Overview

overview

10

Static

static

3

Crack Launcher.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250217-en
  • resource tags

    arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    06/03/2025, 14:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Crack Launcher.exe

  • Size

    3.7MB

  • MD5

    95e8f2ac083ffa44bd5eb4011a5bc4ef

  • SHA1

    a88990feafe0a9955121608d92eb9156cb6621a0

  • SHA256

    706cac0b64738427fc45831e2d7cb548268adf36e6111e0f9aac71f48e6091eb

  • SHA512

    72bb43b6ee2a4fb9ab42aabd73f8eb064cc40bf575403afab4a161c69f6e9144ef62f40d3f0eca9e26864cf71729b5e4154d3dc93f2e94caa742fd2f629014ee

  • SSDEEP

    98304:8DaQ4jINZ/bE6Jg9iw0QLZ+8WK1mzJxN/NEneQNEf:F5INJ1w0UNWsm7+eQNM

Score
10/10
xwormdiscoveryexecutionpersistencerattrojanupx

Malware Config

Extracted

Family

xworm

Version

5.0

C2

Idlerkik-51025.portmap.host:51025

Mutex

39nuvgE8f15qGIgl

Attributes
  • Install_directory

    %AppData%

  • install_file

    svhost.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Detected Nirsoft tools 4 IoCs

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 29 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 26 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Control Panel 1 IoCs
    defense_evasion
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\Crack Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\Crack Launcher.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Users\Admin\AppData\Local\Temp\SandeLLoCHECKER_Installer.exe
      "C:\Users\Admin\AppData\Local\Temp\SandeLLoCHECKER_Installer.exe"
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Modifies Control Panel
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1216
      • C:\Windows\SysWOW64\msiexec.exe
        "C:\Windows\system32\msiexec.exe" /i C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\SandeLLoCHECKER_Installer.msi AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\SandeLLoCHECKER_Installer.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1741029183 "
        3⤵
        • Enumerates connected drives
        • System Location Discovery: System Language Discovery
        • Suspicious use of FindShellTrayWindow
        PID:3344
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Nurik 1.4.exe'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:848
    • C:\Users\Admin\AppData\Local\Temp\Nurik 1.4.exe
      "C:\Users\Admin\AppData\Local\Temp\Nurik 1.4.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:2212
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 1E28F76632E42E191B3F361DAF603C8C C
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2864
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 61E67C14E30C601552B4FD0B6E75A185 C
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:4672
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:3776
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding AAC7264FEFA4448AEEB7233AF4B2C1FE
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:3440
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      PID:3716
    • C:\Users\Admin\AppData\Roaming\SandeLLo CHECKER\SandeLLo CHECKER.exe
      "C:\Users\Admin\AppData\Roaming\SandeLLo CHECKER\SandeLLo CHECKER.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:1452

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e5818a5.rbs
      Filesize

      2.9MB

      MD5

      247ba1d1494e424acfc8b4e74e000ae5

      SHA1

      daade780d65315df6ce5efe3671754b661f7958f

      SHA256

      3473322a5dc7f40752282935d4984cb79c915bebdde5cc82bb9d0306ed4ba060

      SHA512

      01aec5475df58977c71197233d6fd67c3e018a6d5992a2c90cad84815be9569e21ff22f5038c7b68b0cf3cd237892130a11ceca7fa4d331ce971d0eb2b6310d2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSICE6D.tmp
      Filesize

      587KB

      MD5

      9e0aef52f6c03b2fea067342d9d4f22f

      SHA1

      d4431a858c8a7a79315829ec7aa82e838c2714f4

      SHA256

      42b8adafcb4e8496d9822a0c504f449e56456528a9251c153381d3f63d197e5b

      SHA512

      42858a6695d7906b3df4dc97f3b1fac737633a51ffb52e8ec8eddeb21f8cdb53c199bb698e54c4a931155eafd879de6fff114b84f298c84436b776e286ebeeb1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSICF3A.tmp
      Filesize

      1.1MB

      MD5

      c04ed00ddcb3518e8cf6db24db294a50

      SHA1

      cc98cc3ab9c4371f85ea227d9f761bab4aa76baa

      SHA256

      3c21e1f3bb3ebeb5f0ff68658db8abd18b62f8b195288c4bf87936fc51f8ae9e

      SHA512

      736946a3130f294878ea51145960017babcc1b8ac2c96afd8b9e2a4d120f173afb84bbd04b6f0113f286d4bc671befecd4e92c582f1de1a0d5bc8738c3cae9c5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSID16D.tmp
      Filesize

