be2e5734eb29bddd6aedac336b0df5469abce5a335efa4bbe03f088afee7ff34

Analysis

max time kernel
84s
max time network
89s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-09-2024 15:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup_forager_4.1.8_(43847).exe
Size

134.2MB
MD5

b713f3d29771ecdd5e909125bc0fff1d
SHA1

0e6c68b633f6ca45e5732a0a332b56a436bc4425
SHA256

be2e5734eb29bddd6aedac336b0df5469abce5a335efa4bbe03f088afee7ff34
SHA512

26f6f84328e2aae5be7cba8bbb6fb230007c19f931c909a4e4f34535bff82982b1fa01f52cf7faeebca7f83fe8b2231fa157e7ba0cd8cc2c90e70ec07fd6e670
SSDEEP

3145728:EpIC3SOMRroMbhcz233jadSou0bjK0+CUdYq6Vyk+pQtyivq6zb:EpICiC233+MYKxaq6VEpOyiv3zb

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	setup_forager_4.1.8_(43847).tmp

Executes dropped EXE 6 IoCs

pid	Process
1160	setup_forager_4.1.8_(43847).tmp
2224	vcredist_x86.exe
3272	vcredist_x86.exe
4524	scriptInterpreter.exe
4448	scriptInterpreter.tmp
4900	Forager.exe

Loads dropped DLL 13 IoCs

pid	Process
1160	setup_forager_4.1.8_(43847).tmp
1160	setup_forager_4.1.8_(43847).tmp
1160	setup_forager_4.1.8_(43847).tmp
1160	setup_forager_4.1.8_(43847).tmp
1160	setup_forager_4.1.8_(43847).tmp
1160	setup_forager_4.1.8_(43847).tmp
3272	vcredist_x86.exe
4448	scriptInterpreter.tmp
4448	scriptInterpreter.tmp
4448	scriptInterpreter.tmp
4900	Forager.exe
4900	Forager.exe
4900	Forager.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Network Service Discovery 1 TTPs 1 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
968	GameBarPresenceWriter.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	scriptInterpreter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	scriptInterpreter.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Forager.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_forager_4.1.8_(43847).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_forager_4.1.8_(43847).tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vcredist_x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vcredist_x86.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\discord-530541618504269875\DefaultIcon	Forager.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\discord-530541618504269875\DefaultIcon\ = "C:\\GOG Games\\Forager\\Forager.exe"	Forager.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\discord-530541618504269875\shell	Forager.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\discord-530541618504269875\shell\open\command	Forager.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\discord-530541618504269875\shell\open	Forager.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\discord-530541618504269875\shell\open\command\ = "C:\\GOG Games\\Forager\\Forager.exe"	Forager.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\discord-530541618504269875	Forager.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\discord-530541618504269875\ = "URL:Run game 530541618504269875 protocol"	Forager.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\discord-530541618504269875\URL Protocol	Forager.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1160	setup_forager_4.1.8_(43847).tmp
1160	setup_forager_4.1.8_(43847).tmp
4448	scriptInterpreter.tmp
4448	scriptInterpreter.tmp

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	444	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	444	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1160	setup_forager_4.1.8_(43847).tmp
4448	scriptInterpreter.tmp
4900	Forager.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4900	Forager.exe
4900	Forager.exe
1628	OpenWith.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 4016 wrote to memory of 1160	4016	setup_forager_4.1.8_(43847).exe	86
PID 4016 wrote to memory of 1160	4016	setup_forager_4.1.8_(43847).exe	86
PID 4016 wrote to memory of 1160	4016	setup_forager_4.1.8_(43847).exe	86
PID 1160 wrote to memory of 2224	1160	setup_forager_4.1.8_(43847).tmp	94
PID 1160 wrote to memory of 2224	1160	setup_forager_4.1.8_(43847).tmp	94
PID 1160 wrote to memory of 2224	1160	setup_forager_4.1.8_(43847).tmp	94
PID 2224 wrote to memory of 3272	2224	vcredist_x86.exe	95
PID 2224 wrote to memory of 3272	2224	vcredist_x86.exe	95
PID 2224 wrote to memory of 3272	2224	vcredist_x86.exe	95
PID 1160 wrote to memory of 4524	1160	setup_forager_4.1.8_(43847).tmp	96
PID 1160 wrote to memory of 4524	1160	setup_forager_4.1.8_(43847).tmp	96
PID 1160 wrote to memory of 4524	1160	setup_forager_4.1.8_(43847).tmp	96
PID 4524 wrote to memory of 4448	4524	scriptInterpreter.exe	97
PID 4524 wrote to memory of 4448	4524	scriptInterpreter.exe	97
PID 4524 wrote to memory of 4448	4524	scriptInterpreter.exe	97
PID 1160 wrote to memory of 4900	1160	setup_forager_4.1.8_(43847).tmp	99
PID 1160 wrote to memory of 4900	1160	setup_forager_4.1.8_(43847).tmp	99
PID 1160 wrote to memory of 4900	1160	setup_forager_4.1.8_(43847).tmp	99

