b3755a335f86568e4349aaa10497e26

          SHA1

          5285a094cc2b06301e2b2f808e9be4693e2343a4

          SHA256

          d49096a8ba68810a8e8c3171aa39a445c1e37735154bcfbd220415e1091f9363

          SHA512

          f3834425981a2cfa9fae4c33bd08d11627dfb10ef281740e82ff27f4835191340cb15e074ed3a16c80facd745de3c4a88ed6616ea67d24420728c974a06f8ae7

        • C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe59740d.TMP

          Filesize

          59B

          MD5

          2800881c775077e1c4b6e06bf4676de4

          SHA1

          2873631068c8b3b9495638c865915be822442c8b

          SHA256

          226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

          SHA512

          e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

        • C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\CURRENT

          Filesize

          16B

          MD5

          46295cac801e5d4857d09837238a6394

          SHA1

          44e0fa1b517dbf802b18faf0785eeea6ac51594b

          SHA256

          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

          SHA512

          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

        • C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

          Filesize

          41B

          MD5

          5af87dfd673ba2115e2fcf5cfdb727ab

          SHA1

          d5b5bbf396dc291274584ef71f444f420b6056f1

          SHA256

          f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

          SHA512

          de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

        • C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32

          Filesize

          9KB

          MD5

          efb6e815a83a9222a7263e78209285f1

          SHA1

          e178c8468d4e2ac9e66e7cd597813e6d85b30044

          SHA256

          9d0a3df457493d2ac1dba90a89ad6b35d309951142c793bef247ce462a631a2a

          SHA512

          36b1ec5f4b045b026f80983f769fa20d9e301c6ed92a036629f768c13515393522123d6436f438fe4f24f9116c0c7908c4d8093fcca36972e12ec763a06e3c72

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\btnOvrOffBottom.tga_

          Filesize

          444B

          MD5

          89cb2bc5ccdab01b0653d4dbb3d6a062

          SHA1

          afb947fffd5f5f3723e0c8c3b52cb8cbff406ee9

          SHA256

          ecd13153d9d438809a38de30f3abbb0f6f92837a7e3cacb442a9a9309bcd78d9

          SHA512

          e5bef83bfad930e2b68720e00d450aa879619dcabcf8d96f9f8c47636a95a9662bc91b04cfa9160081d8af79a1257b75647d89677123f28b8c609808d5b86653

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

          Filesize

          6KB

          MD5

          5a5715177822e69c98aab578421ae78f

          SHA1

          175ea27d6ef6df27fae93a724c94b2c770f78205

          SHA256

          5afc5816946e0d7b6d57a99a60be71d9e88670d9a63c18e249c9266d8e95cd2f

          SHA512

          b11d05dff7f9ce55c2b30de82709f5aa9b410734e1b88a6879e3489394a5b36a27389022de0a741a16f70d0639439d4f75942c3fd604567d63b9ec229d86b331

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\cloud_localfiles.tga_

          Filesize

          14KB

          MD5

          c4e538289a4c12da96cec77e7a3e36d8

          SHA1

          12d57144c0e79edbabc8033a9bf22b1720299f2f

          SHA256

          c7a1b0021d1f943e497c592d83050ac85a3b93aff732f9b94cd26d9c41b37ca3

          SHA512

          db3eac8c05b7277a6ab9974c682b20350705fcf616040204bab053d98cf193c2d6fc416eb571ca67f7e53bda59ccaddc0351bf60310a64dba2d83fd9aa539ab1

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

          Filesize

          15KB

          MD5

          577b7286c7b05cecde9bea0a0d39740e

          SHA1

          144d97afe83738177a2dbe43994f14ec11e44b53

          SHA256

          983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

          SHA512

          8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

          Filesize

          92KB

          MD5

          323181f4e9013b8b341897abd322e56c

          SHA1

          85e2e4a5d38c515185415bd4aa8d24f32d428fa2

          SHA256

          e0ce36b93ae67846424364085ad79ee24fe5c036e5f6a78a4acbe1583f22daab

          SHA512

          24fc5c82e25f2ee689b0888c6905f13ae74037e8db06a39b247d525071c858e8a284600dc5e33f006a2657d04c0b045c146c2af0951c7ecdceec34082a95d004