      709KB

      MD5

      eb7811666ac7be6477e23af68511424f

      SHA1

      1623579c5a3710dcc694a2fd49defa27d56d9175

      SHA256

      ad706739b04256b9215e80d2d030863a37f0d7fd0e4071d0a3a73d6704d8bd8f

      SHA512

      3055baa15c92f476513c66a423043dc4b8c5f83f47643ad77665d6a2f823f4655bf4ae241d8af4bc34d53630df1c35989f0b11b934a631960668fcc7a8c81a7b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Nurik 1.4.exe
      Filesize

      26.0MB

      MD5

      4ce1c78396ce2beeea1562f888f8ba20

      SHA1

      a027884eecacebb946ce8c4313fa2fa441653bda

      SHA256

      d250d01bf0a0a4c89af10202b6b33d4e3788424ce7bf24c0b6c184c3bc5237e7

      SHA512

      922c364bb3e6e9f71b6676b8ecd52a87f67041a4fbc3eb53c4c363aa8ba8c8cef14ee926134c6f5be3a5cd5c487ca3e26c7ced3e2bc12cacf5b2cd5977dbe2a9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\SandeLLoCHECKER_Installer.exe
      Filesize

      5.7MB

      MD5

      8a0591a6b534e32fa179f2d781b79026

      SHA1

      61e1aff6f862cbce0e1f6e9e70d186e5013d9846

      SHA256

      4df8350850592b587c4d2aaabddc8454bc4652df0082b85c3336139a9c6ea53e

      SHA512

      0a261afd07a152e0f4e7d4df8ad0d57c53e9690b0b4f7ed13614b60c55466bafa7ac70472f6b1b5b41e49b249f080ad3c4d440b655b631b17c3c7e1cea3055bd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_grpgwfv0.mjs.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\Apps\BrowserDownloadsView.cfg
      Filesize

      1KB

      MD5

      2808115146d3886750a27994323846d8

      SHA1

      4d1a069ff9c2b623f7cab49ae9b1ce147a8fa176

      SHA256

      8beacde0a805e86a70e460517f317cc966b7cb57336fe46e01c8f785d668038a

      SHA512

      fd4660a93e69f0a0bf4a763c9d11272da7d699256e20ae1788ff7a0bd13597b6f3c2211bef8951d3e67b3997b72d631a431bc9e1055b754c57424b3e0f935925

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\Apps\BrowserDownloadsView.exe
      Filesize

      478KB

      MD5

      118968b09619b304e29d77c7b41402b7

      SHA1

      d372d9a9af1b622bc2337d3a1b505b96ce736ac4

      SHA256

      7034ebfb236c1cdf85cdac041bc80f6143a55680af32cc4af22a3379c9a71b4a

      SHA512

      f2225639457007b7590ebc3ca4665214413568b68c502325ea5e98a7c00aa66a413c3ba59f8bf0d49e9cbd6cf89a28e25d7bf18a95791717343dcbd97b77c44f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\Apps\DevManView.exe
      Filesize

      163KB

      MD5

      9aa355d3d48e8a811a226f7320ad5aec

      SHA1

      358d2aa0be69f282dbea5d73962d2810b6a1c241

      SHA256

      642393ce850a4d47f749d280240d087c1e78f7321345c2db8a50984ef44f00af

      SHA512

      a3829f0f132f90789bad5c111b727426830f53d74e1f3794803274adbaa1e8a99c6be84c637c526978d56b563adc11056f946ea2e2cc328a99774a45a48786d1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\Apps\ExecutedProgramsList.cfg
      Filesize

      439B

      MD5

      4edc075d18603600c3b30206fcc058f4

      SHA1

      30067b3a52faae00b5f0f0713c80afa348004980

      SHA256

      4c360620c1604390812dc65da362ff2d53b9f7a636379415a41f5b4cee1c33f5

      SHA512

      a1e612a4ed5608ec18f04ef67ed219163d6043c344a460fb202e0aca0f15daf65b341622db6aef534db8862d88655827e55f1d97065314e2a5b81fdfe1582e0e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\Apps\ExecutedProgramsList.exe
      Filesize

      81KB

      MD5

      7366668cc7eaa1068a38cc2761217fc4

      SHA1

      a6790473129e7298185ef4ee4e0badbdecc50040

      SHA256

      e3af98717bf1cda7dc4aacb5b34d111ac237604161cd96f7929ec33f2ff260b6

      SHA512

      5af36447a1d29c2024b83cf08bb9cfc2c360e02d819eb7b238e1e9f774aef6e5930f5f33b9f64d62e4e958911493338a0d95b58b22b076c4e9025abe6f3f0b4a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\Apps\JumpListsView.cfg
      Filesize