C:\Users\Admin\AppData\Local\Temp\setup_forager_4.1.8_(43847).exe
"C:\Users\Admin\AppData\Local\Temp\setup_forager_4.1.8_(43847).exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4016
- C:\Users\Admin\AppData\Local\Temp\is-O7ASU.tmp\setup_forager_4.1.8_(43847).tmp
  "C:\Users\Admin\AppData\Local\Temp\is-O7ASU.tmp\setup_forager_4.1.8_(43847).tmp" /SL5="$F0094,140153268,192512,C:\Users\Admin\AppData\Local\Temp\setup_forager_4.1.8_(43847).exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1160
- - C:\GOG Games\Forager\__redist\MSVC2015\vcredist_x86.exe
    "C:\GOG Games\Forager\__redist\MSVC2015\vcredist_x86.exe" /install /quiet /norestart
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2224
  - - C:\GOG Games\Forager\__redist\MSVC2015\vcredist_x86.exe
      "C:\GOG Games\Forager\__redist\MSVC2015\vcredist_x86.exe" /install /quiet /norestart -burn.unelevated BurnPipe.{2B1A2975-7171-4E89-AA72-84B52AEC57F0} {09C6E77A-EEF1-4A47-B84A-ED9BD87EB872} 2224
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3272
- - C:\GOG Games\Forager\__redist\ISI\scriptInterpreter.exe
    "C:\GOG Games\Forager\__redist\ISI\scriptInterpreter.exe" /verysilent /supportDir="C:\GOG Games\Forager\__support" /SUPPRESSMSGBOXES /NORESTART /DIR="C:\GOG Games\Forager" /productId="2106942030" /buildId="54004040894989808" /versionName="4.1.8" /Language="English" /LANG="english"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\is-HMAGI.tmp\scriptInterpreter.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-HMAGI.tmp\scriptInterpreter.tmp" /SL5="$30210,662929,192512,C:\GOG Games\Forager\__redist\ISI\scriptInterpreter.exe" /verysilent /supportDir="C:\GOG Games\Forager\__support" /SUPPRESSMSGBOXES /NORESTART /DIR="C:\GOG Games\Forager" /productId="2106942030" /buildId="54004040894989808" /versionName="4.1.8" /Language="English" /LANG="english"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      PID:4448
- - C:\GOG Games\Forager\Forager.exe
    "C:\GOG Games\Forager\Forager.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:4900

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3e4 0x504
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:444

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:968

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
PID:2024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\GOG Games\Forager\Forager.exe

Filesize
24.4MB

MD5
de861fdd63d45f95982bd92fcc377834

SHA1
af6e24e46d5fc7986fb994b6f99fa9cb0136f01e

SHA256
74627e42f6b64c50346756fe4a99dd160c38d92a9d90561876ff00dd36a8e540

SHA512
5b9f7009d7be5c5606bda3282d6834660b66f908b2dc41680f056e03e4e1d8fc1713195520da8ef9d7e41ae60ff01184d9eb3c7809f853c1d35ebd4d3a67463f

Download Submit
C:\GOG Games\Forager\Imguigml.dll

Filesize
727KB

MD5
8a4108f8d34f771c32eb2235ed288b80

SHA1
5be0fb013fbbfb45ea7408997d309e1ae2212223

SHA256
80e0b8c07e92532891c81677bc86340b935693854a0643cf677f33ed7d29d898

SHA512
dc3705f3f81f9d97a26d8d24a8a914ff722344dfed5c93fdaf9593a652fb97825d610b4de879bcd81045c261da6d4504cfaffcb4cb867972c3e73de40b8d7566

Download Submit
C:\GOG Games\Forager\__redist\ISI\scriptinterpreter.exe

Filesize
1.2MB

MD5
c8aaca5f97815ab662436e5449aed17e

SHA1
4e47cbf558a813d102aee87284c404a02274eb0a

SHA256
d8667e94d5a9fe2d81e04df7e38f792bcf37aa727c24787014a51bd77fb19c65

SHA512
50e16042834a7ee6bd30b471142d17e526419b325c45b1f945323a01d773833a7011d9a820594515114043c06b6cfbebd7948778a6f6f6883b44680c13535f97

Download Submit
C:\GOG Games\Forager\__redist\MSVC2015\vcredist_x86.exe

Filesize
13.8MB

MD5
a3cb49daa1347ffe34b517f1a12f40ab

SHA1
72211bd2e7dfc91ea7c8fac549c49c0543ba791b

SHA256
12a69af8623d70026690ba14139bf3793cc76c865759cad301b207c1793063ed

SHA512
e3d96cc4c822793893fc3831cbe40d7a53ee8eca3a73021aea2193bbf5c5a05ef5fa4a9fc314c29ad5392f980997a25507caa9cf3a1e3362674ac913fbaebb17

Download Submit
C:\GOG Games\Forager\audiogroup1.dat

Filesize
24.0MB

MD5
a6bdbb3368587a45bb099cad62d3ee11

SHA1
0dcbea73a09d19e3a2c0f627c193070fee405ebc

SHA256
703a31a4a00b723a552aef41f080b88020e0b66f6a6684fd820cbdad33d326e5

SHA512
f5e2dd9007b6b23d4f3c02ebe958edd265fcc251c104ad1b7fefe082dce97a9d98ad8dc436b26945b28e0defeeb11bb1b693b8a7ce5312ca85b18bce8b041b8e