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_

          Filesize

          20KB

          MD5

          00bf35778a90f9dfa68ce0d1a032d9b5

          SHA1

          de6a3d102de9a186e1585be14b49390dcb9605d6

          SHA256

          cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

          SHA512

          342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\tabStdBottom.tga_

          Filesize

          48B

          MD5

          bd64c051ae2410eef96839a3cb7297f7

          SHA1

          95a5b0455d69127fe50e396153c795d9914ce0d4

          SHA256

          5caa5fa3e79dcd8ec5ec20256ed7c77efaae77e0ae8d89e4a974c484cb177d84

          SHA512

          ea2f76c8cf5dc2fd15017ad9b942d020c3ad5ce1cedc2a1604137ea02f8411cfff4166ffe93c101756b404344488b304cf2b4a71c25b2929654dda9a88a88793

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\public\steam_cloudsync.ico_

          Filesize

          47KB

          MD5

          da277b7a17374bde018ffab02015238b

          SHA1

          ceaafa1a1ed7d2101ad3c2884159364aacbf9dcd

          SHA256

          5aaca90948de8f7d11264ed608a2f96acba061e6463d337d658b00ed1c552449

          SHA512

          5a6e542ae9938f560d40348ceac663feaf889a6c990efdcfbea919531dbc34771fe2f0f366ab7adc15e998e5ed392d80dad78a8392f11b9c8fdf2c67f0431a53

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\public\steam_cloudsync_posix.tga_

          Filesize

          64KB

          MD5

          be3a210738638c4f33aa7e01cb475e26

          SHA1

          02276a10cd77cfd57e4c796c45d69d526f8420bd

          SHA256

          fd2abb8945c06a6b9c5444baf6ea523b52bf7a03a58b34ebe0a6a110630ed5f8

          SHA512

          6a11640800df51a8d88ef4224acd39cbb051dcdd6239bee82575ca11772a6a52e40c6614af3ea61320d29b4f75fc9611f6182ad2a55d7284863fd38d89631feb

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\public\steam_tray.tga_

          Filesize

          1KB

          MD5

          7ecf5b072a3c49209af4710481dff5c9

          SHA1

          6b49560eb27b2d7cd169c066208d4fd3a4863f3b

          SHA256

          f747d5fd27e74412be05bb376c0ff12fcebb7f39c158eaa89ab6a0a9d92ef3b6

          SHA512

          ec9ed9d824471655a48b48324a023a7231560810f6403f0ded04af35b51dde4dcd244bd4147570ac9c5cf0c841af33caaf8de7d60cf20f6fcbedbd1717d6d262

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_

          Filesize

          23B

          MD5

          836dd6b25a8902af48cd52738b675e4b

          SHA1

          449347c06a872bedf311046bca8d316bfba3830b

          SHA256

          6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

          SHA512

          6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_schinese.txt.gz_

          Filesize

          33B

          MD5

          dd542d7ca2128ef0e7c3411b5ab9e8d3

          SHA1

          0a98ce0efdb5fd75d3c697f06f3c084d5882dc49

          SHA256

          77f0055faba992867817c485930c5f60cf64e65c65b410128426dc35fd8d862b

          SHA512

          0d0c1801d0bdf69d2010b0e26ce0a156fa50baaa0370330bdcdb879cbd09a6146d7bc89de2d5ea6f3615123a60e1be87def44c07f92de24615974e3cae2cab85

        • C:\Users\Admin\AppData\Local\Temp\package\tmp\steam\cached\game_details_header_green.tga_

          Filesize

          2.1MB

          MD5

          1ed17a7d11da47608f99d98a8d249e6f

          SHA1

          ea3d9e0de541be2a346e93e63286f0265ac302fc

          SHA256

          a24832de8b80e206143170a899ab91e76e85685aed74963fe2f490344bbf6427

          SHA512

          e423be766c3d615dee6f3ed8b0b7bb5735ec13617a93f6f5403a3e7c4c379b9ab87e9fd5f0c9fa9338f656e321488d0aba895ac9f77da413e27473b2218b9ac7

        • C:\Windows\SysWOW64\perfhost.exe

          Filesize

          1.2MB

          MD5

          296fed4abf7e2ff53957bd51caea3538

          SHA1

          1d339286b388d159a31ada5c861ca9ff96d1ae3e

          SHA256

          5635c3a392f2df9891dcadf3aef3b56d2ba22a3898d6f6c8907c7c5df62359b7

          SHA512

          f7c47f6e1be561b5e21d63a74b50bc053b7175fe7189b45c4d6727cc9dcece9a14a1654aa66123878f1f0b4df4593288905dd10057d16d48613ab40762ba9568