      593B

      MD5

      4ccd997c204b66073d071546be6273ab

      SHA1

      b1bd7b547b47b72c92dc44bb057f4c4074cbf7ed

      SHA256

      03de29954da8e66d7dd5db1f4f9edb4036bcaacc79bcac8dfb01fc7e35c6477f

      SHA512

      bbae587c070a79a97bb2c533f598df3c9ad1618b9a3bc4c67d1ee3ce8016bbf3a003f6651d56d818fddbc0249c0cd46d5b19ea140c4950cb210eaba7b941718f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\Apps\JumpListsView.exe
      Filesize

      93KB

      MD5

      1a7524a3f7443c3e041774d5f372142c

      SHA1

      b7f4ce125731505cb4961df217465ef6a94c31df

      SHA256

      e000c782af989e016efcef1664b9d652b0fee59b011e28154072f7b6001b124d

      SHA512

      3a3e4412727086bdfea85cb9da8d8994ff2f37aa4c761458ba0006dfd7e6fb72b313940eec5ad197b1026e6af4d10d72cbe85c99e3a245ba2c18141fa633ec19

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\Apps\MUICacheView.cfg
      Filesize

      263B

      MD5

      d42eb06e18177a8fbac1c51775a29d75

      SHA1

      828cf630faffccb25094f48b47ef6c0b76bbabe9

      SHA256

      4b997de7fe27892b96fd0b94f07b29935ca0a8d1ef13044c846c88050e71f932

      SHA512

      8924703203b51f13618b1096e7ed976e7c7b2caf5eeea8b4e0f574183e2aa610788d67113fecc852127d10289cd72e27a74d779a6972e3d45c39111aa8fdff27

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\Apps\MUICacheView.exe
      Filesize

      29KB

      MD5

      e999c811b919c420d5657a484cecdd61

      SHA1

      a61ab3db7d9aa92c309956c8a033a7c5ce4edeb9

      SHA256

      02e28fa849121a1ffce2cccdfaed4974636253c3a8d5f16207d0fd13c0ea72d5

      SHA512

      caeb0693a02154195d2421786a7b39559ac605c06371a8f7ed95535f75296e7f3a99de0a72d9ff7570d4b7d0bd3a2c2bb7ff37813f1fefbc4be1ad792ba41d8a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\Apps\UserAssistView.exe
      Filesize

      30KB

      MD5

      f36530f46a34516be38521ee9a134d28

      SHA1

      47f0553e0a0febbef59fd9a32149497bbdd5229c

      SHA256

      bc11c4150bbc6f8b2cf7bc96bedbb183c61d53ab8e4052b15d58bad6b6d1befa

      SHA512

      5c1a1282ffc25409d0044770c80e92f7a89fb40567dbb24f64f46750083bb30b842a63ef58b8b9433fa5a5903a5aa7bf71ee941709365c6bc17a9f4d85b1ad5d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\Apps\shellbag.exe
      Filesize

      1.6MB

      MD5

      463058236a0d84f8f8982d946eed0e07

      SHA1

      800ab71ed3b3bf4fb67fc9e1628e59d0aab8b124

      SHA256

      c93a0f4c6b5f24ee31cddb92b0ea3337021b5fb91faae8a381d3bd2c9b6add54

      SHA512

      18bd9aea8489c5e873a679da92c83d2739de9532f5751bd23aea9eda226b9a95909f8fd525b0ce47859492997002aee32ecf37bb79e07f24b512287b8fd58a53

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\Extras\reg1.bat
      Filesize

      133B

      MD5

      71c2ab4ba40883fbf4713878a29ebcae

      SHA1

      61a7f6b7ecde461a22e8336f8ff77b7658a9d5cc

      SHA256

      d4f4b6d1008fc2dc4edbcdd359088781f6457fd157320a9eac4d1c189f12c21e

      SHA512

      f563791621eb4c7aae8d90f4d667e637e415bce65677b69539b89209f9d619c61777a11210076d2786382afd770385c18f02cdd8eacbfebfbe56be82c55c76e1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\Extras\reg2.bat
      Filesize

      134B

      MD5

      847e532991368d9cb63efacd08bcc2fe

      SHA1

      fb7249c194d37a7563900995d9707d139d16e9bd

      SHA256

      0aae2258ca7ef40ed82a69afe27f869384ecd954132f37ee4a5f9cc96b2d670c

      SHA512

      a37071368b1f0c549171915bf49c968cb52ea0d192462eb5acffbadcc269ed65a90973b2ac841b43d509f5ddc02b6c50d30d721a41106d4eed9f1ec617dee4f0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\Extras\reg5.bat
      Filesize