Download Submit
C:\GOG Games\Forager\catch_error.dll

Filesize
329KB

MD5
e6047bc3863b12fe0c015d4457d5449f

SHA1
1c010a2a2f932a10ca2f0b2555c9572afc1f4103

SHA256
3156a5fb31f3f95d11f98fcf8b3e128374e23631cf2eca0977804a99202d6bf0

SHA512
9cec32ebd5d511e312b9bcb8f9b55aec6e1f78a4a6e4932247c45e6a4113f1388528b02378517bc67191921dda35744c27bff9b2d6a3d66f207168967e68f144

Download Submit
C:\GOG Games\Forager\data.txt

Filesize
9KB

MD5
81826005d2fed899dcfb05ed12cc414b

SHA1
10f82eeed5d71a0cca851abca1c283badc1bc82d

SHA256
065e45969ff6e90d167ba673756b91977f27c67b786539b5f9d9859ada70caef

SHA512
daeb4671d0003aa176457d0b5f3298fc0ec15bd62f9b87b3e117c27f7b3d20f4adbeed8c2f1140c0b42da7ea9b1ea24b9dbfc061e0863bc1aef71aa5fd0aba53

Download Submit
C:\GOG Games\Forager\goggame-2106942030.info

Filesize
481B

MD5
6eaf67a81887ca63681a0392a007d1d0

SHA1
54091f467e2f9f996ad3c74e54ab84717c261f9d

SHA256
5e3878e194642081d85f792e057450e243bbf0b837838ce437ed6b0214643bb3

SHA512
37a3f94ca22a2c557bfc74500cb1e62c353283e6a2e79d68822f86b8b6801b747227489a848fee9526637fc37cf88ee2a84d4d2372eaab70170c0eb716d3a7b2

Download Submit
C:\GOG Games\Forager\local\chinese.json

Filesize
86KB

MD5
7c32039cd78e856dcbff8709823a60ed

SHA1
16256ea440d013173c4eb73d5f96f7983797b4ab

SHA256
309c23ae74bfc065021cfc747162c57a8e6d8f0bd176d68ed18342f09232971f

SHA512
a00668bef12d785924b799e767e06f1765888002c3700715d5f0d10906e5b70e5be16cdac3812ddfb2b6086215dd05740664826ca2bcd2b2f908904aff343ed9

Download Submit
C:\GOG Games\Forager\local\chinese_traditional.json

Filesize
87KB

MD5
53df2f4f315d85d3086a676f34b96a99

SHA1
a96db792abbaa6de42ae54caad64f1e60dd2a2cd

SHA256
45933474a2408ccf98d35e0e7749ae8e67000a5637087be274363d7d4a832356

SHA512
247f7b54139836e51b56d90ed49e0985573a0408692364d4831506c1738d5f82444300b58a08961026c152db007d8b1c5ecb098927f85577f66ac664c8e63651

Download Submit
C:\GOG Games\Forager\local\english.json

Filesize
88KB

MD5
b5381a2a9c405cfc9530a1ac90afa42e

SHA1
2883ddc9188c68b49990c0ea4b5696bd33915ae0

SHA256
a0468b638d99f8acd504697912ed632aa072109c8be3f9eb99eeba1b87816cd8

SHA512
f9d8a01e3fb4e18c095d570e001ed8c64fcdf4c823d7c6806588804928e4299334047f603c6d4eabb4b6f72ed0d5e0d23b6e7b22e7940df2441955823e2c4532

Download Submit
C:\GOG Games\Forager\local\french.json

Filesize
99KB

MD5
dd60487d1d7dfba9943e1b518cb2d979

SHA1
bf049adc944bbdee8c4e7e72062d6cf99e0eb4b4

SHA256
dac4654e06a092bba227e2d168e27d35c28e1343cbf68a0776fd91cb80889287

SHA512
f5f0875afedcafe9c371abf3e25800ee98c9ee14a976c5eebcaa599d1e385f46095c8021fa18107719b2c9a0237cf37d3afb1977b2b1640b519c1c5843a3cbfb

Download Submit
C:\GOG Games\Forager\local\german.json

Filesize
94KB

MD5
8e1d2b3b47ff5da77b37b86b2ddc5d9d

SHA1
d9f361e62f92284b75fa65c1dee222dd2ddab7ff

SHA256
9b4e7f3fc880f4ce4aadfa07238e618f3874825e9b5e2783bcac6353795b3b29

SHA512
fc85e4cb708b29736e6a66eca5375323e8958b2a5afb2f695708f5372037259b653cbe2129614c046389e24b019257dd432e07ea81c339e09f6d7192d487bf1e

Download Submit
C:\GOG Games\Forager\local\japanese.json

Filesize
101KB

MD5
d8e64bcef5bec62e0d9e087a108a5785

SHA1
52d4e6f4da57a64cfe0e3eb24cf838367c54b30d

SHA256
1f07c860136d5f747bc3b8501fc0642871c320e6363d4a649d3c67e766cf3eef

SHA512
64edf2009b77f9c645f380dcf9a4989d815f4dfb25b0fbf6ea2998dedcaa5afd6e4a88a1de136fba175bb70d0cf28706a7efe987f766e266380919a86a359988