        • C:\Windows\System32\AgentService.exe

          Filesize

          1.7MB

          MD5

          d82209c7613bf0008922ca5ba19f8283

          SHA1

          ea7af98172ae1597375a246137c393ecc6a902a5

          SHA256

          240dd08673b48e13eceaf5e916b99dd7bf7bec1ed8bda77b27051737dd590693

          SHA512

          4f04275e616ab1572bb89df1bca0d60ced3767ffff4daae8c8e3d88f5d43a1ff72be1a2605d1e8f19fce588d10a922fdda5c8ace8c9bcef3b21d3ccfe935572c

        • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

          Filesize

          1.3MB

          MD5

          d96d02502ec703793bf78cc1db4d3b98

          SHA1

          aa5fb28bdd5fe9d87be728ad622280854ab02885

          SHA256

          43d9bb3553b4eb4bb1dc4797677851059c9fd62544121de49593c17731f16657

          SHA512

          b739da7dfc3704f3ce97b9174ed9bb51052e1b11d463d7a3c8f2e12f0376ccd0cc9aa67c883c7a7b54976e911ad0d80c318d538e37c3d185cdf9a9e4ea85c536

        • C:\Windows\System32\FXSSVC.exe

          Filesize

          1.2MB

          MD5

          6c4e1e7aecc0e3f72ca4b118cce362c8

          SHA1

          741b88e092f046bb1630e5ca95904e3c5a890bf9

          SHA256

          c3caedaa1047c3e6799b6debc2be5aecb2e93936ab40109335c28a7ae9f64173

          SHA512

          1b4cb9a0e9e18923c49527b2a7e7ab9e038defac0a5bb76831af10b771e8f871281a2d8ca307d226e241475f7ef76247bc24811c2fab74b700089691a65caf44

        • C:\Windows\System32\Locator.exe

          Filesize

          1.2MB

          MD5

          4c61d4270c1a85ec9a73a342e2f3b19f

          SHA1

          a61609f7c558b1ff528d4855bcd68c0ca4831174

          SHA256

          7c674517a8d16e2f1d828d4d4dff750859e5c34175de8f0b5e17c3b2e384e57c

          SHA512

          87f32d2f4e24f2c0d4accc83b837ede9375fdb8962d3dc75f18589ce451222eac22ef93308e6a5e0d6798fb0a46850d50fd7ab27d1dc5d6c024c5b51eedf7dd1

        • C:\Windows\System32\OpenSSH\ssh-agent.exe

          Filesize

          1.5MB

          MD5

          7768b0796e3a7044a7f9291b35478a43

          SHA1

          0b2ee50ff0a5dfd5337ef59751adec10a231ff8d

          SHA256

          a2b9a541fcaa084fc8a9c85de1dacfefa03342a538a8d41850bc631ff4bc8ef1

          SHA512

          5ce6240a9ced59da1255049b19f061672dcd796513828b18a0d055a1a3b62d2b25a03fd3eb282a62ff0e6322d70f434b5856b7a166a3b9e505f16a769c2b850b

        • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

          Filesize

          1.3MB

          MD5

          8d8157a9ddfc00e5e4ceae8a3a45fdea

          SHA1

          d87e3bd405fb3c025aeb2e14114755c23bc4184a

          SHA256

          c02c29b92cae1d04e4178e8c2ecb295ec6a8ebcb53a26a0bdb897f5c1dd7ed6b

          SHA512

          9c20d84a123ca5ecec3f4c364abf937e7079546e32a4932a1e10bf848c9b929e3c11b1ce07177dd4a49ad2fd760947d0dad8d2d5b674da00c2a834ce97b4d434

        • C:\Windows\System32\SearchIndexer.exe

          Filesize

          1.4MB

          MD5

          36b42d0e87691bc13eb09254bc5b2d66

          SHA1

          7fda94772855bc6e52787dd33116179b9351053d

          SHA256

          6e6dcfcf8e4104300f38a83752b6bc8968b098d47fab7a0c30e4eb3099aeba70

          SHA512

          4957328f8b390cfa4d79396aeae007f254ee59699761374e7200c740330053ee347837f4b30be79b9e11afa290e1f0742614f39d9cb9dd168c2d69cb03fe6b94