      119B

      MD5

      bba9311f50d2704b6197520a99b1bf77

      SHA1

      3ad9b05f0be552c7a778a8138a1aed644963b01f

      SHA256

      848e550ad046f91748e7c129e09192bdf1055c56fea95f5a971273ecde348366

      SHA512

      1d9752c4af443672cc4778f2e01254d885843fc7cbf55580eefd3fcee61c3ef241fef58e8d7a20352c4e2cd081bbeb802106eaed766a54419637c5aa57d740f6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\Extras\regjump.exe
      Filesize

      357KB

      MD5

      0754f552bf43d0ea03e7ffae3764f76c

      SHA1

      003a0cee6fdcdba86ccd2241213d827f462fcb7c

      SHA256

      d9b8b767e7dd8253d4eb6883ed168f0c6ac89a7ea589a67d9fad1d04fb9acbab

      SHA512

      3901126a6c8826df816d76c37759c8a09b46bfd54a31abb3f1e55396aeae6f21e5afb78da9520dfeb2d63099269e7c7258288862fbde5a8a16b08e5a55e23d88

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\Newtonsoft.Json.dll
      Filesize

      685KB

      MD5

      081d9558bbb7adce142da153b2d5577a

      SHA1

      7d0ad03fbda1c24f883116b940717e596073ae96

      SHA256

      b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

      SHA512

      2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\SandeLLo CHECKER.exe
      Filesize

      10.2MB

      MD5

      2e644c16b1bf1ecba38e1b2204beae98

      SHA1

      b4e7be74c313c32292a0bda758198f8a18d71be8

      SHA256

      acf0f79a3ccffc7690811e7e3a19ae6bd0f6a829dbc3a2d52d5df2f8a5c337e9

      SHA512

      0bfe3c21b215eba5b5265b41804bc91922e37478782c4645d1bd0e8a444ddce25f68520ab43d2c4945db38adfd2722cef5d55792ab096721cb486f2529713270

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\SandeLLoCHECKER_Installer.msi
      Filesize

      3.9MB

      MD5

      e47c6582751cdc22d8c0eeac60de6d0b

      SHA1

      4c057d98754b09c95fcae46162673d1b241ccea4

      SHA256

      c645a247c399ae2e8ccf8f826415e7287b52080fcae3dac203e7e543fe792ccb

      SHA512

      2e2dc24e4cc1314f17506c0007f1e5c1200af1a2b14820968e7a1019c29b60913701beb5498a6c13e7cef938e98efa464b1cae2f5a8cc59c493caebfd158da5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\SelfUpdate\AppUpdater.exe
      Filesize

      15KB

      MD5

      d559499e96b45ef1abdd4f35c89663d7

      SHA1

      2d46b980342ab0c44e820ff6ab736b601fd46704

      SHA256

      e4227d32f34cdfa3e3e06dc3c80995a4bae4c128b466580f187348d5bd94fd1e

      SHA512

      27c0185291178b7c3c25f7459f9bafc5e96757c8f61b6f48d028ec10a8d1cf769a20d59ff7c533f6ae8601181d2555357fa66036b78c12e075f71c0b1c69d74d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\SelfUpdate\DotNetZip.dll
      Filesize

      461KB

      MD5

      a999d7f3807564cc816c16f862a60bbe

      SHA1

      1ee724daaf70c6b0083bf589674b6f6d8427544f

      SHA256

      8e9c0362e9bfb3c49af59e1b4d376d3e85b13aed0fbc3f5c0e1ebc99c07345f3

      SHA512

      6f1f73314d86ae324cc7f55d8e6352e90d4a47f0200671f7069daa98592daaceea34cf89b47defbecdda7d3b3e4682de70e80a5275567b82aa81b002958e4414

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\Steamworks.NET.dll
      Filesize

      271KB

      MD5

      c5b797a84429fb737e8a09846e3a6901

      SHA1

      f215a52370f0861475e9933ae3d22b72b2cb1381

      SHA256

      1f901d2d7163c7a5be1b66fbe03ba22184933886c2959f9dd87393d3bd67cabd

      SHA512

      4e60355bc6b26f85481eb5972a966ea3c50592904de3c226f5b004b127c356f990afc8084cc335d79e0f4c0b7eb32dada2daf0eca249856bf03577429070aa03

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\WindowsInput.dll
      Filesize