Download Submit
C:\GOG Games\Forager\local\korean.json

Filesize
100KB

MD5
c7e90260576d44bb642f73e5b7e08514

SHA1
3721b64af7400097dad33d928f129786b304c004

SHA256
cf7f97ec295e73a4725443b7d03dc36f4d47d2a1c4b65e2bc53d4eda5605b4a0

SHA512
129d15bce27bd336b1756670f03a47cb728a6eda52b47e15c2a944ec45c366bdc8ddd18bd270a1a91cde345a03f965f4bca807e24d69780781efbe12a1658901

Download Submit
C:\GOG Games\Forager\local\portuguese.json

Filesize
95KB

MD5
49da29a95010a156b9545b8f54a97952

SHA1
d3ee0280e1f40d1cc6930cd46e58cd77602fd64b

SHA256
2bc0a2fde363e4fa61062fb08e9db3a9428b8d25597d8c5d7260a549720d17c5

SHA512
36ccb39b0ab1a9891ae20f40a2e6864a8fb6d87e533e921dc4689abeda32fe8a700717a2559de87f0d69f6dbcdb701e410746974863b70fa9faced92979cf150

Download Submit
C:\GOG Games\Forager\local\russian.json

Filesize
131KB

MD5
d07fb81bd584f5ca5a00119a1afcc3df

SHA1
d2f327df5390f0dbc05b76f4cbe8b1cfb9bbd2e9

SHA256
84ef8901bb6971ee5d44b33dbda18814a86659f0f47bc1318c6b7dcba180e68c

SHA512
4269c18bdb9e18cbabfb7eed8f6f788bc86e7dcedb2f8ae242aab47565becdb03c96cb80b376471c13fec5dbf418abcf7af7f7cb5f76c46cd85ecae6435d4984

Download Submit
C:\GOG Games\Forager\local\spanish.json

Filesize
96KB

MD5
9667fe45af9dc8b1ee1bc7c5b593eebd

SHA1
8505552ae4cdf93938e7ab10f7829613eb163ffb

SHA256
4aa0ea8e8f4f1ba75c6648ff1da3e0df15108b1f7c3b0772ceef919f4d286799

SHA512
4286d0a5986a841883089edb0c03af0ab866d4f27398c14869eb0773e672808be9fd61da750bf75e45593fad7c38f26b59a5fa0beb13923466de264c23f62f6c

Download Submit
C:\GOG Games\Forager\local\thai.json

Filesize
161KB

MD5
e3858972b9615af1771e643f94868824

SHA1
6992f3afe61d3a4290e11056fa120aa43a44db2f

SHA256
03974a776984820da0b817c2fb57ef41bb1451fb64e40e29f54ae68d54fe9b8f

SHA512
d5f8a2da8795d09d3c9f63aebb8cd257228239a20869b851d9607c53ff22f9ace5141aadcca6700a4b20516ae3d55df29ba97bde7a16456d320eee79582e9241

Download Submit
C:\GOG Games\Forager\local\turkish.json

Filesize
92KB

MD5
2ad21ff0e0d1a0c0de28620417576423

SHA1
5f38454a669798ea23c2f45f2514753d4498aaf3

SHA256
96007e487b2071561efb099286d64927cde20629c50bc57ba84955b533771c35

SHA512
273db6f22874b5741e69a78846e64beb6569d2af0dff48464ffebbbe70e81a1ae1243c60b1295f7062d48e797baa8ef8ef0c30fb4c96840e23e0deb652ce525a

Download Submit
C:\GOG Games\Forager\options.ini

Filesize
328B

MD5
5a40f29176a5dd1d3031f7b6d7b5d125

SHA1
beb94fbd7ab29c7f3d9ec2f0f41826621a794f0a

SHA256
0c50416ab1964a2c5ca958268facc48987ed827c86b6cb27ed93e2eb3c4c71e9

SHA512
c1e8bb9307a31a4eedb661bdd52b77f6e34e1e0efef4f2d7de26fa9099e8c2f8bf2ea64c4d7863f461fd903f2daecb5dbe317c1467399cdeaf8ae23c565d92a2

Download Submit
C:\GOG Games\Forager\rousrDissonance.dll

Filesize
85KB

MD5
631abcdbff360f1dc0e353abf58a1a63

SHA1
a63e2bf734513273da0662f31f5d46022090b9ec

SHA256
dc1f3d1a0ec37698535bab005f1f51538b22b6ef589b45d16f28794c31507cd8

SHA512
7ef12d84af299b2c9f72b2a4fee423c975356b42f76ae9bfc6a1a0f2c09b836414ec48d5deb607328495ba39cf38ebe76d493cda70e2ab629256f8158e748462