        • C:\Windows\System32\SensorDataService.exe

          Filesize

          1.8MB

          MD5

          ed819c28aff4148967e54164fabcb4da

          SHA1

          7bca47f016f05b74a2befd1811b0c8f283738f64

          SHA256

          3a8e394315f618b31e5b69335b12823b59895fef2c75655def4f82f4ef1118a0

          SHA512

          de1bd24d43eef60f650d2e32b97c9ad4c3f88dbc69e638318785100cfc44edc3da530719b9c0112c9cb7b938f7973ee22df7166de747ed77735a9c0584070286

        • C:\Windows\System32\Spectrum.exe

          Filesize

          1.4MB

          MD5

          abba1888ce77f4b856b9bd7a8ad275e7

          SHA1

          2ddf0da40c9bffead0615b6492a5219809ff550d

          SHA256

          9ca40baa2ad1ecd0e41f6c9f0fc7d2859957b12b1e5c6de2e23e4a81a0870cbf

          SHA512

          a2bf9e5f9a348e15fc17f2948085a16eb50a7d40589ab34d110b782145307559d999d97e07294fdba4d74ef4dd8db828af3e9395796a3f7f52c21d2ec274efa3

        • C:\Windows\System32\TieringEngineService.exe

          Filesize

          1.5MB

          MD5

          b473a0217fa73372af75cca31ab348a3

          SHA1

          ddce904e064c4cf52cc9beafe2c79df00cebf40f

          SHA256

          454c7ffbd8733633b8686cbcfd4cc0252bf121d7368149d359172e5d63a33bf7

          SHA512

          3a464bc3eac2534c11b1470827317e15cc2043973fb5aa3c4ecc0a4476d97a793d385ae3453d790200e51aa537dafe4c2d5a1a1067d6fbcaf0de91052610e2a4

        • C:\Windows\System32\VSSVC.exe

          Filesize

          2.0MB

          MD5

          ea9729c2b61bf118cabcf479e95da9fa

          SHA1

          8561fae50aa8677862053537326b064c74fabd9a

          SHA256

          ee28850d8e2fbaf458b4fce673d175d4adf4691012b0a9f5ea9c25013c35bb04

          SHA512

          6872861a778e59be3dbfbf103f43061d40aaecc69978a1c2507311de2aa2ee07bd23b13e850da41ff2a8b6a2a8c2f4cf3b2075daf76d429111405bf7932c8f71

        • C:\Windows\System32\alg.exe

          Filesize

          1.3MB

          MD5

          e3ab510f0348695da1ea3874cb7b4fb0

          SHA1

          2e2da78eb25dcc9ae360de2ad11d32d5051588b2

          SHA256

          edacd01dff488d98c307100c7a593b615e14d016fedba92c408cfcca249c8239

          SHA512

          67f3bc1447c6dd005c56424f61359c9db297990dba0980cab0c8e9c2f0e6c5eb299d62c546761b979ed43888f8a5b4d0b1c74354d2278b93be04b369b2a90b24

        • C:\Windows\System32\msdtc.exe

          Filesize

          1.3MB

          MD5

          9e520e9ba0b7c77ce330d3fb5b8726b9

          SHA1

          16e875414f2b264dfbffba9279734a3d5a56b0a4

          SHA256

          a1c727b556a2aa226bdb8a765d73f0413993608485be345a94ac7cb94ad698c2

          SHA512

          d5a451523d23f233299d4abd424427d00d9dee0884e4d12970b8c760579738a04d315dcfb5dcbbc3796a0a3e15fe34359411cc6b1203cf329d75fd69c32af4be

        • C:\Windows\System32\snmptrap.exe

          Filesize

          1.2MB

          MD5

          32e814623d3f0f935b9989b941a409fc

          SHA1

          367c1c2fa81940e1624dcceb9e5f3e0af30b3b4f

          SHA256

          6be8ec886a7b8b20906d05be12eaa345f238016d8c54d1fe2d6145591b352f3b

          SHA512

          e8690dd6b79548b3fe63a8231963913070e8f79bdf0405b398c2ed9f8e228557e87c53e124642ecf2323fc1d28c18ff285806aaeac279957778013262d6f599f