      22KB

      MD5

      d711daf0138d35bdb878e397e0abb7c0

      SHA1

      92ad5ed3d195fa60b493948f86caadc6ba6d5076

      SHA256

      81110d44256397f0f3c572a20ca94bb4c669e5de89f9348abad263fbd81c54b9

      SHA512

      6302420686f2968a0b00e24d7333bf86ecff62efe7598faaa06b51797d95f667b0c5cbbb3fcb5bc84d322c049249679340d373b807b39431ff5c6a16413f95cd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\steam_api.dll
      Filesize

      219KB

      MD5

      fe8e00c889a156836d57919ca23cde50

      SHA1

      7aba06d474175bd0d7f672e101b0a05104580bb1

      SHA256

      af17df745250d1814eaa274fff7b0faeb43381e6762e026267e5859778477abd

      SHA512

      bdd89b54381da6faf50c9e18d9941f68b8d300d952bea84bd785ca00d617eef6dbdf7d9589adfb14e1dcbe6d836bb2d7785ccc9529e781a64f3125bfc4ce091c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F123046A-2CBF-4743-A59B-E3D2751B5780}\51B5780\steam_appid.txt
      Filesize

      3B

      MD5

      d5cfead94f5350c12c322b5b664544c1

      SHA1

      16a9efea4885a86a6c0e036b52e0b0bad6da1845

      SHA256

      61182f39851829ca78c919a83ecbfa045fc0686bff16d0cfa3e643988d9dfecd

      SHA512

      7a9b38db77b85e5a3de5c649ddf2017184b87ca947d0034565307a07c243256d080cdb2a9faf38595f8d153861abe4b64ef61fc695481b4498a5a19ccaaf170f

      Download Submit

    • C:\Windows\Installer\MSI21D4.tmp
      Filesize

      301KB

      MD5

      2b72b867ce06b51132af8e6b5bd9c6d2

      SHA1

      48c12b24588a2513a847a9d934dfd88f22044f9a

      SHA256

      42e4ba85c71a2c275d4682e3d137ceb5b1b9993541191176e71b2c9e98ae496d

      SHA512

      00f47e884b0853029420d82368376548b02d77b2683d28a5420b6a5e5d764f1fb9121087edfad3a1bdca0a21ed7bd47a47817cd153d0abc1705a7643fb79bb6a

      Download Submit

    • C:\Windows\Installer\MSI21F5.tmp
      Filesize

      734KB

      MD5

      f411c8f0959e997b4e38b432d7060fb1

      SHA1

      d5efa9977eaf8b25cfaa819d646f3f5839333fd5

      SHA256

      16f1d29416044f4c737a0746d65665b312cdd7ec42d8901bea92834d2fedaf85

      SHA512

      b000b21ab1f39b9524f45421051095bdbbf3049dc6bea718a6bc2a0178f25004ec19ec642f5823fff874a6b7029c97dbf244052a30b4ec5e1bb7efa58300046c

      Download Submit

    • memory/848-19-0x0000022B7DA70000-0x0000022B7DA92000-memory.dmp

      Filesize

      136KB

      Download

    • memory/1452-311-0x000000000C540000-0x000000000D1BE000-memory.dmp

      Filesize

      12.5MB

      Download

    • memory/1452-313-0x00000000114D0000-0x0000000011562000-memory.dmp

      Filesize

      584KB

      Download

    • memory/1452-316-0x00000000114B0000-0x00000000114BE000-memory.dmp

      Filesize

      56KB

      Download

    • memory/1452-315-0x0000000011B70000-0x0000000011BA8000-memory.dmp

      Filesize

      224KB

      Download

    • memory/1452-314-0x0000000011430000-0x0000000011438000-memory.dmp

      Filesize

      32KB

      Download

    • memory/1452-308-0x0000000000B20000-0x0000000001556000-memory.dmp

      Filesize

      10.2MB

      Download

    • memory/1452-309-0x0000000006580000-0x0000000006B26000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/1452-310-0x0000000006040000-0x000000000608A000-memory.dmp

      Filesize

      296KB

      Download

    • memory/1452-312-0x00000000112B0000-0x00000000112CC000-memory.dmp

      Filesize

      112KB

      Download

    • memory/2192-3-0x00007FFFE3720000-0x00007FFFE41E2000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2192-42-0x00007FFFE3720000-0x00007FFFE41E2000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2192-1-0x0000000000F20000-0x00000000012DC000-memory.dmp

      Filesize

      3.7MB

      Download

    • memory/2192-0-0x00007FFFE3723000-0x00007FFFE3725000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2212-43-0x0000000000710000-0x0000000000762000-memory.dmp

      Filesize

      328KB

      Download