Download Submit
C:\GOG Games\Forager\unins000.dat

Filesize
353KB

MD5
e121b0eff83ab4f1f4ec9b21f7e148a3

SHA1
49251b2f9162a0388c9a2f1323ca53433461ce78

SHA256
40cfd19fe49ba5a16d6985831c423bac805c00bdab7c4b844a87a6a8095fab40

SHA512
eba90d96d8b5e3be0f6f9736047aa7e6e8f918ef6cc9c8094b31830865077ff10c8959c4ca094313c07c57850c762e58e1cd340ce04331d1bdd0423695e53bf5

Download Submit
C:\GOG Games\Forager\unins000.msg

Filesize
22KB

MD5
668a2187f89c993485bd46382ac682aa

SHA1
abeefe05d6d6f64c0ef1f5e023f1861000aadb55

SHA256
e43d06ec2b3dbe3d81bcd6b7880d28d074dac54b38646a605cfc5c809939da16

SHA512
4f056b8c69c0674ba725450bb6242625389f23043a46ad95c6452893da02e1349f6067a1e19e86c8182867b08b8e78da98bedf02d2c94c3aa647b45ec6da56e0

Download Submit
C:\Users\Admin\AppData\Local\Forager\config.txt

Filesize
2KB

MD5
d6868300c4a46f566afdae2ac82d26f9

SHA1
0dfc1de44ec6e71a646a3c2ca515660fb67fe600

SHA256
46bea212ddfa466ff95a77637541b2f7740f47f82c847c010cd38bc3dd5493b5

SHA512
f1aba69d8b62d5960ff5cbaf5ef77963667a26bb43a67e5b8118a9ebcdbc026ac3eb3bbb0d0d6dbfe7f6a1a086810e3bcc051cc390b45aa42c74620291c86bc7

Download Submit
C:\Users\Admin\AppData\Local\Forager\config.txt

Filesize
2KB

MD5
9a95b5f28978445274174980c5421199

SHA1
6aa13a8b9c59ff0ff9d0a3b2e0e7fda2b0032fdd

SHA256
3eeb0c83ceb956ea53cf3dc8a5ec36f9962acbff4990c61295d5b3b27967b21e

SHA512
44df361044ee07313f0d31a2e9ef9b9018f36352c980c5689aa45131798cf0a916e728c026fb549feb55be8f1b63d82bedb52fb0af481c080241b55cebfd36cd

Download Submit
C:\Users\Admin\AppData\Local\Forager\secretSettings.ini

Filesize
319B

MD5
d77096008c1a29ca4ad59ae7185dad25

SHA1
fdb6235c94a8abed177ceae2d34ccdb773bb646a

SHA256
f14dbcec03e0dd309a6d4bd9eb37ad051aa9f4dcc561f326cecc443e6f604e83

SHA512
9ba99f22f1e4a6b0f38574cd7c4cd7249ba7d80bcdda1d89a052ccf08dbd5d3da005d38a2c87eb31285b022fd0018f131d6292eb4a7b791dd03f2c030cd62b63

Download Submit
C:\Users\Admin\AppData\Local\Forager\secretSettings.ini

Filesize
319B

MD5
3347b2ea796d1805ddacf46c759b1501

SHA1
664d6c7a7fe63c90f7e27c39ab9f7755e40cdc48

SHA256
a53228c4a7e3505dc7dc188793dac94896384fc0396ad129325af1adde404724

SHA512
682b1199959e68c6849236e4aa4495e21bceb0a5f826e2ca1fc757c9fb8cc0c3da7bc1242d6fc32da46400cf89d79c5e2714b7295263c69cb667c50b2be0b6cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\1193046833_english.jpg

Filesize
129KB

MD5
d81902584f1472596f6c3cb4aaf0469d

SHA1
ae9f55427275ecf9017da71ad0e6b1bf37e50d32

SHA256
c229ea2190b5a004b9659b23f1556fed7c29a7eaf352d484dc3d7cba361cbe78

SHA512
8dd8dc323db9a9dd4d21545c4da30af98c8fa94f45c05ccd98bbf8906a3b857985c0d5a6048a144a5d20ea54d52aca6078abd06544c84d432126de6da13c245d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\1207659258_english.jpg

Filesize
212KB

MD5
45c764aec5bba8f1356c5c2a3dd6f94d

SHA1
4cbc33ebaf3850d57a22d4536f4e8bf54d4b8d11

SHA256
6d3e203f784568b042e01ba770a98237db43209879d46bfd184dacabd2a3cace

SHA512
9d49f56826a16b1f649cac9f42baa02ae5ab065b4c5ade03c315f982e24c2e096d89e9f3c3eda4210e512466f204f0b6e57658ac9630ca22566eb38299bd8747

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\BigOK.png

Filesize
3KB

MD5
5b43a5d975a53f4fc1da67ce9f7784c1

SHA1
8543fa1e471030049942252b23cb22e0880c3af5

SHA256
59d8bb3e87a89ef523c0495addce38d69560af42aaa82f56dd41b12e6612c13a

SHA512
5dd5c4e9859a555a4a32da76f5231b44f7556274c6501da530b2cdd570bcb4675f710bee708322a40ed3ef9280c0d652b4e7ef0e9eaf128c08534f59291917f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\EULAAccepted.png