        • C:\Windows\System32\vds.exe

          Filesize

          1.3MB

          MD5

          f498700f521aa0a70795a00e14ef501b

          SHA1

          ad7ea6ef1c17edad0b1adbd21a868930cb203bf7

          SHA256

          8b7f3979d660a9f553c76e8ba0b4956605eac55adf918e3b8fdb23fff7aef582

          SHA512

          a9310dc77d9bb51fdb445b50a2a9fa685e18a0f91119e000495071991dedff79844c99ddfd9875fbe3ea7600f14acb09f6cd7ffaf4dca61156f483ec69e2a8e1

        • C:\Windows\System32\wbem\WmiApSrv.exe

          Filesize

          1.4MB

          MD5

          766c07bf072151498ab0685bb6eb42b9

          SHA1

          e672bddcf659374ddc218dae27c7ec2dc73d9080

          SHA256

          4fd28e8dfa55e1fc96bd6ea30640e80109447d7f7179bc23f6cf4d4ae2b4d579

          SHA512

          a958b5ea91c701dcc672f777c3de92ced0c90f4fe214675075149591d443be4b0a2b7d439e37264379e0aa27fdbe403c0796475e36837fbd33829bd9b3fcc869

        • C:\Windows\System32\wbengine.exe

          Filesize

          2.1MB

          MD5

          8d4aaddd0e535c793f6dcc7e439a73e2

          SHA1

          4848b7d85f4cdf0151da41ef886844c47462b309

          SHA256

          7babfcd5e2a694940660cb1c8d3d84a5ea4d1da646d102b9628d17a9496adfd6

          SHA512

          38b6ca7041d3b93191bc2a5c12d46084153e7beddaae46d8865e6ffa20fe1393e5eff368d15bcce5c2a8f40161ed151d0af3f9033f2f772a18b7011caed84f80

        • C:\Windows\system32\AppVClient.exe

          Filesize

          1.3MB

          MD5

          90f2a45434aa5d7b60e8403bc247016d

          SHA1

          4407b3cf1179b13741f8baa164f51e75cd043b58

          SHA256

          df959f8ec569d6075b7a1b4cbaa8ab0c21a2dbd3b69262abfac7927c4fb8ad2c

          SHA512

          f5e3c764ee974e9cba21669e616467a1238a5370b88fae72b0deb1d3168f55dc6f603500fb18a8b9104c52d72112518c69f4701671ace2c157ad25ed63eca867

        • C:\Windows\system32\SgrmBroker.exe

          Filesize

          1.5MB

          MD5

          6885622127e1d4a748c3e865ace86f9b

          SHA1

          d12b2900ee34744da44021b5dc910f3b419d8ab5

          SHA256

          8699503b88270ee1d28c7709907bfac5dddd9c2f0322550a5e888f9869c2a8b2

          SHA512

          1e31dbce9bd668fd8b252b7a7a124b38a962bd3f37757adbd61daed52387dbb7e7f60c5a7174bbe530e3605142be7b70b3f3cc975453d6d453f30c9371776542

        • C:\Windows\system32\msiexec.exe

          Filesize

          1.2MB

          MD5

          9a0a5075551f967405e4b0508053326d

          SHA1

          1cf1318bcfbf6721841e0b5ad68f0ff85bb444c5

          SHA256

          6b7f13f9b68c3dec264e3496cd51292ef4b42b8a9cdde71fa9dc82d4a29b1c72

          SHA512

          76986f97ed494b61b0e39a8ab9224bcdedb2165ca2bb8b38d38f732914be058d6fdec908ee4feb1687e3c591f1fa0abff927d2a57569b67df880b040890c0081

        • C:\odt\office2016setup.exe

          Filesize

          5.6MB

          MD5

          e21c872c2fa0c1fd569429014a566505

          SHA1

          c778ba03cdccef7857821f0cb970f4882a188231

          SHA256

          17348a2c01c67d336bbd9d4b694a6a89caf4d53c9ad3a143c262b404ee39562a

          SHA512

          5cec05473141668fedccba738ca2c7f21498c1f1aecedbb4735b4e24114d90b847a80d92bdb648645833f9ecdbb3cbb4c90d73d22b6c35f6ccb988da60307fc0