Filesize
2KB

MD5
461dfeb75927bdb39f9db5348612a611

SHA1
b7893b1fff6801e37ee7337d876962a09184941e

SHA256
0de278f5ca6d8570d9bda592268a14a28b87d3631fea2d25721947397aaab79c

SHA512
68528cf45c81c2c024a672f42c2cd6d4f72c015b443f103ca21deb8ee2bec4f4027490e7f33b5338a87537b5bf7f255f2828aed149f622155ec89cc81687651b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\EULAShow.png

Filesize
1KB

MD5
c596bc9111edc702bbbb29b70984254f

SHA1
d4712c7b91ff4f8994e7907d31357c42eb47c738

SHA256
6112851daea2aaa7174e8cfac4a0f61c968bc090342503804c476eff47cc2462

SHA512
db50d0a39ec644873a03d64552fff1776cc94f016e8dfc8918e65aee94f7529a6de4637567b5e65c4ea988f3775785c4b52c2d96fe8dbc52b1e21ff59c737c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\GOG_new.png

Filesize
3KB

MD5
d5b63bdfa47ef5954917c148bacf7b13

SHA1
5302c6715d9e9b5d2768b130f3e516e175684cc9

SHA256
0804b385c1736e009fe8c3b1b14085b9b9abb40ce487360002ab4a8f3505f4e0

SHA512
b5cde681be9ad1c1211559dc4b363003bf547e8dc965dbb9560fdddfc28ee1d8f27cc534dd00864d800fd351c48694d7dc8df55fc3d8d69acf8b702c7b421aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\OpenSans-Regular.ttf

Filesize
212KB

MD5
629a55a7e793da068dc580d184cc0e31

SHA1
3564ed0b5363df5cf277c16e0c6bedc5a682217f

SHA256
e64e508b2aa2880f907e470c4550980ec4c0694d103a43f36150ac3f93189bee

SHA512
6c24c71bee7370939df8085fa70f1298cfa9be6d1b9567e2a12b9bb92872a45547cbabcf14a5d93a6d86cd77165eb262ba8530b988bf2c989fadb255c943df9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\background.jpg

Filesize
282KB

MD5
83563ba827f27bbe4bee18c565ed0845

SHA1
067ea5189e7c7e0933af4cc6eda99ded31113e8e

SHA256
64018866396af1d116abbc1e1ed120fa504073e9f1ac9a335121e6e46c6e55e7

SHA512
55b9941e772da92e5fabea553b6c4d3cd89c08a57fec1e6a1efbcee06a7f21ff1e6a1c04da843663b6b08898d6d5a0933112c3127dfb04b9a97c0fe26238f9a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\btn_md5.png

Filesize
8KB

MD5
3befe9739354ee24a0b1ea8df05ce274

SHA1
ab0bda986a8c46aa19f57b75a2b7b22445a3c625

SHA256
b0193ab375f604fa4a25cabdea8f713babde1c07ab562ffc5679352c8e01db47

SHA512
ac016a59e0bfc9b22c376ae5d498c5660893a983d932b2bd502dabe032883c69e79ea8d93c2db49f95415c3cdb068e9f7d1d85527a4f9e68e065a989852d09dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\crcdll.dll

Filesize
69KB

MD5
1d51fac9e2384eeb674199cfd5281d7d

SHA1
861dfdc121357d605d0cc3793266713788109eb2

SHA256
23e90ce5a1f2d634a7bf5d5d0522fafeea6df9e536e16f5ce91035d5197128ec

SHA512
921b00adfe43b883200960e8d0958d4e6b97f6d5cfc096ee277766a3e44cc7805a20877a4edf8bd4d9102bb71a20ac218a9a512f4f76bd751d3ef14f4e0a6eda

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\error.png

Filesize
726B

MD5
df10adc25b673e74e19971c17bee5a98

SHA1
ee16fb1cf9491f5e611282f0574b27d76fede412

SHA256
142b16dc6239421691fa6e619d1a61e61176d89fa018a88b46893c29a57aad8b

SHA512
dc3de10e0321966cbbfb2e57b3b41da6f26dff0c7233a47469da58775b5c471e6b5181e4d4ffc81ef8b83dbcad74ccc1aad7678518f99c9185a441d2a23e010f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\error_icon.png

Filesize
1KB

MD5
263720c4b8bb111567a2a49989b8f467

SHA1
cf346fa3c70164648e0eaf72a37c6f4920ab4792

SHA256
acdf96ee4261fae138e6350a0ad50b367022ed5b908fa168baad92644f566ee8

SHA512
94f06a81dc735cf264abde86e6169e5fd78d873d2e926fd48287d2ac5208fc930c3c432186e3510add002bd1b4ae32ad8d35270b17c3ce5f18c43764a8e9de43

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\ok.png

Filesize
1KB

MD5
103c1368e60806b1b7995a0894eacf87

SHA1
971392527f6e4b655044773132505c901a6b5469

SHA256
0d37d4421a39ca8852eb6760b8e914302bdc6cfcc7b170dc1b6c9bb9be148b7e

SHA512
652177e94438aff102f2ed873b26f0985ebed134763852b49b1ca2698463c1dbeb85152f19c8e18d397229ec5cb2cd1d17c61d454ab7c425a2cab540adc8228a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\progress_center.png

Filesize
1KB

MD5
ad7fc1e37e40da38dd57adc446cc6c0e

SHA1
08033265deb9b45243cfa0065d98ffe13a039e26

SHA256
2b9dae87340e66b67ab1d8247d4a137628e324969f92fe1098f95a7c5bab2f43

SHA512
dd715d74f8e1ed6ab75b7b6530b383ac47040d8baa7728be160f6d230bf485a9cc54f15f7dc85b122ce56e54d63fa4890e510dfc89d9c9344e31f789ebac8756

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\progress_left.png

Filesize
1KB

MD5
290c7612ad7a077028cd3dc78ce99673

SHA1
18995fbe39d05e4a1cafc7cc2e0f6fb745442f77

SHA256
85e39d909a7300fa2043ec42818582867b981401264b14fc5408e477ae0b4668

SHA512
799841f5b8a1056e78a49c823009750e4b93af130a6c4ff9dc6d386c06b88614e53b46a6df62f5a217d5c99da01cf4e2fe8392c73d39e81000045291cf24205a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\progress_right.png

Filesize
1KB

MD5
c25a41f022a74308d944d1e807d72f44

SHA1
83c6bbec3fb373fcc78ce0e737742100994cd6d4

SHA256
396a3351fe409328782ab138282cf9cec061a5a9540a3506700a620db1f54e7d

SHA512
d2f4449195f3e60c826cfabb52a083d829eb9d0509272977d8fdb33bc5214678949cd27d0594684594e0a3eda2351c39cec8d91923cb716ad144ccf2b966c8e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\slideshow.ini

Filesize
256B

MD5
993bb000f90891a78fc117ad0c5cdd8b

SHA1
42d42508c367face927e27debd4da8c1a520d721

SHA256
5e6a72a44649ced85965c35d9df083608d13baebe2faeb9acc5830eb5b73528e

SHA512
a1a1a88f54f1128d52f6d244b0d392b8041958201ae17dccba7ea7456e6d92c88318310b1238c83202751429b993f4bd61ecf8ef3fceb54d74b357c8e0221d12

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\track_center.png

Filesize
1KB

MD5
3f2b0c22f8ea28dcbb82b39a16a039aa

SHA1
b3f4dfc2ea86fbdad05877b4c356b7fa8016731d

SHA256
794f9eeca7fd99846968376b76a296c927532cef1271325cbf555caa0d0d5860

SHA512
b4bf65d751717e85418947662d315ae3bcb177f60914832fefeeb95da9eddb75eb5531c62e5a5a70ff03c8a025b5a03e61ffbdecc9f483bea9684454ca9362d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\track_left.png

Filesize
1KB

MD5
55dacb00cbe2825a8540236c5777a205

SHA1
18a52ac6c741b558500fbc1716d46b4fe4471982

SHA256
a8340fb5380c922b60ea40043590dba067dcfed6e22636851691df38156a3aa8

SHA512
2ea444cc1080f20761c8d71d96fcd04ef48254cdc1dc41d1d139f459ea5613fe12f6e4bd026bf33a5c01ff038e72e05dae2f8fba33ff517dd395e1911f10ff10

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\track_right.png

Filesize
1KB

MD5
ddec70b6c49be3e8c3a7d01c2f6ff1c5

SHA1
5383271999f787c36b1dc8f3cc13c8407b195439

SHA256
f54cd6e42f2b2bc5cb8a15f6a28f1499abf094a519ebdf39f4c4e167312c9c16

SHA512
f43f94b194b5a7eafcec9e831f61042859c30e1af2e2447195bdd06b12c90982181161a1c1be5aa5223ff664f88e4891bd71cfffb7ef672d6fe4f614030e0e01

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1F5BC.tmp\uninstall.dll

Filesize
691KB

MD5
7db706c324cc9b6fda497d081eed6e26

SHA1
ca97392e573af0cf61bfa3301801a85f2beea44c

SHA256
cc685dbcf798549ad1a51c1dde45462e2a451ec59f48ee91219182a3871cd5b0

SHA512
8edf1494d57d5e708faaff4170f21f435658be897a6fe0acf243ced0701a7fd574b3c973c5bc5e8d92815e966c98977e69ac1e3083ab00c11b072115527ffa19

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HMAGI.tmp\scriptInterpreter.tmp

Filesize
1.3MB

MD5
01190d8b6805fd4d2a68750fbd041966

SHA1
c5c967d47cc57112eec5fe7db0229b36e22ec661

SHA256
5761e7789d813626cd68ee1e62429cfeb92bdd814cd29ef12fc4ae9ec1dbaff3

SHA512
c079f1674f800bbcfe97d95e596314ba9f74bc7f87433dede4da91978c9ba9b1f0b22a4b690a07171983c46ac35e523a52df143072f700279914279de133957d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LJH1S.tmp\idp.dll

Filesize
232KB

MD5
55c310c0319260d798757557ab3bf636

SHA1
0892eb7ed31d8bb20a56c6835990749011a2d8de

SHA256
54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

SHA512
e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LJH1S.tmp\uninstall.dll