        • memory/232-311-0x0000000140000000-0x0000000140169000-memory.dmp

          Filesize

          1.4MB

        • memory/232-204-0x0000000140000000-0x0000000140169000-memory.dmp

          Filesize

          1.4MB

        • memory/232-208-0x0000000000740000-0x00000000007A0000-memory.dmp

          Filesize

          384KB

        • memory/404-12454-0x0000000140000000-0x0000000140216000-memory.dmp

          Filesize

          2.1MB

        • memory/404-287-0x0000000140000000-0x0000000140216000-memory.dmp

          Filesize

          2.1MB

        • memory/404-290-0x0000000000C10000-0x0000000000C70000-memory.dmp

          Filesize

          384KB

        • memory/556-253-0x0000000140000000-0x00000001401C0000-memory.dmp

          Filesize

          1.8MB

        • memory/556-254-0x0000000000BC0000-0x0000000000C20000-memory.dmp

          Filesize

          384KB

        • memory/868-19-0x0000000000500000-0x0000000000560000-memory.dmp

          Filesize

          384KB

        • memory/868-82-0x0000000140000000-0x00000001401E9000-memory.dmp

          Filesize

          1.9MB

        • memory/868-13-0x0000000140000000-0x00000001401E9000-memory.dmp

          Filesize

          1.9MB

        • memory/868-11-0x0000000000500000-0x0000000000560000-memory.dmp

          Filesize

          384KB

        • memory/1152-130-0x0000000140000000-0x00000001401EA000-memory.dmp

          Filesize

          1.9MB

        • memory/1152-138-0x0000000000BC0000-0x0000000000C20000-memory.dmp

          Filesize

          384KB

        • memory/1152-202-0x0000000140000000-0x00000001401EA000-memory.dmp

          Filesize

          1.9MB

        • memory/1220-212-0x0000000000400000-0x00000000005D6000-memory.dmp

          Filesize

          1.8MB

        • memory/1220-144-0x0000000000400000-0x00000000005D6000-memory.dmp

          Filesize

          1.8MB

        • memory/1220-152-0x00000000006E0000-0x0000000000747000-memory.dmp

          Filesize

          412KB

        • memory/1464-68-0x0000000000400000-0x0000000000940000-memory.dmp

          Filesize

          5.2MB

        • memory/1464-6-0x00000000026C0000-0x0000000002727000-memory.dmp

          Filesize

          412KB

        • memory/1464-0-0x0000000000400000-0x0000000000940000-memory.dmp

          Filesize

          5.2MB

        • memory/1464-1-0x00000000026C0000-0x0000000002727000-memory.dmp

          Filesize

          412KB

        • memory/1480-280-0x0000000000C50000-0x0000000000CB0000-memory.dmp

          Filesize

          384KB

        • memory/1480-11037-0x0000000140000000-0x0000000140147000-memory.dmp

          Filesize

          1.3MB

        • memory/1480-260-0x0000000140000000-0x0000000140147000-memory.dmp

          Filesize

          1.3MB

        • memory/1540-165-0x00000000007C0000-0x0000000000820000-memory.dmp

          Filesize

          384KB

        • memory/1540-157-0x0000000140000000-0x00000001401D4000-memory.dmp

          Filesize

          1.8MB

        • memory/1540-235-0x0000000140000000-0x00000001401D4000-memory.dmp

          Filesize

          1.8MB

        • memory/1688-6516-0x0000000140000000-0x0000000140221000-memory.dmp

          Filesize

          2.1MB

        • memory/1688-226-0x0000000140000000-0x0000000140221000-memory.dmp

          Filesize

          2.1MB

        • memory/1688-239-0x0000000000710000-0x0000000000770000-memory.dmp

          Filesize

          384KB

        • memory/1716-54-0x0000000140000000-0x0000000140237000-memory.dmp

          Filesize

          2.2MB

        • memory/1716-52-0x00000000007F0000-0x0000000000850000-memory.dmp

          Filesize

          384KB

        • memory/1716-60-0x00000000007F0000-0x0000000000850000-memory.dmp

          Filesize

          384KB

        • memory/1716-128-0x0000000140000000-0x0000000140237000-memory.dmp

          Filesize

          2.2MB

        • memory/1772-99-0x0000000140000000-0x00000001401E8000-memory.dmp

          Filesize

          1.9MB

        • memory/1772-32-0x00000000006A0000-0x0000000000700000-memory.dmp

          Filesize

          384KB

        • memory/1772-27-0x0000000140000000-0x00000001401E8000-memory.dmp

          Filesize

          1.9MB

        • memory/1772-25-0x00000000006A0000-0x0000000000700000-memory.dmp