Filesize
712KB

MD5
f3a88277fc7e0c057c40e47a7e43f9ad

SHA1
78ae0052b323139a4de7a5361a40503a39339f4c

SHA256
d88bcf910e7a5ce4d76ca48b263ef226911b455d3a8db80c9fa69aeb2b3898a1

SHA512
3c40377600fbb814fe19423404d2fb29f6342ab2a3a6d5dc50f42086fc0f59174184a0870d7f04fb6ee5f84828e1ed282396bfcb70842084af25f5af15cc8a1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-O7ASU.tmp\setup_forager_4.1.8_(43847).tmp

Filesize
1.3MB

MD5
dc2e8d36795a7beacd5b0a39970c626f

SHA1
1c07dfedd0a4fe187e7ff6562eb2a560aeefaf3c

SHA256
e32efd59564b1739531b96edc7e0dc7d4efd5350f36f07a874f3dc12ffaa461a

SHA512
0de1cebaa8acde960153afc7ec58129467e79998405943f65674addeed9b643d6bfd7162e7746b3cf15eef2f7d551a721e09c9b0f6b82b5cd65029304487f6c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\wixstdba.dll

Filesize
118KB

MD5
4d20a950a3571d11236482754b4a8e76

SHA1
e68bd784ac143e206d52ecaf54a7e3b8d4d75c9c

SHA256
a9295ad4e909f979e2b6cb2b2495c3d35c8517e689cd64a918c690e17b49078b

SHA512
8b9243d1f9edbcbd6bdaf6874dc69c806bb29e909bd733781fde8ac80ca3fff574d786ca903871d1e856e73fd58403bebb58c9f23083ea7cd749ba3e890af3d2

Download Submit
memory/1160-213-0x00000000031E0000-0x00000000032E0000-memory.dmp

Filesize
1024KB

Download
memory/1160-391-0x00000000031E0000-0x00000000032E0000-memory.dmp

Filesize
1024KB

Download
memory/1160-6-0x00000000009E0000-0x00000000009E1000-memory.dmp

Filesize
4KB

Download
memory/1160-15-0x00000000032E0000-0x0000000003397000-memory.dmp

Filesize
732KB

Download
memory/1160-60-0x0000000005120000-0x000000000512E000-memory.dmp

Filesize
56KB

Download
memory/1160-136-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/1160-622-0x00000000031E0000-0x00000000032E0000-memory.dmp

Filesize
1024KB

Download
memory/1160-174-0x00000000009E0000-0x00000000009E1000-memory.dmp

Filesize
4KB

Download
memory/1160-621-0x0000000000750000-0x00000000008A2000-memory.dmp

Filesize
1.3MB

Download
memory/1160-211-0x00000000032E0000-0x0000000003397000-memory.dmp

Filesize
732KB

Download
memory/1160-536-0x00000000031E0000-0x00000000032E0000-memory.dmp

Filesize
1024KB

Download
memory/1160-212-0x0000000005120000-0x000000000512E000-memory.dmp

Filesize
56KB

Download
memory/1160-645-0x0000000000750000-0x00000000008A2000-memory.dmp

Filesize
1.3MB

Download
memory/1160-210-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1160-427-0x00000000031E0000-0x00000000032E0000-memory.dmp

Filesize
1024KB

Download
memory/1160-209-0x0000000000750000-0x00000000008A2000-memory.dmp

Filesize
1.3MB

Download
memory/1160-225-0x00000000031E0000-0x00000000032E0000-memory.dmp

Filesize
1024KB

Download
memory/4016-646-0x0000000000DD0000-0x0000000000E09000-memory.dmp

Filesize
228KB

Download
memory/4016-0-0x0000000000DD0000-0x0000000000E09000-memory.dmp

Filesize
228KB

Download
memory/4016-2-0x0000000000DD1000-0x0000000000DE2000-memory.dmp

Filesize
68KB

Download
memory/4016-173-0x0000000000DD0000-0x0000000000E09000-memory.dmp

Filesize
228KB

Download
memory/4448-499-0x0000000002C90000-0x0000000002D4B000-memory.dmp

Filesize
748KB

Download
memory/4448-529-0x0000000000E70000-0x0000000000FC2000-memory.dmp

Filesize
1.3MB

Download
memory/4524-530-0x0000000000060000-0x0000000000099000-memory.dmp

Filesize
228KB

Download
memory/4524-484-0x0000000000060000-0x0000000000099000-memory.dmp

Filesize
228KB

Download
memory/4900-623-0x00000000000E0000-0x0000000001B9C000-memory.dmp

Filesize
26.7MB

Download
memory/4900-612-0x00000000000E0000-0x0000000001B9C000-memory.dmp

Filesize
26.7MB

Download
memory/4900-615-0x00000000000E0000-0x0000000001B9C000-memory.dmp

Filesize
26.7MB

Download
memory/4900-617-0x00000000000E0000-0x0000000001B9C000-memory.dmp

Filesize
26.7MB

Download
memory/4900-619-0x00000000000E0000-0x0000000001B9C000-memory.dmp

Filesize
26.7MB

Download