          Filesize

          384KB

        • memory/2504-313-0x0000000140000000-0x0000000140179000-memory.dmp

          Filesize

          1.5MB

        • memory/2504-322-0x0000000000850000-0x00000000008B0000-memory.dmp

          Filesize

          384KB

        • memory/2612-298-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

        • memory/2612-309-0x0000000000560000-0x00000000005C0000-memory.dmp

          Filesize

          384KB

        • memory/3376-84-0x0000000001A60000-0x0000000001AC0000-memory.dmp

          Filesize

          384KB

        • memory/3376-97-0x0000000140000000-0x0000000140209000-memory.dmp

          Filesize

          2.0MB

        • memory/3376-83-0x0000000140000000-0x0000000140209000-memory.dmp

          Filesize

          2.0MB

        • memory/3376-91-0x0000000001A60000-0x0000000001AC0000-memory.dmp

          Filesize

          384KB

        • memory/3376-94-0x0000000001A60000-0x0000000001AC0000-memory.dmp

          Filesize

          384KB

        • memory/3996-404-0x0000000000770000-0x00000000007D0000-memory.dmp

          Filesize

          384KB

        • memory/3996-180-0x0000000000770000-0x00000000007D0000-memory.dmp

          Filesize

          384KB

        • memory/3996-397-0x0000000140000000-0x00000001401D7000-memory.dmp

          Filesize

          1.8MB

        • memory/3996-170-0x0000000140000000-0x00000001401D7000-memory.dmp

          Filesize

          1.8MB

        • memory/3996-278-0x0000000140000000-0x00000001401D7000-memory.dmp

          Filesize

          1.8MB

        • memory/4304-229-0x0000000000E50000-0x0000000000EB0000-memory.dmp

          Filesize

          384KB

        • memory/4304-321-0x0000000140000000-0x0000000140241000-memory.dmp

          Filesize

          2.3MB

        • memory/4304-214-0x0000000140000000-0x0000000140241000-memory.dmp

          Filesize

          2.3MB

        • memory/4460-78-0x00000000001A0000-0x0000000000200000-memory.dmp

          Filesize

          384KB

        • memory/4460-67-0x00000000001A0000-0x0000000000200000-memory.dmp

          Filesize

          384KB

        • memory/4460-142-0x0000000140000000-0x000000014022B000-memory.dmp

          Filesize

          2.2MB

        • memory/4460-71-0x0000000140000000-0x000000014022B000-memory.dmp

          Filesize

          2.2MB

        • memory/4472-187-0x0000000140000000-0x000000014020E000-memory.dmp

          Filesize

          2.1MB

        • memory/4472-124-0x00000000007B0000-0x0000000000810000-memory.dmp

          Filesize

          384KB

        • memory/4472-116-0x0000000140000000-0x000000014020E000-memory.dmp

          Filesize

          2.1MB

        • memory/4788-189-0x0000000140000000-0x00000001401D5000-memory.dmp

          Filesize

          1.8MB

        • memory/4788-296-0x0000000140000000-0x00000001401D5000-memory.dmp

          Filesize

          1.8MB

        • memory/4788-194-0x0000000000500000-0x0000000000560000-memory.dmp

          Filesize

          384KB

        • memory/4960-109-0x00000000006A0000-0x0000000000700000-memory.dmp

          Filesize

          384KB

        • memory/4960-169-0x0000000140000000-0x00000001401F8000-memory.dmp

          Filesize

          2.0MB

        • memory/4960-100-0x0000000140000000-0x00000001401F8000-memory.dmp

          Filesize

          2.0MB

        • memory/5028-48-0x0000000000EC0000-0x0000000000F20000-memory.dmp

          Filesize

          384KB

        • memory/5028-44-0x0000000000EC0000-0x0000000000F20000-memory.dmp

          Filesize

          384KB

        • memory/5028-37-0x0000000000EC0000-0x0000000000F20000-memory.dmp

          Filesize

          384KB

        • memory/5028-36-0x0000000140000000-0x0000000140135000-memory.dmp

          Filesize

          1.2MB

        • memory/5028-53-0x0000000140000000-0x0000000140135000-memory.dmp

          Filesize

          1.2MB

        • memory/5116-12440-0x0000000140000000-0x00000001401FC000-memory.dmp

          Filesize

          2.0MB

        • memory/5116-284-0x0000000000500000-0x0000000000560000-memory.dmp

          Filesize

          384KB

        • memory/5116-282-0x0000000140000000-0x00000001401FC000-memory.dmp

          Filesize

          2.0MB